Cybersecurity and Ethical Hacking – Course Content

Course Objective:
This course is designed to teach student cybersecurity and ethical hacking from the very ground up.
Course will introduce students to both offensive and defensive security.

Course Content:
Module 1: CIA Triad basics, Data State:
Information RISK MANAGEMENT
• Risk Management
• Risk Assessment
• Identify and Valuate Assets
• Identify Threats and Vulnerabilities

Risk Analysis

• Qualitative
• Quantitative

Risk Mitigation/Response

• Reduce (Mitigate)
• Transfer
• Accept /Reject
• Avoid

Risk Monitoring

• Risk is for the entire life

• Risk frameworks

Three main types of controls:

• Technical (Logical)
• Administrative
• Physical
Module 2. Data Communication Network:
• The OSI model and its use in data communication network
• IP Address, Physical Address, Port Address
• LAN, MAN, WAN
• Internet Infrastructure
• Routers, Switches, Firewall, Load Balancer, DNS, Proxy Server

Module 3: Identity and Access Management (IAM)

Manage identification and authentication of people, devices, and services

• Control physical and logical access to assets

• Identity Management (IdM) implementation
• Single/Multi-Factor Authentication (MFA)
• Accountability
• Session management
• Registration, proofing, and establishment of identity
• Federated Identity Management (FIM)
• Credential management systems
• Single Sign On (SSO)
• Just-In-Time (JIT)

Federated identity with a third-party service

• On-premises
• Cloud
• Hybrid

Implement and manage authorization mechanisms

• Role Based Access Control (RBAC)

• Rule based access control
• Mandatory Access Control (MAC)
• Discretionary Access Control (DAC)
• Attribute Based Access Control (ABAC)
Module 4: Asset Security
Identify and classify information and assets.

• Data classification & Asset Classification

Provision resources securely

• Information and asset ownership

• Asset inventory (e.g., tangible, intangible)
• Asset management

Manage data lifecycle.

• Data roles (i.e., owners, controllers, custodians, processors, users/subjects)

• Data collection
• Data location
• Data maintenance
• Data retention
• Data remanence
• Data destruction

Module 5: Security Architecture and Engineering

implement and manage engineering processes using secure design principles

• Threat modeling
• Least privilege
• Defense in depth
• Secure defaults
• Fail securely
• Separation of Duties (SoD)
• Zero Trust
• Privacy by design
• Trust but verify
• Shared responsibility

Module 5: Cryptography
• Cryptographic life cycle (e.g., keys, algorithm selection)
• Cryptographic methods (e.g., symmetric, asymmetric)
• Public Key Infrastructure (PKI)
 • Key management practices
• Digital signatures and digital certificates
• Non-repudiation
• Integrity (e.g., hashing)

Module 6: Security Operations

Conduct logging and monitoring activities

• Intrusion detection and prevention

• Security Information and Event Management (SIEM)
• Continuous monitoring
• Egress monitoring
• Log management
• Threat intelligence (e.g., threat feeds, threat hunting)
• User and Entity Behavior Analytics (UEBA)

Apply foundational security operations concepts

• Need-to-know/least privilege
• Separation of Duties (SoD) and responsibilities
• Privileged account management
• Job rotation
• Service Level Agreements (SLAs)

Apply resource protection

• Media management
• Media protection techniques

Conduct incident management

• Detection
• Response
• Mitigation
• Reporting
• Recovery
• Remediation
• Lessons learned

Operate and maintain detective and preventative measures

• Firewalls (e.g., next generation, web application, network)

 • Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS)
• Whitelisting/blacklisting
• Third-party provided security services
• Sandboxing
• Honeypots/honeynets
• Attack Types
• Machine learning and Artificial Intelligence (AI) based tools

Address personnel safety and security concerns

• Travel
• Security training and awareness
• Emergency management
• Duress

Module 7: Cloud-Based Systems

Basic Concepts of Cloud Computing

• Computer Network Basics.

• Concepts of Distributed Systems.
• Concepts of Cloud Computing and its Necessity.
• Cloud Service Providers in use and their Significance.

Cloud Infrastructure

• Cloud Pros and Cons.

• Cloud Delivery Models.
• Cloud Deployment Models.

Cloud Storage Management

• Concept of Virtualization and Load Balancing.

• Overview on Virtualization used for Enterprise Solutions.
• Key Challenges in managing Information.
• Identifying the problems of scale and management in big data.

Cloud Security

• Infrastructure Security
• Network level security, Host level security, Application-level security.
• Data privacy and security Issues.
• Access Control and Authentication in cloud computing.
Module 8: Understanding Software Development Life Cycle (SDLC)
• Development methodologies (e.g., Agile, Waterfall, DevOps,)
• Maturity models (e.g., Capability Maturity Model (CMM), Software Assurance Maturity Model
SAMM)
• Security weaknesses and vulnerabilities at the source-code level
• Security of Application Programming Interfaces (APIs)
• Secure coding practices
• Software-defined security
•

Module 9: Introduction to Ethical Hacking

• Cover the fundamentals of key issues in the information security world, including the basics of
ethical hacking, information security controls, relevant laws, and standard procedures.

Foot Printing and Reconnaissance

• Learn how to use the latest techniques and tools to perform foot printing and reconnaissance, a
critical pre-attack phase of the ethical hacking process

Scanning Networks

• Learn different network scanning techniques and countermeasures.

Social Engineering

• Learn social engineering concepts and techniques, including how to identify theft attempts,
audit human-level vulnerabilities, and suggest social engineering countermeasures.

Denial-of-Service

• Learn about different Denial of Service (DoS) and Distributed DoS (DDoS) attack techniques, as
well as the tools used to audit a target and devise DoS and DDoS countermeasures and
protections

SQL Injection

• Learn about SQL injection attacks, evasion techniques, and SQL injection countermeasures.
• OWASP top 10.

*****************************