Security Management

• What is Security Operations
• Finding the sweet spot
• Security and Control
• Security Goals
• Reliability vs Security
• Typical Security Flaws

Incident Response & Continuity Management

• Incident Response vs Business Continuity
• Incident Response Plans
• Business Continuity Plans
• GRC Information Security basics + PCI DSS Basic
• ISO27001 Implementation
• Risk Assessment
• PCI DSS

Security Education

• Data Protection
• Data Leakage prevention (High level)
• Enterprise Data Encryption & Data Masking (High level)
• Data Discovery & Data Classification (High level Overview)
• SOC Security Operation Center Incident management Basics + SIEM Tool Basic Concepts

• Cyber Threats + Malware Analysis
• SIEM architecture and its component

Security Information Event Management

• SIEM Processes & Architecture
• SIEM Features & Functions
• Security Auditing
• Event Definition
• Audit Logs – What to collect from Where
• Data Analysis

Vulnerability Management

• Vulnerability Management Process
• Vulnerability Scanning
• Remediation

Threat Detection

• Intruder Behaviour
• IDS Systems
• Anomaly Detection
• HIDS & NIDS
• Open Source IDS
• Honeypots
• Advanced Threats

Security Assessments

• Penetration Testing
• Scanning (NMap)
• Firewall & IDS Evasion
• Kali Linux
• Metasploit
• Meterpreter
• Hydra
• Social Engineering Toolkit

Simulated Attack – Defend – Attack

• Additional LABs and SOC Process adherence:
• Live security and attack events will be generated and participants will be given an opportunity to observe the relevance and classify respective further action on as per SOC operation procedure.

Introduction to Common Threats/Tools and Their Countermeasures:

• Network and Security Monitoring Tools: SIEM: Arsight / Qradar/Mcafee Security Logger /Solarwinds, syslog Server
• Identification of Security Threats and Events: Port Scan, host scan, IP floods: Syn Flood, UDP flood, ping flood. Virus Outbreaks, buffer overflow, SQL injections, Web and App Vulnerabilities, honeypots, loose security controls on network, servers and applications.
• Cyber Security Threats Landscape and Mitigation Methods: SNMP, Syslog.
• Security Event Analysis, Dealing with Security and Threat Events.
• Methods of minimizing False positive, Handling Massive Alert storms, validation of false positive alerts.
• Advance persistent threat
• Zero Day malware attack and preventions.
• Sandboxing: Cloud and Private.

Overview and demonstration of commonly generated Security Events generated by following devices:

• Firewalls: Layer4 and Application Intelligent Firewalls (WAF): Clear text session, SSL/HTTPS Decryptions, miss-use of non-encrypted communications, longer session timeouts etc
• IPS: Security Threat Events: Network and IP scan, host/port scan, bypassing security products, HTTP Tunneling,
• Antivirus/Client computers: OS and Browser vulnerability, prevention of non-complaint application: remote tools, freeware apps, games and others, Old virus definition, Virus and malware outbreak, unmanaged clients, non-secured or partially secured clients etc 
• Servers: OS and application, vulnerabilities, weak authentication vulnerabilities, Non/less secure websites and application, security over http vs https, server memory and resource overflows etc. 
• Network Routers: Cleartext Authentication on Networks, OD fingerprinting, unauthenticated routing advertised, IP spoofing.
• Wireless: Wireless authentication, week authentication, Packet sniffing over wireless.
• Switches: Availability of Non-usable ports, Layer-2: MAC and Arp related vulnerabilities. Man in middle attack and packet spoofing attacks etc
• Mail servers: clear text vs protected mail communication, Mail Floods, Virus intrusion over email, SMTP, TLS, dealing with Promotional and Spam messages etc