More courses will be added soon. Please visit our website regularly to stay tuned. Course fees will be available soon.
About the Program
Ethical Hacking and Counter Measures is the world’s most advanced ethical hacking course covering 20 of the most important security domains any individual will need when they are planning to beef-up the information security posture of their organization. The course provides hacking techniques and tools used by hackers and information security professionals.
Who Is It For?
This training course will significantly benefit Ethical hackers, System Administrators, Network Administrators and Engineers, Web managers, Auditors, Security Professionals in general and anyone who is concerned about the integrity of the network infrastructure.
Modules Covered in Ethical Hacking and Countermeasures Training
1. Information Security and Hacking Concepts
2. Hacking and Penetration Testing Methodologies
3. Information Discovery
4. Vulnerability and Information Security Assessment
5. Network Security Testing
6. Open Source Intelligence (OSINT)
7. Attack Operating Systems Vulnerabilities
8. Privilege Escalations
9. Pivoting the Connection
10. Broken Access Control
11. Broken Authentication
12. SQL Injections
13. Security Assessment and Penetration Testing of Web Applications
14. Insufficient Logging & Monitoring
15. Cross-site Scripting (XSS)
16. Wireless threats and Security Testing
17. Wireless Enterprise Security
18. Lab Exercise on Vulnerability Assessment and Penetration Testing in Given Scenario
19. Reporting on Vulnerability Assessment and Penetration Testing
Objectives of the Training:
The CISA certification demonstrates proficiency in information systems audit and is highly sought after by both professionals and employers alike. Gaining this internationally-recognized qualification will increase recognition in the marketplace and build your influence in the workplace. This Certified Information Systems Auditor (CISA) training course will prepare you to undertake ISACA’s challenging CISA exam and is designed to equip you with the knowledge required to achieve a first-time pass.
Who should attend this CISA training course?
- Internal and external auditors.
- Finance/CPA professionals.
- IT professionals / IT managers (including CIO/CTO)
- Systems, Network and Database Administrator, Software Developer, Implementer and Reviewer
- Information security professionals.
- IT security professionals, risk management professionals, etc.
Day: 1 and 2
Domain 1: The Process of Auditing Information Systems
- IT Audit and Assurance Standards, Guidelines and Tools and Techniques, Code of Professional Ethics and other applicable standards.
- Risk assessment concepts, tools and techniques in an audit context.
- Control objectives and controls related to information systems.
- Audit planning and audit project management techniques, including follow-up.
- Fundamental business processes, including relevant IT.
- Applicable laws and regulations which affect the scope, evidence collection and preservation, and frequency of audits.
- Evidence collection techniques used to gather, protect and preserve audit evidence.
- Sampling methodologies.
- Reporting and communication techniques.
- Audit quality assurance systems and frameworks.
Day: 3 and 4
Domain 2: Governance and Management of IT
- IT governance, management, security and control frameworks, and related standards, guidelines, and practices.
- The purpose of IT strategy, policies, standards and procedures for an organisation and the essential elements of each.
- Organisational structure, roles and responsibilities related to IT.
- Processes for the development, implementation and maintenance of IT strategy, policies, standards and procedures.
- Organisation’s technology direction and IT architecture and their implications for setting long-term strategic directions.
- Relevant laws, regulations and industry standards affecting the organisation.
- Quality management systems.
- Maturity models.
- Process optimization techniques.
- IT resource investment and allocation practices, including prioritization criteria.
- IT supplier selection, contract management, relationship management and performance monitoring processes including third party outsourcing relationships.
- Enterprise risk management.
- Monitoring and reporting of IT performance.
- IT human resources (personnel) management practices used to invoke the business continuity plan.
- Business impact analysis (BIA) related to business continuity planning.
- The standards and procedures for the development and maintenance of the business continuity plan and testing methods.
Domain 3: Information Systems Acquisition, Development, and Implementation
- Benefits realization practices.
- Project governance mechanisms.
- Project management control frameworks, practices and tools.
- Risk management practices applied to projects.
- IT architecture related to data, applications and technology.
- Acquisition practices.
- Analysis and management practices.
- Analysis and management practices.
- Project success criteria and risks.
- Control objectives and techniques that ensure the completeness, accuracy, validity and authorisation of transactions and data.
- System development methodologies and tools including their strengths and weaknesses.
- Testing methodologies and practices related to information systems development.
- Configuration and release management relating to the development of information systems.
- System migration and infrastructure deployment practices and data conversion tools, techniques and procedures.
- Post-implementation review objectives and practices.
Domain 4: Information Systems Operations, Maintenance and Support
- Service level management practices and the components within a service level agreement.
- Techniques for monitoring third party compliance with the organisation’s internal controls.
- Operations and end-user procedures for managing scheduled and non-scheduled processes.
- Technology concepts related to hardware and network components, system software and database management systems.
- Control techniques that ensure the integrity of system interfaces.
- Software licensing and inventory practices.
- System resiliency tools and techniques.
- Database administration practices.
- Capacity planning and related monitoring tools and techniques.
- Systems performance monitoring processes, tools and techniques.
- Problem and incident management practices.
- Processes, for managing scheduled and non-scheduled changes to the production systems and/or infrastructure including change, configuration, release and patch management practices.
- Data backup, storage, maintenance, retention and restoration practices.
- Regulatory, legal, contractual and insurance issues related to disaster recovery.
- Business impact analysis (BIA) related to disaster recovery planning.
- Development and maintenance of disaster recovery plans.
- Alternate processing sites and methods used to monitor the contractual agreements.
- Processes used to invoke the disaster recovery plans.
- Disaster recovery testing methods.
Domain 5: Protection of Information Assets
- Techniques for the design, implementation, and monitoring of security controls, including security awareness programs.
- Processes related to monitoring and responding to security incidents.
- Logical access controls for the identification, authentication and restriction of users to authorised functions and data.
- Security controls related to hardware, system software, and database management systems.
- Risks and controls associated with virtualization of systems.
- Configuration, implementation, operation and maintenance of network security controls.
- Network and Internet security devices, protocols, and techniques.
- Information system attack methods and techniques.
- Detection tools and control techniques.
- Security testing techniques.
- Risks and controls associated with data leakage.
- Encryption-related techniques.
- Public key infrastructure (PKI) components and digital signature techniques.
- Risks and controls associated with peer-to-peer computing, instant messaging, and web-based technologies.
- Controls and risks associated with the use of mobile & wireless devices.
- Voice communications security.
- Evidence preservation techniques and processes followed in forensics investigations.
- Data classification standards and supporting procedures.
- Physical access controls for the identification, authentication and restriction of users to authorized facilities.
- Environmental protection devices and supporting practices.
Introduction about the Course:
CISSP® certification is a globally recognized standard of achievement that confirms an individual’s knowledge in the field of information security. CISSPs are information assurance professionals who define the architecture, design, management and/or controls that assure the security of business environments. It was the first certification in the field of information security to meet the stringent requirements of ISO/IEC Standard 17024.
Our prep course provides the most comprehensive survey of the CISSP information, test taking techniques, and preparation materials available in the industry.
Who Needs to Attend
IT Auditor, IT consultants, managers, security policy writers, privacy officers, information security officers, network administrators.
Systems administration experience, familiarization with TCP/IP, and an understanding of UNIX, Linux, and Windows.
Domain 1 — Security & Risk Management
- Scurity & Risk Management
- Confidentiality, Integrity, and Availability
- Security Governance
- The Complete and Effective Security Program
- Global Legal and Regulatory Issues
- Understand Professional Ethics
- Develop and Implement Security Policy
- Business Continuity (BC) & Disaster Recovery (DR) Requirements
- Manage Personnel Security
- Risk Management Concepts
- Threat Modeling
- Acquisitions Strategy and Practice
- Security Education, Training, and Awareness
Domain 2 — Asset Security
- Asset Security
- Data Management: Determine and Maintain Ownership
- Data Standards
- Longevity and Use
- Classify Information and Supporting Assets
- Asset Management
- Protect Privacy
- Ensure Appropriate Retention
- Determine Data Security Controls
- Standards Selection
Domain 3 — Security Engineering
- Security Engineering
- The Engineering Lifecycle Using Security Design Principles
- Fundamental Concepts of Security Models
- Information Systems Security Evaluation Models
- Security Capabilities of Information Systems
- Vulnerabilities of Security Architectures
- Database Security
- Software and System Vulnerabilities and Threats
- Vulnerabilities in Mobile Systems
- Vulnerabilities in Embedded Devices and Cyber-Physical Systems
- The Application and Use of Cryptography
- Site and Facility Design Considerations
- Site Planning
- Implementation and Operation of Facilities Security
Domain 4 — Communications & Network Security
- Communications & Network Security
- Secure Network Architecture and Design
- Implications of Multi-Layer Protocols
- Converged Protocols
- Securing Network Components
- Secure Communication Channels
- Network Attacks
Domain 5 — Identity & Access Management
- Identity & Access Management
- Physical and Logical Access to Assets
- Identification and Authentication of People and Devices
- Identity Management Implementation
- Identity as a Service (IDaaS)
- Integrate Third-Party Identity Services
- Implement and Manage Authorization Mechanisms
- Prevent or Mitigate Access Control Attacks
- Identity and Access Provisioning Lifecycle
Domain 6 — Security Assessment & Testing
- Security Assessment & Testing
- Assessment and Test Strategies
- Collect Security Process Data
- Internal and Third-Party Audits
Domain 7 — Security Operations
- Security Operations
- Provisioning of Resources through Configuration Management
- Resource Protection
- Incident Response
- Preventative Measures against Attacks
- Patch and Vulnerability Management
- Change and Configuration Management
- The Disaster Recovery Process
- Test Plan Review
- Business Continuity and Other Risk Areas
- Access Control
- Personnel Safety
Domain 8 — Security in the Software Development Life Cycle
- Security in the Software Development Life Cycle
- Software Development Security Outline
- Environment and Security Controls
- Security of the Software Environment
- Software Protection Mechanisms
- Assess the Effectiveness of Software Security
- Assess Software Acquisition Security
Lab Based Training on Cyber security Operation Center Analysis and Threat Hunting (Course Duration: 40 Hours)
Module – 1: Defending Against Cyber security Threats
Module – 2: Reconnaissance and Intelligence Gathering
Module – 3: Designing a Vulnerability Management Program
Module – 4: Analyzing Vulnerability Scans
Module – 5: Recommending and Implementing the Appropriate Response and Countermeasure
Module – 6: Practices Used to Secure a Corporate Environment
Module – 7: Incident Recovery and Post-Incident Response
Module – 8: Building an Incident Response Program
Module – 9: Analyzing Symptoms for Incident Response
Module – 10: Performing Forensic Analysis
Module – 11: Recovery and Post-Incident Response
Module – 12: Frameworks, Policies, Controls, and Procedures
Module – 13: Defense-in-Depth Security Architectures
Module – 14: Identity and Access Management Security
Module – 15: Software Development Security
Module – 16: Cyber security Toolkit
Module – 1: Fundamentals of Cybersecurity
Module – 2: Securing Operating Systems
Module – 3: Protecting System Using Antivirus
Module – 4: Data Encryption
Module – 5: Data Backup and Disaster Recovery
Module – 6: Internet Security
Module – 7: Securing Network Connections
Module – 8: Securing Online Transactions
Module – 9: Securing Email Communications
Module – 10: Social Engineering and Identity Theft
Module – 11: Security on Social Networking Sites
Module – 12: Information Security and Legal Compliance
Module – 13: Securing Mobile Devices