Center for Cyber Security and Privacy

About Cyber Security and Privacy

Cybersecurity, privacy, and information management raise a constellation of critical issues facing every business, governmental/national security, health delivery, retail, and educational entity. Insecure and poorly managed information systems pose significant risks to critical assets and can result in significant legal liability and reputational injuries.

The UBT Cybersecurity and Privacy Center takes a cutting-edge, interdisciplinary approach to address privacy and cyber-risk management concerns. Through innovative programming, training and practical research, the Center:

  • Builds partnerships bridging organizational, professional and political divisions;
  • Integrates technical, legal, and business perspectives; 
  • Creates dialogue between government agencies and regulated entities;
  • Promotes creative legal, technical, managerial and regulatory approaches to security and privacy.

The Center will provide substantial opportunities for students to equip themselves via coursework, externships and research for the new permanent positions developing in the field of cybersecurity.

Mission and Vision

The UBT Cybersecurity and Privacy Center mission is to provide knowledge to studentsa nd partner involved with the development of cyber security solutions and services as industry thought leaders and go-to resources for those looking to learn more on this critical topic (including the media). The primary focus of this committee is to educate and provide best practices on all aspects of cyber security. Through educational forums and insightful dialogue with partners and students, will become a valuable resource for technology community who want to stay updated on the current issues and developments that pertain to cyber security.

Research and Development

Our Research and Development promotes technical research and policy analysis of issues that have a significant computer security and information assurance component. As part of our mission is to encourage, promote, facilitate, and execute interdisciplinary research in these areas, including the exploration of the norms, governance issues, and operating systems of cyberspace.

UBT Cybersecurity and Privacy Center works closely with government agencies for personal data protection and private organizations to study the impact of rapid technological change on business, government, and the infrastructure security issues caused by the convergence of data and organizations in a networked world. It carries out studies and hosts seminars that move stakeholders towards rational and informed discussion of critical changes in communication, commerce, education, government, science, and entertainment facilitated by the Internet, a global venue that has blurred traditional political and organizational boundaries, made time zones irrelevant, and erased language barriers.

 

Training

Information System Security

Maintaining computer network security is increasingly vital as technology continues to explode. It requires vigilance and the ability to stay one step ahead of cyber vandals who are working diligently to access protected information. Unauthorized access, as we all know, can be devastating.

Corporations, organizations and government rely on computer network security admins to design, configure, implement, manage, support and secure reliable computer systems. The responsibilities in this field have increased in recent years as cyber attacks have become more prolific.

Individuals with knowledge of information systems security are now considered to be an important part of most IT infrastructure teams. Roles cover a range of activities spanning from analysis, to design and implementation of security systems, to security monitoring and countermeasures, and ongoing administration. Students will study the essentials of information security and the security aspects of common information technology platforms. Students will be exposed to techniques used to deploy and manage security systems and configure security solutions.

Potential Employment Includes:

  • Application Security Analyst
  • Information Security Specialist
  • ISP Security Technician
  • Network Security Specialist
  • Information Security Technician
  • Security Auditor
  • Information Security Administrator
  • ASP Security Technician
  • Cyber System and Security

 

Application Security

The quantity and importance of data entrusted to web applications is growing, and defenders need to learn how to secure them. Traditional network defenses, such as firewalls, fail to secure web applications. This course will help you better understand web application vulnerabilities, thus enabling you to properly defend your organization’s web assets.

Mitigation strategies from an infrastructure, architecture, and coding perspective will be discussed alongside real-world applications that have been proven to work. The testing aspect of vulnerabilities will also be covered so that you can ensure your application is tested for the vulnerabilities discussed in class.

To maximize the benefit for a wider range of audiences, the discussions in this course will be programming language agnostic. Focus will be maintained on security strategies rather than coding-level implementation.

Defending Web Applications Security Essentials is intended for anyone tasked with implementing, managing, or protecting Web applications. It is particularly well suited to application security analysts, developers, application architects, pen testers, auditors who are interested in recommending proper mitigations for web security issues, and infrastructure security professionals who have an interest in better defending their web applications.

The course will also cover additional issues the authors have found to be important in their day-to-day web application development practices. The topics that will be covered include:

  • Infrastructure security
  • Server configuration
  • Authentication mechanisms
  • Application language configuration
  • Application coding errors like SQL injection and cross-site scripting
  • Cross-site request forging
  • Authentication bypass
  • Web services and related flaws
  • Web 2.0 and its use of web services
  • XPATH and XQUERY languages and injection
  • Business logic flaws
  • Protective HTTP headers

 

Risk Management

The unique challenges of IT projects make it mandatory an IT project manager be a skilled risk manager. Risk will always exist in IT projects given the need to deal with challenging requirements and expectations, complex and ever-changing technologies and business needs, and aggressive schedules and budgets to support business success. However, it is not inevitable that risk management will be an impossible task that will result in your being viewed as reactive, or worse, unresponsive.

In IT Risk Management, you’ll learn to look at risk management as a way to seize opportunities, minimize threats and achieve optimum results. You’ll work through the proactive approach to threat and opportunity— based on a clear understanding of the powerful nature of both qualitative and quantitative approaches to risk management.

Using effective tools, including TwentyEighty Strategy Execution’s highly regarded risk assessment model, you’ll learn how to evaluate and respond to risk at the project and task levels. You’ll apply these tools from the course material to analyze and classify risks, determine how to establish an acceptable level of risk and develop a practical risk response plan.

Learn

  • Use a practical, eight-step process to manage IT project risk
  • Identify threats and opportunities and weigh their relative value in your project
  • Develop practical response strategies for common IT project risks
  • Overcome stakeholder and team member roadblocks to risk strategy implementation
  • Make risk and opportunity integral components of your next IT project plan

 

Cryptography

Though technology changes rapidly, the need to assure the confidentiality, integrity, authenticity, and accountability of information does not. Understanding the basics of cryptography is fundamental to keeping your networks, systems, and data secure. In this course, Lisa Bock reviews the historical and present-day uses of encryption, including techniques such as symmetric and asymmetric encryption, algorithms, and hashing. She also reviews message digest and passwords and provides a demonstration of a typical SSL transaction. By the end of this course, you’ll have a solid understanding of what it takes to move and store data securely.

Topics include:

  • Understanding why encryption is necessary
  • Comparing passive and active network attacks
  • Reviewing the terminology and history of cryptography
  • Using symmetric encryption
  • Dissecting block and stream ciphers
  • Dissecting the public-key algorithms
  • Creating key pairs
  • Understanding passwords, hash, salt, and rainbow tables
  • Exploring Secure Sockets Layer
  • Investigating email and IP security

 

Digital Forensics

There are 15 Modules in the Computer Forensics class. The course begins by introducing you to Computer Hacking and Forensics. This training provides nicely details and highlights for you the informational modules, the nitty-gritty detailed modules as well as the core modules whose content will be a focus of your Computer Hacking and Forensics exam.

You’ll also be introduced to a wide array of topics that while not as popular as the modules listed below, are just as critical for establishing expertise in the field, and should be equally valued on your radar for mastering Computer Hacking and Forensics.  You’ll learn why Mobile Reporting, Incident Handling and hardware technologies such as audio & video, and operating systems such as Linux and MAC are essential to mastering as a Computer Hacking and Forensics professional.

The Modules explored in this chapter include:

  • Modern Forensics
  • Investigative Process
  • Searching and Seizing
  • Digital Evidence
  • First Responder
  • Computer Forensics labs
  • Hard Disks and File Systems
  • Windows Forensics
  • Data Acquisition
  • Recovering and Deleting Files
  • Access Data
  • Image Files
  • Steganography
  • Application Password
  • Log Capture and Event Correlation, and finally

 

Ethical Hacking

The Certified Ethical Hacker (CEH) program is the core of the most desired information security training system any information security professional will ever want to be in. The CEH, is the first part of a 3 part EC-Council Information Security Track which helps you master hacking technologies. You will become a hacker, but an ethical one!

As the security mindset in any organization must not be limited to the silos of a certain vendor, technologies or pieces of equipment,

This course was desgined to provide you with the tools and techniques used by hackers and information security professionals alike to break into an organization. As we put it, “To beat a hacker, you need to think like a hacker”. This course will immerse you into the Hacker Mindset so that you will be able to defend against future attacks. It puts you in the driver’s seat of a hands-on environment with a systematic ethical hacking process.

The tools and techniques in each of these five phases are provided in detail in an encyclopedic approach to help you identify when an attack has been used against your own targets. Why then is this training called the Certified Ethical Hacker Course? This is because by using the same techniques as the bad guys, you can assess the security posture of an organization with the same approach these malicious hackers use, identify weaknesses and fix the problems before they are identified by the enemy, causing what could potentially be a catastrophic damage to your respective organization.

  • Introduction to Ethical Hacking
  • Footprinting and Reconnaissance
  • Scanning Networks
  • Enumeration
  • System Hacking
  • Malware Threats
  • Sniffing
  • Social Engineering
  • Denial of Service
  • Session Hijacking
  • Hacking Web Servers
  • Hacking Web Applications
  • SQL Injection
  • Hacking Wireless Networks
  • Hacking Mobile Platforms
  • Evading IDS, Firewalls, and Honeypots
  • Cloud Computing
  • Cryptography

 

Network Security

Computer networks are central to modern digital communication technologies; however, network security is constantly under attack from both external and internal sources.

This  course examines the fundamentals of network security and covers topics such as active and passive attacks on networks, encryption, symmetric and asymmetric key systems, authentication using certification authorities, and access control using passwords and firewalls.

This course will be of interest to IT professionals who want to learn more about network security or students who are interested in a career as an IT or network administrator.

LEARNING OUTCOMES

Upon completion of this course you will understand and be more aware of the potential threats that are continuously experienced in computer networks today. You will know the measures that need to be taken to avoid these problems in your own computer network. You will know the businesses that are more at risk of security concerns and the actions taken to reduce these concerns in a business. You will understand factors of security, such as encryption, that are used to protect computer networks.

Network Security Auditing

With a proliferation of high profile network security attacks over recent years, this course looks to equip the IT auditor with the necessary skills to scope, plan and perform a network security assessment. Learn how to view and help protect the network perimeter of the organization through a range of hands on presentations and demonstrations.

Learning objectives

  • Evaluate risk from an external perspective
  • Describe the purposes of a tiered network perimeter architecture
  • Analyze how a hacker views a target
  • Acquire baseline knowledge of the purpose and functionality of firewalls
  • Explain features and functionality of the major firewall brands (Cisco, Check Point, etc.)
  • Receive hands-on experience reviewing configuration files for firewall rule sets
  • Prepare to evaluate digital risk and various approaches for managing vulnerabilities

ISO 27001

Boost your competitive advantage with ISO/IEC 27001 compliance. Achieve a globally recognized information security qualification and be confident that your company data is protected. Learn how to measure and reduce information security risks, understand how to implement a robust information security management system (ISMS) and deliver greater business success and customer confidence.

Our ISO/IEC 27001 training courses are designed with your business in mind and delivered by best in class trainers. Choose from public courses or onsite training to gain the knowledge needed to independently build and manage a long-term information security framework. All BSI training courses use accelerated learning techniques including a blend of lectures, workshops and interactive sessions to ensure that you fully understand the subject matter. 

Removing the risk of security breach is invaluable, which is why we provide world-class information security training and qualifications. We also work with you to help you achieve a level of ISMS expertise that allows you to meet your security objectives, ensure legal compliance and achieve best practice. 

 

ITIL

In this exciting and dynamic course, you will get an introduction to the lifecycle of managing IT services to deliver to business expectations. Using an engaging case study, you’ll learn the core disciplines of ITIL best practices. Upon completing this course, you’ll be well positioned to successfully complete the associated ITIL exam required for entry into the future ITIL intermediate-level training courses.

ITIL covers five core disciplines:

  • Service Strategy
  • Service Design
  • Service Transition
  • Service Operation
  • Continual Service Improvement

 

These disciplines represent a service lifecycle framework that further enhances alignment to the business while demonstrating business value and ROI and enabling IT to solve specific operational needs.

This course includes handouts and references useful after the class, as well as practice sessions, quizzes, exam strategies, and test-taking tips. You’ll also receive a web-based exam with the purchase of this course. You must register for the exam at least four business days prior to the date you wish to take the exam.

What You’ll Learn

  • Key concepts of ITIL
  • Important principles for improving IT operations
  • Vital processes and functions
  • Practical guidance for applying ITIL to everyday IT situations
  • How to align with business, control costs, and improve IT service quality
  • Strategies to balance IT resources

 

System Administrator

This course is for system administrators and users who already have at least some basic exposure to Linux or another UNIX-based operating system constitute the target audience for this class. Anyone who is looking to acquire practical knowledge in the field of system administration in enterprise environments will save significant time by attending this course.

It should also be considered a necessary step to be taken by anyone considering more advanced classes in our System Administration curriculum track. The concepts covered provide important building blocks for anyone looking to attend more advanced classes, in particular LFS230 Linux Network Management.

 

Link: http://csp.ubt-uni.net/