October 18, 2015

Post Graduate Programme in Cybersecurity Engineering (PGPCE)

The Post Graduate Programme in Cybersecurity Engineering (Architect & Analyst) at “The Internet Security Academy (TISA)” is a professionally designed and carefully crafted course with real world security applications under the supervision of renowned experts in the field.

The programme is meant for graduates from any discipline who have IT skills and would like to learn cyber security and risk audits to protect cyberspace assets.

At its core, the Program provides deeper training in malware and vulnerability analysis. After developing a solid foundation, the Program enables students to specialize in areas related to corporate IT infrastructure, Internet of Things, public, private networks, and applications. The Program develops research capabilities, analysis skills and software tools that are needed to succeed as an IT Security Analyst and beyond. The objective is to develop broad-based malware and vulnerabilities problem-solving abilities for future global leaders.

secured1

Our unique teaching methods focus on applied learning and case studies rather than on rote learning. Students will participate in workshops and seminars with top IT security and risk audits professionals. Given our corporate connections, students will get the opportunity to participate in live projects. Further, upon completion of the Program, we aim to provide students with internship opportunities with firms across the country.

In addition to the above, students will enhance their communication skills through class discussions and presentations, where they will be trained to present security information in a concise manner. Students will also improve their writing skills through research papers, teaching them how to express intricate ideas and analysis eloquently and effectively. Students will expand their security detection and protection skills pertaining to handling complex IT environments.

Course Structure

  • Consists of a 10 week Foundations course in Networking, Application and Cyber security fundamentals.
  • Advance course for remaining 30 weeks.

Course Benefits (USPs)

  • Creating worldclass cyber security analyst
  • Building individual skills for jobs in the industry
  • Containing Job Ready Foundation and Specialized Courses
  • Learning new tools and techniques for vulnerability & malware analysis
  • Future CISSP & CISO leadership roles
  • World-class Certification

Career & Job Responsibilities

A security analyst must possess knowledge of information security aspects within the company. The main job is to analyze the security measures and their effectiveness, implementing training required including instructing staff on proper security measures both in the office and online. The security analyst must work with business administrators as well as IT professionals in communicating vulnerabilities in security systems to improve every aspect of company security with proper process documentations in case there are any breaches.

Main Responsibilities are :

  • protecting all sensitive information within a company
  • insuring all networks have adequate security to prevent unauthorised access
  • develop reports to share with administrators about the efficiency of security policies and recommend any changes
  • organise and conduct training for all employees regarding company security and information safeguarding
  • all security systems are current with any software or hardware changes in the company
  • plan and document all security information in the company including physical and Internet security

 

Course Modules

  1. Networking Fundamentals
  2. Application Development Cycle
  3. Cyber Security Fundamentals
  4. Mobility and Internet of Things
  5. Cloud and Virtulization Security
  6. Vulnerability Analysis
  7. Exploits Development
  8. Malware Analysis
  9. Reverse Engineering
  10. Enterprise Threats Modelling
  11. Specialization
  12. Job Readyness

Domains (Case-studies On Application, Client, Server, Network and Data)

  1. Enterprise Information Technology Security domain
  2. Mobility Security domain
  3. Internet of Things Security domain
  4. Government Policies Security domain
  5. Telecom Security domain
  6. Banking security domain

Risks Assessment Labs

  1. Security R&D Labs – Across industry and technology domains
  2. Secure Code Review labs – Software Programming Technologies (Unix, Android, iOS and Windows)
  3. Binary Code Analysis Lab – Mobile Programming Technologies (Android, iOS and Windows)
  4. Static Analysis Lab – Unix, Android, iOS and Windows
  5. Dynamic Analysis Lab – Unix, Android, iOS and Windows
  6. Forensics Analysis Lab – Unix, Android, iOS and Windows
  7. OS and Database Hardening Labs
  8. Network Elements Firewalling and Controlling Labs
  9. Application Firewall & Log Audits Labs
  10. Mobile Device Management labs

Methodologies and Techniques

  1. White-box Analysis and techniques
  2. Black-box Analysis and techniques
  3. Gray-box Analysis and techniques
  4. Hybrid Analysis and techniques
  5. Content Pattern based Analysis and techniques
  6. Sand-box Analysis and techniques

Industry Standards & Best Practice Sources

  1. OWASP Top 10 Wep Application Risks
  2. OWASP Top 10 Mobile Application Risks
  3. SANS
  4. ISO 27001 ISMS (Information security management systems)
  5. BS 7799
  6. HIPPA (Health Insurance Portability and Accountability Act)
  7. Children’s Internet Protection Act (CIPA)
  8. PCI-DSS
  9. Common Criteria
  10. National Institute of Standards and Technology
  11. Information Security Forum (ISF)
  12. GLBA/FFIEC Compliance – IT Security for Financial Institutions (Banks/Credit Unions)
  13. Vulnerability Disclosure Sources
  14. Malware Disclosure Sources
  15. CVE and NVD National Vulnerability Database (USA Govt & Govt of India)
  16. Vulnerability Severity Scoring

Course Contents

  • Networking Fundamentals Module: 
    • Basics of OSI and TCP/IP Stacks, Routers, Firewall
    • Common networked applications including web applications
    • LAN/WAN operation and features
    • Switch with VLANs and interswitch communications
    • Media, cables, ports, and connectors to connect switches to other network devices and hosts
    • Network status and switch operation using basic utilities (including: ping, traceroute, telnet, SSH, arp, ipconfig)
    • Configuration and network connectivity using ping, traceroute, telnet, SSH or other utilities
    • Implement an IP addressing scheme and IP Services to meet network requirements
    • Operation and benefits of using private and public IP addressing
    • Static and dynamic addressing services for hosts in a LAN environment
    • Basic router security
    • Wireless media
    • configure on a wireless network
    • Identify security threats to a network and describe general methods to mitigate those threats
    • Today’s increasing network security threats and explain the need to implement a comprehensive security policy to mitigate the threats
    • Explain general methods to mitigate common security threats to network devices, hosts, and applications
    • Describe the functions of common security appliances and applications
    • Describe security recommended practices including initial steps to secure network devices
    • NAT and ACLs in a medium-size Enterprise branch office network
    • Describe the purpose and types of ACLs
    • Configure and apply ACLs based on network filtering requirements.(including: CLI/SDM)
    • Configure and apply an ACLs to limit telnet and SSH access to the router using
    • Describe VPN technology (including: importance, benefits, role, impact, components)
    • Hardening of Hosts, Database, Web components, so on…..
  • Application Development Module
    • APPLICATION Development Environment
      • Programming Language: Android, C, .Net, HTML5, JAVA and so on…
      • SDKs, IDEs, so on…
    • Client Applications:
      • Web Server Applications
      • Mobile Android Applications
      • Mobile iOS Applications
      • Mobile Windows Applications
    • Web Server Applications:
      • Web based applications
      • APIs based Middleware applications
      • TCP/IP based server applications
  • Cybersecurity Fundamentals Module
    • Introductions to IT Forensics
    • Introduction to Privacy
    • Introduction to Network Security Management
    • Introduction to BBCP/DR
    • Introduction to Incident Management
    • Introduction to Security Testing
    • Introduction to Application Security
    • Introduction to Risk, Audit & Compliance
  • Vulnerability Analysis Module
    • Anti-malware Lab Setups and Configurations
    • Sandboxing and Reverse Engineering
    • Risks/Threat Modelling
    • Installations of Security Analysis tools
    • LIVE Sample Analysis
    • Hardening of Client Devices:
      • Laptop/Desktop Devices
      • Mobile/Tablet Android Devices
      • Mobile/Tablet iOS Devices
      • Mobile/Tablet Windows Devices
    • Hardening of Servers Devices:
      • Cloud based Servers
        • Windows/Linux/Unix
          • Cloud Hosted Servers
          • Virtualized Servers
        • Mobile Android Devices
        • Mobile iOS Devices
        • Mobile Windows Devices
    • Vulnerability Reporting Frameworks
    • Vulnerability Severity Rating Frameworks
    • Best Practice Security Standards and Frameworks
      • OWASP Framework Report Generations
  • Malware Analysis Module
    • Source of Malware samples
    • Installation and configurations of Analysis tools
    • Reverse engineering of malware samples
    • Executing Mobile malwares under surveillance
    • Network Traffic Observation and analysis
    • Observation of Static behaviour of malware
    • Observations of Dynamic behaviour of malware
    • Observations of Forensic changes on systems and devices
    • Detection of content patterns in malware sample
    • Protection logic/techniques development for malware
  • Mobile and IoT Module
    • Mobile Device Management
    • Mobile Application Management
    • Mobile BYOD Management
    • Emerging Security Risks in IoT devices
  • Cybersecurity Specialist Track (Any one)
    • Risk Audit & Compliance
    • Application Security
    • Security Testing
    • Incident Management
    • BCP/DR
    • Network Security Management
    • Privacy
    • IT Forensics
  • LIVE Projects on selected track
    • Vulnerability Assessment & Penetration Testing Kick-off
    • Project walk-through
    • Risks Threat Modelling
    • Security Assessment Yearly Roadmap
    • 1st cycle Assessment schedule
    • Vulnerability Assessment & Penetration Testing Notifications
    • Firewall Access Enablement
    • Start of Vulnerability Assessment & Penetration Testing
    • Proof collections
    • End of Vulnerability Assessment & Penetration Testing
    • Review of checklists and Proofs
    • Security Report Generation with Recommendations, Severity, Proofs and Mitigations approach based on OWASP/Industry Practice/Enterprise framework
    • Hand-over of Security Report
    • Meeting with development team & Next Verification schedule
    • Sign-off
  • ADVANCE MODULES FOR ENTERPRISE
    • Security Presentations & Seminars
    • Tender & RFP Responses
    • Security Proposal Development
    • Security Project Efforts Calculation
    • Security Demoes & PoC to Customers
    • Security Framework development for a enterprise
    • Security Checklists development
    • Security Project Management
  • Final Evaluation Exams & Interviews
  • Certifications with grading
  • Resume Enhancements and submission 
  • Placement Interviews
  • Internship Opportunities
  • Entrepreneurship Opportunities