Cyber security

Introduction to Information security concepts

  • Types of Attacks- Physical Attacks and Modular Exponentiation
  • Side Channel Attacks and Countermeasures
  • Introduction to Cryptography
  • Access Control and Authentication mechanisms
  • Telecommunications and Network Security
  • Operations Security
  • Physical and Environmental Security
  • Business Continuity and Disaster Recovery Planning
  • Security Architecture and Design
  • Software Development Security
  • Static Program Analysis
  • Information Security Governance and Risk Management
  • Legal, Regulations, Investigations, and Compliance

Introduction to Cyber Security

  • Web security: Attacks and defenses
  • Penetration and Fuzz Testing
  • Role of Cyber Security

Introduction to Security Intelligence and Analytics

  • Evolution of Cyber Threat
  • Understanding the Data
  • Drawing Conclusions
  • Perspective-Same Attack, Different Lens
  • Challenges with Traditional Security Controls
  • Security Analytics and Intelligence (SAI) Framework
  • Critical Success Factors for Developing the SAI Framework
  • Approach for Building the SAI Framework
  • Security information and event management(SIEM) platform

Big Data Analytics for Security

  • Enterprise Events Analytics
  • Netflow Monitoring to Identify Botnets
  • Advanced Persistent Threats Detection
  • –Beehive: Behavior Profiling for APT Detection
  • –Using Large-Scale Distributed Computing to Unveil APTs
  • The WINE Platform for Experimenting with Big Data Analytics in Security
  • Data Sharing and Provenance

Risk Analytics

Current State of Risk ‘Intelligence’

Info Security HAS a Risk Analytics Problem

Current State Of Technology Risk

Security Operations

Risk and Compliance

Ultimate Risk Analytics End Goal

Books Recommended

  • Susan Hansche, C. I. S. S. P., John Berti, C. I. S. S. P., & Hare, C. (2003). Official (ISC) 2 guide to the CISSP exam. CRC Press.
  • Kahate, A. (2013). Cryptography and network security. Tata McGraw-Hill Education.
  • Forouzan, A. B. (2006). Data communications & networking (sie). Tata McGraw-Hill Education.
  • Gordon, L. A., & Loeb, M. P. (2006). Managing cybersecurity resources: a cost-benefit analysis (Vol. 1). New York: McGraw-Hill.

luring attackers into a trap, we can protect our systems, detect threats, and gain valuable insights into the mind of the attacker.

Here are some live examples of honeypots:

  1. Decoy Bank Account: A bank creates a decoy account with a small amount of money, making it look like a vulnerable target. When an attacker tries to access or transfer funds from this account, the bank detects and tracks the attacker’s activity.
  2. Fake Login Portal: A company sets up a fake login portal that looks identical to their real one. When an attacker tries to log in, the company captures their credentials and monitors their activity.
  3. Honeynet: A network of honeypots is created to mimic a real network, complete with decoy servers, databases, and user accounts. Attackers who enter the honeynet are trapped and monitored.
  4. Decoy Database: A company creates a decoy database containing fake sensitive information, such as credit card numbers or personal data. When an attacker tries to access or steal this data, the company detects and responds to the threat.
  5. Tarpit: A tarpit is a honeypot that slows down an attacker’s activity, wasting their time and resources. For example, a slow-loading website that appears vulnerable but actually traps attackers in an infinite loop.
  6. Sandbox Environment: A sandbox environment is created to test and monitor new software or applications. If an attacker tries to exploit vulnerabilities in the sandbox, the activity is contained and analyzed.