As for MOOC course content - I don't know these guys from Adam's off ox, and while I know IIIT (note, not IIT) Bangalore, this is a course offered by them in collaboration with an outfit called FISST (oh dear.. the name). The course name looks like it is meant to train skript kiddeez but the content looks much more reasonable. Of course, given the extremely short course length, it is possibly like the usual mile wide inch deep CISSP training that'll help you learn a lot of buzzwords if nothing else. --srs https://talentedge.in/certified-cyber-warrior-iiit-bangalore/ Syllabus Cyber Security Foundation Module: Introduction & Overview of Cyber Security Common Security threats and prevention/mitigation plans Cryptography – fundamentals with theory of encryption keys (LMS) Networking Security – fundamentals with N/w layers and various protocols (LMS) Introduction to IT Act and Cyber Laws: Cyber Laws – Overview of Cyber Civil Wrong Cyber Laws – overview of Cyber Offences Case studies where brand and financial loss has been reported Introduction to Dark web and Deep Web: Dark web & Deep Web Anatomy of Financial Cyber Crime Organization Network Security & Best practices for secured n/w administration VPN Wireless Security Vulnerabilities in various layers of Information Systems: Overview of Multitasking and Multiprocessing Assess And Mitigate Security Vulnerabilities Understanding Security Capabilities of Information System Virtualization Memory Protection Memory & Address protection Protection Mechanisms Brief Introduction to Cyber Risk and Cyber Insurance Best Practices: Cyber Risk & Information Risk Management Risk Management Concepts Component of Risk Management – example Risk Management Process Common Cyber Threats Framework for Cyber and IS Risk Management Cyber Insurance – an Introduction What is cyber insurance How to assess and bargain a good policy How to implement documentation for claims Best practices for ‘zero’ risk policies Introduction to Physical Security & importance to protect IT Assets: Physical Security Introduction Perimeter / Boundary Security Building Security Inside Building with back-end command & Control System Overview of IoT devices Security & Concerns Introduction to Blockchain, Cryptocurrencies, and Bitcoins Introduction to Blockchain concept Cryptocurrencies Cyber Security Design and Maintaining Resilience Cyber Security Designing And Maintaining Resilience Designing a Resilient Enterprise Maintaining Enterprise Resilience Perimeter Protection with Firewall Incident Response Plan Cyber Risk Management process Inventory Authorized and Unauthorized devices and Software Recommended Best practices for Cyber Security: Cyber Hygiene Data Security Wireless networking Invoke the Incident Response Plan Recover RTO – RPO Preparedness Plan Audit Test your incident response plan Vendor Incident response 20 Critical Security Components – Part 1 Critical Control 1: Inventory of Authorized and Unauthorized Devices Critical Control 2: Inventory of Authorized and Unauthorized Software Critical Control 3: Secure Configurations for Hardware and Software on Laptops, Workstations, and Servers Critical Control 4: Continuous Vulnerability Assessment and Remediation Critical Control 5: Controlled Use of Administrative Privileges Critical Control 6: Maintenance, Monitoring, and Analysis of Audit Logs Critical Control 7: Email and Web Browser Protections Critical Control 8: Malware Defenses Critical Control 9: Limitation and Control of Network Ports, Protocols, and Services 20 Critical Security Components – Part 2 Critical Control 10: Data Recovery Capability Critical Control 11: Secure Configurations for Network Devices such as Firewalls, Routers, and Switches Critical Control 12: Boundary Defense Critical Control 13: Data Protection Critical Control 14: Controlled Access Based On Need to Know Critical Control 15: Wireless Device Control Critical Control 16: Account Monitoring and Control Critical Control 17: Security Skills Assessment and Appropriate Training to Fill Gaps Critical Control 18: Application Software Security Critical Control 19: Incident Response and Management Critical Control 20: Penetration Tests and Red Team Exercises 2 Day On Campus Boot Camp at IIIT B Lab Session – General Threats Lab Session – Cryptography Boot Camp 1 Boot Camp 2 On Fri, Jul 27, 2018 at 5:39 PM Suresh Ramasubramanian <ops.lists@gmail.com> wrote:
Please start with the nanog videos Chris referenced and the book that I told you about.
Before security knowledge, there’s a lot of hard CS and pure math involved if you want to teach it as a discipline – but that should be available most anywhere. And of course practical courses on network and system administration.
Depends on whether you want to train junior analysts and build their knowledge in a more hands on manner in on the job training, or proceed with a graduate course that’ll take years and give them a deeper dive into this.
For on the job training the videos and the Limoncelli book will do very well indeed for a start.
--srs
From: Ramy Hashish <ramy.ihashish@gmail.com> Date: Friday, 27 July 2018 at 5:12 PM To: NANOG Mailing List <nanog@nanog.org>, <stephend@ameslab.gov>, <rsk@gsp.org>, Suresh Ramasubramanian <ops.lists@gmail.com>, <Pratik.Lotia@charter.com> Subject: Re: SP security knowledge build up
Thank you guys for all your academic recommendation, unfortunately we are not US residents, so can you recommend the references/books/curriculum used in the mentioned programs?
-- Suresh Ramasubramanian (ops.lists@gmail.com)