fbpx

Part-time course
ISACA CSX Cybersecurity course

This cybersecurity course provides a comprehensive overview of the cybersecurity domains. The course is delivered in six separate parts: Cybersecurity Introduction and Overview, Cybersecurity Concepts, Security Architecture Principles, Security of Networks, Systems, Applications & Data, Incident Response and Security implications & Adaption of Evolving Technology. This course is based on the CSX Cybersecurity fundamentals and will be delivered by an experienced information security professional. This course is designed to be an entry point into the cybersecurity industry. The certificate and related training are an ideal way to get started on a career in cyber security.

The ideal candidate is a business professional who is seeking to learn more about the area of Cybersecurity, and/or a recent college graduate who is looking to start a career in Cybersecurity.

The Cybersecurity programme will enable you to:

  • Demonstrate your understanding of the principles that frame and define cyber security and the initial role of cyber security professionals in protecting enterprise data
  • Add a credential to you resume/CV that will distinguish you from other candidate for advancement or a new job
  • Stay ahead of the curve on your current career path or start your new cybersecurity career

The programme comprises of six modules:

  1. Cybersecurity Introduction and Overview
  2. Cybersecurity Concepts
  3. Security Architecture Principles
  4. Security of Networks, Systems, Applications & Data,
  5. Incident Response
  6. Security implications & Adoption of Evolving Technology.

1. Cyber Security Introduction and Overview

Introduction to Cybersecurity

  • The evolution of Cybersecurity
  • Cybersecurity & Situational awareness
  • The Cybersecurity skills gap
  • Difference between Information security & Cyber security
  • Protecting digital assets
  • Cyber security objectives
  • Confidentiality, Integrity and Availability
  • Non repudiation

Cyber security roles

  • Governance, Risk Management and Compliance
  • What does a Cybersecurity professional do?
  • Information security roles
  • Board of Directors
  • Executive Management
  • Senior Information security management
  • Cyber Security Practitioners
  • Cyber security Domains
  • Security architecture principles
  • Security of networks, systems, applications and Data
  • Incident Response
  • Security implications and adoption of evolving technology

Cyber Security Concepts

Risk:

  • Approaches to Cybersecurity
  • Key terms and definitions
  • Likelihood and impact
  • Approaches to Risk
  • Third-Party Risk
  • Risk Management

Common attack types & vectors:

  • Threat agents
  • Attack attributes
  • Generalized attack process
  • Nonadversarial threat events
  • Malware and attack types

Policies and Procedures:

  • Policy life cycle
  • Guidelines
  • Policy Frameworks
  • Types of Information security policies
  • Access control policy
  • Personnel Information Security policy
  • Security incident response policy

Cyber security controls:

  • Identity Management
  • Provision and de-provisioning
  • Authorization
  • Access control lists
  • Privileged user management
  • Change Management
  • Configuration Management
  • Patch Management

Security Architecture Principles

Overview of security architecture:

  • The security perimeter
  • Interdependencies
  • Security Architectures and frameworks
  • SABSA & the Zachman framework
  • The open group architecture framework (TOGAF)

The OSI Model:
TCP/IP

Defence in Depth

Firewalls:
Firewall general features
Network firewall types
Packet filtering firewalls
Stateful inspection firewalls
Stateless vs. stateful
Examples of firewall implementations
Firewall issues
Firewall platforms

Isolation & Segmentation:
VLANs
Security Zones & DMZs

Monitoring, Detection and logging:
Ingress, egress and data loss prevention (DLP)
Antivirus and Anti-Malware
Intrusion Detection Systems
IDS limitations
IDS policy
Intrusion prevention systems

Cryptography Fundamentals:
Key elements of cryptographic systems
Key Systems

Encryption Techniques:
Symmetric (private) key encryption
Asymmetric (private) key encryption
Elliptical curve cryptography
Quantum cryptography
Advanced encryption standard
Digital Signature
Virtual Private Network
Wireless network protections
Stored Data
Public Key Infrastructure

Encryption Applications:
Application of cryptographic systems
Security of Networks, Systems, Applications and Data

Process controls – Risk assessment:
Attributes of risk
Risk response workflow
Risk Analysis
Evaluating Security Controls
Risk assessment success criteria
Managing Risk
Using the results of the risk assessment

Process controls – Vulnerability Management:
Vulnerability Management
Vulnerability Scans
Vulnerability Assessment
Remediation
Reporting & Metrics

Process Controls – penetration testing:
Penetration testers
Penetration Testing phases

Network Security:
Network Management
LAN/WAN security
Network Risks
Wireless local area networks
Wired equivalent privacy & Wi-Fi protected access (WPA/WPA2)
Ports & Protocols
Port Numbers
Protocol numbers& assignment services
Virtual private networks
Remote Access

Operating System Security:
System/Platform Hardening
Modes of operations
File System permissions
Credentials & Privileges
Command line knowledge
Logging & System Monitoring
Virtualization
Specialised Systems

Application Security:
System development life cycle (SDLC)
Security with SDLC
Design Requirements
Testing
Review Process
Separation of development, testing and production environments
OWASP top ten
Wireless application protocol (WAP)

Data Security:
Data classification
Data owners
Data classification requirements
Database security

Incident Response

Event vs. Incident:
Events vs. Incident
Types of Incidents

Security Incident Response:
What is incident response?
Why do we need incident response?
Elements of an incident response plan
Security event management

Investigations, legal holds, and Preservation:
Investigation
Evidence preservation
Legal Requirements

Forensics:
Data protection
Data acquisition
Imaging
Extraction
Interrogation
Ingestion/normalization
Reporting
Network traffic analysis
Log file analysis
Time lines
Anti-forensics

Disaster recovery & business continuity plans:
What is a disaster?
Business continuity and disaster recovery
Business impact analysis
Recovery time objectives (RTO)
Recovery point objectives (RPO)
IS business continuity planning
Recovery Concepts

Backup Procedures

Security Implication & Adoption of Evolving Technology:
Current Threat Landscape
Advanced Persistent Threat (APT)
Evolution of the threat landscape
Defining APT’s
APT Characteristics
APT Targets
Stages of an APT attack

Mobile technology – Vulnerabilities, threats and risk:
Physical Risk
Organizational Risk
Technical Risk
Activity monitoring and data retrieval
Unauthorized network connectivity
Web view/user interface (UI) impersonation
Sensitive data leakage
Unsafe sensitive data storage
Unsafe sensitive data transmission
Drive-by vulnerabilities

Consumerization of IT and Mobile Devices:
Consumerization of IT
BYOD

Cloud & Digital Collaboration:
Risk of Cloud Computing
Web application risk
Benefits of cloud computing

At the end of the course each student will sit the ISACA CSX Cybersecurity Fundamentals exam
Career Progression Opportunities and Further Study Options
Cybersecurity is one of the fastest growing sectors in IT. This programme will provide the foundation needed to begin an entry level career in Cybersecurity and will also provide the basis for further study.

Ready to start your journey?