Cybersecurity Foundation

Module Module Name Type

1 Fundamental of Cyber Security Theory

Theory

2 Fundamentals of Networking

Practical

Theory

3 Basics of Security testing

Practical

Theory
4 Fundamentals of Access Management

Practical

Theory
5 Fundamentals of Incident Management and Response
 Practical

Theory
6 Fundamentals of security operations

Practical
Cybersecurity Foundation
Topics

Unit 1: Cyber security and its importance

Unit 2: Different disciplines of cyber security
Unit 3: Cyber security threats and their types
Unit 4: Cyber security attacks and their applications

Unit 1: Basic concepts of networking

Unit 2: Network ports, Network protocols, Types of network devices and key networking terminologies
Unit 3: Basics of ping & traceroute and types of network
Unit 4: Fundamental concepts of OSI model
Unit 5: Network sharing and subnetting
Unit 6: Fundamental concepts of network infrastructure
Unit 1: Understanding router model
Unit 2: Assigning IP address
Unit 3: Ways to use various commands

Unit 1: Basics of security testing and its importance

Unit 2: Basics of vulnerability scanning
Unit 3: Penetration testing and risk assessment
Unit 4: Risk assessment test
Unit 5: Security Audit and Posture Assessment Test
Unit 6: Ethical Hacking and Network Monitoring
Unit 7: Security Testing Tools

Unit 1: Installing and using various tools

Unit 2: Information gathering
Unit 3: Perform and analyse various attacks

Unit 1: Basics of Identity and Access Management & its Importance

Unit 2: Basic concepts of User Identification, Authentication and Authorization
Unit 3: User Identification and Access Management Policies
Unit 4: Tools used for Identity and Access Management in a public cloud platform
Unit 5: Access Control Models
Unit 6: Security Authorization And Encryption
Unit 7: Single Sign-On and Access Management Best Practices

Unit 1: Demonstrate how to perform MFA in AWS

Unit 2: Demonstrate the ways to perform MFA in Azure

Unit 1: Basics of security controls

Unit 2: Security Policy and Frameworks
Unit 3: Basics of Incident Management and Incident Response
Unit 4: Basics of Incident Response Plan and Incident Communications Plan
Unit 5: Fundamental Concepts of Incident Monitoring and Identification
Unit 6: Disaster Mitigation and Containment
Unit 7: Business Continuity Planning and Disaster Recovery
Unit 8: Cyber Security Investigation
Unit 9: Basics of a Backup and Recovery Plan
Unit 10: Basic concepts of RTO (Recovery Time Objective) and RPO (Recovery Point Objective)
Unit 1: Disaster recovery plan
Unit 2: Describe service replication and how it can be performed

Unit 1: Basics of security forensics & its types

Unit 2: Understanding of system logging and security monitoring
Unit 3: Fundamentals of Continuous Security Monitoring
Unit 4: Techniques for Continuous Security Monitoring
Unit 5: Basics of Data Loss Prevention and its importance
Unit 6: Basic understanding of change and configuration management
Unit 7: Security monitoring tools
Unit 1: Installing & Configuring various tools
Unit 2: Creating rules & understand security logs & log sources
 IAM Theory Syllabus
Chapter No Chapter Title
1 Course Overview

2 Introduction to IAM

2.1 What is IAM

2.2 Components of IAM

3 Importance of IAM
3.1 Why is IAM Important
3.2 What does IAM Provide to the Enterprise
3.3 How IAM Works?
3.4 IAM’s Role in Organizational Security
3.5 IAM and Compliance
4 Basics & Terminologies and Concepts in IAM
4.1 Basics
4.2 Terminologies
4.3 Security Assertion Markup Language
4.4 OAuth
4.5 OpenID Connect
4.6 Lightweight Directory Access Protocol
4.7 Active Directory
5 IAM in Enterprise and Cloud Environments
5.1 What is and Enterprise?
5.2 What is a Cloud?
5.3 Enterprise and Cloud
5.4 IAM in Enterprise Cloud
5.5 IAM and Compliance in Cloud
5.6 IAM and Directory Services in Cloud
6 IAM Architecture
6.1 Challenges of IAM
6.2 IAM Architecture
6.3 IAM Architecture – Typical Implementation
6.4 IAM Services to Enterprises
6.5 IAM Practices
6.6 IAM Architecture Example
6.7 IAM Architecture Implementation
7 IAM Lifecycle
7.1 What is Lifecycle
7.2 Lifecycle of IAM
7.3 Centralization of IAM
8 User Access Management
8.1 Users of Enterprise
8.2 Roles in Enterprise
8.3 Typical Roles in an Enterprise
8.4 Basics of User Access Management
8.5 Effective User Access Management
 8.6 Examples of User Access Management
8.7 User Access Management Details
8.8 SSO and User Access Management
8.9 MFA and User Access Management
8.1 SAML and User Access Management
8.11 Active Directory and User Access Management
9 Privilege Access Management
9.1 What are Privileges?
9.2 What is Privilege Access Management
9.3 Workings of PAM
9.4 How is PAM different from IAM?
9.5 Benefits of PAM
10 Access Provisioning
10.1 What is Access Provisioning?
10.2 Types of Access Provisioning
10.3 Access Provisioning via SAML, SSO, OAuth or OpenID Connect
10.4 Comparing and Contrasting SSO, SAML, OAuth and OpenID Connect
10.5 Access Provisioning Best Practices
11 Multi-factor Authentication
11.1 Importance of MFA
11.2 Methods of Multi-Factor Authentication
11.3 Process and Cons of Factors in MFA
11.4 Best Practices
12 Session Management & Monitoring
12.1 What is Session Management?
12.2 What is Privileged Session Management?
12.3 Active Session Monitoring
12.4 Tools for Session Monitoring
12.5 Best Practices
13 User Activity Compliance
13.1 What is User Activity Compliance?
13.2 Benefits of User Activity Compliance
13.3 User Activity Monitoring Tools
13.4 Best Practices
14 Case Studies
14.1 Case Study 1
14.2 Case Study 2
15 Summary
16 Conclusion
Expected Outcomes
The learner should aware of IAM course contents
Learner should able to understand the IAM concepts in Cybersecurity space and how does it enable us to securely control
to enterprise resources.
Learner should be clear with Identities and it's access to systems through policies and technologies to ensure that the righ
have the appropriate access to enterprise resources.
Learner should be clear with various IAM components like authentication, authorization, governance, directory services us
Mgmt, request Mgmt, reporting and analytics.

After completing this module, the learner should be able to -

- Demonstrate IAM concepts and its importance in Cybersecurity space and how does IAM helps organization to secure
enterprise resources.
- Should able to explain Identity Lifecycle, Authentication, authorization, SSO, directory services, user Mgmt, Request Mgm
Governance and reporting and Analytics
- Clear understanding about how IAM helps organization to meet various security compliances requirements like SOX, GDP
HIPAA etc. to control access.
organization
- Learner should be clear with IAM terms like Authentication, Authorization, Federation, SSO, MFA, Adaptive authenticatio
delegation, provisioning & de-provisioning, synchronization and privileged access Mgmt.
- Learner should able to demonstrate common authentication and authentication protocols like SAML, OAuth and OpenID
difference between these standards and how does it inter-operates to meet common objective. An usecase based
authentication and authorization implementation to showcase the understanding.
- Learner should able know about LDAP standard and Active Directory as LDAP authentication service provider. A use case
show Active Directory as LDAP authentication source.

After completing this module, the learner should be able to -

- Learner should able to differentiate enterprise's infrastructure as on-premises, cloud and hybrid environments.
- Able to demonstrate concepts of cloud environments and its benefits.
- Learner should be able to showcase IAM role the enterprise on-premises, cloud and hybrid environments.
- Should have clear understand about Cloud security and different cloud service provider and how do they meet regulatory
compliance requirements.
- Should know about IDaaS services concepts.
- understand LDAP directory service on Cloud as authentication source.

After completing this module, the learner should be able to -

- Learner should able to think and demonstrate common IAM challenges in an organization like decentralized security ope
etc..
- Learner should able to articulate IAM general architecture and component architecture from implementation perspective
- Learner required to know about the best IAM practices from design and implementation perspective.
- Learner should able to demonstrate simple use-case like JML implementation and app onboarding processes.

After completing this module, the learner should be able to -

- Learner should have understanding about Identity and Identity lifecycle
- Learner should be proficient with JML process and its important role on an organization access management system
- Centralization of security administration and governance and auditing on enterprise's resource access.

After completing this module, the learner should be able to -

- Learner should able to demonstrate the different artifacts in IAM system like Identity, user account, role, entitlement and
application
- Learner should aware about importance of Role in an organization and segregation of duties using Role/entitlements
- Learner should be clear about user access request management process on IAM system and integrated ITSM component
(Remedy/service-now etc..)
- Learner should be clear with SSO process, MFA/2FA concepts based on context or adaptive methods.
- Learner needs to be aware about user access delegation and federation concepts using SAML/OAuth/Active Directory W
federation
After completing this module, the learner should be able to -
- Learner should able to demonstrate the different artifacts in IAM system like Identity, user account, role, entitlement and
application
- Learner should aware about importance of Role in an organization and segregation of duties using Role/entitlements
- Learner should be clear about user access request management process on IAM system and integrated ITSM component
(Remedy/service-now etc..)
- Learner should be clear with SSO process, MFA/2FA concepts based on context or adaptive methods.
- Learner needs to be aware about user access delegation and federation concepts using SAML/OAuth/Active Directory W
federation

After completing this module, the learner should be able to -

- Learner should able to demonstrate about privileged accounts like shared/service/B2B accounts on platforms and applica
- He/she should able to differentiate the IAM and PAM concepts and how does it interoperates from an organization’s secu
access control system.
- Learner should have understanding about PAM components and its service offerings like password vault & rotation, least
privilege access control, session monitoring, platform/application accounts (privileged) onboarding, recording storage etc.
- Able to conceptualize PAM benefits in an organization as a centralized privilege access control system.
After completing this module, the learner should be able to -
- Learner should know about provisioning and de-provisioning concepts in IAM system
- He/she able to demonstrate connected and disconnected systems and how to use OOB connector to integrate external
application and platforms for the purpose of provisioning.
- He/she should able to visualize and implement JML process with connected/disconnected systems.
- Should know about various authentication/authorization protocol like SSO/SAML/OAuth/SAML to enable the IAM service
enterprise resources.
- Awareness about Industry standards on IAM provisioning concepts.
After completing this module, the learner should be able to -
- Learner should able to demonstrate need of 2-Factor/Multi-factor Authentication.
- He/she should be familiar with context-based/adaptive/location etc.. based authentication and its requirements.
- Need to be familiar with pros and cons of Multi-factor/2Factor in an IAM system and understanding about when to use a
when not.
- Awareness about Industry standards on MFA concepts.

After completing this module, the learner should be able to -

- Learner should able to demonstrate session management concepts in PAM system using RDP/SSH protocols
- Should be familiar with session management on PAM with ITSM (remedy/service now) tool integration for Incident/Chan
management.
- Need to be familiar with Active/Killed sessions and user session recordings.
- Needs to be familiar with session recordings and storage planning based on user activities.

After completing this module, the learner should be able to -

- Learner should able to demonstrate user activity compliance to SIEM concepts
- Understanding about SIEM concepts for Security Information and Event log management which consolidates data from
numerous sources and provides holistic view on user activity to meet regulatory compliance requirements.
- Awareness and understanding about one or more SIEM tool(ex. Splunk/ArcSight).

- Should able to demonstrate IAM concepts and its importance in Cybersecurity space and how does IAM helps organiza
secure enterprise resources.
- Clear understanding about how IAM helps organization to meet various security compliances requirements like SOX, G
HIPAA etc.
- Should able to demonstrate the IAM system components and services offering to secure enterprise resources with on
premise/cloud environment."
- Should have clear understanding about various open standard protocols which supports Authentication & Authorizatio
services across resources.
- Should be familiar with Identity Lifecycle, Access Management through JML process, User access request management
connected/disconnected system onboarding either through OOB or custom connectors.
 SAILPOINT IDENTITYIQ SYLLABUS
Topics

PREVIEW ON IDENTITY IQ

PRODUCT ARCHITECTURE – INSTALLATION & DEPLOYMENT

INTRODUCTION TO APPLICATION ON-BOARDING, CORRELATION

CONCEPTS OF RISKS & POLICIES

CERTIFICATIONS

ABOUT ROLES
CONCEPTS OF TROUBLESHOOTING, DEBUG, CONSOLE

INTRODUCTION TO RULES, TASKS, API

REPORTING

OVERVIEW TO LIFECYCLE MANAGER

INTRODUCTION TO WORKFLOW
INTRODUCTION TO PROVISIONING BROKER & ENGINE

OVERVIEW ON PERFORMANCE

KEY CAPABILITIES OF THE SAILPOINT COMPLIANCE MANAGER:

• ACCESS CERTIFICATIONS
• POLICY ENFORCEMENT
• LIFECYCLE MANAGER
• SELF-SERVICE ACCESS REQUEST
• PASSWORD MANAGEMENT
• LIFECYCLE EVENT MANAGEMENT
• USER PROVISIONING
• PROVISIONING BROKER
• PROVISIONING INTEGRATION MODULES
• SERVICE DESK INTEGRATION MODULES
• MANUAL PROVISIONING SUPPORT
• IDENTITY INTELLIGENCE
• CUSTOMIZABLE DASHBOARDS
• REPORTING AND ANALYTICS
ILPOINT IDENTITYIQ SYLLABUS
Sub Topics

• BUSINESS PURPOSE OF IDENTITY IQ

• OVERVIEW ON IDENTITY IQ
• COMMON COMPONENTS OF IDENTITY IQ
• OVERVIEW OF AN IDENTITYIQ PROJECT

• UNDERSTANDING THE ARCHITECTURE PRODUCT

• UNDERSTANDING OF INSTALLATION PROCEDURE FOR THE IDENTITY IQ
• CONCEPTS OF IDENTITY CUBES
• BRIEF OVERVIEW ON IDENTITY CUBE
• CONCEPTS OF APPLICATIONS AND CONNECTORS
• ABOUT IDENTITY MAPPINGS
• AGGREGATION OF THE DATA
• CAPABILITIES, SCOPING AND WORKGROUPS

• CONCEPTS OF ON-BOARDING APPLICATIONS

• ACCOUNT CO-RELATION
• APPLICATION CONFIGURATION
• LOGICAL & MULTIPLEXED APPLICATIONS

• BASIC OVERVIEW ON IDENTITY IQ POLICY

• TYPES OF POLICY
• DEFINING OF THE POLICIES
• DISCOVERING & HANDLING THE POLICY VIOLATIONS
• IDENTITY THE RISK MODEL
• APPLICATION OF RISK MODEL
• REFRESHING & INTERACTION WITH RISK SCORES

• CERTIFICATIONS & ACCESS REVIEWS

• DIFFERENT TYPES OF CERTIFICATIONS
• ABOUT CERTIFICATION LIFECYCLE
• CONFIGURATION OF CERTIFICATION
• CONCEPTS IN MAKING CERTIFICATION DECISIONS
• CERTIFICATION DECISIONS

• DEFINITION OF ROLE
• BENEFITS OF ROLE MANAGEMENT
• OVERVIEW ON ROLE MODEL
• ABOUT ROLE MINING
• ROLE MANAGEMENT POINTERS
• CONCEPTS AND FACTORS IN SUCCESSFUL TROUBLESHOOTING & DEBUGGING
• LOGGING, OPTIONS & THE CONFIGURATION
• DEBUG OF PAGE
• BEST PRACTICES

• CONCEPTS IN RULES: WHAT? WHERE? HOW?

• CONCEPTS IN TASKS: WHAT? WHERE? HOW?
• ABOUT SAIL POINT API

• REPORTING ARCHITECTURE OF THE SAIL POINT IIQ

• DEFINING OF DATA SOURCES
• REPORT COLUMN _CONFIGURATION
• QUERY _CONFIGURATION

• CHANGE IN LIFECYCLE
• KEY FEATURE & CONSIDERATIONS
• ACCESS REQUEST PROCESS
• ADDITION ACCESS & IDENTITY MANAGEMENT OPTIONS
• ABOUT LCM CONFIGURATION
• OTHER ADDITIONAL LCM FUNCTIONALITY

• WHAT IS A WORKFLOW?
• CONCEPTS OF WORKFLOWS IN IDENTITY IQ
• KEY WORKFLOW _CONCEPTS
• WORKFLOW CASE, VARIABLES, STEPS & APPROVALS
• WORKFLOW_ TROUBLESHOOTING CONCEPTS
• PROVISIONING ARCHITECTURE
• OBJECT MODEL INVOLVED IN THE PROVISIONING
• CONCEPTS OF CONNECTORS
• WALKTHROUGH OF THE PROVISIONING PROCESS
• DEBUGGING CONCEPTS

• ABOUT PERFORMANCE MANAGEMENT APPROACH

• TOOLS & RESOURCES
• CAPACITY PLANNING & SIZING
• UNDERSTANDING THE IDENTITYIQ INTERNALS CONCEPTS
• CONCEPTS OF COMMON PITFALLS TO AVOID
Expected Outcomes
After completing this module, the learner should be able to -
- Learner should able demonstrate SailPoint IIQ purpose and its various components service offerings as
an IAM solution.

After completing this module, the learner should be able to -

- Learner should have good understanding about SailPoint components architecture, installation of tool
& application server, DB scheme setup and configuration.
- Should be familiar with concepts of Identity Cube, Identity mapping configuration, application
onboarding, connectors, aggregation and reconciliation.
- Familiar with quick links, workgroups and scoping concepts.

After completing this module, the learner should be able to -

- Should be familiar application onboarding, account aggregation, account correlation and OOB
connectors including logical grouping and multiplex concepts.

After completing this module, the learner should be able to -

- Should be able to demonstrate Identity IQ access policies, role based SOD policies and account specific
policies on onboarding and rule based policies to have better control on granting access, onboarding and
event triggering (alert).
- Should be able to understand the concepts of Policy Violation, identification and remediation.
- Should be familiar with Risk modeling and scoring to identify application risk and remediation.

After completing this module, the learner should be able to -

- Should be able to demonstrate Identity IQ certification process and how does it meet an organization
regulatory compliance requirements.
- Should have good understanding about manager and application owner certification.
- Should have good understanding about certification decision and access remediation process.
- Should be familiar with how to schedule & configure the certification and run it on demand.

After completing this module, the learner should be able to -

- Should be able to demonstrate Identity IQ roles and its importance to define an access on a
platform/application.
- SOD roles and policy violations and corresponding decision making to handle the policy violation
through remediation.
- Should be familiar with role model and definition of mining activity.
- Should be familiar with scoping the role.
After completing this module, the learner should be able to -
- Should have good understanding about debugging concepts and log analysis based on system and IIQ
logs.
- Should be familiar with debug page and how to access and configure it to generate logs (enable/disable
on demand)
- Should have good understanding about log format to segregate logs based on process, components
and timestamp.
- Should be familiar with different type of logging events and levels.

After completing this module, the learner should be able to -

- Should be familiar rules and different rules (correlation, manager correlation, customization etc..) used
with different process.
- Should have good understanding about task and how to create and schedule and run it.
- Should be familiar with exposed APIs to extend/customize the IIQ process & services to meet
organization requirements like custom database update or email trigger or manager/owner approval on
access requests for audit compliance.

After completing this module, the learner should be able to -

- Should be familiar with leveraging existing variety of reports to meet organization audit & regulatory
compliance requirements.
- Should have good understanding about report and how to create, schedule and run it.
- Should be familiar with exposed APIs to extend/customize existing reports or create new reports to
meet organization requirements with additional/removal/modification of column information.

After completing this module, the learner should be able to -

- Should be familiar with LCM components and its enablement in SailPoint IIQ system based on demand.
- Should have good understanding about user access request management and manager/application
owner approval process and reminders.
- Should be familiar with email templates concepts and how to setup/enable email server.
- Should be familiar with JML process linked with LCM controls and events.
- Should have good understanding about ITSM (remedy/service now) integration to manager request
management process.

After completing this module, the learner should be able to -

- Should be familiar workflow concepts, process and sub-process and workflow online editor.
- Should be able to do simple customization on existing workflow for a use case based scenario
requirement.
- Should be aware of variable usage inside workflow/process/sub-process and its scoping and passing it
through different module.
- Should have understanding about online workflow editor for making changes to existing workflow or to
create new one to meet organization requirements.
After completing this module, the learner should be able to -
- Should be familiar with provisioning engine and its operational parameters and configuration.
- Should have understanding about workflow configuration which impact performance of provisioning
engine.
- Should be familiar with various OOB connector to connect targets to create/modify/delete account
resources.

After completing this module, the learner should be able to -

- Should able to think about importance of performance.
- Should have understanding about various performance improvement configurations in all IIQ
components like Identity Cube settings, workflow engine configuration, log level configuration,
aggregation parameters, understanding schedule load, compressing web contents etc..
- Should be able think of capacity planning and sizing based on varies parameters like no. of
users/resources/application/network bandwidth.
- Need to be familiar with common pitfalls on IAM design and implementations.

After completing this module, the learner should be able to -

- Should be familiar with various OOB capabilities offered by IIQ to control access on IIQ
components/process.
- Should be familiar with defining IIQ administrator/auditor/end-users/managers roles based
capabilities.
- It is good to have knowledge about creating custom capabilities.

tool & application server, DB scheme setup and configuration.

- Should be familiar with concepts of Identity Cube, Identity mapping configuration, application
onboarding, connectors, aggregation and reconciliation.
- Should be familiar application onboarding, account aggregation, account correlation and OOB
connectors including logical grouping and multiplex concepts.
- Should be able to demonstrate Identity IQ access policies, role based SOD policies and account
specific policies on onboarding and rule based policies to have better control on granting access,
onboarding and event triggering (alert).
- Should be able to demonstrate Identity IQ certification process and how does it meet an organization
regulatory compliance requirements.
- Should be familiar with LCM components and its enablement in SailPoint IIQ system based on
demand.
- Should have good understanding about user access request management and manager/application
owner approval process and reminders.