SP security knowledge build up

Tue Jul 31 06:11:13 UTC 2018

As for MOOC course content - I don't know these guys from Adam's off
ox, and while I know IIIT (note, not IIT) Bangalore, this is a course
offered by them in collaboration with an outfit called FISST (oh
dear.. the name).

The course name looks like it is meant to train skript kiddeez but the
content looks much more reasonable.

Of course, given the extremely short course length, it is possibly
like the usual mile wide inch deep CISSP training that'll help you
learn a lot of buzzwords if nothing else.

--srs

https://talentedge.in/certified-cyber-warrior-iiit-bangalore/

Syllabus

Cyber Security Foundation Module:

Introduction & Overview of Cyber Security
Common Security threats and prevention/mitigation plans
Cryptography – fundamentals with theory of encryption keys (LMS)
Networking Security – fundamentals with N/w layers and various protocols (LMS)

Introduction to IT Act and Cyber Laws:

Cyber Laws – Overview of Cyber Civil Wrong
Cyber Laws – overview of Cyber Offences
Case studies where brand and financial loss has been reported

Introduction to Dark web and Deep Web:

Dark web & Deep Web
Anatomy of Financial Cyber Crime Organization

Network Security & Best practices for secured n/w administration

VPN
Wireless Security

 Vulnerabilities in various layers of Information Systems:

Overview of Multitasking and Multiprocessing

Assess And Mitigate Security Vulnerabilities
Understanding Security Capabilities of Information System
Virtualization
Memory Protection
Memory & Address protection
Protection Mechanisms

Brief Introduction to Cyber Risk and Cyber Insurance Best Practices:

Cyber Risk & Information Risk Management

Risk Management Concepts
Component of Risk Management – example
Risk Management Process
Common Cyber Threats
Framework for Cyber and IS Risk Management

Cyber Insurance – an Introduction

What is cyber insurance
How to assess and bargain a good policy
How to implement documentation for claims
Best practices for ‘zero’ risk policies

Introduction to Physical Security & importance to protect IT Assets:

Physical Security Introduction
Perimeter / Boundary Security
Building Security
Inside Building with back-end command & Control System
Overview of IoT devices Security & Concerns

Introduction to Blockchain, Cryptocurrencies, and Bitcoins

Introduction to Blockchain concept
Cryptocurrencies

Cyber Security Design and Maintaining Resilience

Cyber Security Designing And Maintaining Resilience
Designing a Resilient Enterprise
Maintaining Enterprise Resilience
Perimeter Protection with Firewall
Incident Response Plan
Cyber Risk Management process
Inventory Authorized and Unauthorized devices and Software

Recommended Best practices for Cyber Security:

Cyber Hygiene
Data Security
Wireless networking
Invoke the Incident Response Plan
Recover
RTO – RPO
Preparedness Plan Audit
Test your incident response plan
Vendor Incident response

20 Critical Security Components – Part 1

Critical Control 1: Inventory of Authorized and Unauthorized Devices
Critical Control 2: Inventory of Authorized and Unauthorized Software
Critical Control 3: Secure Configurations for Hardware and Software on
Laptops, Workstations, and Servers
Critical Control 4: Continuous Vulnerability Assessment and Remediation
Critical Control 5: Controlled Use of Administrative Privileges
Critical Control 6: Maintenance, Monitoring, and Analysis of Audit Logs
Critical Control 7: Email and Web Browser Protections
Critical Control 8: Malware Defenses
Critical Control 9: Limitation and Control of Network Ports,
Protocols, and Services

20 Critical Security Components – Part 2

Critical Control 10: Data Recovery Capability
Critical Control 11: Secure Configurations for Network Devices such as
Firewalls, Routers, and Switches
Critical Control 12: Boundary Defense
Critical Control 13: Data Protection
Critical Control 14: Controlled Access Based On Need to Know
Critical Control 15: Wireless Device Control
Critical Control 16: Account Monitoring and Control
Critical Control 17: Security Skills Assessment and Appropriate
Training to Fill Gaps
Critical Control 18: Application Software Security
Critical Control 19: Incident Response and Management
Critical Control 20: Penetration Tests and Red Team Exercises

2 Day On Campus Boot Camp at IIIT B

Lab Session – General Threats
Lab Session – Cryptography
Boot Camp 1
Boot Camp 2
On Fri, Jul 27, 2018 at 5:39 PM Suresh Ramasubramanian
<ops.lists at gmail.com> wrote:
>
> Please start with the nanog videos Chris referenced and the book that I told you about.
>
>
>
> Before security knowledge, there’s a lot of hard CS and pure math involved if you want to teach it as a discipline – but that should be available most anywhere.   And of course practical courses on network and system administration.
>
>
>
> Depends on whether you want to train junior analysts and build their knowledge in a more hands on manner in on the job training, or proceed with a graduate course that’ll take years and give them a deeper dive into this.
>
>
>
> For on the job training the videos and the Limoncelli book will do very well indeed for a start.
>
>
>
> --srs
>
>
>
> From: Ramy Hashish <ramy.ihashish at gmail.com>
> Date: Friday, 27 July 2018 at 5:12 PM
> To: NANOG Mailing List <nanog at nanog.org>, <stephend at ameslab.gov>, <rsk at gsp.org>, Suresh Ramasubramanian <ops.lists at gmail.com>, <Pratik.Lotia at charter.com>
> Subject: Re: SP security knowledge build up
>
>
>
> Thank you guys for all your academic recommendation, unfortunately we are not US residents, so can you recommend the references/books/curriculum used in the mentioned programs?
>
>
>

-- 
Suresh Ramasubramanian (ops.lists at gmail.com)