Cybersecurity Practices for Security Engineer

         หลักสูตร Cybersecurity Practices for Security Engineer นี้ ท่านจะได้เรียนรู้วิธีออกแบบ แนวทางป้องกันความปลอดภัยขององค์กรเชิงรุก สร้างวิศวกรรม ผสานรวม และนำโซลูชันที่ปลอดภัยไปใช้ในสภาพแวดล้อมขององค์กรขนาดทั่วไป และขนาดที่ซับซ้อน เพื่อสนับสนุนดูแลป้องกันองค์กรที่มีความยืดหยุ่นมากขึ้น ท่านจะได้เรียนรู้วิธีตรวจสอบ ตรวจจับ และใช้มาตรการตอบสนองต่อเหตุการณ์ (Incident response) และสามารถใช้ระบบอัตโนมัติเพื่อสนับสนุนการดำเนินการด้านความปลอดภัยอย่างต่อเนื่องในเชิงรุก ท่านจะได้เรียนรู้วิธีการนำแนวทางปฏิบัติด้านความปลอดภัยไปใช้กับโครงสร้างพื้นฐานของระบบคลาวด์ ในองค์กร จุดที่เป็นอุปกรณ์ปลายทาง และโครงสร้างพื้นฐานสำหรับอุปกรณ์เคลื่อนที่ ท่านจะค้นพบผลกระทบของข้อกำหนดในการกำกับดูแล ความเสี่ยง และการปฏิบัติตามข้อกำหนดทั่วทั้งองค์กร และสามารถเขียนนโยบายรักษาความปลอดภัยได้

        หลักสูตรนี้ ยังประโยชน์แก่ผู้ที่ต้องการ เตรียมสอบ CompTIA Security+  CASP+ CAS 004  และหลักสูตรนี้ ยังช่วยให้ท่านสามารถก้าวไปสู่ ตำแหน่ง วิศวกรระบบรักษาความปลอดภัย ซึ่งเป็นตำแหน่งที่มีรายได้สูง และมีเกียรติ เป็นที่ต้องการทั้งในและต่างประเทศ โดยหลักสูตรนี้ สอดคล้องกับ Job Description ขององค์กรหลายแห่ง ทั้งในประเทศ โดยเฉพาะในต่างประเทศ 

ความเหมาะสมสำหรับผู้เข้ารับการอบรม

สถาปนิกด้านการรักษาความปลอดภัย (Security Architect)

วิศวกรด้านความปลอดภัยของโปรแกรม (Application Security Engineer)

ผู้ดูแลระบบรักษความปลอดภัย (Security Auditor)

ผู้จัดการระบบรักษาความปลอดภัย (Security Administrator)

นักพัฒนาโปรแกรม (Application Program Developer)

Course Outline

Security Architecture

Designing a Secure Network Architecture

Unified threat management

IDS/IPS

Network IDS versus NIPS

Wireless IPS

Inline encryptors

Network access control

SIEM

Switches

Firewalls

Routers

Proxy

Network address translation gateway

Load balancer

Hardware security module

Application- and protocol aware technologies

DLP

WAF

Database activity monitoring

Spam filter

Advanced network design for Security Perimeter

Remote access

VPN

IPsec

SSH

Remote Desktop Protocol

Virtual Network Computing

Network authentication methods

Placement of hardware and applications

Network management and monitoring tools

Advanced configuration of network devices

Transport security

Port security

Route protection

Distributed DoS protection

Remotely triggered black hole

Security zones

DMZ

Integrating Software Applications into the Enterprise

Integrating security into the development life cycle

Systems development life cycle

Versioning

Software assurance

Sandboxing/development environment

Validating third-party libraries

SecDevOps

Defining the DevOps pipeline

Baseline and templates

Secure coding standards

Application vetting processes

Hypertext Transfer Protocol (HTTP) headers

Application Programming Interface (API) management

Enterprise Data Security, Including Secure Cloud and Virtualization Solutions

Implementing data loss prevention

Blocking the use of external media

Print blocking

Remote Desktop Protocol blocking

Implementing data loss detection

Watermarking

Digital rights management

Network traffic decryption/deep packet inspection

Network traffic analysis

Enabling data protection

Data classification

Metadata/attributes

Obfuscation

Anonymization

Encrypted versus unencrypted

Data life cycle

Data inventory and mapping

Data integrity management

Data storage, backup, and recovery

Redundant array of inexpensive disks

Implementing secure cloud and virtualization solutions

Virtualization strategies

Security considerations for virtualization

Investigating cloud deployment models

Deployment models and considerations

Private cloud /Public cloud /Hybrid cloud

Hosting models

Service models

Software as a service

Platform as a service

Infrastructure as a service

Extending appropriate on-premises controls 

Micro-segmentation

Jump box

Examining cloud storage models 

File-based storage

Database storage

Block storage

Blob storage

Key/value pairs

Deploying Enterprise Authentication and Authorization Controls

Credential management

Hardware key manager

Password policies

Identity federation

Access control

Authentication and authorization protocols

Multi-Factor Authentication (MFA)

Threat and Vulnerability Management

Intelligence types 

Tactical intelligence

Strategic intelligence

Operational intelligence

Commodity malware

Targeted attacks

Actor types 

Advanced persistent threat – nation-state

Insider threat

Competitor

Hacktivist

Script kiddie

Organized crime

Intelligence collection methods 

Intelligence feeds

Deep web

Proprietary intelligence

Open source intelligence

Human intelligence

Frameworks 

MITRE adversarial tactics, techniques, and common knowledge (ATT&CK)

ATT&CK for industrial control systems

The Diamond model of intrusion analysis

Cyber Kill Chain

Threat hunting

Threat emulation

Indicators of compromise 

Packet capture

Logs

Network logs

Vulnerability logs

Operating system logs

Access logs

NetFlow logs

Notifications

File integrity monitoring alerts

SIEM alerts

Data loss prevention alerts

Intrusion detection system and intrusion prevention system alerts

Antivirus alerts

Notification severity and priorities

Responses 

Firewall rules

Intrusion prevention system and intrusion detection system rules

Access control list rules

Signature rules

Behavior rules

Data loss prevention rules

Scripts/regular expressions

Vulnerability Assessment and Penetration Testing Methods and Tools

Vulnerability scans

Credentialed versus non-credentialed scans

Agent-based/server-based

Criticality ranking

Active versus passive scans

Security Content Automation Protocol (SCAP) 

Extensible Configuration Checklist

Description Format (XCCDF)

Open Vulnerability and Assessment Language (OVAL)

Common Platform Enumeration (CPE)

Common Vulnerabilities and Exposures (CVE)

Common Vulnerability Scoring System (CVSS)

Common Configuration Enumeration (CCE)

Asset Reporting Format (ARF)

Self-assessment versus third-party vendor assessment

Patch management

Information sources

Advisories

Bulletins

Vendor websites

Information Sharing and Analysis Centers (ISACs)

News reports

Testing methods

Static analysis

Dynamic analysis

Side-channel analysis

Wireless vulnerability scan

Software Composition Analysis (SCA)

Fuzz testing

Penetration testing

Requirements

Box testing

Post-exploitation

Persistence

Pivoting

Rescanning for corrections/changes

Security tools

SCAP scanner

Network traffic analyzer

Vulnerability scanner

Protocol analyzer

Port scanner

HTTP interceptor

Exploit framework

Dependency management tools

Risk Mitigation Controls

Understanding application

vulnerabilities

Race conditions

Buffer overflows

Broken authentication

Insecure references

Poor exception handling

Security misconfiguration

Information disclosure

Certificate errors

Use of unsafe functions

Third-party libraries

Dependencies

End-of-support and end-of-life

Regression issues

Assessing inherently vulnerable systems and applications

Client-side processing and server-side processing

JSON and representational state transfer

Browser extensions

Hypertext Markup Language 5 (HTML5)

Asynchronous JavaScript and XML (AJAX)

Simple Object Access Protocol (SOAP)

Recognizing common attacks

Directory traversal

Cross-site scripting

Cross-site request forgery

Injection attacks

Sandbox escape

VM hopping

VM escape

Border Gateway Protocol and route hijacking

Interception attacks

Denial of service and distributed denial of service

Social engineering

VLAN hopping

Proactive and detective risk reduction

Hunts

Developing countermeasures

Deceptive technologies

Security data analytics

Applying preventative risk reduction

Application control

Security automation

Physical security

Implementing Incident Response and Forensics Procedures

Understanding incident response planning and process

Preparation

Detection

Analysis

Containment

Eradication and recovery

Lessons learned

Specific response playbooks/processes

Non-automated response methods

Automated response methods

Communication plan

Understanding forensic concepts  

Forensic process

Chain of custody

Order of volatility

Memory snapshots

Images

Evidence preservation

Cryptanalysis

Steganalysis

Using forensic analysis tools  

File carving tools

Binary analysis tools

Analysis tools

Imaging tools

Hashing utilities

Using live collection and post-mortem tools

Enterprise Mobility and Endpoint Security Controls

Implementing enterprise mobility management

Managed configurations

Security considerations for mobility management  

The unauthorized remote activation and deactivation of devices or features

Encrypted and unencrypted communication concerns

Physical reconnaissance

Personal data theft

Health privacy

The implications of wearable devices

The digital forensics of collected data

Unauthorized application stores

Containerization

Original equipment manufacturer (OEM) and carrier differences

Supply chain issues

The use of an eFuse

Implementing endpoint security controls 

Hardening techniques

Compensating controls

Implementing Cryptographic Protocols and Algorithms

Understanding hashing algorithms

Secure Hashing Algorithm (SHA)

Hash-Based Message Authentication Code (HMAC)

Message Digest (MD)

RACE integrity primitives evaluation message digest (RIPEMD)

Understanding symmetric encryption algorithms

Block ciphers

Stream ciphers

Understanding asymmetric encryption algorithms 

Rivest, Shamir, and Adleman (RSA)

Digital Signature Algorithm (DSA)

Elliptic-curve Digital Signature

Algorithm (ECDSA)

Diffie-Hellman (DH)

Elliptic-curve Cryptography (ECC)

Elliptic-curve Diffie-Hellman (ECDH)

Understanding encryption protocols 

Secure Sockets Layer (SSL)/Transport

Layer Security (TLS)

Secure/Multipurpose Internet Mail Extensions (S/MIME)

Internet Protocol Security (IPSec)

Secure Shell (SSH)

Key stretching

Password salting

Password-based key derivation

function 2 (PBKDF2)

Implementing Appropriate PKI Solutions, Cryptographic Protocols, and Algorithms for Business Needs

Understanding the PKI hierarchy 

Certificate authority

Registration authority

Certificate revocation list

Online Certificate Status Protocol

Understanding certificate types 

Wildcard certificate

Extended validation

Multi-domain

General-purpose

Certificate usages/templates

Understanding PKI security and interoperability 

Trusted certificate providers

Trust models

Cross-certification certificate

Life cycle management

Certificate pinning

Certificate stapling

CSRs

Common PKI use cases

Key escrow

Troubleshooting issues with cryptographic implementations 

Key rotation

Mismatched keys

Improper key handling

Embedded keys

Exposed private keys

Crypto shredding

Cryptographic obfuscation

Compromised keys

Business Continuity and Disaster Recovery Concepts

Conducting a business impact analysis

Maximum Tolerable Downtime (MTD)

Recovery Time Objective (RTO)

Recovery Point Objective (RPO)

Recovery service level

Mission-essential functions

Privacy Impact Assessment (PIA)

Preparing a Disaster Recovery Plan/Business Continuity Plan

Backup and recovery methods

Planning for high availability and automation  

Scalability

Resiliency

Automation

Content Delivery Network (CDN)

Testing plans

How cloud technology aids enterprise resilience  

Using cloud solutions for business continuity and disaster recovery (BCDR)

Infrastructure versus serverless computing

Collaboration tools

Storage configurations

Cloud Access Security Broker (CASB)

หากท่านสนใจสามารถสอบถามเพิ่มเติมได้ที่ T. 081-6676981, 089-7767190,

02-2740864, 02-2740867

หรือ  :This email address is being protected from spambots. You need JavaScript enabled to view it. , This email address is being protected from spambots. You need JavaScript enabled to view it.

 Facebook.com/cyberthai        Line ID : cyberthai