Manage Your Computer Security Better
If you want to keep your computer software and hardware secure; you need to learn not only how to react to security threats - you must also condition yourself to react fast, before a threat takes hold and gets worse.
Owning a reference book; or having attended a conference lecture on cyber-security, simply does not do the job
Studying this course is a far better response to a problem that is increasingly important.
COURSE CONTENT
This course is broken into eleven lessons as below:
1. Introduction to Cyber Security and cyber attacks/defences
- Importance of cybersecurity
- Threats - passive attacks, active attacks
- Common types of attacks - injection, phishing, denial of Service, malware, spoofing, man in the middle, network attacks
- Layered approach to defense
- Physical security
- Software and Operating System Security, Network security
2. Vulnerability Assessment
- Assessing vulnerabilities
- Security posture
- Performing vulnerability assessment - 5 steps
- Identifying and classifying assets
- Threats and risk assessment
- Baseline reporting
- Penetration testing - techniques, penetration testing versus vulnerability assessment
3. Securing the facilities and networks
- Securing a data centre
- Securing the network
- Hardware level
- Software PC, Device level
4. Securing your online digital footprint
- Digital footprints
- Social media
- Web browsing
- Devices used
- Managing digital footprint
- Protecting user reputation
- Sharing personal information
- Preserving freedoms
- Preventing financial; losses
- Privacy risks
- Developing better online habits
- Investigating default settings
- Using privacy enhancing tools
5. Internet Security and Digital Certificates
- Digital certificates
- Digital signatures
- Digital rights management and Information rights management
- Electronic books and magazines
- Generating a digital certificate
- Exchanging and verifying a digital certificate
- Web browsing
- TLS and SSL
- Security issues
- Secure web browsing using https
6. Wireless Network Vulnerabilities, Attacks and Security
- Types of wireless data networks
- NFC and Bluetooth network attacks
- Wireless LAN attacks
- Network blurred edges
- Wireless data replay attacks
- Wireless DOS attacks
- Rogue access point
- Attacks on home LANs - war driving, war chalking
- Wireless security vulnerability and solutions
- IEEE wireless security vulnerabilities
7. Firewalls, IDS and IPS
- Types of firewall protection
- Packet filtering firewalls
- Application/proxy firewalls
- Hybrid firewalls
- Firewall limitations
- Formats and firewalls
- UTM appliance
- Intrusion detection systems
- Network intrusion systems
- Host based intrusion detection systems]
- Intrusion prevention systems
- Common detection methodologies
- Anomaly based IDPS
- Signature based IDPS
8. Cryptography
- Definition, terminology and characteristics
- Common cipher attacks
- Ciphertext only attacks
- Known plaintext attack
- Dictionary attack
- Bruit force attack
- Power analysis attack
- Fault analysis attack
- Cryptographical algorithms
- Symmetric encryption
- MAC function
- Asymmetric encryption
- Slipcovering keys
- Hash algorithms
9. Access Control and Authentication
- What is access control
- Definition, terminology
- Access control models - RBAC, RAC, HBAC
- Implementation - group policies, ACL, DACL, SACL
- Authentication and authorisation
- Securing and protecting passwords
- Multi factor authentication
10. Cyber attack Disaster Recovery strategies
- Five stage response
- Recovery planning
- Backup procedures
- cloud storage
- Monitoring and logging events
- Containment of attack
- Assessing damage
- Recovery procedures - system images SEO, restore data corruption
- Authorities tracking attackers
- Data ands security policies
11. Ongoing Security Management
- Managing security events - events monitoring
- Centralised versus Distributed data collection
- Being organised
- Understanding the workplace
- Security and decision making
- Division of responsibilities
- Time management
- Networking
- Attitude
- Products and services
- The law
Course Duration - 100 hours
LEARN TO MINIMISE CYBERSECURITY THREATS
The goal of defence in cyber security does not mean that your system will never be able to be penetrated, but it does give less chance of it happening and minimizing the risk. The concept is that you should have more than one type of defence in place to prevent compromise by an attack. Because there are many different ways a system can be exploited, having more than one type of tool to protect your system can cover the flaws of the others.
There are several layers of security which need to be addressed in order to protect your system; covering physical, software and network security.
There is a lot to learn in this course; but being able to be cybersecure is not just a matter of having the facts to refer to. Often there is just not enough time to refer to the facts before an issue becomes critical.
A cybersecurity expert will react faster because important issues have become second nature to their way of thinking. This is where a course like this can take you much further than just reading a book.
The course starts by strengthening your capacity to think automatically about vulnerability assessment, and to help you to understand:
- The importance of identifying and classifying assets based on the value they offer for an individual or a business
- The threats these assets are exposed to
- The risk factor of these threats.
You will also learn about the most common techniques and tools available for performing vulnerability assessments, and the main differences between vulnerability scanning and penetration testing.
Your awareness of other issues not only increases, but strengthens in your long term memory as you progress through the set tasks and assignments.
As you approach the end of the course, you learn about the concept of cryptography and its terminology:
- Data Integrity: to ensure the data has not been modified;
- Data Confidentiality: to ensure the data can only be accessed by authorized users;
- Authentication: to confirm the identity of the users. (i.e. a user is who they claim to be).
