Advanced Cyber Security (An Application Approach)

Advanced Cyber Security course is offered by RIIT Education. Launched in 1999, RIIT continues to be one of Indias leading institutions of education and research in Information Technology. RIIT is focused on creating versatile IT professionals who can apply their knowledge & skills anywhere in the world.

The course syllabus will be delivered through a combination of eLearning resources, digital lectures, community based digital classrooms as applicable.

Syllabus:

• Application Security
  • Importance of application security
  • Open Web Application Security Project (OWASP) top 10 web application vulnerabilities
  • Secure Software Development Life Cycle (SSDLC)
• Data and Endpoint Security
  • Data security, data security controls
  • Endpoint security, host/endpoint security
• Identity and Access Management (IAM)
  • Authorization, authentication
  • Access control, access control models
  • Privilege levels, IAM lifecycle, identity and access management process and activities
• Phases of a Cyber Attack
  • Reconnaissance: adversary identifies and selects a target
  • Weaponize: adversary packages an exploit into a payload designed to execute on the targeted computer/network
  • Deliver: adversary delivers the payload to the target system
  • Exploit: adversary code is executed on the target system
  • Install: adversary installs remote access software that provides a persistent presence within the target environment system
  • Command and control: adversary employs remote access mechanisms to establish a command and control channel with the compromised device
  • Act on objectives: adversary pursues intended objectives such as data exfiltration, lateral movement to other targets
• Security Processes in Practice for Businesses
  • Key security business processes
  • Corporate security governance
  • IT strategy management
  • Portfolio, program, project management
  • Change management
  • Supplier (third-party management)
  • Problem management
  • Knowledge management
  • Information security management
  • Business Continuity Planning (BCP)
  • IT operations management
  • Overview of top 20 security controls
• Information Security Standards
  • Information security standards - need
  • ISO/IEC 27000 standard series
  • ISO/IEC 27001
  • ISO/IEC 27002
  • ISO/IEC 27005
  • ISO/IEC 27006
  • SP 800 standard series
  • SP 800 -12
  • Standard of Good Practice (SoGP)
  • Control Objectives for Information and Related Technology (COBIT)
  • BSI IT-Grundschutz baseline protection
  • BSI Standard 100-1
  • BSI Standard 100-2
  • BSI Standard 100-3