[[https://academy.smu.edu.sg/smu-advanced-certificate-cybersecurity-3716#schedule| SMU Advanced Certificate in Cybersecurity ]] **Singapore cyber security laws** Cybersecurity Act, PDPA, IM8, MAS TRM Participants will build awareness of the cybersecurity landscape, gain insights into how emerging technologies are harnessed in cybersecurity. **Cybersecurity Landscape & Adoption of Emerging Technologies in Cybersecurity** Learning Objectives Learn about the cyber incidents landscape and the impact new technologies have on the cybersecurity practices and cyber risks Be aware of the concepts of threat vulnerability & risk assessment (TVRA) and its application in cybersecurity management Learn about the adaptive security resilience and security digital transformation; the security business process automation; and how cybersecurity may harness the evolving technologies in managing cyber risks Topics/Structure Landscape, Trends and Development Cyber incidents landscape and how emerging technologies can impact and also be harnessed in cybersecurity Concepts of TVRA relating to emerging technologies Harnessing Evolving Technologies Adaptive Security Resilience and Security Digital Transformation Security Business Process Automation User behaviour analytics AI-based analysis (logs, modelling) Participants will acquire the know-how to support, manage and undertake their respective responsibilities. **Cybersecurity Programme and Risk Management** Learning Objectives Analyse in detail the key industry frameworks, standards, regulatory requirements (NIST, ENISA, ISO, ISMS, PCI DSS) usually being referred to in designing the cybersecurity program Learn in detail on mapping the NIST framework components to various parts of the cybersecurity program and its implementation strategy Understand in detail how cybersecurity governance, risk management, and its security requirements are weaved into the fabric of the cybersecurity program Topics/Structure Three main security goals (CIA triad) and its relevance in Cyber Security Program Frameworks and standards for consideration Cyber Security Program Management – components for consideration Cyber Security Governance – where, what and how (Strategy planning, roadmap, resource planning & deciding a list of policies, procedures, standards and processes) Threat Identification Cyber Security Risk Management Types of Security Controls – preventative, detective & responsive Risk Mitigation Cyber Security requirements **Cybersecurity Risk Management in Practice** Learning Objectives In this workshop, the participants will focus on case studies that reinforce their learning from the cybersecurity program and risk management training. They will apply the cyber security risk management framework to perform the cyber risk assessment exercise and apply the relevant best practice into the risk management assessment exercise. Topics/Structure 1. Cyber Risk Assessment – approach and techniques 2. Hands-on exercise to cover the following Framework as reference Cyber Risk Assessment pre-work requirements Deliverables and expected outputs Finding and Recommendations; factors for consideration in the decision making Best Practices for consideration **Security Education and Awareness Programme Management** Learning Objectives Understand the key consideration for defining and planning security education and awareness programmes for the organisation Be aware of where to source for information and updates to ensure the training coverage remains relevant and up-to-date Know how to plan and manage the security education and awareness programme from inception, design to the maintenance phase Know how to measure the effectiveness of the programmes for continued improvement Topics/Structure Define and plan Source and develop Maintain, measure and adjust to stay relevant **Security Threat Management (Active, Predictive and Proactive Approaches)** Learning Objectives Learn to relate specific threat activities to the respective aspects of security threat management Understand the goals of threat detection, threat defence and threat intelligence, threat modelling and threat monitoring Learn about how to adopt cyber threat hunting as the proactive approach in threat management. Understand how to analyse security logs and identify patterns that are threats-related Understand the role of SIEM in threat management and how cyber kill chain and attack framework are adopted. Understand how to install and run a security application Topics/Structure The concept of Threat Detection, Threat Defence and Threat Intelligence, Threat modelling and Threat Monitoring Cyber Threat Hunting as the proactive approach– purpose and scope of coverage Log management – to identify anomalous activity, intrusions and threats Analysis of security event logs, system logs, security control logs, network packets Adopting SIEM in Threat management The concept of the cyber kill chain and Attack framework and its application in the real world The relevance of Network protocols and topology in threat analysis study Security application installation process **Threat Intelligence Lifecycle Management** Learning Objectives Learn about the phases applicable in the threat intelligent lifecycle including the goals, artefacts, sources, criteria and relevant deliverables applicable in each phase Learn the key consideration in selecting or using the automation tools - data collection, analysis and visualisation; scope and requirements (e.g. SIEM vs intelligence-focused tool) Understand what an integrated and automated threat intelligence platform would comprise Through use case review, learn to identify the sources of threat intelligence feeds and to correlate the threats with the related feeds Topics/Structure 1. Threat intelligence lifecycle (covering Goals, artefacts, sources, criteria and relevant deliverables applied in each phase) Collection Processing Analysis & Production Distribution & feedback 2. Use of Automation tools – data collection, analysis and visualisation Selection of tools Scope and requirements (eg SIEM vs intelligence-focused) 3. Use case review Identify the sources of threat intelligence feeds Correlate the threats with the related feeds **Security Assessment and Testing** Learning Objectives Learn about the security assessment program and the roles of security assessment and security testing in the program Learn to differentiate goals and objectives of security assessment from security testing Appreciate the approaches, tools and techniques of security assessment and testing work Have hands-on experience into how the following security assessment and testing are done: Penetration testing Performance reconnaissance Network assessment and testing Vulnerability assessment Web application security assessment and testing Topics/Structure 1. Security Assessment process 2. Applying a 3-phase approach in Security assessment: Reviewing Phase Examination Phase Testing Phase 3. Areas of focus in security testing: Authentication Authorisation Availability Confidentiality Integrity Non-repudiation 4. Types of security testing: Vulnerability Scanning Security Scanning Penetration testing Risk Assessment Security Auditing Ethical hacking Posture Assessment 5. Approaches, tools and techniques of security testing. 6. Classes of threats and vulnerabilities for consideration in the security assessment and testing 7. More about Vulnerability Assessment and Penetration Testing 8. Hands-on Demo on Penetration Testing using opensource tools(eg Wireshark, Nmap, Metasploit) – demonstrate an authorised penetration testing and produce a finding of threats, vulnerabilities and potential attack vectors in a system **Cybersecurity Operations and Maintenance** Learning Objectives An understanding of a typical security operation centre (SOC) infrastructure, the team structure and the commonly adopted tools and processes An understanding of SOC's charter, roles and responsibilities and the deliverables expected of their functions An added knowledge on access control and identity management process of SOC An added in-depth understanding of the vulnerability and patch management and in management of malware, security events and logs reviews and analysis Topics/Structure 1. SOC – objectives, elements, roles and key functions 2. The ecosystem of a SOC - people, process, technology, environment, regulations and standards 3. Operationalise Controls and Due Diligence of a SOC Administrative aspects (including the process of developing and ensuring compliance with policy and procedures) Technical aspects(controls managed by computer systems) 4. Cybersecurity Incident Management, Monitoring, Detection and Response Walkthrough of Red-team Drill (Ref: Red-team: adversarial attack simulation exercise published by Abs) Red team-blue team exercises – objectives and approach Activity-based controls to incorporate preventive, detective and corrective controls including relevant system administration applicable 5. Threat control prevention/detection management Firewalls, IDPS, IDS, IPS IPS/ IDS Network implementation – VMI, DMZ, Honeypots Honeypot Implementation in a DMZ Threat Analysis and Defence (Security vendor sharing/ demo-eg advanced threat defence, Mcafee threat intelligence exchange by Mcafee) 6. Business continuity management & Disaster Recovery Management 7. Overview of Audit and compliance 8. Security Administration – Key Roles, responsibilities and functions **ITSM for Cybersecurity** Learning Objectives Learn about the range of processes applicable to and relevant to ITSM management including cybersecurity service management Learn how to troubleshoot security-related incidents, escalating alerts to relevant stakeholders and analyse root causes and implications of incidents Learn how to conduct the problem management lifecycle from diagnosis, prioritisation to the identification and implementation of solutions involving security threats, incidents and vulnerabilities Topics/Structure 1. Understand the continuum of controls relative to the timeline of a security incident 2. Develop processes relevant for the planning and defence establishment phase 3. Processes relevant for Incident & Problem Lifecycle Management of security incidents 4. Infrastructure support management functions Configuration management Change management Availability management Incident management Problem management Release and deployment Service level management Capacity management Continuity management Security patch management **Modelling the Security Administration Role in Action** Learning Objectives Learn the activities and responsibilities of the security administration role Have the knowledge to correlate the key security due diligence to the respective security administration tasks Be able to highlight the types of possible threats and risks security administrators may be handling and managing in their operations Topics/Structure 1. Attending to routine security administration work related to Systems, Databases, Networks, Computer and Data access. 2. Performing Tactical Tasks Monitoring and ensuring timely security updates and patches are administered. Configuring and administrating security-related work 3. Performing Management/ Strategic Tasks Recommending to senior management security enhancements to address areas of potential threats Analysing and seeking management’s attention on critical security-related administration that are at risk to be carried out **Cyber Forensics** Learning Objectives Learn how the cyber forensics work fits into the cybersecurity incident response and management process Learn the tasks and activities performed in the various phases of a typical cyber forensic investigation and its expected key activities and key deliverables Learn the best practices to preserve digital evidence by following standards acceptable for the court examination Topics/Structure 1. Cybersecurity digital forensics – goals and framework 2. Types of digital evidence relevant in cyber forensics 3. Key Rules of Evidence applied in Cyber Forensics 4. Cyber Forensics Phases Collection Examination Analysis Reporting 5. Planning, Execution and tools and techniques for consideration for each phase Participants will gain hands-on practice in a simulated environment to apply what they have learnt. **DevSecOps Practice** Learning Objectives Acquire a good understanding of the role of security in DevSecOps practice Learn how continuous integration and continuous delivery (CI/ CD) is applied in DevOps and cybersecurity requirements Understand how to incorporate the DevSecOps practice in the security design and requirements phases of the application development lifecycle Gain exposure to Open Source DevOps tools such as Puppet, Chef, Ansible through hands-on exercises Topics/Structure 1. Why DevOps practice is not complete without taking into account the security 2. Security by Design Framework (Ref: CSA) 3. DevSecOps and S-SDLC – how are they related 4. Use cases – how to embed cyber security requirements into DevOps delivery pipeline **Tooling/Lab Practice (Hands-on Practice of SIEM)** Learning Objectives In applying the SIEM tools in this hands-on practice session, participants will learn how to apply the various SIEM functions ranging from data aggregation, event correlation and alerts, event reporting and forensics in early detection of threat, forensics and root cause analysis. Topics/Structure Using SIEM tools (Splunk) to: Identify and review the security events Retrieve relevant logs to support the investigation Interpret, analyse and judge Using network traffic analysis tool (ie Wireshark or equivalent) to: Identify suspicious network traffic activities Retrieve relevant logs to support the investigation Interpret, analyse and judge Group Discussion – Use Other Open sources such as Virustotal **Tooling/Lab Practice (Hands-on Practice of Threat Intelligence)** Learning Objectives Through the hands-on practice of threat intelligence tools, participants will learn how to use the tool to look for emerging or existing threat actors and how to use such information to prepare, prevent and identify cyber threats that should be reported and escalated for mitigation. Topics/Structure Using Data analytic tools to detect cyber threats and anomalies Using data visualisation tool to do draw threat insights for action plans and decision making Who Should Attend Professionals keen to take on technology roles in the financial service sector PREREQUISITES Participants should have basic IT knowledge and fundamentals of cybersecurity Assessment As part of the requirement for SkillsFuture Singapore, there will be an assessment conducted at the end of the course in the form of written tests and presentations. Participants are required to attain a minimum of 75% attendance and pass the associated assessment in order to receive a digital Certificate of Completion issued by Singapore Management University. Learning Activities Classroom Training. The program takes on a combination of lectures, case discussion and hands on practice. Participants will understand the fundamentals of Machine Learning and deep learning and their relevance in User Entity Behavioural Analytics (UEBA) **Applying User Entity Behavioural Analytics (for Financial Sector)** Learning Objectives Aware of how UEBA is applied in cybersecurity risk and program management Understand the technologies, tools and processes applicable Understand the fundamentals of data analytics and its relevance for UEBA Understand the fundamentals of Machine Learning and deep learning and their relevance in UEBA Have the knowledge on relating the use of K-means clustering, Classification, Regressions and Component Analysis in UEBA Knowledgeable with data source integration and cleansing management process for UEBA Equip with implementation requirements for UEBA Knowledgeable in using data visualisation for UEBA presentation Aware of the Challenges and limitations of UEBA Understand the best practices of UEBA Topics/Structure 1. Fundamentals of UEBA 2. Getting started with UEBA 3. Fundamentals of Data Analytics · 4. Fundamentals of Machine Learning and Deep Learning 5. Hands-on exercises 6. Challenges and Limitations 7. Best Practices of UEBA