IT Auditing and Compliance Course
High-Level Course Outline:
-
Introduction to Security Risk Assessment: Tools, Techniques, & Templates
-
Planning an IT Audit
-
Developing Audit Questionnaire
-
Risk Assessment
-
Audit Fieldwork
-
Audit Report Writing
-
Auditing the SDLC
-
Auditing IT Infrastructure & Network Devices
-
Auditing Data Center
-
Third-Party Audit & Compliance
-
Third-Party Risk Management
Course Description
Performing IT security audits at the enterprise level can be a daunting task. Security analysts and IT auditors usually find it challenging to determine which systems to audit first. This course is created to provide a risk-driven method for tackling the enormous task of designing an incorporated security assessment program. After covering various high-level audit and compliance topics, students will have the opportunity to delve into the technical skills required for adequately testing security controls. Real-world project works provide students with the needed skills on how to verify these controls. Students will be able to perform adequate tests security controls in a variety of scenarios.
Penetration Testing
What You Will Learn & Do:
-
Introduction to penetration testing: Tools, Techniques, & Templates
-
Pen Testing Engagement Life Cycle
-
Information Gathering & Social Engineering
-
Target Discovery, Finger Printing, & Enumeration
-
Vulnerability Mapping
-
Target Exploitation & Privilege Escalation
-
Maintaining Access & Covering Tracks
-
Web Pen Testing & Database Injection
-
Documentation, Reporting & Presentation
Course Description
This course equips learners with the skills needed to perform penetration testing and vulnerability assessment effectively. The course equips security professionals with the tactics, techniques, and procedures (TTP) that attackers and penetration testers use. Participants will have increased knowledge and understanding of the tools used in a cyber-attack and, in turn, be better able to prepare defenses. The course focuses on the skills and knowledge needed to conduct and plan vulnerability assessments and penetration tests and shows how to conduct tests and assessments legally and ethically.
Malware Analysis
What You Will Learn and Do:
-
Malware Job Market
-
Skill Gaps in Cybersecurity and other technical domains
-
Installation of malware analysis tools and virtual machines
-
Introduction to malware analysis
-
Basic static analysis
-
Basic dynamic analysis
-
Reverse Engineering.
-
Advanced Static Analysis
-
Advanced Dynamic Analysis
-
Ransomware Investigation & Analysis
Course Description
This malware analysis course helps you learn how to break down potential malware threats, create solutions to combat them, and protect against malware in the future. Students learn everything from malware analysis fundamentals to advance how to use the latest reverse engineering tools to fight malware.
PCI-DSS Implementaion & Auditing
What You Will Learn and Do:
-
Why PCI-DSS?
-
Who can get PCI-DSS certification?
-
What are the four levels and requirements for PCI-DSS?
-
The current PCI-DSS standard.
-
What is called Payment Card Information?
-
Gap Analysis.
-
Which PCI Information requires encryption and Data Masking?
-
Which PCI Information should be stored and which must not be stored?
-
Documentation Requirements of the PCI-DSS.
-
Mapping PCI-DSS controls to the Organization controls.
-
The 12 Requirements and controls of the PCI-DSS standard and in detail study.
-
Auditing PCI-DSS standard for auditors.
-
Implementing PCI-DSS standard.
-
Compliance Validation
-
Payment Applications
-
The PCI PIN Transaction Security Program
-
PCI‐DSS Applicability, Scoping, and Network Segmentation
-
Compensating Controls
-
New Standards and Emerging Technologies
-
New Wireless Guidelines
-
Tokenization
-
Security Management
-
System Configuration Standards
-
Encryption Patch Management and Software Development Controls
-
Maintaining Information Security Policies
-
Incident Response Planning/SIEM and Log management
-
Cloud Computing
-
Vulnerability Scans and Penetration Testing
Course Description
The PCI DSS implementation and audit course deliver deep insights to manage risks associated with payment card transactions. This training course equips students with the skills needed to implement the entire PCI DSS standards family and the 12 essential requirements of the standards and controls. This course will also provide you with a thorough grasp of how to create a PCI-DSS-compliant program in your company to prevent data loss.
Cybersecurity Risk Assessment
What You Will Learn and Do:
-
Introduction to Security Risk Assessment: Tools, Techniques, & Templates
-
Qualitative Risk Assessment (Hands-On)
-
Semi-Quantitative Risk Assessment (Hands-On)
-
Quantitative Risk Assessment (Hands-On)
-
Vulnerability Management
-
Flaw Remediation Plan Development (Hands-On)
-
Risk Register Development (Hands-On)
-
Third-Party Risk Management (Hands-On)
-
SOC 2 Type II Report Reviews (Hands-On)
-
Vendor Risk Assessments (Hands-On)
Course Description
Our students learn the hands-on skills required to perform risk assessments for their organizations in this program. The ability to perform risk management is crucial for organizations required to detect threats and defend critical systems. Too many potential vulnerabilities and threats could adversely impact the security of the necessary infrastructure. Risk management should be one of the organizations' practices to adequately defend, protect, and secure critical systems. In this program, students will learn how to perform a risk assessment. Students will learn how to match corporate missions to risk management goals. Students will learn all the requirements needed for practical risk assessment.