e-code Academy Information Security Diploma Training Discerption

Transcription

1 e-code Academy Information Security Diploma Training 2015

2 I. CONTENTS II. INTRODUCTION... 2 OVERVIEW... 2 COPYRIGHTS AND TRADEMARKS... 2 III. OBJECTIVE... 3 LIST OF POSTGRADUATE COURSES... 3 FIRST SEMESTER (2 MONTHS)... 4 SECOND SEMESTER (2 MONTHS)... 4 PROJECT (1 MONTH)... 4 LABORATORY REQUIREMENTS... 5 PREREQUISITES... 5 IV. COURSE SYLLABUSES... 5 ISC 901 SECURITY ENGINEERING... 5 ISC 910 CRYPTOGRAPHY... 6 ISC 912 SECURITY PROGRAMMING... 6 ISC 913 SECURITY STANDARDS... 6 ISC 920 NETWORK AND SYSTEMS SECURITY... 7 ISC 921 ETHICAL HACKING... 7 ISC 930 SOFTWARE SECURITY... 8 ISC 940 SECURE HARDWARE PROGRAMMING... 8 ISC 950 SECURITY PROJECT... 9 V. ABOUT E-CODE

3 II. INTRODUCTION Overview In this diploma, candidates will study the Digital Security basics. The candidate will be aware of following topics: cryptography theory, the differences between cryptographic techniques, the strength and the weakness, the software and hardware implementation of cryptographic techniques, data encryption, data integrity, digital signature, data security attacks and cryptanalysis techniques, security standards, security software and smart card programming, security hardware and security hardware programming. The diploma takes a duration of five months, divided into two semester followed by project. In each semester there are practical lap with experiments related to studied topics. The curriculum provides detailed plan of courses schedule, lab requirements, prerequisites, and course details. By the end of each course there is an exam. In the last month there is a practical project ends with demonstration and evaluation. By the end of diploma successful candidates take a certification with the archived grade. Copyrights and Trademarks All of the content on this manual and accompanying software(including all text, graphics, sounds, demos, patches, hints and other files) is covered under KSA and international copyright and trademark laws by E-Code and other companies, and are property of E-Code, or are presented with permission and/or under license. This content may not be used for any commercial use without express written permission of E-Code, and possibly other copyright or trademark owners. All other trademarks and copyrights are the property of their respective owners. 2015, E-Code 2

4 III. OBJECTIVE Provide recent technology and techniques related to digital security Provide practical experience related to digital security Provide theoretical background related to digital security Provide the market with digital security experts Prepare student to advanced digital security studies like Master and PHD List of Postgraduate s First Semester ISC 901 Security Engineering ISC 910 Cryptography ISC 921 Ethical Hacking ISC 912 Security Programming Using Security Software Laboratory Second Semester ISC 930 Software Security ISC 913 Security Standards ISC 920 Network and Systems Security ISC 940 Secure Hardware Programming Using Security Hardware Laboratory Project ISC 950 Security Project 3

5 First Semester (2 Months) No Code Name Final Work Lab Total Hours 1 ISC 901 Security Engineering ISC 910 Cryptography ISC 921 Ethical Hacking ISC 912 Security Programming Using Security Hardware Laboratory Second Semester (2 Months) Total in Two Months 216 No Code Name Final Work Lab Total Hours 1 ISC 930 Software Security ISC 913 Security Standards ISC 920 Network and Systems Security ISC 940 Secure Hardware Programming Using Security Hardware Laboratory Project (1 Month) Total in Two Months 216 No Code Name Final Work Lab Total Hours 1 ISC 950 Security Project

6 Laboratory Requirements High Speed Computers (i5/8gb) Secure Microcontroller Boards or Emulators Prerequisites Math Probability and Statistics C Programming C++ Programming Microcontroller Programming IV. COURSE SYLLABUSES ISC 901 Security Engineering Security Engineering Code ISC 901 References Introduction to Security Engineering, Usability and Psychology, Protocols, Access Control, Cryptography, Distributed Systems, Economics, Multilevel Security, Multilateral Security, Banking and Bookkeeping, Physical Protection, Monitoring and Metering, Nuclear Command and Control, Security Printing and Seals, Biometrics, Physical Tamper Resistance, Emission Security, API Security, Electronic and Information Warfare, Telecom System Security, Network Attack and Defense, Copyright and DRM, The Bleeding Edge, Terror, Justice and Freedom, Managing the Development of Secure Systems, System Evaluation and Assurance. Ross J. Anderson, Security Engineering: A Guide to Building Dependable Distributed Systems, Wiley,

7 ISC 910 Cryptography Cryptography Code ISC 910 References Introduction to Cryptography Systems, Classical Ciphers, Block Ciphers and DES, Finite Fields, Advanced Encryption Standards, Block Cipher Operations, Pseudorandom Number Generation and Stream Ciphers, Number Theory, Public- Key Cryptography and RSA, Other Public-Key Cryptosystems, Cryptographic Hash Functions, Message Authentication Codes, Digital Signatures. William Stallings, Cryptography and Network Security, William Stallings, 5 th Edition, Prentice Hall, 2010 ISC 912 Security Programming Security Programming Code ISC 912 Using Microsoft Cryptography Service Provider SDK (CSP, CNG), Using RSA Public Key Cryptographic System SDK (PKCS11), And Using Java Security SDK. References Microsoft CSP SDK Reference Guide Microsoft CNG SDK Reference Guide RSA PKCS11 SDK Reference Guide Java Security Reference Guide Basics of Smart Card Programming using Java ISC 913 Security Standards Security Standards Code ISC 913 Common Criteria, Introduction, Common Criteria Standards, Process Overview, Pre-Evaluation Preparation, Developing the Business Case, Resource Allocation, Managing Project Scope, Partner Selection, Evidence Developments Tips, Security Target, Development Evidence, Lifecycle Support Evidence, Test, Vulnerabilities Assessment and Guidance Evidence, Case Studies. 6

8 FIPS, Introduction, Threats and Risks, FIPS 140 Overview, Algorithm Validation, Module Validation, Cost and Timeline, Security Requirements, Case Studies. References Wesley Hisao Higaki and Yukie Higaki, Successful Common Criteria Evaluations: A Practical Guide for Vendors, CreateSpace Independent Publishing Platform, 2010 Wesley Hisao Higaki, Ray Potter and Yukie Higaki, FIPS 140 Demystified: An Introductory Guide for Vendors, CreateSpace Independent Publishing Platform, 2010 Common Criteria Standards FIPS 140 Standards ISC 920 Network and Systems Security Network and Systems Security Code ISC 920 References Mutual Authentication, Key Management and Distribution, User Authentication Protocols, Network Security, Transport-Level Security, Wireless Network Security, Electronic Mail Security, IP Security, System Security, Intruders, Malicious Software, Firewalls, Legal and Ethical Issues. William Stallings, Cryptography and Network Security, 5 th Edition, Prentice Hall, 2010 ISC 921 Ethical Hacking Ethical Hacking Code ISC 921 Overview, TCP/IP Concepts Review, Network and Computers Attacks, Footprinting and Social Engineering, Port Scanning, Enumeration, Programming for Security Professionals, Desktop and Server OS Vulnerabilities, Embedded Operating Systems the Hidden Threat, Hacking Web Servers, Hacking Wireless Network, Cryptography and Cryptographic Attacks, Network Protection Systems. 7

9 References Michael T. Simpson, Kent Backman and James Corley, Hands-On Ethical Hacking and Network Defense, 2 nd Edition, Delmar Cengage Learning, 2010 ISC 930 Software Security Software Security Code ISC 930 Software Cracking, Assembly Language, Windows Reverse Engineering, Linux Reverse Engineering, Windows CE Reverse Engineering, Overflow Attack, Network Stalking, TCP/IP Analysis, Social Engineering, Reconnaissance, OS Fingerprinting, Hiding the Tracks, Platform Attacks, Unix Defense, Unix, Attacks, Windows Client Attacks, Windows Server Attacks, SOAP XML Web Services Security, SQL Injection, Wireless Security, Advanced Defense, Audit Trail Analysis, Intrusion Detection Systems, Honeypots, Incident Response, Forensics and Anti forensics. References Cyrus Peikari and Anton Chuvakin, Security Warrior, O'Reilly Media, 2004 ISC 940 Secure Hardware Programming Secure Hardware Programming Code ISC 940 Introduction to 8051, Introduction to Smart MX, Using UART, Using CIU, Using MMU, Using Checksum, Using Copy Machines, Using SBC Module for Symmetric Ciphers, Using Fame2 for Asymmetric Ciphers. References NXP P60 Datasheet Muhammad Ali Mazidi, Janice G. Mazidi and Rolin D. McKinlay, The 8051 Microcontroller and Embedded Systems, 2 nd Edition, Prentice Hall,

10 ISC 950 Security Project Practical project in one of the following areas: Cryptography and Data Security, Networks and Systems security, Software Security, Hardware Security. 9

11 V. ABOUT E-CODE E-Code is a leading progressive, innovative company in the field of information security providing technology, state of the art solutions, consulting, integration and testing services to safeguard the information assets, identities and the supporting infrastructure against unauthorized use. Our high quality service and excellent benefits and the ability of being reliable and responsible put us as a leader on the top of digital security companies. E-Code provides unique products and solutions, which cover many security areas fulfilling customers need in different market sectors. We provide a set of products and solutions covering the following areas: software protection, data encryption, security hardware, digital signature, secure identification and authentication, secure online distribution of digital Contents. We supports different market sectors like; governmental institutes, organizations, banks, software development companies, multimedia software and game producers, media and ebooks publishers and individual users. Dongle Fingerprint Smart Token Smart Card Fingerprint Smart OTP Card Smart Token Fingerprint OTP Token Secure SD Card Secure Flash with Fingerprint Website info@e-code.com, support@e-code.com, sales@e-code.com Telephone Fax 10

12