What is Hacking? , Computer Security Threats, Goals of Ethical Hacking, Skills and Tools required for Ethical Hackers, Process of Ethical Hacking, Process of Ethical Hacking -Demonstration Part 1, Process of Ethical Hacking - Demonstration Part 2, Information Gathering Concepts, Footprinting, Reconnaissance, Active Passive Scanning, CIA, (Confidentiality, Integrity & Availability) Threat, Vulnerabilities, Threat Actor, Risk etc definitions & concept, Advanced Cyber Security - Threats and Governance, What are Threats?, Types of threats (spoofing, tampering, repudiation, information breach, DOS, elevation of privilege), GitHub DDos Attack, Types of attack(DOS, Phishing, Ransomware), Introduction and importance to information security, elements of information security (purpose, audience and scope, security objective-CIA, Authority and access control, data classification (level 1-5), support and operation, security awareness, responsibilities rights and duty. Principle of Information security (Confidentiality, Integrity, Availability), Introduction to data security, types of data security (Encryption, Data Erasure, Data Masking, Data Resiliency), data security strategy (Physical security of servers and user devices, Access management and controls, Backups).

Practical on Metasploit and bwap, bWAPP Features, Why should you learn bWAPP?, bwapp prct.Dvwa feature and use, Kali Linux (tool) Demonstration - Web Application attack: Broken Authentication, Demonstration - Web Application attack: Blind SQL Injections, Demonstration - Web Application attack: Cross site scripting, Web Application Domain, Web Application Domain: Common Attacks, Hacking Methodology, Mobile Application Domain, Mobile Application Domain: Types of Android Attacks, steps of Incident preventation, network reconnaissance incidents (host detection, port enumeration, vulnerability assessment), DoS, Malicious Code, Information gathering (Spiders, Robots and Crawlers/Search Engine Discovery/Reconnaissance/Testing Web Application Fingerprint/. Analysis of Error Codes:)

Remediation Planning, Encryption, What is Encryption?, Prerequisites for Encryption, How does Encryption work?, Vulnerability Assessment, What is Decryption? , Encryption Vs Decryption, Types of Encryption, Encryption Algorithms and Protocols, Web application architecture, Web application attacks, Web server architecture, Web server attacks

Introduction to information security controls, types of controls (organizational control, people control, physical control, technological control), preventive, corrective, and digestive control, OSI concept, Protocols, ARP, SMTP, ICMP, TCP, 3-way Handshaking, Security Market Outlook, Computer Networks - Architecture, Layered architecture, Open Systems Interconnect (OSI) Model, Transmission Control Protocol/Internet Protocol (TCP/IP), Network Scanning, Enumeration, Common Network, Threats/Attacks, Packet Inspection, Deep Packet Inspection (Intrusions detection system and Intrusion Prevention, System), IP Security, ICMP attacks, TCP and UDP Security. Attacking Availability: Denial-of-Service, attacks, Distributed DOS attacks, SSL/TLS Data/Application, Security: confidentiality, Integrity, availability, authorization, authentication, identification, non-repudiation, types of control (preventive, detective, corrective, deterrent, recovery, compensating), access control, Security Vulnerability Management, Network devices (Hub, Switch, Router, Bridge, Gateway, Modem, Repeater, Access Point), Configuration of network devices, Network configuration tool, Firewall, Firewall configuration,

Introduction to data leakage (direct losses and indirect losses.), Types of Data Leakage, NPI (e.g. Customer Data), Confidentiality Info, PHI (e.g. Patient's Records), Intellectual Property, Data Leak Vector:- HTTP, Email, Networked Printer, End Point, Internal Mail, IM, Webmail, Data Classification, types of data classification, steps and process of data classification, Content awareness, Content analysis techniques (rule-based, data-based finger printing, partial document matching, lexicon), DLP (data in motion, data in rest, data in use), DLP limitation, DLP using DRM, DEFINITION OF EVENT CORRELATION, EVENT CORRELATION USE CASES AND TECHNIQUES, BENEFITS OF EVENT CORRELATION, Event log, Key concept of log management (log, event, incidents), log management process and challenges, configuration of windows event log, SIEM, Remote Software Access, Web Proxies, Firewall, Routers, What is Data backup, Importance of data backup, why to backup, RPO, RTO, Types (Mirror, Full, Differential, incremental backup, Cloud Backup, FTP backup,), Storage types (local or USB Disks, Network Shares and NAS, Data Backup to Tapes, Cloud Storage, ), Backup Procedures,

Information Security Policy, Top Information Security Threats (Unsecure or Poorly Secured Systems, Social Media Attacks, Social Engineering, Malware on Endpoints, Lack of Encryption, Security Misconfiguration, Active and Passive Attack, Cyber Security Regulations, Roles of International Law, the state and Private Sector in Cyberspace, Cyber Security Standards. The INDIAN Cyberspace, National Cyber Security Policy 2013. Elements of an information security policy (Purpose, scope, Objective, authorization and access control, classification, data support operation, Security standard and guideline(COSO, COBIT, ITIL, NIST, NSA, ISO, IT act, Copyright, Patent law, IPR), Laws of Indian Govt., Cyber Security Landscape Cyber Security Policy Management, Cyber Security Policy Ecosystem, Cyber Security Policy Management Design, Cyber Security FrameWorks, ISMS Environment, Frameworks, ISO27001 Standard, Security Metrics, Types of Security Metrics (Strategic security metrics, Security management metrics, Operational security metrics), Mean-Time-to-Detect and Mean-Time-to-Respond, Number of systems with known vulnerabilities, Number of SSL certificates configured incorrectly, Volume of data transferred using the corporate network, Number of communication ports open during a period of time, Frequency of review of third-party accesses, frequency of access to critical enterprise systems by third parties, Percentage of business partners with effective cybersecurity policies, Introduction to Risk Assessment, Identification of Risk assessment, Risk assessment model (Identification, Assessment, Mitigation, Prevention), role and need of risk assessment.

Hierarchy of Information security (Board of Director, CIO, CISO, CEO, System Architect, System Engineer, Security Director, System Admin, Security Analyst, IS Auditor, DB Admin), Importance of information security policy, element of information security (purpose, audience, CIA, encryption policy, data backup policy,

Incidents, types of Incidents, Impact of incidents, Information (alert, logs, network flow), Phases of incident handling, incident response life cycle

Firewall, why firewall, DMZ, troubleshooting Cisco IOS Firewall, troubleshooting routers, anti-virus and anti-spam ware, incident response process (identification, recording, response, communication, containment, classification, investigation), Unauthorized Access Incidents, Traffic filtering( NAT-Network Address Translation, VPN- Virtual Private Network, IDP-Intrusion Detection & Prevention, CISCO IOS Firewall IDS Configuration Initializing Cisco IOS Firewall IDS, Initializing the Post Office, Configuring and Applying Audit Rules, Verifying the Configuration), IPS configuration, IPS Tuning, SNMP Configuration, Configuration of MoD Security, Patch Management (Windows Server Update Services)

Keylogger Software, Network Traffic Analyser, Password Analyser and many moret