Cyber Security Expert Masters Program Training Course

Syllabus of Cyber Security for Beginners Course

• Threat and Vulnerability Landscape
• Objectives and Goals
• Security, Vulnerabilities, threats
• Tech Brief - Privacy and Anonymity and Pseudonymity
• Risk Assessments
• Threat Modeling
• Security Principle's
• OSINT
• Vulnerabilities and Exploit Landscape
• Hackers vs Crackers
• Deep and Dark Web
• Dark Markets

• HIPPA
• FISMA
• GDPR
• IT-ACT
• PCI-DSS

• Virus
• malware
• rootkits
• RAT's
• Spyware
• Adware
• Scareware
• PUPs
• CPU Mining and Cryptojackers

• Phishing
• vishing
• SMShing
• Spamming
• Doxing

• Spies and Secrets
• Indian Cyber Organizations

Syllabus of CompTIA Security+ (SY0-501) Course

• Who Should Read This Book?
• CompTIA Security+ Exam Topics

• Security 101
• Think Like a Hacker
• Threat Actor Types and Attributes
• Review Key Topics

• Malicious Software Types
• Delivery of Malware
• Preventing and Troubleshooting Malware
• Lesson Summary
• Review Key Topics
• Complete the Real-World Scenarios

• Implementing Security Applications
• Securing Computer Hardware and Peripherals
• Securing Mobile Devices
• Lesson Summary
• Review Key Topics
• Complete the Real-World Scenarios

• Hardening Operating Systems
• Virtualization Technology
• Lesson Summary
• Review Key Topics
• Complete the Real-World Scenarios

• Securing the Browser
• Securing Other Applications
• Secure Programming
• Lesson Summary
• Review Key Topics
• Complete the Real-World Scenarios

• Network Design
• Cloud Security and Server Defense
• Lesson Summary
• Review Key Topics
• Complete the Real-World Scenarios

• Ports and Protocols
• Malicious Attacks
• Lesson Summary
• Review Key Topics
• Complete the Real-World Scenarios

• Firewalls and Network Security
• NIDS Versus NIPS
• Lesson Summary
• Review Key Topics
• Complete the Real-World Scenarios

• Securing Wired Networks and Devices
• Securing Wireless Networks
• Lesson Summary
• Review Key Topics
• Complete the Real-World Scenarios

• Physical Security
• Authentication Models and Components
• Lesson Summary
• Review Key Topics
• Complete the Real-World Scenarios

• Access Control Models Defined
• Rights, Permissions, and Policies
• Lesson Summary
• Review Key Topics
• Complete the Real-World Scenarios

• Conducting Risk Assessments
• Assessing Vulnerability with Security Tools
• Lesson Summary
• Review Key Topics
• Complete the Real-World Scenarios

• Monitoring Methodologies
• Using Tools to Monitor Systems and Networks
• Conducting Audits
• Lesson Summary
• Review Key Topics
• Complete the Real-World Scenarios

• Cryptography Concepts
• Encryption Algorithms
• Hashing Basics
• Lesson Summary
• Review Key Topics
• Complete the Real-World Scenarios

• Public Key Infrastructure
• Security Protocols
• Lesson Summary
• Review Key Topics
• Complete the Real-World Scenarios

• Redundancy Planning
• Disaster Recovery Planning and Procedures
• Lesson Summary
• Review Key Topics
• Complete the Real-World Scenarios

• Social Engineering
• User Education
• Facilities Security
• Lesson Summary
• Review Key Topics
• Complete the Real-World Scenarios

• Legislative and Organizational Policies
• Incident Response Procedures
• IT Security Frameworks
• Lesson Summary
• Review Key Topics
• Complete the Real-World Scenarios

Syllabus of CEH (v11)- Certified Ethical Hacker Course

This module introduces you to the basic concepts of hacking, what is hacking, who are hackers, their intent, and other related terminologies.

This module introduces you to the basic concepts of hacking, what is hacking, who are hackers, their intent, and other related terminologies.

Different techniques to identify and scan the network, host, and port discovery by utilizing various scanning tools.

Finding detailed information about the hosts and ports discovered during scanning. This module now includes sub-domains like NFS enumeration and related tools, DNS cache snooping, and DNSSEC Zone walking, along with the countermeasures.

It introduces the concepts of vulnerability assessment, its types, along with a hands-on experience of tools that are currently used in the industry.

It focuses on the “how” part. How to gain access of the system, how to escalate privileges, how to maintain access, and how to clear your tracks.

Malware threat terminologies, viruses, worms, trojans, their analysis, and countermeasures to prevent data loss. The introduction and analysis of malware like, Emotet and fileless that are gaining popularity have been updated under this section. APT concepts have also been added.

Packet sniffing techniques, associated tools, and related defensive techniques.

Since humans are the most significant vulnerability for any organization, it becomes essential to understand how attackers use them for their purpose for carrying out attacks like identity theft, impersonation, insider threat, and how to defend against such social engineering attacks.

As DoS and DDoS are some of the most common purposes of attackers, this module talks about these attacks, use cases, and the related attack and defense tools.

To provide a deeper understanding of the technique, its purpose, tools used along with the countermeasures.

Understand the terminologies and working of these inline defenses and techniques to learn how to evade these while performing an attack.

Web servers based attacks, methodologies, tools used, and defense.

Web application-based attacks, techniques, and mitigation.

An in-depth understanding of the top OWASP top 10 web app vulnerability, it’s working and the mitigation.

Wireless encryption, wireless hacking, and Bluetooth hacking-related concepts

Wireless encryption, wireless hacking, and Bluetooth hacking-related concepts

Management of mobile devices, mobile platform attack vectors, and vulnerabilities related to Android and iOS systems

Recognizing the vulnerabilities in IoT and ensuring the safety of IoT devices. Operational Technology (OT) essentials, introduction to ICS, SCADA, and PLC, threats, attack methodologies, and attack prevention. The concept of OT is a new addition.

Cloud computing, threats, and security. Additionally, the essentials of container technology and serverless computing have been added.

Encryption algorithms, Public Key Infrastructure (PKI), cryptographic attacks, and cryptanalysis.

Syllabus of CISM Course

• Establish and maintain an information security strategy in alignment with organizational goals and objectives to guide the establishment and ongoing management of the information security program
• Establish and maintain an information security governance framework to guide activities that support the information security strategy
• Integrate information security governance into corporate governance to ensure that organizational goals and objectives are supported by the information security program
• Establish and maintain information security policies to communicate management’s directives and guide th development of standards, procedures and guidelines , Develop business cases to support investments in information security
• Identify internal and external influences to the organization (for example, technology,business environment, risk tolerance, geographic location, legal and regulatory requirements) to ensure that these factors are addressed by the information security strategy
• Obtain commitment from senior management and support from other stakeholders to maximize the probability of successful implementation of the information security strategy
• Define and communicate the roles and responsibilities of information security throughout the organization to establish clear accountabilities and lines of authority
• Establish, monitor, evaluate and report metrics (key goal indicators [KGIs], key performance indicators [KPIs], key risk indicators [KRIs]) to provide management with accurate information regarding the effectiveness of the information security strategy.

• Establish and maintain a process for information asset classification to ensure that measures taken to protect assets are proportional to their business value
• Identify legal, regulatory, organizational and other applicable requirements to manage the risk of noncompliance to acceptable levels
• Ensure that risk assessments, vulnerability assessments and threat analyses are conducted periodically and consistently to identify risk to the organization’s information
• Determine appropriate risk treatment options to manage risk to acceptable levels
• Evaluate information security controls to determine whether they are appropriate and effectively mitigate risk to an acceptable level
• Identify the gap between current and desired risk levels to manage risk to an acceptable level
• Integrate information risk management into business and IT processes (for example, development, procurement, project management, mergers and acquisitions) to promote a consistent and comprehensive information risk management process across the organization
• Monitor existing risk to ensure that changes are identified and managed appropriately
• Report noncompliance and other changes in information risk to appropriate management to assist in the risk management decision-making process

• Establish and maintain the information security program in alignment with the information security strategy
• Ensure alignment between the information security program and other business functions (for example, human resources [HR], accounting, procurement and IT) to support integration with business processes
• Identify, acquire, manage and define requirements for internal and external resources to execute the information security program
• Establish and maintain information security architectures (people, process, technology) to execute the information security program
• Establish, communicate and maintain organizational information security standards, procedures, guidelines and other documentation to support and guide compliance with information security policies
• Establish and maintain a program for information security awareness and training to promote a secure environment and an effective security culture
• Integrate information security requirements into organizational processes (for example, change control, mergers and acquisitions, development, business continuity, disaster recovery) to maintain the organization’s security baseline
• Integrate information security requirements into contracts and activities of third parties (for example, joint ventures, outsourced providers, business partners, customers) to maintain the organization’s security baseline
• Establish, monitor and periodically report program management and operational metrics to evaluate the effectiveness and efficiency of the information security program

• Establish and maintain an organizational definition of, and severity hierarchy for,information security incidents to allow accurate identification of and response to incidents
• Establish and maintain an incident response plan to ensure an effective and timely response to information security incidents
• Develop and implement processes to ensure the timely identification of information security incidents
• Establish and maintain processes to investigate and document information security incidents to be able to respond appropriately and determine their causes while adhering to legal, regulatory and organizational requirements
• Establish and maintain incident escalation and notification processes to ensure that the appropriate stakeholders are involved in incident response management
• Organize, train and equip teams to effectively respond to information security incidents in a timely manner
• Test and review the incident response plan periodically to ensure an effective response to information security incidents and to improve response capabilities
• Establish and maintain communication plans and processes to manage communication with internal and external entities
• Conduct post-incident reviews to determine the root cause of information security incidents, develop corrective actions, reassess risk, evaluate response effectiveness and take appropriate remedial actions
• Establish and maintain integration among the incident response plan, disaster recovery plan and business continuity plan

Syllabus of CISSP Course

• Confidentiality, integrity, and availability concepts
• Security governance principles
• Compliance
• Legal and regulatory issues
• Professional ethic
• Security policies, standards, procedures and guidelines

• Information and asset classification
• Ownership (e.g. data owners, system owners)
• Protect privacy
• Appropriate retention
• Data security controls
• Handling requirements (e.g. markings, labels, storage)

• Engineering processes using secure design principles
• Security models fundamental concepts
• Security evaluation models
• Security capabilities of information systems
• Security architectures, designs, and solution elements vulnerabilities
• Web-based systems vulnerabilities
• Mobile systems vulnerabilities
• Embedded devices and cyber-physical systems vulnerabilities
• Cryptography
• Site and facility design secure principles
• Physical security

• Secure network architecture design (e.g. IP & non-IP protocols, segmentation)
• Secure network components
• Secure communication channels
• Network attacks

• Physical and logical assets control
• Identification and authentication of people and devices
• Identity as a service (e.g. cloud identity)
• Third-party identity services (e.g. on-premise)
• Access control attacks
• Identity and access provisioning lifecycle (e.g. provisioning review)

• Assessment and test strategies
• Security process data (e.g. management and operational controls)
• Security control testing
• Test outputs (e.g. automated, manual)
• Security architectures vulnerabilities

• Investigations support and requirements
• Logging and monitoring activities
• Provisioning of resources
• Foundational security operations concepts
• Resource protection techniques
• Incident management
• Preventative measures
• Patch and vulnerability management
• Change management processes
• Recovery strategies
• Disaster recovery processes and plans
• Business continuity planning and exercises
• Physical security
• Personnel safety concerns

• Security in the software development lifecycle
• Development environment security controls
• Software security effectiveness
• Acquired software security impact

Syllabus of Certified Cloud Security Professional Course

• Cloud Computing Concepts
• Describe Cloud Reference Architecture
• Understand Security Concepts Relevant to Cloud Computing
• Understand Design Principles of Secure Cloud Computing
• Identify trusted cloud services

• Understand cloud data lifecycle
• Design and implement cloud data storage architectures
• Design and apply data security strategies
• Understand and implement data discovery and classification technologies
• Design and implement relevant jurisdictional data protections for personally identifiable information (PII)
• Design and implement data rights management
• Plan and implement data retention, deletion, and archiving policies
• Design and implement auditability, traceability and accountability of data events

• Comprehend cloud infrastructure components
• Analyze risks associated to cloud infrastructure
• Design and plan security controls
• Plan disaster recovery and business continuity management

• Understand cloud software assurance and validation
• Use verified secure software
• Comprehend the software development life-cycle (SDLC) process
• Apply the secure software development life-cycle
• Comprehend the specifics of cloud application architecture
• Design appropriate identity and access management (IAM) solutions

• Support the planning process for the data center design
• Implement and build physical infrastructure for cloud environment
• Run physical infrastructure for cloud environment
• Manage physical infrastructure for cloud environment
• Build logical infrastructure for cloud environment
• Run logical infrastructure for cloud environment
• Manage logical infrastructure for cloud environment
• Ensure compliance with regulations and controls (e.g., ITIL, ISO/IEC 20000-1)
• Conduct risk assessment to logical and physical infrastructure
• Understand the collection, acquisition and preservation of digital evidence
• Manage communication with relevant parties

• Understand legal requirements and unique risks within the cloud environment
• Understand privacy issues, including jurisdictional variation
• Understand audit process, methodologies, and required adaptions for a cloud environment
• Understand implications of cloud to enterprise risk management
• Understand outsourcing and cloud contract design
• Execute vendor management