Cyber Handbook-Enterprise v1.6 PDF
Cyber Handbook-Enterprise v1.6 PDF
Cyber Handbook-Enterprise v1.6 PDF
Highly Qualified
Certified Instructors
w w w.e ccouncil.org
Table of Contents
Vulnerability Assessment and Penetration Testing 08 Certified Application Security Engineer (CASE) .NET 25
Network Defense and Operations 10 The Licensed Penetration Tester (Master) Credential – LPT (Master) 27
Certifications
Certified Secure Computer User (CSCU) 13 Academic Programs
EC-Council Certified Security Specialist (ECSS) 14 Bachelor of Science in Cyber Security (BSCS) 31
02
Who We Are
The EC-Council group is made up of several entities CCISO, CHFI, and CND programs. We have so far helping organizations understand and manage
that all help serve the same goal which is to create certified over 2,20,000 professionals in various their cyber-security risk posture effectively. EGS
a better, safer cyber world through awareness and e-business and cybersecurity skills. specializes in helping clients make informed
education. Our entities include International business decisions to protect their organizations.
Council of eCommerce Consultants (EC-Council), iClass is EC-Council’s direct certification training EGS has over 20 dedicated cyber security practice
iClass, EC-Council University, EC-Council Global program. iClass delivers EC-Council certification areas informed by the best cyber security
Course
Services (EGS), Description
and EC-Council Conferences and courses through various training methodologies: Course
practitioners, each of Outline
whom have dedicated their
Events. instructor-led at client facilities, synchronous lives to defending organizations from
delivery through live, online instructor-led, and cyber-attacks.
EC-Council creates content (course materials and asynchronously through our streaming video
exams) and certification delivered through our platform. iClass course videos can also be loaded EC-Council’s Conference and Events Group is
channel of authorized training centers which onto a mobile device, such as an iPad, and shipped responsible for planning, organizing, and running
consists of over 700 partners representing over to a client location. conferences throughout the globe. TakeDownCon
2,000 physical locations in more than 145 countries and Hacker Halted are IT security conferences that
across the globe. We are the owner and developer bring world renowned speakers together for
of the world-famous Certified Ethical Hacker (CEH), keynotes, panels, debates, and breakout sessions.
Computer Hacking Forensics Investigator (CHFI), Conferences have been run in Dallas, Las Vegas, St.
EC-Council Certified Security Analyst (ECSA), and “Our lives are dedicated to the Louis, Huntsville, Maryland, Connecticut, Myrtle
License Penetration Tester (LPT)(Master) programs. Beach, Miami, Atlanta, Iceland, Hong Kong, Egypt,
mitigation and remediation Singapore, Mumbai, Dubai, Bahrain, London, Abu
Our certification programs are recognized of the cyber plague that is Dhabi and Kuala Lumpur.
worldwide and have received endorsements from
Key Outcomes menacing
Examthe world today”
Information
various government agencies, including the United Other events include CISO Summits, Global CISO
States Federal Government (via the Montgomery GI Forums, and Executive Cocktail Receptions where
Bill), the National Security Agency (NSA), and the Jay Bavisi EC-Council brings speakers and content to
Committee on National Security Systems (CNSS). President & CEO executive level IT Security Professionals.
All these reputed organizations have Certified EC-Council
Ethical Hacker (CEH), Computer Hacking Forensics The Global Cyberlympics competition is a “capture
Investigator (CHFI), EC-Council Disaster Recovery the flag” type competition with approximately
Professional (EDRP), EC-Council Certified Security 1,000 global participants. EC-Council brings the
Analyst (ECSA), Advanced Penetration Testing (APT) hackers together online for preliminary elimination
and Licensed Penetration Tester (LPT)(Master) rounds and then brings the top two teams (6-8
programs for meeting the 4011, 4012, 4013A, 4014, EC-Council University is a DEAC accredited players per team) from each region to compete in
4015 and 4016 training standards for information university offering programs such as Bachelor of the final head-to-head competition.
security professionals. EC-Council has received Science in Cyber Security, Master of Science in
accreditation from the American National Cyber Security, and Graduate Certificate Program.
Standards Institute (ANSI) for our coveted CEH, EC-Council Global Services (EGS) is dedicated to
03
EC-Council Uni-Aid - Don’t stop learning
EC-Council
EC-Council
04
EC-Council at a Glance
EC-Council Group is a multidisciplinary institution of global Information Security professional services.
EC-Council Group is a dedicated Information Security organization that aims at creating knowledge, facilitating innovation, executing research, implementing
development, and nurturing subject matter experts in order to provide their unique skills and niche expertise in cybersecurity.
Some of the finest organizations around the world such as the US Army, US Navy, DoD, the FBI, Microsoft, IBM, and the United Nations have trusted EC-Council to develop
and advance their security infrastructure.
Course Description Course Outline
05
Your Learning Options
Instructor-led Training
facility in your city.
Course Description
Online Training Course Outline
iLearn online training is a distance learning program designed for those who cannot attend a live course. The program is for the people who have a very busy schedule and want to learn at their own
pace through self-study. This modality is also available from our enterprise teams.
Mobile Learning
Our world class content is also available on a mobile device, allowing our students to learn on the go. This program is designed for those who are cannot attend a live course, but are keen to improve
their cyber security skills. This modality is also available from our enterprise teams.
Computer-based Training
base iLearn program and are not sold independently. This modality is also available from our enterprise teams.
Customized Learning
channel. Let us know where and when you want the training delivered, and we will arrange for an instructor and all that’s required for a course to be taught at a location of your choice. Contact our
accredited training partners for a custom solution.
EC-Council client-site training includes official courseware, certification exam (ECC-Exam or VUE), iLabs, online labs (wherever available), and our test-pass guarantee.
06
Foundation Track
Target
Audience
Course Description
CSCU ECSS
EC-Council Certified
Security Specialist
ECES
212-81
EC-Council Certified
Encryption Specialist
Course Outline
112-12 Computer User
This track focuses on todays’
computer users who use the internet
extensively to work, study and play.
Mac
...
Disaster Credit Card Monitoring Kids Wireless & Home
Internet Security OS Security
Recovery Security Online Network Security
*All credentials can be attained individually. Please refer to cert.eccouncil.org for the eligibility criteria.
07
Vulnerability Assessment & Penetration Testing (VAPT)
Course
CEH
Description
Certified Ethical ECSA EC-Council Certified Course Outline
- Information Assurance (IA) Security Officer
(Practical) Hacker (Practical) 412-79 Security Analyst - Information Security Analyst/Administrator
Certification
* B e s p o k e m o d u l e s a v a i l a b l e f o r e n t e r p r i s e s
Our Certified VAPT Professionals
are Employed at:
Key Outcomes Exam Information
Academic
*All credentials can be attained individually. Please refer to cert.eccouncil.org for the eligibility criteria.
08
Job
Roles
Course
CEHDescription
Certified Ethical Course Outline
(Practical) Hacker (Practical)
312-38
* B e s p o k e m o d u l e s a v a i l a b l e f o r e n t e r p r i s e s
...
*All credentials can be attained individually. Please refer to cert.eccouncil.org for the eligibility criteria.
09
Course Description Course Outline
312-38
...
*All credentials can be attained individually. Please refer to cert.eccouncil.org for the eligibility criteria.
10
Job
Roles
LPT Licensed Penetration
(MASTER) Tester (Master)
Certified Application
CASE .Net Security Engineer
312-95 .Net
Our Certified Software Security Professionals
are Employed at:
...
*All credentials can be attained individually. Please refer to cert.eccouncil.org for the eligibility criteria.
11
Domain
Strategic Planning,
5 1 Domain
Job
Roles
Finance, & Vendor Governance
Course Description
Management Course Outline
- Information Security (IS) Director
- Information Assurance (IA) Program
Manager
2
TM
4 C CISO
Domain
Domain
3
- Information Security
Professional
Domain - Information Analyst
- Information Technology
Security Program Analyst
- Disaster Recovery
Management & Operations
- Digital Forensics
*All credentials can be attained individually. Please refer to cert.eccouncil.org for the eligibility criteria.
12
C SCU
Certified Secure Computer User
Certified Secure Computer User (CSCU)
• Introduction to Security
CSCU provides individuals with the necessary knowledge and skills to protect their information assets. • Securing Operating Systems
This course covers fundamentals of various computer and network security threats such as identity theft, • Malware and Antivirus
credit card fraud, phishing, virus and backdoors, emails hoaxes, loss of confidential information, hacking
attacks, and social engineering. • Internet Security
13
EC-Council Certified Security Specialist (ECSS)
EC-Council Certified Security Specialist (ECSS) is an entry level security program covering the fundamental • Information Security Fundamentals
concepts of information security, computer forensics, and network security. It enables students to identify • Networking Fundamentals
information security threats which reflect on the security posture of the organization and implement • Secure Network Protocols
general security controls. • Information Security Threats and Attacks
• Social Engineering
This program will give a holistic overview of the key components of information security, computer • Hacking Cycle
forensics, and network security. This program provides a solid fundamental knowledge required for a career • Identification, Authentication, and
in information security. Authorization
• Cryptography
• Firewalls
• Intrusion Detection System
• Data Backup
Key Outcomes Exam Information • Virtual Private Network
• Wireless Network Security
• Web Security
• It facilitates your entry into the world of • Exam Title: EC-Council Certified Security • Ethical Hacking and Pen Testing
Information Security Specialist • Incident Response
• It provides professional understanding • Exam Code: ECSS • Computer Forensics Fundamentals
about the concepts of Information Security, • Digital Evidence
Network Security, and Computer Forensics • Number of Questions: 50 • Understanding File Systems
• Windows Forensics
• It provides best practices to improve • Duration: 2 hours • Network Forensics and Investigating
organizational security posture • Availability: ECC Exam Portal Network Traffic
• Steganography
• It enhances your skills as a Security Specialist • Test Format: Multiple Choice • Analyzing Logs
and increases your employability • E-mail Crime and Computer Forensics
• Passing Score: 70% • Writing Investigative Report
14
EC-Council Certified Encryption Specialist (ECES)
• Applications of Cryptography
• Cryptanalysis
• Develop skills to protect critical data in • Exam Title: EC-Council Certified Encryption
organizations with encryption Specialist
• Develop a deep understanding of essential • Exam Code: 212-81
cryptography algorithms and their
applications • Number of Questions: 50
• Make informed decisions about applying • Duration: 2 hours
encryption technologies
• Save time and cost by avoiding common • Availability: ECC Exam Portal
mistakes in implementing encryption • Test Format: Multiple Choice
technologies effectively
• Develop working knowledge of cryptanalysis • Passing Score: 70%
15
C ND
Certified Network Defender
Certified Network Defender (CND)
16
TM
C EH
Certified Ethical Hacker
Certified Ethical Hacker (C|EH)
17
Certified Ethical Hacker (Practical)
This is the next step after you have attained the highly acclaimed Certified Ethical Hacker certification. • Perform OS banner grabbing, service, and
user enumeration.
• Perform system hacking, steganography,
steganalysis attacks, and cover tracks.
• Identify and use viruses, computer worms,
and malware to exploit systems.
Key Outcomes Exam Information
• Perform packet sniffing.
• Conduct a variety of web server and web
• Mastery of Ethical Hacking skills. • Exam Title: Certified Ethical Hacker (Practical) application attacks including directory
traversal, parameter tampering, XSS, etc.
• Demonstrate the application of the • Number of Practical Challenges: 20
knowledge to find solutions to real-life • Perform SQL injection attacks.
challenges. • Duration: 6 hours • Perform different types of cryptography
• Commitment to code of ethics. attacks.
• Availability: Aspen - iLabs • Perform vulnerability analysis to
• Validate essential skills required in the ethical
identify security loopholes in the target
hacking domains. • Test Format: iLabs Cyber Range
organization’s network, communication
infrastructure, and end systems etc.
• Passing Score: 70%
18
C T IA
Certified Threat Intelligence Analyst
Certified Threat Intelligence Analyst (CTIA)
19
TM
E C SA
EC-Council Certified Security Analyst
EC-Council Certified Security Analyst (ECSA)
• Analyze security of mobile devices and • Availability: ECC Exam Portal • Wireless Penetration Testing Methodology
wireless networks • Cloud Penetration Testing Methodology
• Test Format: Multiple Choice
• Present findings in a structured actionable • Report Writing and Post Testing Actions
report • Passing Score: 70%
20
EC-Council Certified Security Analyst (Practical)
21
TM
ECIH
EC-Council Certified Incident Handler
EC-Council Certified Incident Handler (ECIH)
• Principals, processes and techniques for • Exam Title: EC-Council Certified Incident • Incident Reporting
detecting and responding to security threats/ Handler
breaches • Incident Recovery
• Exam Code: 212-89
• Liaison with legal and regulatory bodies • Number of Questions: 50 • Security Policies and Laws
• Cover various incidents like malicious code, • Test Format: Multiple Choice
network attacks, and insider attacks • Passing Score: 70%
22
TM
C HFI
Computer Hacking Forensic
INVESTIGATOR
Computer Hacking and Forensic Investigator (CHFI)
• Network Forensics
Key Outcomes Exam Information • Investigating Web Attacks
• Database Forensics
• Comprehensive forensics investigation • Exam Title: Computer Hacking Forensic • Cloud Forensics
process Investigator
• Forensics of file systems, operating systems, • Exam Code: 312-49 exam • Malware Forensics
network and database, websites, and email • Number of Questions: 150 • Investigating Email Crimes
systems
• Duration: 4 hours • Mobile Forensics
• Techniques for investigating on cloud,
malware, and mobile • Availability: ECC Exam Portal
• Forensics Report Writing and Presentation
• Data acquisition and analysis as well as • Test Format: Multiple Choice
anti-forensic techniques • Passing Score: Please refer to https://cert.
• Thorough understanding of chain of custody, eccouncil.org/faq.html
forensic report, and presentation
23
JAVA
C ASE
Certified Application Security Engineer
Certified Application Security Engineer (CASE) Java
24
.NET
C ASE
Certified Application Security Engineer
Certified Application Security Engineer (CASE) .Net
CASE goes beyond just the guidelines on secure coding practices but include secure requirement gathering, robust • Understanding Application Security,
application design, and handling security issues in post development phases of application development. Threats, and Attacks
The hands-on training program encompasses security activities involved in all phases of the Secure Software • Secure Coding Practices for Input
Development Life Cycle (SDLC): planning, creating, testing, and deploying an application. Validation
25
APT
Advanced Penetration Testing
Advanced Penetration Testing
26
The Licensed Penetration Tester (Master) Credential– LPT(Master)
by Ali Isikli
Key Outcomes Exam Information
27
CAST 614 – Advanced Network Defense
Center for Advanced Security Training
• Firewalls
CAST 614 is an advanced course offering you the opportunity to deep dive into the crucial practical
aspects of enterprise network security. • Advanced Filtering
It covers fundamental areas of fortifying your defenses by discovering methods of developing a secure • Firewall Configuration
baseline and how to harden your enterprise architecture from the most advanced attacks. Once a strategy
for a fortified perimeter is denied, the course moves on to defending against the sophisticated malware • Hardening: Establishing a Secure Baseline
that is on the rise today, and the importance of live memory analysis and real time monitoring.
• Intrusion Detection and Prevention
• Endpoint Protection
• Stage a strong defense against popular • Exam Title: CAST 614 - Advanced Network
security threats Defense • Securing an Enterprise
28
TM
Disaster
EC-Council Recovery
Professional EC-Council Disaster Recovery Professional (EDRP)
29
TM
C CISO
Certified Chief Information Security Officer
Certified Chief Information Security Officer (C|CISO)
• Governance
The C|CISO certification is an industry-leading program that recognizes the real-world experience necessary
to succeed at the highest executive levels of information security. Bringing together all the components • Security Risk Management, Controls, &
required for a C-Level positions, the C|CISO program combines audit management, governance, IS controls, Audit Management
human capital management, strategic program development, and the financial expertise vital for leading a
highly successful IS program. • Security Program Management &
Operations
The C|CISO Training Program can be the key to a successful transition to the highest ranks of information
• Information Security Core Competencies
security management.
• Strategic Planning, Finance, & Vendor
Management
• Establishes the role of CISO and models for • Number of Questions: 150
governance • Duration: 2.5 hours
• Core concepts of information security • Test Format: Multiple Choice
controls, risk management, and compliance
30
Bachelor of Science in Cyber Security (BSCS)
ACCREDITED. FLEXIBLE. ONLINE.
31
Graduate Certificate Programs
ACCREDITED. FLEXIBLE. ONLINE.
EC-Council University’s Graduate Certificate Program focuses on the competencies necessary • Security Analyst
for information assurance professionals to become managers, directors, and CIOs. Students will
• Enterprise Security Architect
experience not only specialized technical training in a variety of IT security areas, but will also acquire
an understanding of organizational structure and behavior, the skills to work within and across that • Digital Forensics
organizational structure, and the ability to analyze and navigate its hierarchy successfully. Each certificate
targets skills and understandings specific to particular roles in the IT security framework of an organization. • Incident Management and Business
The certificates can be taken singly or as a progressive set of five, each building on the one before it to Continuity
move students from IT practitioner skill levels to IT executive skill levels. • Executive Leadership in Information
Assurance
• Ethical practice
32
Master of Science in Cyber Security (MSCS)
ACCREDITED. FLEXIBLE. ONLINE.
33
Course Description Course Outline
w w w.e ccouncil.org
34