This Curriculum covers Cyber Security & Networking Basics for (3 Months Duration) Weekdays

Physical Classes

Phase 1: Networking Basics

Week 1:

• Day 1
• General Cyber Security Onboarding

o What is a network?

o Types of networking

o Network Topologies

o Ethernet Cabling

• Day 2

o OSI Reference Model

o TCP/IP Model

o Advantages and Disadvantages of Computer Networks

• Day 3

o OSI Model Compared to the TCP/IP Models

o Network Devices and functions

o Endpoint Devices and functions

o Network protocols

o Practical/Assignments: Ethernet Cabling

Week 2:

• Day 4

o Transmission Media/cables

o Server and types of servers

• Day 5

o Firewalls

o Ethernet Addressing

o IP Addressing IP Terminology

• Day 6

o Subnetting

o Installation of Packet tracer

o Basic network device configurations and routing

 o Practical/Assignments: IP Addressing, Subnetting

Week 3:

• Day 7

o Understand and apply fundamental concepts of networking

o Open Systems Interconnection (OSI) and Transmission Control Protocol/Internet

Protocol (TCP/IP) models

• Day 8

o Network topologies

o Network relationships (e.g. peer-to-peer (P2P) client-server)

o Transmission media types (e.g. wired wireless)

• Day 9

o Software-defined networking (SDN) (e.g. Software-Defined Wide Area Network (SD-

WAN) network virtualization automation)

o Commonly used ports and protocols

o Manage network access controls

o Manage network security

o Practical/Assignments: How to install and configure SD-WAN & Network

Virtualization, Practical use of Network Sniffer e.g. Wireshark

Week 4:

• Day 10:

o Operate and configure network-based security devices

o Firewalls and proxies (e.g. filtering methods web application firewall (WAF))

• Day 11:

o Intrusion detection systems (IDS) and intrusion prevention systems (IPS)

o Routers and switches

• Day 12:

o Secure wireless communications

o Evil Twin attacks

o Technologies (e.g. cellular network Wi-Fi Bluetooth Near-Field Communication

(NFC))

o Authentication and encryption protocols (e.g. Wired Equivalent Privacy (WEP) Wi-Fi
Protected Access (WPA) Extensible Authentication Protocol (EAP))

o Practical/Assignments: Demonstration of how to configure routers and switches,

Practical exercises on secure wireless communications and Evil Twin attack detection
and prevention
Phase 2: Cyber Security
Week 1:

Day 1:

• General Cyber Security Onboarding

Introduction to Cybersecurity

Cybersecurity fundamentals: CIA triad security policies and procedures.

Overview of Cybersecurity Concept: Introduction to cybersecurity threat landscape types of cyber

threats and importance of cybersecurity awareness.

Lab setup: Setting up a safe learning environment and installing necessary software (e.g. VirtualBox,
Kali Linux).

Day 2:

Introduction To Operating System.

Access control user authentication, privilege escalation, and secure configuration of operating
systems.

Unix/Linux Operating System: Access control, user authentication, privilege escalation, secure
configuration of operating systems.

Hardening Operating Systems: Techniques for hardening OS security, patch management, securing
services, and daemons.

Day 3:

Threat Actors and Cyber Threats

Understanding threat actors

Types of cyber threats

Common attack vectors

Phishing attacks and prevention

Malware and Vulnerabilities

Types of malware

Malware analysis techniques

Vulnerability analysis

Common vulnerabilities and exposures (CVE)

Assignments covering all topics treated

Week 2:

Day 4:

Introduction To Operating System.

Access control user authentication, privilege escalation, and secure configuration of operating
systems.

Unix/Linux Operating System: Access control, user authentication, privilege escalation, secure
configuration of operating systems.

Hardening Operating Systems: Techniques for hardening OS security, patch management, securing
services, and daemons.

Day 5:

- Risk Identification, Monitoring & Analysis.

- Foundations of Risk Management

- Introduction to Risk Management

- Definition and importance of risk management

- Overview of risk identification, monitoring, and analysis

Day: 6

- Risk Identification: Understanding risk identification, Methods, and techniques for risk
identification, Common types of risks, creating a risk register and documentation

- Risk Monitoring: Purpose and objectives of risk monitoring, Key performance indicators (KPIs),
Tools and techniques for risk monitoring, Continuous vs. periodic monitoring

- Topic: Risk Analysis Techniques

- Risk Analysis: Understanding risk analysis, Quantitative vs. qualitative risk analysis, Tools and
techniques for risk analysis, Risk prioritization and ranking

Week 3

Day 7:

- Integration with Risk Management Frameworks: Alignment with ISO 31000 and other risk
management frameworks, Incorporating risk identification, monitoring, and analysis into enterprise
risk management (ERM), Regulatory compliance, and industry standards

- Best Practices and Challenges

- Best practices for effective risk management

- Common challenges in risk management

Day 8:

- Strategies for overcoming challenges

- Future Trends and Developments

- Emerging trends and developments in risk management

- Opportunities for innovation and improvement

- Creating a risk register

Day 9:

- Access Control and Incident Response

- Importance of access control in cybersecurity

- Types of access control: physical, administrative, technical

- Security incident response lifecycle: preparation, detection, containment, eradication, recovery

Week 4

Day 10:

- Incident response roles and responsibilities

- Establishing an Incident Response Team

- Developing Incident Response Policies and Procedures

- Conducting Risk Assessments and Vulnerability Scans

Day 11:

- Monitoring Systems and Networks for Anomalies

- Identifying Indicators of Compromise (IOCs)

- Analyzing Logs and Security Events

- Incident Response Execution and Best Practices

- Containment and Eradication

- Isolating Affected Systems or Networks

- Removing Malware and Unauthorized Access

- Restoring Systems to a Known Good State

Day 12:

- Incident Response Lifecycle - Recovery and Post-Incident Activity

- Restoring Services and Operations

- Implementing Security Controls and Hardening Measures

 - Conducting Post-Incident Analysis and Lessons Learned

- Reporting and Documentation

- Continuous Improvement and Adaptation

- Legal and Regulatory Considerations

- Assignments covering all topics treated

Week 5

Day 13:

- Incident Response Roles, Tools and Challenges & Introduction to Cryptography

- Incident Response Roles and Responsibilities

- Incident Response Team Roles

- External Collaboration with Law Enforcement, Providers, and ISACs

- Basic Cryptography

- Basics of cryptography: symmetric vs. asymmetric algorithms

- Public Key Infrastructure (PKI) and digital certificates

- Cryptographic attacks and defenses

Day 14:

- Introduction to cryptography, encryption algorithms, symmetric vs. asymmetric encryption, digital

signatures.

- Hashing, Salting, cryptographic attacks, and countermeasures

- Steganography

- Understanding and implementing secure protocols

Day 15:

- Secure Remote Access and DNS Security & Introduction to Ethical Hacking

- Importance of SSH and secure remote access

- Configuring and using SSH

- DNS domain name system explained

- DNS security best practices

- Assignments covering all topics treated

Week 6

Day 16:

- Introduction to Ethical Hacking

- Definition and importance of ethical hacking

- Legal and ethical considerations in ethical hacking

- Overview of common cybersecurity threats and attack vectors

 - Reconnaissance and Information Gathering

- Introduction to reconnaissance techniques

- Passive and active reconnaissance methods

- Information gathering and analysis

- Tools for reconnaissance

Day 17:

- Vulnerability Assessment and Exploitation

- Understanding vulnerabilities and their classification

- Tools for vulnerability scanning and assessment

- Conducting vulnerability assessments

Day 18:

- Common exploitation techniques

- Real-world scenario demonstrations

- Exploitation tools and methodologies

- Post-exploitation and Counter measures

- Post-exploitation activities and objectives

- Countermeasures to prevent exploitation

- Best practices for securing systems and networks

Assignments covering all topics treated

Week 7

Day 19:

- Penetration Testing and Reporting

- Introduction to Penetration Testing

- Definition and objectives of penetration testing

- Types of penetration testing (black box, white box, gray box)

- Penetration testing methodologies (OSSTMM, PTES, NIST SP 800-115)

Day 20:

- Conducting Penetration Tests

- Planning and preparation for penetration testing

- Execution of penetration tests

- Documentation and reporting of findings

Day 21:

- Firewalls, IDS/IPS and Review

- Introduction to firewalls, Intrusion Detection Systems (IDS), and Intrusion Prevention Systems (IPS)

- Configuring basic firewalls

- Understanding DMZ

- Setting up and configuring IDS (Snort)

- Assignments covering all topics treated

Week 8

Day 22:

- Introduction to Cloud Computing

- Definition of Cloud Computing

- Evolution and History

- Key Characteristics

- Types of Cloud Services: Infrastructure as a Service (IaaS), Platform as a Service (PaaS), Software as
a Service (SaaS), Function as a Service (FaaS)

- Cloud Deployment Models: Public Cloud, Private Cloud, Hybrid Cloud, Community Cloud

- Benefits of Cloud Computing: Cost Efficiency, Scalability and Flexibility, Accessibility and Mobility

Day 23:

- Considerations and Implementation of Cloud Computing: Security and Data Protection, Compliance
and Regulatory Requirements, Vendor Lock-in

- Popular Cloud Service Providers: Amazon Web Services (AWS), Microsoft Azure, Google Cloud
Platform (GCP)

Day 24:

- Common Use Cases for Cloud Computing: Infrastructure Management and Virtualization, Software
Development and Testing, Big Data Analytics and Machine Learning

- Challenges, Best Practices, and Conclusion: Challenges and Risks, Data Breaches and Security
Incidents, Downtime and Service Outages, Compliance and Governance Issues

Best Practices for Cloud Adoption: Thorough Assessment and Planning, Robust Security Measures
Monitoring and Optimization

- Review, exam, and quiz testing