Cyber Security Intermediate Training

Cyber Security Intermediate Training Overview

Download PDF

Cybersecurity was never straightforward. And, as attacks evolve each day when attackers become more innovative, it is crucial that cybersecurity is defined correctly and that good cybersecurity is recognized. Why does this matter so much? While worldwide cybersecurity investment is increasing annually and by 2018  $101 has been invested. Organizations are beginning to understand that malware is a publicly available asset that encourages becoming a cyber threat for anyone, and even more, companies offer safety measures that do little to protect against attacks.

Cyber Security Intermediate Training Objective

Learn how to secure software
Explore how to secure hardware
Understand and practice cryptography etc.

Understand the architecture of the cybersecurity.

Cyber Security Intermediate Training Audience

Administrators of government programs, scholars, experts, individuals administrators, attorneys, software developers, web developers, app developers, or anybody who would like to safeguard their content. 

Cyber Security Intermediate Training Prerequisites

There is no prerequisite for the course, but a basic knowledge of Cryptography and Encryption would be an
addition, and idea of basic governance and management of the IT/ITES.

Cyber Security Intermediate Training Outline

 Fundamentals of Human-Computer Interaction: users, usability, tasks, and cognitive models
 Grading and Logistics
 What is Human Computer Interaction?
 Chunking Information
 Mental Models
 Design: design methodology, prototyping, cybersecurity case study
 Intro to Design
 Design Methodologies
 Evaluation: usability studies, A/B testing, quantitative and qualitative evaluation, cybersecurity
 Strategies for Secure Interaction Design: authority, guidelines for interface design
 Intro to Usable Security Guidelines
 Authority Guidelines
 Authorization and Communication Guidelines
 Interface Guidelines for Usable Security
 Usable Authentication: authentication mechanisms, biometrics, two-factor authentication
 Usable Authentication and Passwords
 Two-Factor Authentication
 Biometric Authentication
 Gesture-based Authentication
 Usable Privacy: privacy settings, personal data sharing, data inference

 What is software security?
 Low-level security: Attacks and exploits
 Memory Layout
 Buffer Overflow
 Code Injection
 Other Memory Exploits
 Format String Vulnerabilities

 Defenses against Low-Level Attacks: Introduction
 Memory Safety, Type Safety
 Avoiding Exploitation
 Return Oriented Programming – ROP
 Control Flow Integrity
 Secure Coding
 Web security: Attacks and defenses
 SQL Injection, Countermeasures
 Web-based State Using Hidden Fields and Cookies
 Session Hijacking

 Cross-site Scripting
 Designing and Building Secure Software
 Threat Modelling or Architectural Risk Analysis
 Security Requirements
 Avoiding Flaws with Principles
 Design Category: Favor Simplicity
 Design Category: Trust with Reluctance
 Design Category: Defence in Depth, Monitoring/Traceability
 Top Design Flaws
 Static Program Analysis
 Flow Analysis, Adding Sensitivity
 Context Sensitive Analysis
 Flow Analysis: Scaling it up to a Complete Language and Problem Set
 Challenges and Variations
 Introducing Symbolic Execution
 Symbolic Execution: A Little History
 Basic Symbolic Execution
 Symbolic Execution as Search, and the Rise of Solvers
 Symbolic Execution Systems
 Penetration Testing: Introduction
 Pen Testing

 Distinguish threat data or behavior to determine the impact of an incident
 Prepare a toolkit and use appropriate forensics tools during an investigation
 Explain the importance of communication during the incident response process
 Analyze common symptoms to select the best course of action to support incident response
 Summarize the incident recovery and post-incident response process

 Explain the relationship between frameworks, common policies, controls, and procedures
 Use data to recommend remediation of security issues related to identity and access

 review security architecture and make recommendations to implement compensating controls
 Use application security best practices while participating in the Software Development Life
Cycle (SDLC)
 Compare and contrast the general purpose and reasons for using various cybersecurity tools and
technologies (SDLC)



[miniorange_social_login shape="longbuttonwithtext" theme="default" space="4" width="300" height="50" color="000000"]