objective

Provide the theoretical and practical foundations of all the technical areas of cybersecurity, with the aim of having all the elements to implement a security strategy within an organization. This involves identifying the different services and mechanisms necessary to build a secure operational computer system that is aligned with the organization's objectives.


Benefits of the program

  • You will know all the technical concepts related to cybersecurity.
  • You will have enough elements so that the personnel in charge of the information systems of a public or private organization can understand and implement a cybersecurity strategy.
  • You will have the necessary technical knowledge to define bidding rules (public sector) or RFPs for the selection of suppliers regarding cybersecurity.
  • You will collaborate in the reduction of operational risk.


Addressed to

Computer engineers, personnel from financial environments in the operational areas and professionals working in the area of ​​information systems, development, operations, networks and telecommunications, risk management, IT audit, internal control and compliance.


Content of the program

Diploma of 19 modules that total 128 hours of study in total.

Module 1. Introduction to Cybersecurity (8 hours)

Present to the user the diploma, as well as an overview of computer security, in which the basic concepts of computer security are explained as well as everything related to the topic of access control.

  • Background and concepts of computer security.
  • Statistics related to computer security.
  • Academic options
  • Certifications and standards in computer security.
  • Access control.
  • Stages of access control.
  • Authentication mechanisms.
  • Types of access control.
  • Centralized access control.
  • Decentralized access control.
  • Single Sign On.
  • Identity management

Module 2. Cryptology (8 hours)

Know the basic principles of steganography, cryptography and cryptanalysis. Understand how these concepts can be used to secure the assets of an organization.

  • Introduction to cryptography.
  • Cryptography and critical analysis
  • Basic concepts of cryptography.
  • Classical cryptography: transposition and substitution.
  • Cryptographic machines
  • Modern cryptography
  • Symmetric block cryptography.
  • Symmetric flow cryptography.
  • Asymmetric cryptography.
  • Diffie-Hellman.
  • Introduction to number theory.
  • The RSA cryptosystem.
  • The hash algorithms.
  • The digital signature
  • Message authentication codes.
  • Digital certificates and certification authorities.
  • Public key infrastructure.
  • Life cycle of a key.
  • Cryptanalysis
  • Introduction to steganography.
  • Encryption of electronic mail.
  • Encryption of storage devices.
  • Encryption lab.

Module 3. Perimeter Security (4 hours)

Know the basic principles of steganography, cryptography and cryptanalysis. Understand how these concepts can be used to secure the assets of an organization.

  • Introduction.
  • Definition and components of the security perimeter.
  • Anatomy of attacks on computer networks.
  • Importance of security at the network level.
  • Firewalls.
  • Firewalls based on software and hardware (appliances).
  • VPNs
  • AAA servers.

Module 4. Nodal Security (4 hours)

Know the equipment that make up the switching networks not directly connected where more than 90% of the shipments are currently exchanged. Characterize the attacks that pass through these intermediate teams, the attacks suffered by them and the solutions that can be implemented to avoid such attacks.

  • Introduction.
  • Characterization of Intermediate Devices.
  • Intermediate Equipment of Layer I.
  • Physical security.
  • Intermediate Capa II Teams
  • PVSTP and trusted ports.
  • ACLs.
  • General solutions to attacks.
  • Intermediate Equipment of Capa III.
  • Multilayer Intermediate Equipment

Module 5. Security in wireless networks (4 hours)

Know the operation and characteristics of the devices that make up a wireless network. Define the architecture, and best practices, of a wireless network that provides functionality and security to an organization.

  • Introduction to wireless technologies.
  • The IEEE 802.11 protocol.
  • Antennas
  • Wired Equivalent Privacy (WEP).
  • Wifi Prrotected Access (WPA / WPA2).
  • WARDriving.
  • Attacking WEP.
  • Attacking WPA.
  • Attacks exploiting customers.
  • Defense schemes for wireless networks.

Module 6. Security in Mobile Devices and Telephony (4 hours)

Know the characteristics of mobile devices, the vulnerabilities and threats of this type of devices. Understand the best practices to define policies for the safe use of mobile devices.

  • Mobile devices.
  • Mobile storage
  • Security mobile storage devices.
  • Bluetooth
  • Smartphones
  • BYOD
  • Security in Telecommunications Systems.
  • Fixed telephony
  • Voice over IP.

Module 7. Security in Mainframes Environments (4 hours)

Know the basics of design and security technologies related to mainframe systems.

  • Introduction to mainframe security.
  • Brief history of mainframes and their architecture.
  • Security in the mainframes, history and functionality sought.
  • How to take mainframe security, administration and definitions.
  • Other security elements of the operating system.
  • Operation and administration.
  • Audit elements for mainframe security.
  • Security audit.

Module 8. Security in Windows Operating Systems (12 hours)

Know the advantages and disadvantages from the point of view of security of operating systems based on Win32 and Win64 from Microsoft.

  • Origins and History
  • Basic Win32 and NT.
  • Windows 2000 Security Architecture.
  • Security architecture of Windows XP.
  • Windows 2003 Security Architecture.
  • Windows Vista Security Architecture.
  • Windows 2008 Security Architecture.
  • Security architecture of Windows 7.

Module 9. Security in Unix Operating Systems (12 hours)

Know the main characteristics of the different Unix systems. Define a list of best practices to strengthen a Unix operating system.

  • Unix story
  • Unix types.
  • Main elements of Unix.
  • Security and Unix.
  • Authentication in Unix.
  • The file systems.
  • The initialization files.
  • Monitoring of the system
  • Logbooks in Unix.
  • The network services.
  • The commands r.
  • Task scheduling
  • The RPC: Remote Procedure Call.
  • Name, messaging and FTP service
  • NFS: Network File System.
  • The X Windows server.

Module 10. Instruction detection and prevention systems (4 hours)

Know the different operating paradigms of Intrusion Detection Systems (IDS) and Intrusion Prevention Systems. The participant will know the advantages and disadvantages of operating this technology.

  • The problem of the definition of intrusions.
  • Definition of IDS technology.
  • Definition of IPS technology.
  • Paradigms for the use of an IDS.
  • Paradigms of data correlation.
  • Operation paradigms depending on the source of the data.
  • Deceiving the IDS: attacks and defenses.

Module 11. Security Tools (16 hours)

Know the operation of the most used tools in Cybersecurity.

  • Introduction.
  • Scan TCP / UDP ports: Nmap.
  • Firewalls.
  • Intruder detectors.
  • Sniffers
  • Software for injection of packages.
  • Cracking passwords online and offline.

Module 12. Forensic Computing (4 hours)

Know what forensic computing is and what it is for. Understand the methodology of application of forensic computation.

  • Definition and principles.
  • Need for research.
  • Types of forensic analysis.
  • The 4 steps of the forensic process.
  • Preparing for the incident.
  • The response to the incident.
  • Importance of the evidence.
  • Chain of custody.
  • Evidence management
  • Technical errors
  • Live response
  • Execution of forensic analysis.
  • Search for evidence in various platforms and operating systems.
  • Forensic Computing vs. classic forensic analysis.

Module 13. Malicious Software (4 hours)

Know the main characteristics of the malicious software, as well as the threats of this type of software. Implement the necessary countermeasures to mitigate the risk caused by malicious software.

  • Introduction.
  • History.
  • Extensive classification.
  • Malicious software operation.
  • Damage that a virus can generate.
  • Analysis of malicious software (Reverse Engineering).
  • Debugging against disassembly.
  • Detection and braking.

Module 14. Security in Web Applications (4 hours)

Know the points to take into account to design and implement a secure application, based on the best practices proposed by the OWASP project.

  • Secure Code Process.
  • Risk Modeling.
  • Risk Mitigation.
  • The basis of the Secure Code.
  • OWASP criteria.
  • OWASP Top Ten.

Module 15. Security in Databases (4 hours)

Know the aspects related to database and datawarehouse security, as well as the tools and security modules of databases and data warehouses most used in the industry.

  • Types of Databases.
  • Characteristics of the DBMS's.
  • Architectures of the DBMS's.
  • Languages ​​of the DBMS's.
  • Security in Database.
  • Security Models
  • Confidentiality in the Databases.
  • Integrity in the Databases.
  • Availability in the Databases.
  • Tools for the analysis of vulnerabilities in Databases.
  • Functions of the Database Administrator.
  • Datawarehouse

Module 16. Systems in Applications and System Development (4 hours)

Know the aspects related to security in applications in production, development, and methodologies and tools to analyze, design, and implement controls in the life cycle of application development.

  • Controls in production applications.
  • Controls in applications in development.
  • CMM.
  • Expert systems.
  • Neural networks.
  • Control of the project.
  • Control of the product.
  • Principles of audit.
  • Strategies for the development of applications.
  • Security methodology for the development of applications.
  • The role of the security specialist in the development of applications.
  • Determination of the level of acceptable risk in the applications.
  • Accreditation and Certification.
  • Conversion of applications.
  • Change management
  • Administration of configurations.

Module 17. Penetration Test Methodologies (4 hours)

Know what is a Penetration Test and the main Penetration Testing methodologies.

  • Definition of a Penetration Test.
  • OWASP methodology.
  • NIST 800-115.
  • Open-Source Security Testing Methodology (OSSTM).
  • Penetration Testing Execution StandardPTES.
  • Reports

Module 18. Information security management (8 hours)

Know all aspects related to information security management, in order to be able to choose the best technological options to implement the controls defined as a result of this administration.

  • The Information Security officer.
  • Security Architecture
  • Metrics of information security.
  • Security politics.
  • Compliance
  • Security in Operations.
  • BCP
  • Legislation.
  • Risk analysis.
  • Audit Security Information.

Module 19. Future Trends (4 hours)

  • Current state of cybersecurity.
  • Evolution of cybersecurity.
  • The academy and the science of cybersecurity.
  • Computational attacks of the future.
  • Devices and security measures of the future.
Program taught in:
  • Spanish

See 128 more programs offered by Tecnológico de Monterrey (Educación Continua Presencial) »

Last updated October 29, 2018
This course is Campus based
Start Date
Duration
128 hours
Part-time
Full-time
Price
53,200 MXN
Deadline
By locations
By date
Start Date
End Date
Application deadline
Start Date
End Date
Application deadline
Start Date
End Date
Application deadline
Start Date
End Date
Application deadline
Location
Application deadline
End Date
Location
Application deadline
End Date
Location
Application deadline
End Date
Location
Application deadline
End Date