Cybersecurity Practices for Security Engineer
หลักสูตร Cybersecurity Practices for Security Engineer นี้ ท่านจะได้เรียนรู้วิธีออกแบบ แนวทางป้องกันความปลอดภัยขององค์กรเชิงรุก สร้างวิศวกรรม ผสานรวม และนำโซลูชันที่ปลอดภัยไปใช้ในสภาพแวดล้อมขององค์กรขนาดทั่วไป และขนาดที่ซับซ้อน เพื่อสนับสนุนดูแลป้องกันองค์กรที่มีความยืดหยุ่นมากขึ้น ท่านจะได้เรียนรู้วิธีตรวจสอบ ตรวจจับ และใช้มาตรการตอบสนองต่อเหตุการณ์ (Incident response) และสามารถใช้ระบบอัตโนมัติเพื่อสนับสนุนการดำเนินการด้านความปลอดภัยอย่างต่อเนื่องในเชิงรุก ท่านจะได้เรียนรู้วิธีการนำแนวทางปฏิบัติด้านความปลอดภัยไปใช้กับโครงสร้างพื้นฐานของระบบคลาวด์ ในองค์กร จุดที่เป็นอุปกรณ์ปลายทาง และโครงสร้างพื้นฐานสำหรับอุปกรณ์เคลื่อนที่ ท่านจะค้นพบผลกระทบของข้อกำหนดในการกำกับดูแล ความเสี่ยง และการปฏิบัติตามข้อกำหนดทั่วทั้งองค์กร และสามารถเขียนนโยบายรักษาความปลอดภัยได้
หลักสูตรนี้ ยังประโยชน์แก่ผู้ที่ต้องการ เตรียมสอบ CompTIA Security+ CASP+ CAS 004 และหลักสูตรนี้ ยังช่วยให้ท่านสามารถก้าวไปสู่ ตำแหน่ง วิศวกรระบบรักษาความปลอดภัย ซึ่งเป็นตำแหน่งที่มีรายได้สูง และมีเกียรติ เป็นที่ต้องการทั้งในและต่างประเทศ โดยหลักสูตรนี้ สอดคล้องกับ Job Description ขององค์กรหลายแห่ง ทั้งในประเทศ โดยเฉพาะในต่างประเทศ
ความเหมาะสมสำหรับผู้เข้ารับการอบรม
สถาปนิกด้านการรักษาความปลอดภัย (Security Architect)
วิศวกรด้านความปลอดภัยของโปรแกรม (Application Security Engineer)
ผู้ดูแลระบบรักษความปลอดภัย (Security Auditor)
ผู้จัดการระบบรักษาความปลอดภัย (Security Administrator)
นักพัฒนาโปรแกรม (Application Program Developer)
Course Outline
Security Architecture
Designing a Secure Network Architecture
Unified threat management
IDS/IPS
Network IDS versus NIPS
Wireless IPS
Inline encryptors
Network access control
SIEM
Switches
Firewalls
Routers
Proxy
Network address translation gateway
Load balancer
Hardware security module
Application- and protocol aware technologies
DLP
WAF
Database activity monitoring
Spam filter
Advanced network design for Security Perimeter
Remote access
VPN
IPsec
SSH
Remote Desktop Protocol
Virtual Network Computing
Network authentication methods
Placement of hardware and applications
Network management and monitoring tools
Advanced configuration of network devices
Transport security
Port security
Route protection
Distributed DoS protection
Remotely triggered black hole
Security zones
DMZ
Integrating Software Applications into the Enterprise
Integrating security into the development life cycle
Systems development life cycle
Versioning
Software assurance
Sandboxing/development environment
Validating third-party libraries
SecDevOps
Defining the DevOps pipeline
Baseline and templates
Secure coding standards
Application vetting processes
Hypertext Transfer Protocol (HTTP) headers
Application Programming Interface (API) management
Enterprise Data Security, Including Secure Cloud and Virtualization Solutions
Implementing data loss prevention
Blocking the use of external media
Print blocking
Remote Desktop Protocol blocking
Implementing data loss detection
Watermarking
Digital rights management
Network traffic decryption/deep packet inspection
Network traffic analysis
Enabling data protection
Data classification
Metadata/attributes
Obfuscation
Anonymization
Encrypted versus unencrypted
Data life cycle
Data inventory and mapping
Data integrity management
Data storage, backup, and recovery
Redundant array of inexpensive disks
Implementing secure cloud and virtualization solutions
Virtualization strategies
Security considerations for virtualization
Investigating cloud deployment models
Deployment models and considerations
Private cloud /Public cloud /Hybrid cloud
Hosting models
Service models
Software as a service
Platform as a service
Infrastructure as a service
Extending appropriate on-premises controls
Micro-segmentation
Jump box
Examining cloud storage models
File-based storage
Database storage
Block storage
Blob storage
Key/value pairs
Deploying Enterprise Authentication and Authorization Controls
Credential management
Hardware key manager
Password policies
Identity federation
Access control
Authentication and authorization protocols
Multi-Factor Authentication (MFA)
Threat and Vulnerability Management
Intelligence types
Tactical intelligence
Strategic intelligence
Operational intelligence
Commodity malware
Targeted attacks
Actor types
Advanced persistent threat – nation-state
Insider threat
Competitor
Hacktivist
Script kiddie
Organized crime
Intelligence collection methods
Intelligence feeds
Deep web
Proprietary intelligence
Open source intelligence
Human intelligence
Frameworks
MITRE adversarial tactics, techniques, and common knowledge (ATT&CK)
ATT&CK for industrial control systems
The Diamond model of intrusion analysis
Cyber Kill Chain
Threat hunting
Threat emulation
Indicators of compromise
Packet capture
Logs
Network logs
Vulnerability logs
Operating system logs
Access logs
NetFlow logs
Notifications
File integrity monitoring alerts
SIEM alerts
Data loss prevention alerts
Intrusion detection system and intrusion prevention system alerts
Antivirus alerts
Notification severity and priorities
Responses
Firewall rules
Intrusion prevention system and intrusion detection system rules
Access control list rules
Signature rules
Behavior rules
Data loss prevention rules
Scripts/regular expressions
Vulnerability Assessment and Penetration Testing Methods and Tools
Vulnerability scans
Credentialed versus non-credentialed scans
Agent-based/server-based
Criticality ranking
Active versus passive scans
Security Content Automation Protocol (SCAP)
Extensible Configuration Checklist
Description Format (XCCDF)
Open Vulnerability and Assessment Language (OVAL)
Common Platform Enumeration (CPE)
Common Vulnerabilities and Exposures (CVE)
Common Vulnerability Scoring System (CVSS)
Common Configuration Enumeration (CCE)
Asset Reporting Format (ARF)
Self-assessment versus third-party vendor assessment
Patch management
Information sources
Advisories
Bulletins
Vendor websites
Information Sharing and Analysis Centers (ISACs)
News reports
Testing methods
Static analysis
Dynamic analysis
Side-channel analysis
Wireless vulnerability scan
Software Composition Analysis (SCA)
Fuzz testing
Penetration testing
Requirements
Box testing
Post-exploitation
Persistence
Pivoting
Rescanning for corrections/changes
Security tools
SCAP scanner
Network traffic analyzer
Vulnerability scanner
Protocol analyzer
Port scanner
HTTP interceptor
Exploit framework
Dependency management tools
Risk Mitigation Controls
Understanding application
vulnerabilities
Race conditions
Buffer overflows
Broken authentication
Insecure references
Poor exception handling
Security misconfiguration
Information disclosure
Certificate errors
Use of unsafe functions
Third-party libraries
Dependencies
End-of-support and end-of-life
Regression issues
Assessing inherently vulnerable systems and applications
Client-side processing and server-side processing
JSON and representational state transfer
Browser extensions
Hypertext Markup Language 5 (HTML5)
Asynchronous JavaScript and XML (AJAX)
Simple Object Access Protocol (SOAP)
Recognizing common attacks
Directory traversal
Cross-site scripting
Cross-site request forgery
Injection attacks
Sandbox escape
VM hopping
VM escape
Border Gateway Protocol and route hijacking
Interception attacks
Denial of service and distributed denial of service
Social engineering
VLAN hopping
Proactive and detective risk reduction
Hunts
Developing countermeasures
Deceptive technologies
Security data analytics
Applying preventative risk reduction
Application control
Security automation
Physical security
Implementing Incident Response and Forensics Procedures
Understanding incident response planning and process
Preparation
Detection
Analysis
Containment
Eradication and recovery
Lessons learned
Specific response playbooks/processes
Non-automated response methods
Automated response methods
Communication plan
Understanding forensic concepts
Forensic process
Chain of custody
Order of volatility
Memory snapshots
Images
Evidence preservation
Cryptanalysis
Steganalysis
Using forensic analysis tools
File carving tools
Binary analysis tools
Analysis tools
Imaging tools
Hashing utilities
Using live collection and post-mortem tools
Enterprise Mobility and Endpoint Security Controls
Implementing enterprise mobility management
Managed configurations
Security considerations for mobility management
The unauthorized remote activation and deactivation of devices or features
Encrypted and unencrypted communication concerns
Physical reconnaissance
Personal data theft
Health privacy
The implications of wearable devices
The digital forensics of collected data
Unauthorized application stores
Containerization
Original equipment manufacturer (OEM) and carrier differences
Supply chain issues
The use of an eFuse
Implementing endpoint security controls
Hardening techniques
Compensating controls
Implementing Cryptographic Protocols and Algorithms
Understanding hashing algorithms
Secure Hashing Algorithm (SHA)
Hash-Based Message Authentication Code (HMAC)
Message Digest (MD)
RACE integrity primitives evaluation message digest (RIPEMD)
Understanding symmetric encryption algorithms
Block ciphers
Stream ciphers
Understanding asymmetric encryption algorithms
Rivest, Shamir, and Adleman (RSA)
Digital Signature Algorithm (DSA)
Elliptic-curve Digital Signature
Algorithm (ECDSA)
Diffie-Hellman (DH)
Elliptic-curve Cryptography (ECC)
Elliptic-curve Diffie-Hellman (ECDH)
Understanding encryption protocols
Secure Sockets Layer (SSL)/Transport
Layer Security (TLS)
Secure/Multipurpose Internet Mail Extensions (S/MIME)
Internet Protocol Security (IPSec)
Secure Shell (SSH)
Key stretching
Password salting
Password-based key derivation
function 2 (PBKDF2)
Implementing Appropriate PKI Solutions, Cryptographic Protocols, and Algorithms for Business Needs
Understanding the PKI hierarchy
Certificate authority
Registration authority
Certificate revocation list
Online Certificate Status Protocol
Understanding certificate types
Wildcard certificate
Extended validation
Multi-domain
General-purpose
Certificate usages/templates
Understanding PKI security and interoperability
Trusted certificate providers
Trust models
Cross-certification certificate
Life cycle management
Certificate pinning
Certificate stapling
CSRs
Common PKI use cases
Key escrow
Troubleshooting issues with cryptographic implementations
Key rotation
Mismatched keys
Improper key handling
Embedded keys
Exposed private keys
Crypto shredding
Cryptographic obfuscation
Compromised keys
Business Continuity and Disaster Recovery Concepts
Conducting a business impact analysis
Maximum Tolerable Downtime (MTD)
Recovery Time Objective (RTO)
Recovery Point Objective (RPO)
Recovery service level
Mission-essential functions
Privacy Impact Assessment (PIA)
Preparing a Disaster Recovery Plan/Business Continuity Plan
Backup and recovery methods
Planning for high availability and automation
Scalability
Resiliency
Automation
Content Delivery Network (CDN)
Testing plans
How cloud technology aids enterprise resilience
Using cloud solutions for business continuity and disaster recovery (BCDR)
Infrastructure versus serverless computing
Collaboration tools
Storage configurations
Cloud Access Security Broker (CASB)
หากท่านสนใจสามารถสอบถามเพิ่มเติมได้ที่ T. 081-6676981, 089-7767190,
02-2740864, 02-2740867
หรือ :This email address is being protected from spambots. You need JavaScript enabled to view it. , This email address is being protected from spambots. You need JavaScript enabled to view it.