Training

A range of Network and Cybersecurity trainings

Contact us

All courses

More courses will be added soon. Please visit our website regularly to stay tuned. Course fees will be available soon.

About the Program

Ethical Hacking and Counter Measures is the world’s most advanced ethical hacking course covering 20 of the most important security domains any individual will need when they are planning to beef-up the information security posture of their organization. The course provides hacking techniques and tools used by hackers and information security professionals.

Who Is It For?

This training course will significantly benefit Ethical hackers, System Administrators, Network Administrators and Engineers, Web managers, Auditors, Security Professionals in general and anyone who is concerned about the integrity of the network infrastructure.

Modules Covered in Ethical Hacking and Countermeasures Training

1. Information Security and Hacking Concepts

2. Hacking and Penetration Testing Methodologies

3. Information Discovery

4. Vulnerability and Information Security Assessment

5. Network Security Testing

6. Open Source Intelligence (OSINT)

7. Attack Operating Systems Vulnerabilities

8. Privilege Escalations

9. Pivoting the Connection

10. Broken Access Control

11. Broken Authentication

12. SQL Injections

13. Security Assessment and Penetration Testing of Web Applications

14. Insufficient Logging & Monitoring

15. Cross-site Scripting (XSS)

16. Wireless threats and Security Testing

17. Wireless Enterprise Security

18. Lab Exercise on Vulnerability Assessment and Penetration Testing in Given Scenario

19. Reporting on Vulnerability Assessment and Penetration Testing

Objectives of the Training:

The CISA certification demonstrates proficiency in information systems audit and is highly sought after by both professionals and employers alike. Gaining this internationally-recognized qualification will increase recognition in the marketplace and build your influence in the workplace. This Certified Information Systems Auditor (CISA) training course will prepare you to undertake ISACA’s challenging CISA exam and is designed to equip you with the knowledge required to achieve a first-time pass.

Who should attend this CISA training course?

  • Internal and external auditors.
  • Finance/CPA professionals.
  • IT professionals / IT managers (including CIO/CTO)
  • Systems, Network and Database Administrator, Software Developer, Implementer and Reviewer
  • Information security professionals.
  • IT security professionals, risk management professionals, etc.

Day: 1 and 2

Domain 1: The Process of Auditing Information Systems

  • IT Audit and Assurance Standards, Guidelines and Tools and Techniques, Code of Professional Ethics and other applicable standards.
  • Risk assessment concepts, tools and techniques in an audit context.
  • Control objectives and controls related to information systems.
  • Audit planning and audit project management techniques, including follow-up.
  • Fundamental business processes, including relevant IT.
  • Applicable laws and regulations which affect the scope, evidence collection and preservation, and frequency of audits.
  • Evidence collection techniques used to gather, protect and preserve audit evidence.
  • Sampling methodologies.
  • Reporting and communication techniques.
  • Audit quality assurance systems and frameworks.

Day: 3 and 4

Domain 2: Governance and Management of IT

  • IT governance, management, security and control frameworks, and related standards, guidelines, and practices.
  • The purpose of IT strategy, policies, standards and procedures for an organisation and the essential elements of each.
  • Organisational structure, roles and responsibilities related to IT.
  • Processes for the development, implementation and maintenance of IT strategy, policies, standards and procedures.
  • Organisation’s technology direction and IT architecture and their implications for setting long-term strategic directions.
  • Relevant laws, regulations and industry standards affecting the organisation.
  • Quality management systems.
  • Maturity models.
  • Process optimization techniques.
  • IT resource investment and allocation practices, including prioritization criteria.
  • IT supplier selection, contract management, relationship management and performance monitoring processes including third party outsourcing relationships.
  • Enterprise risk management.
  • Monitoring and reporting of IT performance.
  • IT human resources (personnel) management practices used to invoke the business continuity plan.
  • Business impact analysis (BIA) related to business continuity planning.
  • The standards and procedures for the development and maintenance of the business continuity plan and testing methods.

Domain 3: Information Systems Acquisition, Development, and Implementation

  • Benefits realization practices.
  • Project governance mechanisms.
  • Project management control frameworks, practices and tools.
  • Risk management practices applied to projects.
  • IT architecture related to data, applications and technology.
  • Acquisition practices.
  • Analysis and management practices.
  • Analysis and management practices.
  • Project success criteria and risks.
  • Control objectives and techniques that ensure the completeness, accuracy, validity and authorisation of transactions and data.
  • System development methodologies and tools including their strengths and weaknesses.
  • Testing methodologies and practices related to information systems development.
  • Configuration and release management relating to the development of information systems.
  • System migration and infrastructure deployment practices and data conversion tools, techniques and procedures.
  • Post-implementation review objectives and practices.

Domain 4: Information Systems Operations, Maintenance and Support

  • Service level management practices and the components within a service level agreement.
  • Techniques for monitoring third party compliance with the organisation’s internal controls.
  • Operations and end-user procedures for managing scheduled and non-scheduled processes.
  • Technology concepts related to hardware and network components, system software and database management systems.
  • Control techniques that ensure the integrity of system interfaces.
  • Software licensing and inventory practices.
  • System resiliency tools and techniques.
  • Database administration practices.
  • Capacity planning and related monitoring tools and techniques.
  • Systems performance monitoring processes, tools and techniques.
  • Problem and incident management practices.
  • Processes, for managing scheduled and non-scheduled changes to the production systems and/or infrastructure including change, configuration, release and patch management practices.
  • Data backup, storage, maintenance, retention and restoration practices.
  • Regulatory, legal, contractual and insurance issues related to disaster recovery.
  • Business impact analysis (BIA) related to disaster recovery planning.
  • Development and maintenance of disaster recovery plans.
  • Alternate processing sites and methods used to monitor the contractual agreements.
  • Processes used to invoke the disaster recovery plans.
  • Disaster recovery testing methods.

Domain 5: Protection of Information Assets

  • Techniques for the design, implementation, and monitoring of security controls, including security awareness programs.
  • Processes related to monitoring and responding to security incidents.
  • Logical access controls for the identification, authentication and restriction of users to authorised functions and data.
  • Security controls related to hardware, system software, and database management systems.
  • Risks and controls associated with virtualization of systems.
  • Configuration, implementation, operation and maintenance of network security controls.
  • Network and Internet security devices, protocols, and techniques.
  • Information system attack methods and techniques.
  • Detection tools and control techniques.
  • Security testing techniques.
  • Risks and controls associated with data leakage.
  • Encryption-related techniques.
  • Public key infrastructure (PKI) components and digital signature techniques.
  • Risks and controls associated with peer-to-peer computing, instant messaging, and web-based technologies.
  • Controls and risks associated with the use of mobile & wireless devices.
  • Voice communications security.
  • Evidence preservation techniques and processes followed in forensics investigations.
  • Data classification standards and supporting procedures.
  • Physical access controls for the identification, authentication and restriction of users to authorized facilities.
  • Environmental protection devices and supporting practices.

Introduction about the Course:

CISSP® certification is a globally recognized standard of achievement that confirms an individual’s knowledge in the field of information security. CISSPs are information assurance professionals who define the architecture, design, management and/or controls that assure the security of business environments. It was the first certification in the field of information security to meet the stringent requirements of ISO/IEC Standard 17024.

Our prep course provides the most comprehensive survey of the CISSP information, test taking techniques, and preparation materials available in the industry.

Who Needs to Attend

IT Auditor, IT consultants, managers, security policy writers, privacy officers, information security officers, network administrators.

Prerequisites

Systems administration experience, familiarization with TCP/IP, and an understanding of UNIX, Linux, and Windows.

Course Contents

Domain 1 — Security & Risk Management

  • Scurity & Risk Management
  • Confidentiality, Integrity, and Availability
  • Security Governance
  • The Complete and Effective Security Program
  • Compliance
  • Global Legal and Regulatory Issues
  • Understand Professional Ethics
  • Develop and Implement Security Policy
  • Business Continuity (BC) & Disaster Recovery (DR) Requirements
  • Manage Personnel Security
  • Risk Management Concepts
  • Threat Modeling
  • Acquisitions Strategy and Practice
  • Security Education, Training, and Awareness

Domain 2 — Asset Security

  • Asset Security
  • Data Management: Determine and Maintain Ownership
  • Data Standards
  • Longevity and Use
  • Classify Information and Supporting Assets
  • Asset Management
  • Protect Privacy
  • Ensure Appropriate Retention
  • Determine Data Security Controls
  • Standards Selection

Domain 3 — Security Engineering

  • Security Engineering
  • The Engineering Lifecycle Using Security Design Principles
  • Fundamental Concepts of Security Models
  • Information Systems Security Evaluation Models
  • Security Capabilities of Information Systems
  • Vulnerabilities of Security Architectures
  • Database Security
  • Software and System Vulnerabilities and Threats
  • Vulnerabilities in Mobile Systems
  • Vulnerabilities in Embedded Devices and Cyber-Physical Systems
  • The Application and Use of Cryptography
  • Site and Facility Design Considerations
  • Site Planning
  • Implementation and Operation of Facilities Security

Domain 4 — Communications & Network Security

  • Communications & Network Security
  • Secure Network Architecture and Design
  • Implications of Multi-Layer Protocols
  • Converged Protocols
  • Securing Network Components
  • Secure Communication Channels
  • Network Attacks

Domain 5 — Identity & Access Management

  • Identity & Access Management
  • Physical and Logical Access to Assets
  • Identification and Authentication of People and Devices
  • Identity Management Implementation
  • Identity as a Service (IDaaS)
  • Integrate Third-Party Identity Services
  • Implement and Manage Authorization Mechanisms
  • Prevent or Mitigate Access Control Attacks
  • Identity and Access Provisioning Lifecycle

Domain 6 — Security Assessment & Testing

  • Security Assessment & Testing
  • Assessment and Test Strategies
  • Collect Security Process Data
  • Internal and Third-Party Audits

Domain 7 — Security Operations

  • Security Operations
  • Investigations
  • Provisioning of Resources through Configuration Management
  • Resource Protection
  • Incident Response
  • Preventative Measures against Attacks
  • Patch and Vulnerability Management
  • Change and Configuration Management
  • The Disaster Recovery Process
  • Test Plan Review
  • Business Continuity and Other Risk Areas
  • Access Control
  • Personnel Safety

Domain 8 — Security in the Software Development Life Cycle

  • Security in the Software Development Life Cycle
  • Software Development Security Outline
  • Environment and Security Controls
  • Security of the Software Environment
  • Software Protection Mechanisms
  • Assess the Effectiveness of Software Security
  • Assess Software Acquisition Security

Module – 1: Defending Against Cyber security Threats

Module – 2: Reconnaissance and Intelligence Gathering

Module – 3: Designing a Vulnerability Management Program

Module – 4: Analyzing Vulnerability Scans

Module – 5: Recommending and Implementing the Appropriate Response and Countermeasure

Module – 6: Practices Used to Secure a Corporate Environment

Module – 7: Incident Recovery and Post-Incident Response

Module – 8: Building an Incident Response Program

Module – 9: Analyzing Symptoms for Incident Response

Module – 10: Performing Forensic Analysis

Module – 11: Recovery and Post-Incident Response

Module – 12: Frameworks, Policies, Controls, and Procedures

Module – 13: Defense-in-Depth Security Architectures

Module – 14: Identity and Access Management Security

Module – 15: Software Development Security

Module – 16: Cyber security Toolkit

Module – 1: Fundamentals of Cybersecurity

Module – 2: Securing Operating Systems 

Module – 3: Protecting System Using Antivirus 

Module – 4: Data Encryption

Module – 5: Data Backup and Disaster Recovery 

Module – 6: Internet Security

Module – 7: Securing Network Connections 

Module – 8: Securing Online Transactions 

Module – 9: Securing Email Communications 

Module – 10: Social Engineering and Identity Theft 

Module – 11: Security on Social Networking Sites

Module – 12: Information Security and Legal Compliance

Module – 13: Securing Mobile Devices 

Contact us for courses

We are here to help

Book a Free Consultation