Information Security

Information Security

Information Security

Information security (known as InfoSec) refers to the processes and tools designed and deployed to protect sensitive business information from unauthorized access or alterations, both when it's being stored and when it's being transmitted from one machine or physical location to in order to protect data from modification, disruption, destruction, etc. InfoSec is a crucial part of cyber security, but it refers exclusively to the processes designed for data security.

Learning Objectives

  • Understand the principles of Information security

  • Able to incorporate approaches for risk management and best practices in a corporate world

  • Gain familiarity with distributed system attacks, defenses against them, and forensics to investigate the understanding of cryptography.

  • Learn about Security essentials, Cryptography, Networks Security, Application Security, Data and Endpoint Security, Cloud Security, Cyber-attacks, and various other Security practices for businesses.

 

All Courses Idea

Introduction to Information Security

  • What is Information Security
  • Business Need for Information Security
  • CIA Triad
  • Essential Terms
    • Asset
    • Threat
    • Risk

Hacking / CyberAttack

  • Case study of recent hacks
  • Vulnerability
    • Zero-Day – Vulnerability / Attack
  • Security Assessment types & terminology
  • Phases of penetration testing ( Hacking )
    • Reconnaissance
      • Passive Reconnaissance
      • Active Reconnaissance
    • Scanning  & Vulnerability assessment
    • Exploitation
    • Social Engineering & Techniques
      • What is Social Engineering
      • Social Engineering Techniques
      • Phishing
      • SMShing
      • Whaling
      • Dumpster Diving
      • Shoulder Surfing
      • Tailgating / Piggy-backing
      • Identity Theft
      • Credential harvesting / Password guessing

Malware, Ransomware & Key-loggers

    • What is malware
    • Types of malware
      • Virus
      • Worms
      • Trojans
      • Rootkits
      • Adware
      • Spyware
      • Ransomware
      • Key-loggers
    • Advance Persistent Threats

Preventive Measures

    • Vulnerability management
    • Application security & secure SDLC
    • Patch management
    • AV updates
    • Back-up
    • Security Awareness Training &  security Policy

Risk Management

    • What is Risk – Definition
    • Consequences of Failing to Manage Risk
    • Data / Asset Classification
    • Risk Assessment Methodology
    • Risk Mitigation / Treatment
    • Residual Risks
    • Risk Controls

Incident Handling Process

    • Objectives of Incident Response
    • Incident Handling Process
      • Knowledge of events & incidents
      • Types of incidents
      • Roles & responsibilities
      • Defined Contact List
      • Breach Response Strategy
      • Case Study

Governance, Risk & Compliance

    • Compliance to Corp ISMS
      • Brief Overview of ISO 27001 Clauses & Controls
    • Incident Response & Business Continuity Management (BCM)
    • Objectives of BCM
    • Need for Contingency Planning
    • BCM V/s DR
    • Brief Overview of ISO 22301
    • BCM Cycle
    • Difference between PII & Personal Data
    • What is Data Protection Law
      • GDPR Awareness

Security Best Practices

    • Password guidelines
      • 2-Factor / Multi-factor authentication
    • Internet security guideline
    • Email security guideline
      • Identifying phishing emails
    • Mobile device security threats & prevention
    • Portable device / media security threats & prevention
    • Handling / Disposal of sensitive data (print/digital)
      • Data classification & labeling
      • Storage – encryption / hashing
      • Disposal
    • Physical Security
      • Access controls
      • Visitor management
    • Clear desk policy

Comming Soon!