2. Security Strategies in Linux Platforms and Applications

3. Security Strategies in MAC and Unix Platforms and Applications

4. Network Attacks and Defense Strategies

5. Technical and Administrative Network Security

6. l Network Security6. Network Perimeter Security

7. Endpoint Security- for different operating systems

8. Windows Systems9. Network Traffic Monitoring and Analysis

10. Network Logs Monitoring and Analysis

11. Business Continuity and Disaster Recovery

After completing this module, you will be able to achieve these certifications

• CompTIA: Security+ - A foundational certification covering server and endpoint security concepts.
• (ISC)²: Systems Security Certified Practitioner (SSCP) - Validates expertise in securing and administering server and endpoint systems.
• Microsoft: Microsoft Certified Azure Security Engineer Associate - Specializes in securing Microsoft Azure cloud environments, including server and endpoint security considerations. (Note: Vendor-specific certification)
• Linux Professional Institute (LPIC): o LPIC-1 Linux Administrator - Provides fundamental Linux administration skills relevant to server security. o LPIC-3 Security - Focuses on advanced Linux security administration.
• Red Hat: Red Hat Certified System Administrator (RHCSA) - Specializes in Red Hat Enterprise Linux administration, including security aspects. (Note: Vendor specific certification)
• SANS Institute: Linux Security Fundamentals (SEC560) - Offers in-depth training on securing Linux operating systems.
• GIAC: GIAC Security Essentials (GSEC) - Covers general security principles applicable to server and endpoint security

1. Implement AAA on Cisco routers using local router database and external ACS

2. Explain the functions and importance of AAA

3. Describe the features of TACACS+ and RADIUS AAA protocols

4. Configure AAA authentication

5. Configure AAA authorization

6. Configure AAA accounting

7. Mitigate threats to Cisco routers and networks using ACLs

8. Explain the functionality of standard, extended, and named IP Access Control List used by routers to filter packets

9. Configure and verify IP ACLs to mitigate given threats (filter IP traffic destined for Telnet, SNMP, and DDoS attacks) in a network using CLI

10. Configure IP ACLs to prevent IP address spoofing using CLI

11. Discuss the caveats to be considered when building ACLs

12. Implement secure network management and reporting

13. Use CLI and SDM to configure SSH on Cisco routers to enable secured management access

14. Use CLI and SDM to configure Cisco routers to send Syslog messages to a Syslog server

15. Mitigate Common Layer 2 attacks

16. Describe how to prevent layer 2 attacks by configuring basic Catalyst switch security features

17. Implement the Cisco IOS firewall feature set using SDM

18. Describe the operational strengths and weaknesses of the different firewall technologies

19. Explain stately firewall operations and the function of the state table

20. Implement Zone Based Firewall using SDM

21. Implement the Cisco IOS IPS feature set using SDM

22. Define network based vs. host based intrusion detection and prevention

23. Explain IPS technologies, attack responses, and monitoring options

24. Enable and verify Cisco IOS IPS operations using SDM

25. Implement site-to-site VPNs on Cisco Routers using SDM

26. Explain the different methods used in cryptography

27. Explain IKE protocol functionality and phases

28. Describe the building blocks of IPSec and the security functions it provides

29. Configure and verify an IPSec site-to-site VPN with pre-shared key authentication using SDM

After completing this module, you will be able to achieve these certifications

1. Cisco: Cisco Certified Internetwork Expert (CCIE) Security - The pinnacle Cisco certification for network security expertise.

2. Juniper Networks:

• Juniper Networks Certified Security Specialist (JNCSS) - Provides fundamental network security knowledge.
• Juniper Networks Certified Security Professional (JNCSP) - Offers advanced network security skills for Juniper products.

3. Fortinet: Fortinet NSE 7 - FortiGate Security Administration - Specializes in managing Fortinet's FortiGate security firewalls. (Note: Vendor-specific certification)

4. CompTIA: Security+ - Covers general network security concepts and technologies.

5. (ISC)²: SSCP with Architecture concentration - Combines the SSCP core with network security architecture knowledge.

6. Check Point: Check Point Certified Security Expert (CCSE) - Validates expertise in securing Check Point security gateways. (Note: Vendor-specific certification)

7. Palo Alto Networks: Palo Alto Networks Certified Network Security Engineer (PAN - OS) - Specializes

Module Overview: Ethical Hacking, Countermeasures & VAPT is the world’s most advanced ethical hacking course covering 20 of the most important security domains any individual will need when they are planning to beef-up the information security posture of their organization. The course provides hacking techniques and tools used by hackers and information security professionals.

Topics Covered in Certificate Course in Ethical Hacking, Countermeasures & VAPT Module:

1. Information Security and Hacking Concepts

2. Hacking and Penetration Testing Methodologies

3. Penetration Testing Scoping and Engagement

4. Information Discovery and Reconnaissance

5. Scanning Targeted Systems

6. Enumeration Techniques

7. Vulnerability and Information Security Assessment

8. Penetration Testing to the Targeted System network Penetration Testing (External and Internal)

9. Open-Source Intelligence (OSINT)

10. Attack Operating Systems Vulnerabilities and Privilege Escalations

11. Web Servers Penetration Testing

12. Security Assessment and Penetration Testing of Web Applications

13. SQL Injection

14. Session Hijacking and Sniffing

15. Wireless threats and Security Testing

16. Denial-of-Service

17. Apply Evasion Techniques to IDS, Firewalls, Honeypots and Security Solutions

18. Penetration Testing Mobile Platforms

19. Penetration Testing IoT and OT Systems

20. Penetration Testing for Cloud Computing

21. Lab Exercise on Vulnerability Assessment and Penetration Testing in Given Scenario

22. Reporting on Vulnerability Assessment and Penetration Testing

After completing this module, you will be able to achieve these certifications.

• 1. EC-Council: Certified Ethical Hacker (CEH) - The industry standard for ethical hacking skills.
• 2. SANS Institute: Global Information Security Professional (GISP) - Broader security knowledge encompassing ethical hacking.
• 3. Offensive Security: Offensive Security Certified Professional (OSCP) - Hands-on penetration testing skills focus
• 4. CompTIA: PenTest+ - Foundation for penetration testing methodologies. Security+
• 5. (ISC)²: Certified Secure Incident Analyst (CSIS) - Incident response skills with ethical hacking application.
• 6. eLearnSecurity: Certified Ethical Hacker (eCH) - Comprehensive online training for ethical hacking mastery.
• 7. (!EXIN**)**: Certified Ethical Hacker Professional (CEH) (Note: Not to be confused with EC-Council CEH) - Offers another route to ethical hacking certification.

Module Overview: The Information Systems Auditing demonstrates proficiency in information systems audit and is highly sought after by both professionals and employers alike. Gaining this internationally - recognized qualification will increase recognition in the marketplace and build your influence in the workplace. This Information Systems Auditing course will prepare participants to undertake Information Systems Auditing Assignment

Topics Covered in Certificate Course in Certificate Course in Information Systems Auditing Module: 

1. The Process of Auditing Information Systems

•  IT Audit and Assurance Standards, Guidelines and Tools and Techniques, Code of Professional Ethics and other applicable standards.
• Risk assessment concepts, tools and techniques in an audit context. 
• Control objectives and controls related to information systems. 
• Audit planning and audit project management techniques, including follow-up. 
• Fundamental business processes, including relevant IT. 
• Applicable laws and regulations which affect the scope, evidence collection and preservation, and frequency of audits. 
• Evidence collection techniques used to gather, protect and preserve audit evidence. 
• Sampling methodologies. 
• Reporting and communication techniques. 
• Audit quality assurance systems and frameworks.

2. Governance and Management of IT 

• IT governance, management, security and control frameworks, and related standards, guidelines, and practices. 
• The purpose of IT strategy, policies, standards and procedures for an organization and the essential elements of each.
• Organizational structure, roles and responsibilities related to IT. 
• Processes for the development, implementation and maintenance of IT strategy, policies, standards and procedures. 
• Organization's technology direction and IT architecture and their implications for setting long-term strategic directions. 
• Relevant laws, regulations and industry standards affecting the organization. 
• Quality management systems. 
• Maturity models. 
• Process optimization techniques. 
• IT resource investment and allocation practices, including prioritization criteria. 
• IT supplier selection, contract management, relationship management and performance monitoring processes including third party outsourcing relationships.
• Enterprise risk management. 
• Monitoring and reporting of IT performance. 
• IT human resources (personnel) management practices used to invoke the business continuity plan. 
• Business impact analysis (BIA) related to business continuity planning. 
• The standards and procedures for the development and maintenance of the business continuity plan and testing methods.

3. Information Systems Acquisition, Development, and Implementation 

• Benefits realization practices. 
• Project governance mechanisms. 
• Project management control frameworks, practices and tools. 
• Risk management practices applied to projects. 
• IT architecture related to data, applications and technology. 
• Acquisition practices. 
• Analysis and management practices. 
• Analysis and management practices. 
• Project success criteria and risks. 
• Control objectives and techniques that ensure the completeness, accuracy, validity and authorization of transactions and data. 
• System development methodologies and tools including their strengths and weaknesses. 
• Testing methodologies and practices related to information systems development. 
• Configuration and release management relating to the development of information systems. 
• System migration and infrastructure deployment practices and data conversion tools, techniques and procedures. 
• Post-implementation review objectives and practices.

4. Information Systems Operations, Maintenance and Support 

• Service level management practices and the components within a service level agreement.
• Techniques for monitoring third party compliance with the organization's internal controls. 
• Operations and end-user procedures for managing scheduled and non-scheduled processes. 
• Technology concepts related to hardware and network components, system software and database management systems. 
• Control techniques that ensure the integrity of system interfaces. 
• Software licensing and inventory practices. 
• System resiliency tools and techniques. 
• Database administration practices. 
• Capacity planning and related monitoring tools and techniques. 
• Systems performance monitoring processes, tools and techniques. 
• Problem and incident management practices. 
• Processes, for managing scheduled and non-scheduled changes to the production systems and/or infrastructure including change, configuration, release and patch management practices. 
• Data backup, storage, maintenance, retention and restoration practices. 
• Regulatory, legal, contractual and insurance issues related to disaster recovery.
• Business impact analysis (BIA) related to disaster recovery planning. 
• Development and maintenance of disaster recovery plans.
• Alternate processing sites and methods used to monitor the contractual agreements. 
• Processes used to invoke the disaster recovery plans. 
• Disaster recovery testing methods.

5. Protection of Information Assets 

• Techniques for the design, implementation, and monitoring of security controls, including security awareness programs.
• Processes related to monitoring and responding to security incidents. 
• Logical access controls for the identification, authentication and restriction of users to authorized functions and data.
• Security controls related to hardware, system software, and database management systems. 
• Risks and controls associated with virtualization of systems.
• Configuration, implementation, operation and maintenance of network security controls.
• Network and Internet security devices, protocols, and techniques. 
• Information system attack methods and techniques. 
• Detection tools and control techniques. 
• Security testing techniques. 
• Risks and controls associated with data leakage. 
• Encryption-related techniques. 
• Public key infrastructure (PKI) components and digital signature techniques. 
• Risks and controls associated with peer-to-peer computing, instant messaging, and web-based technologies. 
• Controls and risks associated with the use of mobile & wireless devices. 
• Voice communications security. 
• Evidence preservation techniques and processes followed in forensics investigations. 
• Data classification standards and supporting procedures. 
• Physical access controls for the identification, authentication and restriction of users to authorized facilities. 
• Environmental protection devices and supporting practices. 
• Processes and procedures used to store, retrieve, transport and dispose of confidential information assets.
• Information Systems Audit Case Study and Reporting 

After completing this module, you will be able to achieve these certifications

1. ISACA: Certified Information Systems Auditor (CISA) - The go-to certification for information systems auditing.

2. (ISC)²: Certified Information Systems Security Professional (CISSP) - Covers information security auditing as a core domain.

3. Institute of Internal Auditors (IIA): Certified Internal Auditor (CIA) - Broader auditing skills applicable to information systems.

4. ISACA: Certified in Risk and Information Systems Control (CRISC) - Focuses on risk management within information systems auditing.

5. IT Governance: Certified Governance of IT (CGIT) - Governs IT management frameworks relevant to information systems auditing.

6. The IIA: Certified Government Auditing Professional (CGAP) - Specializes in auditing government information systems. (Note: May require additional qualifications)

7. ISACA: Certified Information Systems Security Professional - Audit (CISA-Q) - Specialization within the CISA certification focused on security auditing.

1. Software Security Concepts
2. Software Security Requirements
3. Software Security Architecture and Design
4. Secure Software Implementation
5. Secure Software Testing
6. Secure Software Lifecycle and Supply Chain Management
7. Secure Software Deployment, Operations, Maintenance

After completing this module, you will be able to achieve these certifications

1. SANS Institute: Secure Coding (SEC560) - Teaches secure coding practices to prevent vulnerabilities in applications.

2. OWASP: 

• Certified Secure Coder (CSC) - Validates coding skills for secure software development. 
• Certified Web Application Security Professional (CWASP) - Specializes in securing web applications.

3. (ISC)²: Certified Secure Software Developer (CSSD) - Broad certification for secure software development lifecycle (SDLC).

4. SQA: Certified Application Security Engineer (CASE) - Covers advanced application security testing and analysis.

5. Microsoft: Microsoft Certified Azure Security Engineer Associate - Includes application security considerations within the Azure cloud platform. (Note: Vendor-specific certification)

6. Cloud Security Alliance (CSA): Certificate of Cloud Security Knowledge - Specialty in Cloud Application Security (CCSKa) - Focuses on securing applications in the cloud.