DASVM’s Cybersecurity Essentials is the ideal course for anyone who needs to get a good all-round understanding of Cybersecurity. It provides an understanding of the fundamental principles of cybersecurity at a decision-making level. You don't have to be an aspiring security professional to do this course, it is suitable for everyone.

The content of this training course represents the essentials of Cybersecurity, and it is designed in the way that the capabilities learned by following this training course will be used to protect organizations and the society as a whole from areas of emerging threats.

Course Objectives:

• Recognize the importance of data security, maintaining data integrity, and confidentiality
• Demonstrate the installation of software updates and patches
• Identify preferred practices for authentication, encryption, and device security
• Discuss types of security threats, breaches, malware, social engineering, and other attack vectors
• Understand key terms and concepts in cyber security
• Analyse threats and risks within context of the cybersecurity landscape
• Evaluate decision making outcomes of cybersecurity scenarios
• Understand and acquire comprehensive knowledge on the main concepts of cybersecurity
• Obtain the expertise required in order to be able to build a career in cybersecurity
• Take steps towards creating a cybersecurity culture within an organisation

Course content

1. Cybersecurity Threats, Vulnerabilities and Attacks

Common Threats

• Threat Domains
• Types of Cyber Threats
• Internal vs External Threats
• Know the Difference
• User Threats and Vulnerabilities
• Threats to Devices
• Threats to the Local Area Network
• Threats to the Private Cloud
• Threats to the Public Cloud
• What Do You Think?
• Threats to Applications
• Domain Checker
• Threat Complexity
• Backdoors and Rootkits
• Threat Intelligence and Research Sources
• Install a Virtual Machine on a Personal Computer
• Explore Social Engineering Techniques

Deception

• Social Engineering
• Social Engineering Tactics
• Watch Out!
• Shoulder Surfing and Dumpster Diving
• Impersonation and Hoaxes
• Piggybacking and Tailgating
• Other Methods of Deception
• Spot the Attack
• Defending Against Deception
• Use a Port Scanner to Detect Open Ports

Cyber Attacks

• What’s the Difference?
• Logic Bombs
• Ransomware
• Denial of Service Attacks
• Domain Name System
• Build a Home Network
• Layer 2 Attacks
• Spot the Attack
• Man-in-the-Middle and Man-in-the-Mobile Attacks
• Zero-Day Attacks
• Keyboard Logging
• Confirm Your Details
• Defending Against Attacks
• Investigate a Threat Landscape

Wireless and Mobile Device Attacks

• Grayware and SMiShing
• Rogue Access Points
• Radio Frequency Jamming
• Bluejacking and Bluesnarfing
• Attacks Against Wi-Fi Protocols
• Risky Business
• Wi-Fi and Mobile Defense

Other Attacks

• Cross-Site Scripting
• Code Injection
• Buffer Overflow
• Remote Code Executions
• Other Application Attacks
• What Do You Think?
• Defending Against Application Attacks
• Spam
• Phishing
• Vishing, Pharming and Whaling
• Gone Phishing…
• Defending Against Email and Browser Attacks

2. Cybersecurity P3 (Principles, Practices and Processes)

The Three Dimensions

• The Cybersecurity Cube
• CIA Triad – The Principle of Confidentiality
• Protecting Data Privacy
• Data Integrity
• Availability
• Ensuring Availability
• The Cybersecurity Sorcery Cube Scatter Quizlet
• File and Data Integrity Checks
• Explore File and Data Encryption

States of Data

• Data at Rest
• Challenges of Protecting Stored Data
• Methods of Transmitting Data
• Challenges of Data in Transit
• Data in Process
• Challenges of Protecting Data in Process

Cybersecurity Countermeasures

• Hardware-Based and Software-Based Technologies
• Establishing a Culture of Cybersecurity Awareness
• Policies
• Standards
• Apply Your Knowledge
• Guidelines
• Procedures

Access Controls

• Physical Access Controls
• Logical Access Controls
• Administrative Access Controls
• Administrative Access Controls in Detail
• What Is Identification?
• Federated Identity Management
• Authentication Methods
• Multi-Factor Authentication
• Knowledge Check
• Authorization
• Configure Access Control
• Implementing Accountability
• Configure Authentication and Authorization in Linux

Cryptography

• What Is Cryptography?
• Creating Ciphertext
• Types of Cryptography
• The Two Encryption Approaches
• The Symmetric Encryption Process
• Symmetric Encryption Algorithms
• Asymmetric Encryption Process
• Asymmetric Encryption Algorithms
• Using Asymmetric Encryption
• Key Management
• Comparing Encryption Types

Hashing

• What Is Hashing?
• Hashing Properties
• Hashing Algorithms
• Modern Hashing Algorithms
• Hashing Files and Digital Media
• Hashing Passwords
• Cracking Hashes
• Identifying Hashing Terminology
• Salting
• Implementing Salting
• Preventing Attacks
• What Is an HMAC Operation?

Obscuring Data

• Data Masking Techniques
• Steganography
• Use Steganography to Hide Data

3. System and Network Defense

Defending Systems and Devices

• Operating System Security
• Do You Know Your Stuff?
• Points to Remember
• Patch Management
• Endpoint Security
• Host Encryption
• Boot Integrity
• Managing Device Threats
• Physical Protection of Devices
• Harden a Linux System
• Recover Passwords

Application Security

• Application Development
• Security Coding Techniques
• Input Validation
• Validation Rules
• Integrity Checks
• Other Application Security Practices
• Managing Threats to Applications

Network Hardening: Services and Protocols

• Network and Routing Services
• Telnet, SSH and SCP
• Secure Protocols
• Securing at Apollo’s Network

Network Hardening: Securing Network Devices

• Switches, Routers and Network Appliances
• Configure Your Firewall
• Intrusion Detection Systems
• Intrusion Prevention Systems
• NetFlow and IPFIX
• Network Access Control
• IDS vs IPS

Network Hardening: VPNs

• VPN Architecture
• IPsec
• VPN Solutions
• What’s the Problem?
• Configure VPN for Remote Access

Network Hardening: Segmentation

• Virtual Local Area Networks (VLANs)
• The Demilitarized Zone (DMZ)
• Managing Threats to the LAN

Hardening Wireless and Mobile Devices

• Wireless Device Security
• Configure Wireless Router Hardening and Security
• Authentication
• Authentication Protocols
• What Are Your Options?
• Mutual Authentication
• Communication Methods
• Mobile Device Management
• Mobile Device Protections
• GPS Tracking
• Bring Your Own Device

4. Defending the Enterprise

Embedded and Specialized Systems

• Threats to Key Industry Sectors
• The Emergence of the Internet of Things
• Embedded Systems
• The Internet of Things (IoT)
• VoIP Equipment
• Special-Purpose Embedded Systems
• Deception Technologies
• Managing Threats to the Private Cloud

Virtualization and Cloud Computing

• The Virtual Environment
• Cloud-Based Technology
• Cloud Computing
• Managing Threats to the Public Cloud

Account Management

• Account Types
• Privileged Accounts
• File Access Control
• Do You Have Permission?
• Account Policies in Windows
• Authentication Management
• Hash-Based Message Authentication Code (HMAC)
• Authentication Protocols and Technologies
• Configure Site-to-Site VPN
• Applications of Cryptographic Hash Functions
• Access Control Strategies
• Gaining Access

Cryptography in the Enterprise

• What Is a Digital Signature?
• Creating a Digital Signature
• Use Classic and Modern Encryption Algorithms
• Using Digital Signatures
• Comparing Digital Signature Algorithms
• Generate and Use a Digital Signature
• What Is a Digital Certificate?
• Using Digital Certificates
• Types of Digital Certificates
• Constructing a Digital Certificate
• Activity
• The Blockchain
• What Is the Blockchain Used For?

5. Cybersecurity Operations

Defense in Depth

• Defense in Depth Strategies

Cybersecurity Operations Management

• Configuration Management
• Log Files
• Operating System Logs and Application Security Logs
• Protocol Analyzers
• Knowledge Check

Physical Security

• Fencing and Physical Barriers
• Biometrics
• Badges and Access Logs
• Surveillance
• Effective Physical Security for @Apollo

Security Assessments

• Vulnerability Scanners
• Types of Scans
• Command Line Diagnostic Utilities
• Security Automation
• Labeling @Apollo’s Security Objectives
• Use Diagnostic Commands

Cybersecurity Resilience

• High Availability
• The Five Nines
• Single Points of Failure
• N+1 Redundancy
• RAID
• Spanning Tree
• Router Redundancy
• Location Redundancy
• Resilient Design
• System and Data Backups
• Designing High Availability Systems
• Power
• Heating, Ventilation and Air Conditioning (HAVC)
• Managing Threats to Physical Facilities
• Threat Manager
• Implement Physical Security with IoT Devices

Penetration Testing

• Cyber Kill Chains
• Other Attack Frameworks
• Penetration Testing
• Penetration Phases
• Exercise Types
• Packet Analyzer
• Protocol Analyzer Output
• Use Wireshark to Compare Telnet and SSH Traffic

6. Incident Response

Incident Response Phases

• Preparation
• Detection and Analysis
• Containment, Eradication and Recovery
• Post-Incident Follow-Up
• Stick to the Plan
• Gather System Information After an Incident

Disaster Recovery

• Types of Disasters
• Disaster Recovery Plan
• Implementing Disaster Recovery Controls
• Business Continuity Planning
• Business Continuity Considerations
• Business Continuity Best Practices
• Exercising Your Disaster Recovery Plan
• Under Control
• Investigate Disaster Recovery

Digital Forensics

• Elements of an Investigation
• Evidence
• Data Acquisition
• Digital Forensics Devices
• System Shutdown
• Order of Volatility

7. Asset and Risk Management

Asset Management

• Asset Identification
• Asset Classification
• Asset Standardization
• Asset Lifecycle Stages
• Your Turn

Risk Management

• Risk Types
• Risk Management
• The Risk Management Process
• What’s the Risk?

Risk Assessment

• Threat Source Types
• Risk Assessment Methodology
• Risk Analysis
• Risk Analysis
• Risk Mitigation
• Prioritize the Assets

Security Controls

• Control Types
• Functional Security Controls
• Are You in Control?

8. Governance and Compliance

Governance

• Governance
• Cybersecurity Policies
• Types of Security Policies
• Developing Cybersecurity Policies and Procedures
• Guiding Principles for Human Resources
• Managing User Threats

The Ethics of Cybersecurity

• Ethics of a Cybersecurity Specialist
• The Ten Commandments of Computer Ethics
• Exploring Cyber Ethics
• Cybercrime
• Cyber Laws
• The Federal Information Security Management Act (FISMA)
• Industry Specific Laws
• Security Breach Notification Laws
• Protecting Privacy
• International Laws
• Cybersecurity Laws Explained

IT Security Management Framework

• The Twelve Domains of Cybersecurity
• Control Objectives and Controls
• Map to ISO 27002 Control
• ISO 27000 and the CIA Triad
• ISO 27000 and the States of Data
• ISO 27000 and Safeguards
• The National Cybersecurity Workforce Framework
• The CIS Critical Security Controls
• The Cloud Controls Matrix
• Compliance
• Whose Job Is It Anyway?
• Skills Integrated Challenge

To see the full course content Download now