Upgrade Your Career with Exciting Offers on our Career-defining Courses Upto 50% OFF | Offer ending in:
D H M S Grab Now
X

Information Security Analyst Training & Certification Course

140 hrs

Live Sessions

We've positive record on:

YOUR LEARNING PATH

  • Course 1
    CompTIA CySA+
  • Course 2
    SOC Analyst Expert
  • Course 3
    ISO 27001 LA
  • Master's Certificate
    You will get certificate by Infosectrain

Course Benefits

Information Security Analyst Training & Certification Course

Course Highlights

  • 4 hrs/day in Weekend/Weekday
  • Technical Support Post Training
  • Access to the recorded sessions
  • Certified & Experienced Instructors

Accredited By

Course Description

Overview

InfosecTrain’s CompTIA CySA+ Certification Training is a Cyber Security Analyst certification that teaches how to discover cybersecurity vulnerabilities in the environment. This course provides information about advanced persistent threats, as well as setting and using threat-detection technologies.

Our SOC analyst training program will teach you how to master the most up-to-date and in-demand technical skills needed to perform a variety of sophisticated SOC procedures. The course offers the basic cybersecurity ideas, sophisticated forensic, threat intelligence, security incident, and event management solutions.

The ISO 27001 Lead Auditor course teaches participants how to apply widely known audit concepts, processes, and methods to audit an Information Security Management System (ISMS) and oversee a team of auditors. This course will provide the skills needed to plan and conduct internal and external audits. This course also explains mastering audit methodologies, managing audit teams and audit programs, engaging with customers, dispute resolution, etc.

Why Information Security Analyst Combo Training with InfosecTrain?
  • Assist you in showcasing your talents and professional experience for the role of Security Analyst.
  • Provide you with possibilities to work in other network security-related fields.
  • Keep you up to date on the most recent abilities required for available analyst opportunities.
  • Allow you to show employers that you are dedicated to professional development and that you have the ability to do challenging jobs inside the Security team.
  • We are one of the best training providers in information security and are globally recognized.
  • You will have access to the recorded sessions post-training.
  • We provide hands-on training for practical experience.

Target Audience

  • Network and Security Professionals
  • Cybersecurity Engineers
  • Network Architect
  • Information Security Engineers
  • Internal Auditors
  • Auditors wanting to perform and lead Information Security Management System (ISMS) certification audits
  • Project Managers or Consultants wanting to master the Information Security Management System Audit Process
  • CxO and Senior Managers responsible for the IT governance of an enterprise and the management of its risks
  • Members of an Information Security Team
  • Expert advisors in Information Technology
  • Technical experts wanting to prepare for an Information Security Audit function
  • Technical Support Engineers
  • System Administrators
  • Security Consultants
  • Cyber Security Analysts
  • Security System Engineers
  • SOC Analysts (L1, L2, and L3 )

Pre-Requisite

  • Network and security knowledge
  • Minimum 3 to 4 years of experience in the field of information security or related area.
  • Prior knowledge of Networking fundamentals, OS basics, Troubleshooting is recommended
  • Experience as an entry-level SOC Analyst, Cyber Security Analyst, Information Security role
  • Experience of two years in the Information Security domain
  • PECB Certified ISO/IEC 27001 Foundation Certification or basic knowledge of ISO/IEC 27001 is recommended.

Exam Information

Exam Name CompTIA CySA+ ISO 27001 LA
Exam Pattern Multiple-choice and performance-based Essay type
Exam Duration 165 minutes 180 minutes
No. of Questions 85 80
Passing Score 750 (100-900) 70%
Languages English and Japanese English

Learning path

  • Course 1
    CompTIA CySA+
  • Course 2
    SOC Analyst Expert
  • Course 3
    ISO 27001 LA
  • Master's Certificate
    You will get certificate by Infosectrain

GET A FREE DEMO CLASS

For
Captcha*
1 + 22 =
loader-infosectrain

Course Content

  • Introduction to the information security management system (ISMS) and ISO/IEC 27001
  • Audit principles, preparation, and initiation of an audit
  • On-site audit activities
  • Closing the audit

Domain1: Security Operations Centre
Introduction to SOC

  • Building a successful SOC
  • Functions of SOC
  • Heart of SOC- SIEM
  • Gartner’s magic quadrant
  • SIEM guidelines and architecture

ELK Stack:

  • Introduction and an overview of Elastic SIEM
  • User interface
  • How to as a part of alert investigations or interactive threat hunting
  • MDR vs. Traditional SIEM; and other various solutions
  • Elasticsearch: Understanding of Architecture, curator fundamentals,
  • Index template for routing, mapping
  • KIBANA: Configuration, policies, visualization
  • Deep-dive of Log architecture, parsing, alerts

SecurityOnion

  • What is Security Onion?
  • Monitoring and analysis tools
  • Security Onion Architecture
  • Deployment types
  • Installing a Standalone server: checking system services with sostat, security onion with web browser tools, security onion terminal
  • Replaying traffic on a standalone server

Splunk In-Depth

  • Industrial requirements of Splunk in various fields
  • Splunk terminologies, search processing language, and various industry use cases

AlienVault OSSIM fundamentals

  • AlienVault fundamentals and architecture deployment
  • Vulnerability scanning & monitoring with OSSIM

Introduction to QRadar

  • IBM QRadar SIEM component architecture and data flows
  • Using the QRadar SIEM User Interface

Fun with logs

  • Working with offense triggered by events
  • Working with offense triggered by flows

Monitoring

  • Monitor QRadar Notifications and error messages.
  • Monitor QRadar performance
  • Review and interpret system monitoring dashboards.
  • Investigate suspected attacks and policy breaches
  • Search, filter, group, and analyze security data

Tools exposure provided in the above section:

  • SecurityOnion
  • ELK Stack
  • SGUILD
  • Wireshark
  • Splunk
  • AlienVault OSSIM
  • IBM Qradar CE

Domain 2: Digital Forensics

Introduction to Digital Forensics

  • Section Introduction
  • What is Digital Forensics?
  • Collecting evidence typically related to cybercrime
  • Digital Subject Access Requests
  • Computer Forensics Process
  • Identification, Preservation, collection, examination, analysis, reporting
  • Working with Law Enforcement
  • The difference between an internal security issue and one that requires external assistance

Forensics Fundamentals

Section Introduction

  • Introduction to Data Representation
  • hexadecimal, octal, binary files vs. txt files, timestamp formats: UNIX epoch, MAC, Chrome, Windows, FILETIME
  • Hard Drive Basics
  • Platters, sectors, clusters, slack space
  • SSD Drive Basics
  • garbage, collection, TRIM, wear leveling
  • File Systems
  • FAT16, FAT32, NTFS, EXT3/EXT4, HFS+/APFS
  • Metadata & File Carving
  • Memory, Page File, and Hibernation File
  • Order of Volatility

Evidence Forms

  • Section Introduction
  • Volatile Evidence
  • Memory RAM, Cache, Registers content, Routing tables, ARP cache, process table, kernel statistics, temporary file
  • system/swap space
  • Disk Evidence
  • Data on Hard Disk or SSD
  • Network Evidence
  • Remotely Logged Data, Network Connections/Netflow, PCAPs, Proxy logs
  • Web & Cloud Evidence
  • Cloud storage/backups, chat rooms, forums, social media posts, blog posts
  • Evidence Forms
  • Laptops, desktops, phones, hard drives, tablets, digital cameras, smartwatches, GPS

Chain of Custody

  • Section Introduction
  • What is the Chain of Custody?
  • Why is it Important?
  • In regard to evidence integrity and examiner authenticity
  • Guide for Following the Chain of Custody
  • evidence collection, reporting/documentation, evidence hashing, write-blockers, working on a copy of original evidence

Windows Investigations

  • Section Introduction
  • Artifacts
  • Registry, Event Logs, Prefetch, .LNK files, DLLs, services, drivers, common malicious locations, schedules tasks, start-up files
  • Limitations
  • Example Investigations

nix Investigations

  • Section Introduction
  • Artefacts
  • Limitations
  • Example Investigations
  • Artefact Collection
  • Section Introduction
  • Equipment
  • non-static bags, faraday cage, labels, clean hard drives, forensic workstations, Disk imagers, hardware write blockers, cabling, blank media, photographs
  • Tools
  • Wireshark, Network Miner, and others
  • ACPO Principles
  • Live Forensics
  • Fast acquisition of key files
  • How to Collect Evidence
  • Laptops, desktops, phones, hard drives, tablets, websites, forum posts, blog posts, social media posts, chat rooms
  • Types of Hard Drive Copies visible data, bit for bit, slackspace

Live Forensics

  • Section Introduction
  • Live Acquisition
  • What is a live acquisition/live forensics? Why is it beneficial?
  • Products
  • Carbon Black, Encase, memory analysis with agents, Custom Scripts
  • Potential Consequences
  • Damaging or modifying evidence making it invalid

Post-Investigation

  • Section Introduction
  • Report Writing
  • Evidence Retention
  • Legal retention periods, internal retention periods
  • Evidence Destruction
  • Overwriting, degaussing, shredding, wiping
  • Further Reading

Tools exposure provided in the above section:

  • Command-LINE for Windows / Linux
  • FTK IMAGER
  • MAGNATE RAM CAPTURE
  • AUTOPSY
  • Volatility
  • Volatility WorkBench
  • ENCASE

 

Domain 3: Incident Response Domain

Introduction to Incident Response

  • What is Incident Response?
  • Why is IR Needed?
  • Security Events vs. Security Incidents
  • Incident Response Lifecycle – NIST SP 800 61r2
  • What is it, why is it used
  • Lockheed Martin Cyber Kill Chain
  • What is it, why is it used
  • MITRE ATT&CK Framework
  • What is it, why is it used

 Preparation

  • Incident Response Plans, Policies, and Procedures
  • The Need for an IR Team
  • Asset Inventory and Risk Assessment to Identify High-Value Assets
  • DMZ and Honeypots
  • Host Defences
  • HIDS, NIDS
  • Antivirus, EDR
  • Local Firewall
  • User Accounts
  • GPO
  • Network Defences
  • NIDS
  • NIPS
  • Proxy
  • Firewalls
  • NAC
  • Email Defences
  • Spam Filter
  • Attachment Filter
  • Attachment Sandboxing
  • Email Tagging
  • Physical Defences
  • Deterrents
  • Access Controls
  • Monitoring Controls
  • Human Defences
  • Security Awareness Training
  • Security Policies
  • Incentives

Detection and Analysis

  • Common Events and Incidents
  • Establishing Baselines and Behaviour Profiles
  • Central Logging (SIEM Aggregation)
  • Analysis (SIEM Correlation)

Containment, Eradication, Recovery

  • CSIRT and CERT Explained
  • What are they, and why are they useful?
  • Containment Measures
  • Network Isolation, Single VLAN, Powering System(s) Down, Honeypot Lure
  • Taking Forensic Images of Affected Hosts
  • Linking Back to Digital Forensics Domain
  • Identifying and Removing Malicious Artefacts
  • Memory and disk analysis to identify artefacts and securely remove them
  • Identifying Root Cause and Recovery Measures

Lessons Learned

  • What Went Well?
  • Highlights from the Incident Response
  • What Could be Improved?
  • Issues from the Incident Response, and How These Can be Addressed
  • Important of Documentation
  • Creating Runbooks for Future Similar Incidents, Audit Trail
  • Metrics and Reporting
  • Presenting Data in Metric Form
  • Further Reading

Tools exposure provided in the above section:

  • SYSINTERNAL SUITE
  • Hash Calculator
  • Online Sources
  • CyberChef
  • Wireshark
  • Network Minor

Domain4: Threat Intelligence Domain

Introduction to Threat Intelligence

  • Section Introduction
  • Threat Intelligence Explained
  • What is TI, why is it used
  • Why Threat Intelligence can be Valuable
  • Situational awareness, investigation enrichment, reducing the attack surface
  • Criticisms/Limitations of Threat Intelligence
  • Attribution issues, reactive nature, old IOCs, false-positive IOCs
  • The Future of Threat Intelligence
  • Tenable Predictive Prioritization (mixing threat intel with vulnerability management data to calculate dynamic risk scores)
  • Types of Intelligence
  • SIGINT, OSINT, HUMINT, GEOINT

Threat Actors

  • Common Threat Agents
  • Cybercriminals, hacktivists, insider threats, nation-states
  • Motivations
  • Financial, social, political, other
  • Skill Levels/Technical Ability
  • Script Kiddies, Hackers, APTs
  • Actor Naming Conventions
  • Animals, APT numbers, other conventions
  • Common Targets
  • Industries, governments, organizations

  Advanced Persistent Threats

  • What are APTs?
  • What makes an APT?, Real-world examples of APTs + their operations
  • Motivations for Cyber Operations
  • Why APTs do what they do (financial, political, social)
  • Tools, Techniques, Tactics
  • What do APTs actually do when conducting operations
  • Custom Malware/Tools
  • Exploring custom tools used by APTs, why they’re used
  • Living-off-the-land Techniques
  • What LOTL is, why it’s used, why it can be effective

 Operational Intelligence

  • Indicators of Compromise Explained & Examples
  • What IOCs are, how they’re generated and shared, using IOCs to feed defences
  • Precursors Explained & Examples
  • What precursors are, how they’re different from IOCs, how we monitor them
  • TTPs Explained & Examples
  • What TTPs are, why they’re important, using to maintain defences (preventative)
  • MITRE ATT&CK Framework
  • Framework explained and how we map cyber-attacks, real-world example
  • Lockheed Martin Cyber Kill Chain
  • Framework explained and how we map cyber-attacks, real-world example
  • Attribution and its Limitations
  • Why attribution is hard, impersonation, sharing infrastructure, copy-cat attacks
  • Pyramid of Pain
  • You’ll wish we didn’t teach you this. It’s called the Pyramid of Pain for a reason.

Tactical Threat Intelligence

  • Threat Exposure Checks Explained
  • What TECs are, how to check your environment for the presence of bad IOCs
  • Watchlists/IOC Monitoring
  • What are watchlists, how to monitor for IOCs (SIEM, IDPS, AV, EDR, FW)
  • Public Exposure Assessments
  • What PEAs are, how to conduct them, google dorks, harvester, social media
  • Open-Web Information Collection
  • How OSINT data is scraped, why it’s useful
  • Dark-Web Information Collection
  • How intel companies scrape dark web intel, why it’s useful, data breach dumps, malicious actors on underground forums, commodity malware for sale
  • Malware Information Sharing Platform (MISP)
  • What is MISP, why is it used, how to implement MISP

 Strategic Threat Intelligence

  • Intelligence Sharing and Partnerships
  • Why sharing intel is important, existing partnerships, US-CERT, NCCIC, NCSC, ISACs
  • IOC/TTP Gathering and Distribution
  • Campaign Tracking & Situational Awareness
  • Why we track actors, why keeping the team updated is important
  • New Intelligence Platforms/Toolkits
  • Undertaking proof-of-value demos to assess the feasibility of new tooling
  • OSINT vs. Paid-for Sources
  • Threat Intelligence Vendors, Public Threat Feeds, National Vulnerability Database, Twitter

Malware and Global Campaigns

  • Types of Malware Used by Threat Actors
  • Trojans, RATs, Ransomware, Backdoors, Logic Bombs
  • Globally recognized Malware Campaigns
  • Emotet, Magecart, IcedID, Sodinikobi, Trickbot, Lokibot

Further Reading

  • Further Reading Material
  • Links to more resources that students may find helpful.

Tools exposure provided in the above section:

  • AlienVAULT OTX
  • MITRE & ATTACK
  • MISP
  • Maltego
  • ONLINE SOURCES

Need customized curriculum? Talk to Advisor

Choose Your Preferred Learning Mode

1-TO-1 TRAINING

Customized schedule
Learn at your dedicated hour
Instant clarification of doubt
Guaranteed to run

Get Started

ONLINE TRAINING

Flexibility, Convenience & Time Saving
More Effective
Learning Cost Savings

Classes starting from

5th Sep: Weekend

15th Sep: Weekday

ENROLL NOW Preferred

CORPORATE TRAINING

Anytime, Anywhere – Across The Globe
Hire A Trainer
At Your Own Pace
Customized Corporate Training

Contact US For Business

Looking for a customized training?

REQUEST A BATCH

Get Ahead with InfosecTrains Master Certificate

  • Earn your Certificate
    Our course is exhaustive and this certificate is proof that you have taken a big leap in mastering the domain.
  • Differentiate yourself with Masters Certificate
    The knowledge and course skills you've gained working on projects, simulations, case studies will set you ahead of the competition.
  • Share your achievement
    Talk about your Certificate on LinkedIn, Twitter, Facebook, boost your resume, or frame it - tell your friends and colleagues about it.

Learners around the world

Benefits You Will Access Why Infosec Train

Student-infosectrain Certified & Experienced Instructors
24x71-infosectrain Post Training Support
tailor-infosectrain Tailor Made Training
flexible-infosectrain Flexible Schedule
video1-infosectrain Access to the Recorded Sessions

Latest Blog Posts

TOP