Viale Premuda 14, 20129 Milano - academy@digiacademy.it - 0250030724

Cyber Security

Cyber security Architecture and Engineering

Codice corso: SEC_Arch
Durata corso: 5gg

INTRODUCTION

This course provides theoretical knowledge and skills to define, design, build and maintain an IT secure architecture system, using tools, systems, and processes to carry out cybersecurity activities effective and efficiency.

OBJECTIVITIES

This course provides theoretical knowledge and skills in the field of Security Architecture & Engineering.

REQUIREMENTS

IT basic knowledge

CONTENTS

This course is made up of thirteen modules. The modules that will be covered in this course are an introduction to threats and their tactics and techniques, security key concepts and information assets and their governance and management. After these, the course approaches risk management and best practices to then face security engineering and architecture principles, security model, cloud security, cryptography, Identity and Access Management. The second part will be focused on security technology, Secure Software Development LifeCycle, Contingency planning and audit.

Module 1: Landscape and Introduction

Threat Landscape: Criminal and state sponsored actor, case study, cyber weapon, social engineering techniques, vulnerability and exploit.
Key security concepts: (confidentiality, integrity and availability), IT, Info and cyber security, Multilateral approach.

Module 2: Information assets

  • Information governance and security
  • Policy and procedure
  • Standard and guidelines

Module 3: Risk management

  • Key concepts: operational risk, threat, vulnerability, asset.
  • Methodology: qualitative and quantitative
  • Case study: CRAMM, ISO 27005, Fault Tre Analysis, Component Failure Impact Analysis

Module 4: Standard and best practices

  • ISO 27000 series
  • NIST Cybersecurity Framework
  • ISA/IEC 62443
  • COBit overview

Module 5: Security Engineering and Architecture principles

  • Stakeholder
  • Concerns
  • Views and Viewpoints

Module 6: Security Model

  • State Machine Model
  • Bell La Padula Model
  • BIBA Model
  • Zero Trust
  • Security Principles

Module 7: cloud security

  • Paas, Iaas, Saas
  • Cloud Security process model
  • Cloud Controls Matrix

Module 8: cryptography

  • Key concepts
  • Code and cipher
  • Symmetric Cipher Model
  • Asymmetric Cipher Model (Diffie-Hellman, RSA)

Module 9: Identity and Access Management

  • Overview
  • Subject, Object, and Access Right
  • Authentication, Authorization, Audit(Accounting)
  • Password and OTP
  • Authorization MAC, DAC, ABAC, RuBAC
  • Logging and audit
  • Operating and maintaining preventative measures

Module 10: Security Technology

  • Definition
  • Wireless security
  • NAC

Module 11: Secure Software Development LifeCycle

  • Application security - Principles
  • From SDLC to SSDLC
  • SSDLC - Examples
  • DevSecOps Controls—Preventive, detective, corrective controls

Module 12: Contingency management

  • Information system Contingency planning process
  • Incident response
  • Guidelines for managing digital evidence
  • Business Continuity Management

Module 13: Process and technological audit

  • Audit scope, plan, criteria,
  • Non conformity and Corrective action
  • Vulnerability assessment and Penetration testing

P.IVA 06249920965
C.C.I.A.A. REA: MI - 1880014
Cap. Soc. € 12.000,00

Contatti

Viale Premuda n. 14 ,20129 Milano
Questo indirizzo email è protetto dagli spambots. È necessario abilitare JavaScript per vederlo.
Tel.: +39 02 50030 724
Fax.: +39 02 50030 725

© Copyright DI.GI. Academy
Privacy Policy | Cookie Policy

L’area Formazione è certificata ISO 9001