Certificate Course in 'Cyber Law & Cyber Security'
Certification in Cyber Law & Cyber Security | ||
Conducted by Dr CBS Cyber Security Services LLP, Jaipur (CERT-In Empanelled Information Security Auditing Organization) Under the academic auspices of Sardar Patel University of Police, Security and Criminal Justice, Jodhpur | ||
Name of Certificate | Certification in Cyber Law & Cyber Security | |
Time Duration | 03 Months (12 Weeks) | |
Contact Classes | 72 sessions (72 Hrs): 2 sessions (60 mins each) per day: 3 days per week | |
Credits earned | 8 | |
Eligibility | (10+2)/Diploma (IT, Computer Science, ECE)/ BCA/BSc/ BBA/ BA/ BCom/ B.Tech/ M.Tech/ MSc/ MCA/MBA Students/ Researchers/ Academicians/ IT Administrators/ Corporate Professionals/ Bank Officials/ CA/ CS/ Financial Auditors. | |
Scheme of Examination | On the completion of each module an assignment will be given to the participants. At the end of the training program, an online certification examination will be conducted. Certificates will be awarded to the successful participants. | |
Course Content | ||
Module | Session No. | Index |
I
| 1 | Introduction: Cyber Law, Characteristics of Cyber Law, Indian Cyber Laws and Rules, |
2 | Terminology of Cyber Law. | |
3 | IT Act 2000: Need for IT Act and Glimpses. | |
4 | E-Commerce: Legal recognition of Electronic record and Electronic signature, authentication of electronic records, Secure Electronic record and Electronic Signature {Sec. 14,15}. | |
5 | Digital Signatures; Issuing, renewal, suspension and revocation of Digital Signature certificate. | |
6 | Hands on practice on Use of Digital signature and authentication of electronic record in Government and its agencies {Sec. 3, 6} | |
II | 7 | Delivery of services by service provider, IT {Intermediary Guidelines and Media Ethics} Rules, 2021 |
8 | Information Technology (Use of electronic records and digital signatures) Rules, 2004 {Sec. 6 (1 & 2)}. | |
9 | Certifying authority: its Appointment, functions and powers Information Technology (Certifying Authorities) Rules, 2000, Information Technology (Certifying Authorities) Regulation, 2001 {Sec. 35 & 36} | |
10 | Security Procedure and practices for securing electronic record and electronic signature, The Information Technology (Security Procedure) Rules, 2004 {Sec. 16}. | |
11 | Controller: appointment, functions and recognition of certifying authorities, Power of Controller to give directions, offence on non-compliance {Sec. 68} | |
12 | Power to monitor and collect traffic data for cyber security {Sec. 69B}. IT (procedure and safeguards for monitoring and collection traffic data or information) rules 2009. | |
III | 13 | Cyber Appellate tribunal {Sec. 48}: power of superintendence and direction of appellate tribunal {Sec. 52-A}, its jurisdiction vis-à-vis civil court {Sec. 61}. |
14 | Acts of damage to computer, computer system and related offences: penalty and compensation thereof {Sec. 43, 66}. | |
15 | Protection of data and compensation for failure thereof {Sec. 43A}. IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011. | |
16 | Cyber offences related to tempering with computer source document {Sec. 65}, Dishonestly receiving stolen computer resource etc. {Sec. 66B} identity theft {Sec. 66C} and cheating by personation {66D}. | |
17 | Offence of violation of privacy {Sec. 66E}, Publishing or transmitting obscene material {Sec. 67}/ material containing sexually explicit act {Sec. 67A}/material depicting children in sexually explicit act {Sec. 67B} in electronic form and punishment thereof | |
18 | Cyber terrorism and punishment thereof {Sec. 66F}, Retention of information by intermediaries and offences thereof {Sec. 67C}. | |
IV | 19 | Preservation and detention of Information by Intermediary {Sec. 67C}. |
20 | Power to issue direction for interception or monitoring or decryption of information through computer resource {Sec. 69}, IT (procedure and safeguards for interception, monitoring and decryption of information) rules, 2009. | |
21 | Power to issue direction for blocking of information through computer resource (Section 69A), IT (procedure and safeguards for blocking for access of information by public) Rules 2009. | |
22 | Protected system, Indian computer emergency response team, its functions and duties {Sec. 70, 70A & 70B}. | |
23 | Offences related to misrepresentation, breach of confidentiality and breach of lawful contract and punishment thereof {Sec. 71,72,72A} | |
24 | Offence of publishing false electronic signature certificate and for fraudulent purpose and punishment thereof {Sec. 73, 74}. | |
V | 25 | Application of IT Act for offences and contraventions committed outside India {Sec. 75}. Compounding of offences, determination of time and place of dispatch and receipt of electronic record {Sec. 13}. |
26 | Power to investigate and to enter, search and arrest without warrant in offences under IT Act {Sec 78, 80}. | |
27 | Application of the IT Act to electronic cheques, truncated cheques, documents of transaction connected with Negotiable Instruments Act, 1881; Power of Attorney Act, 1882; Indian Trusts Act, 1882; Indian succession Act 1925 and contracts for the sale or conveyance of immovable property. | |
28 | Modes of encryption, decryption, cryptography, Dark Web and Deep Web etc. and methods thereof {Sec. 84A, IT (Certifying Authorities) Regulation, 2001}. | |
29 | Offences of abetment and attempt to commit offences. Offences by companies and punishment thereof {Sec. 84B, 84C & 85}. | |
30 | Reporting and Redressal procedure of cybercrime {Where, what, how, when and to whom to report?}. | |
VI | 31 | Cyber Security: Introduction, Definitions, Need of IT Security, Terminologies used in the Cyber security including information, devices, computer, computer resource, communication device, unauthorised access etc. |
32 | Legal mandate and rules regarding Reasonable Security Practices and Procedure | |
33 | Security Awareness, Compliance and Risk Assessment, Cyber Crisis Management Plan | |
34 | General Data Protection Regulation (GDPR), OECD Guidelines on the Protection of Privacy and Trans-border flow of Personal Data; | |
35 | Personal Data Protection Bill 2019 | |
36 | Nodal Agencies for IT Security in India: Computer Emergency Response Team India (CERT-In), Duties of CERT-In | |
VII | 37 | Nodal Agencies for IT Security in other countries: CERT of other countries, Other International bodies of Cyber Security like National Institute of Standards & Technology (NIST) |
38 | National Critical Information Infrastructure Protection Centre (NCIIPC) and it duties and scope | |
39 | International standardisation of Cyber security ISO/ IEC 27001, ISO 27002 and security controls & policies. | |
40 | Information Security Guidelines & other Standards: ISO/ IEC 27017 for Cloud Services, ISO/IEC 27018 for personal, identifiable information in public cloud. | |
41 | End Point Security, Server Security, Communications Security Testing | |
42 | Network security, Web-application security, Internet & Wireless security, | |
VIII | 43 | Compliance (ISO 27001, PCI, GDPR, RBI, SEBI, Stock Exchanges, IRDA etc.), |
44 | Other Cyber Security standards: COBIT, ITIL, Security Framework etc. | |
45 | Payment card industry data security standards (PCI-DSS) | |
46 | Society for Worldwide Interbank Financial Telecommunications: Customer Service Programme (SWIFT-CSP) | |
47 | Application Security Assessment, Malware Backdoor Detection. | |
48 | Risk Assessment, Enterprise Security Architecture Review, Data Leak Prevention (DLP) consulting. | |
IX | 49 | Mobile Application Security, API Security, Network Performance Testing, Cloud Security, Source Code Review |
50 | Incident Response, IoT Security Assessment, Data Centre Security Operation Centre (SOC), Authentication User Agency (AUA )/ KYC User Agency (KUA) – Aadhaar Security | |
51 | Electronic Signature (e-Sign) Compliance, Red Team Assessment, AEPS and Aadhaar Pay Micro ATM Security. | |
52 | Supervisory Control and Data Acquisition(SCADA) Security | |
53 | Endpoint Computer and Server Security: Setup of operating system and Servers, OS Change Management Procedures– Version control, Patch Updates, hot-fixes, Service packs, hardening of Operating Systems | |
54 | User account management including maintenance of sensitive User accounts – Use of root and other sensitive passwords, File systems security of the OS | |
X | 55 | Review of Access rights and privileges, role based access control, Use of administrative shares, default login /passwords, remote access / Netmeeting or any other tools, Use of sensitive system software utilities, Remote access polices including Remote Desktop Management |
56 | Users and Groups created, including all type of users’ management ensuring password complexity, periodic changes etc., Profiles and log-in scripts, Services and ports accessibility, Audit of virtual machines, Review of Log Monitoring, its’ sufficiency, security, preservation and backup; Registry settings (registry security permissions) | |
57 | Implementation of ADS (Active Directory Services) or Group Policy, Antivirus update and its effectiveness, Storage Security- data encryption and integrity; Review of the Logs of Backend Database changes, Review of Adherence to licensing requirements, Review of Unauthorized off port services running (Lab Exercise) | |
58 | Network Security: Understanding Network, topology, types of networks, Review of segregation of network into various trusted zones, Analysis of Network Security controls, | |
59 | Security of firewall, IDS/IPS, proxy server, antivirus server, email Systems etc. Access control for DMZ, WAN, and for specific applications, Firewall policy, configurations, deployment and effectiveness, Review of all types of network level access controls | |
60 | Security of Wireless & very-small-aperture terminal (VSAT) infrastructure. | |
XI | 61 | Internet controls & logs, for ensuring sufficiency & security of creation, maintenance and backup, delegation of rights to users in accordance with job functions |
62 | IoT & Cloud Security: Introduction, Security of data & information on cloud, security measures for IoT Devices | |
63 | Risk in IT security: Definition, identification and classification | |
64 | IT security breach and incident management: Incident Management and handling processes, roles and responsibilities, alerting and incident response procedures, verification of incident reports and effectiveness measurement, awareness of security incidents and events | |
65 | Role of Backup, Storage Media Management, Handling and Recovery in IT security | |
66 | Physical & Environmental Security: Physical Security Control system, CCTV systems, Premises security management, Assessment of risks and vulnerabilities due to natural calamities, Air-conditioning, humidity control systems, Fire protection systems, their adequacy and state of readiness, Power supply, Redundancy of power supply, Generator, UPS capacity, Assets safeguarding, handling of movement of Man / Material/ Media/ Backup/ Software/ Hardware/ Information, Pest prevention / rodent prevention systems, Water leakage detection systems, Regular Review, Vendor Evaluation Reports | |
XII | 67 | Data Centre/ Disaster Recovery (DR) Site: Physical and Logical Security controls |
68 | Logical security, IT security of Websites & Portals | |
69 | Social Media Security : Introduction, Types of Social Media, Social Media Terminologies, Modus Operandi of various Attacks on Social Media, Security Measures to counter the Social media application attacks | |
70 | Online Banking Security: Introduction, types of banking, banking terminologies, Modus operandi of various online banking and financial frauds | |
71 | Evaluation | |
72 |