• Fundamentals of Cyber Security
• Security Principles, Policies, and Procedures
• Confidentiality, Integrity, and Availability
• Domains of Cyber Security
• Threats, Vulnerabilities, and Risk
• Security Governance, Risk, and Compliance (GRC)
• Understanding Threat Models
• Business Continuity and Disaster Recovery
• Physical Security
• Asset/Data Management, Classification, IPR, Copyright, Ownership, Custodian
• Personnel Security

Understand the basics of Cyber Security and why it is important in today’s context. Differentiate between Threats, Vulnerabilities, and risk. Various Cybersecurity domains and its application in the industry. CIA pillars of Cybersecurity. Understand why security Governance and compliance are important for various industries like BFSI manufacturing etc. What is Information security Risk and how it is important for an organization to consider for all its digital initiatives.

Class Discussion with Real Life examples

• Different OS systems
• Operating Systems Security
• OS Hardening & Patching
• CIS Benchmark for OS hardening
• Virtual OS and Containers Security

Understand the OS kernel basics, memory handling, I/O, and security architecture of the following- Windows, Linux, iOS, Android, etc. Objective of OS hardening CIS benchmark for OS hardening. OS Patching and its significance.

Class Discussion and Lab session

• Why Network is the Prime target for Cyber Attack
• Types of attacks on Network
• Understand Network components
• How to prevent Network attacks
• Perimeter Security
• Endpoint Security
• DMZ
• Identity, Authentication, and Authorization
• Password security
• Web security
• Virtualization (NFV)
• Network Segmentation
• Network Access Control
• Multi-factor Authentication
• Understanding digital frauds e.g., Phishing, Vishing, Smishing, Digital arrest, Financial frauds, etc.

Define Network Security and what are the Network vulnerabilities. Types of network attacks and mitigation technologies. Understanding Identity security, Password, OTP, PIN, QR Code etc. Understanding how digital frauds are executed and how to prevent these attacks. Concepts of network function virtualization, network segmentation, and NAC improve security. Concepts of how web security works and can be improved. VLAN, VPN, VDI, etc.

Class Discussion and Lab session

• Malwares & Attacks
• What is Cyber Kill Chain (CKC)
• Understand each phase of the kill chain
• Understand the relevance of CKC in overall Data Security
• Understand TTP
• Understanding MITRE ATT&CK Framework

Understand how a hacker plans to compromise a system. Define all steps of the cyber attack. Understand what all Tactics, Techniques, and Procedures are used by the attackers.

Class Discussion and Lab session

• Understand types of Applications
• Understanding DevOps, DevSecOps, and CI/CD pipelines
• Application Vulnerabilities
• Types of cyber-attacks on applications
• OWASP Guidelines of App Security
• How to prevent Application Attack
• Using Threat Models

Understand Application vulnerabilities and attacks. Understand application development lifecycle and how security can be embedded from design stage. Understand various software development models – waterfall, agile etc. and benefits of DevOps, CI/CD pipeline. Understand OWASP Top 10 Application Vulnerabilities and how to mitigate. Understand Threat Models – STRIDE, DREAD, MART etc.

Class Discussion and Lab session

• Cloud Concepts, Architecture and Design
• Cloud Governance- Legal, Risk & Compliance
• Securing Data in Cloud environment
• Cloud Application Security
• Cloud service providers (Azure, AWS, GCP)

Understand Cloud architecture, security, vulnerabilities, attacks and mitigations. IaaS, PaaS, SaaS models. Responsibilities of Cloud service provider and cloud consumers. Differences between on-prem and cloud models. Various cloud service providers.

Class Discussion and Lab session

• Cryptography Concepts
• Symmetric and Asymmetric
• Cryptography Applications
• Digital Certificate Infrastructure
• Cryptanalytic Practises

Understand the basics of Cryptography. Why it is used in context of Confidentiality and integrity. Understand Digital Certificate, Digital Sign, and various cryptographic usage in digital domains like HTTPS, SSL, TLS, IPSec, AES, RSA, etc.

Classroom discussion

• NIST
• CIS
• ISO 27K
• PCI-DSS
• COBIT
• HITRUST
• HIPAA
• OWASP

Understanding the basics, differences, and applicability of the following standards and frameworks in the industry: NIST SP 800-53, NIST CSF, ISO 27001, 27018, 27031, 27037, 27040, 27799, COBIT, CIS Controls, SANS Top 20, HITRUST CSF, PCI-DSS, OWASP Top 10.

Classroom discussion

• Introduction to AI and ML
• AI Working models
• Threats and Vulnerabilities of AI systems
• Attacks on AI systems
• Security best practices for AI systems

Understand the fundamentals of AI and ML. How this is different from conventional software platforms. Understand the vulnerabilities, threats, and attacks on AI systems. Understand the MITRE ATT&CK – ATLAS framework for AI security. Understanding ISO CD 27090.

Classroom discussion

• What is Vulnerability Assessment
• Various tools used for VM
• Categories of vulnerability
• Risk scoring
• What is Penetration Testing
• Tools used for PT
• What is RED, BLUE and Purple Team
• When and why these teams are used
• Tools used by these teams

Understanding the vulnerability assessment technology, process, and tools. Why it is important and relevant for information security. Why risk-based vulnerability is gaining popularity. Why pen-test is important. Role of RED, BLUE, and PURPLE team. Various tools used by these teams.

Classroom and Lab sessions

• What is Security Monitoring
• Prevent, Detect, Response and Remediate model
• Log Management and Analysis
• Modern SOC, SOC Architecture, and SOC Services
• Threat Intelligence
• Threat Hunting
• Forensic investigation
• Cyber Range
• Incident Response

Understanding security monitoring and the role of Security Operation Centre (SOC). What a SOC delivers to the organization. How SOC helps an organization to detect/protect from cyber attacks. Why threat intelligence is important and how it helps in overall security infrastructure.

Classroom and Lab sessions

• What is OT (Operation Technology)
• Difference between OT, ICS and IoT
• IT and OT network convergence / segmentation
• OT DMZ
• OT Protocols (Profinet, Modbus, CIP etc.)
• HMIs, RTUs, PLCs, OT Sensors
• OT security use cases
• OT network security best practices

Understanding the basics of OT security. Learn best practices for securing OT environments, including OT DMZ, network segmentation, and securing OT protocols like Profinet, Modbus, and CIP. Explore OT security use cases.

Classroom and Lab sessions

• IT Act 2000
• Various categories
• Laws of Licensing
• Import, Export, Compliance
• Contracting and Procurement
• GDPR

Understanding the basics of OT security. Learn best practices for securing OT environments, including OT DMZ, network segmentation, and securing OT protocols like Profinet, Modbus, and CIP. Explore OT security use cases.

Class Discussion

• Concepts of Subject and Object
• Various Security Models
• Rainbow Series
• ITSEC Classes
• TPM

Learn about different security models and their applications, including Subject and Object concepts, the Rainbow Series, ITSEC classes, and TPM.

Class Discussion with Examples

• How to manage a DC
• What could be the policies and procedures
• How to implement
• How to improve

A case study on Information Security Management Systems, focusing on managing a Data Center (DC), policies, procedures, implementation, and continuous improvement.

Class Discussion with real life examples

• Understand, Adhere to and promote Professional Ethics

Understand the importance of professional ethics in an organizational setting, and how to adhere to and promote them.

Class Discussion