CSTP: Cyber Security Technology Professional Training and Qualification Program According to the regulation of cyber professions in Israel Being a Cyber Security Technology Professional: The CSTP is responsible for planning technological solutions; integrating technologies and security methods; adapting, implementing and integrating security products; and accompanying security events based on an understanding of the organization's activities, needs and goals, all for the purpose of the organization's cyber-security defense.
10
Embed
CSTP: Cyber Security Technology Professional Training and ... · international certification authorities, such as: (a) (ISC)2-SSCP certification, (b) CompTIA-Security+ certification,
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
CSTP: Cyber Security Technology
Professional Training and
Qualification Program
According to the regulation of cyber
professions in Israel
Being a Cyber Security Technology Professional:
The CSTP is responsible for planning technological solutions; integrating
technologies and security methods; adapting, implementing and integrating
security products; and accompanying security events based on an
understanding of the organization's activities, needs and goals, all for the
purpose of the organization's cyber-security defense.
available, what their essence is, what functions they serve
and how to use them in combination with other tools and
correct techniques. The tools and techniques complement
one another as part of the technological response to
threats, the operating system layer, networks,
applications, special environments such as cloud and
mobile devices, as well as end stations.
Cryptography: Introduction to cryptography, Classic cryptography to Modern Cryptography, Basics of Modern Cryptography, Symmetric Key Algorithms, Block Ciphers Modes of Operation, Stream ciphers, Key Management, Public Key Cryptography, Message Integrity and Authentication Controls, Public Key Infrastructure.
Access Control: What is Access control? Chapter 2: Identification and authentication (I&A), Authorization and AC Models, Centralized Access Control Methodologies
Perimeter Protection: Enclave defined, The need for Perimeter Protection, Router security, Firewalls, VPN Technology, NAC
Detection & Response: The Need for Detection Systems, IDS Systems Capabilities, Implementation & Management, Security Information & Event Management, Log Retention and Management, SIEM.
Anti-Malware: Malware threats and Anti Malware tools
Application & Code Security
DB Security
Virtualization Security
Cloud Security
DLP
Hardware Security
Files Security & Whitening: Hidden Content in files, Why Antivirus is insufficient, Metadata, Utilizing features to abuse
Social Networks Security
Infosec Technologies Trends
Information Technologies Architecture: Security Architecture creation methodologies
Independent Project: InfoSec Architecture for xyz Organization
Students are asked to write a project that summarizes the knowledge acquired in the chapter on technologies and architecture, based on the methodologies learned, with emphasis on coping with real-world challenges. The project process is conducted in constant interaction with the college staff (assistance and support).
The world of information security maintains an intimate interrelationship with the field of government, risk management and corporate compliance. This is a discipline with three aspects: organizational risk management as a result of a cyber event, compliance with management requirements, and the requirements of law and regulation in relevant aspects (e.g., the Protection of Privacy Law, Regulation 7809, 627). The ISCA-CISSP, ISACA-CISM, ISO 27000, SOX, DoD, PCI, ISC2-CISSP standards security, Israeli legislation, and industry regulations will be reviewed according to the daily practice.
Legal & Regulatory: The Applicable Legislation, The privacy Act, Information reservoirs Registration & Protection, The Regulation, 357, 257, SOX & iSOX, BASEL II, HIPPA, 361, 367
Program Management: The InfoSec Program from Three Points of View, Security Architecture Defined, Policies, Standards, Procedures, Baselines & Guidelines, InfoSec as a Process, Process Quality Management
ISO 27001 Lead Auditor Preparation Corporate, IT & InfoSec Governance Relationship, Corporate strategy defined, Infosec Positioning, Infosec Strategy, InfoSec Strategic Planning. Statement of Applicability
Controls & Control Objectives: ISO 27001 -ISMS, InfoSec Control Objectives
Control Environment: Controls, Designing a Control Environment, Cobit, COSO
Privacy in the Digital Age
Program Audit & Maintenance: Internal Audit Defined, IT General Audit, Infosec Audit, Program Improvement, Vulnerability Assessment, Pen tests
52 CISO Function and Role
What does the Information Security Manager do? What is its list of tasks and what is the correct order to carry them out? How does the product of each action become the raw material of the next action? The Unwritten Law of CISO Functions.
InfoSec Processes: InfoSec Process & Process Catalogue, Process & Program maturity
InfoSec Project: Project Management Defined, Creating an InfoSec Project, Business Case - Business Case
The IAM Process: Role Definition, Workflow, User Provisioning / De-provisioning, Audit & monitor
Capital Planning & Investment Control: Capital
Planning & Budget Decision, Corrective Action Impact and Priority, System Based Project Scoping, Enterprise Project Scoping, Choosing Your Battle, Project Investment Control,
Corporate InfoSec Policy: The Need for a Corporate InfoSec Policy, Policy Governance & Authority, Scope, Responsibility & Accountability, The Policy Chapters
Independent Final Assignment: Building an InfoSec Program
Students are asked to write a project that summarizes the acquired knowledge in the CISO Role chapter, including the implications of cyber governance and the management of cyber processes. The project must rely on the knowledge acquired in the chapter on technologies and architecture as well.
32 Hacking Defined Advanced
As in chess, it is not enough to know the functioning of the various tools. We must learn how to "play". There will be no understanding of modes of protection without a full realization of the means of attack. This module introduces the student o the world Penetration Testing. The module portrays the classical threats to information assets caused by a malicious human agent. The world of attacking and intelligence is taught in order to make the learner recognize the threats, vulnerabilities, techniques, and technologies used by the attacker.
Understanding Linux: History, Distributions, Kernel, File System, Shell, Live CD, VM
Shell: Prompt, Basic Commands, GUI
File Systems & Networking: Environmental Variable, Process Environment
Shell Redirection: Pipes, Bash Scripting
Overview & Test
HD Introduction
HD ToolKit: Linux, Kali, Development Environment, Disassembly, Hacking Today Presentations
Low Technology Reconnaissance: Social Engineering, Attack tree (Lio), Passive Reconnaissance
Web base Reconnaissance: Google, Who-Is, DNS
Google Hacking & API: Advanced Key-Words, Boolean Search, Google API
Info Gathering Tools: Maltego, Win-Finger-Print, SAM Spade