Thank you for sending your enquiry! One of our team members will contact you shortly.
Thank you for sending your booking! One of our team members will contact you shortly.
Certificate
Course Outline
DOMAIN 1: CYBERSECURITY CONCEPTS
- 1.1 Understanding information assurance (IA) principles for managing risks associated with information use, processing, storage, and transmission.
- 1.2 Understanding security management practices.
- 1.3 Understanding risk management processes, including assessment steps and methodologies.
- 1.4 Understanding an organization's enterprise information technology (IT) goals and objectives.
- 1.5 Understanding diverse operational threat environments (e.g., first generation [script kiddies], second generation [non-state-sponsored], and third generation [state-sponsored]).
- 1.6 Understanding information assurance (IA) principles and organizational requirements regarding confidentiality, integrity, availability, authentication, and non-repudiation.
- 1.7 Understanding common adversary tactics, techniques, and procedures (TTPs) within one's area of responsibility (e.g., historical country-specific TTPs, emerging capabilities).
- 1.8 Understanding various attack classes (e.g., passive, active, insider, close-in, distribution).
- 1.9 Understanding applicable laws, policies, procedures, and governance requirements.
- 1.10 Understanding relevant laws, policies, procedures, or governance related to work affecting critical infrastructure.
DOMAIN 2: CYBERSECURITY ARCHITECTURE PRINCIPLES
- 2.1 Understanding network design processes, including security objectives, operational objectives, and trade-offs.
- 2.2 Understanding security system design methods, tools, and techniques.
- 2.3 Understanding network access, identity, and access management (e.g., public key infrastructure [PKI]).
- 2.4 Understanding information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption).
- 2.5 Understanding current industry methods for evaluating, implementing, and distributing IT security assessment, monitoring, detection, and remediation tools and procedures, leveraging standards-based concepts.
- 2.6 Understanding network security architecture concepts, including topology, protocols, components, and principles (e.g., defense in depth).
- 2.7 Understanding malware analysis concepts and methodology.
- 2.8 Understanding intrusion detection methodologies and techniques for detecting host- and network-based intrusions using intrusion detection technologies.
- 2.9 Understanding defense in depth principles and network security architecture.
- 2.10 Understanding encryption algorithms (e.g., Internet Protocol Security [IPSEC], Advanced Encryption Standard [AES], Generic Routing Encapsulation [GRE]).
- 2.11 Understanding cryptology.
- 2.12 Understanding encryption methodologies.
- 2.13 Understanding network traffic flow (e.g., Transmission Control Protocol and Internet Protocol [TCP/IP], Open System Interconnection model [OSI]).
- 2.14 Understanding network protocols (e.g., Transmission Control Protocol and Internet Protocol)
DOMAIN 3: SECURITY OF NETWORK, SYSTEM, APPLICATION AND DATA
- 3.1 Understanding computer network defence (CND) and vulnerability assessment tools, including open source tools, and their capabilities.
- 3.2 Understanding basic system administration, network, and operating system hardening techniques.
- 3.3 Understanding risks associated with virtualization.
- 3.4 Understanding penetration testing principles, tools, and techniques (e.g., Metasploit, NeoSploit).
- 3.5 Understanding network systems management principles, models, methods (e.g., end-to-end systems performance monitoring), and tools.
- 3.6 Understanding remote access technology concepts.
- 3.7 Understanding systems administration concepts.
- 3.8 Understanding Unix command line interfaces.
- 3.9 Understanding system and application security threats and vulnerabilities.
- 3.10 Understanding system lifecycle management principles, including software security and usability.
- 3.11 Understanding local specialized system requirements (e.g., critical infrastructure systems that may not use standard information technology [IT]) for safety, performance, and reliability.
- 3.12 Understanding system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] injections, race conditions, covert channels, replay attacks, return-oriented attacks, malicious code).
- 3.13 Understanding the social dynamics of computer attackers in a global context.
- 3.14 Understanding secure configuration management techniques.
- 3.15 Understanding capabilities and applications of network equipment, including hubs, routers, switches, bridges, servers, transmission media, and related hardware.
- 3.16 Understanding communication methods, principles, and concepts supporting network infrastructure.
- 3.17 Understanding common networking protocols (e.g., Transmission Control Protocol and Internet Protocol [TCP/IP]) and services (e.g., web, mail, Domain Name System [DNS]) and their interaction to provide network communications.
- 3.18 Understanding different types of network communication (e.g., Local Area Network [LAN], Wide Area Network [WAN], Metropolitan Area Network [MAN], Wireless Local Area Network [WLAN], Wireless Wide Area Network [WWAN]).
- 3.19 Understanding virtualization technologies and virtual machine development and maintenance.
- 3.20 Understanding application vulnerabilities.
- 3.21 Understanding information assurance (IA) principles and methods applicable to software development.
- 3.22 Understanding risk threat assessment.
DOMAIN 4: INCIDENT RESPONSE
- 4.1 Understanding incident categories, response actions, and response timelines.
- 4.2 Understanding disaster recovery and business continuity plans.
- 4.3 Understanding data backup methods, types of backups (e.g., full, incremental), and recovery concepts and tools.
- 4.4 Understanding incident response and handling methodologies.
- 4.5 Understanding security event correlation tools.
- 4.6 Understanding investigative implications of hardware, operating systems, and network technologies.
- 4.7 Understanding processes for seizing and preserving digital evidence (e.g., chain of custody).
- 4.8 Understanding types of digital forensic data and how to identify them.
- 4.9 Understanding basic concepts and practices of processing digital forensic data.
- 4.10 Understanding anti-forensics tactics, techniques, and procedures (TTPs).
- 4.11 Understanding common forensic tool configuration and support applications (e.g., VMware, Wireshark).
- 4.12 Understanding network traffic analysis methods.
- 4.13 Understanding which system files (e.g., log files, registry files, configuration files) contain relevant information and locating these files.
DOMAIN 5: SECURITY OF EVOLVING TECHNOLOGY
- 5.1 Understanding new and emerging information technology (IT) and information security technologies.
- 5.2 Understanding emerging security issues, risks, and vulnerabilities.
- 5.3 Understanding risks associated with mobile computing.
- 5.4 Understanding cloud concepts related to data and collaboration.
- 5.5 Understanding risks associated with migrating applications and infrastructure to the cloud.
- 5.6 Understanding risks associated with outsourcing.
- 5.7 Understanding supply chain risk management processes and practices.
Requirements
No specific prerequisites are required for this course.
28 Hours
Testimonials (3)
The trainer was helpful..
Attila - Lifial
Course - Compliance and the Management of Compliance Risk
learning about Basel
Daksha Vallabh - Standard Bank of SA Ltd
Course - Basel III – Certified Basel Professional
Risk optimization is more clear than the other subjects
