Risk & Vulnerability Assessment for IT Systems

Participants who attend this workshop acquire the knowledge and skills required to plan and scope an assessment, understand legal and compliance requirements, perform vulnerability scanning and penetration testing using appropriate tools and techniques, analyze the results, produce a written report containing proposed remediation techniques, effectively communicate results to management and provide practical recommendations

CONTENT

Planning and Scoping

• Explain the importance of planning for an engagement
• Explain key legal concepts
• Explain the importance of scoping an engagement properly
• Explain the key aspects of compliance-based assessments

Information Gathering and Vulnerability Identification

• Given a scenario, conduct information gathering using appropriate techniques
• Perform a vulnerability scan
• Analyze vulnerability scan results
• Explain the process of leveraging information to prepare for exploitation
• Explain weaknesses related to specialized systems

Attacks and Exploits

• Compare and contrast social engineering attacks
• Exploit network-based vulnerabilities
• Exploit wireless and RF-based vulnerabilities
• Exploit application-based vulnerabilities
• Exploit local host vulnerabilities
• Summarize physical security attacks related to facilities
• Perform post-exploitation techniques

Penetration Testing Tools

• Use Nmap to conduct information gathering exercises
• Compare and contrast various use cases of tools
• Analyze tool output or data related to a penetration test
• Analyze a basic script (limited to Bash, Python, Ruby, and PowerShell)

Reporting and Communication

• Use report writing and handling best practices
• Explain post-report delivery activities
• Recommend mitigation strategies for discovered vulnerabilities
• Explain the importance of communication during the penetration testing process

FOR WHOM: CIOs, IT Development Managers, Heads of Department, System Administrators/Engineers, IT Professionals and others who want to sharpen their knowledge in IT world.

TRAINING METHODOLOGY

The training methodology combines lectures, discussions, group exercises and illustrations. Participants will gain both theoretical and practical knowledge of the topics. The emphasis is on the practical application of the topics and as a result participant will go back to the workplace with both the ability and the confidence to apply the techniques learned to their duties.