2. 1 CPE awarded
Table Of Content
Cost Of Data Breach Across Globe 03
Key Findings 04
Average Cost Of Data Breach By Industry 05
Financial and Reputational Benefits of Cybersecurity Management Plan -1 06
Financial and Reputational Benefits of Cybersecurity Management Plan -2 07
Key Features Of the Program 08
Features Of Corporate Training 09
Outcome of this Program 10
CISSP TRACK 11
CRISC TRACK 19
CISM TRACK 27
CISA TRACK 34
Application and Web Application Security 44
Ethical Hacking and VAPT 50
3. 1 CPE awarded
Cost of Data Breach Across Globe
The United States had the highest average total cost of a
data breach at USD 9.44 million, a 4.3% increase of USD
0.39 million, up from USD 9.05 million in 2021. Similar to
last year, the Middle East region again had the second
highest average total cost
of a data breach, increasing from USD 6.93 million in
2021 to USD 7.46 million in 2022. This average cost was
an increase of USD 0.53 million, or 7.6%. Canada was
again the third highest cost country at USD 5.64 million,
an increase of USD 0.24 million or 4.4%. The United
Kingdom climbed to number four from eighth out of the 17
countries or regions, surpassing Germany, Japan and
France in the ranking. The average total cost of a breach in
the United Kingdom was USD 5.05 million, up from USD
4.67 million, an increase of USD 0.38 million, or 8.1%.
4. 1 CPE awarded
83% of organizations
studied have had more than
one data breach.
79 % of critical
infrastructure organizations
didn’t deploy a zero trust
architecture.
19 % of breaches occurred
because of a compromise at
a business partner.
60 % of organizations’
breaches led to increases in
prices passed on to
customers.
45 % of the breaches were
cloud-based.
USD 4.82 Million Average
cost of a critical
infrastructure data breach
19%
Frequency of breaches
caused by stolen or
compromised credentials
USD 1 Million
Average difference in cost
where remote work was a
factor in causing the breach
versus when it wasn’t a
factor
29 days
Savings in response time for
those with extended
detection and response
(XDR) technologies
12 Years
Consecutive years the
healthcare industry had the
highest average cost of a
breach
USD 9.44 Million
Average cost of a breach in
the United States, the
highest of any country
277 days
Average time to identify and
contain a data breach
Key Findings –
The key findings described here are based on IBM Security analysis of research data compiled by Ponemon
Institute.
5. 1 CPE awarded
Average cost of a data breach by industry
Broken down into four cost
categories — lost business,
detection and escalation,
notification and post breach
response — the largest share of
data breach costs in 2022 was
detection and escalation.
Detection and escalation costs
increased from
USD 1.24 million in 2021 to
USD 1.44 million in 2022, an
increase of USD 0.2 million or
16.1%. Detection and
escalation costs include
activities that enable a
company to reasonably detect
a breach. These costs include
forensic and investigative
activities; assessment and audit
services; crisis management;
and communications to
executives and boards.
Detection and escalation costs surpassed lost business costs as the largest of four cost categories comprising the cost of a
data breach, for the first time in six years
6. 1 CPE awarded
Financial and Reputational Benefits of a Cybersecurity Management Plan-1
As businesses become increasingly digitized, the need for robust cyber security management plans has never
been greater. Not only do these plans help protect a company's valuable data and intellectual property, but they
can also safeguard its reputation and financial standing.
What is a cyber security
management plan?
• A cyber security policy
management plan is a document
that outlines the critical
infrastructure which mitigates a
company's digital assets from
vulnerabilities such as a cyber
incident, downtime, enterprise
risk, or a ransomware attack. It
should take into account the
unique features of the business,
such as its size, industry, and
geographic location.
• The plan should also address the
different types of risks that the
company faces, such as cyber-
attacks, data breaches, and
phishing scams.
Why is a cyber security
management plan important?
• There are many reasons why a
cyber security management plan
is important for businesses.
Perhaps the most crucial is that it
can help a company avoid the
financial and reputational
damage that can be caused by a
cyber attack.
• According to a 2019 study by IBM,
the average cost of a data breach
is now $3.92 million. This figure
takes into account the costs of
investigating and repairing the
breach, as well as any legal fees
and lost business.
• In addition to the financial costs,
a data breach can also damage a
company's reputation. In the wake
of a breach, customers may lose
trust in the company and take
their business elsewhere.
What is the security management
plan based on?
• The security management plan
should be based on a risk
assessment, which will identify
the potential threats to the
company's digital assets and the
company’s risk appetite. This
assessment should be conducted
by a qualified cyber security
professional.
• information security can have a
financial impact on a company. By
preventing data breaches, the
company can avoid the pricing
costs associated with data loss,
including the cost of restoring lost
data, investigating the breach,
and providing credit monitoring for
affected customers.
7. 1 CPE awarded
Financial and Reputational Benefits of a Cyber Security Management Plan-2
It's no secret that cyber security threats are becoming more sophisticated and frequent. A recent study by the UK government found that there
was a 19% increase in cyber attacks in the 1st quarter of 2021 compared to 2020. This means that businesses of all sizes need to have a
comprehensive cyber security management plan in place to protect themselves from these threats.
There are many benefits of having a cyber security management plan, both financial and reputational. Let's take a look at some of the most
important ones.
Reduced Cost
•One of the most obvious
benefits of having a cyber
security management plan
is that it can help to
reduce the costs
associated with cyber
security breaches. Studies
have shown that the
average cost of a data
breach is $3.6 million,
and this number is only
expected to rise in the
future. By having a plan in
place, you can help to
reduce the chances of a
breach occurring and
minimize the damage if
one does occur.
Improved Customer
Loyalty
•In today's world,
customers are more
aware of the importance
of cyber security than
ever before. If they know
that a business takes
cyber security seriously,
they are more likely to
remain loyal to that
business and thus
leading to higher ROI.
This is especially true for
businesses that hold
sensitive customer data,
such as financial
institutions.
Better Risk
Management
•A cyber security
management plan can
also help to improve a
business's risk
management capabilities.
By identifying potential
risks and putting controls
in place to mitigate them,
a business can reduce its
overall exposure to risk.
This can not only help to
protect the business from
cyber attacks, but also
from other risks, such as
natural disasters.
Enhanced Business
Reputation
•A business that has a
cyber security
management plan in
place is seen as being
more responsible and
trustworthy than one that
does not. This can help to
enhance the business's
reputation, both with
customers and with other
businesses.
Improved Regulatory
Compliance
•Many industries are
subject to strict
regulations regarding the
handling of sensitive
data. By having a cyber
security management
plan in place, a business
can help to ensure that it
is compliant with these
regulations. This can
avoid costly fines and
help to protect the
business's reputation.
Greater peace of
mind
•Finally, having a cyber
security management
plan in place can give
business owners and
managers greater peace
of mind. They will know
that they have taken
steps to protect their
business from cyber-
attacks and that they are
prepared in the event of a
breach. This can help
them to focus on other
aspects of their business,
safe in the knowledge
that their cyber security is
in good hands.
8. 1 CPE awarded
Key Features
of the
Program
TOP INSTRUCTORS LIVE INTERACTION WITH
LIVE ONLINE CLASSES BY
INDUSTRY EXPERTS
PRACTICE LABS AND
PROJECTS WITH
INTEGRATED LABS AND
SANDBOXED LABS
EARN AN INDUSTRY
RECOGNIZED CERTIFICATE
AFTER EACH MODULE
COMPLETION
PROGRAM COMPLETION
CERTIFICATE
CAREER SERVICE
9. 1 CPE awarded
Features of
Corporate
Training:
Tailored learning
solutions
Competitive pricing
options
Enterprise dashboards
for individuals and
teams
24X7 learner
assistance and
support
Enterprise-grade
learning management
system (LMS)
10. 1 CPE awarded
The ability to draft, strategize and
develop a cyber risk mitigation
strategy, including the appropriate
legal and compliance steps that need
to be taken when responding to
cyberattacks and reporting
cyberattacks to law enforcement.
An in-depth understanding of the
different types of cyberattacks, the
business systems that are most at
risk, and the importance of an
organization-wide approach to
cybersecurity.
Analyze and evaluate the cyber
security needs of an organization.
Conduct a cyber security risk
assessment. Measure the
performance and troubleshoot cyber
security systems.
Reduce risk and enhance the
protection of information, assets and
systems. It also helps in
communicating effectively, verbally
and in writing with corporate
management on cybersecurity related
issues.
Develop and implement information
assurance and security policies,
including emergency management
policy;
Integrate security into the
organizational culture while engaging
all organizational stakeholders;
Understand legal and regulatory
requirements in the United States and
internationally;
Develop and implement information
assurance and security policies,
including emergency management
policy
Outcome Of This Program
11. 1 CPE awarded
Security and Risk Management
Concepts of
Confidentiality
Integrity and
Availability
Security
Governance
Principals
Compliance
requirement
Legal and
regulatory issues
in a Global
Context
Develop- Policy
Standards,
Process and
guidelines
Business
Continuity
Requirements
Understand Risk
Management
Concepts
Understand and
apply Threat
modelling
concepts
Security
awareness
education and
training Programs
Path To CISSP
WK-1
1 CPE awarded
12. 1 CPE awarded
Asset Security
Identify and Classify
•Identify and Classify
information and Asset
Determine and
Maintain
•Determine and Maintain
information and Asset
Ownership
Protect
•Protect Privacy
Ensure
•Ensure Appropriate
Asset Retention
Determine
•Determine Data Security
Controls
Establish
•Establish information
and Asset handling
requirements
Path To CISSP
WK-2
13. 1 CPE awarded
Communication and Network Security
Implement secure
design principles in
network
architecture
01
Secure network
components
02
Implement secure
communication
channels according
to design
03
Path To CISSP
WK-4
14. 1 CPE awarded
Identity and Access Management (IAM)
Control physical and
logical access to
assets
Manage identification
and authentication of
people, devices and
services
Integrate identity as a
third-party service
Implement and
manage
authorization
mechanisms
Manage the identity
and access
provisioning lifecycle
Business Continuity
Requirements
Understand Risk
Management
Concepts
Understand and
apply Threat
modelling concepts
Security awareness
education and
training Programs
Path To CISSP
WK-5
15. 1 CPE awarded
Security Assessment and Testing
Design and validate
assessment, test
and audit strategies
Conduct security
control testing
Collect security
process data
Analyze test output
and generate
reports
Conduct or facilitate
security audits
Business Continuity
Requirements
Understand Risk
Management
Concepts
Understand and
apply Threat
modelling concepts
Security awareness
education and
training Programs
Path To CISSP
WK-6
16. 1 CPE awarded
Security Assessment and Testing
Security Operations
Understand the
requirements for
different types of
investigations
Conduct logging and
monitoring activities
Securely provision
resources
Understand and
apply foundational
security operations
concepts
Apply resource
protection
techniques
Conduct incident
management
Operate and
maintain detective
and preventative
measures
Implement and
support patch and
vulnerability
management
Understand and
participate in change
management
processes
Implement recovery
strategies
Implement disaster
recovery (DR)
recovery processes
Path To CISSP
WK-7
17. 1 CPE awarded
Software Development Security
Understand and
integrate security
throughout the
software development
lifecycle (SDLC)
Identify and apply
security controls in
development
environments
Assess the
effectiveness of
software security
Assess security impact
of acquired software
Define and apply
secure coding
guidelines and
standards
Path To CISSP
WK-8
18. 1 CPE awarded
Governance
Organizational
Strategy, Goals, and
Objectives
Organizational
Structure, Roles, and
Responsibilities
Policies and
Standards
Business Processes Organizational
Assets
Path To CRISC
WK-9
19. 1 CPE awarded
Risk Governance
Enterprise Risk
Management and Risk
Management
Framework
Three Lines of
Defense Risk Profile
Risk Appetite and Risk
Tolerance
Legal, Regulatory, and
Contractual
Requirements
Professional Ethics of
Risk Management
Path To CRISC
WK-
10
20. 1 CPE awarded
IT Risk Assessment - IT Risk Identification
Risk Events (e.g.,
contributing
conditions, loss
result)
Threat Modelling
and Threat
Landscape
Vulnerability and
Control Deficiency
Analysis (e.g., root
cause analysis)
Risk Scenario
Development
Path To CRISC
WK-11
21. 1 CPE awarded
IT Risk Assessment - IT Risk Analysis and Evaluation
Risk Assessment
Concepts, Standards,
and Frameworks Risk Register
Risk Analysis
Methodologies
Business Impact
Analysis
Inherent and Residual
Risk
Path To CRISC
WK-12
22. 1 CPE awarded
Risk Response and Reporting Risk Response
Risk Treatment /
Risk Response
Options
Risk and Control
Ownership
Third-Party Risk
Management
Issue, Finding, and
Exception
Management
Management of
Emerging Risk
Path To CRISC
WK-13
23. 1 CPE awarded
Control Types,
Standards, and
Frameworks
Control Design,
Selection, and
Analysis
Control
Implementation
Control Testing
and
Effectiveness
Evaluation
Path To CRISC
Risk Control Design and Implementation
WK-14
24. 1 CPE awarded
Risk Monitoring and Reporting
Risk Treatment Plans
Data Collection,
Aggregation, Analysis,
and Validation
Risk and Control
Monitoring
Techniques
Risk and Control
Reporting Techniques
(heatmap,
scorecards,
dashboards)
Key Performance
Indicators
Key Risk Indicators
(KRIs)
Key Control Indicators
(KCIs)
Path To CRISC
WK-15
25. 1 CPE awarded
Information Technology and Security
Enterprise
Architecture
IT Operations
Management (e.g.,
change management,
IT assets, problems,
incidents)
Project Management
Disaster Recovery
Management (DRM)
Data Lifecycle
Management
System Development
Life Cycle (SDLC)
Emerging
Technologies
Path To CRISC
WK-16
26. 1 CPE awarded
Information Technology and Security
Information
Security Concepts,
Frameworks, and
Standards
Information
Security
Awareness
Training
Business
Continuity
Management
Data Privacy and
Data Protection
Principles
Path To CRISC
WK-17
27. 1 CPE awarded
Information Security Governance Path to CISM
Enterprise
Governance
Organizational
Culture
Legal,
Regulatory, and
Contractual
Requirements
Organizational
Structures,
Roles, and
Responsibilities
Path To CISM
WK-18
28. 1 CPE awarded
Information Security Strategy
Information
Security Strategy
Development
Information
Governance
Frameworks and
Standards
Strategic Planning
(e.g., budgets,
resources,
business case).
Path To CISM
WK-19
29. 1 CPE awarded
Information Security Risk Management
Information
Security Risk
Assessment
Emerging Risk
and Threat
Landscape
Vulnerability and
Control
Deficiency
Analysis
Risk Assessment
and Analysis
Risk Treatment /
Risk Response
Options
Risk and Control
Ownership
Risk Monitoring
and Reporting
Path To CISM
WK-20
30. 1 CPE awarded
Information Security Program
Information Security
Program Resources
(e.g., people, tools,
technologies)
Information Asset
Identification and
Classification
Industry Standards
and Frameworks for
Information Security
Information Security
Policies, Procedures,
and Guidelines
Information Security
Program Metrics
Path To CISM
WK-21
31. 1 CPE awarded
Information Security Program Management
Information Security
Control Design and
Selection
Information Security
Control
Implementation and
Integrations
Information Security
Control Testing and
Evaluation
Information Security
Awareness and
Training
Management of
External Services (e.g.,
providers, suppliers,
third parties, fourth
parties)
Information Security
Program
Communications and
Reporting
Path To CISM
WK-22
32. 1 CPE awarded
Information Incident Management Readiness
Incident Response Plan
Business Impact Analysis
(BIA)
Business Continuity Plan
(BCP)
Disaster Recovery Plan
(DRP)
Incident
Classification/Categorization
Incident Management
Training, Testing, and
Evaluation
Path To CISM
WK-23
33. 1 CPE awarded
Information Incident Management Operations
Incident
Management Tools
and Techniques
Incident
Investigation and
Evaluation
Incident
Containment
Methods
Incident Response
Communications
(e.g., reporting,
notification,
escalation)
Incident Eradication
and Recovery
Post-incident Review
Practices
Path To CISM
WK-24
34. 1 CPE awarded
INFORMATION SYSTEMS AUDITING PROCESS – Planning
IS Audit Standards,
Guidelines, and
Codes of Ethics
Business
Processes
Types of Controls
Risk-Based Audit
Planning
Types of Audits
and Assessments
Path To CISA
WK-25
35. 1 CPE awarded
INFORMATION SYSTEMS AUDITING PROCESS – Execution
Audit Project
Management
Sampling
Methodology
Audit Evidence
Collection
Techniques
Data Analytics
Reporting and
Communication
Techniques
Quality Assurance
and Improvement
of the Audit
Process
Path To CISA
WK-26
36. 1 CPE awarded
Governance and Management of IT - IT Governance – Execution
IT Governance and
IT Strategy
IT-Related
Frameworks
IT Standards,
Policies, and
Procedures
Organizational
Structure
Enterprise
Architecture
Enterprise Risk
Management Maturity Models
Laws, Regulations,
and Industry
Standards affecting
the Organization
Path To CISA
WK-27
37. 1 CPE awarded
Governance and Management of IT - IT Management
IT Resource
Management
IT Service
Provider
Acquisition and
Management
IT Performance
Monitoring and
Reporting
Quality Assurance
and Quality
Management of IT
Path To CISA
WK-28
38. 1 CPE awarded
Information Systems Acquisition, Development and Implementation
Project
Governance and
Management
Business Case
and Feasibility
Analysis
System
Development
Methodologies
Control
Identification
and Design
Path To CISA
WK-29
39. 1 CPE awarded
Information Systems Implementation
Testing
Methodologies
Configuration and
Release
Management
System Migration,
Infrastructure
Deployment, and
Data Conversion
Post-
implementation
Review
Path To CISA
WK-30
40. 1 CPE awarded
INFORMATION SYSTEMS OPERATIONS AND BUSINESS RESILIENCE
Common
Technology
Components
IT Asset
Management
Job Scheduling and
Production Process
Automation
End-User
Computing
Data Governance
Systems
Performance
Management
Problem and
Incident
Management
Change,
Configuration,
Release, and Patch
Management
IT Service Level
Management
Database
Management
Path To CISA
WK-31
41. 1 CPE awarded
Business Resilience
Business Impact
Analysis (BIA) System
Resiliency
Data Backup,
Storage, and
Restoration
Business
Continuity Plan
(BCP)
Disaster
Recovery Plans
(DRP
Path To CISA
WK-32
42. 1 CPE awarded
Protection of Information Assets - Security Event Management
Security
Awareness Training
and Programs
Information
System Attack
Methods and
techniques
Security Testing
Tools and
Security Monitoring
Tools and
Techniques
Incident Response
Management
Evidence
Collection and
Forensics
Path To CISA
WK-33
43. 1 CPE awarded
Business Resilience
Business Impact
Analysis (BIA) System
Resiliency
Data Backup,
Storage, and
Restoration
Business
Continuity Plan
(BCP)
Disaster
Recovery Plans
(DRP)
Path To CISA
WK-34
45. 1 CPE awarded
Core Concepts
Types of application
Web application
components Web servers
Security policies,
standards,
procedures,
guidelines, baselines
46. 1 CPE awarded
Software Security
Vulnerability database
(VDB)
SANS Top 25 Software
Errors
OWASP tools and
methodologies
Injection
CSRF
SSRF
Clickjacking
Insufficient logging and
monitoring
Broken Authentication
Using components with
known
vulnerabilities
Sensitive Data Exposure
Insecure deserialization
XML External Entities
(XXE)
Cross site scripting (XSS)
Broken Access Control
Security misconfigurations
49. 1 CPE awarded
Secure Software Lifecycle Management
SSDLC
Threat Modelling
OWASP Secure coding
guide
API Security
Common API
Vulnerabilities
How to stop API
Attacks?
System Hardening
Secure configuration
Patch management
Application Monitoring
& Logging
51. 1 CPE awarded
Ethical Hacking and VAPT
Domain -1
What is a Security Testing
Why Security Testing
What is a Security
Vulnerability?
Types of Security Testing
Vulnerability Assessment
Penetration Testing
Breach Attack Simulation
Manual and Automated
Scanning
Dealing with Vulnerabilities
Types of Security Vulnerability
National Vulnerability
Database
Selecting Technology
Automation in VM
Execution, Reporting, and
Analysis
Principles of Mitigation
Exploitable Vulnerability
Reporting
52. 1 CPE awarded
Vulnerability Assessment
Domain - 2
Vulnerability Assessment Program and
Technology
General Architecture
Active and Passive Scanning
Technology
The Standard for Vulnerability Severity
Rating
Vulnerability database (VDB)
Common Vulnerabilities and
Exposures (CVE)
Social Engineering
Mobile Hacking
Using the Metasploit Framework
Exploitation
Privileges Escalation
Avoiding Detection
Maintaining Access
Covering your Tracks
Cloud Penetration Testing
53. 1 CPE awarded
Penetration Testing
Domain - 3
Penetration testing concepts i.e. what
why & how we do pen test?
Penetration testing methodology
Types of penetration testing
Tools and techniques used in
penetration testing
Infrastructure Hacking
Client-Side Hacking
Password Hacking
Web Application Hacking
Information Discovery
Scanning & Enumerating Target
Introduction to Kali Linux
System Hacking
54. 1 CPE awarded
Advanced Penetration Testing
Domain - 4
Red Teaming Operations
Blue Teaming Operations
Purple Teaming
Breach Attack Simulation
Bug Bounty Program
Guidelines for Penetration
Testers
Being Ethical
Gaining written permission
Non-disclosure agreements
Rules of engagement
Penetration Testing Report
Writing
Report Read-Out
WK-72