Course Info
|
Course Category
|
Computer Science/Information Technology
|
Course Level
|
Undergraduate
|
Credit Hours
|
3
|
Pre-requisites
|
CS101
|
Instructor
|
NAHIL MAHMOOD
|
|
Course Contents
|
WHAT IS INFORMATION SECURITY ?
WHY IS INFORMATION SECURITY NEEDED ?
WHO IS INFORMATION SECURITY FOR ?
HOW IS INFORMATION SECURITY IMPLEMENTED ?
WHO ARE THE PLAYERS IN INFORMATION SECURITY ?
WHAT ARE THE FOUR LAYERS OF INFORMATION SECURITY TRANSFORMATION FRAMEWORK ?
WHAT IS INFORMATION SECURITY HARDENING ?
WHAT IS INFORMATION SECURITY GOVERNANCE ?
WHAT IS THE DIFFERENCE BETWEEN AN INFORMATION SECURITY POLICY, SOP, AND GUIDELINE ?
WHAT IS AN INFORMATION SECURITY PROGRAM ?
WHAT IS THE ROLE OF PEOPLE, PROCESS, AND TECHNOLOGY IN INFORMATION SECURITY ?
WHAT IS THE ROLE OF AN INFORMATION SECURITY MANAGER ?
WHAT IS INFORMATION SECURITY AWARENESS ?
WHAT ARE THE LEADING INFORMATION SECURITY STANDARDS, AND FRAMEWORKS ?
WHAT IS INFORMATION SECURITY RISK ?
WHAT DOES THE INFORMATION SECURITY LIFECYCLE LOOK LIKE ?
WHAT IS MANAGEMENT COMMITMENT ?
WHOSE RESPONSIBILITY IS IMPLEMENTATION OF INFORMATION SECURITY ?
WHAT CAN HAPPEN IF INFORMATION SECURITY IS NOT IMPLEMENTED (CYBER SECURITY BREACHES)?
WHAT ARE THE CHALLENGES OF INFORMATION SECURITY IMPLEMENTATION ?
WHAT IS THE ROLE OF A REGULATOR ?
WHAT IS THE STATUS OF INFORMATION SECURITY IN PAKISTAN ?
WHAT IS THE SOLUTION FOR IMPROVEMENT OF INFORMATION SECURITY IN PAKISTAN ?
WHAT DOES THE TYPICAL ENTERPRISE IT NETWORK LOOK LIKE ?
WHAT ARE THE MAJOR COMPONENTS OF THE ENTERPRISE IT NETWORK ?
WHAT IS THE OSI SECURITY ARCHITECTURE ?
THE NEW FRONTIERS OF ENTERPRISE IT: CLOUD, MOBILE, SOCIAL, IOT
VIRTUALIZATION AND ENTERPRISE SECURITY
CASE STUDY OF ENTERPRISE - SMALL ORGANIZATION
CASE STUDY OF ENTERPRISE - MEDIUM SIZED ORGANIZATION
CASE STUDY OF ENTERPRISE - LARGE SIZED ORGANIZATION
WHAT IS THE TYPICAL STRUCTURE OF AN IT TEAM ?
WHAT ARE THE OBJECTIVES AND KPIs OF A CIO AND IT TEAM ?
HOW DO THE IT TEAM INTERACT WITH OTHER STAKEHOLDERS IN THE ORGANIZATION ?
SECURITY OVERLAY OF AN ENTERPRISE ARCHITECTURE - I (COMPONENTS)
SECURITY OVERLAY OF AN ENTERPRISE ARCHITECTURE - II (TRAFFIC FLOWS)
SECURITY OVERLAY OF AN ENTERPRISE ARCHITECTURE - III (GENERAL SECURITY DESIGN)
WHAT IS HIGH AVAILABILITY (HA) ?
HIGH AVAILABILITY DESIGN
HOW IS SITE REDUNDANCY INCORPORATED INTO ENTERPRISE NETWORK DESIGN ?
HIGH AVAILABILITY AND REDUNDANCY CASE STUDY
BACKUP STRATEGIES
WHAT IS THE ROLE OF SECURITY TOOLS IN SECURING THE ENTERPRISE ARCHITECTURE ?
TYPICAL SECURITY TOOLS USED IN AN ENTERPRISE IT NETWORK - PART 1
TYPICAL SECURITY TOOLS USED IN AN ENTERPRISE IT NETWORK - PART 2
WHAT DOES THE TERM "BOX SECURITY" MEAN ?
WHAT IS THE BEST APPROACH TO SECURE THE IT ENTERPRISE ARCHITECTURE ?
WHAT IS DISASTER RECOVERY (DR) ?
WHAT IS BUSINESS CONTINUITY ?
HOW IS DR ACCOMODATED INTO THE ENTERPRISE ARCHITECTURE -PART 1?
HOW IS DR ACCOMODATED INTO THE ENTERPRISE ARCHITECTURE -PART 2?
WHAT IS THE ROLE OF AN IT ASSET IN SECURING THE ORGANIZATION ?
HOW TO DETERMINE SECURITY POSTURE OF AN ORGANIZATION ?
HOW DO YOU DRIVE A SUCCESSFUL INFORMATION SECURITY TRANSFORMATION ?
DIFFERENCE BETWEEN SECURITY HARDENING & PATCHING
SECURITY HARDENING STRATEGY
PREREQUISITES FOR THE SECURITY HARDENING PROGRAM
WHO WILL CONDUCT THE SECURITY HARDENING ?
WHAT IS THE 8-STEP METHODOLOGY FOR SECURITY HARDENING ? (PART 1)
WHAT IS THE 8-STEP METHODOLOGY FOR SECURITY HARDENING ? (PART 2)
WHAT IS THE 8-STEP METHODOLOGY FOR SECURITY HARDENING ? (PART 3)
A LOOK AT CIS SECURITY BENCHMARKS-PART 1
A LOOK AT CIS SECURITY BENCHMARKS-PART 2
A LOOK AT CIS SECURITY BENCHMARKS-PART 3
A LOOK AT CIS SECURITY BENCHMARKS-PART 4
A LOOK AT DISA SECURITY TECHNICAL IMPLEMENTATION GUIDES (STIGs) - PART 1
A LOOK AT DISA SECURITY TECHNICAL IMPLEMENTATION GUIDES (STIGs) - PART 2
A LOOK AT DISA SECURITY TECHNICAL IMPLEMENTATION GUIDES (STIGs) - PART 3
A LOOK AT DISA SECURITY TECHNICAL IMPLEMENTATION GUIDES (STIGs) - PART 4
COMPARISON OF CIS SECURITY BENCHMARKS VERSUS DISA STIGS
CASE STUDY - SECURITY HARDENING - WINDOWS SERVER 2012 R2
CASE STUDY - SECURITY HARDENING - LINUX SERVER
CASE STUDY - SECURITY HARDENING - SOLARIS SERVER
CASE STUDY - SECURITY HARDENING - APACHE SERVER
CASE STUDY - SECURITY HARDENING - ORACLE SOLARIS SERVER
CASE STUDY - SECURITY HARDENING - MS SQL SERVER
CASE STUDY - SECURITY HARDENING - ORACLE DB SERVER
CASE STUDY SECURITY HARDENING - WINDOWS 8 WORKSTATION
CASE STUDY SECURITY HARDENING - WINDOWS 10 WORKSTATION
CASE STUDY SECURITY HARDENING - MS EXCHANGE
CASE STUDY SECURITY HARDENING ACTIVE DIRECTORY (AD)
CASE STUDY SECURITY HARDENING - MS INTERNET EXPLORER BROWSER
CASE STUDY SECURITY HARDENING - GOOGLE BROWSER
CASE STUDY SECURITY HARDENING - MOZILLA FIREFOX
CASE STUDY SECURITY HARDENING - NETWORK FW
CASE STUDY SECURITY HARDENING - NETWORK SWITCHES LAYER 2
CASE STUDY SECURITY HARDENING - NETWORK ROUTERS
CASE STUDY SECURITY HARDENING - NETWORK WLAN CONTROLLER
CASE STUDY SECURITY HARDENING - NETWORK LAYER 3 SWITCH
CASE STUDY SECURITY HARDENING - VMWARE
CASE STUDY SECURITY HARDENING - CLOUD - AMAZON WEB SERVICES
SOFTWARE SECURITY HARDENING FUNDAMENTALS-OWASP SAMM-1
SOFTWARE SECURITY HARDENING FUNDAMENTALS-OWASP SAMM-2
SECURITY HARDENING OF SOFTWARE APPLICATIONS - INTRODUCTION
CASE STUDY SECURITY HARDENING - ASP.NET VERSION 4
CASE STUDY SECURITY HARDENING - PHP VERSION X
CASE STUDY SECURITY HARDENING - ASP.NET MVC FRAMEWORK
CASE STUDY SECURITY HARDENING SHAREPOINT APPLICATIONS
CASE STUDY SECURITY HARDENING - C APPLICATIONS
CASE STUDY SECURITY HARDENING - C++ APPLICATIONS
CASE STUDY SECURITY HARDENING - JAVA APPLICATIONS
CASE STUDY SECURITY HARDENING PERL APPLICATIONS
CASE STUDY SECURITY HARDENING - MOBILE DEVICES - ANDROID
CASE STUDY SECURITY HARDENING - MOBILE DEVICES - IOS
SECURITY HARDENING OF ASTERISK VOIP - PART 1
SECURITY HARDENING OF ASTERISK VOIP - PART 2
VERSION CONTROL FOR IT ASSETS
SOFTWARE VERSION CONTROL BEST PRACTICES
SECURITY HARDENING - SECURE SOFTWARE IMAGES
MANUAL AND AUTOMATED WORK IN SECURITY HARDENING
QUALYS DEMO - SECURITY HARDENING
QUALYS DEMO - SECURITY HARDENING II
SECURITY HARDENING LIFECYCLE - MAINTAINING AN INTEGRATED AND CURRENT PROGRAM
HOW TO SECURITY HARDEN IT ASSETS FOR WHICH BENCHMARK OR STIG IS NOT AVAILABLE ?
QUALYS POLICY LIBRARIES
SECURITY HARDENING FOR OUTSOURCED IT ASSETS
WHAT IS VULNERABILITY MANAGEMENT (VM) ?
WHAT ARE THE STEPS IN A VULNERABILITY MANAGEMENT LIFECYCLE ?
WHY IS SOFTWARE INSECURE ?
WHY IS A VULNERABILITY MANAGEMENT PROGRAM REQUIRED ?
WHAT IS CVE, AND VULNERABILITY BULLETIN ?
WHAT IS AN EXPLOIT ?
IMPORTANCE OF AN EFFECTIVE VULNERABILITY MANAGEMENT PROGRAM AT STAGE 2
CASE STUDY - HOW SYSTEM VULNERABILITIES PLAYED A PART IN SECURITY BREACH ? (PART 1)
CASE STUDY - HOW SYSTEM VULNERABILITIES PLAYED A PART IN SECURITY BREACH ? (PART 2)
BEST PRACTICES FOR APPLYING SECURITY PATCHES
WHO CONDUCTS THE VULNERABILITY MANAGEMENT ?
VULNERABILITY SCANNING TOOLS - NESSUS FEATURES
VULNERABILITY SCANNING TOOLS - QUALYS FEATURES
CASE STUDY - NESSUS DEMO - PART 1
CASE STUDY - NESSUS DEMO - PART 2
CASE STUDY - NESSUS DEMO - PART 3
CASE STUDY - QUALYS DEMO - PART 1
CASE STUDY - QUALYS DEMO - PART 2
CASE STUDY - QUALYS DEMO - PART 3
HOW DO VULNERABILITY MANAGEMENT SCANNERS WORK ?
QUALYS WEB APPLICATION SCANNING
QUALYS ADDITIONAL FEATURES
OPENVAS OPEN SOURCE VULNERABILITY SCANNER
SUGGESTED FREQUENCY FOR THE VULNERABILITY MANAGEMENT PROGRAM
POTENTIAL CHALLENGES AND PITFALLS IN THE VULNERABILITY MANAGEMENT PROGRAM
ASSET MANAGEMENT - MAINTAINING THE ENTERPRISE ASSETS - CHALLENGES
ASSET MANAGEMENT THROUGH QUALYS
ASSET MANAGEMENT TOOLS FOR SECURITY FUNCTIONS
WHAT IS SECURITY ENGINEERING ?
WHAT IS THE OBJECTIVE OF SECURITY ENGINEERING ?
WHOSE RESPONSIBILITY IS SECURITY ENGINEERING ?
CIS 20 CRITICAL SECURITY CONTROLS
CSC1: INVENTORY OF AUTHORIZED AND UNAUTHORIZED DEVICES
CSC2: INVENTORY OF AUTHORIZED AND UNAUTHORIZED SOFTWARE
CSC3-I: SECURE CONFIGURATIONS FOR HARDWARE AND SOFTWARE
CSC3-II: SECURE CONFIGURATIONS FOR HARDWARE AND SOFTWARE
CSC4-I: CONTINUOUS VULNERABILITY ASSESSMENT AND REMEDIATION
CSC4-II: CONTINUOUS VULNERABILITY ASSESSMENT AND REMEDIATION
CSC5-I: CONTROLLED USE OF ADMINISTRATIVE PRIVILEGES
CSC5-II: CONTROLLED USE OF ADMINISTRATIVE PRIVILEGES
CSC6-I: MAINTENANCE, MONITORING, AND ANALYSIS OF AUDIT LOGS
CSC6-II: MAINTENANCE, MONITORING, AND ANALYSIS OF AUDIT LOGS
CSC7-I: EMAIL AND WEB BROWSER PROTECTIONS
CSC7-II: EMAIL AND WEB BROWSER PROTECTIONS
CSC8-I: MALWARE DEFENSES
CSC8-II: MALWARE DEFENSES
CIS CONTROL 9: Limitation and Control of Network Ports, Protocols, and Services
CIS Control 10: Data Recovery Capabilities
CIS CONTROL 11: SECURE CONFIG FOR NETWORK DEVICES
CIS CONTROL 11: SECURE CONFIG FOR NETWORK DEVICES-II
CIS CONTROL 12: BOUNDARY DEFENSE-I
CIS CONTROL 12: BOUNDARY DEFENSE-II
CIS CONTROL 12: BOUNDARY DEFENSE-III
CIS CONTROL 13: DATA PROTECTION-I
CIS CONTROL 13: DATA PROTECTION-II
CIS CONTROL 13: DATA PROTECTION-III
CIS CONTROL 14: CONTROLLED ACCESS BASED ON NEED TO KNOW-I
CIS CONTROL 14: CONTROLLED ACCESS BASED ON NEED TO KNOW-II
CIS CONTROL 15: WIRELESS ACCESS CONTROL-I
CIS CONTROL 15: WIRELESS ACCESS CONTROL-II
CIS CONTROL 15: WIRELESS ACCESS CONTROL-III
CIS CONTROL 16: ACCOUNT MONITORING & CONTROL-I
CIS CONTROL 16: ACCOUNT MONITORING & CONTROL-II
CIS CONTROL 16: ACCOUNT MONITORING & CONTROL-III
CIS CONTROL 17: IMPLEMENT A SECURITY AWARENESS & TRAINING PROGRAM-I
CIS CONTROL 17: IMPLEMENT A SECURITY AWARENESS & TRAINING PROGRAM-II
CIS CONTROL 18: APPLICATION SOFTWARE SECURITY-I
CIS CONTROL 18: APPLICATION SOFTWARE SECURITY-II
CIS CONTROL 18: APPLICATION SOFTWARE SECURITY-III
CIS CONTROL 19: INCIDENT RESPONSE & MANAGEMENT-I
CIS CONTROL 19: INCIDENT RESPONSE & MANAGEMENT-II
CIS CONTROL 20: PENETRATION TESTS & RED TEAM EXERCISES-I
CIS CONTROL 20: PENETRATION TESTS & RED TEAM EXERCISES-II
WHAT IS IT GOVERNANCE ?
WHAT IS INFORMATION SECURITY GOVERNANCE ?
WHY INFORMATION SECURITY GOVERNANCE IS AT STAGE 4 OF THE SECURITY TRANSFORMATION ?
CAN INFORMATION SECURITY GOVERNANCE BE IMPLEMENTED SOONER THAN STAGE 4 ?
ANOTHER LOOK AT PAKISTAN'S INFORMATION SECURITY POSTURE AND CHALLENGES
WHAT ARE THE INFORMATION SECURITY GOVERNANCE BUILDING BLOCKS ?
WHOSE RESPONSIBILITY IS INFORMATION SECURITY GOVERNANCE ?
HOW IS INFORMATION SECURITY GOVERNANCE IMPLEMENTED ?
HOW CAN YOU BUILD AN EFFECTIVE INFORMATION SECURITY GOVERNANCE PROGRAM ?
WHAT IS THE RECCOMENDED STRUCTURE OF THE INFORMATION SECURITY DEPARTMENT ? (LARGE ORGANIZATION)
WHAT IS THE RECCOMENDED STRUCTURE OF THE INFORMATION SECURITY DEPARTMENT ? (MID-SIZED ORGANIZATION)
WHAT IS THE RECCOMENDED STRUCTURE OF THE INFORMATION SECURITY DEPARTMENT ? (SMALL ORGANIZATION)
ROLE OF THE CISO IN DRIVING THE INFOSEC PROGRAM
WHAT ARE KEY INHIBITORS WHICH WILL LEAD TO FAILURE OF THE INFORMATION SECURITY PROGRAM ?
INFORMATION SECURITY STRATEGY FOR SMALLER ORGANIZATIONS
COMMON CHALLENGES WITH SECURITY GOVERNANCE DOCUMENTATION
SECURITY DOCUMENTATION: POLICIES
SECURITY DOCUMENTATION: STANDARDS
SECURITY DOCUMENTATION: PROCEDURES
SECURITY DOCUMENTATION: GUIDELINES
HOW TO DEVELOP EFFECTIVE SECURITY POLICIES & DOCUMENTS
WORLD'S LEADING INFORMATION SECURITY GOVERNANCE FRAMEWORK - ISO27001:2013 (ISMS)
THE STRUCTURE OF ISO27001:2013 (ISMS); CLAUSES 4-6
THE STRUCTURE OF ISO27001:2013 (ISMS); CLAUSES 7-10
THE CONTROLS (APPENDIX) OF ISO27001:2013 (ISMS); PART 1
THE CONTROLS (APPENDIX) OF ISO27001:2013 (ISMS); PART 2
THE CONTROLS (APPENDIX) OF ISO27001:2013 (ISMS); PART 3
THE CONTROLS (APPENDIX) OF ISO27001:2013 (ISMS); PART 4
THE CONTROLS (APPENDIX) OF ISO27001:2013 (ISMS); PART 5
THE CONTROLS (APPENDIX) OF ISO27001:2013 (ISMS); PART 6
THE CONTROLS (APPENDIX) OF ISO27001:2013 (ISMS); PART 7
THE CONTROLS (APPENDIX) OF ISO27001:2013 (ISMS); PART 8
THE CONTROLS (APPENDIX) OF ISO27001:2013 (ISMS); PART 9
THE CONTROLS (APPENDIX) OF ISO27001:2013 (ISMS); PART 10
THE CONTROLS (APPENDIX) OF ISO27001:2013 (ISMS); PART 11
THE CONTROLS (APPENDIX) OF ISO27001:2013 (ISMS); PART 12
THE CONTROLS (APPENDIX) OF ISO27001:2013 (ISMS); PART 13
HOW TO USE ISO27002:2013
OTHER INFORMATION SECURITY FRAMEWORKS: PCI DSS V3
OTHER INFORMATION SECURITY FRAMEWORKS: SANS TOP 20 CRITICAL SECURITY CONTROLS
OTHER INFORMATION SECURITY FRAMEWORKS: NIST
OTHER IT GOVERNANCE FRAMEWORKS: COBIT
OTHER IT GOVERNANCE FRAMEWORKS: CMMI
ISO31000:2018 - RISK MANAGEMENT - AN INTRODUCTION
ISO31000:2018 - RISK MANAGEMENT - 8 PRINCIPLES
ISO31000:2018 - RISK MANAGEMENT - FRAMEWORK
ISO31000:2018 - RISK MANAGEMENT - PROCESS
ISO31000:2018 - RISK MANAGEMENT - HOW TO IMPLEMENT
INCIDENT MANAGEMENT-I
INCIDENT MANAGEMENT-II
CHANGE MANAGEMENT-I
CHANGE MANAGEMENT-II
CHANGE MANAGEMENT-III
PROJECT MANAGEMENT FOR INFORMATION SECURITY - PART 1 (IMPORTANCE)
PROJECT MANAGEMENT FOR INFORMATION SECURITY - PART 2 (STRUCTURE)
PROJECT MANAGEMENT FOR INFORMATION SECURITY - PART 3 (REPORTING)
PROJECT MANAGEMENT FOR INFORMATION SECURITY - PART 4 (LEADERSHIP)
CAPACITY MANAGEMENT - PART 1
CAPACITY MANAGEMENT - PART 2
RISK MANAGEMENT & INTERNAL AUDIT-I
RISK MANAGEMENT & INTERNAL AUDIT-II
MANAGEMENT REVIEW
HUMAN RESOURCE SECURITY
CIRCULAR NO. 5, 2017, SBP, TECHNOLOGY GOVERNANCE FRAMEWORK
CYBER SECURITY MATURITY MATRIX (CSMM) - OVERVIEW
CYBER SECURITY MATURITY MATRIX (CSMM), LAYER 1: FOUNDATION
CYBER SECURITY MATURITY MATRIX (CSMM), LAYER 2: FUNDAMENTALS
CYBER SECURITY MATURITY MATRIX (CSMM), LAYER 3: HARDENED
CYBER SECURITY MATURITY MATRIX (CSMM), LAYER 4: PROTECTED
CYBER SECURITY MATURITY MATRIX (CSMM), LAYER 5: MONITORED
CYBER SECURITY MATURITY MATRIX (CSMM), LAYER 6: SECURED
ANOTHER LOOK AT THE INFORMATION SECURITY LIFECYCLE
WHAT IS SECURITY VALIDATION ?
HOW IS SECURITY VALIDATION PERFORMED ?
WHAT IS SECURITY TESTING ?
WHAT IS SECURITY ACCREDITATION ?
WHAT IS SECURITY ACCREDITATION PART 2 ?
EMBEDDING INFORMATION SECURITY INTO THE SDLC
SOFTWARE SECURITY TESTING & VALIDATION - PART 1
SOFTWARE SECURITY TESTING & VALIDATION - PART 2
EMBEDDING INFORMATION SECURITY INTO PROJECT MANAGEMENT
HOW TO CONDUCT AN INTERNAL SECURITY ASSESSMENT ?
WHAT ARE THE DIFFERENT TYPES OF SECURITY ASSESSMENTS ?
WHAT ARE THE DIFFERENT TYPES OF SECURITY ASSESSMENTS - PART 2?
WHAT ARE THE DIFFERENT TYPES OF SECURITY ASSESSMENTS - PART 3?
WHAT ARE THE DIFFERENT TYPES OF SECURITY ASSESSMENTS - PART 4?
WHAT ARE THE STAGES OF A THIRD PARTY PENETRATION TEST ?
HOW TO FAIL IN IMPLEMENTING A SUCCESSFUL SECURITY TRANSFORMATION ?
BENEFITS OF THE SECURITY TRANSFORMATION
SECURITY TRANSFORMATION TIMELINE
WHOSE RESPONSIBILITY IS THE SECURITY TRANSFORMATION ?
RAISING MANAGEMENT SUPPORT FOR SECURITY TRANSFORMATION PROJECT
KEY QUESTIONS TO ASSESS SECURITY POSTURE OF THE ORGANIZATION
KEY LEADERSHIP QUALITIES OF THE SECURITY TRANSFORMATION HEAD
COURSE WRAP-UP
|
|
|