1 Introduction
- Concepts and Definitions
- Difference between IT Security, Information Security and Cyber Security
- Assets, Threats & Vulnerabilities
- Likelihood, Consequence and Impact
- Inherent Risk, Current Risk and Residual Risk
- Cyber Security Strategy
- Supporting Business Goals and Objectives
- Cyber Security Policy Framework
- Awareness, Training and Education
2 Risk Management
- Risk Management Concepts and Definitions
- Risk Avoidance, Mitigation, Transfer and Acceptance
- Risk Appetite and Risk Tolerance
- Threats and Opportunities
- Assessing the current threat landscape
- Advanced Persistent Threats
- Bring Your Own Device or Technologies
- The Internet of Things
- Insourcing and Outsourcing
- Controls and Enablers
- Business Impact Analysis
3 Security Architecture
- The key role of security architecture
- Concepts and Definitions
- Security Architecture Frameworks
- Security Architecture Design Principles
- Service Models
- In-sourcing
- Managed Services
- Cloud Services
- OSI and TCP/IP Models
- Cryptography
- Symmetric, Asymmetric and Hashing Algorithms
- Non-Repudiation
- Real-world Use Cases
4 Implementing Security
- Network Security
- Routers, switches, firewalls, intrusion detection and prevention
- Endpoint Security
- Servers, desktop systems, laptops, tablets and mobile devices
- Application Security
- Software Development Lifecycle
- OWASP Top 10
- Web Application Firewall
- Data Security
- Data owners, data classification, labelling
- Access control
- Data governance and lifecycle
- Data remanence
5 Business Continuity and Disaster Recovery Planning
- Business Continuity Planning
- Disaster Recovery Planning
- BCP/DRP Training and Awareness
- Testing and Maintenance of the BCP/DRP
- Security Assurance
- Vulnerability Assessments and Penetration Testing
- Minimum Security Baselines
6 Incident Response
- Detection
- Auditing, logging and security technologies
- Security Information and Event Management System (SIEM)
- Prevention
- Authorisation, encryption, firewalls, intrusion prevention, anti-malware
- Response
- Security events and incidents
- Legal aspects
- Incident Response Process
- Incident Management Team
- Computer Forensics