• fullslide1
    LEARNING NEVER ENDS
    Learning is a continual process, it's like a bicycle... If you don't pedal you don't go forward
  • fullslide1
    PMP CERTIFICATION TRAINING
    Your success is our motivation
  • fullslide1
    iOS APPLICATION DEVELOPMENT TRAINING
    Your learning journey with us is assured to provide you with skills to build awesome apps
  • fullslide1
    BIG DATA/ DATA SCIENCE FOUNDATION TRAINING
    Our training will provide you with a clear road map to navigate the Big Data fields
  • fullslide1
    ANDROID APPLICATION DEVELOPMENT TRAINING
    We help you scale new heights with our innovation expertise
  • fullslide1
    WEB DEVELOPER TRAINING
    You will learn all the latest tools to create innovative, inspiring web applications
  • fullslide1
    PMI AGILE CERTIFIED PRACTITIONER TRAINING
    Sprint your way to success
  • fullslide1
    iOS MOBILE APPLICATIONS - SCHOOL PROGRAM
    Your learning journey with us is assured to provide you with skills to build awesome apps

Cyber Security Foundation

Our 2 days cyber security foundation course equips you with knowledge about various modern digital security threats and provides you with insight about actions to mitigate these threats. The course is focused on non-network technical staff and aimed at people from business and IT. The course provides various options available to deal with myriads of threats including open source and commercial tools.

Cyber security is a vast field and this course helps participants get an understanding of the overall landscape and also to narrow down on areas where they should be focusing on in the near term. Protection of critical infrastructure from data breaches is generally known as cyber security.

Cyber-Attack-Types

Cyber Security Foundation Course

Our Cyber security foundation course addresses common breaches in an enterprise and steps to prevent breaches.

A typical breach remains undiscovered for over 200 days. What does that say about your current defense strategy? More likely that the attackers may be using completely different methods than what you are used to. This critical gap between current enterprise defense strategy and the evolution in adversary tactics is responsible for a growing number of successful intrusions

Let’s assume that your organization has invested significant amount of money in Malware detection. A malware is a piece of software that has been downloaded in your network probably because a user clicked on a link. The piece of software could be sending out critical information periodically. A proactive security analyst or your malware detection software may be able to identify and eliminate the presence of this malware. However, research suggests that Malware is responsible for only 40% of breaches, and external attackers are increasingly leveraging malware-free intrusion approaches to blend in and “fly under the radar” by assuming insider credentials within victim organizations.

Emulating legitimate users

The idea behind a malware-free intrusion is very simple—malware, even if it’s unknown to antivirus, is still very noisy. The obvious answer is that you break in without using malware, emulating legitimate insiders. Insider detection has always been one of the hardest problems to solve in cyber security because the attacker, by definition, looks like someone who is supposed to be inside your network and is doing things that are largely legitimate and expected. Thus, wherever the adversaries can emulate this behavior, they are quite successful in achieving their objective of stealth.

The objective of this course is to apprise the participant of the various components that have enabled the services we use, as well as to explain how these very same tools have simultaneously been diverted for malicious purposes.


How does Phishing work?

Big Data Foundation

 

Cyber Security Foundation

Cyber Security Lifecyle

We examine the components of technology that are being diverted. We start with application code and how it can best be protected with isolation approaches. We look at the general principles of a secure system and then how hackers approach such systems. We follow with an examination of the various forms of infection, including viruses, worms, bots, and Trojans. We then examine encryption, using the Rivest–Shamir–Adelman (RSA) algorithm as our working example. Internet Protocol Security (IPSec)—which is at the heart of the secure virtual private network (VPN) connectivity widely employed by malaysia businesses—is discussed, along with the contrasting use by hackers of their own undetectable VPN, example, the Terracotta VPN, which makes the hackers’ activity appear to be normal traffic entering and traversing “protected” systems.

We will examine web applications, complete web systems, domain name systems (DNSs), and the general structure of the public Internet. And, given that the world has rapidly migrated into a totally mobile, instantaneous communication and download, we examine the present vulnerability of the ubiquitous “smart” devices.

Timeline_small-01

Cyber Security Foundation Course outline

DAY 1 TIME TOPIC DELIVERY DESCRIPTION TOOLS
9:30 - 10:00 Cyber security Introduction Theory As the world moves towards innovative solutions such as smart cars and Internet of Things, simultaneously, the “evil” side is growing even faster in its capability, employing those very same technologies for malicious purposes. We’ll explore the current state of cyber security Case studies
10:00 - 10:30 Hackers motivations Theory As an example, a customers file containing 70 million customer records with credit card info, social security number, was sold to middlemen on the dark web at $50 apiece (approx $4 billion in total) and then resold by those middlemen to criminal groups and individuals at a standard price of $350 for each ID. While the biggest motivation is money, its not always just about money. Discussion
10:30 - 10:45 Tea break
10:45 - 12:00 How Systems are breached
  • Spear Phishing
Waterholes
Theory Usually, the goal of the hacker is to “become” the target employee. To this end, they may want to observe all the keystrokes that the employee initiates. The hacker seeks all the passwords and special-access information that the employee normally uses to gain entry to these systems. This is achieved through spear phishing and waterholes. Discussion
12:00 - 13:00 Lunch
13:00 - 14:00 Establishing an Undetectable Anonymous Persistent Presence Practical Frequently, the hackers will employ their special VPN to enter the target site so they look like regular off-site users accessing the systems. Once the password files are downloaded, they must be decrypted. Although the files contain thousands of user passwords, the attackers only need to decrypt an initial working set, so brute-force techniques are employed. Case Study
14:00 - 14:45 Tools Used by Hackers to Acquire Valid Entry Credentials Practical The most common method of stealing sensitive information and authentication credentials in order to traverse the portals to an enterprise’s network is with a keystroke grabber. These programs are secretly installed on target computers to record or log the keys struck on a keyboard by the user on the affected device Demos
14:45 -15:00 Tea break
15:00 - 17:30 Common Attacks Practical Denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks Man-in-the-middle (MitM) attack Phishing and spear phishing attacks Drive-by attack Password attack SQL injection attack Cross-site scripting (XSS) attack Eavesdropping attack Birthday attack Malware attack Viruses, Worms, Bugs, and Botnets Demos

DAY 2 TIME TOPIC DELIVERY DISCRIPTION TOOLS
9:30 - 10:00 Counter Measures – Securing Code Theory Code Isolation and Confinement. Malware creators take advantage of unknowing users who download or use infected code. Such infected code can be directed toward a variety of devices including our computers, tablets, and smartphones. Specialized codecs for media are examples of components that are frequently used to conceal code.. We will cover various confinement measures. Discussion
10:00 - 10:45 Counter Measures – Securing Architecture Theory Hacking and the deployment of an appropriate security architecture are at the forefront of every company’s attention. As many companies are experiencing their systems being hacked, security architectures can be put in place to minimize the severity of such attacks. Discussion
10:30 - 10:45 Tea break
10:45 - 11:15 Access Control Concepts Theory Access control is an approach to restricting system access only to authorized users. The system knows who the user is, and their identity is authenticated by name, password, or further identification credentials. Any user’s access request or process is passed through a reference monitor acting as a gatekeeper and must be validated before the user or the process is granted access. IAM
11:15 - 12:00 Cryptography and the RSA Algorithm Theory Cryptography is the practice of applying encryption techniques to ensure secure communication in the presence of third parties (whom we will consider adversaries). Generally, cryptography is about constructing and analyzing protocols that block adversaries, protect data confidentiality and data integrity, and provide authentication for the sender and the message. Case Study
12:00 - 13:00 Lunch
13:00 - 14:00 Browser Security and Cross-Site Scripting Practical Browser security is an important topic in information security because a large portion of the population uses computers, primarily for browsing the Internet. A simple lack of browser security knowledge plagues many Internet users who fall victim to constant pop-ups, adware, spyware, and other forms of malware
14:00 - 14:45 Session Management, User Authentication, and Web Application Security Practical An open field, file, or form that will take input and allow server processing may not have properly cleansed that input, allowing the remote execution of hidden and embedded code in that data that was not intended to be run on that server. Discussion
14:00 - 14:45 Cybercrime-as-a-Service (CaaS) Practical Over the past 20 years, cybercrime has become a mature industry estimated to produce more than $1 trillion in annual revenues. From products like exploit kits and custom malware to services like botnet rentals and ransomware distribution, the breadth of cybercrime offerings has never been greater. The result: more, and more serious, forms of cybercrime. Case study
14:45 -15:00 Tea break
15:00 - 17:30 Security Incident and Event Management (SIEM) Machine Learning and AI for Cyber Security Practical Security Incident and Event Management (SIEM) is a process that helps cyber security implementation by gathering security-related information (network and application logs for example) at a centralized location or tags those information assets at the edge (the location where the data is generated in the case of IoT) and uses this information for identification of anomalies which indicates breaches to the security infrastructure of an enterprise. Various machine learning algorithms can be used for detection and prevention of cyber attacks. We will discuss some common algorithms for anomaly detection, pattern recognition etc., Demos


Enterprise Architecture for Cyber Security

DSdc_web1

AI and Machine Learning Algorithms in Cyber Security

Big data and cyber security complement each other and play a vital role in each other’s relevance and utility. As more and more devices are getting digitally connected, they are generating more data (volume); the data generated by these connected devices needs to be processed in neartime (velocity) and it follows a variety of forms such as structured, unstructured, and semi-structured (variety). These three Vs constitute Big Data in general which lead to Value as fourth V. The cyber security systems require that the Big Data is processed in its entirety in order to provide actionable insights into the security infrastructure of an enterprise and to help in detecting anomalies and preventing attacks on an organization’s computing assets.

Rules-based alerts and monitoring systems are not sufficient to deal with the cyber security attacks and for protecting CIs. The machine learning models need to be trained based on the historical data (supervised learning) in order to predict the occurrence of malicious activities in advance or in near real time when the intrusion is in progress. The machine learning and AI transitions the cyber security systems to predictive analysis which helps in preventing the attacks.

Machine learning to deal with Phishing

These attacks can be prevented by using machine learning algorithms. The user’s email headers and content can be used as the training data and can train the model to understand the common patterns. This learning can help in detecting the phishing attempt based on the behavioral trends in the historical emails.

Machine learning to deal with Lateral Movement

Machine learning algorithms can be trained with lateral movements to trace data and detect the suspicious user movements. If these movements are tracked by streaming the live network logs through the processing systems, the intrusion can potentially be detected in near real time.

Machine learning to deal with Injection attacks

The malicious code is supplied into the target application via form fields or other input mechanisms. SQL injection is a special case of injection attack where the SQL statements are pushed into the system via field inputs and the SQL commands can get the dump of the sensitive data outside of the network. The attacker can get access to the authentication details if they reside in the database. Despite all the field validations and filtering at the web server layer, the injection attacks are frequent and one of the leading types of attack. The database logs can be used to train machine learning models based on statistical user profiles which can be built over a period of time as the users interacts with the databases.

Cyber-Attack-Types

There is obvious visible information, which one is conscious of and there is information that comes off you. Example, from your phone one can determine which website you visited, who you called, who your friends are, what apps you use. Data science takes it further to reveal how close you are to someone, are you an introvert or an extrovert, when during the day are you most productive, how often do you crave for ice cream, what genre of movies you like, what aspects of social issues interest you the most etc.,

Sensors everywhere

With the possibility of adding sensors to everything, now there is deeper insight into what is going on inside your body. Spending 10 minutes with a doctor who gives you a diagnosis based on stated or observed symptom is less useful than a system that has data about everything going on inside your body. Your health diagnosis is likely to be more accurate with analysis of data collected through devices such as fitbits and implantables.

The amount of data available with wearables and other devices provides for rich insight about how you live, work with others and have fun.

Digital Breadcrumbs

Big Data and analytics is made possible due to the digital breadcrumbs we leave. Digital breadcrumbs include things like location data, browsing habits, information from health apps, credit card transactions etc.,

The data lets us create mathematical models of how people interact, what motivates us, what influences our decision making process and how we learn from each other.

Big Data versus Information

One can think of Big Data as the raw data available in sufficient volume, variety and velocity. Volumes here refer to terabytes of data. Variety refers to the different dimensions of data. Velocity refers to the rate of change.

A bank can use credit card information to develop models that’s more predictive about future credit behavior. This provides better financial access. What you purchased, frequency of purchase, how often do you pay back, where do you spend money are better predictors of payment credibility than a simple one dimensional credit score.


Cyber Security Machine Learning Process

Graph

Encryption

This course also covers the basics of encryption and cryptography for protecting data and services

Encryption has come as a welcome solution to securing data and communication in organizations and also for individuals. It has been accepted as the most trusted way of securing data against the threats that are in existence today. Cryptography, which is the practice of using encryption and decryption, is often one of the last security measures that organizations employ just in case hackers are able to breach through other layers of security. Encryption, which is the process of converting data from plain text to cipher text, is one of the elements used to add reliability and non-repudiation in communication.

This course will take u through the detailed version of encryption from its early methods and gives us a brief idea of how far it has evolved, covering various techniques along with the challenges.

DataEncrypt

FAQs


Foundation Course: Cyber Security is a vast field. In this foundation class, we will be covering the theoretical of attacks and counter measures. As such, we don’t require participants to have a background in coding or system administration.
No. The optional technical modules don’t have additional costs. However, to work through the optional technical modules, you need to have a background in either statistics or programming.
Foundation:ITPACS Certified Associate in Cyber Security – Attacks and Counter measures basics.
You can take the exam 2 times with no additional costs. Beyond the second attempt, you will need to pay for the exam fees.
The course does not have an academic minimum requirement. However, you need to be familiar with basic technology such as client-server.
The difficulty level of the concepts depends on your background. If your job involves IT, you are likely to find the course easy.
Foundation:No. This is an introductory course. Cyber security is an extensive field and can take years to be an expert. Many experts specialize in one particular domain. This course provides you with an overview of what is involved in Cyber security.
Foundation:The course covers the theoretical aspects of a Cyber Security Solution. The technical aspects of building a Cyber security solution is not covered because there are so many different architectures and technologies.
Most of the participants are managers in companies across different industries who are evaluating opportunities for improving cyber security. These managers are either exploring the application of solutions within their own domain or are already working with cyber security experts. Upon completion of the course, these managers are in a better position to drive cyber security projects in their context. Most of these managers represent the business side.
Cyber Security Foundation Course: We offer a pass guarantee for this exam. In case a participant fails the exam, they have two more attempts to clear the exam at no additional cost. The objective of the foundation course is to facilitate entry into the Cyber Security field for people with no IT background. As such, the exam itself is not difficult. The exam does not have any coding. In the unlikely scenario wherein the participant fails the third time, we will refund the full course fees.
Yes. If you are currently in-between jobs, we provide additional discount on the course fees. During registration, let us know about your situation and we will accommodate additional discount.
Recent studies in neuroscience demonstrate that we can change our brain just by thinking. Our concept of “self” is etched in the living latticework of our 100 billion brain cells and their connections. Picking up new skills is about making new connections in the mind. By the time you complete the course, you have changed your brain permanently. If you learned even one bit of information, tiny brain cells have made new connections between them, and who you are is altered. The act of mental stimulation through learning is a powerful way you can grow and mold new circuits in your brain. Growing new circuits is vital to growth and state of being.
There is a small chance that you may be in what a growing body of knowledge point to as “survival mode”. When we live in survival, we limit our growth, because the chemicals of stress will always drive our big-thinking brain to act equal to its chemical substrates. Chronic long-term stress weakens our bodies. We choose to remain in the same circumstances because we have become addicted to the emotional state they produce and the chemicals that arouse that state of being. Far too many of us remain in situations that make us unhappy, feeling as if we have no choice but to be in stress. We choose to live stuck in a particular mindset and attitude, partly because of genetics and partly because a portion of the brain (a portion that has become hardwired by our repeated thoughts and reactions) limits our vision of what’s possible.We can change (and thus, evolve) our brain, so that we no longer fall into those repetitive, habitual, and unhealthy reactions that are produced as a result of our genetic inheritance and our past experiences. Scientists call this neuroplasticity—the ability to rewire and create new neural circuits at any age—to make substantial changes in the quality of your life.Learning a new skill allows new experiences and in turn fires new circuits related to curiosity, creativity etc,
The brain is structured, both macroscopically and microscopically, to absorb and engage novel information, and then store it as routine. When we no longer learn new things or we stop changing old habits, we are left only with living in routine. When we stop upgrading the brain with new information, it becomes hardwired, riddled with automatic programs of behavior that no longer support a healthy state of being. If you are not learning anything new, your brain is constantly firing the same old neurons related to negative states such anxiety, stress and worry. We are marvels of flexibility, adaptability, and a neuroplasticity that allows us to reformulate and repattern our neural connections and produce the kinds of behaviors that we want.
Research is beginning to verify that the brain is not as hardwired as we once thought. We now know that any of us, at any age, can gain new knowledge, process it in the brain, and formulate new thoughts, and that this process will leave new footprints in the brain—that is, new synaptic connections develop. That’s what learning is. In addition to knowledge, the brain also records every new experience. When we experience something, our sensory pathways transmit enormous amounts of information to the brain regarding what we are seeing, smelling, tasting, hearing, and feeling. In response, neurons in the brain organize themselves into networks of connections that reflect the experience. feelings. Every new occurrence produces a feeling, and our feelings help us remember an experience. The process of forming memories is what sustains those new neural connections on a more long-term basis. Memory, then, is simply a process of maintaining new synaptic connections that we form via learning irrespective of age.The reality is that if you are not making new neural connections, the brain cells are decaying or firing the same old routine patterns. This leads to physically aging faster than usual and other health problems.Contrary to the myth of the hardwired brain, we now realize that the brain changes in response to every experience, every new thought, and every new thing we learn. This is called plasticity. Researchers are compiling evidence that the brain has the potential to be moldable and pliable at any age.
AI has two sides. Research and application. Research is about in depth knowledge of how something works. You could spend years in research to find out how electricity and waves works and finally create a microwave. Consumers then use these microwaves to cook various food. A consumer doesn’t need to have extensive knowledge on the inner working of a microwave. They can get creative about the end result of using the microwave. This is the application side of things. Currently, as a result of extensive research, there is plethora of microwaves in the market. Attending a university courses is like creating another microwave, reinventing the wheel. You would rather focus your effort on the application side of AI. Take the already built algorithms and use it for your use cases. The way we teach our course is to apply these algorithms to solves business problems rather than go in-depth into calculus, matrices and trigonometry that make up an algorithm.

Other Courses


Check Out Our Other Professional Courses

PMP Project Management Professional

Our Project Management Professional course in Kuala Lumpur covers the best practices in the field of Project Management.

Lorem ipsum blah blah blah blah...

Call for monthly offer

iOS Application Development

We teach you everything you need to know to build great iOS apps for the iPhone, iPad devices.

Call for monthly offer

Big Data Foundation Lorem ipsum blah blah blah blah...

We cover Big Data concepts including the business aspects, the technical aspects as well as the deployment and maintenance aspects. Lorem ipsum blah blah blah blah...

Call for monthly offer

Android Application Development

We cover Java programming language and then teach you the skills to build apps for devices running Android OS.

Call for monthly offer

Professional Cloud Developer

We cover tools and techniques for full stack development which includes front end, back end and business layer.

Call for monthly offer

Develop iOS Mobile Applications - School Program

We teach you everything you need to know to build great iOS apps for the iPhone, iPad devices.

Call for monthly offer

PMI-ACP Agile Certified Practitioner

Our Agile covers covers SCRUM, XP and Lean. We teach you the most current Agile tools and techniques. Lorem ipsum blah blah blah blah...Lorem ipsum blah blah blah blah... blah blah blah...Lorem ipsum blah blah blah blah...blah blah blah...

Call for monthly offer

Copyright 2015 iKompass. All rights reserved.