Overview

Information Security & Risk Assessment and Penetration Testing course will prepare the participants for effective information systems security, risks assessment, and implementation, audit, and VAPT activities. Performing an assessment of Information security, Risks, and VAPT provides management with key insight into the efficiency and effectiveness of their business processes, and this course looks specifically at the protection of the information assets of the organization. For organizations, information is the most valuable asset the organization possesses, and as Information Security, Risks, VAPT, and Assurance professionals, we must be able to provide management with assurance that the information and information systems of the organization are being adequately protected.

Throughout this course, participants will benefit from learning the techniques and skills necessary to conduct Security and Risks Assessment, VAPT of IT technologies and ensure that organization has made in IT security is effective. Major topics will cover include Security and Risk Assessment, Audit, Reporting, hardening systems and software of different business and technology areas i.e: network, database, software, IOT, Cloud, Project management, risk management, VAPT, encryption, data loss prevention, physical security, Data Center, Information Systems Acquisition, development, management, Operations, resilience, etc…

Expected Takeaways

At the end of the course, the participants will:

• Have an understanding of Information Security Concepts and Risk Management
• Know how to secure digital business channels
• Know about Footprinting, sniffing, spoofing and port scanning
• Carry out Vulnerability Assessment and Security Research and Analysis
• Identify threats and vulnerabilities
• Understand the concepts of System hacking
• Conduct Penetration Testing
• Understand cybersecurity issues related to Web Applications, Database Systems, and Virtualized, Distributed, and Shared Computing
• Have an understanding of security measures including Host Security and Enterprise Security Integration

Pre-requisite for Trainees

This course is intended as a comprehensive course for ICT professionals who want to understand the best practices in cybersecurity particularly in Financial, Banking and overall Digital Information Systems.

An Aptitute test will be taken at the start of the course to assess the level of expertise of the trainees so that the training program may be tuned accordingly.

What to Bring & What You’ll Get

• Printed course materials will be issued at the end of the course in a summarized form
• PC/terminals will be provided. Participants needn't bring their own laptops, but they may if they wish to.
• Notebook will be issued at the start of the course.
• Complimentary Lunch will be provided on all days.
• Open access to Coffee and light snacks.
• On top of class time, participants will also have complimentary access to the cyber range for an additional 3 hrs of time per week during pre-assigned slot for self practice

Course Content

Module 1: Information Security Concepts and Risk Management

• Risk Terminology
• Identifying Vulnerabilities
• Operational Risks
• The Risk Assessment Process
• Best Practices for Risk Assessments
• Policies, Procedures, and Incident Response
• A High-Level View of Documentation
• Documents and Controls Used for Sensitive Information
• Auditing Requirements and Frequency

Tabletop / Paper Base Exercise: Security and Risk Assessment of IT Infrastructure

Module 2: Secure Digital Business Channels

• Digital Transformation and Digital banking
• Business Applications and Digital Channels
  • Obtain Bank Statement
  • Fund Transfer
  • Internet Banking
  • Mobile Banking
  • Bill Payments
  • Finance Management
  • Transaction Monitoring
  • Mobile Apps and Wallet
  • ATM / POS
  • Credit cards
  • Other Channels
• Enterprise Business Infrastructure Architecture
• Enterprise Application Software Implementation and Management Security (ERP)
• BCP and DRP

Module 3. The Technical Foundations of Hacking

• Foundation Topics
• The Attacker’s Process
• The Ethical Hacker’s Process
• Security and the Stack

Module 4. Foot printing and scanning

• Foundation Topics
• Overview of the Seven-Step Information-Gathering Process
• Information Gathering
• Determining the Network Range
• Identifying Active Machines
• Finding Open Ports and Access Points
• OS Fingerprinting
• Fingerprinting Services
• Mapping the Network Attack Surface

LAB:

• Lab 1: Port Scanning
• Lab 2: Hashing from the Command Line
• Lab 3: Introduction to Hashing Using a GUI
• Lab 4: Introduction to Windows Command-Line Forensic Tools
• Lab 5: Cisco IOS Command-Line Basics
• Lab 6: Configuring a VPN Client
• Lab 7: Using the Windows Command-Line Interface (CLI)
• Lab 8: Social Engineering

Module 5. Enumeration and Vulnerability Assessment

• Foundation Topics
• Enumeration
• Vulnerability Assessment and Security Research and Analysis
• Apply Research Methods to Determine Industry Trends and Impact to the Enterprise
• Analyze Scenarios to Secure the Enterprise

Fees

Teaching Staff

Certificate

Certificate of Completion

Participants will be issued a Certificate of Completion provided they have a minimum of 80% attendance and get at least 50% marks based on the following criteria.

Certificate Awarding Criteria / Evaluation Criteria:

1. Participants Must Attend in MCQ Exam (15%)
2. Participants Must Attend in LAB Exam (25%)
3. Participants Must Submit LAB Assignment Report on VAPT (10%)
4. Participants Present the Report (10%)
5. Participants Must Pass Cyber Range Exam (40%)

Certification Mapping:

After Completing this course Participants will achieve the knowledge and skills in a way so they can seat, interpret and demonstrate the knowledge, skills and can perform hands-on Practical work in their workplaces including mapping with different certifications which are recognized by NSDA, DOD, NIST, ANSI Certifications.

• Certification and Courses from NSDA
• Ethical Hacking Course and Exam
• Penetration Testing Course and Exam
• Defensive Architecture Exam
• Comptia Security+ CASP Course and Exam
• Other Advanced Cyber Security courses offered at MIST Cyber Range

Course Confirmation & Information

All classes and registration to a particular course are subject to confirmation and MIST CACR will send an acceptance email to participants at least one week prior to the commencement date.
Registration will be considered complete upon the payment of the course fee.
Authority reserves the right to change or revise the evaluation criteria, course content and fee.
Note that each course has a limited slot and interested participants may be rolled over to the next scheduled course if the seats for the nearest course are filled up.