This course is well suited to professionals with varied disciplines and positions. Application and Business Security stakeholders, such as cybersecurity architects, engineers, designers, planners, operators and managers as well as professional roles such as project management, sales, finance and compliance, attend CSES®. This course provides a comprehensive understanding of cybersecurity architecture, cryptography and secure communications and the overall design as well a good understanding of web and mobile and the role of cybersecurity. How to leverage engineering in cybersecurity to address the risks associated with the application and data is adequately addressed. It covers the security consideration for the Application Ecosystem.


Become CSES® Certified


Who should take this course?


Cyber Security Professionals including but not limited to, Security Analyst, Security Engineer, Security Architect, Security Administrator, Security Software Developer, Cryptographer, Cryptanalyst, Security Consultant and also Application Developers, Finance Professionals, Data Center Designers/Engineers, Data Center Planners, Project Managers, Legal & Compliance Professionals, College Students & Graduates and Business Continuity Experts.


What you study?


The course provides comprehensive coverage of the Cybersecurity Architecture History & Overview, Cybersecurity Architecture Governance, Reference Security Architecture, Cybersecurity Architecture Strategy, Cybersecurity Architecture Design Document, Cybersecurity Architecture & Operations, Cybersecurity Architecture Practical Designs, Intrusion Detection/Penetration System, Cybersecure Communications, Public Cryptography & Key Infrastructure Certificates, Secure Socket Layer (SSL) & Transport Layer Security (TLS) Protocols, cybersecurity considerations for the 7-layers of the Application Ecosystem, 5G network security, trends in cybersecurity architecture technology and the future of cybersecurity architecture.


Learning Outcomes


Learn how to design cyber security solutions, Learn cyber security best practices to keep the whole system cyber safe, e.g. Application Security, Learn to design and engineer robust cyber security architectures and approaches, e.g. defense in-depth, layered security, security-by-design, resilience-by-design and Learn cyber security principles beyond the CIA Triads.


CSES® Syllabus


Day 1Cyber Security Engineering Specialist (CSES)®️

Cybersecurity Architecture History & Overview
  • Five Principles for Design of Cybersecurity Systems
  • Before Designing a system, the Context must be Established
  • Make it very Difficult for Attackers to Compromise your AE
  • The Design Must Make AE Downtime Very Difficult to Occur
  • Being Able to Detect Attacks
  • Reduce the Impact Should an Attack Occur
Application Security Architecture
  • The Application Ecosystem
  • Application Security
  • Application Architecture
  • TOGAF Security Architecture Phases
  • SABSA Secure Application Development
  • Application Security Architecture Governance
  • Application Architecture Security Checklist
Operating Systems & Virtualization
  • Overview
  • Attacker Model
  • Operating System Role and its Security Design Considerations
Symmetric Key Ciphers & Wireless LAN Security
  • Overview
  • Block Ciphers
  • The Feistel Function in a DES Operation
  • Triple DES (3DES)
  • AES Encryption and why it was Developed
  • 128vs129vs256-Bit AES
  • Security Challenges with AES
  • Confidentiality Modes
  • Stream Cipher
  • WLAN Security Journey
  • Wi-Fi Protected Setup (WPS)

Day 2Cyber Security Engineering Specialist (CSES)®️

Hash & Authentication
  • Overview
  • Hash Function Properties
  • Authentication
  • Hash Function Properties
  • Hash Function History
  • Issues with SHA2
  • Migration to SHA-3
  • Hash Message Authentication Code (HMAC)
  • Key Derivation Function (KDF) & Pseudorandom Function (PRF)
  • Authentication Based Password
  • Dictionary Attack
  • Malware Password Cracking Technique
  • Unix Encrypted Password System
  • UNIX/LINUX Password Hash
  • The MD-5 Based Scheme
  • SSHA Scheme
  • Automated Password Generator
  • Online Authentication
  • One-Time Password (OTP) & Token
  • SecurID Simple Authentication & Security (SASL)
  • HMAC-Based One-Time Password (HOTP)
  • Cryptographic Token Initialization
Data Encryption
  • Overview
  • The Need for Data Encryption
  • Case Study
  • Mathematical Introduction to Cryptography
  • Classical Cryptography
  • Euclidean Algorithm
  • Modular Arithmetic
Public Key Cryptographic Infrastructure and Certificates
  • Overview
  • The Need for Data Encryption
  • Case Study
  • Mathematical Introduction to Cryptography
  • Classical Cryptography
  • Euclidean Algorithm
  • Modular Arithmetic
Data Protection: Using Transport Layer Security
  • About TLS
  • Deploying TLS for Web Servers
  • TLS Secure Configuration Recommended
  • Protecting Mail Servers with TLS
  • Choosing Certificate Authority
  • CA Choice
  • Testing
  • TLS Recommended Cryptographic Profiles

Day 3Cyber Security Engineering Specialist (CSES)®️

Transport Layer Security v1.3
  • TLS 1.2 vs TLS1.3 – How they differ
  • Removed Algorithms and Ciphers
  • Faster and Refined Handshake
  • AEAD Bulk Encryption
  • Simplified Ciphers Suites
  • Support
  • Upgrade
  • Troubleshooting Common Errors
  • Running Old Versions
Virtual Private Networks for Network Layer Security
  • Network Security Overview
  • Internet Protocol Security (IPSec)
  • IPSec Services
  • IPSec Modes
  • Security Association
  • The Encapsulating Security Protocol (ESP)
  • The Authentication Header
  • Anti-Replay Service
  • The internet Key Exchange (IKE)
Hardware Security
  • Hardware Design Process Brief Overview
  • Trust Root
  • Threat Model
  • Hardware Security Measurement
  • IoT Platforms Security Evaluation Standard
  • Secure Platform
  • Secure Element and Smartcard
  • Trusted Platform Module
Web & Mobile Security
  • Security Challenges
  • Background
  • Web & Mobile Ecosystem
  • Appification
  • OWASP Top 10 Mobile Security Risk unpacked
  • Exams

IDCA Course Modules

IDCA offers a wide range of educational professional training programs geared specifically to the Cyber Security: