Insight International

ITSolutions.Consultancy,Training

Home Cyber Security

Cyber Security

Day 1

Sr. No. Topic
1. Welcome and Introductions
2. Course Aims, Objectives and Structure
3. ISACA Introduction to CISA Modules
4. Concepts of Auditing Information Systems, Governance and IT, Information acquisition and Development System, Operation Management and Support , Asset Protection
5. Key Tenets : CIA TRIAD, Types of Audits, Internal , External, Audit Standards, Ethical Audit Process
6. Reference Architecture of Enterprise Level Security Architecture On Premise and Cloud and foundational concepts
7. Security Domains, Roles, User groups, Tokens, Service Catalogues, LDAP, Role-Based Access Control (RBAC), Policy and Back ends, Services, Federated Identity
8. IT Governance
IT Steering Committee, Balanced Scorecards, Project Management, COBIT Principles, Executive Performance Review, organization and Management Control methods,
Risk Management, System Life Cycle Management, Business Continuity ,
Business Process Re-Engineering ( BPR) Methodology , Principles, Goals and Techniques, IS as subset of BPR, BPR Tools and Data Management , BIA
9. Audit Process Objective , Roles, Responsibilities
10. Audit Charter, Program Implementation, Audit Quality Control
11. Audit Process and Risk Management
12. Evidence Collection, Evidence Life Cycle, Audit Tools
13. Report Findings, Closing Meetings
14. Case Study of a Successful Audit Program
15. Network Architecture Basics
16. Networking layered Models
17. Logical and Physical Network Design and Topologies
18. Network protocols : DHCP, DNS, LDAP,VPN, WLAN Security 802.11i, Intrusion System and Intrusion Protection System
19. Software as a Service ( SaaS), Cloud Computing and Exposure to AWS
20. Network Management , Protocol Analyser, SNMP, Syslog , EMS
21. Lab Work 1 : Practical Demonstration and Lab work based on Wireshark, SSH Remote
22. Summary

Day 2

Sr. No. Topic
1. Day 1 Review and Jeopardy Quiz
2. Information System Development Life Cycle , CMM , Agile Vs Waterfall
3. Data Architecture , Data Integrity , Decision Support AI and Data Analytics , Dev-Ops , Data Flow and Process Mapping
4. Data Protection Impact Assessment/Privacy Impact Assessment
5. Incident Handling and Response loop
6. Digital Forensics
7. Monitoring of Status of Controls, System Monitoring
8. Logical Access Controls and Physical Access Control
9. Media and Storage Handling
10. Data File Controls and Integrity Management
11. Application Processing Controls and Secure Coding Standards OWASP,OASIS Standards
12. Log Management and Dashboard Management
13. Lab Work 2 : Virtual Deployment and Monitoring of SIEM Tool Security Onion and Elastic Search, Log Stash and Kibana

Day 3

Sr. No. Topic
1. Day 2 Review Quiz Check
2. Asset Protection
3. Understanding the Threat Landscape and Anatomy of a Attack on Infrastructure , Cyber Kill Chain; Attack Vectors and Counter-Measures
4. Implementing Administrative and Technical Protective Controls; Taxonomy of Control Families
5. Application Software Controls, Authentication and Authorizations, Network Access Protection and Encryption Methods , PKI
6. Technical Security Testing : Black Hat, Grey Hat and White Hat Perspective
7. Anatomy of Attack on Mobile Phone and Attack Vectors
8. Data Lifecycle Principles of Privacy and Services
9. Expanding the CIA Triad to include Privacy ; Data Leak Protection and Escape Channels
10. Case Study of Sony Data Leak
11. Proactive vs Reactive Breach Protection Techniques
12. Monitoring, Measurement, Analysis and Evaluation and Immutability of Audit Logs
13. Lab Work 3 : OpenDLP Demonstration
14. Close for the Day

Day 4

Sr. No. Topic
1. Day 3 Review Quiz Check
2. Phases of Business Continuity Plan Phases : Setting Up the BC Program , The Discovery Process , Plan Implementation , Maintenance and Integration
3. Understanding the Auditors Interests in BC/DR plans
4. Two Tier and 3 –Tier Architecture Reference Architecture for on-Premise
5. Transition from On-Premise to Cloud Based Deployment
6. Server Less Design , Containerization and Micro-Service Architecture and Challenges
7. Auditing Controls and Accountability Frameworks for Modern Cloud Native
8. Automation Tools in Dev-Ops : Chef, Puppet
9. Lab 4 : Amazon Web Services Based Demonstration Creation of VPC , ELB and Monitoring Infrastructure through Console and CLI Scripts
10. Summary of Key Takeaways

Day 5

Sr. No. Topic
1. Day 4 Review Quiz Check
2. Integrating BYOD, Sensors , IoT , Gateways and Automation fast Changing Technology
3. Distributed Computing and Block chain Disruption
4. Challenges for Auditors for IS and Privacy Protection
5. Suggested Modern Day Auditor’s Toolkit
6. 2 Hours Course Test and Evaluation
7. Feedback for Trainers and Course Closure