New members: get your first 7 days of ITTutorPro Premium for free! Join for free

Cyber Security Expert

Course Description

The Cyber Security Expert Master’s Program will equip you with the skills needed to become an expert in this rapidly growing domain. You will learn comprehensive approaches to protecting your infrastructure, including securing data and information, running risk analysis and mitigation, architecting cloud-based security, achieving compliance and much more with this best-in-class program.

About the Program

What are the objectives of this Cyber Security Expert Master’s program?

Simplilearn’s Cyber Security Expert Master’s Program provides cybersecurity professionals with foundational, intermediate, and advanced security skills through industry-leading certification courses, including CompTIA Security+, CEH, CISM, CISSP and CCSP. The program begins with introductory-level cybersecurity skills training, then progresses to advanced cybersecurity technologies such as reverse engineering, penetration testing techniques, and many more. This training program will enable you to:

  • Implement technical strategies, tools, and techniques to secure data and information for your organization
  • Adhere to ethical security behaviour for risk analysis and mitigation
  • Understand security in cloud computing architecture in depth
  • Comprehend legal requirements, privacy issues and audit process methodologies within the cloud environment
  • Focus on IT compliance and the integrity of enterprise systems to establish a more secure enterprise IT framework

What are the career benefits of this training?

Cybersecurity experts must learn to develop a 360-degree view of the cybersecurity domain that now comprises a wide array of security components and technologies. Simplilearn has bundled all of these critical skillsets into this Cyber Security Expert Master’s certification program. The benefits are as follows:

  • Cybersecurity is vital for career roles such as penetration tester, cybersecurity analyst, network analyst, cybersecurity auditor, cybersecurity architect, forensics investigator, and many more.
  • There are 2000+ cybersecurity jobs in India and 40,000+ in the US (Indeed.com). Cybersecurity job roles are expected to rise to six million worldwide by 2019 (source: Forbes, January 2016)
  • The median salary for a cybersecurity analyst is INR 418,389 annually in India (source: Glassdoor) and $134,000 in the US.

What skills will you learn?

At the end of this Master’s Program, you will be equipped with the following skillsets:

Install, configure and deploy public key infrastructure and network components while assessing and troubleshooting issues to support organizational security
Master advanced hacking concepts to manage information security efficiently
Design security architecture and framework for a secure IT operation
Frame cloud data storage architectures and security strategies, and utilize them to analyze risks
Protect data movement, perform disaster recovery, access CSP security, and manage client databases

Who should enroll in this program?

Our Cyber Security Expert Master’s Program is best suited for:

All levels of IT auditor/penetration tester
Security consultants/managers
IT directors/managers/consultants
Security auditors/architects
Security systems engineers
Chief information security officers (CISOs)
Chief compliance/privacy/risk officers
Network specialists, analysts, managers, architects, consultants or administrators
Technical support engineers
Systems analysts or administrators

Which courses and topics will be covered?

 

Coverage Courses Mode of training
Security Fundamentals CompTIA Security+ 501 Live Virtual Classroom
Offensive Security CEH Live Virtual Classroom
Security Teams Management CISM Online Self-paced Learning
Security Systems Architecture CISSP Live Virtual Classroom and Online Self-paced Learning
Cloud Security Architecture CCSP Online Self-paced Learning
Electives
Networking Concepts CompTIA Network+ Online Self-paced Learning

What are the prerequisites for this Cyber Security Expert Master’s training program?

There are no prerequisites for this training program. Prior knowledge of any programming language is recommended but not mandatory.

Share on:

Course Syllabus

Course 1

Introduction to Cyber Security
Simplilearn’s Introduction to Cyber Security course for beginners is designed to give you a foundational look at today’s cybersecurity landscape and provide you with the tools to evaluate and manage security protocols in information processing systems.

Introduction to Cyber Security

Lesson 1 – Course Introduction03:09
0.1 Course Introduction03:09
Lesson 2 – Cybersecurity Fundamentals46:48
1.1 Introduction00:40
1.2 Fundamentals of Cybersecurity10:47
1.3 Threat Actors, Attacks, and Mitigation12:17
1.4 Security Policies and Procedures04:18
1.5 Cybersecurity Mitigation Methods17:45
1.6 Key Takeaways01:01
Lesson 3 – Enterprise Architecture and Components35:00
2.1 Introduction00:42
2.2 Secure Architecture07:44
2.3 Wireless Networks09:47
2.4 Network Security Controls05:13
2.5 Cloud, Virtualization, BYOD, and IOT Security07:13
2.6 Security Testing03:17
2.7 Key Takeaways01:04
Lesson 4 – Information System Governance and Risk Assessment23:54
3.1 Introduction00:33
3.2 Information Security Governance05:35
3.3 Risk Management06:24
3.4 Information Security Programs10:43
3.5 Key Takeaways00:39
Lesson 5 – Incident Management16:34
4.1 Introduction00:35
4.2 Developing an Incident Management and Response System05:29
4.3 Digital Forensics04:46
4.4 Business Continuity and Disaster Recovery05:10
4.5 Key Takeaways00:34

Course 2 Online Classroom Flexi Pass

CompTIA Security+ (SY0-501)
CompTIA Security+ is a globally trusted certification that validates foundational, vendor-neutral IT security knowledge and skills. As a benchmark for best practices in IT security, this certification training covers the essential principles of network security and risk management.

CompTIA Security+ (SY0-501)

Lesson 01 Risk Management02:11:19
01 Introduction03:21
02 The CIA of Security03:45
03 Threat Actors06:39
04 What is Risk09:53
05 Managing Risk11:56
06 Using Guides for Risk Assessment06:23
07 Security Controls07:23
08 Interesting Security Controls03:15
09 Defense in Depth04:57
10 IT Security Governance08:18
11 Security Policies08:17
12 Frameworks08:21
13 Quantitative Risk Calculations08:11
14 Business Impact Analysis11:58
15 Organizing Data09:59
16 Security Training10:01
17 Third Party Agreements08:42
Lesson 02 Cryptography02:26:46
01 Cryptography Basics17:11
02 Cryptographic Methods07:24
03 Symmetric Cryptosystems11:45
04 Symmetric Block Modes07:46
05 RSA Cryptosystems10:18
06 Diffie-Hellman06:42
07 PGP GPG09:45
08 Hashing07:15
09 HMAC03:46
10 Steganography05:38
11 Certificates and Trust14:15
12 Public Key Infrastructure20:48
13 Cryptographic Attacks24:13
Lesson 03 Identity and Access Management01:37:27
01 Identification12:42
02 Authorization Concepts05:48
03 Access Control List06:28
04 Password Security09:13
05 Linux File Permissions14:52
06 Windows File Permissions13:38
07 User Account Management06:44
08 AAA08:03
09 Authentication Methods09:50
10 Single Sign On10:09
Lesson 04 Tools of the Trade01:17:00
01 OS Utilities14:46
02 OS Utilities ipconfig14:04
03 Network Scanners10:47
04 Protocol Analyzers10:51
05 SNMP15:22
06 Logs11:10
Lesson 05 Securing Individual Systems03:03:36
01 Denial of Service08:33
02 Host Threats09:01
03 Man in the Middle22:07
04 System Resiliency11:17
05 RAID11:19
06 NAS and SAN15:59
07 Physical Hardening07:26
08 RFI EMI and ESD03:13
09 Host Hardening16:17
10 Data and System Security04:22
11 Disk Encryption06:42
12 Hardware Firmware Security09:11
13 Secure OS Types07:43
14 Securing Peripherals11:03
15 Malware10:11
16 Analyzing Output14:54
17 IDS and IPS04:29
18 Automation Strategies04:57
19 Data Destruction04:52
Lesson 06 The Basic LAN01:43:09
01 LAN Review08:00
02 Network Topologies Review05:03
03 Network Zone Review10:26
04 Network Access Controls10:31
05 The Network Firewall13:05
06 Proxy Servers12:44
07 Honeypots04:32
08 Virtual Private Networks13:46
09 IPSec11:55
10 NIDS NIPS06:00
11 SIEM07:07
Lesson 07 Beyond the Basic LAN03:35:56
01 Wireless Review09:43
02 Living in Open Networks09:41
03 Vulnerabilities with Wireless Access Points07:01
04 Cracking WEP11:58
05 Cracking WPA09:24
06 Cracking WPS09:47
07 Wireless Hardening14:03
08 Wireless Access Points13:13
09 Virtualization Basics07:15
10 Virtual Security15:05
11 Containers10:46
12 IaaS09:32
13 PaaS09:03
14 SaaS02:39
15 Deployment Models08:41
16 Static Hosts07:30
17 Mobile Connectivity12:03
18 Deploying Mobile Devices05:25
19 Mobile Enforcement12:32
20 Mobile Device Management10:24
21 Physical Controls08:44
22 HVAC07:25
23 Fire Suppression04:02
Lesson 08 Secure Protocols01:21:49
01 Secure Applications and Protocols10:55
02 Network Models06:45
03 Know Your Protocols TCP IP06:07
04 Know Your Protocols Applications05:42
05 Transport Layer Security12:04
06 Internet Service Hardening06:43
07 Protecting Your Servers06:12
08 Secure Code Development10:17
09 Secure Deployment Concepts12:04
10 Code Quality and Testing05:00
Lesson 09 Testing Your Infrastructure01:05:07
01 Vulnerability Scanning Tools09:22
02 Vulnerability Scanning Assessment04:43
03 Social Engineering Principles02:14
04 Social Engineering Attacks07:54
05 Attacking Web Sites07:53
06 Attacking Applications10:56
07 Exploiting a Target11:17
08 Vulnerability Impact10:48
Lesson 10 Dealing with Incidents36:03
01 Incident Response06:34
02 Digital Forensics11:36
03 Contingency Planning10:10
04 Backups07:43

Course 3 Online Classroom Flexi Pass

CEH (v11)- Certified Ethical Hacker
This Certified Ethical Hacker-Version 11 (earlier CEHv10) course will train you on the advanced step-by-step methodologies that hackers actually use, such as writing virus codes, and reverse engineering, so you can better protect corporate infrastructure from data breaches. This ethical hacking course will help you master advanced network packet analysis and advanced system penetration testing techniques to build your network security skill-set and beat hackers at their own game.

Module 01- Introduction to Ethical Hacking

Lesson 01 – Information Security Overview22:30
1 Demo of Aspen and iLabs22:30
2 Internet is Integral Part of Business and Personal Life – What Happens Online in 60 Seconds
3 Essential Terminology
4 Elements of Information Security
5 The Security, Functionality, and Usability Triangle
Lesson 02 – Information Security Threats and Attack Vectors01:56
1 Motives, Goals, and Objectives of Information Security Attacks
2 Top Information Security Attack Vectors
3 Information Security Threat Categories
4 Types of Attacks on a System01:56
5 Information Warfare
Lesson 03 – Hacking Concepts01:29
1 What is Hacking01:29
2 Who is a Hacker?
3 Hacker Classes
4 Hacking Phases
Lesson 04 – Ethical Hacking Concepts
1 What is Ethical Hacking?
2 Why Ethical Hacking is Necessary
3 Scope and Limitations of Ethical Hacking
4 Skills of an Ethical Hacker
Lesson 05 – Information Security Controls
1 Information Assurance (IA)
2 Information Security Management Program
4 Enterprise Information Security Architecture (EISA)
5 Network Security Zoning
6 Defense in Depth
7 Information Security Policies
8 Physical Security
10 What is Risk?
11 Threat Modeling
12 Incident Management
13 Security Incident and Event Management (SIEM)
14 User Behavior Analytics (UBA)
15 Network Security Controls
16 Identity and Access Management (IAM)
17 Data Leakage
18 Data Backup
19 Data Recovery
20 Role of AI/ML in Cyber Security

Lesson 06 – Penetration Testing Concepts
1 Penetration Testing
2 Why Penetration Testing
3 Comparing Security Audit, Vulnerability Assessment, and Penetration Testing
4 Blue Teaming/Red Teaming
5 Types of Penetration Testing
6 Phases of Penetration Testing
7 Security Testing Methodology
Lesson 07 – Information Security Laws and Standards
1 Payment Card Industry Data Security Standard (PCI-DSS)
2 ISO/IEC 27001:2013
3 Health Insurance Portability and Accountability Act (HIPAA)
4 Sarbanes Oxley Act (SOX)
5 The Digital Millennium Copyright Act (DMCA)
6 Federal Information Security Management Act (FISMA)
7 Cyber Law in Different Countries

Module 02- Footprinting and Reconnaissance
Lesson 01 – Footprinting Concepts01:04
1 What is Footprinting?01:04
2 Objectives of Footprinting
Lesson 02 – Footprinting through Search Engines18:51
1 Footprinting through Search Engines12:09
2 Footprinting using Advanced Google Hacking Techniques
3 Information Gathering Using Google Advanced Search and Image Search
4 Google Hacking Database06:42
5 VoIP and VPN Footprinting through Google Hacking Database
Lesson 03 – Footprinting through Web Services08:37
1 Finding Company’s Top-level Domains (TLDs) and Sub-domains
2 Finding the Geographical Location of the Target
3 People Search on Social Networking Sites and People Search Services07:41
4 Gathering Information from LinkedIn
5 Gather Information from Financial Services
6 Footprinting through Job Sites00:56
7 Monitoring Target Using Alerts
8 Information Gathering Using Groups, Forums, and Blogs
9 Determining the Operating System
10 VoIP and VPN Footprinting through SHODAN
Lesson 04 – Footprinting through Social Networking Sites
1 Collecting Information through Social Engineering on Social Networking Sites
Lesson 05 – Website Footprinting08:21
1 Website Footprinting08:21
2 Website Footprinting using Web Spiders
3 Mirroring Entire Website
4 Extracting Website Information from https://archive.org
5 Extracting Metadata of Public Documents
6 Monitoring Web Pages for Updates and Changes
Lesson 06- Email Footprinting37:01
1 Tracking Email Communications37:01
2 Collecting Information from Email Header
3 Email Tracking Tools
Lesson 07- Competitive Intelligence00:50
1 Competitive Intelligence Gathering00:50
2 Competitive Intelligence – When Did this Company Begin? How Did it Develop?
3 Competitive Intelligence – What Are the Company’s Plans?
4 Competitive Intelligence – What Expert Opinions Say About the Company
5 Monitoring Website Traffic of Target Company
6 Tracking Online Reputation of the Target
Lesson 08- Whois Footprinting42:37
1 Whois Lookup12:11
2 Whois Lookup Result Analysis30:26
3 Whois Lookup Tools
4 Finding IP Geolocation Information
Lesson 09- DNS Footprinting
1 Extracting DNS Information
2 DNS Interrogation Tools
Lesson 10- Network Footprinting
1 Locate the Network Range
2 Traceroute
3 Traceroute
4 Traceroute Tools
Lesson 11- Footprinting through Social Engineering09:17
1 Footprinting through Social Engineering09:17
2 Collect Information Using Eavesdropping, Shoulder Surfing, and Dumpster Diving
Lesson 12- Footprinting Tools
1 Maltego
2 Recon-ng
3 FOCA
4 Recon-Dog
5 OSRFramework
6 Additional Footprinting Tools
Lesson 13- Countermeasures00:57
1 Footprinting Countermeasures00:57
Lesson 14- Footprinting Pen Testing
1 Footprinting Pen Testing
2 Footprinting Pen Testing Report Templates

Module 03- Scanning Networks
Lesson 01 – Network Scanning Concepts
1 Overview of Network Scanning
2 TCP Communication Flags
3 TCP/IP Communication
4 Creating Custom Packet Using TCP Flags
5 Scanning in IPv6 Networks
Lesson 02 – Scanning Tools
1 Nmap
2 Hping2 / Hping3
3 Scanning Tools
4 Scanning Tools for Mobile
Lesson 03- Scanning Techniques
1 Scanning Technique
2 Port Scanning Countermeasures
Lesson 04- Scanning Beyond IDS and Firewall
1 IDS/Firewall Evasion Techniques
Lesson 05- Banner Grabbing06:25
1 Banner Grabbing03:19
2 How to Identify Target System OS03:06
3 Banner Grabbing Countermeasures
Lesson 06- Draw Network Diagrams
1 Draw Network Diagrams
2 Network Discovery and Mapping Tools
3 Network Discovery Tools for Mobile
Lesson 07- Scanning Pen Testing
1 Scanning Pen Testing

Module 04- Enumeration
Lesson 01 – Enumeration Concepts
1 What is Enumeration?
2 Techniques for Enumeration
3 Services and Ports to Enumerate
Lesson 02 – NetBIOS Enumeration14:40
1 NetBIOS Enumeration14:40
2 NetBIOS Enumeration Tool
3 Enumerating User Accounts
4 Enumerating Shared Resources Using Net View
Lesson 03 – SNMP Enumeration06:20
1 SNMP (Simple Network Management Protocol) Enumeration06:20
2 Working of SNMP
3 Management Information Base (MIB)
4 SNMP Enumeration Tools
Lesson 04 – LDAP Enumeration05:45
1 LDAP Enumeration05:45
2 LDAP Enumeration Tools
Lesson 05 – NTP Enumeration03:59
1 NTP Enumeration03:59
2 NTP Enumeration Commands
2 NTP Enumeration Tools
Lesson 06 – SMTP Enumeration and DNS Enumeration17:21
1 SMTP Enumeration17:21
2 SMTP Enumeration Tools
3 DNS Enumeration Using Zone Transfer
Lesson 07 – Other Enumeration Techniques
1 IPsec Enumeration
2 VoIP Enumeration
3 RPC Enumeration
4 Unix/Linux User Enumeration
Lesson 08 – Enumeration Countermeasures
1 Enumeration Countermeasures
Lesson 09 – Enumeration Pen Testing
1 Enumeration Pen Testing

Module 05- Vulnerability Analysis
Lesson 01- Vulnerability Assessment Concepts
1 Vulnerability Research
2 Vulnerability Classification
3 What is Vulnerability Assessment?
4 Types of Vulnerability Assessment
5 Vulnerability-Management Life Cycle
Lesson 02- Vulnerability Assessment Solutions
1 Comparing Approaches to Vulnerability Assessment
2 Working of Vulnerability Scanning Solutions
3 Types of Vulnerability Assessment Tools
4 Characteristics of a Good Vulnerability Assessment Solution
5 Choosing a Vulnerability Assessment Tool
6 Criteria for Choosing a Vulnerability Assessment Tool
7 Best Practices for Selecting Vulnerability Assessment Tools
Lesson 03- Vulnerability Scoring Systems
1 Common Vulnerability Scoring System (CVSS)
2 Common Vulnerabilities and Exposures (CVE)
3 National Vulnerability Database (NVD)
4 Resources for Vulnerability Research
Lesson 04- Vulnerability Assessment Tools
1 Vulnerability Assessment Tools
2 Vulnerability Assessment Tools for Mobile
Lesson 05- Vulnerability Assessment Reports
1 Vulnerability Assessment Reports
2 Analyzing Vulnerability Scanning Report

Module 06- System Hacking
Lesson 01- System Hacking Concepts
1 CEH Hacking Methodology (CHM)
2 System Hacking Goals
Lesson 02- Cracking Passwords
1 Password Cracking
2 Types of Password Attacks
3 Password Recovery Tools
4 Microsoft Authentication
5 How Hash Passwords Are Stored in Windows SAM?
6 NTLM Authentication Process
7 Kerberos Authentication
8 Password Salting
9 Tools to Extract the Password Hashes
10 Password Cracking Tools
11 How to Defend against Password Cracking
12 How to Defend against LLMNR/NBT-NS Poisoning
Lesson 03- Escalating Privileges
1 Privilege Escalation
2 Privilege Escalation Using DLL Hijacking
3 Privilege Escalation by Exploiting Vulnerabilities
4 Privilege Escalation Using Dylib Hijacking
5 Privilege Escalation using Spectre and Meltdown Vulnerabilities
6 Other Privilege Escalation Techniques
7 How to Defend Against Privilege Escalation
Lesson 04- Executing Applications
1 Executing Applications
2 Keylogger
3 Spyware
4 How to Defend Against Keyloggers
5 How to Defend Against Spyware
Lesson 05- Hiding Files
1 Rootkits
2 NTFS Data Stream
3 What is Steganography?
Lesson 06- Covering Tracks
1 Covering Tracks
2 Disabling Auditing: Auditpol
3 Clearing Logs
4 Manually Clearing Event Logs
5 Ways to Clear Online Tracks
6 Covering BASH Shell Tracks
7 Covering Tracks on Network
8 Covering Tracks on OS
9 Covering Tracks Tools
Lesson 07- Penetration Testing
1 Password Cracking
2 Privilege Escalation
3 Executing Applications
4 Hiding Files
5 Covering Tracks

Module 07- Malware Threats
Lesson 01- Malware Concepts
1 Introduction to Malware
2 Different Ways a Malware can Get into a System
3 Common Techniques Attackers Use to Distribute Malware on the Web
4 Components of Malware
Lesson 02- Trojan Concepts
1 What is a Trojan?
2 How Hackers Use Trojans
3 Common Ports used by Trojans
4 How to Infect Systems Using a Trojan
5 Trojan Horse Construction Kit
6 Wrappers
7 Crypters
8 How Attackers Deploy a Trojan
9 Exploit Kits
10 Evading Anti-Virus Techniques
11 Types of Trojans
Lesson 03- Virus and Worm Concepts
1 Introduction to Viruses
2 Stages of Virus Life
3 Working of Viruses
4 Indications of Virus Attack
5 How does a Computer Get Infected by Viruses
6 Virus Hoaxes
7 Fake Antiviruses
8 Ransomware
9 Types of Viruses
10 Creating Virus
11 Computer Worms
12 Worm Makers
Lesson 04- Malware Analysis
1 What is Sheep Dip Computer?
2 Anti-Virus Sensor Systems
3 Introduction to Malware Analysis
4 Malware Analysis Procedure: Preparing Testbed
5 Static Malware Analysis
6 Dynamic Malware Analysis
7 Virus Detection Methods
8 Trojan Analysis: ZeuS/Zbot
9 Virus Analysis: WannaCry
Lesson 05- Countermeasures
1 Trojan Countermeasures
2 Backdoor Countermeasures
3 Virus and Worms Countermeasures
Lesson 06- Anti-Malware Software
1 Anti-Trojan Software
2 Antivirus Software
Lesson 07- Malware Penetration Testing
1 Malware Penetration Testing

Module 08- Sniffing
Lesson 01- Sniffing Concepts
1 Network Sniffing
2 Types of Sniffing
3 How an Attacker Hacks the Network Using Sniffers
4 Protocols Vulnerable to Sniffing
5 Sniffing in the Data Link Layer of the OSI Model
6 Hardware Protocol Analyzers
7 SPAN Port
8 Wiretapping
9 Lawful Interception
Lesson 02- Sniffing Technique: MAC Attacks
1 MAC Address/CAM Table
2 How CAM Works
3 What Happens When CAM Table Is Full?
4 MAC Flooding
5 Switch Port Stealing
6 How to Defend against MAC Attacks
Lesson 03- Sniffing Technique: DHCP Attacks
1 How DHCP Works
2 DHCP Request/Reply Messages
3 DHCP Starvation Attack
4 Rogue DHCP Server Attack
5 How to Defend Against DHCP Starvation and Rogue Server Attack
Lesson 04- Sniffing Technique: ARP Poisoning
1 What Is Address Resolution Protocol (ARP)?
2 ARP Spoofing Attack
3 Threats of ARP Poisoning
4 ARP Poisoning Tools
5 How to Defend Against ARP Poisoning
6 Configuring DHCP Snooping and Dynamic ARP Inspection on Cisco Switches
7 ARP Spoofing Detection Tools
Lesson 05- Sniffing Technique: Spoofing Attacks
1 MAC Spoofing/Duplicating
2 MAC Spoofing Technique: Windows
3 MAC Spoofing Tools
4 IRDP Spoofing
5 How to Defend Against MAC Spoofing
Lesson 06- Sniffing Technique: DNS Poisoning
1 DNS Poisoning Techniques
2 How to Defend Against DNS Spoofing
Lesson 07- Sniffing Tools
1 Sniffing Tool: Wireshark
2 Sniffing Tools
3 Packet Sniffing Tools for Mobile
Lesson 08- Countermeasures
1 How to Defend Against Sniffing
Lesson 09- Sniffing Detection Techniques
1 How to Detect Sniffing
2 Sniffer Detection Techniques
3 Promiscuous Detection Tools
Lesson 10- Sniffing Pen Testing
1 Sniffing Penetration Testing

Module 09- Social Engineering
Lesson 01 – Social Engineering Concepts
1 What is Social Engineering?
2 Phases of a Social Engineering Attack
Lesson 02 – Social Engineering Techniques
1 Types of Social Engineering
2 Human-based Social Engineering
3 Computer-based Social Engineering
4 Mobile-based Social Engineering
Lesson 04 – Impersonation on Social Networking Sites
1 Social Engineering Through Impersonation on Social Networking Sites
2 Impersonation on Facebook
3 Risks of Social Networking Threats to Corporate Networks
Lesson 05 – Identity Theft
1 Identify Theft
Lesson 06 – Countermeasures
1 Social Engineering Countermeasures
2 Insider Threats Countermeasures
3 Identity Theft Countermeasures
4 How to Detect Phishing Emails
5 Anti-Phishing Toolbar
6 Common Social Engineering Targets and Defense Strategies
Lesson 07 – Social Engineering Penetration Testing
1 Social Engineering Pen Testing
2 Social Engineering Pen Testing Tools
Lesson 03- Insider Threats
1 Insider Threat / Insider Attack
2 Type of Insider Threats

Module 10- Denial-of-Service
Lesson 01 – DoS/DDoS Concepts
1 What is Denial of Service Attack?
2 What is Distributed Denial of Service Attack?
Lesson 02 – DoS/DDoS Attack Techniques
1 Basic Categories of DoS/DDoS Attack Vectors
2 UDP Flood Attack
3 ICMP Flood Attack
4 Ping of Death and Smurf Attack
5 SYN Flood Attack
6 Fragmentation Attack
7 HTTP GET/POST and Slowloris Attacks
8 Multi-Vector Attack
9 Peer-to-Peer Attacks
10 Permanent Denial-of-Service Attack
11 Distributed Reflection Denial-of-Service (DRDoS)
Lesson 03 – Botnets
1 Organized Cyber Crime: Organizational Chart
2 Botnet
3 A Typical Botnet Setup
4 Botnet Ecosystem
5 Scanning Methods for Finding Vulnerable Machines
6 How Malicious Code Propagates?
7 Botnet Trojan
Lesson 04 – DDoS Case Study
1 DDoS Attack
2 Hackers Advertise Links to Download Botnet
3 Use of Mobile Devices as Botnets for Launching DDoS Attacks
4 DDoS Case Study: Dyn DDoS Attack
Lesson 05 – DoS/DDoS Attack Tools
1 DoS and DDoS Attack Tool
2 DoS and DDoS Attack Tool for Mobile
Lesson 06 – Countermeasures
1 Detection Techniques
2 DoS/DDoS Countermeasure Strategies
3 DDoS Attack Countermeasures
4 Techniques to Defend against Botnets
5 DoS/DDoS Countermeasures
6 DoS/DDoS Protection at ISP Level
7 Enabling TCP Intercept on Cisco IOS Software
Lesson 07 – DoS/DDoS Protection Tools
1 Advanced DDoS Protection Appliances
2 DoS/DDoS Protection Tools
Lesson 08 – DoS/DDoS Attack Penetration Testing
1 Denial-of-Service (DoS) Attack Pen Testing

Module 11- Session Hijacking
Lesson 01- Session Hijacking Concepts
1 What is Session Hijacking?
2 Why Session Hijacking is Successful?
3 Session Hijacking Process
4 Packet Analysis of a Local Session Hijack
5 Types of Session Hijacking
6 Session Hijacking in OSI Model
7 Spoofing vs. Hijacking
Lesson 02- Application Level Session Hijacking
1 Application Level Session Hijacking
2 Compromising Session IDs using Sniffing and by Predicting Session Token
3 Compromising Session IDs Using Man-in-the-Middle Attack
4 Compromising Session IDs Using Man-in-the-Browser Attack
5 Compromising Session IDs Using Client-side Attacks
6 Compromising Session IDs Using Client-side Attacks: Cross-site Script Attack
7 Compromising Session IDs Using Client-side Attacks: Cross-site Request Forgery Attack
8 Compromising Session IDs Using Session Replay Attack
9 Compromising Session IDs Using Session Fixation
10 Session Hijacking Using Proxy Servers
11 Session Hijacking Using CRIME Attack
12 Session Hijacking Using Forbidden Attack
Lesson 03- Network Level Session Hijacking
1 TCP/IP Hijacking
2 IP Spoofing: Source Routed Packets
3 RST Hijacking
4 Blind Hijacking
5 UDP Hijacking
6 MiTM Attack Using Forged ICMP and ARP Spoofing
Lesson 04- Session Hijacking Tools
1 Session Hijacking Tools
2 Session Hijacking Tools For Mobile
Lesson 05- Countermeasures
1 Session Hijacking Detection Methods
2 Protecting against Session Hijacking
3 Methods to Prevent Session Hijacking: To be Followed by Web Developers
4 Methods to Prevent Session Hijacking: To be Followed by Web Users
5 Session Hijacking Detection Tools
6 Approaches Vulnerable to Session Hijacking and their Preventative Solutions
7 Approaches to Prevent Session Hijacking
8 IPSec
9 Session Hijacking Prevention Tools
Lesson 06- Penetration Testing
1 Session Hijacking Pen Testing

Module 12 – Evading IDS, Firewalls, and Honeypots
Lesson 01- IDS, Firewall and Honeypot Concepts
1 Intrusion Detection System (IDS)
2 Firewall
3 Honeypot
Lesson 02- IDS, Firewall and Honeypot Solutions
1 Intrusion Detection Tool
2 Firewalls
3 Honeypot Tools
Lesson 03- Evading IDS
1 IDS Evasion Techniques
Lesson 04- Evading Firewalls
1 Firewall Evasion Techniques
Lesson 05- IDS/Firewall Evading Tools
1 IDS/Firewall Evasion Tools
2 Packet Fragment Generator Tools
Lesson 06- Detecting Honeypots
1 Detecting Honeypots
2 Detecting and Defeating Honeypots
3 Honeypot Detection Tool: Send-Safe Honeypot Hunte
Lesson 07- IDS/Firewall Evasion Countermeasures
1 How to Defend Against IDS Evasion
2 How to Defend Against Firewall Evasion
Lesson 08- Penetration Testing
Firewall/IDS Penetration Testing

Module 13- Hacking Web Servers
Lesson 01- Web Server Concepts
1 Web Server Operations
2 Open Source Web Server Architecture
3 IIS Web Server Architecture
4 Web Server Security Issue
5 Why Web Servers Are Compromised?
6 Impact of Web Server Attacks
Lesson 02- Web Server Attacks
1 DoS/DDoS Attacks
2 DNS Server Hijacking
3 DNS Amplification Attack
4 Directory Traversal Attacks
5 Man-in-the-Middle/Sniffing Attack
6 Phishing Attacks
7 Website Defacement
8 Web Server Misconfiguration
9 HTTP Response Splitting Attack
10 Web Cache Poisoning Attack
11 SSH Brute Force Attack
12 Web Server Password Cracking
13 Web Application Attacks
Lesson 03- Web Server Attack Methodology
1 Information Gathering
2 Web Server Footprinting/Banner Grabbing
3 Website Mirroring
4 Vulnerability Scanning
5 Session Hijacking
6 Web Server Passwords Hacking
7 Using Application Server as a Proxy
Lesson 04- Web Server Attack Tools
1 Metasploit
2 Web Server Attack Tools
Lesson 05- Countermeasures
1 Place Web Servers in Separate Secure Server Security Segment on Network
2 Countermeasures
3 Detecting Web Server Hacking Attempts
4 How to Defend Against Web Server Attacks
5 How to Defend against HTTP Response Splitting and Web Cache Poisoning
6 How to Defend against DNS Hijacking
Lesson 06- Patch Management
1 Patches and Hotfixes
2 What is Patch Management
3 Installation of a Patch
4 Patch Management Tools
Lesson 07- Web Server Security Tools
1 Web Application Security Scanners
2 Web Server Security Scanners
3 Web Server Security Tools
Lesson 08- Web Server Pen Testing
1 Web Server Penetration Testing
2 Web Server Pen Testing Tools

Module 14- Hacking Web Applications
Lesson 01 – Web App Concepts
1 Introduction to Web Applications
2 Web Application Architecture
3 Web 2.0 Applications
4 Vulnerability Stack
Lesson 02 – Web App Threats
1 OWASP Top 10 Application Security Risks – 2017
2 Other Web Application Threats
Lesson 03 – Hacking Methodology
1 Web App Hacking Methodology
2 Footprint Web Infrastructure
2 Attack Web Servers
3 Analyze Web Applications
4 Bypass Client-Side Controls
5 Attack Authentication Mechanism
6 Authorization Attack Schemes
7 Attack Access Controls
8 Attack Session Management Mechanism
9 Perform Injection/Input Validation Attacks
10 Attack Application Logic Flaws
11 Attack Database Connectivity
12 Attack Web App Client
13 Attack Web Services
Lesson 04 – Web Application Hacking Tools
1 Web Application Hacking Tools
Lesson 05 – Countermeasures
1 Web Application Fuzz Testing
2 Source Code Review
3 Encoding Schemes
4 How to Defend Against Injection Attacks
5 Web Application Attack Countermeasures
6 How to Defend Against Web Application Attacks
Lesson 06 – Web App Security Testing Tools
1 Web Application Security Testing Tools
2 Web Application Firewall
Lesson 07 – Web App Pen Testing
1 Web Application Pen Testing
2 Web Application Pen Testing Framework

Module 15- SQL Injection
Lesson 01 – SQL Injection Concepts
1 What is SQL Injection?
2 SQL Injection and Server-side Technologies
3 Understanding HTTP POST Request
4 Understanding Normal SQL Query
5 Understanding an SQL Injection Query
6 Understanding an SQL Injection Query – Code Analysis
8 Example of a Web App Vulnerable to SQL Injection: BadProductList.aspx
9 Example of a Web Application Vulnerable to SQL Injection: Attack Analysis
10 Example of SQL Injection
Lesson 02 – Types of SQL Injection
1 Types of SQL Injection
Lesson 03 – SQL Injection Methodology
1 SQL Injection Methodology
Lesson 04 – SQL Injection Tools
1 SQL Injection Tools
2 SQL Injection Tools
3 SQL Injection Tools for Mobile
Lesson 05 – Evasion Techniques
1 Evading IDS
2 Types of Signature Evasion Techniques
Lesson 06 – Countermeasures
1 How to Defend Against SQL Injection Attacks?
2 SQL Injection Detection Tools
3 SQL Injection Detection Tools

Module 16- Hacking Wireless Networks
Lesson 01 – Wireless Concepts
1 Wireless Terminologies
2 Wireless Networks
3 Wireless Standards
4 Service Set Identifier (SSID)
5 Wi-Fi Authentication Modes
6 Wi-Fi Authentication Process Using a Centralized Authentication Server
7 Types of Wireless Antenna
Lesson 02 – Wireless Encryption
1 Types of Wireless Encryption
2 WEP vs. WPA vs. WPA2
3 WEP Issues
4 Weak Initialization Vectors (IV)
Lesson 03 – Wireless Threats
1 Wireless Threats
Lesson 04 – Wireless Hacking Methodology
1 Wireless Hacking Methodology
Lesson 05 – Wireless Hacking Tools
1 WEP/WPA Cracking Tools
2 WEP/WPA Cracking Tool for Mobile
3 Wi-Fi Sniffer
4 Wi-Fi Traffic Analyzer Tools
5 Other Wireless Hacking Tools
Lesson 06 – Bluetooth Hacking
1 Bluetooth Stack
2 Bluetooth Hacking
3 Bluetooth Threats
4 How to BlueJack a Victim?
4 Bluetooth Hacking Tools
Lesson 07 – Countermeasures
1 Wireless Security Layers
2 How to Defend Against WPA/WPA2 Cracking
3 How to Defend Against KRACK Attacks
4 How to Detect and Block Rogue AP
5 How to Defend Against Wireless Attacks
6 How to Defend Against Bluetooth Hacking
Lesson 08 – Wireless Security Tools
1 Wireless Intrusion Prevention Systems
2 Wireless IPS Deployment
3 Wi-Fi Security Auditing Tool
4 Wi-Fi Intrusion Prevention System
5 Wi-Fi Predictive Planning Tools
6 Wi-Fi Vulnerability Scanning Tools
7 Bluetooth Security Tool
8 Wi-Fi Security Tools for Mobile
Lesson 09 – Wi-Fi Pen Testing
1 Wireless Penetration Testing
2 Wireless Penetration Testing Framework

Module 17- Hacking Mobile Platforms
Lesson 01- Mobile Platform Attack Vectors
1 Vulnerable Areas in Mobile Business Environment
2 OWASP Top 10 Mobile Risks – 2016
3 Anatomy of a Mobile Attack
4 How a Hacker can Profit from Mobile when Successfully Compromised
5 Mobile Attack Vectors and Mobile Platform Vulnerabilities
6 Security Issues Arising from App Stores
7 App Sandboxing Issues
8 Mobile Spam
9 SMS Phishing Attack (SMiShing) (Targeted Attack Scan)
10 Pairing Mobile Devices on Open Bluetooth and Wi-Fi Connections
Lesson 02- Hacking Android OS
1 Android OS
2 Android Rooting
3 Blocking Wi-Fi Access using NetCut
4 Hacking with zANTI
5 Hacking Networks Using Network Spoofer
6 Launching DoS Attack using Low Orbit Ion Cannon (LOIC)
7 Performing Session Hijacking Using DroidSheep
8 Hacking with Orbot Proxy
9 Android-based Sniffers
10 Android Trojans
11 Securing Android Devices
12 Android Security Tool: Find My Device
13 Android Security Tools
14 Android Vulnerability Scanner
15 Android Device Tracking Tools
Lesson 03- Hacking iOS
1 Apple iOS
2 Jailbreaking iOS
3 iOS Trojans
4 Guidelines for Securing iOS Devices
5 iOS Device Tracking Tools
6 iOS Device Security Tools
Lesson 04- Mobile Spyware
1 Mobile Spyware
2 Mobile Spyware: mSpy
3 Mobile Spywares
Lesson 05- Mobile Device Management
1 Mobile Device Management (MDM)
2 Mobile Device Management Solutions
3 Bring Your Own Device (BYOD)
Lesson 06- Mobile Security Guidelines and Tools
1 General Guidelines for Mobile Platform Security
2 Mobile Device Security Guidelines for Administrator
3 SMS Phishing Countermeasures
4 Mobile Protection Tools
5 Mobile Anti-Spyware
Lesson 07- Mobile Pen Testing
1 Android Phone Pen Testing
2 iPhone Pen Testing
3 Mobile Pen Testing Toolkit: Hackode

Module 18- IoT Hacking
Lesson 01- IoT Concepts
1 What is IoT
2 How IoT Works
3 IoT Architecture
4 IoT Application Areas and Devices
5 IoT Technologies and Protocols
6 IoT Communication Models
7 Challenges of IoT
8 Threat vs Opportunity
Lesson 02- IoT Attacks
1 IoT Security Problems
2 OWASP Top 10 IoT Vulnerabilities and Obstacles
3 IoT Attack Surface Areas
4 IoT Threats
5 Hacking IoT Devices: General Scenario
6 IoT Attacks
7 IoT Attacks in Different Sectors
Lesson 03- IoT Hacking Methodology
1 What is IoT Device Hacking?
2 IoT Hacking Methodology
Lesson 04- IoT Hacking Tools
1 Information Gathering Tools
2 Sniffing Tools
3 Vulnerability Scanning Tools
4 IoT Hacking Tools
Lesson 05- Countermeasures
1 How to Defend Against IoT Hacking
2 General Guidelines for IoT Device Manufacturing Companies
3 OWASP Top 10 IoT Vulnerabilities Solutions
4 IoT Framework Security Considerations
5 IoT Security Tools
Lesson 06- IoT Pen Testing
1 IoT Pen Testing

Module 19- Cloud Computing
Lesson 01 – Cloud Computing Concepts
1 Introduction to Cloud Computing
2 Separation of Responsibilities in Cloud
3 Cloud Deployment Models
4 NIST Cloud Computing Reference Architecture
5 Cloud Computing Benefits
6 Understanding Virtualization
Lesson 02 – Cloud Computing Threats
1 Cloud Computing Threats
Lesson 03 – Cloud Computing Attacks
1 Service Hijacking using Social Engineering Attacks
2 Service Hijacking using Network Sniffing
3 Session Hijacking using XSS Attack
4 Session Hijacking using Session Riding
5 Domain Name System (DNS) Attacks
6 Side Channel Attacks or Cross-guest VM Breaches
7 SQL Injection Attacks
8 Cryptanalysis Attacks
9 Wrapping Attack
10 Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) Attacks
11 Man-in-the-Cloud Attack
Lesson 04 – Cloud Security
1 Cloud Security Control Layers
2 Cloud Security is the Responsibility of both Cloud Provider and Consumer
3 Cloud Computing Security Considerations
4 Placement of Security Controls in the Cloud
5 Best Practices for Securing Cloud
6 NIST Recommendations for Cloud Security
7 Organization/Provider Cloud Security Compliance Checklist
Lesson 05 – Cloud Security Tools
1 Cloud Security Tools
Lesson 06 – Cloud Penetration Testing
1 What is Cloud Pen Testing?
2 Key Considerations for Pen Testing in the Cloud
3 Cloud Penetration Testing
4 Recommendations for Cloud Testing

Module 20- Cryptography
Lesson 01- Cryptography Concepts
1 Cryptography
2 Government Access to Keys (GAK)
Lesson 02- Encryption Algorithms
1 Ciphers
2 Data Encryption Standard (DES)
3 Advanced Encryption Standard (AES)
4 RC4, RC5, and RC6 Algorithms
5 Twofish
6 The DSA and Related Signature Schemes
7 Rivest Shamir Adleman (RSA)
8 Diffie-Hellman
9 Message Digest (One-Way Hash) Functions
Lesson 03- Cryptography Tools
1 MD5 Hash Calculators
2 Hash Calculators for Mobile
3 Cryptography Tools
4 Cryptography Tools for Mobile
Lesson 04- Public Key Infrastructure (PKI)
1 Public Key Infrastructure (PKI)
Lesson 05- Email Encryption
1 Digital Signature
2 Secure Sockets Layer (SSL)
3 Transport Layer Security (TLS)
4 Cryptography Toolkit
5 Pretty Good Privacy (PGP)
Lesson 06- Disk Encryption
1 Disk Encryption
2 Disk Encryption Tools
Lesson 07- Cryptanalysis
1 Cryptanalysis Methods
2 Code Breaking Methodologies
3 Cryptography Attacks
4 Cryptanalysis Tools
5 Online MD5 Decryption Tools
Lesson 08- Countermeasures
1 How to Defend Against Cryptographic Attacks

Course 4

CISM®
CISM (Certified Information Security Manager) is a key certification for information security professionals who manage, design, oversee, and assess enterprise information security. This CISM certification course, closely aligned with ISACA’s best practices, helps you learn about IT security systems.

CISM 2018

Domain 01: Information Security Governance03:47:44
Lesson 1: Information Security Governance Overview00:53
Information Security Governance Overview Part 101:12
Information Security Governance Overview Part 202:00
Information Security Governance Overview Part 301:22
Information Security Governance Overview Part 401:32
Information Security Governance Overview Part 500:29
Importance of Information Security Governance Part 101:19
Importance of Information Security Governance Part 206:20
Outcomes of Information Security Governance Part 100:33
Outcomes of Information Security Governance Part 201:26
Outcomes of Information Security Governance Part 302:45
Outcomes of Information Security Governance Part 401:27
Outcomes of Information Security Governance Part 501:54
Outcomes of Information Security Governance Part 601:28
Lesson 2: Effective Information Security Governance00:31
Business Goals and Objectives Part 101:31
Business Goals and Objectives Part 202:00
Roles and Responsibilities of Senior Management Part 101:02
Roles and Responsibilities of Senior Management Part 200:43
Domain Tasks Part 101:21
Domain Tasks Part 203:16
Business Model for Information Security Part 100:45
Business Model for Information Security Part 201:09
Business Model for Information Security Part 303:16
Business Model for Information Security Part 401:37
Dynamic Interconnections Part 100:34
Dynamic Interconnections Part 202:55
Dynamic Interconnections Part 301:55
Dynamic Interconnections Part 400:51
Lesson 3: Information Security Concepts and Technologies03:26
Information Security Concepts and Technologies Part 102:58
Information Security Concepts and Technologies Part 203:25
Information Security Concepts and Technologies Part 301:50
Technologies Part 101:41
Technologies Part 206:12
Lesson 4: Information Security Manager00:33
Responsibilities01:48
Senior Management Commitment Part 100:48
Senior Management Commitment Part 202:27
Obtaining Senior Management Commitment Part 100:24
Obtaining Senior Management Commitment Part 200:53
Establishing Reporting and Communication Channels Part 101:13
Establishing Reporting and Communication Channels Part 201:07
Lesson 5: Scope and Charter of Information Security Governance01:55
Assurance Process Integration and Convergence02:24
Convergence02:32
Governance and Third-Party Relationships02:38
Lesson 6: Information Security Governance Metrics00:56
Metrics01:38
Effective Security Metrics Part 101:46
Effective Security Metrics Part 201:01
Effective Security Metrics Part 301:51
Effective Security Metrics Part 400:39
Security Implementation Metrics01:17
Strategic Alignment Part 102:56
Strategic Alignment Part 201:10
Risk Management01:14
Value Delivery01:02
Resource Management Part 100:47
Resource Management Part 200:41
Performance Measurement03:06
Assurance Process Integration/Convergence02:54
Lesson 7: Information Security Strategy Overview00:53
Another View of Strategy00:41
Lesson 8: Creating Information Security Strategy00:16
Information Security Strategy01:22
Common Pitfalls Part 104:38
Common Pitfalls Part 202:19
Objectives of the Information Security Strategy01:33
What is the Goal?01:40
Defining Objectives01:23
Business Linkages01:48
Business Case Development Part 101:44
Business Case Development Part 202:36
Business Case Development Part 300:45
Business Case Objectives00:57
The Desired State01:48
COBIT01:08
COBIT Controls01:09
COBIT Framework00:48
Capability Maturity Model01:38
Balanced Scorecard01:22
Architectural Approaches01:03
ISO/IEC 27001 and 2700201:00
Risk Objectives Part 101:39
Risk Objectives Part 203:11
Lesson 9: Determining Current State Of Security00:45
Current Risk Part 102:37
Current Risk Part 201:11
BIA01:11
Lesson 10: Information Security Strategy Development01:52
The Roadmap01:01
Elements of a Strategy03:27
Strategy Resources and Constraints02:45
Lesson 11: Strategy Resources00:32
Policies and Standards01:00
Definitions05:48
Enterprise Information Security Architectures01:30
Controls03:00
Countermeasures00:55
Technologies01:50
Personnel01:54
Organizational Structure03:47
Employee Roles and Responsibilities00:28
Skills01:16
Audits01:41
Compliance Enforcement02:24
Threat Assessment01:41
Vulnerability Assessment02:21
Risk Assessment02:19
Insurance02:04
Business Impact Assessment02:32
Outsourced Security Providers02:57
Lesson 12: Strategy Constraints00:23
Legal and Regulatory Requirements01:43
Physical Constraints02:56
The Security Strategy01:36
Lesson 13: Action Plan to Implement Strategy01:13
Gap Analysis Part 101:35
Gap Analysis Part 200:52
Gap Analysis Part 303:01
Policy Development Part 101:41
Policy Development Part 201:00
Standards Development02:44
Training and Awareness00:35
Action Plan Metrics01:23
General Metric Considerations Part 100:23
General Metric Considerations Part 200:35
General Metric Considerations Part 300:43
General Metric Considerations Part 400:23
CMM4 Statements02:00
Objectives for CMM400:47
Section Review00:44
Knowledge Check

Domain 02: Information Risk Management and Compliance02:22:21Preview
Knowledge Check
Domain 03: Information Security Program Development and Management04:07:00Preview
Knowledge Check
Knowledge Check 3

Domain 04: Information Security Incident Management03:33:59
Lesson 1: Incident Management Overview Part 100:47
Incident Management Overview Part 203:08
Incident Management Overview Part 303:45
Types of Events Part 102:43
Types of Events Part 203:20
Goals of Incident Management Part 104:45
Goals of Incident Management Part 206:31
Goals of Incident Management Part 303:26
Lesson 2: Incident Response Procedures Part 100:23
Incident Response Procedures Part 203:40
Importance of Incident Management01:53
Outcomes of Incident Management03:50
Incident Management01:34
Concepts Part 102:07
Concepts Part 201:35
Concepts Part 301:34
Incident Management Systems Part 104:02
Incident Management Systems Part 200:53
Lesson 3: Incident Management Organization02:30
Responsibilities Part 103:01
Responsibilities Part 202:58
Responsibilities Part 305:10
Senior Management Commitment01:02
Lesson 4: Incident Management Resources00:25
Policies and Standards00:36
Incident Response Technology Concepts00:42
Personnel03:11
Roles and Responsibilities (eNotes)03:10
Skills08:09
Awareness and Education01:20
Audits02:49
Lesson 5: Incident Management Objectives00:17
Defining Objectives00:48
The Desired State02:36
Strategic Alignment06:42
Other Concerns02:32
Lesson 6: Incident Management Metrics and Indicators05:14
Implementation of the Security Program Management03:01
Management Metrics and Monitoring Part 100:21
Management Metrics and Monitoring Part 202:48
Other Security Monitoring Efforts04:24
Lesson 7: Current State of Incident Response Capability00:11
Threats04:39
Vulnerabilities04:09
Lesson 8: Developing an Incident Response Plan00:44
Elements of an Incident Response Plan00:53
Gap Analysis03:05
BIA Part 103:04
BIA Part 202:48
Escalation Process for Effective IM02:41
Help Desk Processes for Identifying Security Incidents01:27
Incident Management and Response Teams01:30
Organizing, Training, and Equipping the Response Staff01:55
Incident Notification Process00:55
Challenges in making an Incident Management Plan00:56
Lesson 9: BCP/DRP07:49
Goals of Recovery Operations Part 102:02
Goals of Recovery Operations Part 201:57
Choosing a Site Selection Part 105:37
Choosing a Site Selection Part 200:45
Implementing the Strategy03:58
Incident Management Response Teams02:10
Network Service High-availability04:17
Storage High-availability04:01
Risk Transference01:27
Other Response Recovery Plan Options01:29
Lesson 10: Testing Response and Recovery Plans00:18
Periodic Testing01:17
Analyzing Test Results Part 102:06
Analyzing Test Results Part 203:39
Measuring the Test Results00:57
Lesson 11: Executing the Plan01:56
Updating the Plan01:15
Intrusion Detection Policies01:38
Who to Notify about an Incident01:52
Recovery Operations01:53
Other Recovery Operations01:57
Forensic Investigation02:02
Hacker / Penetration Methodology11:50
Section Review01:15
Sequence 0501:53
Knowledge Check
Knowledge Check 4

Course 5 Online Classroom Flexi Pass

CISSP® Training
The Certified Information Systems Security Professional (CISSP) certification is considered the gold standard in the field of information security. This CISSP training is aligned with (ISC)² CBK 2018 requirements and will train you to become an information assurance professional who defines all aspects of IT security, including architecture, design, management, and controls. Most IT security positions require or prefer a CISSP certification, so get started with your CISSP training today.

CISSP®

Lesson 01 – Course Introduction11:49
Course Introduction11:49
Lesson 02 – Security and Risk Management03:08:34
1.01 Security and Risk Management01:00
1.02 Information Security Management15:26
1.03 Security Controls06:06
1.04 Information Security Management and Governance07:19
1.05 Goals, Mission, and Objectives05:06
1.06 Due Care14:41
1.07 Security Policy08:18
1.08 Compliance03:13
1.09 Computer Crimes05:02
1.10 Legal Systems08:09
1.11 Intellectual Property (IP) Law08:02
1.12 Privacy10:07
1.13 General Data Protection Regulation05:03
1.14 Security02:27
1.15 Risk Analysis02:38
1.16 Types of Risk Analysis22:35
1.17 Security Control Assessment03:33
1.18 Threat Modeling11:17
1.19 Supply-Chain Risk Management03:34
1.20 Third-Party Management12:06
1.21 Business Continuity Planning02:19
1.22 Business Continuity Planning Phases14:29
1.23 Managing Personnel Security08:27
1.24 Security Awareness Training03:16
1.25 Program Effectiveness Evaluation03:44
1.26 Key Takeaways00:37
Knowledge Check
Lesson 03 – Asset Security50:15
2.01 Asset Security01:06
2.02 Information Classification07:51
2.03 Data Classification03:17
2.04 Data Life Cycle03:42
2.05 Data Management03:26
2.06 Different Roles02:42
2.07 Data Remanence05:08
2.08 Privacy10:45
2.09 States of Data07:56
2.10 Data Loss Prevention03:43
2.11 Key Takeaways00:39
Knowledge Check
Lesson 04 – Security Engineering03:06:27
3.01 Introduction00:54
3.02 Security Engineering15:29
3.03 Security Architecture04:04
3.04 Security Models18:22
3.05 Evaluation Criteria13:23
3.06 System Security02:49
3.07 CPU07:06
3.08 Memory07:51
3.09 Security Mode07:27
3.10 Cloud Computing13:58
3.11 IOT03:28
3.12 Industrial Control System (ICS)12:17
3.13 Cryptography12:17
3.14 Encryption Methods05:39
3.15 DES10:55
3.16 Asymmetric Cryptography10:11
3.17 Public Key Infrastructure12:24
3.18 Cryptanalysis02:10
3.19 Key Management04:28
3.20 Critical Path Analysis03:12
3.21 Site Location06:50
3.22 Fire08:48
3.23 HVAC02:02
3.24 Key Takeaways00:23
Knowledge Check
Lesson 05 – Communications and Network Security02:51:48
4.01 Introduction01:00
4.02 Network Architecture and Design21:17
4.03 IP Addressing25:37
4.04 Network Protocols15:43
4.05 Transmission Media21:45
4.06 Firewall08:20
4.07 Intrusion Detection System and Intrusion Prevention System03:09
4.08 Network Access Control (NAC)04:16
4.09 Content Delivery Network (CDN)04:18
4.10 Networks06:30
4.11 Software-Defined Networking (SDN)01:49
4.12 Remote Access04:17
4.13 Internet Security Protocol (IPsec)14:24
4.14 Voice over Internet Protocol (VoIP)02:53
4.15 Phreaking01:42
4.16 Secure Access Protocols05:35
4.17 Wireless Technologies19:23
4.18 Network Attacks09:24
4.19 Key Takeaways00:26
Knowledge Check
Lesson 06 – Identity and Access Management01:48:39
5.01 Identity and Access Management00:58
5.02 Identity and Access Management03:54
5.03 Identity Management10:20
5.04 Biometrics03:57
5.05 Passwords08:56
5.06 Tokens04:37
5.07 Memory Cards and Smart Cards05:56
5.08 Access and Authorization Concepts06:15
5.09 Identity Management Implementation10:10
5.10 Kerberos04:19
5.11 Access Control Types04:57
5.12 Access Control Models07:29
5.13 Access Control Tools and Techniques10:51
5.14 Accountability03:37
5.15 Access Control Monitoring03:35
5.16 Identity Proofing05:02
5.17 Markup Languages04:41
5.18 Identity as a Service (IDaaS)08:37
5.19 Key Takeaways00:28
Knowledge Check
Lesson 07 – Security Assessment and Testing01:16:38
6.01 Security Assessment and Testing00:56
6.02 Security Assessment01:01
6.03 Vulnerability Assessment07:21
6.04 Penetration Testing07:20
6.05 Audits15:16
6.06 Log Management07:13
6.07 Synthetic Transaction and Real Transaction02:41
6.08 Testing05:28
6.09 Software Testing18:13
6.10 Interface05:02
6.11 Key Performance Indicators (KPI)05:35
6.12 Key Takeaways00:32
Knowledge Check
Lesson 08 – Security Operations02:14:27
7.01 Security Operations00:49
7.02 Investigation05:41
7.03 Forensic Investigation04:19
7.04 Evidence07:29
7.05 Electronic Discovery03:05
7.06 Incident Management07:30
7.07 Security Operations Management24:02
7.08 Identity and Access Management10:08
7.09 Assets11:50
7.10 Malware02:12
7.11 Management07:04
7.12 Recovery and Backup24:56
7.13 Disaster Recovery13:01
7.14 Perimeter Security12:03
7.15 Key Takeaways00:18
Knowledge Check
Lesson 09 – Software Development Security01:57:11
8.01 Software Development Security01:03
8.02 Importance of Software Development Security05:54
8.03 Programming Concepts16:11
8.04 Systems Development Life Cycle33:35
8.05 Application Program Interface03:59
8.06 Software Security and Assurance13:32
8.07 Database and Data Warehouse Environments14:32
8.08 Knowledge Management02:01
8.09 Web Application Environment06:24
8.10 Security Threats and Attacks19:28
8.11 Key Takeaways00:32
Knowledge Check

Course 6 Online Classroom Flexi Pass

Certified Cloud Security Professional
The Certified Cloud Security Professional (CCSP) training course is the leading certification by (ISC)² and will teach you to negate security threats to your cloud storage by understanding information security risks and strategies to maintain data security. Covering the six sections of the Official (ISC)² CCSP Common Body of Knowledge (CBK®), this course will help you pass the exam obtaining your CCSP.

Certified Cloud Security Professional

Lesson 1 – Course Introduction11:16
1.1 CCSP Certification Overview08:28
1.2 Course Objectives02:48
Lesson 2 – Cloud Concepts, Architecture, and Design01:13:29
1.01 Cloud Concepts, Architecture, and Design01:08
1.02 Security Concepts02:41
1.03 Key Security Concepts, Defense in Depth, Due Care and Due Dilligence02:48
1.04 Security Controls and Functionalities02:43
1.05 Cloud Computing00:45
1.06 Business Drivers01:13
1.07 Scalability, Elasticity, Vendor Lock-in, and Vendor Lock-out01:27
1.08 Cloud Computing Concepts Advantages01:05
1.09 The Conceptual Reference Model00:55
1.10 Cloud Computing Roles and Actors01:25
1.11 Cloud Service Categories Infrastructure as a Service (IaaS)04:15
1.12 Cloud Service Categories Platform as a Service (PaaS)04:21
1.13 Cloud Service Categories Software as a Service (SaaS)03:31
1.14 Cloud Service Categories Management01:03
1.15 Cloud Deployment Models Public Cloud00:47
1.16 Cloud Deployment Models Private Cloud00:53
1.17 Cloud Deployment Models Hybrid Cloud00:53
1.18 Cloud Deployment Models Community Cloud00:55
1.19 Models and Characteristics01:13
1.20 Comparison of Cloud Deployment Models00:35
1.21 Case Study hybrid Cloud01:32
1.22 Cloud Technology Roadmap04:07
1.23 Impact of Related Technologies06:46
1.24 Cryptography02:36
1.25 Key Management01:06
1.26 IAM and IAM Phases02:12
1.27 Data Remanence01:00
1.28 Virtualization03:02
1.29 Common Threats03:42
1.30 Design Principles of Secure Cloud Computing02:05
1.31 Cost-Benefit Analysis00:33
1.32 Evaluate Cloud Service Providers02:46
1.33 SOC00:38
1.34 IT Security EvaluationIT Security Evaluation01:28
1.35 FIPS02:14
1.36 Scenario02:17
1.37 Key Takeaways00:49
Knowledge Check
Lesson 3 – Cloud Data Security01:21:15
2.01 Cloud Data Security01:07
2.02 Cloud Data Life Cycle01:06
2.03 Cloud Data Life Cycle: Create, Store, Use, and Share03:29
2.04 Real-World Scenario01:28
2.05 Cloud Data Life Cycle Archive02:10
2.06 Cloud Data Life Cycle Destroy, Business Scenario, and Key Data Functions02:38
2.07 Cloud Data Storage Architectures00:57
2.08 Cloud Data Storage Architectures: Storage Types for IaaS00:56
2.09 Cloud Data Storage Architectures: Storage Types for PaaS01:03
2.10 Cloud Data Storage Architectures: Storage Types for SaaS01:26
2.11 Cloud Data Storage Architectures: Threats to Storage Types02:23
2.12 Real-World Scenario00:55
2.13 Data Security Strategies00:44
2.14 Data Security Strategies Encryption (Use Cases)01:13
2.15 Data Security Strategies Encryption Challenges02:06
2.16 Data Security Strategies Encryption in IaaS02:33
2.17 Data Security Strategies Database Encryption01:21
2.18 Data Security Strategies Key Management02:02
2.19 Data Security Strategies Key Storage in the Cloud01:25
2.20 Data Security Strategies Masking01:25
2.21 Data Security Strategies Data Anonymization00:48
2.22 Data Security Strategies Tokenization01:32
2.23 Data Security Strategies Homomorphic Encryption and Bit Splitting02:41
2.24 Real-World Scenario01:18
2.25 Data Security Strategies Data Loss Prevention03:22
2.26 Scenario01:38
2.27 Data Discovery and Classification Technology04:14
2.28 Data Discovery and Classification Technology Data Classification01:41
2.29 Data Discovery and Classification Technology Challenges with Cloud Data01:20
2.30 Jurisdictional Data Protections for Personally Identifiable Information (PII)01:34
2.31 Privacy Acts GDPR04:07
2.32 Privacy Acts GDPR Data Protection03:09
2.33 Privacy Acts United States01:00
2.34 Privacy Acts HIPAA, FISMA, and SOX02:21
2.35 Jurisdictional Data Protections for PII Responsibilites of Cloud Services01:31
2.36 Data Rights Management03:33
2.37 Data Retention, Deletion, and Archiving Policies00:27
2.38 Data Retention00:29
2.39 Data Deletion01:21
2.40 Real World Scenario01:27
2.41 Data Archiving00:38
2.42 Real World Scenario01:00
2.43 Legal Hold01:00
2.44 Auditability, Traceability, and Accountability of Data Events01:07
2.45 SIEM02:36
2.46 Chain of Custody00:39
2.47 Nonrepudation00:25
2.48 Real World Scenario01:01
2.49 Key Takeaways00:49
Knowledge Check
Lesson 4 – Cloud Platform and Infrastructure Security56:14
3.01 Cloud Platform and Infrastructure Security01:04
3.02 Cloud Infrastructure Components01:22
3.03 Network and Communications02:10
3.04 Management Plane and Virtualization01:07
3.05 Factors That Impact Datacenter Design01:53
3.06 Physical Design – Buy or Build00:47
3.07 Physical Design – Datacenter Design Standards02:02
3.08 Physical Design – Uptime Institute01:00
3.09 Physical Design – Tiers03:34
3.10 Physical Design Features of Tiers01:03
3.11 Real-World Scenario01:03
3.12 Environmental Design Considerations02:59
3.13 Connectivity00:28
3.14 Hypervisor and Resource Allocation01:27
3.15 Risks Associated with Cloud Infrastructure00:23
3.16 Policy General and Virtualization Risks02:40
3.17 Cloud-Specific Legal and Non-Cloud Specific Risks03:04
3.18 Cloud Attack Vectors and Compensating Controls01:10
3.19 Business Scenario01:29
3.20 Design and Plan Security Controls02:13
3.21 Real-World Scenario01:09
3.22 Plan Disaster Recovery and Business Continuity01:07
3.23 Real-World Scenario01:04
3.24 BCDR Planning Factors and Disruptive Events00:58
3.25 Characteristics of Cloud Infrastructure00:23
3.26 BCDR strategies and Returning to Normal01:06
3.27 Real-World Scenario01:13
3.28 BCDR Creation02:34
3.29 BCDR Creation Test05:11
3.30 Business Requirements01:09
3.31 BCDR Creation Report and Revise00:42
3.32 Testing Types Uptime Availability Activity and Case Study03:55
3.33 Security Training and Awareness00:48
3.34 Real-World Scenario01:23
3.35 Key Takeaways00:34
Knowledge Check
Lesson 5 – Cloud Application Security38:19
4.01 Cloud Application Security01:25
4.02 Advocate Training and Awareness for Application Security02:14
4.03 Real-World Scenario00:59
4.04 Common Pitfalls02:36
4.05 Encryption Dependencies00:40
4.06 Business Scenario01:15
4.07 Understanding Software Development Lifecycle Process00:34
4.08 Real World Scenario00:57
4.09 Vulnerabilities and Risks01:21
4.10 Threat Modeling03:36
4.11 Real World Scenario01:34
4.12 Encryption02:02
4.13 Sandboxing and Application Virtualization01:19
4.14 Federated Identity Management02:28
4.15 SAML Authentication02:49
4.16 Identity and Access Management01:42
4.17 Multi Factor Authentication02:16
4.18 Real world Scenario01:36
4.19 Cloud Access Security Broker02:18
4.20 Application Security Testing01:32
4.21 Software Supply Chain Management01:11
4.22 Real World Scenario01:06
4.23 Key Takeaways00:49
Knowledge Check
Lesson 6 – Cloud Security Operations01:04:45
5.01 Cloud Security Operations01:31
5.02 Secure Configuration of Hardware: Servers03:45
5.03 Secure Configuration of Hardware: Storage Controllers00:37
5.04 Real-World Scenario01:27
5.05 Secure Configuration of Hardware: Storage Controllers- ISCSI, Initiators and Targets, and Oversubscription02:26
5.06 Secure Configuration of Hardware: Virtual Switches01:38
5.07 Configuration of VM Tools00:49
5.08 Configuration of VM Tools Running a Physical Infrastructure Part 101:35
5.09 Configuration of VM Tools Running a Physical Infrastructure Part 101:25
5.10 Configuration of VM Tools Running a Physical Infrastructure Part 301:41
5.11 Configuration of VM Tools Running a Physical Infrastructure Part 401:37
5.12 Real-World Scenario01:12
5.13 Securing Network Configuration Part 104:06
5.14 Real-World Scenario01:11
5.15 Clustered Host01:42
5.16 Dynamic Optimization and Clustered Storage01:48
5.17 Maintenance Mode and Patch Management03:25
5.18 Performance Monitoring01:21
5.19 Real-World Scenario01:10
5.20 Network Security Controls Layered Security and Honeypots02:47
5.21 Network Security Controls SIEM00:44
5.22 Log Management01:42
5.23 Orchestration01:10
5.24 Availability of Guest OS01:59
5.25 Operations Management Part 102:16
5.26 Real World Scenario01:22
5.27 Operations Management Part 201:46
5.28 Risk Management Process Framing Risk and Risk Assessment01:55
5.29 Quantitative Risk Analysis01:29
5.30 Scenario01:18
5.31 Risk Response and Risk Monitoring01:18
5.32 Collection and Preservation of Digital Evidence04:08
5.33 Communication with Relevant Parties01:32
5.34 Real World Scenario01:34
5.35 Security Operations Center02:15
5.36 Key Takeaways01:04
Knowledge Check
Lesson 7 – Legal Risk and Compliance47:45
6.01 Legal Risk and Compliance01:28
6.02 Case Study02:28
6.03 Legislative Concepts04:39
6.04 Intellectual Property Laws04:56
6.05 Case Study01:27
6.06 Business Scenario01:04
6.07 Acts and Agreements03:22
6.08 Case Study01:21
6.09 NERC01:36
6.10 Privacy Shield and Generally Accepted Privacy Principles (GAPP)01:13
6.11 Jurisdictional Differences in Data Privacy01:27
6.12 Terminologies and eDiscovery01:09
6.13 Forensic Requirements and PII02:02
6.14 Gap Analysis SOC Reports and Chain of Custody02:59
6.15 Vendor Management01:35
6.16 Cloud Computing Policies and Risk Attitude02:37
6.17 SLA03:32
6.18 Quality of Service01:44
6.19 Risk Mitigation03:21
6.20 Risk Management Metrics and ISO 28000 200701:44
6.21 Real-World Scenario01:12
6.22 Key Takeaways00:49
Knowledge Check

$159.99

  • Vast selection of courses and labs Access
  • Unlimited access from all devices
  • Learn from industry expert instructors
  • Assessment quizzes and monitor progress
  • Vast selection of courses and labs Access
  • Blended Learning with Virtual Classes
  • Access to new courses every quarter
  • 100% satisfaction guarantee

You Will Get Certification After Completetion This Course.

Instructor Led Lectures
All IT Tutor Pro Formerly It Nuggets Courses replicate a live class experience with an instructor on screen delivering the course’s theories and concepts.These lectures are pre-recorded and available to the user 24/7. They can be repeated, rewound, fast forwarded.
Visual Demonstrations, Educational Games & Flashcards
IT Tutor Pro Formerly It Nuggets recognizes that all students do not learn alike and different delivery mediums are needed in order to achieve success for a large student base. With that in mind, we delivery our content in a variety of different ways to ensure that students stay engaged and productive throughout their courses.
Mobile Optimization & Progress Tracking
Our courses are optimized for all mobile devices allowing students to learn on the go whenever they have free time. Students can access their courses from anywhere and their progress is completely tracked and recorded.
Practice Quizzes And Exams
IT Tutor Pro Formerly It Nuggets Online’s custom practice exams prepare you for your exams differently and more effectively than the traditional exam preps on the market. Students will have practice quizzes after each module to ensure you are confident on the topic you are learning.
World Class Learning Management System
IT Tutor Pro Formerly It Nuggets provides the next generation learning management system (LMS). An experience that combines the feature set of traditional Learning Management Systems with advanced functionality designed to make learning management easy and online learning engaging from the user’s perspective.

Frequently Asked Questions

How does online education work on a day-to-day basis?
Instructional methods, course requirements, and learning technologies can vary significantly from one online program to the next, but the vast bulk of them use a learning management system (LMS) to deliver lectures and materials, monitor student progress, assess comprehension, and accept student work. LMS providers design these platforms to accommodate a multitude of instructor needs and preferences.
Is online education as effective as face-to-face instruction?
Online education may seem relatively new, but years of research suggests it can be just as effective as traditional coursework, and often more so. According to a U.S. Department of Education analysis of more than 1,000 learning studies, online students tend to outperform classroom-based students across most disciplines and demographics. Another major review published the same year found that online students had the advantage 70 percent of the time, a gap authors projected would only widen as programs and technologies evolve.
Do employers accept online degrees?
All new learning innovations are met with some degree of scrutiny, but skepticism subsides as methods become more mainstream. Such is the case for online learning. Studies indicate employers who are familiar with online degrees tend to view them more favorably, and more employers are acquainted with them than ever before. The majority of colleges now offer online degrees, including most public, not-for-profit, and Ivy League universities. Online learning is also increasingly prevalent in the workplace as more companies invest in web-based employee training and development programs.
Is online education more conducive to cheating?
The concern that online students cheat more than traditional students is perhaps misplaced. When researchers at Marshall University conducted a study to measure the prevalence of cheating in online and classroom-based courses, they concluded, “Somewhat surprisingly, the results showed higher rates of academic dishonesty in live courses.” The authors suggest the social familiarity of students in a classroom setting may lessen their sense of moral obligation.
How do I know if online education is right for me?
Choosing the right course takes time and careful research no matter how one intends to study. Learning styles, goals, and programs always vary, but students considering online courses must consider technical skills, ability to self-motivate, and other factors specific to the medium. Online course demos and trials can also be helpful.
What technical skills do online students need?
Our platform typically designed to be as user-friendly as possible: intuitive controls, clear instructions, and tutorials guide students through new tasks. However, students still need basic computer skills to access and navigate these programs. These skills include: using a keyboard and a mouse; running computer programs; using the Internet; sending and receiving email; using word processing programs; and using forums and other collaborative tools. Most online programs publish such requirements on their websites. If not, an admissions adviser can help.
preloader