ECC1200 Security Boot Camp

Da li želite da svoje znanje o zaštiti i bezbednosti Informacionih tehnologija stavite na viši nivo? Kroz naš dvonedeljni kurs saznajte šta hakeri koriste kako bi izvršili update kompjuterskih sistema, koje tehnike koriste za pronalaženje propusta u okviru bezbednosnih sistema, kao i kako da prepoznate i unapredite znanje ključnih 8 domena koji su predstavljeni po CBK-u CISSP sertifikaciji.

U prvoj nedelji kursa, fokus je na Cyber security principles-u, dok je druga nedelja obuke posvećena ključnim domenima CISSP sertifikacije.

ECC01 Cyber security principles

L200 Certified Information Systems Security Professional (CISSP)

Trajanje: 2 nedelje/ 09:00 do 17:00h

Cena: 1900€ 

Ovaj kurs možete pohađati online(?)     

Predavač

Predavač angažovan za kurseve informatičke bezbednosti je gospodin Boris Gigović, sertifikovan CISSP-SSCP-CEHv9-Security+. Boris je ujedno jedini ovlašćeni (ISC)² predavač (Authorized (ISC)² Instructor) na teritoriji naše zemlje i deo je elitne zajednice koja poseduje ovu prestižnu sertifikaciju. On poseduje i druge sertifikacije zvaničnog statusa predavača, iz oblasti bezbednosti i drugih (EC-Council Instructor, MCT, CCI...)

Boris je angažovan na raznim bezbednosnim projektima u našoj zemlji i inostranstvu, poseduje ogromno praktično znanje i broji preko 80 uspešno realizovanih kurseva (+650 polaznika) na temu informatičke bezbednosti. Pored predavanja, Boris je angažovan od strane stranih firmi kao SME (Subject Matter Expert) za dizajn novih rešenja u oblasti edukacije i konsaltinga. On je ujedno i osnivač naše kompanije

 

Poželjno predznanje: 
  • Preporučeno je da polaznici budu sertifikovani Network+ ili Security+ ili da imaju jednako iskustvo za pohađanje CISSP obuke.
  • Preporučeno je da polaznik poseduje jednu ili više od navedenih sertifikacija (ili odgovarajuće iskustvo): MCSE, MCTS, MCITP, SCNP, CCNP, RHCE, LCE, CNE, SSCP, GIAC, CISA, ili CISM.

Sledeći polasci:

Beograd
03.04.2017
Virtuelna učionica
03.04.2017
Plan obuke : 

ECC01 Cyber security principles

Module 1: Fundamentals of information security management

This module helps participants understand the key concepts of information security, as well as key terminology that will be used throughout the course.

Module 2: Networking architecture

This module presents the core networking concepts, such as a conceptual view of the information flow frameworks, types of networks, as well as devices that can be found on networks.

Module 3: Network-based attacks

This module discusses major attacks that can be accomplished while the information is in transit. It presents different offensive techniques to gather data from computers, and establish active connections allowing intruders to monitor sessions.

Module 4: Securing a network infrastructure

This module discusses the technology used to harden security at the network level, essentially defensive techniques and countermeasures to block or delay attacks at the network.

Module 5: Authentication and access control mechanisms

This module helps participants understand how security works upon authenticating to different system. We explore the authentication frameworks, and discuss how these are used to identify uniqueness in user accounts to permit certain types of access.

Module 6: Password-based attacks

This module allows an understanding of the attack techniques over logins and authentication mechanisms. We discover how passwords can be found, cracked, and used as replay to infiltrate networks under a spoofed identity.

Module 7: Malware types

This module discovers the common types of malware programs which objectives are to interrupt the proper functioning of a system. Terms such as spyware, adware, viruses, and worms will be explained.

Module 8: Computer systems security

This module deals with key information on how to secure deskops and servers. It provides an insight at the way a system can be hardened to reduce the surface of attack.

Module 9: Public key infrastructure

This module explains an extremely powerful way to defend against several types of attacks that can occur at the network or computer level. We explore the PKI, a set of technologies reinforcing security globally on the network, as long as it is properly used.

Module 10: Web-based attacks

In this module, we explore different types of attacks targeting Web applications and servers. We will understand the differences between several attack types, such as cross-site scripting or SQL injection.

Module 11: Systems and resources discovery

This module explains how it is possible to find and identify key resources (operating systems, applications, etc.) used to provide a proper insight at a target network. Multiple tools to scan and automate the process will be seen.

Module 12: Network scanning

This module explain how an attacker can perform discovery of running services as well as ports on a computer system. Tools performing network scanning will be used to show how relatively easy it is to launch a network scan, and collect several useful information regardint the security posture of a network ad its running processes.

Module 13: Privilege escalation techniques

This module helps participants discover how an attacker can increase a given set of privileges to become a superuser on a target system, and then execute malicious programs to keep control of the system, and execute its own programs.

Module 14: Social-based exploitation techniques

Attacking humans instead of computers is a technique that is commonly used to find out key information on a computer system, network, or even the company itself. Several ways to perform social engineering will be discovered in this module.

Module 15: Data hiding and trails masquerading

It is possible to hide data on a remote system upon taking over it. This step is critical in order to avoid presence in log files, or to help in identification of the attackers' source. This module explains how attackers proceed with tempering with the integrity of a system to inject their own programs, and cover tracks on a system they are owning.

Module 16: Cyberattacks detection and reporting

This module presents ways to understand a cyberattack has taken place, and ways to efficiently manage, collect information about it and report it.

L200 Certified Information Systems Security Professional (CISSP)

Lesson 1: Security and Risk Management

  • Security Governance Principles
  • Compliance
  • Professional Ethics
  • Security Documentation
  • Risk Management
  • Threat Modeling
  • Business Continuity Plan Fundamentals
  • Acquisition Strategy and Practice
  • Personnel Security Policies
  • Security Awareness and Training

Lesson 2: Asset Security

  • Asset Classification
  • Privacy Protection
  • Asset Retention
  • Data Security Controls
  • Secure Data Handling

Lesson 3: Security Engineering

  • Security in the Engineering Lifecycle
  • System Component Security
  • Security Models
  • Controls and Countermeasures in Enterprise Security
  • Information System Security Capabilities
  • Design and Architecture Vulnerability Mitigation
  • Vulnerability Mitigation in Embedded, Mobile, and Web-Based Systems
  • Cryptography Concepts
  • Cryptography Techniques
  • Site and Facility Design for Physical Security
  • Physical Security Implementation in Sites and Facilities

Lesson 4: Communications and Network Security

  • Network Protocol Security
  • Network Components Security
  • Communication Channel Security
  • Network Attack Mitigation

Lesson 5: Identity and Access Management

  • Physical and Logical Access Control
  • Identification, Authentication, and Authorization
  • Identity as a Service
  • Authorization Mechanisms
  • Access Control Attack Mitigation

Lesson 6: Security Assessment and Testing

  • System Security Control Testing
  • Software Security Control Testing
  • Security Process Data Collection
  • Audits

Lesson 7: Security Operations

  • Security Operations Concepts
  • Physical Security
  • Personnel Security
  • Logging and Monitoring
  • Preventative Measures
  • Resource Provisioning and Protection
  • Patch and Vulnerability Management
  • Change Management
  • Incident Response
  • Investigations
  • Disaster Recovery Planning
  • Disaster Recovery Strategies
  • Disaster Recovery Implementation

Lesson 8: Software Development Security

  • Security Principles in the System Lifecycle
  • Security Principles in the Software Development Lifecycle
  • Database Security in Software Development
  • Security Controls in the Development Environment
  • Software Security Effectiveness Assessment