Certificate Course in 'Cyber Law & Cyber Security'

                                                             Certification in Cyber Law & Cyber Security   

Conducted by

Dr CBS Cyber Security Services LLP, Jaipur

(CERT-In Empanelled Information Security Auditing Organization)

Under the academic auspices  of

Sardar Patel University of Police, Security and Criminal Justice, Jodhpur

Name of CertificateCertification in Cyber Law & Cyber Security
Time Duration03 Months (12 Weeks)
Contact Classes

72 sessions (72 Hrs): 2 sessions (60 mins each) per day:

3 days per week

Credits earned8
Eligibility  (10+2)/Diploma (IT, Computer Science, ECE)/ BCA/BSc/ BBA/ BA/ BCom/ B.Tech/ M.Tech/ MSc/ MCA/MBA Students/ Researchers/ Academicians/ IT Administrators/ Corporate Professionals/ Bank Officials/ CA/ CS/ Financial Auditors.
Scheme of ExaminationOn the completion of each module an assignment will be given to the participants. At the end of the training program, an online certification examination will be conducted. Certificates will be awarded to the successful participants.

Course Content

ModuleSession No.Index

   

    I

 

     1Introduction: Cyber Law, Characteristics of Cyber Law, Indian Cyber Laws and Rules,
     2Terminology of Cyber Law.
     3IT Act 2000: Need for IT Act and Glimpses.
     4E-Commerce: Legal recognition of Electronic record and Electronic signature, authentication of electronic records, Secure Electronic record and Electronic Signature {Sec. 14,15}.
     5Digital Signatures; Issuing, renewal, suspension and revocation of Digital Signature certificate.
     6Hands on practice on Use of Digital signature and authentication of electronic record in Government and its agencies {Sec. 3, 6}

   

    II

     7Delivery of services by service provider, IT {Intermediary Guidelines and Media Ethics} Rules, 2021
     8Information Technology (Use of electronic records and digital signatures) Rules, 2004 {Sec. 6 (1 & 2)}.
     9Certifying authority: its Appointment, functions and powers  Information Technology (Certifying Authorities) Rules, 2000,  Information Technology (Certifying Authorities) Regulation, 2001 {Sec. 35 & 36}
     10Security Procedure and practices for securing electronic record and electronic signature, The Information Technology (Security Procedure) Rules, 2004 {Sec. 16}.
     11Controller: appointment, functions and recognition of certifying authorities, Power of Controller to give directions, offence on non-compliance {Sec. 68}
     12Power to monitor and collect traffic data for cyber security {Sec. 69B}. IT (procedure and safeguards for monitoring and collection traffic data or information) rules 2009.

   

    III

     13Cyber Appellate tribunal {Sec. 48}: power of superintendence and direction of appellate tribunal {Sec. 52-A}, its jurisdiction vis-à-vis civil court {Sec. 61}.
     14Acts of damage to computer, computer system and related offences: penalty and compensation thereof {Sec. 43, 66}.
     15Protection of data and compensation for failure thereof {Sec. 43A}. IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011.
     16Cyber offences related to tempering with computer source document {Sec. 65}, Dishonestly receiving stolen computer resource etc. {Sec. 66B} identity theft {Sec. 66C} and cheating by personation {66D}.
     17Offence of violation of privacy {Sec. 66E}, Publishing or transmitting obscene material {Sec. 67}/ material containing sexually explicit act {Sec. 67A}/material depicting children in sexually explicit act {Sec. 67B} in electronic form and punishment thereof
     18Cyber terrorism and punishment thereof {Sec. 66F}, Retention of information by intermediaries and offences thereof {Sec. 67C}.

 

     IV

     19Preservation and detention of Information by Intermediary {Sec. 67C}.
     20Power to issue direction for interception or monitoring or decryption of information through computer resource {Sec. 69}, IT (procedure and safeguards for interception, monitoring and decryption of information) rules, 2009.
     21Power to issue direction for blocking of information through computer resource (Section 69A), IT (procedure and safeguards for blocking for access of information by public) Rules 2009.
     22Protected system, Indian computer emergency response team, its functions and duties {Sec. 70, 70A & 70B}.
     23Offences related to misrepresentation, breach of confidentiality and breach of lawful contract and punishment thereof {Sec. 71,72,72A}
     24Offence of publishing false electronic signature certificate and for fraudulent purpose and punishment thereof {Sec. 73, 74}.

   

    V

     25Application of IT Act for offences and contraventions committed outside India {Sec. 75}. Compounding of offences, determination of time and place of dispatch and receipt of electronic record {Sec. 13}.
     26Power to investigate and to enter, search and arrest without warrant in offences under IT Act {Sec 78, 80}.
     27Application of the IT Act to electronic cheques, truncated cheques, documents of transaction connected with Negotiable Instruments Act, 1881; Power of Attorney Act, 1882; Indian Trusts Act, 1882; Indian succession Act 1925 and contracts for the sale or conveyance of immovable property.
     28Modes of encryption, decryption, cryptography, Dark Web and Deep Web etc. and methods thereof {Sec. 84A, IT (Certifying Authorities) Regulation, 2001}.
     29Offences of abetment and attempt to commit offences.  Offences by companies and punishment thereof {Sec. 84B, 84C & 85}.
     30Reporting and Redressal procedure of cybercrime {Where, what, how, when and to whom to report?}.

 

 

 

     VI

     31Cyber Security: Introduction, Definitions, Need of IT Security, Terminologies used in the Cyber security including information, devices, computer, computer resource, communication device, unauthorised access etc.
     32Legal mandate and rules regarding Reasonable Security Practices and Procedure
     33Security Awareness, Compliance and Risk Assessment, Cyber Crisis Management Plan
     34General Data Protection Regulation (GDPR), OECD Guidelines on the Protection of Privacy and Trans-border flow of Personal Data;
     35Personal Data Protection Bill 2019
     36Nodal Agencies for IT Security in India: Computer Emergency Response Team India (CERT-In), Duties of CERT-In

   

    VII

     37Nodal Agencies for IT Security in other countries: CERT of  other countries, Other International bodies of Cyber Security like National Institute of Standards & Technology (NIST)
     38National Critical Information Infrastructure Protection Centre (NCIIPC) and it duties and scope
     39International standardisation of Cyber security ISO/ IEC 27001, ISO 27002 and security controls & policies.
     40Information Security Guidelines & other Standards: ISO/ IEC 27017 for Cloud Services, ISO/IEC 27018 for personal, identifiable information in public cloud.
     41End Point Security, Server Security, Communications Security Testing
     42Network security, Web-application security,  Internet & Wireless security,

 

    VIII

     43Compliance (ISO 27001, PCI, GDPR, RBI, SEBI, Stock Exchanges, IRDA etc.),
     44Other Cyber Security standards: COBIT, ITIL, Security Framework etc.
     45Payment card industry data security standards (PCI-DSS)
     46Society for Worldwide Interbank Financial Telecommunications: Customer Service Programme (SWIFT-CSP)
     47Application Security Assessment, Malware Backdoor Detection.
     48Risk Assessment, Enterprise Security Architecture Review, Data Leak Prevention (DLP) consulting.

   

     IX

     49Mobile Application Security, API Security, Network Performance Testing, Cloud Security, Source Code Review
     50Incident Response, IoT Security Assessment, Data Centre Security Operation Centre (SOC), Authentication User Agency (AUA )/ KYC User Agency (KUA) – Aadhaar Security
     51Electronic Signature (e-Sign) Compliance, Red Team Assessment, AEPS and Aadhaar Pay Micro ATM Security.
     52Supervisory Control and Data Acquisition(SCADA) Security
     53Endpoint Computer and Server Security: Setup of operating system and Servers, OS Change Management Procedures– Version control, Patch Updates, hot-fixes, Service packs, hardening of Operating Systems
     54User account management including maintenance of sensitive User accounts – Use of root and other sensitive passwords, File systems security of the OS

   

     X

     55Review of Access rights and privileges, role based access control, Use of administrative shares, default login /passwords, remote access / Netmeeting or any other tools, Use of sensitive system software utilities, Remote access polices including Remote Desktop Management
     56Users and Groups created, including all type of users’ management ensuring password complexity, periodic changes etc., Profiles and log-in scripts, Services and ports accessibility, Audit of virtual machines, Review of Log Monitoring, its’ sufficiency, security, preservation and backup; Registry settings (registry security permissions)
     57Implementation of ADS (Active Directory Services) or Group Policy, Antivirus update and its effectiveness, Storage Security- data encryption and integrity;  Review of the Logs of Backend Database changes, Review of Adherence to licensing requirements, Review of Unauthorized off port services running (Lab Exercise)
     58Network Security: Understanding Network, topology, types of networks, Review of segregation of network into various trusted zones, Analysis of Network Security controls,
     59Security of firewall, IDS/IPS, proxy server, antivirus server, email Systems etc. Access control for DMZ, WAN, and for specific applications, Firewall policy, configurations, deployment and effectiveness, Review of all types of network level access controls
     60Security of Wireless & very-small-aperture terminal (VSAT) infrastructure.

   

      XI

     61Internet controls & logs, for ensuring sufficiency & security of creation, maintenance and backup, delegation of rights to users in accordance with job functions
     62IoT & Cloud Security: Introduction, Security of data & information on cloud, security measures for IoT Devices
     63Risk in IT security: Definition, identification and classification
     64IT security breach and incident management: Incident Management and handling processes, roles and responsibilities, alerting and incident response procedures, verification of incident reports and effectiveness measurement, awareness of security incidents and events
     65Role of Backup, Storage Media Management, Handling and Recovery in IT security
     66Physical & Environmental Security: Physical Security Control system, CCTV systems, Premises security management, Assessment of risks and vulnerabilities due to natural calamities, Air-conditioning, humidity control systems, Fire protection systems, their adequacy and state of readiness, Power supply, Redundancy of power supply, Generator, UPS capacity, Assets safeguarding, handling of movement of Man / Material/ Media/ Backup/ Software/ Hardware/ Information, Pest prevention / rodent prevention systems, Water leakage detection systems, Regular Review, Vendor Evaluation Reports

   

     XII

     67Data Centre/ Disaster Recovery (DR) Site: Physical and Logical Security controls
     68Logical security, IT security of Websites & Portals
     69Social Media Security : Introduction, Types of Social Media, Social Media Terminologies, Modus Operandi of various Attacks on Social Media, Security Measures to counter the Social media application attacks
     70

Online Banking Security: Introduction, types of banking, banking terminologies,

Modus operandi of various online banking and financial frauds

     71Evaluation
     72