Fundamentals of Information Security

Fundamentals of Information Security

Rs.4,238.00

Please register to enroll in this course.

SKU: cid_3637 Category:
About the course

In this course, you will learn about the basic principles of confidentiality, integrity availability concepts policies, procedures, guidelines, standards administrative measures and technical measures, people, process, and technology. After that, you will learn about the current trends in information security, cloud computing, its benefits, and issues related to InfoSec, standards available for InfoSec, which includes Cobit, Cadbury, ISO 27001, OWASP, OSSTMM, et. Then you will learn about vulnerability, threat and risk, risk assessment and mitigation along with quick fixes, introduction to BCP / DRP / incident management, segregation and separation of duties & roles and responsibilities, IT ACT 2000 and a lot more.

Learning Outcomes

After completing this course, you will be able to:

  • Understand the cybersecurity risks.
  • Implement these principles of cybersecurity.
  • Design a secure information system on your own.
  • Boost your hireability through innovative and independent learning.
Target Audience

The course can be taken by:

Students: All students who are pursuing any technical/professional courses, and interested in learning IT Security / Network Security / Cyber Security.

Teachers/Faculties: All teachers/faculties who wish to acquire new skills or improve their efficiency in information security.

Professionals: All IT Security / Network Security / Cyber Security professionals.

Why learn Fundamentals of Information Security?

Every day we hear about the newest attack, the latest exploit, or another cyber threat. In response, we hire security consultants, look for the best security team we can find, and buy the latest products from the security vendors. Information security isn’t limited to one sector, such as banks or finance, there are opportunities in retail, university settings and anywhere else, where data has value. The career prospects are bright for the candidates seeking a career in Information Security/Cyber Security. Information security is about defending data and critical information from unauthorized access, use, and potential destruction. It’s a field that is projected to grow by 22 percent through 2020 and opportunities are abundant for newcomers to this in-demand career. It should be noted that the demand for information security professionals has exceeded the demand for information technology professionals, and it is likely to continue as the times passes.

Course Features
  • 24X7 Access: You can view lectures as per your own convenience.
  • Online lectures: 4 hours of online lectures with high-quality videos.
  • Updated Quality content: Content is latest and gets updated regularly to meet the current industry demands.
Test & Evaluation

Each lecture will have a quiz containing a set of multiple choice questions. Apart from that, there will be a final test based on multiple choice questions.

Your evaluation will include the overall scores achieved in each lecture quiz and the final test.

No prerequisites

Topics to be covered
  1. Module 1 - Part 1 - Definition of Information Security
    • Introduction, reference books, learning objectives and what will we cover in module-1?
    • What is the reality of IS and how do we define information security?
    • What is the the history of information security (and what lessons can we learn from it)?
    • What is today's environment from IS perspective?
  2. Module 1 - Part 2 - Information Security Terminologies
    • What is Information Security?
    • What are we securing ourselves from 6 case studies?
    • What is an information asset and what can i do with the information?
    • What is the value of information (or it's critical characteristics)?
  3. Module 1 - Part 3 - Goals of Information Security
    • What is Information Security?contd...
    • What are the goals of information security and what is CIA?
    • Why do we need information security (IS) and what are the three roles in IS?
    • What are the components of an information system and how do we secure them?
    • What is good IT security and how do we balance security and access?
    • What are the "7is for 5"
  4. Module 1 - Part 4 - Implementation Issues of the Goals of Information Security - I
    • What are the goals of information security and what are definitions of CIA?
    • What is confidentiality and what are threats to it?
    • What is integrity and what are the two basic principles of integrity?
  5. Module - 1 - Part 5 - Implementation Issues of the Goals of Information Security - II
    • How is rotation of duties useful and which systems require high integrity?
    • What are some examples of threats to integrity?
    • What is the need for IS control and how do we define controls?
    • How do we define availability and what is denial of service?
  6. Module 1 - Part 6 - Control Mechanisms for Information Security - I
    • What are Internal Controls and why is costs benefit consideration important?
    • Why do we need General Controls (GC) and what are the types of GC?
    • Why do we need Segregation of information security duties within the systems function?
    • What are the various duties within the Systems Function?
  7. Module 1 - Part 7 - Access Control - Administrative and Technical
    • Why do we need Access control (Physical control)?
    • What are technical control or Logical control?
    • What is identification and authentication and why access control is important?
    • Why is Access Control Important and what is the problem with passwords / options for authentication?
    • How are Passwords useful?
  8. Module 1 - Part 8 - Passwords - Are they secure? - I
    • What is the problem with passwords and how can passwords be cracked?
    • How can "Brute Forcers" and port knocking DDoS the Users?
    • What are the shadow password files and what are the password encryption algorithms?
    • What are LAN Manager Password Hashes and what is the Syskey utility?
  9. Module 1 - Part 9 - Passwords - Are they secure? - II
    • Why are passwords insecure, What is the problem with Default Device Passwords?
    • Why are passwords insecure, Why and how do people disclose their passwords and what are the solutions which help solve it?
    • Why are passwords insecure, How can Passwords be Sniffed and how can it be prevented?
  10. Module 1 - Part 10 - Passwords - Are they secure? - III
    • Why are passwords insecure, How frequently should passwords be changed and why?
    • Why are passwords insecure, What is the problem with initial Passwords and password reset mechanisms?
    • Why are passwords insecure, The solution - Two factor authentication.
  11. Module 1 - Part 11 - Multi factor Authentication - Challenges
    • What is Two Factor Authentication and what are the challenges associated with it?
  12. Module 1 - Part 12 - Application Level Control and Information Security Planning
    • What are the security controls that can be applied at an application level (at input, processing and output)?
    • What are the 3 important plans for Information Security? (Security Plan, Backup and Recovery Plan and Disaster Recovery Plan)
  13. Module 1 - Part 13 - Information Security - Policy, Standard and Practice
    • What are the 3 important information security documents and what is the difference between them? (IS Policies, IS Standards & IS Practices)
    • How can we develop a security policy from scratch?
  14. Module 1 - Part 14 - Policies governing Issues, Roles and Responsibilities
    • What are the roles and Responsibilities in a security policy?
    • What will be inside a Policy Document? (SPP, ISSP and SSP)
  15. Module 1 - Part 15 - Managing changes in Information Security Policies
    • How do we handle changes to Information security Policy and what is clean desk policy?
    • What is security analysis?
    • What is security SDLC, IS Blueprints and some sample policies?
  16. Module 1 - Part 16 - Spheres of Information Security
    • What is another way of looking at the administrative controls and technical controls?
    • What is the overall Framework for management, operational and technical controls?
    • How does Defense in Depth and Security Perimeter help with security standards? and what are their key components?
    • What is SETA and why is it required?
    • What are the challenges and practical issues in implementing Information Security and why should we implement IS?
  17. Module 2 - Part 01 - Protecting your Personal Computer - I
    • Why do we need to protect our personal computer?
    • Why IS is the backbone of an organization and what are the current technology challenges in securing a computer?
    • What are the latest attack trends to compromise a computer and what is identity theft (Challenge 1)?
  18. Module 2 - Part 02 - Protecting your Personal Computer - II
    • What is malicious software and can we look at some statistical data around malware (Challenge 2)?
    • What are the current malware trends (spyware, keyloogers, rootkits, mobile malware and combined attack mechanisms)?
    • What are the Latest Trends in Patch Management and issues related with it?
    • Why are patches important (a look at the statistics) how are vulnerabilities exploited and what is ransomware?
  19. Module 2 - Part 03 - Protecting your Personal Computer - III
    • What is Distributed Denial of Service (DDoS)?
    • Best Practices to Help Protect Your Digital Assets
    • What is Anti-Virus and antii Spyware Software and why is updating windows and other applications important?
    • What are Personal Firewalls and what are the wireless security and other security best practices?
    • What is The Need for Information Security Professionals?
  20. Module 2 - Part 04 - Cloud Computing (Basic Definitions) - I
    • What is cloud computing and how can we define it?
    • What is the Architecture of cloud computing?
    • What are the Essential Characteristics of cloud computing (cloud architecture 1/3)
    • What are the Cloud Service Models (IaaS, PaaS and Saas) (cloud architecture 2/3)?
  21. Module 2 - Part 05 - Cloud Computing (Deployment) - II
    • What are the cloud deployment models (Public, Private and Hybrid)? (cloud architecture 3/3)
    • What are the Business and Technical Benefits of Cloud Computing?
    • What are the Opportunities that the end consumer gets in Cloud Computing?
  22. Module 2 - Part 06 - Cloud Computing (Security Issues) - III
    • What are the Security Issues in Cloud Computing (on OnPremise, On Premise hosted, IaaS, PaaS and Saas)?
    • Why are Companies still afraid to use clouds (what does the data say)?
    • What are the causes of Problems Associated with Cloud Computing?
  23. Module 2 - Part 07 - Cloud Computing (Trust and Risk) - IV
    • Can we look at loss of control, trust and multi-tenancy in the cloud in more detail?
    • What are the multi-tenancy Issues in the Cloud?
    • What is the Taxonomy of Fear (CIA)?
  24. Module 2 - Part 08 - Cloud Computing (Security and Privacy Issues) - V
    • What is cloud security and privacy?
    • What is a threat model and its issues?
    • What is attacker capability and its challenges?
    • What is infrastructure security and the network level?
  25. Module 2 - Part 09 - Cloud Computing (Security and Privacy Issues) - VI
    • What is the host level and host level security ?
    • Can we look at a case study: Amazon's EC2 infrastructure?
    • What is local host security?
    • What is the application level and what is the data lifecycle?
  26. Module 2 - Part 10 - Cloud Computing (Application and Data level security) - VII
    • What is the data lifecycle?
    • What is data security and storage?
    • Why IAM?
    • What is privacy? What are the key privacy concerns and storage?
    • What is destruction and auditing, monitoring and risk management?
  27. Module 2 - Part 11 - Cloud Computing (Summary) - VIII
    • What happens when there is a privacy breach and who is responsible for protecting privacy?
    • What are the possible solutions and security issues in the cloud(Part III)?
    • What is third - Party cloud computing and what are the known issues and new vulnerabilities and attacks?
    • How can we minimize lOSs of control?
  28. Module 2 - Part 12 - Standard I
    • What are the different approaches to information security?
    • What is COBIT ?
    • Why do we need a framework? and who really needs a framework?
    • What are the basics of COBIT? what are its enterprise benefits and stakeholder value?
    • What is the COBIT 5 framework and what are its principles?
  29. Module 2 - Part 13 - Standard II
    • What are COBIT 5 enablers?
    • What is governance and management (in COBIT)?
    • Is COBIT: one complete business framework for the governance of enterprise it (GEIT) and how is it implemented?
    • What is ISO 27001?
    • Can we look at a high level view of ISO 27001 and features?
    • What are the changes in ISO 27001: 2005 to 2013?
  30. Module 2 - Part 14 - Standard III
    • What is the information technology act, 2000 and amendment 2008 to it?
    • What is cyber law and some important definitions?
    • What are chapter XI - offences cyber crime related important sections?
  31. Module 3 - Part 1
    • What is a vulnerability ans where do they come from?
    • What is a threat, what are threat sources and categories of threat and example?
    • What is the relationship between risk, threats and vulnerabilities?
    • What are digital threats, and their definition? what are computer viruses and other "malicious programs?
  32. Module 3 - Part 2
    • What exactly is a virus? and what isn't a virus - common assumptions?
    • What are the beginnings, design factors and life cycle of viruses?
    • Viruses - what's with the names? what is the taxonomy of malicious programs and what are virus phases?
    • What are the various types of viruses, are there any "Good" types of viruses?
    • What are the characteristics of viruses and their classification by infection targets?
  33. Module 3 - Part 3
    • What are macro viruses, file (parasitic) viruses, file infectors, cluster viruses?
    • What are various types of viruses (Companion/Spawn Viruses, Source Code / VbScript / VBS Viruses) and what are the generations of virus detection softwares?
  34. Module 3 - Part 4
    • What are various antivirus technologies and packages?
    • What is a WORM?
    • Can we look at the history of WORMs?
    • Can we look at the history of WORMs?
    • What are internet WORMs and what are the components of WORMs?
  35. Module 3 - Part 5
    • What is a command interface, intelligence database and what is a unix WORMs and a trojan?
    • What are trojan horses, backdoors and logic bombs?
    • What is a bizarre code, UNIX backdoors and boot Kit, what is the cost of malware?
    • What are phishing, form phishing, clickjacking and scareware, and tapping your cell phone and conclusion?
  36. Module 3 - Part 6
    • What is a BCP (Business Continuity Plan)?
    • What is business impact analysis (BIA) / event damage classification and disasters and impact / recovery time?
    • Can we look at the definitions and classification of services?
    • How do you determine the criticality of business processes and what are rpoand rto and bia summary, disruption vs. Recovery cOSts and conclusion?
    • What is RAID / data mirroring?
  37. Module 3 - Part 7
    • What are high availability solutions and network diasaster recovery?
    • What is cloud computing? what are the different cloud deployment models and the major areas of security concerns?
    • What are the alternative recovery strategies?
    • What is business continuity process (BCP) and data storage protection?
    • What is disaster recovery testing and what are the contents of DRP (Disaster Recovery Plan)?
  38. Module 3 - Part 8
    • What are the major concerns for a BCP/DR plan and what are the different disaster recovery responsibilities?
    • What is bcp documents and business continuity overview?
    • How is MTBF = MTTF + MTTR and what is disaster recovery test execution?
    • What are the disaster recovery test types, testing objectives, testing procedures, test stages and gap analysis?
    • How can we insure and audit BCP?
  39. Module 3 - Part 9
    • Can we look at some questions related to security?
    • What is the incident management and its definitions?
    • What are goals and benefits of incident management and incident life clycle?
    • How is I+U=P?
  40. Module 4 - Part 1
    • Can we look at an introduction to network security and cryptography, and how can we protect information?
    • What is symmetric key cryptography, how do we manage its keys, and what is public key cryptography and its issues?
  41. Module 4 - Part 2
    • What are strengths of public key cryptography?
    • What is public key issue?
  42. Module 4 - Part 3
    • What is a network and what are its types?
    • What are the benefits of a network and risks of network computing?
    • What is communication media and what are its types?
    • How are networks categorized?
    • What hardwares and softwares are used for networking?
    • What is a firewall and what are the important network characterstics for security?
  43. Module 4 - Part 4
    • What are implications of protocol type and the various threats to network?
    • An example: SYNflood and normal syn behavior?
    • General network denial of service attacks and distributed denial of service attacks and why are these attacks made and what are the different methods of attacks?
    • How do you defend these attacks what are the different complicating factors?
    • What are the various basic defense approaches and traffic control mechanisms?
    • What is source address filtering?
    • What are other forms of filtering and realistic limits on filtering?
  44. Module 4 - Part 5
    • What are rate limits and padding? what is routing control?
    • What are firewalls and perimeter defense, and what are the weaknesses of perimeter defense models and defense in depth?
    • What are the basics of firewalls and what is a fundamental problem with firewalls and filtering based on ports and firewalls and transparency and conclusion?
  45. Module 4 - Part 6
    • Introduction to penetration testing
    • What does a malicious hacker do and what is the perspective of an adversary?
    • What are the different types of attacks and their examples?
    • What are the techniques and methods of security testing?
    • What is penetration testing?
  46. Module 4 - Part 7
    • Why do you need penetration testing (PT)?
    • What are the legal aspects of (PT)?
    • What is vulnerability assessment and what is the difference between vulnerability assessment and penetration test?
    • What are the limitations of of vulnerability assessment?
    • What are the different types of tests and their examples?
    • What is the process of penetration testing?
    • What are the different types of penetration tests and when testing is necessary?
  47. Module 4 - Part 8
    • What are the common and popular tools used for penetration testing?
    • What are data center audits?
  48. Module 4 - Part 9
    • What is application software?
    • How can we check transaction validation and process controls?
    • What are data file control procedures and database security?
    • What are security breaches and some of the largest database breaches?
    • What are three goals of database security and can we look at an example?
    • What are common database threats and how can we implement database security?
    • Can we look at an example breach and dbms security?
  49. Module 4 - Part 10
    • What are DBMS security guidelines and can we look at an example (Row Level Access)?
    • What is application security and security Breach TJ Maxx?
    • What are database vulnerabilities and database auditing?
    • What is SAP security and desktop security?
  50. Module 5 - Part 1
    • Can we look at an introduction to computer security?
    • What is a computer and its resources?
    • What is motherboard and what are the different layers in computation?
    • What is an operating system and kernel?
    • Is OS a program, what are the functions of an OS?
    • What are the different categories of an operating system and their examples?
    • What is windows security architecture, and what are its components (Security Reference Monitor (SRM) and Local Security Authority (LSA)?
  51. Module 5 - Part 2
    • What is domain and windows login example?
    • What are windows privileges, Access Control List (ACL) and its example?
    • What are integrity control and six integrity levels?
    • What is MIC: integrity control and user account control?
    • What are UAC consent UI : type 1, type 2, type 3, and what is biba model?
    • What is the linux security model?
  52. Module 5 - Part 3
    • What are set gidand directories, kernel spaceand user space?
    • What are mandatory access controls?
    • Can we evaluate : windows vs. linux design, windows design decisions and linux design flaws/poor design decisions?
    • What are windows vulnerabilities and linux vulnerabilities?
    • Can we look at the means of evaluating metrics and example: Microsoft Security Bulletin MSO8-067-critical?
    • Can we evalute : windows vs. linux vulnerabilities, what are the CERT: query results for keywords "microsoft" and "linux"?
  53. Module 5 - Part 4
    • What is system Hardening?
    • What are windows defenses, account defenses, network defenses and browser defenses?
    • What is cryptographic services and what is linux system Hardening?
    • What are OS-level security tools and techniques?
    • What is OS installation and patch management?
  54. Module 5 - Part 5
    • What are network access controls?
    • How can we use iptables for "local firewall"?
    • What are antivirus software, user management and password aging?
    • What is root delegation and logging?
    • What is application security (Hardening) [ Sub topics - running as unprivileged User/Group, running in "Chroot" jail, modularity, encryption, logging]?
  55. Module 5 - Part 6
    • What are the OS security capabilities: linux vs. windows?
    • What are security baselines (Disabling Nonessential Systems, Viewing Services, Disabling Nonessential Systems and Hardening Operating Systems)?
  56. Module 5 - Part 7
    • How do we apply updates and secure the file system?
    • What is Hardening application, servers and updates?
    • What are firmware updates?
    • What is network configuration and configuring packet filtering?
    • What are cold boot attacks?
  57. Module 6 - Part 1
    • Can we look at introduction of Web Application security?
    • What are websiites and Web Applications?
    • What is Web Application - breach the perimeter?
    • What is HTTP and HTTP request - GET?
  58. Module 6 - Part 2
    • What is HTTP request-POST and GET vs. POST securityand what are Web Application vulnerabilities and why do they occur?
    • What are the categories of Web Application vulnerabilities and areas where they occur?
    • What are the categories of Web Application vulnerabilities ?
  59. Module 6 - Part 3
    • How to secure a Web Application?
    • What are examples of phishing attacks?
    • What are some whaling and its examples?
    • Why Web Application security is a high priority and website attackers by country (Incapsula,2012)?
    • What are the top 5 internet security threats (RSA, 2012)?
    • What is Advanced Persistent Threat (ATP), Stuxnet (2009-2011) and big data company threat example?
  60. Module 6 - Part 4
    • Can we look at an overview of OWASP and some OWASP projects?
    • What are OWASP top 10 and top 10 risk rating methodology Iand II?
    • What is CWE/SANS and can we compare OWASP vs. CWE/SANS?
    • In Ex-A6/2007 - what information is leaked here? and possible information harvest?
    • How to handle a failed login attempt? And how can we protect it?
  61. Module 6 - Part 5
    • What is A1: injection - injection and some simple authentication query?
    • What is A2: broken authentication and session management?
  62. Module 6 - Part 6
    • What are the guidelines for strong passwords and password strength advisers with examples?
    • What is two-factor-authentication?
    • What is A3: cross-site scripting(XSS)?
    • What is A4: insecure direct object reference and protection?
    • What is A5: security misconfiguration, typical impact and protection?
  63. Module 6 - Part 7
    • What is A6: sensitive data exposure?
    • What is A7: missing function level action control and A8: Cross Site Request Forgery (CSRF)?
    • What is A9: using known vulnerable components?
    • What is A10: unvalidated redirects and forwards?
    • What is secure SDLC (Secure Software Development Life Cycle)?
  64. Module 6 - Part 8
    • What are some of reference books, CDs/DVDs, links and important points for further reading?
Note:
  1. Upto six weeks (or till submission of the final quiz) access to the course
  2. To get access to the certificate - you need to take the online exam at the end of the course