Course NT-CSF Cyber Security Fundamentals
Attention! Course is canceled.
A basic course for cybersecurity professionals covering topics such as cybersecurity, the basic concepts of risk and the principle of architectural security.
After completing this course, students will be able to:
- define key concepts, roles and areas of cybersecurity
- determine the timing, concepts and foundations of risk management
- identify common types and vectors of attacks
- define the framework and guidelines for policies and procedures
- define cybersecurity control processes
- identify different types of cybersecurity architecture
- define the OSI model
- explain how various defense strategies work for flow control, network slicing and logging, monitoring and intrusion detection
- describe the basics, methods and encryption programs
- identify, assess and respond to risks and vulnerabilities in the network through penetration testing
- identify key aspects and associated risks for protecting data, programs, operating systems and networks;
- determine the methodology for responding to accidents;
- define the basic concepts, practices, tools, tactics, techniques and procedures for processing digital forensic data;
- develop a plan for eliminating the consequences of disruptions in the functioning of information and telecommunication networks and ensuring the continuity of business processes;
- identify implications for the adaptation of new technologies
Audience Profile
Information security professionals, solution architects, integration engineers, enterprise architects, developers who want to understand the key aspects of cybersecurity.
- The modern landscape of enterprise management
- Transformational trends, review of new technological platforms and their impact on threats
- Traditional threats and new trends. Advanced persistent threats (APT)
- New challenges for cybersecurity experts
- From information security to cyber security
- Risks, attack vectors, policies and procedures, controls
- An overview of the NIST Cybersecurity Framework framework and controls
- Strengths NIST, COBIT, ISO 27001, CIS Controls
- Information security management in the framework of ITSM/ITIL processes/practices
- Security architecture and corporate architecture
- New ITIL 4 and OpenAgile Architecture strategies affecting security
- Cisco SAFE Models and Vision
- Attack models and frameworks. Lockheed Martin Cyber Kill Chain (kill chain)
- MITER Attack Model: Tactics in MITER PRE-ATT&CK
- Determination of priority
- Target selection
- Collection of information
- Identification of weaknesses
- Attacker's OpSec process
- Creation and maintenance of infrastructure
- Persona development
- Development of means of attack
- Testing means of attack
- Determining the stages of using attack tools
- MITER Attack Model: Tactics in ATT&CK Enterprise
- Initial Access
- Performance
- Anchoring
- Privilege Elevation
- Security Bypass
- Get credentials
- Detection
- Lateral movement
- Data collection
- Exfiltration
- Management and control
- MITER attack model: Modeling attacker actions and countermeasures according to ATT&CK
- Workshop on NIST controls
- Workshop on ISO 2700 controls:
- Information security coordination
- Allocation of responsibilities related to information security
- Consultations of specialists in information security
- Cooperation between organizations
- Independent assessment of information security
- Classification and control of resources
- Responsibility for resources
- Classification of information according to the level of confidentiality
- Personnel safety issues
- Security in the formulation of assignments and recruitment
- User training
- Incident and outage response
- Systems development and maintenance
- System security requirements
- Security in applied systems.
- System file security
- Security during development and support
- Physical security and territory protection
- Protected areas and equipment safety
- User access control
- User Responsibilities
- Network access control
- Operating system access control
- Application Access Control
- System access and usage monitoring
- Mobile computers and remote work tools
- Assessment and audit
- Compliance with the requirements
- Legal Compliance
- Checking Security Policy and Technical Compliance
- Systems audit recommendations
- Ensuring business continuity. Business Continuity Considerations
- Ensuring safety during operation
- Work rules and responsibilities
- Development planning and system acceptance
- Malicious software protection
- Service procedures
- Computer network management
- Media handling and safety
- Exchange of information and software
- Planning Results Reports
- Reports on the results of the implementation of the necessary measures
- Reports on the results of assessments and audits
- Reports on specific events, incidents
- OWASP, OWASP SAMM security framework for developing web applications
- Security features for virtual infrastructure and containers
- Security of application servers and integration platforms of the Enterprise Service Bus class
- Architectural patterns and security
- Microservices and API Gateways. API Economy concept
- Firewall, NAT, VPN. IDS and IPS systems. Integration platforms with security features
- SIEM platform IBM QRadar, Splunk, Microfocus ArcSight. Events, Incident Response, Litigation, Investigation
- Recovery Plans (DRP) and Continuity Management Plans (BCM)
- Culture and injection of security values into DevOps practices
- Content planning and end-user training organization
Sign up for the closest date
Copyright © 2024 Networking Technologies