The training content is divided into the following modules:
- Module 1. Protection and detection of attacks (25h) Apply protection measures to computer equipment connected to a corporate network.
- Module 2. Basic prevention tools (18pm) Configure the basic protection tools of a computer system
- Module 3. Access control for users and applications (18pm) Plan the most appropriate user authentication and authorization mechanisms to prevent impersonation and / or unauthorized access, from design to maintenance.
- Module 4. Recovery process management tools (20h) Plan corporate data recovery and service procedures, as well as the most basic tools to achieve this efficiently and effectively, including their validation.
- Module 5. Plans for the installation and operation of cybersecurity management systems (10h) Apply the necessary tools and processes to manage the security of information systems.
Module 1. Protection and detection of attacks
This 25-hour module aims to apply protection measures to computer equipment connected to a corporate network. Specifically, in this module the following knowledge will be acquired:
Cybersecurity Incident Management: Security Operations Center - SOC
- The danger
- Advocates in the war on cybercrime
Detailed inspection of attacks via the network
- Network traffic monitoring tools
- Vulnerabilities and attacks on the protocol
- Vulnerabilities and attacks on services
Application of attack protection measures
- Methods of intrusions into systems
- Methods of application infections
- Tools for discovering new patterns of attack
- Signature-based detection methods
- Heuristic detection methods
- Methods for detecting abnormal behavior
Module 2. Basic prevention tools
This 18-hour module aims to configure the basic protection tools of a computer system. Specifically, in this module the following knowledge will be acquired:
Firewall Analysis
- Principles of operation
- Firewall Types: Traditional, UTM (Unified Threat Management), NGFW (Next Generation Firewall)
- Filtering policies
- Firewall management and configuration
Application of virus and malware protection systems
- APT: Advanced persistent threats
- EPP (Endpoint protection platform) concept
- Endpoint Detection and Response (EDR) Concept
- Management and configuration of EDR systems
- Endpoint protection system configuration strategies.
- Examples of EDR and EPP systems
Module 3. User and application access control
This 18-hour module aims to plan the most appropriate user authentication and authorization mechanisms to prevent impersonation and / or unauthorized access, from design to maintenance. Specifically, in this module the following knowledge will be acquired:
Configuration of access control and authentication mechanisms
- User identification methods (passwords, biometrics, etc.). Digital ID and e-signature. Risks and benefits of digital ID
- User access rights management systems: ACL, RBAC, PBAC
- Authentication systems vs. authorization
- Identity Federation Systems: SSO
- Access Rights Accreditation Artifacts (SAML)
- Other procedures and user terminations and privileges.
Analysis of practical proposals for access control to applications
- Authentication and authorization in WEB services.
- OAuth, OAuth2 and tokens.
Module 4. Recovery process management tools
This 20-hour module aims to plan the data recovery procedures and services of corporations, as well as the most basic tools to achieve this efficiently and effectively, including their validation. Specifically, in this module the following knowledge will be acquired:
Planning the recovery and restoration of services after an incident
- Definition and implementation of recovery plans, according to the type of incident and impact
- Definition and implementation of business process restoration plans.
- Planning and execution of recovery and restoration exercises
Backup management
- Types of backups, depending on the frequency and location of the backups
- Copy process automation tools
- Copy recovery procedures and tests
- Backup protection
- Backup policies
Application of remote configuration and maintenance tools
- Remote access tools for desktop and portable devices.
- Remote access tools for mobile devices
- Remote installation, control and configuration capabilities.
Module 5. Installation and operation plans for cyber security management systems
This 10-hour module aims to apply the tools and processes needed to manage the security of information systems. Specifically, in this module the following knowledge will be acquired:
Detection of traffic anomalies in a corporate network
- Setting up a network traffic monitoring tool
- Configuring a network anomaly detection tool
Detection of attack or incident indicators
- Recognition of attack patterns
- Detection of intrusions and infections in corporate networks and systems
Automation of procedures
- Installation and configuration of incident protection tools.
- Operational supervision and efficiency optimization
Recovery after a computer security incident.
- Planning of procedures and designation of responsibilities
- Implementation and validation of procedures