Introduction to Information Security

The level 1 course is intended to address the basics of information Security Concepts and the general industry trends. We will be covering the following topics:

• What is Information Security? Why do you need it?  Basic Principles of Confidentiality, Integrity Availability Concepts Policies, procedures, Guidelines, Standards Administrative Measures and Technical Measures, People, Process, Technology
• Current Trends in information Security, Cloud Computing: benefits and Issues related to info Sec. Standards available for InfoSec: Cobit, Cadbury, ISO 27001, OWASP, OSSTMM, etc - An Overview, Certifiable Standards: How, What, When, Who.
• Vulnerability, Threat and Risk, Risk Assessment and Mitigation + Quick fixes, Introduction to BCP / DRP / Incident management, Segregation and Separation of Duties & Roles and responsibilities, IT ACT 2000
• Types of assessments for Information Security - VAPT of Networks; Web Appln Audits; IT assessments or audits; Assessment of Network Equipments; Assessment of Security Devices (Web Filtering, Firewalls, IDS / IPS, Routers; Data Center Assessment; Security of Application Software; SAP Security; Desktop Security; RDBMS Security; BCP / DRP assessments; Policy reviews;
• Network Security & Common and Popular Tools Used
• Windows and Linux security, Types of Audits in Windows Environment: Server Security, Active Directory (Group Policy), Anti-Virus, Mails, Malware, End point protection, Shadow Passwords, SUDO users, etc
• Web Application Security: OWASP, Common Issues in Web Apps, What is XSS, SQL injection, CSRF, Password Vulnerabilities, SSL, CAPTCHA, Session Hijacking, Local and Remote File Inclusion, Audit Trails, Web Server Issues, etc

Introduction to the Course.
Part1 - Definition of Information Security.
Part 2 - Information Security Terminologies.
Part3 - Goals of Information Security.
Part 4 Implementation Issues of the Goals of Information Security - I.
Part5 - Implementation Issues of the Goals of Information Security - II.
Part6 - Control Mechanisms for Information Security - I.
Part 7 - Access Control - Administrative and Technical.
Part 8 - Passwords - Are they secure? - I.
Part 9 - Access Control - Administrative and Technical.
Part 10 - Passwords - Are they secure? - III.
Part 11 - Multifactor Authentication - Challenges.
Part 12 - Application Level Control and Information Security Planning.
Part 13 - Information Security - Policy, Standard and Practice.
Part 14 - Policies governing Issues, Roles and Responsibilities.
Part 15 - Managing changes in Information Security Policies.
Part 16 - Spheres of Information Security.
Part 01 - Protecting your Personal Computer - I.
Part 02 - Protecting your Personal Computer - II.
Part 03 - Protecting your Personal Computer - III.
Part 04 - Cloud Computing (Basic Definitions) - I.
Part 05 - Cloud Computing (Deployment) - II.
Part 06 - Cloud Computing (Security Issues) - III.
Part 07 - Cloud Computing (Trust and Risk) - IV.
Part 08 - Cloud Computing (Security and Privacy Issues) - V.
Part 09 - Cloud Computing (Security and Privacy Issues) - VI.
Part 10 - Cloud Computing (Application and Data level security) - VII.
Part 11 - Cloud Computing (Summary) - VIII.
Part 12 - Standard I.
Part 13 - Standard II.
Part 14 - Standard III.
Module 3 Part 1.
Module 3 Part 2.
Module 3 Part 3.
Module 3 Part 4.
Module 3 Part 5.
Module 3 Part 6.
Module 3 Part 7.
Module 3 Part 8.
Module 3 Part 9.
Module 4 Part 10.
Module 4 Part 1.
Module 4 Part 2.
Module 4 Part 3.
Module 4 Part 4.
Module 4 Part 5.
Module 4 Part 6.
Module 4 Part 7.
Module 4 Part 8.
Module 4 Part 9.
Module 5 Part 1.
Module 5 Part 2.
Module 5 Part 3.
Module 5 Part 4.
Module 5 Part 5.
Module 5 Part 6.
Module 5 Part 7.
Module 6 Part 1.
Module 6 Part 2.
Module 6 Part 3.
Module 6 Part 4.
Module 6 Part 5.
Module 6 Part 6.
Module 6 Part 7.
Module 6 Part 8.