SMU Advanced Certificate in Cybersecurity
Singapore cyber security laws
Cybersecurity Act, PDPA, IM8, MAS TRM
Participants will build awareness of the cybersecurity landscape, gain insights into how emerging technologies are harnessed in cybersecurity.
Cybersecurity Landscape & Adoption of Emerging Technologies in Cybersecurity
Learning Objectives
Learn about the cyber incidents landscape and the impact new technologies have on the cybersecurity practices and cyber risks
Be aware of the concepts of threat vulnerability & risk assessment (TVRA) and its application in cybersecurity management
Learn about the adaptive security resilience and security digital transformation; the security business process automation; and how cybersecurity may harness the evolving technologies in managing cyber risks
Topics/Structure
Landscape, Trends and Development
Cyber incidents landscape and how emerging technologies can impact and also be harnessed in cybersecurity
Concepts of TVRA relating to emerging technologies
Harnessing Evolving Technologies
Adaptive Security Resilience and Security Digital Transformation Security Business Process Automation User behaviour analytics AI-based analysis (logs, modelling)
Participants will acquire the know-how to support, manage and undertake their respective responsibilities.
Cybersecurity Programme and Risk Management
Learning Objectives
Analyse in detail the key industry frameworks, standards, regulatory requirements (NIST, ENISA, ISO, ISMS, PCI DSS) usually being referred to in designing the cybersecurity program
Learn in detail on mapping the NIST framework components to various parts of the cybersecurity program and its implementation strategy
Understand in detail how cybersecurity governance, risk management, and its security requirements are weaved into the fabric of the cybersecurity program
Topics/Structure
Three main security goals (CIA triad) and its relevance in Cyber Security Program
Frameworks and standards for consideration
Cyber Security Program Management – components for consideration
Cyber Security Governance – where, what and how (Strategy planning, roadmap, resource planning & deciding a list of policies, procedures, standards and processes)
Threat Identification
Cyber Security Risk Management
Types of Security Controls – preventative, detective & responsive
Risk Mitigation
Cyber Security requirements
Cybersecurity Risk Management in Practice
Learning Objectives
In this workshop, the participants will focus on case studies that reinforce their learning from the cybersecurity program and risk management training. They will apply the cyber security risk management framework to perform the cyber risk assessment exercise and apply the relevant best practice into the risk management assessment exercise. Topics/Structure
1. Cyber Risk Assessment – approach and techniques
2. Hands-on exercise to cover the following
Framework as reference Cyber Risk Assessment pre-work requirements
Deliverables and expected outputs
Finding and Recommendations; factors for consideration in the decision making
Best Practices for consideration
Security Education and Awareness Programme Management
Learning Objectives
Understand the key consideration for defining and planning security education and awareness programmes for the organisation
Be aware of where to source for information and updates to ensure the training coverage remains relevant and up-to-date
Know how to plan and manage the security education and awareness programme from inception, design to the maintenance phase
Know how to measure the effectiveness of the programmes for continued improvement
Topics/Structure
Define and plan
Source and develop
Maintain, measure and adjust to stay relevant
Security Threat Management (Active, Predictive and Proactive Approaches)
Learning Objectives
Learn to relate specific threat activities to the respective aspects of security threat management
Understand the goals of threat detection, threat defence and threat intelligence, threat modelling and threat monitoring
Learn about how to adopt cyber threat hunting as the proactive approach in threat management.
Understand how to analyse security logs and identify patterns that are threats-related
Understand the role of SIEM in threat management and how cyber kill chain and attack framework are adopted.
Understand how to install and run a security application
Topics/Structure
The concept of Threat Detection, Threat Defence and Threat Intelligence, Threat modelling and Threat Monitoring
Cyber Threat Hunting as the proactive approach– purpose and scope of coverage
Log management – to identify anomalous activity, intrusions and threats
Analysis of security event logs, system logs, security control logs, network packets
Adopting SIEM in Threat management
The concept of the cyber kill chain and Attack framework and its application in the real world
The relevance of Network protocols and topology in threat analysis study
Security application installation process
Threat Intelligence Lifecycle Management
Learning Objectives
Learn about the phases applicable in the threat intelligent lifecycle including the goals, artefacts, sources, criteria and relevant deliverables applicable in each phase
Learn the key consideration in selecting or using the automation tools - data collection, analysis and visualisation; scope and requirements (e.g. SIEM vs intelligence-focused tool)
Understand what an integrated and automated threat intelligence platform would comprise
Through use case review, learn to identify the sources of threat intelligence feeds and to correlate the threats with the related feeds
Topics/Structure
1. Threat intelligence lifecycle (covering Goals, artefacts, sources, criteria and relevant deliverables applied in each phase)
Collection
Processing
Analysis & Production
Distribution & feedback
2. Use of Automation tools – data collection, analysis and visualisation
Selection of tools
Scope and requirements (eg SIEM vs intelligence-focused)
3. Use case review
Identify the sources of threat intelligence feeds
Correlate the threats with the related feeds
Security Assessment and Testing
Learning Objectives
Learn about the security assessment program and the roles of security assessment and security testing in the program
Learn to differentiate goals and objectives of security assessment from security testing
Appreciate the approaches, tools and techniques of security assessment and testing work
Have hands-on experience into how the following security assessment and testing are done:
Penetration testing
Performance reconnaissance
Network assessment and testing
Vulnerability assessment
Web application security assessment and testing
Topics/Structure
1. Security Assessment process
2. Applying a 3-phase approach in Security assessment:
Reviewing Phase
Examination Phase
Testing Phase
3. Areas of focus in security testing:
Authentication
Authorisation
Availability
Confidentiality
Integrity
Non-repudiation
4. Types of security testing:
Vulnerability Scanning
Security Scanning
Penetration testing
Risk Assessment
Security Auditing
Ethical hacking
Posture Assessment
5. Approaches, tools and techniques of security testing.
6. Classes of threats and vulnerabilities for consideration in the security assessment and testing
7. More about Vulnerability Assessment and Penetration Testing
8. Hands-on Demo on Penetration Testing using opensource tools(eg Wireshark, Nmap, Metasploit) – demonstrate an authorised penetration testing and produce a finding of threats, vulnerabilities and potential attack vectors in a system
Cybersecurity Operations and Maintenance
Learning Objectives
An understanding of a typical security operation centre (SOC) infrastructure, the team structure and the commonly adopted tools and processes An understanding of SOC's charter, roles and responsibilities and the deliverables expected of their functions An added knowledge on access control and identity management process of SOC An added in-depth understanding of the vulnerability and patch management and in management of malware, security events and logs reviews and analysis
Topics/Structure
1. SOC – objectives, elements, roles and key functions
2. The ecosystem of a SOC - people, process, technology, environment, regulations and standards
3. Operationalise Controls and Due Diligence of a SOC
Administrative aspects (including the process of developing and ensuring compliance with policy and procedures) Technical aspects(controls managed by computer systems)
4. Cybersecurity Incident Management, Monitoring, Detection and Response
Walkthrough of Red-team Drill (Ref: Red-team: adversarial attack simulation exercise published by Abs) Red team-blue team exercises – objectives and approach Activity-based controls to incorporate preventive, detective and corrective controls including relevant system administration applicable
5. Threat control prevention/detection management
Firewalls, IDPS, IDS, IPS IPS/ IDS Network implementation – VMI, DMZ, Honeypots Honeypot Implementation in a DMZ Threat Analysis and Defence (Security vendor sharing/ demo-eg advanced threat defence, Mcafee threat intelligence exchange by Mcafee)
6. Business continuity management & Disaster Recovery Management
7. Overview of Audit and compliance
8. Security Administration – Key Roles, responsibilities and functions
ITSM for Cybersecurity
Learning Objectives
Learn about the range of processes applicable to and relevant to ITSM management including cybersecurity service management Learn how to troubleshoot security-related incidents, escalating alerts to relevant stakeholders and analyse root causes and implications of incidents Learn how to conduct the problem management lifecycle from diagnosis, prioritisation to the identification and implementation of solutions involving security threats, incidents and vulnerabilities
Topics/Structure
1. Understand the continuum of controls relative to the timeline of a security incident
2. Develop processes relevant for the planning and defence establishment phase
3. Processes relevant for Incident & Problem Lifecycle Management of security incidents
4. Infrastructure support management functions
Configuration management Change management Availability management Incident management Problem management Release and deployment Service level management Capacity management Continuity management Security patch management
Modelling the Security Administration Role in Action
Learning Objectives
Learn the activities and responsibilities of the security administration role Have the knowledge to correlate the key security due diligence to the respective security administration tasks Be able to highlight the types of possible threats and risks security administrators may be handling and managing in their operations
Topics/Structure
1. Attending to routine security administration work related to Systems, Databases, Networks, Computer and Data access.
2. Performing Tactical Tasks
Monitoring and ensuring timely security updates and patches are administered. Configuring and administrating security-related work
3. Performing Management/ Strategic Tasks
Recommending to senior management security enhancements to address areas of potential threats Analysing and seeking management’s attention on critical security-related administration that are at risk to be carried out
Cyber Forensics
Learning Objectives
Learn how the cyber forensics work fits into the cybersecurity incident response and management process Learn the tasks and activities performed in the various phases of a typical cyber forensic investigation and its expected key activities and key deliverables Learn the best practices to preserve digital evidence by following standards acceptable for the court examination
Topics/Structure
1. Cybersecurity digital forensics – goals and framework
2. Types of digital evidence relevant in cyber forensics
3. Key Rules of Evidence applied in Cyber Forensics
4. Cyber Forensics Phases
Collection Examination Analysis Reporting
5. Planning, Execution and tools and techniques for consideration for each phase
Participants will gain hands-on practice in a simulated environment to apply what they have learnt.
DevSecOps Practice
Learning Objectives
Acquire a good understanding of the role of security in DevSecOps practice Learn how continuous integration and continuous delivery (CI/ CD) is applied in DevOps and cybersecurity requirements Understand how to incorporate the DevSecOps practice in the security design and requirements phases of the application development lifecycle Gain exposure to Open Source DevOps tools such as Puppet, Chef, Ansible through hands-on exercises
Topics/Structure
1. Why DevOps practice is not complete without taking into account the security
2. Security by Design Framework (Ref: CSA)
3. DevSecOps and S-SDLC – how are they related
4. Use cases – how to embed cyber security requirements into DevOps delivery pipeline
Tooling/Lab Practice (Hands-on Practice of SIEM)
Learning Objectives
In applying the SIEM tools in this hands-on practice session, participants will learn how to apply the various SIEM functions ranging from data aggregation, event correlation and alerts, event reporting and forensics in early detection of threat, forensics and root cause analysis. Topics/Structure
Using SIEM tools (Splunk) to:
Identify and review the security events Retrieve relevant logs to support the investigation Interpret, analyse and judge
Using network traffic analysis tool (ie Wireshark or equivalent) to:
Identify suspicious network traffic activities Retrieve relevant logs to support the investigation Interpret, analyse and judge
Group Discussion – Use Other Open sources such as Virustotal
Tooling/Lab Practice (Hands-on Practice of Threat Intelligence)
Learning Objectives
Through the hands-on practice of threat intelligence tools, participants will learn how to use the tool to look for emerging or existing threat actors and how to use such information to prepare, prevent and identify cyber threats that should be reported and escalated for mitigation. Topics/Structure
Using Data analytic tools to detect cyber threats and anomalies Using data visualisation tool to do draw threat insights for action plans and decision making
Who Should Attend
Professionals keen to take on technology roles in the financial service sector
PREREQUISITES
Participants should have basic IT knowledge and fundamentals of cybersecurity
Assessment
As part of the requirement for SkillsFuture Singapore, there will be an assessment conducted at the end of the course in the form of written tests and presentations.
Participants are required to attain a minimum of 75% attendance and pass the associated assessment in order to receive a digital Certificate of Completion issued by Singapore Management University. Learning Activities
Classroom Training. The program takes on a combination of lectures, case discussion and hands on practice.
Participants will understand the fundamentals of Machine Learning and deep learning and their relevance in User Entity Behavioural Analytics (UEBA)
Applying User Entity Behavioural Analytics (for Financial Sector)
Learning Objectives
Aware of how UEBA is applied in cybersecurity risk and program management Understand the technologies, tools and processes applicable Understand the fundamentals of data analytics and its relevance for UEBA Understand the fundamentals of Machine Learning and deep learning and their relevance in UEBA Have the knowledge on relating the use of K-means clustering, Classification, Regressions and Component Analysis in UEBA Knowledgeable with data source integration and cleansing management process for UEBA Equip with implementation requirements for UEBA Knowledgeable in using data visualisation for UEBA presentation Aware of the Challenges and limitations of UEBA Understand the best practices of UEBA
Topics/Structure
1. Fundamentals of UEBA
2. Getting started with UEBA
3. Fundamentals of Data Analytics ·
4. Fundamentals of Machine Learning and Deep Learning
5. Hands-on exercises
6. Challenges and Limitations
7. Best Practices of UEBA