TP2995 Security for Architects Training
This course provides general coverage of cybersecurity and risk management. Included in the course are technology, security metrics, policies, threat modeling, and attack types. This is appropriate for analysts, architects, and others who need a strong, general understanding of cybersecurity.
Prerequistes
None.
Duration
Two days
Outline for Security for Architects Training
Lesson 1 -Introduction and Security Concepts
Security Concepts
DLP
NAC
Firewalls
IDS/IPS
Honeypot
SIEM/SYSLOG
DAM/DAMP
VPN
PPTP, L2TP, IPSEC, SSL
SSL/TLS
Lesson 2 - Threats and Vulnerabilities
Malware
virus, worm, Trojan, logic bomb, ransomware, spyware, etc.
DoS
Smurf, Syn flood, Fraggle, DHCP starvation
Buffer overflow
DNS Poisoning
Web Attacks
SQL Injection, XSS, CSRF, etc.
Session Hijacking
Social Engineering
Lesson 3 - Compliance and Operational Security
ITIL
COBIT
COSO
ISO
NIST
Risk Assessment
ALE, SLE, ARO, etc.
Disaster Recovery
DRP, BCP, MTD, MTBF, MTTR
Testing DRP/BCP
Policies
Lesson 4 – Threat Modeling and Intelligence
STRIDE
DREAD
PASTA
SQUARE
LINDDUN
Attack Trees
Tools
SHODAN
Threat Crowd
CVSS scores
Lesson 5 - Access Control and Identity Management
Models
MAC, DAC, RBAC, ABAC
Mobile access control
Authentication
Type I, II, III
Biometrics
TOTP, HOTP
PAP
SPAP
CHAP
EAP
Kerberos
Radius
Diameter
Tacacs/Tacacs+