Scribd Logo
Upload

Welcome to Scribd!

  • CSLO Course Syllabus

    Uploaded by

    Swateja Mangle
    19 views4 pages
    Cyber security information

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Cyber security information

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    19 views4 pages

    CSLO Course Syllabus

    Uploaded by

    Swateja Mangle
    Cyber security information

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 4

    DETAILED MODULE DESCRIPTION

    Module 1 - Security Management


    The Role of the CSLO The Desired State of Security
    Business Goals and Objectives Using the Balanced Scorecard
    Vision Align with Security Framework
    Overview of Governance ISO/IEC 27001 - The ISMS
    Importance of Information Security Integration
    The First Priority for the CSLO Suitable for Organizations of all Sizes
    Outcomes of Governance COBIT 4.1
    Performance and Governance COBIT 4.1 Phases
    Organization of IT Security Deming and Quality
    Developing a Security Strategy Ethics
    Elements of a Strategy Fraud
    Objectives of Security Strategy Good to Great
    The Goal of Information Security Hiring and Employment
    Defining Security Objectives Employment
    Business Linkages Culture
    Business Case Development Marketing
    Security Budget Negotiating
    Valuations Intellectual Property
    Security Program Priorities Protecting IP
    What is Security? Attacks on IP
    Security Integration OECD Privacy Principles
    Security Program PII and PHI
    Architecture Awareness Training
    Information Security Frameworks Purpose of Awareness Training
    Using a Framework Summary

    Module 2 - Risk Management


    Risk Inputs to Risk Treatment
    Risk Management Risk Definitions
    Define a Risk Assessment Approach Risk Treatment
    Risk Factors Risk Acceptance
    Enterprise Risk Management Definition of Controls
    Risk Control Types
    Risk Assessment “Soft” Controls
    Risk Analysis Technical or
    Quantitative Risk Logical Controls
    Qualitative Risk Physical Controls
    What Is the Value of an Asset? Control Usage
    What Is a Threat Source/Agent? Comparing Cost and Benefit
    What Is a Threat? Cost of a Countermeasure
    What Is a Vulnerability? Appropriate Controls
    Assess and Evaluate Risk Documentation
    Result of Risk Assessment Statement of Applicability
    Module 3 – Encryption
    Encryption Digital Envelope
    Secrecy of the Key Public Key Infrastructure (PKI)
    Cryptographic Functions Certificates
    XOR Function Uses of Encryption in Communications
    Symmetric Encryption Auditing Encryption Implementations
    Asymmetric Algorithms Steganography
    Hashing Algorithms Cryptographic Attacks
    Digital Signatures Summary

    Module 4 - Information Security Access Control Concepts


    Information Security Concepts (Agenda) Authentication
    Information Asset Classification Password Policy
    Information Classification Considerations Password Cracking
    Criticality Biometrics
    Sensitivity Authorization
    Regulations and Legislation Authorization Best Practices
    Asset Valuation Accounting/Auditability
    Valuation Process Trust Models
    Information Protection Centralized Administration
    Storing, Retrieving, Transporting and Disposing Discretionary Access Control
    of Confidential Information Mandatory Access Control
    Information Asset Protection Role Based Access Control
    Access Control Technologies – Access Control Lists
    Identification Summary

    Module 5 - Incident Handling and Evidence


    Definition Challenges in Developing an Incident
    Goals of Incident Management and Response Management Plan
    History of Incidents When an Incident Occurs
    Security Incident Handling and Response During an Incident
    Evidence Handling Containment Strategies
    Best Evidence The Battle Box
    What is an Incident - Intentional Evidence Identification and Preservation
    What is an Incident - Unintentional Post Event Reviews
    Malware Disaster Recovery Planning (DRP) and
    Attack Vectors Business Recovery Processes
    Information Warfare Development of BCP and DRP
    Incident Management and Response Plan Development
    Developing Response and Recovery Plans Recovery Strategies
    Incident Management and Response Basis for Recovery Strategy Selections
    Importance of Incident Management and Disaster Recovery Sites
    Response Recovery of Communications
    Incident Response Functions Plan Maintenance Activities
    Incident Management Technologies BCP and DRP Training
    Responsibilities of the CSLO Techniques for Testing Security
    Crisis Communications Vulnerability Assessments
    Penetration Testing

    2
    Module 6 - Operations Security
    Operations Security Facility Backups – Cold Site
    Administrator Access Other Offsite Approaches
    Operational Assurance Priorities
    Some Threats to Computer Operations OWASP Top Ten (2013)
    Specific Operations Tasks Common Gateway Interface
    Data Leakage – Object Reuse How CGI Scripts Work
    Object Reuse Cookies
    Records Management Virtualization - Type 1
    Change Control Virtualization – Type 2
    Controlling How Changes Take Place Technologies – Databases and DBMS
    Change Control Steps Facilities
    Trusted Recovery Facilities Security
    Redundant Array of Independent Disks (RAID) Environmental Security
    Phases of Plan Physical Access Issues and Exposures
    BCP Risk Analysis Physical Access Issues and Exposures
    Identify Vulnerabilities and Threats Physical Access Controls
    Interdependencies Controls for Environmental Exposures
    Identifying Functions’ Resources Controls for Environmental Exposures cont.
    Calculating MTD Controls for Environmental Exposures cont.
    Recovery Point Objective Electrical Problems
    Facility Backups – Hot Site Summary
    Facility Backups – Warm Site

    Module 7 - Network Security


    Network Topologies– Physical Layer Firewall Types – Circuit-Level Proxy Firewall
    OSI Model Firewall Types – Application-Layer Proxy
    An Older Model Firewall Types – Stateful
    Data Encapsulation Firewall Placement
    Protocols at Each Layer Firewall Architecture Types – Screened Host
    Devices Work at Different Layers Firewall Architecture Types – Multi- or Dual-
    Technology-based Security Homed
    Technologies Firewall Architecture Types – Screened Subnet
    Security Management Report Tools Intrusion Detection and Prevention Systems
    Security in Technical Components cont. IDS – Second line of defense
    Defense in Depth IPS – Last line of defense?
    Repeater IDS/IPS Components
    Switch IDS/IPS Features
    Virtual LAN IDS/IPS
    Router Intrusion Detection Policies and Processes
    Gateway HIPS
    Bastion Host Unified Threat Management (UTM)
    Network Security Architecture UTM Product Criteria
    Firewalls TCP/IP Suite
    Whitelisting vs. Blacklisting Port and Protocol Relationship
    Firewall Issues UDP versus TCP
    Firewalls Protocols – ARP
    Firewall – First line of defense Protocols – ICMP
    Firewall Types – Packet Filtering Protocols – FTP, TFTP, Telnet
    Firewall Types – Proxy Firewalls Protocols – SNMP

    3
    Network Service – DNS
    nslookup
    IP Addressing
    Network Service – NAT
    Recommended NAT Addresses
    Technologies - SPAM
    Filtering and Content Management
    Emerging Technologies
    Security of Portable Media
    Mobile Device Security
    LAN Security Issues
    Network Infrastructure Security
    Client-server Security
    Internet Threats and Security
    Causes of Internet Attacks
    Honeypots and Honeynets
    LaBrea Tarpit
    Voice-Over IP (VoIP)
    Auditing Network Infrastructure Security
    IPSec - Network Layer Protection
    IPSec
    IPSec
    SSL/TLS
    Wireless Technologies– Access Point
    Standards Comparison
    Wi-Fi Network Types
    Wireless Technologies – Access Point
    802.11i – WPA2
    Wireless Security Threats
    Kismet
    Bluetooth
    Summary

    You might also like