What is a Master in Cyber Security? The Master in Cyber Security is a computer-based degree that includes studying communication networks and technologies while including a discussion of legal and ethical issues in computer security. The Cyber Security Expert Master’s Program will equip you with the skills needed to become an expert in this rapidly growing domain. You will learn comprehensive approaches to protecting your infrastructure, including securing data and information, running risk analysis and mitigation, architecting cloud-based security, achieving compliance and much more with this best-in-class program. You have the opportunity to learn about forensic issues that help find the source of a data hack. Most master’s degrees include a research or thesis project as part of the program, which gives you a chance to focus on a specific area of interest. Earning a master’s degree offers many benefits. You may have the opportunity to work as an intern in a private business, which builds your resume and skill set. Meeting others in the field and working with professors is a great chance to network.

DASVM’s Cyber Security Expert Master’s Program provides cybersecurity professionals with foundational-level, intermediate-level, and advanced-level skills that entail industry-leading certifications like CompTIA Security+, CEH, CISM, CISSP, and CCSP. The program begins with introductory level technology training, then progresses to intermediate level hacking techniques such as reverse engineering, and network penetration testing.

Learning Objectives:

This course will enable you to:

• Stay up to date with the latest cyber security news and trends and make sure you are implementing adequate cyber security measures in your organization using suitable hardware and software.
• Avoid the risks of phishing attacks by adhering to ethical security behavior
• Understanding cloud computing and how it can help your business is vital for the success of your venture.
• Understand the legal requirements, privacy policies, and auditing process of your cloud environment
• Focus on getting the IT infrastructure in order and removing the clutter by investing in the right software solutions; invest in a partner who has your back.

Course content

CompTIA Security+ 501

Introduction

• Who Should Read This Book?
• CompTIA Security+ Exam Topics

Introduction to Security

• Security 101
• Think Like a Hacker
• Threat Actor Types and Attributes
• Review Key Topics

 Computer Systems Security Part I

• Malicious Software Types
• Delivery of Malware
• Preventing and Troubleshooting Malware
• Lesson Summary
• Review Key Topics
• Complete the Real-World Scenarios

Computer Systems Security Part II

• Implementing Security Applications
• Securing Computer Hardware and Peripherals
• Securing Mobile Devices
• Lesson Summary
• Review Key Topics
• Complete the Real-World Scenarios

OS Hardening and Virtualization

• Hardening Operating Systems
• Virtualization Technology
• Lesson Summary
• Review Key Topics
• Complete the Real-World Scenarios

Application Security

• Securing the Browser
• Securing Other Applications
• Secure Programming
• Lesson Summary
• Review Key Topics
• Complete the Real-World Scenarios

Network Design Elements

• Network Design
• Cloud Security and Server Defense
• Lesson Summary
• Review Key Topics
• Complete the Real-World Scenarios

Networking Protocols and Threats

• Ports and Protocols
• Malicious Attacks
• Lesson Summary
• Review Key Topics
• Complete the Real-World Scenarios

Network Perimeter Security

• Firewalls and Network Security
• NIDS Versus NIPS
• Lesson Summary
• Review Key Topics
• Complete the Real-World Scenarios

Securing Network Media and Devices

• Securing Wired Networks and Devices
• Securing Wireless Networks
• Lesson Summary
• Review Key Topics
• Complete the Real-World Scenarios

Physical Security and Authentication Models

• Physical Security
• Authentication Models and Components
• Lesson Summary
• Review Key Topics
• Complete the Real-World Scenarios

Access Control Methods and Models

• Access Control Models Defined
• Rights, Permissions, and Policies
• Lesson Summary
• Review Key Topics
• Complete the Real-World Scenarios

Vulnerability and Risk Assessment

• Conducting Risk Assessments
• Assessing Vulnerability with Security Tools
• Lesson Summary
• Review Key Topics
• Complete the Real-World Scenarios

Monitoring and Auditing

• Monitoring Methodologies
• Using Tools to Monitor Systems and Networks
• Conducting Audits
• Lesson Summary
• Review Key Topics
• Complete the Real-World Scenarios

Encryption and Hashing Concepts

• Cryptography Concepts
• Encryption Algorithms
• Hashing Basics
• Lesson Summary
• Review Key Topics
• Complete the Real-World Scenarios

PKI and Encryption Protocols

• Public Key Infrastructure
• Security Protocols
• Lesson Summary
• Review Key Topics
• Complete the Real-World Scenarios

Redundancy and Disaster Recovery

• Redundancy Planning
• Disaster Recovery Planning and Procedures
• Lesson Summary
• Review Key Topics
• Complete the Real-World Scenarios

Social Engineering, User Education, and Facilities Security

• Social Engineering
• User Education
• Facilities Security
• Lesson Summary
• Review Key Topics
• Complete the Real-World Scenarios

Policies and Procedures

• Legislative and Organizational Policies
• Incident Response Procedures
• IT Security Frameworks
• Lesson Summary
• Review Key Topics
• Complete the Real-World Scenarios

Certified Ethical Hacker (CEH)

Background

Network and Communication Technologies

• Networking technologies (e.g., hardware, infrastructure)
• Web technologies (e.g., web 2.0, skype)
• Systems technologies
• Communication protocols
• Telecommunication technologies
• Mobile technologies (e.g., smartphones)
• Wireless terminologies
• Cloud computing
• Cloud deployment models

 Information Security Threats and Attack Vectors

• Malware (e.g., Trojan, virus, backdoor, worms)
• Malware operations
• Information security threats and attack vectors
• Attacks on a system (e.g., DoS, DDoS, session hijacking, webserver and web applicationattacks, SQL injection, wireless threats)
• Botnet
• Cloud computing threats and attacks
• Mobile platform attack vectors
• Cryptography attacks

Information Security Technologies

• Information security elements
• Information security management (e.g. IA, Defense-in-Depth, incident management)
• Security trends
• Hacking and ethical hacking
• Vulnerability assessment and penetration testing
• Cryptography
• Encryption algorithms
• Wireless encryption
• Bring Your Own Device (BYOD)
• Backups and archiving (e.g., local, network)
• IDS, firewalls, and honeypots

Analysis / Assessment

Information Security Assessment and Analysis

• Data analysis
• Systems analysis
• Risk assessments
• Vulnerability assessment and penetration testing
• Technical assessment methods
• Network sniffing
• Malware analysis

Information Security Assessment Process

• Footprinting
• Scanning (e.g., Port scanning, banner grabbing, vulnerability scanning, network discovery,proxy chaining, IP spoofing)
• Enumeration
• System hacking (e.g., password cracking, privilege escalation, executing applications, hiding files, covering tracks)

Security

Information Security Controls

• Systems security controls
• Application/file server
• IDS
• Firewalls
• Cryptography
• Disk Encryption
• Network security
• Physical security
• Threat modeling
• Biometrics
• Wireless access technology (e.g., networking, RFID, Bluetooth)
• Trusted networks
• Privacy/confidentiality (with regard to engagement) 

Information Security Attack Detection

• Security policy implications
• Vulnerability detection
• IP Spoofing detection
• Verification procedures (e.g., false positive/negative validation)
• Social engineering (human factors manipulation)
• Vulnerability scanning
• Malware detection
• Sniffer detection
• DoS and DDoS detection
• Detect and block rogue AP
• Evading IDS (e.g., evasion, fragmentation)
• Evading Firewall (e.g., firewalking, tunneling)
• Honeypot detection
• Steganalysis

Information Security Attack Prevention

• Defend against webserver attacks
• Patch management
• Encoding schemes for web application
• Defend against web application attacks
• Defend against SQL injection attacks
• Defend against wireless and Bluetooth attacks
• Mobile platforms security
• Mobile Device Management (MDM)
• BYOD Security
• Cloud computing security

Tools / Systems / Programs

Information Security Systems

• Network/host based intrusion
• Boundary protection appliances
• Access control mechanisms (e.g., smart cards)
• Cryptography techniques (e.g., IPSec, SSL, PGP)
• Domain name system (DNS)
• Network topologies
• Subnetting
• Routers / modems / switches
• Security models
• Database structures

Information Security Programs

• Operating environments (e.g., Linux, Windows, Mac)
• Anti-malware systems and programs (e.g., anti-keylogger, anti-spyware, anti-rootkit, anti-trojan, anti-virus)
• Wireless IPS deployment
• Programming languages (e.g. C++, Java, C#, C)
• Scripting languages (e.g., PHP, Javascript)

Information Security Tools

• Network/wireless sniffers (e.g., Wireshark, Airsnort)
• Port scanning tools (e.g., Nmap, Hping)
• Vulnerability scanner (e.g., Nessus, Qualys, Retina)
• Vulnerability management and protection systems (e.g., Founds tone, Ecora)
• Log analysis tools
• Exploitation tools
• Footprinting tools (e.g., Maltego, FOCA, Recon-ng)
• Network discovery tools (e.g., Network Topology Mapper)
• Enumeration tools (e.g., SuperScan, Hyena, NetScanTools Pro)
• Steganography detection tools
• Malware detection tools
• DoS/DDoS protection tools
• Patch management tool (e.g., MBSA)
• Webserver security tools
• Web application security tools (e.g., Acunetix WVS)
• Web application firewall (e.g., dotDefender)
• SQL injection detection tools (e.g., IBM Security AppScan)
• Wireless and Bluetooth security tools
• Android, iOS, Windows Phone OS, and BlackBerry device security tools
• MDM Solutions
• Mobile Protection Tools
• Intrusion Detection Tools (e.g., Snort)
• Hardware and software firewalls (e.g., Comodo Firewall)
• Honeypot tools (e.g., KFSenser)
• IDS/Firewall evasion tools (e.g., Traffic IQ Professional)
• Packet fragment generators
• Honeypot Detection Tools
• Cloud security tools (e.g., Core CloudInspect)
• Cryptography tools (e.g., Advanced Encryption Package)
• Cryptography toolkit (e.g., OpenSSL)
• Disk encryption tools
• Cryptanalysis tool (e.g., CrypTool)

Procedures / Methodology

Information Security Procedures

• Cryptography
• Public key infrastructure (PKI)
• Digital signature and Pretty Good Privacy (PGP)
• Security Architecture (SA)
• Service oriented architecture
• Information security incident
• N-tier application design
• TCP/IP networking (e.g., network routing)
• Security testing methodology

Information Security Assessment Methodologies

• Web server attack methodology
• Web application hacking methodology
• SQL injection methodology and evasion techniques
• SQL injection evasion techniques
• Wireless and Bluetooth hacking methodology
• Mobile platform (Android, iOS, Windows Phone OS, and BlackBerry) hacking methodology
• Mobile Rooting and Jailbreaking

Regulation / Policy

Information Security Policies/ Laws/Acts

• Security policies
• Compliance regulations (e.g., PCI-DSS, SOX)

Ethics of Information Security

• Professional code of conduct
• Appropriateness of hacking

Information Security Governance

• Develop an information security strategy, aligned with business goals and directives.
• Establish and maintain an information security governance framework.
• Integrate information security governance into corporate governance.
• Develop and maintain information security policies.
• Develop business cases to support investments in information security.
• Identify internal and external influences to the organization.
• Gain ongoing commitment from senior leadership and other stakeholders.
• Define, communicate and monitor information security responsibilities
• Establish internal and external reporting and communication channels.

Information Risk Management

• Establish and/or maintain a process for information asset classification to ensure that measures taken to protect assets are proportional to their business value.
• Identify legal, regulatory, organizational and other applicable requirements to manage the risk of noncompliance to acceptable levels.
• Ensure that risk assessments, vulnerability assessments and threat analyses are conducted consistently, and at appropriate times, to identify and assess risk to the organization’s information.
• Identify, recommend or implement appropriate risk treatment/response options to manage risk to acceptable levels based on organizational risk appetite.
• Determine whether information security controls are appropriate and effectively manage risk to an acceptable level.
• Facilitate the integration of information risk management into business and IT processes to enable a consistent and comprehensive information risk management program across the organization.
• Monitor for internal and external factors (e.g., threat landscape, cybersecurity, geopolitical, regulatory change) that may require reassessment of risk to ensure that changes to existing or new risk scenarios are identified and managed appropriately.
• Report noncompliance and other changes in information risk to facilitate the risk management decision-making process.
• Ensure that information security risk is reported to senior management to support an understanding of potential impact on the organizational goals and objectives.

Information Security Program Development & Management

• Develop a security program, aligned with information security strategy
• Ensure alignment between the information security program and other business functions
• Establish and maintain requirements for all resources to execute the IS program
• Establish and maintain IS architectures to execute the IS program
• Develop documentation that ensures compliance with policies
• Develop a program for information security awareness and training
• Integrate information security requirements into organizational processes
• Integrate information security requirements into contracts and activities of third parties
• Develop procedures (metrics) to evaluate the effectiveness and efficiency of the IS program
• Compile reports to key stakeholders on overall effectiveness of the IS program and the underlying business processes in order to communicate security performance.

Information Security Incident Management

• Define (types of) information security incidents
• Establish an incident response plan
• Develop processes for timely identification of information security incidents
• Develop processes to investigate and document information security incidents
• Develop incident escalation and communication processes
• Establish teams that effectively respond to information security incidents
• Test and review the incident response plan
• Establish communication plans and processes
• Determine the root cause of IS incidents
• Align incident response plan with DRP and BCP.

Certified Information Systems Security Professional (CISSP)

Security and Risk Management

• A Brief Introduction about Confidentiality, Integrity, and Availability.
• How to Apply Security Governance Principles?
• Compliance
• Legal and Regulatory issues related to Cyber Security.
• Understanding the difference between Security Policy, Standards, Procedures, and Guidelines.
• Understand the concept about Business Continuity Planning.
• Understand and Apply Risk Management Concepts
• Understand and Apply Threat Modeling
• Acquisition Strategy and Practice
• Security Awareness and Training.

Asset Security

• Classification of Assets
• Least Privilege and Need to Know bases Models.
• Privacy Protection.
• Data Retention Techniques and Security Controls associated with it.
• Secure Handling of Data.

Security Architecture and Engineering

• Security Design Principles
• Understanding Security Models
• How to Implement Controls and Countermeasures adhering to the Information Security Standards.
• Assess and Mitigate the Vulnerabilities of Security Architectures Designs, Web-based Systems, Mobile Systems, OT Systems.
• Understanding the Concepts and applying Cryptography.
• Implementation of Physical Security in various sites and data centers.

Communication and Network Security

• How to Securely design your Network Architecture?
• Securing Network Components with appropriate hardening standards.
• Secure Communication Channels
• Mitigate Network Attacks.

Identity and Access Management (IAM)

• Physical and Logical Access Control.
• Understanding about Identification, Authentication and Authorization
• Integrate Identity as a Service (IDaaS)
• Integrate Third-Party Identity Services

Security Assessment and Testing

• Design and Validate Assessment and Test Strategies.
• Conduct Security Control Testing.
• Collection of Security Process Data.
• Enhance Knowledge on how to conduct Internal and about Third-Party Audits.

Security Operations

• Day to Day Security Monitoring Methodologies.
• Perform Forensic Investigations and Root Cause Analysis.
• Preventive and Detective Controls.
• Physical and Personnel Security.
• Handling of Incident Response.
• Implement Vulnerability Management.
• Understanding the Change Management Processes.
• Disaster Recovery Strategies

Software Development Security

• Applying Security in the Software Development Life Cycle
• Enforce Security Controls and Secure Coding Techniques in the Development Environment.
• Database Security
• Through Assessment in Software Security.

Cloud Concepts, Architecture, and Design

• Understand Cloud Computing Concepts
• Describe Cloud Reference Architecture
• Understand Security Concepts Relevant to Cloud Computing
• Understand the Design Principles of Secure Cloud Computing
• Evaluate Cloud Service Providers

Cloud Data Security

• Understand Cloud Data Lifecycle
• Design and Implement Cloud Data Storage Architectures
• Design and Apply Data Security Strategies
• Understand and Implement Data Discovery and Classification Technologies
• Design and Implement Relevant Jurisdictional Data Protections for Personally Identifiable Information
• Design and Implement Data Rights Management
• Plan and Implement Data Retention, Deletion, and Archiving Policies
• Design and Implement Auditability, Traceability and Accountability of Data Events

Cloud Platform and Infrastructure Security

• Comprehend Cloud Infrastructure Components
• Analyse Risks Associated to Cloud Infrastructure
• Design and Plan Security Controls
• Plan Disaster Recovery and Business Continuity Management

Cloud Application Security

• Training and Awareness in Application Security
• Understand Cloud Software Assurance and Validation
• Use Verified Secure Software
• Software Development Lifecycle (SDLC) Process
• Secure Software Development Lifecycle
• Cloud Application Architecture
• Identity and Access Management (IAM) Solutions

Cloud Security Operations

• Support the Planning Process of the Data Centre Design
• Implement and Build Physical Infrastructure on Cloud Environment
• Run Physical Infrastructure for Cloud Environment
• Manage Physical Infrastructure for Cloud Environment
• Build Logical Infrastructure for Cloud Environment
• Run Logical Infrastructure for Cloud Environment
• Manage Logical Infrastructure for Cloud Environment
• Ensure Compliance with Regulations and Controls
• Conduct Risk Assessment for Logical and Physical Infrastructure
• Understand the Collection and Preservation of Digital Evidence
• Manage Communications with Relevant Parties

Legal, Risk, and Compliance

• Legal Requirements and Unique Risks
• Privacy Issues Including Jurisdictional Variances
• Audit Process, Methodologies, and Required Adaptions
• Implications of Cloud to Enterprise Risk Management
• Outsourcing and Cloud Contract Design
• Execute Vendor Management

To see the full course content Download now