COURSE OUTLINESession 5
Financial
• Banking infrastructure
• Interbank, intrabank and international systems (SWIFT)
• Payment systems and applications
• Incidents overview
Session 7
Payment terminals
• ATM & PoS internals
• Typical vulnerabilities and attacks
• Security hardening and incident response
Session 8
Security compliance for financial institutions
• SOX, GDPR
• PCI DSS, ASV practice
Session 9
Industrial Cyber Security (ICSec)
• Processes & Roles
• PLC and Field Devices
• HMIs, Historians, Alarm Servers
• DCS and SCADA
Session 10
ICSec Network Security
• ICS network topologies
• Industry-specific protocols
• Typical vulnerabilities of ICS/SCADA
• ICS security Assessment
Session 11
Industrial Cybersecurity Incidents
• Intrusion detection in industrial environment
• Mission-centric approach to cybersecurity
• Vulnerabilities and incidents. The capabilities of today’s adversaries
• The role of industrial and functional safety in industrial cybersecurity
• DCS and SCADA
• Mission-centric approach to cybersecurity
• Overview of industrial security standards: NERC CIP, NIST, ISA/IEC 62443
Session 12
Electric power industry
• Power grid automation
• NIST Smart Grid Framework model
• Security of communication
• Microgeneration cybersecurity
• Digital substations
Session 13
Transportation cybersecurity
• Railway automation
• Station and wayside systems: computer based interlocking, marshalling yard automation
• Train protection systems, Automatic train control (ATC)
• Centralized Train Control (CTC), ETCS and ERTMS
• Automotive threat landscape: Infotainment, canbus, wireless communications etc.
• Threat modelling for intelligence public transport
Session 14
IoT cybersecurity
• What is IoT?
• Lesson learned: Carna, Mirai botnets
• IoT specific network communications • Centralization and related security issues
• Centralized Train Control (CTC), ETCS & ERTMS
• IoT cybersecurity initiatives
Session 6
Online banking
• Typical vulnerabilities of online banking
• Mobile banking security
• Fraud detection
Session 15
Test
Session 1
Critical Information Infrastructure
Cyber Resilience
• What is Critical Information Infrastructure?• Regulatory compliance (EU)
• Overview of state-level Cyber Resilience and Critical Information Infrastructure
Protection initiatives
Session 3
Telecom Signaling
• SS7, Diameter
• Signaling attacks
Session 2
Telecommunications
• Telecom network internals
• Network security issues
• SDN and SD WAN security
• Cases and incidents
Session 4
Mobile terminals
• Baseband, phones
• Modems, Femtocell, SIM cards
• Security assessment and intrusion detection