Cybersecurity Certified Analysis Practice
The growing need for Cybersecurity professionals is increasing due to increased security threats to IT assets across industries. There are over three million unfilled cybersecurity-related jobs worldwide. With the need to mitigate the risk by providing a suitable solution, the demand for Business Analysts with expertise is on the rise hence the specialized training in Cybersecurity for Business Analysts. IIBA® and IEEE Computer Society recently partnered to offer a robust learning and certification program on what business analysis professionals need to know to be prepared for today’s cybersecurity challenges. The training provides the credibility of a joint certification and the opportunity to learn key cybersecurity concepts and tools business analysis professionals need to demonstrate required core competencies. The certification program is aligned with the International Standards Organization (ISO) and ISO/IEC 17024 standards for certifying personnel’s competence.
Learning Objectives
Students will acquire skills to demonstrate core competencies in the cybersecurity analysis space, gain and In-depth knowledge of cybersecurity concepts and terminologies; The application of tools and techniques as a Cybersecurity Business Analyst. Also, students will be able to enter for the IIBA CCA examination.
Course Outline
Module 1: Introduction to Cybersecurity Analysis
- Overview of Concepts and Approach to Improving Cybersecurity, Importance of Security and IT Functions & Roles
- IT 101 – 1: Foundational Concepts in IT
- IT 101 – 2: Using & Managing the IT Pieces
- IT 101 – 3: Advancement in IT
- The Role of Business Analysis in Cybersecurity
- Governance Perspectives of Cybersecurity
Module 2: Enterprise Security Concepts
- Security Accountability
- Cost of Securing an Organization
- Outsourcing for Cybersecurity Expertise and Services
- Risk Tolerance
- Compliance
- Best Practices and Benchmarking
- Data Privacy
- Data Privacy Nuances
- Digital Rights Management (DRM)
- Audit – Internal and External
Module 3: Enterprise Risk
- Risk Management & Control Assurance Framework
- Organizational Risk Assessment
- Risk Analysis: Threat Risk Assessments
- Risk Analysis: Vulnerability Assessments
- Business Case Development
- Disaster Recovery and Business Continuity
Module 4: Cybersecurity Risks and Controls
- Understanding Security Controls and IT Risk
- CIA Triad
- Applying Controls
- Cybersecurity Threats: Part 2
- Cybersecurity Vulnerabilities: Part 2
- Adverse Impacts
- Risks and Controls – Putting It All Together
Module 5: Securing the Layers
- Physical Security
- Endpoint Security
- Network Security: Security Architecture
- Network Security: Firewalls
- Network Security: Anti-Virus/Anti-Malware
- Network Security: Segregation
- System Security: Servers
- Platform Security
- Product Security: Threat Models
- Product Security: Embedded Systems
- Product Security: Internet of Things
Module 6: Data Security
- Data Security at Rest: Information Classification & Categorization
- Data Security in Transit: Encryption and Keys
- Data Security in Transit: SSL/TLS
- Data Security in Transit: Digital Signature and Identification
Module 7: User Access Control
- Authorization, authentication, Operations, and security awareness
- Directory Management
- Authorization
- Authentication and Access Control
- Privileged Account Management
- Users and Security Awareness
Module 8: Solution Delivery
- SDLC and Solution Security Planning
- Requirements and Security Engineering
- Requirements and Solution Development
- Solution Security: Applications
- Solution Security: Databases
- Solution Security: Web
- Change Impact Analysis
Module 9: Operations
- Incident Response, Recovery, and Remediation
- Metrics and Reporting
- Risk Logging and Mitigation Tracking
- Operational Risk Ownership
- Computer Forensics: SOC, SIEM
- Future Proofing your Security Posture
Module 10: Hands-On Application Security Audit & Control
- Review Application Security Testing Tools
- Case Study of Security Testing and Audit in SAP Environment
Audience
- Business Analyst
- IT Auditors
- Security Professionals
