64 Certified Cyber Professional (CCP) courses delivered Live Online

Duration 5 Days 30 CPD hours This course is intended for The C|CT is ideal for anyone looking to start their career in cybersecurity or add a strong foundational understanding of the cybersecurity concepts and techniques required to be effective on the job. The course is especially well suited to: Early-career IT professionals, IT managers, career changers, and career advancers Students and recent graduates Overview After completing this course, you will understand: Key concepts in cybersecurity, including information security and network security Information security threats, vulnerabilities, and attacks The different types of malware Identification, authentication, and authorization Network security controls Network security assessment techniques and tools (threat hunting, threat intelligence, vulnerability assessment, ethical hacking, penetration testing, configuration and asset management) Application security design and testing techniques Fundamentals of virtualization, cloud computing, and cloud security Wireless network fundamentals, wireless encryption, and related security measures Fundamentals of mobile, IoT, and OT devices and related security measures Cryptography and public-key infrastructure Data security controls, data backup and retention methods, and data loss prevention techniques Network troubleshooting, traffic and log monitoring, and analysis of suspicious traffic The incident handling and response process Computer forensics and digital evidence fundamentals, including the phases of a forensic investigation Concepts in business continuity and disaster recovery Risk management concepts, phases, and frameworks EC-Council?s C|CT certification immerses students in well-constructed knowledge transfer. Training is accompanied by critical thinking challenges and immersive lab experiences that allow candidates to apply their knowledge and move into the skill development phase in the class itself. Upon completing the program, C|CT-certified professionals will have a strong foundation in cybersecurity principles and techniques as well as hands-on exposure to the tasks required in real-world jobs. COURSE OUTLINE * Information Security Threats and Vulnerabilities * Information Security Attacks * Network Security Fundamentals * Identification, Authentication, and Authorization * Network Security Controls: Administrative Controls * Network Security Controls: Physical Controls * Network Security Controls: Technical Controls * Network Security Assessment Techniques and Tools * Application Security * Virtualization and Cloud Computing * Wireless Network Security * Mobile Device Security * Internet of Things (IoT) and Operational Technology (OT) Security * Cryptography * Data Security * Network Troubleshooting * Network Traffic Monitoring * Network Log Monitoring and Analysis * Incident Response * Computer Forensics * Business Continuity and Disaster Recovery * Risk Management

Duration 3 Days 18 CPD hours This course is intended for This course is designed for software developers, testers, and architects who design and develop software in various programming languages and platforms, including desktop, web, cloud, and mobile, and who want to improve their ability to deliver software that is of high quality, particularly regarding security and privacy. This course is also designed for students who are seeking the CertNexus Cyber Secure Coder (CSC) Exam CSC-210 certification Overview In this course, you will employ best practices in software development to develop secure software.You will: Identify the need for security in your software projects. Eliminate vulnerabilities within software. Use a Security by Design approach to design a secure architecture for your software. Implement common protections to protect users and data. Apply various testing methods to find and correct security defects in your software. Maintain deployed software to ensure ongoing security... The stakes for software security are very high, and yet many development teams deal with software security only after the code has been developed and the software is being prepared for delivery. As with any aspect of software quality, to ensure successful implementation, security and privacy issues should be managed throughout the entire software development lifecycle. This course presents an approach for dealing with security and privacy throughout the entire software development lifecycle. You will learn about vulnerabilities that undermine security, and how to identify and remediate them in your own projects. You will learn general strategies for dealing with security defects and misconfiguration, how to design software to deal with the human element in security, and how to incorporate security into all phases of development. IDENTIFYING THE NEED FOR SECURITY IN YOUR SOFTWARE PROJECTS * Identify Security Requirements and Expectations * Identify Factors That Undermine Software Security * Find Vulnerabilities in Your Software * Gather Intelligence on Vulnerabilities and Exploits HANDLING VULNERABILITIES * Handle Vulnerabilities Due to Software Defects and Misconfiguration * Handle Vulnerabilities Due to Human Factors * Handle Vulnerabilities Due to Process Shortcomings DESIGNING FOR SECURITY * Apply General Principles for Secure Design * Design Software to Counter Specific Threats DEVELOPING SECURE CODE * Follow Best Practices for Secure Coding * Prevent Platform Vulnerabilities * Prevent Privacy Vulnerabilities IMPLEMENTING COMMON PROTECTIONS * Limit Access Using Login and User Roles * Protect Data in Transit and At Rest * Implement Error Handling and Logging * Protect Sensitive Data and Functions * Protect Database Access TESTING SOFTWARE SECURITY * Perform Security Testing * Analyze Code to find Security Problems * Use Automated Testing Tools to Find Security Problems MAINTAINING SECURITY IN DEPLOYED SOFTWARE * Monitor and Log Applications to Support Security * Maintain Security after Deployment

Duration 5 Days 30 CPD hours This course is intended for The primary audience for this course is any IT, facilities or data centre professional, who are involved in the design/build, renovation or relocation of a mission-critical data centre. Overview This 5-day course is designed to prepare participants to analyse a given business case and perform technical evaluation for a project plan and a set of designs for the implementation of a mission critical data centre. The course also engages participants in product evaluations and demonstrates how to select equipment and develop equipment test scripts (IET) and integrated performance and validation testing (IPVT). CDCE© builds upon knowledge gained in CDCP and CDCS courses. Participants who pass the exam will join the industry's elite data centre project design experts. CDCE© is the highest level training in the EPI Design and Build training track under the EPI Data Centre Training Framework. Participants must hold a valid CDCS certificate in order to be able to register for the CDCE class. CDCE© is the premier certification for data centre professionals in the data centre design/build and related fields. DATA CENTRE LIFE CYCLE * Data centre lifecycle stages and phases Exercise: Stage/Phase/Milestone/Document mapping DESIGN PREPARATION * Creation of a SON ? Statement Of Need Technology review Conceptual sizing How to calculate for computer room space How to calculate facility space How to calculate incoming power Exercise: Conceptual sizing building and power Analysing capacity of existing facility Analysing investment options Site selection Permits and approvals Exercise: Site selection Conceptual design Budget and project timeline Business case preparation Project delivery structure Project management options Project manager and team DESIGN PLANNING * OSRA?Operational Systems Requirement Analysis TFRA?Technical Facilities Requirement Analysis Operations and maintenance review RFP?Request For Proposal process Vendor selection DESIGN DEVELOPMENT * Project planning Design development PDR ? Preliminary Design Review Equipment selection FDR/V ? Final Design Review/Validation Exercise: Full design validation of power, cooling, floor plans, fire suppression Design freeze and LLTI Creation of construction documents BOM/BOQ ? Bill Of Material/Bill Of Quantity Exercise: Equipment selection ACQUIRE * Requirements of purchase orders Shipping terms FWT/FAT ? Factory Witness Test/Factory Acceptance Test Sequencing Incoming goods inspection and handling Asset management CONSTRUCT * Temporary essential services Erection of the building Permanent essential services Building inspection Snag list COF?Certificate Of Fitness FIT-OUT * Fit-Out Builders cleaning As-Built Drawings TEST & COMMISSIONING * IET?Individual Equipment Test IPVT/IST?Integrated Performance Verification Test/Integrated Systems Test Common mistakes with IET/IPVT Deep cleaning Exercise: IET/IPVT scripting HAND-OVER * Facility hand-over requirements and documents PCC?Practical Completion Certificate DLP?Defect Liability Period Defect Management ICT Systems Installation ICT Systems Testing Hand-Over/DLP Expiry FCC?Final Completion Certificate RETIREMENT * Reasons and definitions of retirement Building the business case and project plan Sequencing Transfer of site Demolishing of site Legal matters FCC?Final Completion Certificate EXAM: CERTIFIED DATA CENTRE EXPERT (CDCE©) * The CDCE© exam is in two parts: Part A is a 90-minute closed book exam, with 60 multiple-choice questions. For Part A, the candidate requires a minimum of 45 correct answers to pass the exam. Part B is a 90-minute closed book exam, with 25 open questions. For Part B the candidate needs to obtain a minimum of 75% to pass. ADDITIONAL COURSE DETAILS: Nexus Humans Certified Data Centre Expert (CDCE) training program is a workshop that presents an invigorating mix of sessions, lessons, and masterclasses meticulously crafted to propel your learning expedition forward. This immersive bootcamp-style experience boasts interactive lectures, hands-on labs, and collaborative hackathons, all strategically designed to fortify fundamental concepts. Guided by seasoned coaches, each session offers priceless insights and practical skills crucial for honing your expertise. Whether you're stepping into the realm of professional skills or a seasoned professional, this comprehensive course ensures you're equipped with the knowledge and prowess necessary for success. While we feel this is the best course for the Certified Data Centre Expert (CDCE) course and one of our Top 10 we encourage you to read the course outline to make sure it is the right content for you. Additionally, private sessions, closed classes or dedicated events are available both live online and at our training centres in Dublin and London, as well as at your offices anywhere in the UK, Ireland or across EMEA.

Regardless of your computer experience, this class will help you become more aware of technology-related risks and what you can do to protect yourself and your organization from them.

Duration 0.5 Days 3 CPD hours This course is intended for This course is designed for the non-technical end user of computers, mobile devices, networks, and the Internet, to enable you to use technology more securely to minimize digital risks. This course is also designed for you to prepare for the Certified CyberSAFE credential. You can obtain your Certified CyberSAFE certificate by completing the Certified CyberSAFE credential process on the CHOICE platform following the course presentation. Overview In this course, you will identify many of the common risks involved in using conventional end-user technology, as well as ways to use it safely, to protect yourself from those risks. You will: Identify the need for security Secure devices like desktops, laptops, smartphones, and more Use the Internet securely Regardless of your computer experience, this class will help you become more aware of technology ðrelated risks and what you can do to protect yourself and your organization from them. This course will help you to: ? Understand security compliance needs and requirements ? Recognize and avoid phishing and other social engineering ? Recognize and avoid viruses, ransomware, and other malware ? Help ensure data security on computers, mobile devices, networks, the Internet, and in the cloud. In this course, you will use discussions, case studies, and the experiences of your instructor and fellow students to explore the hazards and pitfalls of technology and learn how to use that technology safely and securely. Course includes access to the CyberSAFE assessment. Upon successful completion of the assessment, learners will receive the CyberSAFE credential and digital badge. IDENTIFYING THE NEED FOR SECURITY * Identify Security Compliance Requirements * Recognize Social Engineering and Avoid Phishing and other Attacks * SECURING DEVICES * Maintain Physical Security of Devices * Use Passwords for Security * Protect Your Data * Identify and Mitigate Viruses, Ransomware, and other Malware * Use Wireless Devices Securely USING THE INTERNET SECURELY * Browse the Web Safely * Use Email Securely * Use Social Networking Securely * Use Cloud Services Securely ADDITIONAL COURSE DETAILS: Nexus Humans CertNexus CyberSAFE Extended Edition 2019 (CBS-310) training program is a workshop that presents an invigorating mix of sessions, lessons, and masterclasses meticulously crafted to propel your learning expedition forward. This immersive bootcamp-style experience boasts interactive lectures, hands-on labs, and collaborative hackathons, all strategically designed to fortify fundamental concepts. Guided by seasoned coaches, each session offers priceless insights and practical skills crucial for honing your expertise. Whether you're stepping into the realm of professional skills or a seasoned professional, this comprehensive course ensures you're equipped with the knowledge and prowess necessary for success. While we feel this is the best course for the CertNexus CyberSAFE Extended Edition 2019 (CBS-310) course and one of our Top 10 we encourage you to read the course outline to make sure it is the right content for you. Additionally, private sessions, closed classes or dedicated events are available both live online and at our training centres in Dublin and London, as well as at your offices anywhere in the UK, Ireland or across EMEA.

Duration 5 Days 30 CPD hours This course is intended for Security Professionals Incident Handling Professionals Anyone in a Security Operations Center Forensics Experts Cybersecurity Analysts Overview Our Certified Cyber Security Analyst course helps you prepare an organization to create a complete end to end solution for proactively monitoring, preventing, detecting, and mitigating threats as they arise in real time. Do not fool yourself, this course is far more advanced than you may expect. It is fast paced and thorough, so you can enjoy a well-rounded experience. Be ready to dig deep into the details of security analysis for today's needs. When we are done you will be able to setup and deploy state of the art open source and for purchase analysis tools, intrusion detection tools, syslog servers, SIEMs, along with integrating them for the entire company to find and an many cases prevent today's exploits. This course maps to the mile2 Certified Cyber Security Analyst Exam as well as the CompTIA CySA+CS0-001 certification exam. Our Certified Cyber Security Analyst course helps you prepare an organization to create a complete end to end solution for proactively monitoring, preventing, detecting, and mitigating threats as they arise in real time.Do not fool yourself, this course is far more advanced than you may expect. It is fast paced and thorough, so you can enjoy a well-rounded experience. Be ready to dig deep into the details of security analysis for today?s needs.When we are done you will be able to setup and deploy state of the art open source and for purchase analysis tools, intrusion detection tools, syslog servers, SIEMs, along with integrating them for the entire company to find and an many cases prevent today?s exploits.This course maps to the mile2 Certified Cyber Security Analyst Exam as well as the CompTIA CySA+CS0-001 certification exam. BLUE TEAM?PRINCIPLES * Network Architecture?and how it lays the groundwork * Defensive Network * Security Data Locations?and how they tie together * Security?Operations?Center * The People, Processes, and Technology * Triage and Analysis * Digital Forensics * Incident Handling * Vulnerability Management * Automation, Improvement, and Tuning DIGITAL?FORENSICS * Investigative Theory and?Processes * Digital Acquisition * Evidence Protocols * Evidence Presentation * Computer Forensics?Laboratory * Protocols * Processing Techniques * Specialized?Artifacts * Advanced Forensics for Today?s?Exploitations MALWARE ANALYSIS * Creating the Safe Environment * Static Analysis * Dynamic Analysis * Behavior Based Analysis * What is different about?Ransomware? * Manual Code Reversing TRAFFIC ANALYSIS * Manual Analysis Principles * Automated?Analysis Principles * Signatures?compared to?Behaviors * Application Protocols Analysis Principles * Networking Forensics ASSESSING THE CURRENT STATE OF DEFENSE WITH THE?ORGANIZATION * Network Architecture and Monitoring * Endpoint Architecture and Monitoring * Automation, Improvement, and continuous?monitoring LEVERAGING SIEM FOR ADVANCED ANALYTICS * Architectural Benefits * Profiling and?Baselining * Advanced Analytics DEFEATING THE RED TEAM WITH PURPLE TEAM TACTICS * Penetration Testing?with full knowledge * Reconnaissance * Scanning * Enumeration * Exploitation * Lateral Movement ADDITIONAL COURSE DETAILS: Nexus Humans C)CSA: Cybersecurity Analyst Mile 2 training program is a workshop that presents an invigorating mix of sessions, lessons, and masterclasses meticulously crafted to propel your learning expedition forward. This immersive bootcamp-style experience boasts interactive lectures, hands-on labs, and collaborative hackathons, all strategically designed to fortify fundamental concepts. Guided by seasoned coaches, each session offers priceless insights and practical skills crucial for honing your expertise. Whether you're stepping into the realm of professional skills or a seasoned professional, this comprehensive course ensures you're equipped with the knowledge and prowess necessary for success. While we feel this is the best course for the C)CSA: Cybersecurity Analyst Mile 2 course and one of our Top 10 we encourage you to read the course outline to make sure it is the right content for you. Additionally, private sessions, closed classes or dedicated events are available both live online and at our training centres in Dublin and London, as well as at your offices anywhere in the UK, Ireland or across EMEA.

Duration 5 Days 30 CPD hours This course is intended for This course is designed for individuals seeking a role as an associate-level cybersecurity analyst and IT professionals desiring knowledge in Cybersecurity operations or those in pursuit of the Cisco Certified CyberOps Associate certification including Students pursuing a technical degree Current IT professionals Recent college graduates with a technical degree Overview After taking this course, you should be able to Explain how a Security Operations Center (SOC) operates and describe the different types of services that are performed from a Tier 1 SOC analyst's perspective. Explain Network Security Monitoring (NSM) tools that are available to the network security analyst. Explain the data that is available to the network security analyst. Describe the basic concepts and uses of cryptography. Describe security flaws in the TCP/IP protocol and how they can be used to attack networks and hosts. Understand common endpoint security technologies. Understand the kill chain and the diamond models for incident investigations, and the use of exploit kits by threat actors. Identify resources for hunting cyber threats. Explain the need for event data normalization and event correlation. Identify the common attack vectors. Identify malicious activities. Identify patterns of suspicious behaviors. Conduct security incident investigations. Explain the use of a typical playbook in the SOC. Explain the use of SOC metrics to measure the effectiveness of the SOC. Explain the use of a workflow management system and automation to improve the effectiveness of the SOC. Describe a typical incident response plan and the functions of a typical Computer Security Incident Response Team (CSIRT). Explain the use of Vocabulary for Event Recording and Incident Sharing (VERIS) to document security incidents in a standard format. The Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) v1.0 course teaches you security concepts, common network and application operations and attacks, and the types of data needed to investigate security incidents. This course teaches you how to monitor alerts and breaches, and how to understand and follow established procedures for response to alerts converted to incidents. Through a combination of lecture, hands-on labs, and self-study, you will learn the essential skills, concepts, and technologies to be a contributing member of a cybersecurity operations center (SOC) including understanding the IT infrastructure, operations, and vulnerabilities. This course helps you prepare for the Cisco Certified CyberOps Associate certification and the role of a Junior or Entry-level cybersecurity operations analyst in a SOC. COURSE OUTLINE * Defining the Security Operations Center * Understanding Network Infrastructure and Network Security Monitoring Tools * Exploring Data Type Categories * Understanding Basic Cryptography Concepts * Understanding Common TCP/IP Attacks * Understanding Endpoint Security Technologies * Understanding Incident Analysis in a Threat-Centric SOC * Identifying Resources for Hunting Cyber Threats * Understanding Event Correlation and Normalization * Identifying Common Attack Vectors * Identifying Malicious Activity * Identifying Patterns of Suspicious Behavior * Conducting Security Incident Investigations * Using a Playbook Model to Organize Security Monitoring * Understanding SOC Metrics * Understanding SOC Workflow and Automation * Describing Incident Response * Understanding the Use of VERIS * Understanding Windows Operating System Basics * Understanding Linux Operating System Basics ADDITIONAL COURSE DETAILS: Nexus Humans Cisco Understanding Cisco Cybersecurity Operations Fundamentals v1.0 (CBROPS) training program is a workshop that presents an invigorating mix of sessions, lessons, and masterclasses meticulously crafted to propel your learning expedition forward. This immersive bootcamp-style experience boasts interactive lectures, hands-on labs, and collaborative hackathons, all strategically designed to fortify fundamental concepts. Guided by seasoned coaches, each session offers priceless insights and practical skills crucial for honing your expertise. Whether you're stepping into the realm of professional skills or a seasoned professional, this comprehensive course ensures you're equipped with the knowledge and prowess necessary for success. While we feel this is the best course for the Cisco Understanding Cisco Cybersecurity Operations Fundamentals v1.0 (CBROPS) course and one of our Top 10 we encourage you to read the course outline to make sure it is the right content for you. Additionally, private sessions, closed classes or dedicated events are available both live online and at our training centres in Dublin and London, as well as at your offices anywhere in the UK, Ireland or across EMEA.

Duration 5 Days 30 CPD hours This course is intended for The course is intended for individuals who want to achieve a level 3 apprenticeship in IT. Overview To complete their overall level three framework in the following: CCNA, MCSA, IT Fundamentals 7 Cyber Security. In this course, students will handle customer queries, investigate customer needs, investigate and analyze customer satisfaction information and create reports based on this. Create and conduct coaching sessions. In this course, students will handle customer queries, investigate customer needs, investigate and analyze customer satisfaction information and create reports based on this. Create and conduct coaching sessions.

Duration 5 Days 30 CPD hours This course is intended for This course is targeted towards the information technology (IT) professional that has a minimum 1 year IT Security and Networking experience. This course would be ideal for Information System Owners, Security Officers, Ethical Hackers, Information Owners, Penetration Testers, System Owner and Managers as well as Cyber Security Engineers. Overview Upon completion, the Certified Professional Ethical Hacker candidate will be able to competently take the CPEH exam. The CPEH certification training enables students to understand the importance of vulnerability assessments and how to implement counter response along with preventative measures when it comes to a network hack. SECURITY FUNDAMENTALS * Overview * The Growth of * Environments and Security * Our Motivation? * The Goal: Protecting Information! * CIA Triad in Detail * Approach Security Holistically * Security Definitions * Definitions Relationships * Method: Ping * The TCP/IP Stack * Which Services Use Which Ports? * TCP 3-Way Handshake * TCP Flags * Malware * Types of Malware * Types of Malware Cont... * Types of Viruses * More Malware: Spyware * Trojan Horses * Back Doors * DoS * DDoS * Packet Sniffers * Passive Sniffing * Active Sniffing * Firewalls, IDS and IPS * Firewall ? First * Line of Defense * IDS ? Second Line of Defense * IPS ? Last Line of Defense? * Firewalls * Firewall Types: * (1) Packet Filtering * Firewall Types: * (2) Proxy Firewalls * Firewall Types ? * Circuit-Level Proxy Firewall * Type of Circuit- * Level Proxy ? SOCKS * Firewall Types ? * Application-Layer Proxy * Firewall Types: (3) Stateful * Firewall Types: * (4) Dynamic Packet-Filtering * Firewall Types: * (5) Kernel Proxies * Firewall Placement * Firewall Architecture * Types ? Screened Host * Multi- or Dual-Homed * Screened Subnet * Wi-Fi Network Types * Wi-Fi Network Types * Widely Deployed Standards * Standards Comparison * 802.11n - MIMO * Overview of Database Server * Review ACCESS CONTROLS * Overview * Role of Access Control * Definitions * More Definitions * Categories of Access Controls * Physical Controls * Logical Controls * ?Soft? Controls * Security Roles * Steps to Granting Access * Access Criteria * Physical Access * Control Mechanisms * Biometric System Types * Synchronous Token * Asynchronous Token Device * Memory Cards * Smart Card * Cryptographic Keys * Logical Access Controls * OS Access Controls * Linux Access Controls * Accounts and Groups * Password & * Shadow File Formats * Accounts and Groups * Linux and UNIX Permissions * Set UID Programs * Trust Relationships * Review PROTOCOLS * Protocols Overview * OSI ? Application Layer * OSI ? Presentation Layer * OSI ? Session Layer * Transport Layer * OSI ? Network Layer * OSI ? Data Link * OSI ? Physical Layer * Protocols at * Each OSI Model Layer * TCP/IP Suite * Port and Protocol Relationship * Conceptual Use of Ports * UDP versus TCP * Protocols ? ARP * Protocols ? ICMP * Network Service ? DNS * SSH Security Protocol * SSH * Protocols ? SNMP * Protocols ? SMTP * Packet Sniffers * Example Packet Sniffers * Review CRYPTOGRAPHY * Overview * Introduction * Encryption * Cryptographic Definitions * Encryption Algorithm * Implementation * Symmetric Encryption * Symmetric Downfalls * Symmetric Algorithms * Crack Times * Asymmetric Encryption * Public Key * Cryptography Advantages * Asymmetric * Algorithm Disadvantages * Asymmetric * Algorithm Examples * Key Exchange * Symmetric versus Asymmetric * Using the * Algorithm Types Together * Instructor Demonstration * Hashing * Common Hash Algorithms * Birthday Attack * Example of a Birthday Attack * Generic Hash Demo * Instructor Demonstration * Security Issues in Hashing * Hash Collisions * MD5 Collision Creates * Rogue Certificate Authority * Hybrid Encryption * Digital Signatures * SSL/TLS * SSL Connection Setup * SSL Hybrid Encryption * SSH * IPSec - Network Layer Protection * IPSec * IPSec * Public Key Infrastructure * Quantum Cryptography * Attack Vectors * Network Attacks * More Attacks (Cryptanalysis) * Review WHY VULNERABILITY ASSESSMENTS? * Overview * What is a * Vulnerability Assessment? * Vulnerability Assessment * Benefits of a * Vulnerability Assessment * What are Vulnerabilities? * Security Vulnerability Life Cycle * Compliance and Project Scoping * The Project * Overview Statement * Project Overview Statement * Assessing Current * Network Concerns * Vulnerabilities in Networks * More Concerns * Network Vulnerability * Assessment Methodology * Network Vulnerability * Assessment Methodology * Phase I: Data Collection * Phase II: Interviews, Information Reviews, and Hands-On Investigation * Phase III: Analysis * Analysis cont. * Risk Management * Why Is Risk * Management Difficult? * Risk Analysis Objectives * Putting Together * the Team and Components * What Is the Value of an Asset? * Examples of Some Vulnerabilities that Are Not Always Obvious * Categorizing Risks * Some Examples * of Types of Losses * Different Approaches * to Analysis * Who Uses What? * Qualitative Analysis Steps * Quantitative Analysis * ALE Values Uses * ALE Example * ARO Values and Their Meaning * ALE Calculation * Can a Purely Quantitative Analysis Be Accomplished? * Comparing Cost and Benefit * Countermeasure Criteria * Calculating Cost/Benefit * Cost of a Countermeasure * Can You Get Rid of All Risk? * Management?s Response to Identified Risks * Liability of Actions * Policy Review * (Top-Down) Methodology * Definitions * Policy Types * Policies with Different Goals * Industry Best * Practice Standards * Components that Support the Security Policy * Policy Contents * When Critiquing a Policy * Technical (Bottom-Up) * Methodology * Review VULNERABILITY TOOLS OF THE TRADE * Vulnerability Scanners * Nessus * SAINT ? Sample Report * Tool: Retina * Qualys Guard * http://www.qualys.com/products/overview/ * Tool: LANguard * Microsoft Baseline Analyzer * MBSA Scan Report * Dealing with Assessment Results * Patch Management Options * Review OUTPUT ANALYSIS AND REPORTS * Overview * Staying Abreast: Security Alerts * Vulnerability Research Sites * Nessus * SAINT * SAINT Reports * GFI Languard * GFI Reports * MBSA * MBSA Reports * Review RECONNAISSANCE, ENUMERATION & SCANNING * Reconnaissance Overview * Step One in the * Hacking ?Life-Cycle? * What Information is * Gathered by the Hacker? * Passive vs. Active Reconnaissance * Footprinting Defined * Social Access * Social Engineering Techniques * Social Networking Sites * People Search Engines * Internet Archive: * The WayBack Machine * Footprinting Tools Overview * Maltego GUI * Johnny.Ihackstuff.com * Google (cont.) * Domain Name Registration * WHOIS Output * DNS Databases * Using Nslookup * Traceroute Operation * Web Server Info Tool: Netcraft * Introduction to Port Scanning * Which Services * use Which Ports? * Port Scan Tips * Port Scans Shou

Duration 3 Days 18 CPD hours This course is intended for Blockchain Architects Blockchain DevelopersApplication Developers Blockchain System AdministratorsNetwork Security Architects Cyber Security ExpertsIT Professionals w/cyber security experience Overview Those who attend the Security for Blockchain Professionals course and pass the exam certification will have a demonstrated knowledge of:Identifying and differentiating between security threats and attacks on a Blockchain network.Blockchain security methods, best practices, risk mitigation, and more.All known (to date) cyber-attack vectors on the Blockchain.Performing Blockchain network security risk analysis.A complete understanding of Blockchain?s inherent security features and risks.An excellent knowledge of best security practices for Blockchain System/Network Administrators.Demonstrating appropriate Blockchain data safeguarding techniques. This course covers all known aspects of Blockchain security that exist in the Blockchain environment today and provides a detailed overview of all Blockchain security issues, including threats, risk mitigation, node security integrity, confidentiality, best security practices, advanced Blockchain security and more. FUNDAMENTAL BLOCKCHAIN SECURITY CRYPTOGRAPHY FOR THE BLOCKCHAIN HASH FUNCTIONS * Public Key Cryptography * Elliptic Curve Cryptography * A Brief Introduction to Blockchain The Blocks * The Chains * The Network * Promises of the Blockchain * Blockchain Security Assumptions Digital Signature Security * Hash Function Security * Limitations of Basic Blockchain Security Public Key Cryptography Review * Real-Life Public Key Protection * Cryptography and Quantum Computers * Lab 1 (Tentative) Finding Hash Function Collisions Reversible hash function * Hash function with poor non-locality * Hash function with small search space * Breaking Public Key Cryptography Brute Forcing a Short Private Key * Brute Forcing a Poorly-Chosen Private Key CONSENSUS IN THE BLOCKCHAIN * Blockchain Consensus and Byzantine Generals Blockchain Networking Review * Byzantine Generals Problem Relation to Blockchain * Byzantine Fault Tolerance * Introduction to Blockchain Consensus Security Blockchain Consensus Breakthrough * Proof of Work What is Proof of Work? * How does Proof of Work Solve BGP? * Proof of Work Security Assumptions * Attacking Proof of Work * Proof of Stake What is Proof of Stake? * How does Proof of Stake Solve BGP? * Proof of Stake Security Assumptions * Attacking Proof of Stake * General Attacks on Blockchain Consensus * Other Blockchain Consensus Algorithms * Lab 2 (Tentative) Attacking Proof of Work Performing a 51% Attack * Performing a Selfish Mining Attack * Attacking Proof of Stake Performing a XX% Attack * Performing a Long-Range Attack * Malleable Transaction Attacks ADVANCED BLOCKCHAIN SECURITY MECHANISMS ARCHITECTURAL SECURITY MEASURES PERMISSIONED BLOCKCHAINS * Checkpointing * Advanced Cryptographic Solutions Multiparty Signatures * Zero-Knowledge Proofs * Stealth Addresses * Ring Signatures * Confidential Transactions * Lab 3 (Tentative) Permissioned Blockchains * 51% on a Checkpointed Blockchain * Data mining on a blockchain with/without stealth addresses * Zero-Knowledge Proof Simulation * Trying to fake knowledge of a ZKP * Module 4: Blockchain for Business Introduction to Ethereum Security What is Ethereum * Consensus in Ethereum * Smart Contracts in Ethereum * Ethereum Security * Pros and Cons of Ethereum Blockchains * Introduction to Hyperledger Security What is Hyperledger * Consensus in Hyperledger * Smart Contracts in Hyperledger * Hyperledger Security * Pros and Cons of Hyperledger Blockchains * Introduction to Corda Security What is Corda * Consensus in Corda * Smart Contracts in Corda * Corda Security * Pros and Cons of Corda Blockchains * Lab 4 BLOCKCHAIN RISK ASSESSMENT WHAT ARE THE RISKS OF THE BLOCKCHAIN? * Information Security * Information Sensitivity Data being placed on blockchain * Risks of disclosure * Regulatory Requirements Data encryption * Data control * PII protection * Blockchain Architectural Design Public and Private Blockchains * Open and Permissioned Blockchains * Choosing a Blockchain Architecture * Lab 5 * Exploring public/private open/permissioned blockchains? BASIC BLOCKCHAIN SECURITY BLOCKCHAIN ARCHITECTURE * User Security Protecting Private Keys * Malware * Update * Node Security * Configuring MSPs * Network Security * Lab 6 (TBD) SMART CONTRACT SECURITY INTRODUCTION TO SMART CONTRACTS * Smart Contract Security Considerations Turing-Complete * Lifetime * External Software * Smart Contract Code Auditing Difficulties * Techniques * Tools * Lab 7 (Tentative) * Try a couple of smart contract code auditing tool against different contracts with built-in vulnerabilities * Module 8: Security Implementing Business Blockchains Ethereum Best Practices * Hyperledger Best Practices * Corda Best Practices * Lab 8 NETWORK-LEVEL VULNERABILITIES AND ATTACKS INTRODUCTION TO BLOCKCHAIN NETWORK ATTACKS * 51% Attacks * Denial of Service Attacks * Eclipse Attacks * Routing Attacks * Sybil Attacks * Lab 9 * Perform different network-level attacks SYSTEM-LEVEL VULNERABILITIES AND ATTACKS INTRODUCTION TO BLOCKCHAIN SYSTEM VULNERABILITIES * The Bitcoin Hack * The Verge Hack * The EOS Vulnerability * Lab 10 SMART CONTRACT VULNERABILITIES AND ATTACKS INTRODUCTION TO COMMON SMART CONTRACT VULNERABILITIES * Reentrancy * Access Control * Arithmetic * Unchecked Return Values * Denial of Service * Bad Randomness * Race Conditions * Timestamp Dependence * Short Addresses * Lab 11 * Exploiting vulnerable smart contracts SECURITY OF ALTERNATIVE DLT ARCHITECTURES WHAT ARE ALTERNATIVE DLT ARCHITECTURES? * Introduction to Directed Acyclic Graphs (DAGs) * DAGs vs. Blockchains * Advantages of DAGs * DAG Vulnerabilities and Security * Lab 12 * Exploring a DAG network