XBUS-603 Technical Countermeasures and Risk Assessment
With an understanding of the threats and vulnerabilities in cybersecurity, in this course students will develop the technical countermeasures and assessment skills needed to manage threats and risks. Technical countermeasures such as encryption, antiviruses, firewalls, intrusion detections, and penetration testing will be discussed. Students will also develop the skills both to conduct and understand the results of security, threat, and risk assessments. Topics such as methodology, requirements, scoping, automated tools, data analysis, and report structure will be discussed.
Upon completion of this course, students will be able to:
- Operationalize a variety of technical countermeasures including antiviruses, firewalls and encryptions
- Interpret a security risk assessment
- Initiate and manage an organization-wide risk assessment
- Prioritize and remediate identified risks
Enterprise Security Operations for Effective Cyber Defense
This course will give students a baseline knowledge of enterprise security operations. Content will explore models and architectures of Security Operation Centers (SOCs), including implementation of both preventative and detective technologies. Students will gain skills in vulnerability management by learning how to leverage kill chains, characterize threat actors, perform vulnerability scanning, and explore adversarial tactics/techniques/procedures (TTPs). In-depth understanding of SOC operations will be attained by understanding security operation roles along with challenges related to building, operating, and maintaining SOCs. Best practices will be promoted such as the use of open source tools, risk scoring, threat hunting, use cases, incident response plans, and defense-focused architectures. The course will be taught using a combination of lectures, interactive workshops, and hands-on labs.
What You Will Learn
- Cyber threats
- Vulnerability assessment and penetration testing
- Cyber threat detection and prevention
- Security Information and Event Management (SIEM)
How You Will Benefit
- Explore current cyber threats.
- Perform vulnerability scans and penetration tests.
- Identify issues and gaps with currently available security technologies and emulate attacks to test effectiveness.
- Explore SIEM technologies and capabilities.
- Explore SOC implementations, operations, and tools.
INTRODUCTION TO SECURITY OPERATIONS AND CYBER THREATS
- SOC introduction
- Current state of cyber threats
- Cyber threat actors
- Vulnerability landscape
- Vulnerability assessments
- Penetration testing
ENTERPRISE SECURITY OPERATION ARCHITECTURES
- Perimeter protection
- Intrusion detection/prevention
- Advanced malware detection/prevention
- Endpoint protection
- Secure network architectures
- Internal network visibility
- SIEM systems
ENTERPRISE SECURITY OPERATIONS
- Building a SOC
- SOC tools and techniques
- SOC dashboards, metrics, and performance
- Incident response, handling and management
- Threat hunting
Who should attend
This course is designed for information security professionals and managers who are responsible for detecting, preventing, or responding to cyberattacks.