Curriculum
- 24 Sections
- 215 Lessons
- 12 Weeks
Expand all sectionsCollapse all sections
- Week 1Introduction to Risk and Security Management9
- 1.1Introduction to Risk Management60 Minutes
- 1.2Risk Identification and Classification
- 1.3Threats, Vulnerabilities, and Risk Exposure
- 1.4Risk Analysis (Qualitative & Quantitative)
- 1.5Risk Mitigation and Remediation Strategies
- 1.6Introduction to Security Management
- 1.7Security Policies, Standards, and Guidelines
- 1.8Role of Security in Business and IT
- 1.9Security Governance and Compliance
- Week 2Security Frameworks and Management Practices9
- 2.1Security Management Frameworks (ISO 27001, NIST, COBIT)60 Minutes
- 2.2Security Governance vs. IT Governance
- 2.3Security Policies and Procedures Development
- 2.4Security Awareness and Training Programs
- 2.5Role of Security Controls (Preventive, Detective, Corrective)
- 2.6Data Classification and Protection Methods
- 2.7Security Auditing and Monitoring Fundamentals
- 2.8Security Metrics and Performance Measurement
- 2.9Risk-Based Security Decision Making
- Week 3Identity and Authentication Mechanisms9
- 3.1Identification vs. Authentication vs. Authorization60 Minutes
- 3.2Multi-Factor Authentication (MFA) Concepts
- 3.3Biometrics and Behavioral Authentication
- 3.4Password Management Best Practices
- 3.5Single Sign-On (SSO) and Federation Technologies
- 3.6Identity Lifecycle Management (Provisioning & De-provisioning)
- 3.7Privileged Access Management (PAM)
- 3.8Authentication Attacks (Credential Stuffing, Phishing)
- 3.9Mitigation Techniques for Authentication Risks
- week 4Access Control Models and Techniques9
- 4.1Role-Based Access Control (RBAC) vs. Attribute-Based Access Control (ABAC)
- 4.2Discretionary Access Control (DAC) vs. Mandatory Access Control (MAC)
- 4.3Access Control Mechanisms (ACLs, Firewalls, Gateways)
- 4.4Least Privilege and Need-to-Know Principles
- 4.5Secure Identity and Access Management (IAM)
- 4.6Identity Federation and SAML
- 4.7Common Access Control Failures and Mitigations
- 4.8Zero Trust Security Model
- 4.9Case Studies in Access Control
- week 5Security Models and Evaluation9
- 5.1Security Models (Bell-LaPadula, Biba, Clark-Wilson)
- 5.2Information Flow Security Models
- 5.3Trusted Computing and Security Kernel Concepts
- 5.4Security Evaluation Criteria (Common Criteria, TCSEC, ITSEC)
- 5.5Secure System Development Lifecycle (SDLC)
- 5.6Certification and Accreditation Processes
- 5.7Protection Mechanisms (Sandboxing, Isolation)
- 5.8Formal Security Testing Methods
- 5.9Security by Design Principles
- week 6Operations Security and Monitoring9
- 6.1Operations Security (OPSEC) Concepts
- 6.2Secure System Administration Practices
- 6.3Security Logging and Event Monitoring (SIEM)
- 6.4Data Leakage Prevention (DLP) Strategies
- 6.5Patch and Change Management
- 6.6Insider Threat Detection and Prevention
- 6.7Security Automation and Orchestration
- 6.8Endpoint Security and Hardening Techniques
- 6.9Security in IT Service Management
- week 7Vulnerability Management and Penetration Testing9
- 7.1Introduction to Vulnerability Assessments
- 7.2Types of Vulnerability Scans (Network, Host, Application)
- 7.3Penetration Testing vs. Vulnerability Scanning
- 7.4Security Testing Tools and Techniques (Nmap, Nessus, Metasploit)
- 7.5Common Vulnerability Exploits and Attack Vectors
- 7.6Risk-Based Vulnerability Remediation Strategies
- 7.7Compliance and Vulnerability Reporting
- 7.8Red Team vs. Blue Team Exercises
- 7.9Best Practices for Continuous Vulnerability Management
- week 8Fundamentals of Cryptography9
- 8.1Introduction to Cryptography Concepts
- 8.2Symmetric vs. Asymmetric Cryptography
- 8.3Block Ciphers vs. Stream Ciphers
- 8.4Data Encryption Standard (DES) and Advanced Encryption Standard (AES)
- 8.5Cryptographic Hash Functions (SHA, MD5)
- 8.6Public Key Infrastructure (PKI) Basics
- 8.7Digital Signatures and Certificates
- 8.8Key Management Best Practices
- 8.9Real-World Applications of Cryptography
- week 9Cryptographic Protocols and Security Applications9
- 9.1Secure Communication Protocols (TLS, SSL)
- 9.2End-to-End Encryption in Messaging
- 9.3Key Exchange Mechanisms (Diffie-Hellman, RSA)
- 9.4Hashing Functions and Digital Integrity Verification
- 9.5Cryptographic Attacks (Birthday Attack, Man-in-the-Middle)
- 9.6Digital Rights Management (DRM) and Content Protection
- 9.7Cryptographic Implementations in Software Development
- 9.8Best Practices in Cryptographic Deployments
- 9.9Case Studies in Cryptography Failures
- week 10Network Security Basics9
- 10.1Network Security Architecture and Principles
- 10.2TCP/IP Model and Security Considerations
- 10.3Common Network Threats (Sniffing, Spoofing, DoS)
- 10.4Firewalls and Intrusion Detection Systems (IDS/IPS)
- 10.5Network Segmentation and Isolation Strategies
- 10.6Virtual Private Networks (VPNs)
- 10.7Secure Network Design
- 10.8Secure Configuration of Network Devices
- 10.9Best Practices for Network Hardening
- week 11Network Protocols and Secure Communication9
- 11.1Secure Network Protocols (HTTPS, IPsec, SSH)
- 11.2Wireless Security Protocols (WPA, WPA2, WPA3)
- 11.3Secure File Transfers (SFTP, FTPS)
- 11.4DNS Security and Protection Mechanisms
- 11.5Secure Remote Access and Telework Security
- 11.6Zero Trust Network Architecture (ZTNA)
- 11.7Common Network Misconfigurations and Risks
- 11.8Hardening Techniques for Network Infrastructure
- 11.9Secure SDN and Network Virtualization
- week 12Telephony, VPNs, and Wireless Security9
- 12.1VoIP Security Challenges and Solutions
- 12.2VPN Protocols and Secure Configurations
- 12.3Wireless Network Security Risks
- 12.4Mobile Device Security and Endpoint Protection
- 12.5Bluetooth and IoT Security Risks
- 12.6BYOD (Bring Your Own Device) Security Strategies
- 12.7Secure Mobile Application Development
- 12.8Endpoint Detection and Response (EDR)
- 12.9Mobile Security Incident Handling
- week 13Security Architecture and Attack Strategies9
- 13.1Security Architecture Design Best Practices
- 13.2Threat Modeling and Risk Assessment
- 13.3Web Application Security and OWASP Top 10
- 13.4SQL Injection, Cross-Site Scripting (XSS), CSRF Attacks
- 13.5API Security and Secure Coding Practices
- 13.6Cloud Security and Shared Responsibility Model
- 13.7Security in Microservices and Containers
- 13.8Case Studies in Enterprise Security Architecture
- 13.9Future Trends in Cybersecurity
- week 14Secure Software Development9
- 14.1Secure Software Development Lifecycle (SDLC)
- 14.2Secure Coding Guidelines and Best Practices
- 14.3Secure Software Testing Methodologies
- 14.4Software Patch Management and Code Review
- 14.5DevSecOps and CI/CD Pipeline Security
- 14.6Static and Dynamic Application Security Testing
- 14.7Reverse Engineering and Code Obfuscation
- 14.8Common Software Vulnerabilities and Exploits
- 14.8Secure Application Deployment Strategies
- week 15Database Security9
- 15.1Introduction to Database Security Concepts
- 15.2SQL Injection Attacks and Prevention Techniques
- 15.3Data Masking and Tokenization
- 15.4Database Encryption Best Practices
- 15.5Role-Based Access Control for Databases
- 15.6Database Activity Monitoring and Auditing
- 15.7Secure Database Backup and Recovery Strategies
- 15.8Compliance Standards for Database Security
- 15.8Case Studies in Database Breaches
- week 16Malware Analysis and Software Attacks9
- 16.1Types of Malware (Virus, Worm, Trojan, Ransomware)
- 16.2Malware Attack Lifecycle
- 16.3Common Malware Infection Vectors
- 16.4Rootkits and Advanced Persistent Threats (APTs)
- 16.5Endpoint Security and Anti-Malware Solutions
- 16.6Sandboxing and Malware Detonation Techniques
- 16.7Incident Response to Malware Attacks
- 16.8Threat Intelligence for Malware Defense
- 16.9Case Studies in Cyber Attacks
- week 17Business Continuity Planning (BCP) Fundamentals9
- 17.1Introduction to Business Continuity Planning (BCP)
- 17.2Business Impact Analysis (BIA) – Identifying Critical Assets
- 17.3Risk Assessment in Business Continuity
- 17.4Developing a Business Continuity Strategy
- 17.5Business Continuity Frameworks (ISO 22301, NIST 800-34)
- 17.6BCP Documentation and Policy Development
- 17.7Testing and Exercising Business Continuity Plans
- 17.8Crisis Communication and Public Relations During Disruptions
- 17.8Case Studies: Successful BCP Implementations
- week 18Disaster Recovery Planning (DRP) and Strategies9
- 18.1Introduction to Disaster Recovery (DR) Planning
- 18.2Key Differences Between BCP and DRP
- 18.3Disaster Recovery Risk Assessment and Planning
- 18.4Disaster Recovery Site Selection (Hot, Warm, Cold Sites)
- 18.5Data Backup and Recovery Strategies (RAID, Snapshots, Cloud Backups)
- 18.6High Availability (HA) and Redundancy Strategies
- 18.7DR Testing, Drills, and Failover Testing
- 18.8Compliance Requirements for DRP (ISO, NIST, HIPAA, GDPR)
- 18.8Disaster Recovery Case Studies (Failures & Lessons Learned)
- week 19Incident Response and Cybersecurity Operations9
- 19.1Introduction to Incident Response (IR)
- 19.2Incident Response Frameworks (NIST 800-61, SANS)
- 19.3Phases of Incident Response (Preparation, Detection, Containment, Eradication, Recovery, Lessons Learned)
- 19.4Incident Handling Procedures for Cybersecurity Events
- 19.5Incident Escalation and Communication Plans
- 19.6Playbooks for Common Security Incidents (Phishing, Malware, Insider Threats)
- 19.7Security Operations Center (SOC) and Its Role in IR
- 19.8Forensic Data Collection in Incident Handling
- 19.9Tools and Techniques for Incident Detection and Response
- week 20Digital Forensics and Evidence Collection9
- 20.1Introduction to Digital Forensics
- 20.2Digital Evidence Collection and Chain of Custody
- 20.3Forensic Analysis of File Systems and Memory
- 20.4Network Forensics and Packet Analysis
- 20.5Malware Analysis in Digital Forensics
- 20.6Cloud Forensics and Challenges in Cloud Environments
- 20.7Mobile Device Forensics and Data Extraction
- 20.8Legal and Ethical Considerations in Digital Forensics
- 20.9Case Studies: High-Profile Digital Forensic Investigations
- week 21Cybersecurity Laws and Regulatory Compliance9
- 21.1Introduction to Cybersecurity Laws and Regulations
- 21.2General Data Protection Regulation (GDPR)
- 21.3Health Insurance Portability and Accountability Act (HIPAA)
- 21.4Payment Card Industry Data Security Standard (PCI DSS)
- 21.5Cybersecurity Compliance for Financial Institutions (SOX, GLBA)
- 21.6National and International Cybersecurity Frameworks (NIST, ISO, CIS)
- 21.7Legal Responsibilities of Organizations in Data Breaches
- 21.8Industry-Specific Regulations and Compliance Challenges
- 21.9Case Studies: Compliance Violations and Consequences
- week 22Cybersecurity Ethics and Professional Responsibilities9
- 22.1Introduction to Cybersecurity Ethics
- 22.2Ethical Hacking and Penetration Testing Ethics
- 22.3Privacy Rights and Responsibilities in Cybersecurity
- 22.4Intellectual Property Rights in Cybersecurity
- 22.5Ethical Considerations in AI and Cybersecurity
- 22.6Responsibilities of Cybersecurity Professionals (ISC2, ISACA Codes of Ethics)
- 22.7Whistleblowing and Ethical Decision-Making in Security
- 22.8Cybersecurity Ethics in Law Enforcement and Government
- 22.9Case Studies: Ethical Dilemmas in Cybersecurity
- week 23Emerging Threats and Future Trends in Cybersecurity9
- 23.1Current Cybersecurity Threat Landscape
- 23.2Ransomware Trends and Mitigation Strategies
- 23.3Advanced Persistent Threats (APTs) and Nation-State Attacks
- 23.4The Role of Artificial Intelligence (AI) in Cybersecurity
- 23.5Cybersecurity in the Internet of Things (IoT)
- 23.6Blockchain Security and Decentralized Identity
- 23.7Quantum Computing and Cryptographic Challenges
- 23.8Cybersecurity Skills Gap and Career Development
- 23.9Future of Cybersecurity: Predictions and Innovations
- week 24Final Assessment, Case Studies, and Capstone Project8
- 24.1Review of Key Topics from the Course
- 24.2Case Studies on Cybersecurity Incidents and Responses
- 24.3Conducting a Mock Incident Response Drill
- 24.4Ethical Hacking and Penetration Testing Exercise
- 24.5Developing a Personal Cybersecurity Strategy
- 24.6Group Discussions on Emerging Cyber Threats
- 24.7Capstone Project: Designing a Secure Enterprise Architecture
- 24.8Final Assessment and Certification Preparation