INFORMATION SECURITY TRAINING CATALOG (2015)
|
|
- Anne George
- 8 years ago
- Views:
Transcription
1 INFORMATICS AND INFORMATION SECURITY RESEARCH CENTER CYBER SECURITY INSTITUTE INFORMATION SECURITY TRAINING CATALOG (2015) Revision TÜBİTAK BİLGEM SGE Siber Güvenlik Enstitüsü P.K. 74, Gebze, Kocaeli, Türkiye Tel: +90 (262) , Fax: +90 (262)
2 Information Security Trainings Basic Trainings Information Security Awareness for End Users Information Security Awareness for Managers Social Engineering: Attack and Defense Methods... 6 Intermediate Level Trainings ISO Information Security Management System Implementation Cyber Incident Response Team Business Continuity / Disaster Recovery Planning Windows Security Microsoft Systems Security Linux Security TCP/IP Network Security Active Network Device Security System Security Audit Basic Security Audit Wireless Network Security Log Management Advanced Trainings Oracle Database Security MS SQL Server Database Security Web Applications Security Security Information and Event Management Systems Penetration Testing and Ethical Hacking Log Analysis Master Level Trainings Information Systems Forensics Computer Network Forensics Windows Malware Analysis Secure Software Development... 31
3 Basic Trainings 3
4 1. Information Security Awareness for End Users Users of information systems. Basic knowledge to use information systems as a regular user. Role of user in information security Contribution of user to corporate Information Security Management System (ISMS) Access to computers Password security security Security while accessing the Internet Virus protection Setup, use and disposal of storage media File access and sharing Information backup Social engineering User responsibilities in computer incidents 3 hours Attendees will become familiar with the basics of information security and will enhance their awareness about the importance of corporate information security too. They will learn their duties and responsibilities as a contributor to a corporate ISMS. 4
5 2. Information Security Awareness for Managers Managers who wish to improve their understanding in the field of information security. Staff who has a general understanding about information systems wish to obtain further information about information security. General information about information systems. Basic concepts of information security Security policy Organizational security Human resource security Risk assessment and risk mitigation Business continuity Information security incident management Operating system security Network security Web security Digital certificates and certificate distribution systems Password management Antivirus systems 2 days Attendees will obtain information about the basic concepts of information security and overall fuctioning of ISMS. Introduction will be made based on the technical aspects of information systems security. 5
6 3. Social Engineering: Attack and Defense Methods All information system users, whereas the attendance of system administrators is critical. Classroom should be equipped with one personal computer per attendee since the training includes hands-on exercises. Social engineering concept Attack techniques Examples of social engineering attacks Social engineering tests Prevention methods Several social engineering applications 2 days Attendees will become familiar with the social engineering attacks, which is quite common and may lead to loss of confidential information, or even the reputation of an institution. Attendees will acquire the capacity of offering social engineering trainings as well. 6
7 Intermediate Level Trainings 7
8 4. ISO Information Security Management System Implementation Staff obliged to establish and maintain an ISO based ISMS as well as staff responsible for processes that will be subject to an ISO audit. Familiarity with quality management systems is helpful but not indispensable. What is an ISMS and why is it needed? Plan-Do-Check-Act process in ISO Risk assessment and treatment in information systems ISO control categories o Security Policy o Organization of Information Security o Asset management o Human resource security o Physical and environmental security o Communications and operations management o Access control o Information systems acquisition, development and maintenance o Information security incident management o Business continuity management o Conformance ISO conformance audit o Audit planning o Audit checklists o Non-conformances and reporting Several applications 3 days Attendees wil be able to establish ISMS in their institutions. Attendees will also be acquainted with audit concepts. Note: Upon request, a two-day version of the course may be presented as well. 8
9 5. Cyber Incident Response Team Staff obliged to establish or manage CERT (Computer Emergency Response Team) in their institutions. Staff working in the information security department of their institutions. Some experience is required about both the business processes and the information system infrastructure of the institution. Introduction (History, computer incident examples, CERT and security organization examples) Basic questions and titles about CERT (What is CERT? What is the scope of operational framework of CERT?) Computer incident management process (incident management service definition and functions) Operational components of CERT (software, hardware, policy and procedures) CERT project plan 2 days Objective of the training is to elevate the level of course attendees to a position where they can establish CERTs in their institutions. 9
10 6. Business Continuity / Disaster Recovery Planning Staff responsible for the management of business continuity / disaster recovery process, managers of institutions where business continuity / disaster recovery plan does not exist, developers of business continuity / disaster recovery plans, staff that has a role in the business continuity / disaster recovery plan, emergency team members and security auditors. None Principles associated with the management of business continuity project Threats that may target all institutions Risk assessment and designation of security controls How to conduct the business impact analysis Developing the business continuity strategy Design of emergency response and related activities, how to improve readiness How to construct the disaster recovery teams In case of disaster o How to minimize the impact o How to execute recovery in designated duration o Emergency communication requirements Development and application of the business continuity plan Training and awareness activities for quick and correct response Testing and updating the business cotinuity plan 2 days Attendees will accumulate sufficient information to develop business continuity plans in their institutions. 10
11 7. Windows Security Windows network administrators, Microsoft Active Directory administrators, staff from institutions which are planning safe migration to Microsoft systems, staff interested in Microsoft systems security. Basic knowledge of Windows and computer networks. Windows operating system security (XP/2003/Windows 7/2008-R2) IPSec, PKI ( Public Key Infrastructure ) and EFS ( Encrypting File System ) Powershell development for Windows environment 3 days Course includes theoretical information as well as hands-on practice to equip attendees with the capability to apply Windows security best practices in their institutions. 11
12 8. Microsoft Systems Security Windows network administrators, Microsoft Active Directory administrators, staff from institutions which are planning safe migration to Microsoft systems, IIS and Exchange administrators, staff interested in Microsoft systems security. Basic knowledge of Windows, Exchange, Active Directory and networks. Microsoft Web Services Security (IIS 7.5) Microsoft PowerShell Active Directory and Network Services Security (Group policy, DNS, DHCP) Patch management in Microsoft systems 4 days Attendees will acquire advance level information within the scope of Microsoft systems security. They will have the capability to apply Microsoft systems security best practices in their institutions. 12
13 9. Linux Security Experts responsible for the security of Linux based systems, system administrators studying how to secure Linux based Internet applications, system administrators eager to learn about security tests and system hardening tools. Experience as Linux system administrator. Secure setup Configuration of startup services Secure configuration of kernel File system access control User access control Management of system logs Security audit tools Security hardening tools Security script programming 3 days Attendees will be able to realize the security hardening of Linux based operating systems. They will acquire ability to use free software security tools on their systems. They will also acquire capability of using or developing tools that will help them discover security breaches in their systems. 13
14 10. TCP/IP Network Security System and network administrators, security and penetration test experts, staff of IT security department, IT security auditors. Basic knowledge of networks. Protocols of the TCP/IP protocol stack Operation principles of different layers of the TCP/IP stack and threats targeting these layers Security vulnerabilities of TCP/IP protocols and mitigation techniques Techniques, protocols and devices that are used to assure network security Packet capturing software such as Wireshark, analysis of packets and protocols Concepts such as SSL, IPSec, VPN and digital certificates Network components such as Firewall, IDS/IPS and Proxy 2 days Applied work about the security of TCP/IP networks will bring a wealth of information and capabilities to the attendees. The attendees are expected to apply good security practices in their institutions network. 14
15 11. Active Network Device Security System and network administrators, security and penetration test experts, staff of IT security department, IT security auditors. Basic knowledge of networks Within the scope of (hardening of) active devices, network design and assuring the security of networks, the following topics will be studied theoretically with hands-on exercises. Steps toward hardening of active devices that are commonly used today in the internal networks and they are also used to connect networks to the outside world, such as o Backbone switch, o Router, o Firewall, o Content filter Security controls applicable to active devices, such as o Physical security, o Equipment security, o Identity authentication, o Authorization and monitoring, o Patch management, o Access control lists, o Remote management conrtrol, etc. 2 days The attendees are expected to learn security controls applicable to active network devices through the theoretical and the applied parts of the course. The attendees are also expected to apply these security controls in their institutions. 15
16 12. System Security Audit Information technology auditors, information security experts eager to enhance their system security audit abilities, system and network administrators willing to understand the security audit approach and prepare their systems to security audits. Basic network and operating system (Windows and Unix) information, familiarity with peripheral protection systems. Vulnerability and threat definitions Open source security vulnerability scanners and how to use them Discovering the topology of a network Peripheral protection systems audit Windows audit Audit of Unix/Linux systems 4 days Attendees will learn how to use security vulnerability scanners. Attendees will also learn how to conduct security audit of operating systems, peripheral protection systems and web applications. 16
17 13. Basic Security Audit Information technology auditors, information security experts eager to enhance their system security audit abilities, system and network administrators willing to understand the security audit approach and prepare their systems to security audits. Basic network and Windows operating system information. Vulnerability and threat definitions Open source security vulnerability scanners and how to use them o Nessus, Nmap, MBSA Windows audit o Security templates o Security Configuration and Analysis 1 day Attendees will learn how to use security vulnerability scanners and how to conduct security audit of Windows operating system. Note: This course is a one-day-long (shorter) version of 12. System Security Audit. 17
18 14. Wireless Network Security Wireless network administrators, system or network administrators who wish to install and setup wireless networks, IT experts who wish to obtain information about wireless network security. Basic knowledge of networks. Security risks in wireless local area networks Secure wireless communication architecture Software tools that are used for securing or attacking wireless networks 2 days Attendees will obtain information about the risks of wireless communication and techniques to mitigate these risks. Additional information will be supplied about wireless network audit tools. Note: The course includes hands-on exercises and the number of attendees is limited to 18. Upon request, a one-day-long version of the course maybe offered, excluding the handson exercises as well. 18
19 15. Log Management System and network administrators Information systems experts b. Information security managers and expertsprerequisites Basic knowledge of operating systems and information systems. Basic concepts about log management, Configuration settings needed in order to collect logs, Log analysis techniques, Crucial points in log management system setup, Analysis of large log files, Instant tracking of log files, Log files to be investigated during a security breach, Log files to be collected due to legal or institutional policies, Common mistakes and problems of log collection process, Log collection standards. 2 days Attendees will obtain knowledge on how to setup log management systems in order to collect logs efficiently from information systems due to legal or institutional policies and obtain ability to analyse these logs according to corporate needs. 19
20 Advanced Trainings 20
21 16. Oracle Database Security Database administrators, database security auditors. General information about databases and basic database management. Database basics Identity control Access control lists Database security audits Network security Database backup Audit of access tools Advanced security measures 3 days At the end of the course, auditors will be able to conduct security audit of databases whereas managers will be able to implement secure management of databases. Note: Although this course deals with Oracle database, general topics applicable to all databases are covered. 21
22 17. MS SQL Server Database Security Database administrators, database security auditors. General information about databases and basic knowledge of database management. SQL Server 2005/2008, general topics Operating system configuration Network configuration SQL Server 2005/2008 setup and maintenance SQL Server 2005/2008 configuration Access control and authorization Audit and log management Backup and disaster recovery procedures Replication Software application development Surface Area Configuration tool SQL Server 2005/2008 test and monitoring tools 3 days At the end of the course, attendees will learn SQL Server 2005/2008 database security mechanisms and factors affecting security. They will gain ability to conduct security audit to an SQL Server 2005/2008 database. Database managers, in the meantime, will learn how to manage their database securely. 22
23 18. Web Applications Security HTTP based application developers and auditors. Basic knowledge of Web technologies (HTTP, HTML, web servers, internet browsers) and at least one of the programming languages used in web applications (PHP, Java, ASP.NET, Perl, etc.). Information gathering Configuration management User authentication Input / output validation Session management Authorization Application logic Log management Failure management Secure application management 2 days The attendees will learn important security components of HTTP based applications, most common mistakes, how to avoid making these mistakes and how to assure sustainable application security. 23
24 19. Security Information and Event Management Systems Information system administrators, information system security administrators, IT auditors. Familiarity with information system components and security components of IT systems. Centralized log management systems Requirement for event correlation systems Advantages of event correlation systems Event correlation steps OSSIM attack correlation systems OSSIM overview Basic components of OSSIM Tools utilized by OSSIM OSSIM setup OSSIM component configuration Policies Data fusion from separate components Attack correlation System maintenance and update 4 days Attendees will obtain information about centralized attack correlation systems. They will learn how to gather logs being accumulated on separate security components centrally, how to monitor attacks conducted from an internal or an external network and take necessary steps against an attack. 24
25 20. Penetration Testing and Ethical Hacking Staff who are supposed to conduct penetration tests and security audits in their institutions, staff working in information security departments of their institutions. Experience and awareness of security issues, intermediate level of knowledge about Linux, Windows and TCP/IP, intermediate level of experience about information system infrastructure. Introduction (What is Penetration test? Crucial points before, during and after penetration tests and penetration test methodologies) Discovery (Discovery categories. Applied nmap exercise; port scanning, service and operating system discovery, etc.) Vulnerability discovery (Vulnerability concept. Nessus exercise; policy designation, scanning and vulnerability analysis) Exploit (Exploit and payload concepts. Metasploit exercise; msfconsole, meterpreter, post-exploit and auxiliary modules, etc.) Network penetration tests and layer two attacks (Network sniffing, MAC table flooding, ARP poisoning, VLAN hopping, DHCP IP pool exhaustion attacks) External network tests and information gathering (Active and passive information gathering, Google hacking, etc.) Social engineering (Using and telephone. Customized payload and malware generation macro, pdf and exe. Relay vulnerability. Post-exploitation ) Web application tests (Input-output detection, XSS and SQL-i attacks) 5 days Attendees will be able to participate and contribute to penetration tests. 25
26 21. Log Analysis System and network administrators Information systems experts b. Information security managers and expertsprerequisites Basic knowledge of operating systems, databases and computer networks. Overview to log analysis, Log analysis standards, rules and legal regulations, Log collection and viewer tools, Common mistakes in log analysis, Incident response, Log analysis in different stages of incident response, Contribution of log analysis to incident response. 5 days Attendees will learn basic concepts about log collection and log analysis, will obtain ability to use log analysis in incident response, will learn which logs can be used in which part of an incident response. Furthermore attendees will obtain ability to use several log collection tools. 26
27 Master Level Trainings 27
28 22. Information Systems Forensics Staff from IT department who are eager to conduct information systems forensic analysis. Basic knowledge of Linux and Windows operating systems. Computer incident response Preliminary stages of computer forensic analysis Information about NTFS, FAT32, ext2, ext3 file systems such as, how files are opened, saved and deleted in these systems Non-volatility of data in different components of a computer (RAM, Stack area, hard disks etc.) Data storage and retrieval from these components Conducting computer incident forensic analysis on a Linux system and presentation of related tools In the applied part of the course, setting up the forensic analysis environment and conducting, with tools, the analysis of a suspected file Conducting computer incident forensic analysis on a Windows system and presentation of related tools Legal framework about forensic analysis and storage of data in a format which is suitable for presenting to a court as an evidence 3 days Attendees will be able to conduct computer forensic analysis on their own. 28
29 23. Computer Network Forensics Network, system and security administrators, IT staff eager to conduct computer network forensic analysis. Basic knowledge of TCP/IP, networks, Linux and Windows operating system. The following topics will be covered in order to conduct incident analysis and to collect evidence in case of a cybercrime without refering to storage components such as hard disks and RAM. Another objective is to detect incidents and malicious network traffic exploiting incorrect configuration of network components. Foundations of forensic analysis Network packet capturing technologies: Hardware, software and tools Basic network protocols and components Network security component log analysis: Logs of firewalls, intrusion detection and prevention systems, etc. Analysis of network protocols (HTTP, SMTP, DNS etc.) Deep packet inspection Detection of malicious network traffic: Man in the middle attack, DNS cache poisoning etc. attacks Detection of network traffic tunneling techniques: DNS, ICMP, SSH tunnelling etc. Analysis of encrypted network traffic: SSL traffic listening technique Reconstruciton of network traffic to obtain original data Network flow analysis 4 days Attendees will be able to conduct forensic analysis and to collect evidence without accessing storage components after cybercrimes. They will be able to detect malicious network traffic and security incidents due to network components as well. 29
30 24. Windows Malware Analysis IT staff eager to conduct Windows malware analysis. Being familiar with high-level programming features such as parameters, loops and functions, Being informed about basic concepts of Windows operating system ( process, thread, memory management, registry, handle etc.), Having basic information about IP, HTTP, TCP, UDP, etc. network protocols, Wireshark etc. packet capturing tools, Having introductory level knowledge of assembly and x86 architecture is required. Windows operating system, basic concepts Basic static analiysis Behaviour analysis Code analysis Hidden execution methods Static analiysis prevention methods Dinamic analysis prevention methods Memory dump analysis Analysis of Web (browser) based malware Analysis of malicious documents 5 days Attendees will obtain applicable information about reverse engineering. Attendees will also acquire Windows and web based malware and malicious document analysis capability. 30
31 25. Secure Software Development Software developers/engineers, software project managers, software quality control team and system architects. Intermediate experience with a programming language. Security problems of software Security problems of technology components where software is running Basic elements of secure software development process How to integrate a secure software development lifecycle to a software development process Source code samples, demonstrating most common vulnerabilities and how to prevent them Technology that maybe applied to assure secure operation of components such as application server and database, where software is running, since software depends on these systems. 3 days Attendees will learn basic secure coding principles, secure software design and development, threat modeling and principles of security tests. 31
32 2015 TÜBİTAK BİLGEM SGE Siber Güvenlik Enstitüsü P.K. 74, Gebze, Kocaeli, Türkiye Tel: +90 (262) , Fax: +90 (262)
INFORMATION SECURITY TRAINING CATALOG (2016)
INFORMATICS AND INFORMATION SECURITY RESEARCH CENTER CYBER SECURITY INSTITUTE INFORMATION SECURITY TRAINING CATALOG (2016) Revision 4.0 2015 TÜBİTAK BİLGEM SGE Siber Güvenlik Enstitüsü P.K. 74, Gebze,
More information2016 TÜBİTAK BİLGEM Cyber Security Institute
2016 Revision 5.0 2016 TÜBİTAK BİLGEM Cyber Security Institute 1 ... 3 1. Information Security Awareness for End Users... 4 2. Information Security Awareness for Managers... 5 3. Social Engineering: Attack
More informationInformation Security. Training
Information Security Training Importance of Information Security Training There is only one way to keep your product plans safe and that is by having a trained, aware and a conscientious workforce. - Kevin
More informationDescription: Objective: Attending students will learn:
Course: Introduction to Cyber Security Duration: 5 Day Hands-On Lab & Lecture Course Price: $ 3,495.00 Description: In 2014 the world has continued to watch as breach after breach results in millions of
More informationVulnerability Assessment and Penetration Testing
Vulnerability Assessment and Penetration Testing Module 1: Vulnerability Assessment & Penetration Testing: Introduction 1.1 Brief Introduction of Linux 1.2 About Vulnerability Assessment and Penetration
More informationIf you know the enemy and know yourself, you need not fear the result of a hundred battles.
Rui Pereira,B.Sc.(Hons),CIPS ISP/ITCP,CISSP,CISA,CWNA/CWSP,CPTE/CPTC Principal Consultant, WaveFront Consulting Group ruiper@wavefrontcg.com 1 (604) 961-0701 If you know the enemy and know yourself, you
More informationEthical Hacking and Information Security. Foundation of Information Security. Detailed Module. Duration. Lecture with Hands On Session: 90 Hours
Ethical Hacking and Information Security Duration Detailed Module Foundation of Information Security Lecture with Hands On Session: 90 Hours Elements of Information Security Introduction As technology
More informationPenetration Testing with Kali Linux
Penetration Testing with Kali Linux PWK Copyright 2014 Offensive Security Ltd. All rights reserved. Page 1 of 11 All rights reserved to Offensive Security, 2014 No part of this publication, in whole or
More informationinformation security and its Describe what drives the need for information security.
Computer Information Systems (Forensics Classes) Objectives for Course Challenges CIS 200 Intro to Info Security: Includes managerial and Describe information security and its critical role in business.
More informationIT Networking and Security
elearning Course Outlines IT Networking and Security powered by Calibrate elearning Course Outline CompTIA A+ 801: Fundamentals of Computer Hardware/Software www.medallionlearning.com Fundamentals of Computer
More informationCRYPTUS DIPLOMA IN IT SECURITY
CRYPTUS DIPLOMA IN IT SECURITY 6 MONTHS OF TRAINING ON ETHICAL HACKING & INFORMATION SECURITY COURSE NAME: CRYPTUS 6 MONTHS DIPLOMA IN IT SECURITY Course Description This is the Ethical hacking & Information
More informationCOURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM
COURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM Course Description This is the Information Security Training program. The Training provides you Penetration Testing in the various field of cyber world.
More informationChapter 1 The Principles of Auditing 1
Chapter 1 The Principles of Auditing 1 Security Fundamentals: The Five Pillars Assessment Prevention Detection Reaction Recovery Building a Security Program Policy Procedures Standards Security Controls
More informationCYBERTRON NETWORK SOLUTIONS
CYBERTRON NETWORK SOLUTIONS CybertTron Certified Ethical Hacker (CT-CEH) CT-CEH a Certification offered by CyberTron @Copyright 2015 CyberTron Network Solutions All Rights Reserved CyberTron Certified
More informationCH ENSA EC-Council Network Security Administrator Detailed Course Outline
CH ENSA EC-Council Network Security Administrator Detailed Course Outline Summary Duration Vendor Audience 5 Days hands-on training EC-Council Security Professionals Level Technology Category Advance Ethical
More informationOpen Source Security Tool Overview
Open Source Security Tool Overview Presented by Kitch Spicer & Douglas Couch Security Engineers for ITaP 1 Introduction Vulnerability Testing Network Security Passive Network Detection Firewalls Anti-virus/Anti-malware
More informationNetwork Security Administrator
Network Security Administrator Course ID ECC600 Course Description This course looks at the network security in defensive view. The ENSA program is designed to provide fundamental skills needed to analyze
More informationOverview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs
Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Why Network Security? Keep the bad guys out. (1) Closed networks
More informationMicrosoft Systems Architecture 2.0 (MSA 2.0) Security Review An analysis by Foundstone, Inc.
Microsoft Systems Architecture 2.0 (MSA 2.0) Security Review An analysis by Foundstone, Inc. Foundstone Labs October, 2003 Table of Contents Table of Contents...2 Introduction...3 Scope and Approach...3
More informationLearn Ethical Hacking, Become a Pentester
Learn Ethical Hacking, Become a Pentester Course Syllabus & Certification Program DOCUMENT CLASSIFICATION: PUBLIC Copyrighted Material No part of this publication, in whole or in part, may be reproduced,
More informationNSA/DHS CAE in IA/CD 2014 Mandatory Knowledge Unit Checklist 4 Year + Programs
Mandatory Knowledge Units 1.0 Core2Y 1.1 Basic Data Analysis The intent of this Knowledge Unit is to provide students with basic abilities to manipulate data into meaningful information. 1.1.1 Topics Summary
More informationCSSIA CompTIA Security+ Domain. Network Security. Network Security. Network Security. Network Security. Network Security
Security+ Supported Labs - V1 Lab 1 Network Devices and Technologies - Capturing Network Using tcpdump to Capture Network with Wireshark with Network Miner 2 Secure Network Administration Principles -
More informationInformation Technology Career Cluster Introduction to Cybersecurity Course Number: 11.48100
Information Technology Career Cluster Introduction to Cybersecurity Course Number: 11.48100 Course Description: Introduction to Cybersecurity is designed to provide students the basic concepts and terminology
More informationEnterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006
Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,
More informationCompTIA Security+ (Exam SY0-410)
CompTIA Security+ (Exam SY0-410) Length: Location: Language(s): Audience(s): Level: Vendor: Type: Delivery Method: 5 Days 182, Broadway, Newmarket, Auckland English, Entry Level IT Professionals Intermediate
More informationSecurity + Certification (ITSY 1076) Syllabus
Security + Certification (ITSY 1076) Syllabus Course: ITSY 1076 Security+ 40 hours Course Description: This course is targeted toward an Information Technology (IT) professional who has networking and
More informationInformation Technology Career Cluster Advanced Cybersecurity Course Number: 11.48200
Information Technology Career Cluster Advanced Cybersecurity Course Number: 11.48200 Course Description: Advanced Cybersecurity is designed to provide students the advanced concepts and terminology of
More informationMedical Device Security Health Imaging Digital Capture. Security Assessment Report for the Kodak Medical Image Manager (MIM) Version 6.1.
Medical Device Security Health Imaging Digital Capture Security Assessment Report for the Kodak Medical Image Manager (MIM) Version 6.1.1 Part Number 1G0119 Version 1.0 Eastman Kodak Company, Health Group
More informationEUCIP - IT Administrator. Module 5 IT Security. Version 2.0
EUCIP - IT Administrator Module 5 IT Security Version 2.0 Module 5 Goals Module 5 Module 5, IT Security, requires the candidate to be familiar with the various ways of protecting data both in a single
More informationMedical Device Security Health Imaging Digital Capture. Security Assessment Report for the Kodak DryView 8150 Imager Release 1.0.
Medical Device Security Health Imaging Digital Capture Security Assessment Report for the Kodak DryView 8150 Imager Release 1.0 Page 1 of 9 Table of Contents Table of Contents... 2 Executive Summary...
More informationNational Cyber League Certified Ethical Hacker (CEH) TM Syllabus
National Cyber League Certified Ethical Hacker (CEH) TM Syllabus Note to Faculty This NCL Syllabus is intended as a supplement to courses that are based on the EC- Council Certified Ethical Hacker TM (CEHv8)
More informationNetworking: EC Council Network Security Administrator NSA
coursemonster.com/uk Networking: EC Council Network Security Administrator NSA View training dates» Overview The EC-Council's NSA certification looks at network security from a defensive view. The NSA
More informationGuidelines for Website Security and Security Counter Measures for e-e Governance Project
and Security Counter Measures for e-e Governance Project Mr. Lalthlamuana PIO, DoICT Background (1/8) Nature of Cyber Space Proliferation of Information Technology Rapid Growth in Internet Increasing Online
More informationEC-Council Network Security Administrator (ENSA) Duration: 5 Days Method: Instructor-Led
EC-Council Network Security Administrator (ENSA) Duration: 5 Days Method: Instructor-Led Certification: ENSA Exam 312-38 Course Description This course looks at the network security in defensive view.
More informationCS 356 Lecture 25 and 26 Operating System Security. Spring 2013
CS 356 Lecture 25 and 26 Operating System Security Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control
More informationEC-Council Certified Security Analyst / License Penetration Tester (ECSA/LPT) v4.0 Bootcamp
EC-Council Certified Security Analyst / License Penetration Tester (ECSA/LPT) v4.0 Bootcamp ECSA/LPT is a security class like no other! Providing real world hands on experience, it is the only in-depth
More informationCertified Ethical Hacker Exam 312-50 Version Comparison. Version Comparison
CEHv8 vs CEHv7 CEHv7 CEHv8 19 Modules 20 Modules 90 Labs 110 Labs 1700 Slides 1770 Slides Updated information as per the latest developments with a proper flow Classroom friendly with diagrammatic representation
More informationNetwork Security: A Practical Approach. Jan L. Harrington
Network Security: A Practical Approach Jan L. Harrington ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Morgan Kaufmann is an imprint of
More informationFRONT RUNNER DIPLOMA PROGRAM INFORMATION SECURITY Detailed Course Curriculum Course Duration: 6 months
FRONT RUNNER DIPLOMA PROGRAM INFORMATION SECURITY Detailed Course Curriculum Course Duration: 6 months MODULE: INTRODUCTION TO INFORMATION SECURITY INFORMATION SECURITY ESSENTIAL TERMINOLOGIES SECURITY
More informationComputer Hacking Forensic Investigator v8
CÔNG TY CỔ PHẦN TRƯỜNG CNTT TÂN ĐỨC TAN DUC INFORMATION TECHNOLOGY SCHOOL JSC LEARN MORE WITH LESS! Computer Hacking Forensic Investigator v8 Course Description: EC-Council releases the most advanced Computer
More informationhttps://elearn.zdresearch.com https://training.zdresearch.com/course/pentesting
https://elearn.zdresearch.com https://training.zdresearch.com/course/pentesting Chapter 1 1. Introducing Penetration Testing 1.1 What is penetration testing 1.2 Different types of test 1.2.1 External Tests
More informationTopics in Network Security
Topics in Network Security Jem Berkes MASc. ECE, University of Waterloo B.Sc. ECE, University of Manitoba www.berkes.ca February, 2009 Ver. 2 In this presentation Wi-Fi security (802.11) Protecting insecure
More informationEC-Council Ethical Hacking and Countermeasures
EC-Council Ethical Hacking and Countermeasures Description This class will immerse the students into an interactive environment where they will be shown how to scan, test, hack and secure their own systems.
More informationPTSv2 in pills: The Best First for Beginners who want to become Penetration Testers. Self-paced, online, flexible access
The Best First for Beginners who want to become Penetration Testers PTSv2 in pills: Self-paced, online, flexible access 900+ interactive slides and 3 hours of video material Interactive and guided learning
More informationCourse Title: Penetration Testing: Security Analysis
Course Title: Penetration Testing: Security Analysis Page 1 of 9 Course Description: The Security Analyst Series from EC-Council Press is comprised of five books covering a broad base of topics in advanced
More informationNational Cyber League Certified Ethical Hacker (CEH) TM Syllabus
National Cyber League Certified Ethical Hacker (CEH) TM Syllabus Note to Faculty This NCL Syllabus is intended as a supplement to courses that are based on the EC- Council Certified Ethical Hacker TM (CEHv8)
More informationSANS Top 20 Critical Controls for Effective Cyber Defense
WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a
More informationUnit 3 Research Project. Eddie S. Jackson. Kaplan University. IT540: Management of Information Security. Kenneth L. Flick, Ph.D.
Running head: UNIT 3 RESEARCH PROJECT 1 Unit 3 Research Project Eddie S. Jackson Kaplan University IT540: Management of Information Security Kenneth L. Flick, Ph.D. 10/07/2014 UNIT 3 RESEARCH PROJECT 2
More informationMCSE SYLLABUS. Exam 70-290 : Managing and Maintaining a Microsoft Windows Server 2003:
MCSE SYLLABUS Course Contents : Exam 70-290 : Managing and Maintaining a Microsoft Windows Server 2003: Managing Users, Computers and Groups. Configure access to shared folders. Managing and Maintaining
More informationMedical Device Security Health Group Digital Output
Medical Device Security Health Group Digital Output Security Assessment Report for the Kodak Color Medical Imager 1000 (CMI-1000) Software Version 1.1 Part Number 1G0434 Revision 2.0 June 21, 2005 CMI-1000
More informationMicrosoft Technologies
NETWORK ENGINEERING TRACK Microsoft Technologies QUARTER 1 DESKTOP APPLICATIONS - ESSENTIALS Module 1 - Office Applications This subject enables users to acquire the necessary knowledge and skills to use
More informationProtecting Your Organisation from Targeted Cyber Intrusion
Protecting Your Organisation from Targeted Cyber Intrusion How the 35 mitigations against targeted cyber intrusion published by Defence Signals Directorate can be implemented on the Microsoft technology
More informationIT Networking and Security
elearning Course Outlines IT Networking and Security powered by Calibrate elearning Course Outline CompTIA A+ 801: Fundamentals of Computer Hardware/Software powered by Calibrate www.medallionlearning.com
More informationITEC441- IS Security. Chapter 15 Performing a Penetration Test
1 ITEC441- IS Security Chapter 15 Performing a Penetration Test The PenTest A penetration test (pentest) simulates methods that intruders use to gain unauthorized access to an organization s network and
More informationWindows Remote Access
Windows Remote Access A newsletter for IT Professionals Education Sector Updates Issue 1 I. Background of Remote Desktop for Windows Remote Desktop Protocol (RDP) is a proprietary protocol developed by
More informationLoophole+ with Ethical Hacking and Penetration Testing
Loophole+ with Ethical Hacking and Penetration Testing Duration Lecture and Demonstration: 15 Hours Security Challenge: 01 Hours Introduction Security can't be guaranteed. As Clint Eastwood once said,
More informationFirewalls, Tunnels, and Network Intrusion Detection
Firewalls, Tunnels, and Network Intrusion Detection 1 Part 1: Firewall as a Technique to create a virtual security wall separating your organization from the wild west of the public internet 2 1 Firewalls
More informationExhibit B5b South Dakota. Vendor Questions COTS Software Set
Appendix C Vendor Questions Anything t Applicable should be marked NA. Vendor Questions COTS Software Set Infrastructure 1. Typically the State of South Dakota prefers to host all systems. In the event
More informationWindows Operating Systems. Basic Security
Windows Operating Systems Basic Security Objectives Explain Windows Operating System (OS) common configurations Recognize OS related threats Apply major steps in securing the OS Windows Operating System
More informationANNEXURE-1 TO THE TENDER ENQUIRY NO.: DPS/AMPU/MIC/1896. Network Security Software Nessus- Technical Details
Sub: Supply, Installation, setup and testing of Tenable Network Security Nessus vulnerability scanner professional version 6 or latest for scanning the LAN, VLAN, VPN and IPs with 3 years License/Subscription
More informationFIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design Learning Objectives Identify common misconceptions about firewalls Explain why a firewall
More informationDescription: Course Details:
Course: Malicious Network Traffic Analysis Duration: 5 Day Hands-On Lab & Lecture Course Price: $ 3,495.00 Description: There are a tremendous amount of network based attacks to be aware of on the internet
More informationOvation Security Center Data Sheet
Features Scans for vulnerabilities Discovers assets Deploys security patches easily Allows only white-listed applications in workstations to run Provides virus protection for Ovation Windows stations Aggregates,
More informationensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster
Security Standards Symantec shall maintain administrative, technical, and physical safeguards for the Symantec Network designed to (i) protect the security and integrity of the Symantec Network, and (ii)
More informationFedVTE Training Catalog SUMMER 2015. advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov
FedVTE Training Catalog SUMMER 2015 advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov Access FedVTE online at: fedvte.usalearning.gov If you need any assistance please
More informationLinux Server Support by Applied Technology Research Center. Proxy Server Configuration
Linux Server Support by Applied Technology Research Center Proxy Server Configuration We configure squid for your LAN. Including transparent for HTTP and proxy for HTTPS. We also provide basic training
More informationCompTIA Network+ (Exam N10-005)
CompTIA Network+ (Exam N10-005) Length: Location: Language(s): Audience(s): Level: Vendor: Type: Delivery Method: 5 Days 182, Broadway, Newmarket, Auckland English, Entry Level IT Professionals Intermediate
More informationFedVTE Training Catalog SPRING 2015. advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov
FedVTE Training Catalog SPRING 2015 advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov If you need any assistance please contact the FedVTE Help Desk here or email the
More informationCisco Advanced Services for Network Security
Data Sheet Cisco Advanced Services for Network Security IP Communications networking the convergence of data, voice, and video onto a single network offers opportunities for reducing communication costs
More informationMCSE Objectives. Exam 70-236: TS:Exchange Server 2007, Configuring
MCSE Objectives Exam 70-236: TS:Exchange Server 2007, Configuring Installing and Configuring Microsoft Exchange Servers Prepare the infrastructure for Exchange installation. Prepare the servers for Exchange
More informationTrack 2: Introductory Track PREREQUISITE: BASIC COMPUTER EXPERIENCE
Anne Arundel Community College Tracks Anne Arundel Community College s computer technologies courses have been organized into 10 suggested tracks. The tracks are arranged to ensure that students have the
More informationOvation Security Center Data Sheet
Features Scans for vulnerabilities Discovers assets Deploys security patches transparently Allows only white-listed applications to run in workstations Provides virus protection for Ovation Windows workstations
More informationMcAfee Next Generation Firewall (NGFW) Administration Course
McAfee Product Education McAfee Next Generation Firewall (NGFW) Administration Course The McAfee NGFW Administration course from Education Services provides attendees with hands-on training on the design,
More informationWindows 7, Enterprise Desktop Support Technician
Course 50331D: Windows 7, Enterprise Desktop Support Technician Page 1 of 11 Windows 7, Enterprise Desktop Support Technician Course 50331D: 4 days; Instructor-Led Introduction This four-day instructor-ledcourse
More informationChapter 9 Firewalls and Intrusion Prevention Systems
Chapter 9 Firewalls and Intrusion Prevention Systems connectivity is essential However it creates a threat Effective means of protecting LANs Inserted between the premises network and the to establish
More informationNETWORK SECURITY (W/LAB) Course Syllabus
6111 E. Skelly Drive P. O. Box 477200 Tulsa, OK 74147-7200 NETWORK SECURITY (W/LAB) Course Syllabus Course Number: NTWK-0008 OHLAP Credit: Yes OCAS Code: 8131 Course Length: 130 Hours Career Cluster: Information
More informationNSA/DHS Centers of Academic Excellence for Information Assurance/Cyber Defense
NSA/DHS Centers of Academic Excellence for Information Assurance/Cyber Defense Cyber Investigations Data Management Systems Security Data Security Analysis Digital Forensics Health Care Security Industrial
More informationIntroduction to Cyber Security / Information Security
Introduction to Cyber Security / Information Security Syllabus for Introduction to Cyber Security / Information Security program * for students of University of Pune is given below. The program will be
More informationNETASQ & PCI DSS. Is NETASQ compatible with PCI DSS? NG Firewall version 9
NETASQ & PCI DSS Is NETASQ compatible with PCI DSS? We have often been asked this question. Unfortunately, even the best firewall is but an element in the process of PCI DSS certification. This document
More informationEC-Council Certified Security Analyst (ECSA)
EC-Council Certified Security Analyst (ECSA) v8 Eğitim Tipi ve Süresi: 5 Days VILT 5 Day VILT EC-Council Certified Security Analyst (ECSA) v8 Learn penetration testing methodologies while preparing for
More informationWeb Application Threats and Vulnerabilities Web Server Hacking and Web Application Vulnerability
Web Application Threats and Vulnerabilities Web Server Hacking and Web Application Vulnerability WWW Based upon HTTP and HTML Runs in TCP s application layer Runs on top of the Internet Used to exchange
More information2. From a control perspective, the PRIMARY objective of classifying information assets is to:
MIS5206 Week 13 Your Name Date 1. When conducting a penetration test of an organization's internal network, which of the following approaches would BEST enable the conductor of the test to remain undetected
More informationCourse Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits)
Page 1 of 6 Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits) TNCC Cybersecurity Program web page: http://tncc.edu/programs/cyber-security Course Description: Encompasses
More informationTESTING OUR SECURITY DEFENCES
INFOSECURITY WITH PLYMOUTH UNIVERSITY TESTING OUR SECURITY DEFENCES Dr Maria Papadaki maria.papadaki@plymouth.ac.uk 1 1 Do we need to test our defences? Can penetration testing help to improve security?
More informationNetwork Access Security. Lesson 10
Network Access Security Lesson 10 Objectives Exam Objective Matrix Technology Skill Covered Exam Objective Exam Objective Number Firewalls Given a scenario, install and configure routers and switches.
More informationNetwork Security: 30 Questions Every Manager Should Ask. Author: Dr. Eric Cole Chief Security Strategist Secure Anchor Consulting
Network Security: 30 Questions Every Manager Should Ask Author: Dr. Eric Cole Chief Security Strategist Secure Anchor Consulting Network Security: 30 Questions Every Manager/Executive Must Answer in Order
More informationVMware: Advanced Security
VMware: Advanced Security Course Introduction Course Introduction Chapter 01 - Primer and Reaffirming Our Knowledge Primer and Reaffirming Our Knowledge ESX Networking Components How Virtual Ethernet Adapters
More informationFREQUENTLY ASKED QUESTIONS
FREQUENTLY ASKED QUESTIONS Secure Bytes, October 2011 This document is confidential and for the use of a Secure Bytes client only. The information contained herein is the property of Secure Bytes and may
More information74% 96 Action Items. Compliance
Compliance Report PCI DSS 2.0 Generated by Check Point Compliance Blade, on July 02, 2013 11:12 AM 1 74% Compliance 96 Action Items Upcoming 0 items About PCI DSS 2.0 PCI-DSS is a legal obligation mandated
More informationMalicious Network Traffic Analysis
Malicious Network Traffic Analysis Uncover system intrusions by identifying malicious network activity. There are a tremendous amount of network based attacks to be aware of on the internet today and the
More informationA Decision Maker s Guide to Securing an IT Infrastructure
A Decision Maker s Guide to Securing an IT Infrastructure A Rackspace White Paper Spring 2010 Summary With so many malicious attacks taking place now, securing an IT infrastructure is vital. The purpose
More informationFBLA Cyber Security aligned with Common Core 6.14. FBLA: Cyber Security RST.9-10.4 RST.11-12.4 RST.9-10.4 RST.11-12.4 WHST.9-10.4 WHST.11-12.
Competency: Defend and Attack (virus, spam, spyware, Trojans, hijackers, worms) 1. Identify basic security risks and issues to computer hardware, software, and data. 2. Define the various virus types and
More informationFISMA / NIST 800-53 REVISION 3 COMPLIANCE
Mandated by the Federal Information Security Management Act (FISMA) of 2002, the National Institute of Standards and Technology (NIST) created special publication 800-53 to provide guidelines on security
More informationCompTIA Security+ Certification Study Guide. (Exam SYO-301) Glen E. Clarke. Gravu Hill
CompTIA Security+ Certification Study Guide (Exam SYO-301) Glen E. Clarke McGraw-Hill is an independent entity from CompTIA,This publication and CD may be used in assisting students to prepare for the
More informationFirewalls, Tunnels, and Network Intrusion Detection. Firewalls
Firewalls, Tunnels, and Network Intrusion Detection 1 Firewalls A firewall is an integrated collection of security measures designed to prevent unauthorized electronic access to a networked computer system.
More informationSecurity Controls What Works. Southside Virginia Community College: Security Awareness
Security Controls What Works Southside Virginia Community College: Security Awareness Session Overview Identification of Information Security Drivers Identification of Regulations and Acts Introduction
More informationMedical Device Security Health Imaging Digital Capture. Security Assessment Report for the Kodak CR V4.1
Medical Device Security Health Imaging Digital Capture Security Assessment Report for the Kodak CR V4.1 Version 1.0 Eastman Kodak Company, Health Imaging Group Page 1 Table of Contents Table of Contents
More informationModule 3: Resolve Software Failure This module explains how to fix problems with applications that have problems after being installed.
CÔNG TY CỔ PHẦN TRƯỜNG CNTT TÂN ĐỨC TAN DUC INFORMATION TECHNOLOGY SCHOOL JSC LEARN MORE WITH LESS! 50331 - Windows 7, Enterprise Desktop Support Technician Duration: 5 days About this Course This five-day
More informationLinux Network Security
Linux Network Security Course ID SEC220 Course Description This extremely popular class focuses on network security, and makes an excellent companion class to the GL550: Host Security course. Protocols
More information