Ethical Hacking and Counter Measures is the world’s most advanced ethical hacking course covering 20 of the most important security domains any individual will need when they are planning to beef-up the information security posture of their organization. The course provides hacking techniques and tools used by hackers and information security professionals.
Who Is It For?
This training course will significantly benefit Ethical hackers, System Administrators, Network Administrators and Engineers, Web managers, Auditors, Security Professionals in general and anyone who is concerned about the integrity of the network infrastructure.
Modules Covered in Ethical Hacking and Countermeasures Training
1. Information Security and Hacking Concepts
2. Hacking and Penetration Testing Methodologies
3. Information Discovery
4. Vulnerability and Information Security Assessment
5. Network Security Testing
6. Open Source Intelligence (OSINT)
7. Attack Operating Systems Vulnerabilities
8. Privilege Escalations
9. Pivoting the Connection
10. Broken Access Control
11. Broken Authentication
12. SQL Injections
13. Security Assessment and Penetration Testing of Web Applications
14. Insufficient Logging & Monitoring
15. Cross-site Scripting (XSS)
16. Wireless threats and Security Testing
17. Wireless Enterprise Security
18. Lab Exercise on Vulnerability Assessment and Penetration Testing in Given Scenario
19. Reporting on Vulnerability Assessment and Penetration Testing
The CISA certification demonstrates proficiency in information systems audit and is highly sought after by both professionals and employers alike. Gaining this internationally-recognized qualification will increase recognition in the marketplace and build your influence in the workplace. This Certified Information Systems Auditor (CISA) training course will prepare you to undertake ISACA’s challenging CISA exam and is designed to equip you with the knowledge required to achieve a first-time pass.
Who should attend this CISA training course?
Internal and external auditors.
IT professionals / IT managers (including CIO/CTO)
Systems, Network and Database Administrator, Software Developer, Implementer and Reviewer
Information security professionals.
IT security professionals, risk management professionals, etc.
Day: 1 and 2
Domain 1: The Process of Auditing Information Systems
IT Audit and Assurance Standards, Guidelines and Tools and Techniques, Code of Professional Ethics and other applicable standards.
Risk assessment concepts, tools and techniques in an audit context.
Control objectives and controls related to information systems.
Audit planning and audit project management techniques, including follow-up.
Fundamental business processes, including relevant IT.
Applicable laws and regulations which affect the scope, evidence collection and preservation, and frequency of audits.
Evidence collection techniques used to gather, protect and preserve audit evidence.
Reporting and communication techniques.
Audit quality assurance systems and frameworks.
Day: 3 and 4
Domain 2: Governance and Management of IT
IT governance, management, security and control frameworks, and related standards, guidelines, and practices.
The purpose of IT strategy, policies, standards and procedures for an organisation and the essential elements of each.
Organisational structure, roles and responsibilities related to IT.
Processes for the development, implementation and maintenance of IT strategy, policies, standards and procedures.
Organisation’s technology direction and IT architecture and their implications for setting long-term strategic directions.
Relevant laws, regulations and industry standards affecting the organisation.
Quality management systems.
Process optimization techniques.
IT resource investment and allocation practices, including prioritization criteria.
IT supplier selection, contract management, relationship management and performance monitoring processes including third party outsourcing relationships.
Enterprise risk management.
Monitoring and reporting of IT performance.
IT human resources (personnel) management practices used to invoke the business continuity plan.
Business impact analysis (BIA) related to business continuity planning.
The standards and procedures for the development and maintenance of the business continuity plan and testing methods.
Domain 3: Information Systems Acquisition, Development, and Implementation
Benefits realization practices.
Project governance mechanisms.
Project management control frameworks, practices and tools.
Risk management practices applied to projects.
IT architecture related to data, applications and technology.
Analysis and management practices.
Analysis and management practices.
Project success criteria and risks.
Control objectives and techniques that ensure the completeness, accuracy, validity and authorisation of transactions and data.
System development methodologies and tools including their strengths and weaknesses.
Testing methodologies and practices related to information systems development.
Configuration and release management relating to the development of information systems.
System migration and infrastructure deployment practices and data conversion tools, techniques and procedures.
Post-implementation review objectives and practices.
Domain 4: Information Systems Operations, Maintenance and Support
Service level management practices and the components within a service level agreement.
Techniques for monitoring third party compliance with the organisation’s internal controls.
Operations and end-user procedures for managing scheduled and non-scheduled processes.
Technology concepts related to hardware and network components, system software and database management systems.
Control techniques that ensure the integrity of system interfaces.
Software licensing and inventory practices.
System resiliency tools and techniques.
Database administration practices.
Capacity planning and related monitoring tools and techniques.
Systems performance monitoring processes, tools and techniques.
Problem and incident management practices.
Processes, for managing scheduled and non-scheduled changes to the production systems and/or infrastructure including change, configuration, release and patch management practices.
Data backup, storage, maintenance, retention and restoration practices.
Regulatory, legal, contractual and insurance issues related to disaster recovery.
Business impact analysis (BIA) related to disaster recovery planning.
Development and maintenance of disaster recovery plans.
Alternate processing sites and methods used to monitor the contractual agreements.
Processes used to invoke the disaster recovery plans.
Disaster recovery testing methods.
Domain 5: Protection of Information Assets
Techniques for the design, implementation, and monitoring of security controls, including security awareness programs.
Processes related to monitoring and responding to security incidents.
Logical access controls for the identification, authentication and restriction of users to authorised functions and data.
Security controls related to hardware, system software, and database management systems.
Risks and controls associated with virtualization of systems.
Configuration, implementation, operation and maintenance of network security controls.
Network and Internet security devices, protocols, and techniques.
Information system attack methods and techniques.
Detection tools and control techniques.
Security testing techniques.
Risks and controls associated with data leakage.
Public key infrastructure (PKI) components and digital signature techniques.
Risks and controls associated with peer-to-peer computing, instant messaging, and web-based technologies.
Controls and risks associated with the use of mobile & wireless devices.
Voice communications security.
Evidence preservation techniques and processes followed in forensics investigations.
Data classification standards and supporting procedures.
Physical access controls for the identification, authentication and restriction of users to authorized facilities.
Environmental protection devices and supporting practices.
CISSP® certification is a globally recognized standard of achievement that confirms an individual’s knowledge in the field of information security. CISSPs are information assurance professionals who define the architecture, design, management and/or controls that assure the security of business environments. It was the first certification in the field of information security to meet the stringent requirements of ISO/IEC Standard 17024.
Our prep course provides the most comprehensive survey of the CISSP information, test taking techniques, and preparation materials available in the industry.
Who Needs to Attend
IT Auditor, IT consultants, managers, security policy writers, privacy officers, information security officers, network administrators.
Systems administration experience, familiarization with TCP/IP, and an understanding of UNIX, Linux, and Windows.
Domain 1 — Security & Risk Management
Scurity & Risk Management
Confidentiality, Integrity, and Availability
The Complete and Effective Security Program
Global Legal and Regulatory Issues
Understand Professional Ethics
Develop and Implement Security Policy
Business Continuity (BC) & Disaster Recovery (DR) Requirements
Manage Personnel Security
Risk Management Concepts
Acquisitions Strategy and Practice
Security Education, Training, and Awareness
Domain 2 — Asset Security
Data Management: Determine and Maintain Ownership
Longevity and Use
Classify Information and Supporting Assets
Ensure Appropriate Retention
Determine Data Security Controls
Domain 3 — Security Engineering
The Engineering Lifecycle Using Security Design Principles
Fundamental Concepts of Security Models
Information Systems Security Evaluation Models
Security Capabilities of Information Systems
Vulnerabilities of Security Architectures
Software and System Vulnerabilities and Threats
Vulnerabilities in Mobile Systems
Vulnerabilities in Embedded Devices and Cyber-Physical Systems
The Application and Use of Cryptography
Site and Facility Design Considerations
Implementation and Operation of Facilities Security
Domain 4 — Communications & Network Security
Communications & Network Security
Secure Network Architecture and Design
Implications of Multi-Layer Protocols
Securing Network Components
Secure Communication Channels
Domain 5 — Identity & Access Management
Identity & Access Management
Physical and Logical Access to Assets
Identification and Authentication of People and Devices
Identity Management Implementation
Identity as a Service (IDaaS)
Integrate Third-Party Identity Services
Implement and Manage Authorization Mechanisms
Prevent or Mitigate Access Control Attacks
Identity and Access Provisioning Lifecycle
Domain 6 — Security Assessment & Testing
Security Assessment & Testing
Assessment and Test Strategies
Collect Security Process Data
Internal and Third-Party Audits
Domain 7 — Security Operations
Provisioning of Resources through Configuration Management
Preventative Measures against Attacks
Patch and Vulnerability Management
Change and Configuration Management
The Disaster Recovery Process
Test Plan Review
Business Continuity and Other Risk Areas
Domain 8 — Security in the Software Development Life Cycle