Prerequistes

None.

Duration

Two days

Outline for Security for Architects Training

Lesson 1 -Introduction and Security Concepts

Security Concepts

DLP

NAC

Firewalls

IDS/IPS

Honeypot

SIEM/SYSLOG

DAM/DAMP

VPN

PPTP, L2TP, IPSEC, SSL

SSL/TLS

Lesson 2 - Threats and Vulnerabilities

Malware

virus, worm, Trojan, logic bomb, ransomware, spyware, etc.

DoS

Smurf, Syn flood, Fraggle, DHCP starvation

Buffer overflow

DNS Poisoning

Web Attacks

SQL Injection, XSS, CSRF, etc.

Session Hijacking

Social Engineering

Lesson 3 - Compliance and Operational Security

ITIL

COBIT

COSO

ISO

NIST

Risk Assessment

ALE, SLE, ARO, etc.

Disaster Recovery

DRP, BCP, MTD, MTBF, MTTR

Testing DRP/BCP

Policies

Lesson 4 – Threat Modeling and Intelligence

STRIDE

DREAD

PASTA

SQUARE

LINDDUN

Attack Trees

Tools

SHODAN

Threat Crowd

CVSS scores

Lesson 5 - Access Control and Identity Management

Models

MAC, DAC, RBAC, ABAC

Mobile access control

Authentication

Type I, II, III

Biometrics

TOTP, HOTP

PAP

SPAP

CHAP

EAP

Kerberos

Radius

Diameter

Tacacs/Tacacs+