- computer security: past, present and future
- current risk landscape
- most common threats and attack vectors
- "why are we here?"
• An introduction to the concepts of Identity, Authentication, and Authorization
• Authentication and authorisation for distributed research
• Methods for communicating authentication and authorization: Certificates, SAML, OAuth
• How these technologies fit within research infrastructures
Security architecture fundamentals
• fundamental security principles
• develop skills to be a security architect
• how to design and provide secure computing infrastructure
• security standards and frameworks
• physical security
• network security: segmentation, firewalls, VPNs
- security operations: history, CERT vs. CSIRT
- CSIRT organisation and provided services
- preparations: asset management, security monitoring etc.
- incident response readiness
- lessons learned from past incidents
- security operations: history, CERT vs. CSIRT
- CSIRT organisation and provided services
- preparations: asset management, security monitoring etc.
- incident response readiness
- lessons learned from past incidents
Virtualisation and cloud security
• virtualisation security fundamentals
• cloud service models
• authentication and key management
• data security in the cloud
• DevSecOps
• security in private and public cloud
• common threats in the cloud
• security tools
- risk analysis and risk mitigation
- vulnerability lifecycle, monitoring, scanning
- CVE, CVSS, CPE, CWE and related standards
- special cases: vulnerable hardware, EOL systems etc.
- host-based logs (system and application level), network monitoring
- the importance of central logging
- tools and technologies
- data privacy, dealing with personal and sensitive data, log retention
- traceability challenges
- indicators of compromise (IoCs), threat intelligence sharing, TLP protocol
- tools and technologies: MISP, Zeek, OpenSearch etc.
- deploying a Security Operation Center
- security incidents: detecting and alerting
- web application security, typical web vulnerabilities
- ethical hacking
- introduction to pentesting
- key concepts of containers (namespaces, cgroups etc.) and Docker
- container security, threat landscape
- vulnerability and patch management
- indicators of compromise (IoCs), threat intelligence sharing, TLP protocol
- tools and technologies: MISP, Zeek, OpenSearch etc.
- deploying a Security Operation Center
- security incidents: detecting and alerting
digital evidence handling
data acquisition (live systems, storage etc.)
data analysis (OS, file system, network, executables etc.)
reporting
• data security
• endpoint security: hardware, host, OS, BMC security, system hardening
• application security
• future security trends
• incident management and coordination
• incident analysis and investigation
• communication with stakeholders
• containment and eradiction
• recovery
• lessons learnt
- indicators of compromise, threat intelligence sharing, TLP protocol
- tools and technologies
- deploying a Security Operation Center
- detecting security incidents
- incident management and coordination
- Sirtfi and trust frameworks
- communication with local users, external communities, and other stakeholders
- working with law enforcement
- privacy aspects
- incident management and coordination
- Sirtfi and trust frameworks
- communication with local users, external communities, and other stakeholders
- working with law enforcement
- privacy aspects
