Diploma in Cyber Security Fundamentals Course

This Cyber Security course provides a comprehensive overview of the cybersecurity domains. The course is delivered in six separate parts: Cybersecurity Introduction and Overview, Cybersecurity Concepts, Security Architecture Principles, Security of Networks, Systems, Applications & Data, Incident Response and Security implications & Adaption of Evolving Technology.

• The ideal candidate is a business professional who is seeking to learn more about the area of Cybersecurity.
• and/or
• A recent college graduate who is looking to start a career in Cybersecurity.

Programme Aims and Objectives

The programme will enable you to:

• Demonstrate your understanding of the principles that frame and define cyber security and the initial role of cyber security professionals in protecting enterprise data
• Add a credential to you resume/CV that will distinguish you from other candidate for advancement or a new job
• Stay ahead of the curve on your current career path or start your new cybersecurity career

Programme Content

The programme comprises of six modules:

1. Cybersecurity Introduction and Overview
2. Cybersecurity Concepts
3. Security Architecture Principles
4. Security of Networks, Systems, Applications & Data,
5. Incident Response
6. Security implications & Adoption of Evolving Technology.

• Cybersecurity Introduction and Overview
  • Introduction to Cybersecurity
    • The evolution of Cybersecurity
    • Cybersecurity & Situational awareness
    • The Cybersecurity skills gap
  • Difference between Information security & Cybersecurity
    • Protecting digital assets
  • Cybersecurity objectives
    • Confidentiality, Integrity and Availability
    • Non repudiation
  • Cybersecurity roles
    • Governance, Risk Management and Compliance
    • What does a Cybersecurity professional do?
    • Information security roles
    • Board of Directors
    • Executive Management
    • Senior Information security management
    • Cyber Security Practitioners
  • Cybersecurity Domains
    • Cybersecurity concepts
    • Security architecture principles
    • Security of networks, systems, applications and Data
    • Incident Response
    • Security implications and adoption of evolving technology

• Cybersecurity Concepts
  • Risk
    • Approaches to Cybersecurity
    • Key terms and definitions
    • Likelihood and impact
    • Approaches to Risk
    • Third-Party Risk
    • Risk Management
  • Common attack types & vectors
    • Threat agents
    • Attack attributes
    • Generalized attack process
    • Nonadversarial threat events
    • Malware and attack types
  • Policies and Procedures
    • Policy life cycle
    • Guidelines
    • Policy Frameworks
    • Types of Information security policies
    • Access control policy
    • Personnel Information Security policy
    • Security incident response policy
  • Cybersecurity controls
    • Identity Management
    • Provision and de-provisioning
    • Authorization
    • Access control lists
    • Privileged user management
    • Change Management
    • Configuration Management
    • Patch Management
• Security Architecture Principles
  • Overview of security architecture
    • The security perimeter
    • Interdependencies
    • Security Architectures and frameworks
    • SABSA & the Zachman framework
    • The open group architecture framework (TOGAF)
  • The OSI Model
    • TCP/IP
  • Defence in Depth
  • Firewalls
    • Firewall general features
    • Network firewall types
    • Packet filtering firewalls
    • Stateful inspection firewalls
    • Stateless vs. stateful
    • Examples of firewall implementations
    • Firewall issues
    • Firewall platforms
  • Isolation & Segmentation
    • VLANs
    • Security Zones & DMZs
  • Monitoring, Detection and logging
    • Ingress, egress and data loss prevention (DLP)
    • Antivirus and Anti-Malware
    • Intrusion Detection Systems
    • IDS limitations
    • IDS policy
    • Intrusion prevention systems
  • Cryptography Fundamentals
    • Key elements of cryptographic systems
    • Key Systems
  • Encryption Techniques
    • Symmetric (private) key encryption
    • Asymmetric (private) key encryption
    • Elliptical curve cryptography
    • Quantum cryptography
    • Advanced encryption standard
    • Digital Signature
    • Virtual Private Network
    • Wireless network protections
    • Stored Data
    • Public Key Infrastructure
  • Encryption Applications
    • Application of cryptographic systems
• Security of Networks, Systems, Applications and Data
  • Process controls – Risk assessment
    • Attributes of risk
    • Risk response workflow
    • Risk Analysis
    • Evaluating Security Controls
    • Risk assessment success criteria
    • Managing Risk
    • Using the results of the risk assessment
  • Process controls – Vulnerability Management
    • Vulnerability Management
    • Vulnerability Scans
    • Vulnerability Assessment
    • Remediation
    • Reporting & Metrics
  • Process Controls – penetration testing
    • Penetration testers
    • Penetration Testing phases
  • Network Security
    • Network Management
    • LAN/WAN security
    • Network Risks
    • Wireless local area networks
    • Wired equivalent privacy & Wi-Fi protected access (WPA/WPA2)
    • Ports & Protocols
    • Port Numbers
    • Protocol numbers& assignment services
    • Virtual private networks
    • Remote Access
  • Operating System Security
    • System/Platform Hardening
    • Modes of operations
    • File System permissions
    • Credentials & Privileges
    • Command line knowledge
    • Logging & System Monitoring
    • Virtualization
    • Specialised Systems
  • Application Security
    • System development life cycle (SDLC)
    • Security with SDLC
    • Design Requirements
    • Testing
    • Review Process
    • Separation of development, testing and production environments
    • OWASP top ten
    • Wireless application protocol (WAP)
  • Data Security
    • Data classification
    • Data owners
    • Data classification requirements
    • Database security
• Incident Response
  • Event vs. Incident
    • Events vs. Incident
    • Types of Incidents
  • Security Incident Response
    • What is incident response?
    • Why do we need incident response?
    • Elements of an incident response plan
    • Security event management
  • Investigations, legal holds, and Preservation
    • Investigation
    • Evidence preservation
    • Legal Requirements
  • Forensics
    • Data protection
    • Data acquisition
    • Imaging
    • Extraction
    • Interrogation
    • Ingestion/normalization
    • Reporting
    • Network traffic analysis
    • Log file analysis
    • Time lines
    • Anti-forensics
  • Disaster recovery & business continuity plans
    • What is a disaster?
    • Business continuity and disaster recovery
    • Business impact analysis
    • Recovery time objectives (RTO)
    • Recovery point objectives (RPO)
    • IS business continuity planning
    • Recovery Concepts
    • Backup Procedures
• Security Implication & Adoption of Evolving Technology
  • Current Threat Landscape
  • Advanced Persistent Threat (APT)
    • Evolution of the threat landscape
    • Defining APT’s
    • APT Characteristics
    • APT Targets
    • Stages of an APT attack
  • Mobile technology – Vulnerabilities, threats and risk
    • Physical Risk
    • Organizational Risk
    • Technical Risk
    • Activity monitoring and data retrieval
    • Unauthorized network connectivity
    • Web view/user interface (UI) impersonation
    • Sensitive data leakage
    • Unsafe sensitive data storage
    • Unsafe sensitive data transmission
    • Drive-by vulnerabilities
  • Consumerization of IT and Mobile Devices
    • Consumerization of IT
    • BYOD
  • Cloud & Digital Collaboration
    • Risk of Cloud Computing
    • Web application risk
    • Benefits of cloud computing

Career Progression Opportunities and Further Study Options

Cybersecurity is one of the fastest growing sectors in IT. This programme will provide the foundation needed to begin an entry level career in Cybersecurity and will also provide the basis for further study.

Additional Information

All course material is included in the programme fee. Fees are payable by credit card, debit card, bank transfer, bank draft or cheque. All fees must be paid before the programme begins. Please note that CCT closes on public holidays and for a number of days over the Christmas and New Year holiday period. CCT reserves the right to postpone, cancel, or alter part-time courses without notice, or to change any of the details in the college website or brochures at any time. Fees are not refundable unless the course is cancelled by CCT.