Cyber security Architecture and Engineering
- Codice corso: SEC_Arch
- Durata corso: 5gg
INTRODUCTION
This course provides theoretical knowledge and skills to define, design, build and maintain an IT secure architecture system, using tools, systems, and processes to carry out cybersecurity activities effective and efficiency.
OBJECTIVITIES
This course provides theoretical knowledge and skills in the field of Security Architecture & Engineering.
REQUIREMENTS
IT basic knowledge
CONTENTS
This course is made up of thirteen modules. The modules that will be covered in this course are an introduction to threats and their tactics and techniques, security key concepts and information assets and their governance and management. After these, the course approaches risk management and best practices to then face security engineering and architecture principles, security model, cloud security, cryptography, Identity and Access Management. The second part will be focused on security technology, Secure Software Development LifeCycle, Contingency planning and audit.
Module 1: Landscape and Introduction
Threat Landscape: Criminal and state sponsored actor, case study, cyber weapon, social engineering techniques, vulnerability and exploit.
Key security concepts: (confidentiality, integrity and availability), IT, Info and cyber security, Multilateral approach.
Module 2: Information assets
- Information governance and security
- Policy and procedure
- Standard and guidelines
Module 3: Risk management
- Key concepts: operational risk, threat, vulnerability, asset.
- Methodology: qualitative and quantitative
- Case study: CRAMM, ISO 27005, Fault Tre Analysis, Component Failure Impact Analysis
Module 4: Standard and best practices
- ISO 27000 series
- NIST Cybersecurity Framework
- ISA/IEC 62443
- COBit overview
Module 5: Security Engineering and Architecture principles
- Stakeholder
- Concerns
- Views and Viewpoints
Module 6: Security Model
- State Machine Model
- Bell La Padula Model
- BIBA Model
- Zero Trust
- Security Principles
Module 7: cloud security
- Paas, Iaas, Saas
- Cloud Security process model
- Cloud Controls Matrix
Module 8: cryptography
- Key concepts
- Code and cipher
- Symmetric Cipher Model
- Asymmetric Cipher Model (Diffie-Hellman, RSA)
Module 9: Identity and Access Management
- Overview
- Subject, Object, and Access Right
- Authentication, Authorization, Audit(Accounting)
- Password and OTP
- Authorization MAC, DAC, ABAC, RuBAC
- Logging and audit
- Operating and maintaining preventative measures
Module 10: Security Technology
- Definition
- Wireless security
- NAC
Module 11: Secure Software Development LifeCycle
- Application security - Principles
- From SDLC to SSDLC
- SSDLC - Examples
- DevSecOps Controls—Preventive, detective, corrective controls
Module 12: Contingency management
- Information system Contingency planning process
- Incident response
- Guidelines for managing digital evidence
- Business Continuity Management
Module 13: Process and technological audit
- Audit scope, plan, criteria,
- Non conformity and Corrective action
- Vulnerability assessment and Penetration testing