✔ THE CERTIFIED ADVANTAGE
- Learn to perform essential cybersecurity functions.
- Address real-world cybersecurity issues and establish solutions.
- Become more efficient and effective with your cybersecurity responsibilities.
- Collaborate with a cybersecurity expert to build material to implement at your institution.
WHAT YOU WILL LEARN:
- Incident Response Procedures
- System Hardening
- Mobile Device Management
- Penetration and Vulnerability Testing
- Patch Management
- Social Engineering Testing
- Perimeter, Network, and Endpoint Security
- Data Backup and Replication
If session dates do not work for you, please contact the institute:
Email: firstname.lastname@example.org, Phone: (605)269-0909
If you are interested in being invoiced rather than paying online please use coupon: InvoiceMe
By purchasing this certification, you are hereby agreeing to the policies and procedures of the SBS Institute. Click HERE to read and review.
Module 1 – Information Security Program
Lecture 1 – Overview of Risk Management 1:52 hours
An overview of Information Security regulations from FFIEC, FDIC, OCC, and Federal Reserve. These resources help build a framework for an information security program that is based on a financial institutions size and complexity. Then we dive into understanding how this program is created based on a risk based approach, both asset based and organizational based risk assessments. Each element of the information security program is discussed in detail, which focus on risk assessment, policy development and it audit.
Lecture 2 – Incident Response Procedures 1:14 hours
The Incident Response Plan is a key element of the Information Security Program. We divide the discussion up into high level policy requirements, more detailed incident response planning steps, and finally specific procedures as the plan deems necessary. We leverage resources from NIST to build plan comments and focus on emerging cyberthreats such as DDOS, CATO, and Network Compromises.
Module 1 Quiz
Module 2 – Network Security
Lecture 1 – Network Security 1:23 hours
This section begins with a basic discussion around defense-in-depth security models or layered control programs. Gaining an understanding of how valuable they are and why they provided added protection. We then analyze the SANS (CIS) TOP 20 controls to build on ideas for layered control programs.
Lecture 2 – Vulnerability Testing 0:58 hours
This is a deeper dive into technical assessments such as Vulnerability Assessments, both internally and externally. We also explore the authenticated and unauthenticated models and show common vulnerabilities identified. The CVSS scoring system is analyzed to understand how vulnerabilities are rated by security experts on the 10 scale. Many different types of vulnerability assessment tools are discussed and the Nessus product is demonstrated. Next students get hands on experience conducting a lab MSBA and Nessus, to compare, contrast, and explore the results.
Module 2 Lab – Vulnerability Assessment (Nessus and Microsoft Security Baseline Analyzer)
Module 3 – Perimeter Security
Lecture 1 – Perimeter Security 0:53 hours
Defending the perimeter of the network is becoming increasingly more challenging in today’s world as we have more devices, connections, and vendors connecting into our systems. We discuss how to define and establish a network perimeter, from physical security to VPN connections. Knowing the perimeter is essential in protecting the network.
Lecture 2 – Penetration Testing 1:06 hours
A detailed comparison of penetration testing and vulnerability assessments is conducted to establish the different applications and value of each. Both assessments are essential tools for regular independent auditing but also for internal continuous monitoring. In Penetration Testing, we look to exploit known vulnerabilities to gain access, more real-world hacking techniques. A basic introduction is given to Kali Linux in the associated lab. They are required to setup a virtual software environment, download Kali, start it up and run some basic tools like NMAP and OpenVas. Detailed vulnerability exploitation is not conducted in this course but is done in the CBEH course.
Lecture 3 – Social Engineering Testing 0:30 hours
Social Engineering testing, such as phishing assessments, are sometimes bundled with Penetration Testing. We break them out in our discussion to ensure we understand each process unique. Most common methods of social engineering are discussed, including: phishing, physical impersonation, pretexting, unknown media, and dumpster diving. Social engineering is also discussed in both the context of regular independent auditing of people and for internal continuous monitoring and training purposes.
Module 3 Lab – External Network Scans using Kali
Module 4 – Endpoint Security
Lecture 1 – Endpoint Security 1:31 hours
Having now discussed network security and perimeter security, we move into the endpoint protection. Discussion covers many areas such as antimalware software, host based intrusion prevention, application whitelisting, password management, active directory, and many more.
Lecture 2 – Data Backup & Replication 0:57 hours
Data backups have changed significantly in recent years and many new methods of backups and replication are available. We start with discussion on backup tapes and tape rotations, then move into cloud backups, virtual machine replication, and snapshots. We discover advantages and disadvantages of various modules and highlight hot site, warm site, and cold site models for disaster recovery.
Module 4 Lab – Create bootable System Cleaning Toolkit
Module 5 – System Hardening
Lecture 1 – System Hardening 1:00 hours
System hardening can be a invaluable process within an organization which focuses on identifying default settings or security features that can be disabled, adjusted, or changed to decrease the attack surface of the organization and increase overall security. We discuss various hardening guidelines available in the industry but focus on those provided by CIS. Students will complete a hardening exercise where they pick a standard and look for those controls on their system or discussed how they would apply those controls and why.
Module 5 Lab – System hardening exercise using CIS Standards
Module 6 – Mobile Devices
Lecture 1 – Mobile Device Management 1:15 hours
Institutions are finding many ways to increase productivity and provide employees with more mobile solutions to conduct business. Customers are also demanding more products and services that deliver banking activities to mobile platforms. We discuss risks around mobile devices, basic security controls inherent in some devices, and how to automate security with mobile device management solutions. Much of the security knowledge discussed is also useful in education programs with customers around mobile device security.
Module 6 Quiz
Module 7 – Patch Management
Lecture 1 – Patch Management 1:06 hours
Many phishing attacks and malicious software attacks attempt to leverage vulnerabilities in software and hardware to further an attack. These vulnerabilities need to be patched or updated on systems regularly. We discussed different approaches to patch management, and testing patches. Patch management programs must expand beyond Microsoft to include all third party products, firewalls, routers, wireless devices, and more.
Module 7 Lab – Patch Management Exercise using Secunia PSI
Module 7 Assignment – CVSS Analysis Exercise
Comprehensive 100 Multiple Choice Exam
Your cart is empty