RCSE Course Outline

Module 1: Introduction to Security Controls

Understanding Access Controls
Understanding Data Protection
Setting up Access Control Systems
Access control Matrix
Controlling Network Ports, Protocols, and Services Evaluation Tools for Controlling Restricted Area Access
Access Approvals, Denials and Removals
Trouble shooting

Module 2: Security Operations Center

Need and Risk Assessment
Data Monitoring
Event Management
Incident Response

Module 3: Organisation of SOC team

Building Your SOC
Staffing Options
Training
Career Progression

Module 4: Types of SOC Teams

Global SOC
Cloud SOC
Virtual SOC
Internal Distributed SOC
Internal Centralized SOC
Coordinating SOC

Module 5: Planning and Implementing Defence Mechanisms

Entering Organisation Network
Detecting Malware in a Network
Defense against Malware
Understanding an Attack
Understanding Testing/Reporting Metrics
Intrusion Alarm Response
Identify Rootkit and DLL Injection Activity
Image Forensics Capstone
Setting Mass Notification and Alert Systems
Creating Awareness
Organization Policy Violations
Forensics
Block or Restrict Unauthorized Access
Privilege Escalation

Module 5: Data Security Management

Evaluate Hardware and Software Controls
Data Monitoring
Database Controls
Identity Access Management
Encryption Policies

Module 5.5: Application Security Management

In-house App Firewall
Hardware and Software Configurations
Dynamic App Testing
Whitelisting
Port Restrictions
WAF

Module 6: Incident Analysis and Response

Incident Analysis
Tradecraft Analysis
Incident Response Coordination
Countermeasure Implementation
On-site Incident Response
Remote Incident Response

Module 7: Artifact Analysis

Forensic Artifact Handling
Malware and Implant Analysis
Forensic Artifact Analysis

Module 8: SOC Tool Life-cycle

Border Protection Device O&M
SOC Infrastructure O&M
Sensor Tuning and Maintenance
Custom Signature Creation
Tool Engineering and Deployment
Tool Research and Development

Module 9: Audit and Insider Threat

Audit Data Collection and Storage
Audit Content and Management
Monitoring Audit Logs
Insider Threat Support
Insider Threat Case Investigation

Module 10: Scanning and Assessment

Network Mapping
Vulnerability Scanning
Vulnerability and Patch Management
Penetration Tests and Red Team Assessment

Module 11: Importance of Threat Intelligence

Threat-based intelligence
Types of Threat Intelligence
Stages of threat intelligence cycle
People and utilities

Module 12: Threat Detection

Detections and Analysis
Detection Rate
Worldwide Intelligence Coverage
Flexible Deployment Modes
Alerts
Attacker and Defender’s Perspective
Global Perspective

Module 13: Threat Intelligence

Collect and Manage Intelligence
Collect and organize feeds
Quality assessment
Autonomous responses to threats
API Query
High-concurrency query
Assessing risks

Module 14: Security Information and Event Management

SIEM Architecture
SIEM Features
SIEM Tools
SIEM and SOC

Module 15: SOC Security Architecture

Enterprise Security Architecture
Security Frameworks
Threat Vector Analysis
Data Exfiltration Analysis
Detection Dominant Design
Zero Trust Model of Cybersecurity
Intrusion Kill Chain
Visibility Analysis
Data Visualization
Lateral Movement Analysis
Data Ingress/Egress Mapping
Internal Segmentation

Module 16: Automation and Continuous Security Monitoring

Continuous Security Monitoring (CSM) vs. Continuous Diagnostics
Mitigation (CDM) vs. Information Security Continuous Monitoring (ISCM)
Cyberscope and SCAP
Industry Best Practices:
Continuous Monitoring and the 20 Critical Security Controls
Australian Signals Directorate (ASD) Strategies to Mitigate Targeted Cyber Intrusions
Winning CSM Techniques
Maintaining Situational Awareness
Host, Port, and Service Discovery
Configuring Centralized Windows Event Log Collection
Scripting and Automation
Importance of Automation
PowerShell
Hands-on: Detecting Malicious Registry Run Keys with PowerShell