Cyber Security Syllabus

Module 1. Introduction to Cyber Security

Topics:

• Basics of Cyber Security: CIA Triad (Confidentiality, Integrity, Availability)
• Common cyber threats and vulnerabilities (malware, phishing, DoS)
• Cybersecurity laws and regulations

Practical:

• Setting up a virtual lab environment using tools like VirtualBox, Kali Linux
• Basic network scanning with Nmap

Module 2. Networking & Network Security

Topics:

• OSI model and TCP/IP
• Network protocols: HTTP, HTTPS, SSL/TLS, and DNS
• Firewalls, Intrusion Detection Systems (IDS), and Intrusion Prevention Systems (IPS)

Practical:

• Network packet analysis using Wireshark
• Configuring a basic firewall (e.g., IPtables) and IDS (Snort)

Module 3. Cryptography and Encryption

Topics:

• Basics of cryptography: Symmetric vs Asymmetric encryption
• Hash functions and digital signatures
• Public Key Infrastructure (PKI) and certificate authorities

Practical:

• Implementing basic encryption and decryption in Python (e.g., AES, RSA)
• Generating and using SSL certificates for secure communication

Module 4. Web Application Security

Topics:

• Common web vulnerabilities (OWASP Top 10): SQL Injection, XSS, CSRF
• Secure coding practices and input validation
• HTTP security headers, Content Security Policy (CSP)

Practical:

• Vulnerability scanning of a web application using OWASP ZAP or Burp Suite
• Exploiting and patching an XSS vulnerability in a sample web app

Module 5. Ethical Hacking and Penetration Testing

Topics:

• Phases of penetration testing: Reconnaissance, Scanning, Exploitation, Post-exploitation
• Tools for ethical hacking: Metasploit, Nmap, Aircrack-ng
• Reporting vulnerabilities and responsible disclosure

Practical:

• Conducting a penetration test on a vulnerable system (e.g., Metasploitable)
• Exploiting a system using Metasploit Framework

Module 6. Operating System Security

Topics:

• Securing Windows and Linux systems (access control, file permissions)
• Patch management and system hardening
• Malware analysis and reverse engineering basics

Practical:

• Hardening a Linux system by configuring permissions, disabling unnecessary services
• Performing a basic static analysis of malware with tools like Ghidra or IDA

Module 7. Cloud Security

Topics:

• Fundamentals of cloud security (shared responsibility model)
• Securing cloud services: AWS, Azure, GCP
• Identity and access management (IAM) in cloud environments

Practical:

• Securing an AWS environment (e.g., IAM roles, security groups)
• Setting up logging and monitoring in cloud (e.g., AWS CloudWatch)

Module 8. Incident Response and Forensics

Topics:

• Incident response lifecycle: Preparation, detection, containment, recovery
• Digital forensics: Data acquisition, preservation, and analysis
• Log analysis and threat hunting

Practical:

• Conducting forensic analysis on compromised systems (disk image analysis)
• Analyzing log files to identify security incidents

Module 9. Risk Management and Security Policies

Topics:

• Risk assessment methodologies (e.g., NIST, ISO 27001)
• Developing and implementing security policies
• Business continuity planning and disaster recovery

Practical:

• Performing a basic risk assessment for a small business
• Drafting a security policy for an organization

Final Project

Practical:

• Students work in teams to conduct a full security audit of a given network or system
• Implement security measures based on the audit results
• Present findings and demonstrate improvements in the final report

Course Summary

This syllabus provides a comprehensive approach to Cyber Security, balancing theory with practical exercises to develop real-world skills in securing systems and applications.