Duration: 8 week
Fee type: Paid

Information security (infosec) is a set of strategies for managing the processes, tools and policies necessary to prevent, detect, document and counter threats to digital and non-digital information. Infosec responsibilities include establishing a set of business processes that will protect information assets regardless of how the information is formatted or whether it is in transit, is being processed or is at rest in storage.


Infosec programs are built around the core objectives of the CIA triad: maintaining


the confidentiality, integrity and availability of IT systems and business data. These objectives ensure that sensitive information is only disclosed to authorized parties (confidentiality), prevent unauthorized modification of data (integrity) and guarantee the data can be accessed by authorized parties when requested (availability).


Many large enterprises employ a dedicated security group to implement and maintain the organization's infosec program. Typically, this group is led by a chief information security officer. The security group is generally responsible for conducting risk management, a process through which vulnerabilities and threats to information assets are continuously assessed, and the appropriate protective controls are decided on and applied. The value of an organization lies within its information -- its security is critical for business operations, as well as retaining credibility and earning the trust of clients.


Threats to sensitive and private information come in many different forms, such as malware and phishing attacks, identity theft and ransomware. To deter attackers and mitigate vulnerabilities at various points, multiple security controls are implemented and coordinated as part of a layered defense in depth strategy. This should minimize the impact of an attack. To be prepared for a security breach, security groups should have an incident response plan (IRP) in place. This should allow them to contain and limit the damage, remove the cause and apply updated defense controls.


Information security processes and policies typically involve physical and digital security measures to protect data from unauthorized access, use, replication or destruction. These measures can


include mantraps, encryption key management, network intrusion detection systems, password policies and regulatory compliance. A security audit may be conducted to evaluate the organization's ability to maintain secure systems against a set of established criteria.


Information security (IS) is designed to protect the confidentiality, integrity and availability of computer system data from those with malicious intentions. Confidentiality, integrity and availability are sometimes referred to as the CIA Triad of information security. This triad has evolved into what is commonly termed the Parkerian hexad, which includes confidentiality, possession (or control), integrity, authenticity, availability and utility.


Information security handles risk management. Anything can act as a risk or a threat to the CIA triad or Parkerian hexad. Sensitive information must be kept - it cannot be changed, altered or transferred without permission. For example, a message could be modified during transmission by someone intercepting it before it reaches the intended recipient. Good cryptography tools can help mitigate this security threat. Digital signatures can improve information security by enhancing authenticity processes and prompting individuals to prove their identity before they can gain access to computer data.

Introduction to Ethical Hacking

Duration: 2 day

o   Key issues plaguing the information security world, incident management process, and penetration testing 

Footprinting and Reconnaissance

Duration: 2 day

o Various types of footprinting, footprinting tools, and countermeasures 

Scanning Networks

Duration: 2 day

Network scanning techniques and scanning countermeasures 


Duration: 2 day

o Enumeration techniques and enumeration countermeasures 

System Hacking

Duration: 2 day

System hacking methodology, steganography, steganalysis attacks, and covering tracks 

Malware Threats

Duration: 2 day

o   Different types of Trojans, Trojan analysis, and Trojan countermeasures


o   Working of viruses, virus analysis, computer worms, malware analysis procedure, and countermeasures 


Duration: 2 day

Packet sniffing techniques and how to defend against sniffing 

Social Engineering

Duration: 2 day

Social Engineering techniques, identify theft, and social engineering countermeasures 

Denial of Service

Duration: 2 day

o   DoS/DDoS attack techniques, botnets, DDoS attack tools, and DoS/DDoS countermeasures 

Session Hijack

Duration: 2 day

Session hijacking techniques and countermeasures 

Hacking Web Servers

Duration: 2 day

o   Different types of webserver attacks, attack methodology, and countermeasures Hacking Web Applications


o   Different types of web application attacks, web application hacking methodology, and countermeasures 

SQL Injection

Duration: 2 day

o SQL injection attacks and injection detection tools 

Hacking WiFi

Duration: 2 day

o   Wireless Encryption, wireless hacking methodology, wireless hacking tools, and wi-fi security tools 

Hacking Mobile Platforms

Duration: 2 day

o   Mobile platform attack vector, android vulnerabilities, jailbreaking iOS, windows phone 8 vulnerabilities, mobile security guidelines, and tools 

Evading IDS, Firewall

Duration: 2 day

Firewall, IDS and honeypot evasion techniques, evasion tools, and countermeasures 

Cloud Computing

Duration: 2 day

Various cloud computing concepts, threats, attacks, and security techniques and tools 


Duration: 2 day

o   Different types of cryptography ciphers, Public Key Infrastructure (PKI), cryptography attacks, and cryptanalysis tools 


Various types of penetration testing, security audit, vulnerability assessment, and penetration testing roadmap 

An Academic Initiative of CEBS © Adept 2017-18. All Right Reserved. Privacy Policy