Certificate in Cyber Security

Transcription

1 Certificate in Cyber Security Offered as a partnership between Cape Peninsula University of Technology (CPUT), French South African Institute of Technology (F SATI), CS Interactive Training and Boshoff Industries. Course title Certificate in Cyber Security Purpose of the course To respond to the training needs of security teams within industry and to build capacity in cyber and satellite security. South Africa is experiencing immense shortages of cyber security specialists and especially shortages in focused training opportunities for corporate staff. Cooperation between industry and universities to establish and offer targeted training content within the cyber security domain is not yet realized within South Africa. This is also evident within the nano-satellite industry as applications are developed to utilize constellations. F SATI is moving towards the design and development of targeted software applications and it becomes essential to study and integrate effective security tools and techniques from the start. This training is unique as it is developed by specialists within industry and is to be offered through cooperation between industry and academia. In this way research can be stimulated and a culture of cyber and satellite security can be promoted to benefit industry and the local community. The main objective of the course is to provide training to security teams within the corporate environments and at the same time provide private persons with the opportunity to enter the computer security market. Target Market Security personnel working within the spheres of information and computer security as well as prospective students that want to embark on a career within the cyber and satellite security domain. Entrance qualification Matric certificate or equivalent qualification with a minimum of 50% for Mathematics. Experience within the information security industry will be beneficial. Attendees must have Internet access and suitable computing hardware and software in order to participate on the e-learning forums and complete practical assignments. Structure of the course The course consists of four modules. Each of the modules is presented by way of two days contact (face-to-face) sessions followed by a 2 week e-learning period. A student has to pass all four modules with a minimum mark of 70% in order to successfully complete the course and receive the certificate in cyber security. The e-learning period following the module presentations provides a way for the attendees to participate and communicate with experts via dedicated online forums and in doing so form part of a growing cyber security community. Page 1 of 5

2 Duration Each module consists of two days contact time as well as a two week e-learning period. The total duration for all four modules: 8 days contact time and 8 weeks e-learning. Dates & Times Venue for contact sessions: F SATI, Bellville campus. Dates for 2014 (9h00-16h00): Module 1 (Computer Systems and Security Environment) Contact session dates: 30 September & 1 October 2014 E-learning period: 2 October October 2014 Module 2 (Analysis, Writing & Cryptography) Contact session dates: 14 & 15 October 2014 E-learning period: 16 October November 2014 Module 3: (Technical Security) Contact session dates: 4 & 5 November 2014 E-learning period: 6 November November 2014 Module 4: (Security Governance) Contact session dates: 18 & 19 November 2014 E-learning period: 20 November 11 December 2014 Exam: 12 December 2014 Course fee per person ZAR 4,850 per module (of 4 modules). Total for all modules ZAR 19,400. Core Syllabus MODULE 1: COMPUTER SYSTEMS AND THE SECURITY ENVIRONMENT Introduction to Information Security What is security? The need for security The enemy (black hat, white hat, hacktivism, organized crime) Security terminologies CIA (Pillars of information security) & authentication & non-repudiation Satellite security Threat environment Security awareness Information warfare Social engineering Malicious code (i.e. botnets, malware, etc.) Introduction to the attack process Introduction to attack vectors Page 2 of 5

3 Page 3 of 5 Social networks (i.e. attacks via facebook, twitter, etc.) Computer Systems Essentials Introduction to operating systems Networking & communication essentials Internet & Web essentials File management & database systems Application software Software design & testing MODULE 2: ANALYSIS, TECHNICAL WRITING & CRYPTOGRAPHY Elementary Encryption Encryption overview Substitution ciphers Transpositions Symmetric & asymmetric encryption Stream & block ciphers Confusion & diffusion Data Encryption Standard (DES) AES Encryption Standard Public Key encryption: RSA Hash functions Practical applications of encryption (i.e. Bitcoins) Digital signatures Digital certificates Cryptanalysis & Control Breaking encryption schemes Tools & controls Analysis & Technical Writing Information analysis & synthesis Technical report writing MODULE 3: TECHNICAL SECURITY Program Security Flaws & fixing faults Program errors Targeted malicious code Controls against program threats Operating System Security Operating system flaws Memory and address protection Control access File protection User authentication Open source systems Network & Internet Security (6 hours) Network threats Controls Firewalls Intrusion Detection Systems

4 Intrusion Prevention Systems security Web security MODULE 4: SECURITY GOVERNANCE Laws, Rules & Regulations Local and International Rights of employees and employers Computer crime Privacy Ethical issues & case studies Security Policies, Plans & Procedures Military & commercial policies Policies in action Security models Security plans & procedures Security evaluation Security Design & Management Planning for security Planning for contingencies Developing the security program Security management models and practices Risk analysis & management Identifying & assessing risks Accessing & controlling risks Protection mechanisms Quality assurance (assessment, moderation, certification) Candidates will be assessed in the following manner: Attendance of contact sessions Participation on dedicated e-learning forum as per guidelines Online assessments Online projects Final Exam For successful completion of the certificate an attendee needs to obtain a passing mark of at least 70% for each module. Assessments are compiled as per University and industry requirements. Moderation will be conducted by experts from the University (F SATI), other academic institutions as well as industry. Certificates will be issued by CPUT and certificates will contain logos of all partners. Open Badges A digital badge is an online representation of a skill earned. Open Badges allows a person to verify their skills, interests and achievements through credible organizations. Badges are displayed on the web, shared for employment, education or lifelong learning. Open Badges is a new online standard to recognize and verify learning. Badges as per industry certification will be issued after successful completion of the certificate. Page 4 of 5

5 NQF Level NQF Level 5 Lecturers & Facilitators Prof. Elmarie Biermann (F SATI) will be the main facilitator. Partners 1. Cape Peninsula University of Technology (CPUT) is a leading University of Technology that provides a wide range of qualifications within the Western Cape. 2. French South African Institute of Technology (F SATI) offers international Master of Science and Doctorate programmes in Electronic Engineering in collaboration with ESIEE-Paris, a graduate school in electronic engineering in France. They focus on research and development within the nano-satellite sphere through the development of CubeSats. 3. CS Interactive Training provides training and support to teams of business and ICT professionals that are responsible for systems and business change management initiatives within organisations. Their goal is to enable organisations to build core competencies that enable the managing of change more effectively and reduce complexity within core processes and systems. They believe in long term partnerships that will effectively transfer skills and capabilities to staff. Our Out-of-the-Box working style allows us to identify additional training requirements and then incorporate this into our set works. 4. Boshoff Industries are leaders in Enterprise IT Security and Assessment Services. They provide security services such as penetration testing and vulnerability assessment to ensure corporate entities are safe, secure and adhering to national laws, standards and policies. Page 5 of 5