Understanding the concepts of Confidentiality, Integrity, and Availability. Evaluation and application of security, Development, and Implementation of security policy. Security function and business strategy
Organizational goal, mission, and objectives, Security controls frameworks. Due care and Due diligence concepts.
Understanding of Threat modelling and methodologies.
Personnel security policies and procedures, Risk management concepts. Risk terminology, identification of threat and vulnerabilities, Risk assessment and analysis. Security awareness training
Business continuity planning, project scope and planning. Business impact assessment, resources prioritization, plan approval and documentation.
Laws, Regulation, and Compliance, Categories of laws, Computer crime, privacy, intellectual property
Identification and classification of assets, understanding data states, handling of information assets and Data protection.
Protection of security Assets. Classification of assets, Sensitive data, Data security controls. Assets ownership and data protection. Security baselines, Scoping and Tailoring.
Cryptography and Symmetric Algorithms. Symmetric Cryptography, Data encryption standard, Symmetric key management, Cryptography lifecycle
Public Key Infrastructure and Cryptographic Application, Asymmetric Cryptography, Hash function, Digital Signatures, Portable devices, Networking, etc.
Security Models, Design, and capability, secured design principles, concept of Objects and Subjects.
Closed and opened systems, concepts of security model, Trusted Computing base, State Machine Model, Take-Grant model, Access Control Matrix, Security Access Models, Virtualization, Interfaces and Fault tolerance etc.
Security Vulnerabilities, Threat and Countermeasures, Mitigation of Security Vulnerabilities, Data base system security, Data Analytics, Distributed systems and Endpoint Security, Cloud and Cloud base system and computing, Internet of things, Architectural flaws, and security issues.
Physical security requirement, Site facilities and security controls, Utilities and HVAC, Fire detection, prevention, and suppression.
Network architecture and component, OSI model, TCP/IP models, wireless network and network topology, wireless communications, and security.
Communication and Network Attacks, Voice over Internet protocol, social engineering, email security issues, Remote Access Security Management, Virtual Private Network, Network Address Translation, Automatic Private IP Addressing, switching technologies, WAN technologies, Prevention and Mitigation of Network attacks, Address Resolution Protocol Spoofing DNS poisoning, DNS hijacking .
Identity and Authentication Management, Authentication and Accountability, Smartcards and Token, Biometrics, Single Sign-on, Credential Management, AAA Protocols, Access Provisioning Lifecycle.
Controlling and Monitoring Access, Assess Control Models, Understanding Access Control Attacks
Defense in Depth, Risk element etc.
Security Assessment and Testing, performing vulnerability assessment, code review and testing, interfacing, website monitoring, backup verification, Key performance, and Risk indicators.
Security operation concept. Need -to-know and Least Privilege concepts, Service Level Agreement, Change management, Configuration Managements, Patch Management, vulnerabilities, and exposures.
Managing Incident Response, Implementing Detection and Prevention Measures, Intrusion detection and Prevention systems, Auditing of Access effectiveness, etc.
Disaster Recovery Planning, System Resilience and fault tolerance, Recovery strategy, Crisis management, Backup and offsite storage, software Escrow arrangement, Testing and maintenance, etc.
Investigation and documentation of computer crime, type of attacks, Investigation process etc.
Software development, system development controls, Gantt Chart and PERT, DevOps approach, Programming interfaces, Databases and Data Warehousing, Database Transactions, Knowledge bas systems, Neural Networks, Security Applications etc.
Malicious Code and Application Attacks, logic bombs, worm, spyware, password attacks, dictionary attacks, social engineering, Countermeasures, Buffer Overflows, web application security, cross-site scripting, SQL injection, Reconnaissance attacks, IP spoofing, Session hijacking etc.