Course Details

This course deals with implementing effective security mechanisms in designing and implementing operating systems, applications and networks. It involves the assimilation of the fundamental concepts of security models followed by development. It also deals with deploying solutions to element vulnerabilities. Design and deployment of the security principles of sites and facilities and the relevant aspects of business security are also discussed. This has relevance for participants seeking to become future system and network administrators and consultants; as well as information security professionals.
Objectives
• Apply contemporary formal mathematical modeling techniques to model and analyze the security of a software system
• Identify project security risks & selecting risk management strategies.
• Describe and discuss security concerns designs at multiple levels of abstraction
• Comply with data privacy and security requirements when designing a software system.
• Design a software solution for secure access and protection of data.
• Use business continuity activities and strategies that support early vulnerability detection.

Objective of the course

This course aims to provide understanding of the techniques and tools needed to implement and audit the Critical Security Controls as documented by the Center for Internet Security (CIS).

These Critical Security Controls are rapidly becoming accepted as the highest priority list of what must be done and proven before anything else at nearly all serious and sensitive organizations.These controls were selected and defined by the US military and other government and private organizations, who are the most respected experts on how attacks actually work and what can be done to stop them.They defined these controls as their consensus for the best way to block the known attacks and the best way to help find and mitigate damage from the attacks that get through.

The course enables you to see how to put the controls in place in existing network though effective and widespread use of cost-effective automation.The Course will also cover the leading international Cyber Security frameworks

Course curriculum

 Session 1 - Overview

 Session 2 - Controls 1-4

 Session 3 - Controls 5-8

 Session 4 - Controls 9-12

 Session 5 - Controls 13-16

Session 6 - Controls 17-20

 Session 7 - ISO 27001

Session 8 - ISO 22301

Session 9 - NIST Cyber Security Framework

 Session 10 - IT Grundschutz

Topics Coverage

 Detailed understanding of Critical 20 Control Objectives

     1:   Inventory of Authorized and Unauthorized Devices

     2:   Inventory of Authorized and Unauthorized Software

     3:   Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers

     4:   Continuous Vulnerability Assessment and Remediation

     5:   Malware Defenses

     6:   Application Software Security

     7:   Wireless Access Control

     8:   Data Recovery Capability

     9:   Security Skills Assessment and Appropriate Training to Fill Gaps

     10:   Secure Configurations for Network Devices such as Firewalls, Routers, and Switches

     11:   Limitation and Control of Network Ports, Protocols, and Services

     12:   Controlled Use of Administrative Privileges

     13:   Boundary Defense

     14:   Maintenance, Monitoring, and Analysis of Audit Logs

     15:   Controlled Access Based on the Need to Know

     16:   Account Monitoring and Control

     17:   Data Protection

      18:   Incident Response and Management

      19:   Secure Network Engineering

      20:   Penetration Tests and Red Team Exercises

Detailed Understanding of Cyber Security Frameworks - NIST Cyber Security Framework, German IT Baseline (IT-Grundschutz) Methodology, ISO 27001, ISO 22301