You are on page 1of 32

w w w.e ccouncil.

org
Table of Contents

Who We Are 03 EC-Council Certified Incident Handler (ECIH) 17

Security Wall 04 Computer Hacking and Forensic Investigator (CHFI) 18


Course Description Course Outline
EC-Council at a Glance 05 EC-Council Certified Secure Programmer (ECSP) Java 19

Your Learning Options 06 EC-Council Certified Secure Programmer (ECSP) .Net 20

EC-Council Licensed Penetration Tester (LPT) Master 21


Tracks
CAST 611 Advanced Penetration Testing 22
Foundation Track 07
CAST 612 Advanced Mobile Forensics and Security 23
Vulnerability Assessment and Penetration Testing 08
CAST 613 Hacking and Hardening Corporate Web Apps 24
Cyber Forensics 09
CAST 614 Advanced Network Defense 25
Network Defense and Operations 10
CAST 616 Securing Windows Infrastructure 26
Software Security 11
Key Outcomes Exam Information
EC-Council Disaster Recovery Professional (EDRP) 27
Governance 12
Certified Chief Information Security Officer (C|CISO) 28
Certifications
Academic Programs
Certified Secure Computer User (CSCU) 13
Bachelor of Science in Cyber Security (BSCS) 29
Certified Network Defender (CND) 14
Graduate Certificate Programs 30
Certified Ethical Hacker (CEH) 15
Master of Science in Cyber Security (MSS) 31
EC-Council Certified Security Analyst (ECSA) 16

02
Who We Are
The EC-Council group is made up of several entities standards for information security professionals. Science in Cyber Security, Master of Science in
that all help serve the same goal which is to create EC-Council recently received accreditation from the Cyber Security, and Graduate Certificate Program.
a better, safer cyber world through awareness and American National Standards Institute (ANSI). We EC-Council Global Services (EGS) is dedicated to
education. Our entities include International have so far certified over 2,00,000 professionals in helping organizations understand and manage
Council of eCommerce Consultants (EC-Council), various e-business and cyber security skills. their cyber-security risk posture effectively. EGS
iClass, EC-Council University, EC-Council Global specializes in helping clients make informed
Course
Services (EGS), Description
and EC-Council Conferences and iClass is EC-Councils direct certification training Courseto Outline
business decisions protect their organizations.
Events. program. iClass delivers EC-Council certification EGS has over 20 dedicated cyber security practice
courses through various training methodologies: areas informed by the best cyber security
EC-Council creates content (course materials and instructor-led at client facilities, synchronous practitioners, each of whom have dedicated their
exams) and certification delivered through our delivery through live, online instructor-led, and lives to defending organizations from
channel of authorized training centers which asynchronously through our streaming video cyber-attacks.
consists of over 700 partners representing over platform. iClass course videos can also be loaded
2,000 physical locations in more than 145 countries onto a mobile device, such as an iPad, and shipped EC-Councils Conference and Events Group is
across the globe. We are the owner and developer to a client location. responsible for planning, organizing, and running
of the world-famous E-Council Certified Ethical conferences throughout the globe. TakeDownCon
Hacker (CEH), EC-Council Computer Hacking and Hacker Halted are IT security conferences that
Forensics Investigator (CHFI), EC-Council Certified bring world renowned speakers together for
Security Analyst (ECSA), and EC-Council License keynotes, panels, debates, and breakout sessions.
Penetration Tester (LPT) programs. Our lives are dedicated to the Conferences have been run in Dallas, Las Vegas, St.
Louis, Huntsville, Maryland, Connecticut, Myrtle
Our certification programs are recognized mitigation and remediation Beach, Miami, Atlanta, Iceland, Hong Kong, Egypt,
Key Outcomes
worldwide and have received endorsements from
Exam Information
of the cyber plague that is Singapore, and Kuala Lumpur.
various government agencies, including the United menacing the world today
States Federal Government (via the Montgomery GI Other events include CISO Summits, Global CISO
Bill), the National Security Agency (NSA), and the Forums, and Executive Cocktail Receptions where
Committee on National Security Systems (CNSS). Jay Bavisi EC-Council brings speakers and content to
All these reputed organizations have certified President & CEO executive level IT Security Professionals.
EC-Councils Certified Ethical Hacking (CEH), EC-Council
EC-Council Network Security Administrator (ENSA), The Global Cyberlympics competition is a capture
EC-Council Computer Hacking Forensics the flag type competition with approximately
Investigator (CHFI), EC-Council Disaster Recovery 1,000 global participants. EC-Council brings the
Professional (EDRP), EC-Council Certified Security hackers together online for preliminary elimination
Analyst (ECSA) and EC-Council Licensed rounds and then brings the top two teams (6-8
Penetration Tester (LPT) programs for meeting the EC-Council University is a DEAC accredited players per team) from each region to compete in
4011, 4012, 4013A, 4014, 4015 and 4016 training university offering programs such as Bachelor of the final head-to-head competition.

03
EC-Council Uni-Aid - Dont stop learning

EC-Council Uni Aid is an EC-Council


scholarship that provides information
technology students at public universities
globally, access to EC-Councils
industry-recognized information security
education and certification and related
technical disciplines.

Universities and student recipients will be


part of a global community of scholarship
recipients from the United States, Europe,
Middle East, Africa and Asia-Pacific, all of
whom share similar passion for

Course Description Course Outline


information security and academic
excellence.

EC-Council has pledged $1,000,000


worth of information security
scholarships for the 2011-2012 academic
year to universities globally.

EC-Council

EC-Council Featured in CNN | The Wolf Blitzer Show

Aug 4, 2011 | Albuquerque, NM - Jay


Bavisi, president of EC-Council, was
earlier interviewed by CNN, to comment
on the massive cyber spying incident
which targeted agencies and groups in
14 countries, including U.S government
agencies, the United Nations, defence
contractors and Olympic bodies.

As reported by CNN McAfee said the


attacks, which it calls Operation Shady
RAT, have allowed hackers potentially
to gain access to military and industrial
secrets from 72 targets, most of them in
the United States, over a five-year

Key Outcomes Exam Information


period.

EC-Council

EC-Council - Trusted worldwide for its end-to-end enterprise cyber


security solutions for human capital development

04
EC-Council at a Glance
EC-Council Group is a multidisciplinary institution of global Information Security professional services.

EC-Council Group is a dedicated Information Security organization that aims at creating knowledge, facilitating innovation, executing research, implementing
development, and nurturing subject matter experts in order to provide their unique skills and niche expertise in cybersecurity.

Some of the finest organizations around the world such as the US Army, US Navy, DoD, the FBI, Microsoft, IBM, and the United Nations have trusted EC-Council to develop
and advance their security infrastructure.
Course Description Course Outline

ICECC ECC EGS


International Council of E-Commerce EC-Council Training & Certification EC-Council Global Services
Consultants Division of Professional Workforce Division of Corporate Consulting &
EC-Council Group Development Advisory Services

ECCU EGE ECF


EC-Council Global Events EC-Council Foundation
EC-Council University Division of Conferences, Forums, Summits, Non-Profit Organization for Cyber Security
Division of Academic Education Workshops & Industry Awards Awareness Increase.
Key Outcomes Exam Information

15+ 40+ 145+ 350+ 700+


YEARS TRAINING & COUNTRIES SUBJECT MATTER TRAINING PARTNERS
3000+
TOOLS &
EXPERIENCE CERTIFICATION EXPERTS WORLDWIDE TECHNOLOGIES
PROGRAMS

200,000+ CERTIFIED MEMBERS

05
Your Learning Options

Instructor-led Training
EC-Council has a large network of enterprise teams spread across 145 countries. Each center has a certified trainer to deliver the entire EC-Council program from a training facility in your
city.

Online Learning
iLearn online training is a distance learning program designed for those who cannot attend a live course. The program is for the people who have a very busy schedule and want to learn at their own
pace through self-study. This modality is also available from our enterprise teams.

Mobile Learning
Our world class content is also available on a mobile device, allowing our students to learn on the go. This program is designed for those who are cannot attend a live course, but are keen to improve
their cyber security skills. This modality is also available from our enterprise teams.

Computer-based Training
For people who work in secure facilities with limited or no access to the internet, we o er computer-based training (CBT) options delivered in an HD DVD format. The DVDs are an upgrade/add-on to the
base iLearn program and are not sold independently. This modality is also available from our enterprise teams.

Hands on Experience with the EC-Council Cyber Range (iLabs)


EC-Council iLabs allows students to dynamically access a host of virtual machines preconfigured with vulnerabilities, exploits, tools, and scripts from anywhere. Our simplistic web portal enables the
student to launch an entire range of target machines and access them remotely with one simple click. It is the most cost-effective, easy to use, live range lab solution available. Most of our courses are
equipped with iLabs, but iLabs can be purchased independently as well.

Customized Learning
Love a course we offer, but want it customized? No problem! EC-Council has a dedicated team to cater to your needs. We have access to the largest pool of EC-Council certified instructors and enterprise
teams. Let us know where and when you want the training delivered, and we will arrange for an instructor and all thats required for a course to be taught at a location of your choice. Contact our
network of enterprise teams for a custom solution. EC-Council client-site training includes official courseware, certification exam (Prometric or VUE), iLabs, online labs (wherever available), and our
test-pass guarantee.

Live Online Training


If self-study or self-paced learning does not fit into your personal learning style, we offer you our live online model, iWeek. With iWeek, an instructor will teach you live online while you are seated in the
comfort of your home. This training method gives you the freedom to get trained from a location of your choice. Individuals who choose this delivery method consistently attribute their choice to the
preference of having a live instructor available for which questions can be asked and answered. We offer early-bird rates, group rates, and get even private courses delivered anytime.

06
Foundation Track

Network Security
Target
FNS Fundamentals Audience

Course
CSCU Description
Certified Secure
FIS Information Security
Fundamentals ECSS
EC-Council Certified
Security Specialist
Course Outline
112-12 Computer User
This course is specifically designed
for todays computer users who
Computer Forensics
CFF Fundamentals use the internet extensively to
work, study and play.

What will You Learn Our Certified Foundation Professionals


are Employed at:

Key Outcomes Exam Information


Password Social Engineering Mitigating
Cloud Security Email Security Safe Browsing
Security Countermeasures Identity Theft

Data Protection Mobile Device Social Network Antiviruses


Physical Security Data Backup
Security Security Protection

Mac

...
Disaster Credit Card Monitoring Kids Wireless & Home
Internet Security OS Security
Recovery Security Online Network Security

07
Course Description Course Outline

Our Certified VAPT Professionals


are Employed at:
Key Outcomes Exam Information
Academic
Track

08
Job
Roles

Course Description Course Outline

Key Outcomes Exam Information

...

09
Course Description Course Outline

Key Outcomes Exam Information

*Additional University courses/pre-requisites may be required.

...

10
Job
Roles

Course Description Course Outline

Our Certified Software Security Professionals


are Employed at:

Key Outcomes Exam Information

...
11
Domain

Strategic Planning,
5 1 Domain
Job
Roles
Finance, & Vendor Governance
Course Description
Management Course Outline
- Information Security (IS) Director
- Information Assurance (IA) Program
Manager

2
TM

4 C CISO
Domain
Domain

Certified Chief Information Security Officer


Information CCISO Professionals
Information Security Core are Employed at:
Security Competencies
Core Concepts 712
Graduate Certificate in:
Key Outcomes Exam Information

3
- Information Security
Professional
Domain - Information Analyst
- Information Technology
Security Program Analyst
- Disaster Recovery
Management & Operations
- Digital Forensics

This Track Maps to NICEs Specialty Areas:


e. Executive Cybersecurity
1. Securely Provision (SP)
b. Training, Education, and Leadership (EX)
a. Risk Management (RM)
Awareness (ED) f. Acquisition and Program/Project
b. Technology R&D (RD)
c. Cybersecurity Management (PM)
c. Systems Requirements
...
Management (MG) 3. Collect and Operate (CO)
Planning (RP)
d. Strategic Planning and a. Cyber Operational Planning (PL)
2. Oversee and Govern (OV)
Policy (PL)
a. Legal Advice and Advocacy (LG)

12
C SCU
Certified Secure Computer User
Certified Secure Computer User (CSCU)

Course Description Course Outline

Introduction to security
CSCU provides individuals with the necessary knowledge and skills to protect their information assets. Securing operating systems

This course covers fundamentals of various computer and network security threats such as identity theft, Malware and antivirus
credit card fraud, phishing, virus and backdoors, emails hoaxes, loss of confidential information, hacking
attacks, and social engineering. Internet security

Security on social networking sites

Securing email communications

Securing mobile devices


Key Outcomes Exam Information Securing the cloud

Securing network connections


Fundamentals of various computer and Exam name: CSCU (112-12) exam
network security threats Data backup and disaster recovery
Number of questions: 50
Understanding of identity theft, phishing
scams, malware, social engineering, and Passing score: 70%
financial frauds Test duration: 2 Hours
Learn to safeguard mobile, media and Test format: Multiple choice
protect data
Test delivery: EC-Council exam portal
Protecting computers, accounts, and social
networking profiles as a user

Understand security incidents and reporting

13
C ND
Certified Network Defender
Certified Network Defender (CND)

Course Description Course Outline

Computer network and defense


CND is the worlds most advanced network defense course that covers 14 of the most current network fundamentals
security domains any individuals will ever want to know when they are planning to protect, detect, and Network security threats, vulnerabilities,
respond to the network attacks. and attacks
Network security controls, protocols, and
The course contains hands-on labs, based on major network security tools and to provide network
devices
administrators real world expertise on current network security technologies and operations.
Network security policy design and
implementation
Physical security
Host security
Key Outcomes Exam Information Secure firewall configuration and
management
Knowledge on how to protect, detect, and Exam title: CND Secure IDS configuration and management
respond to network attacks Secure VPN configuration and management
Exam code: 312-38
Network defense fundamentals Wireless network defense
Number of questions: 100 Network traffic monitoring and analysis
Application of network security controls,
protocols, perimeter appliances, secure IDS, Duration: 4 hours Network risk and vulnerability management
VPN, and firewall configuration Availability: ECC exam Data backup and recovery
Intricacies of network traffic signature, Network incident response and
Test format: Interactive multiple choice management
analysis, and vulnerability scanning questions

14
TM

C EH
Certified Ethical Hacker
Certified Ethical Hacker (CEH)

Course Description Course Outline

Introduction to ethical hacking


CEH is the worlds most advanced certified ethical hacking course that covers 18 of the most current Foot printing and reconnaissance
security domains any individual will ever want to know when they are planning to beef-up the information
security posture of their organization. Scanning networks
Enumeration
The accredited course provides the advanced hacking tools and techniques used by hackers and
information security professionals. Sniffing
System hacking
Malware threats
Social engineering
Key Outcomes Exam Information Denial of service
Session hijacking
Thorough introduction to ethical hacking Number of questions: 125 Hacking web applications
Exposure to threat vectors and counter Test duration: 4 Hours SQL injection
measures
Test format: Multiple choice Hacking wireless networks
Addresses emerging areas of cloud and Hacking web servers
mobile hacking Test delivery: ECC exam, VUE
Hacking mobile platforms
Prepares you to combat Trojans, malware, Exam prefix: 312-50 (ECC exam),
backdoors and more 312-50 (VUE) Evading IDS, Firewalls, and Honeypot
Cloud computing
Enables you to hack using mobile
Cryptography

15
TM

E C SA
EC-Council Certified Security Analyst
EC-Council Certified Security Analyst (ECSA)

Course Description Course Outline

Security analysis and penetration testing


methodologies
ECSA is a globally accepted hacking and penetration testing program that covers the testing of modern
infrastructures, operating systems, and application environments while teaching the students how to TCP IP packet analysis
document and write a penetration testing report. Pre-penetration testing steps
Information gathering methodology
This program takes the tools and techniques covered in CEH to next level by utilizing EC-Councils
published penetration testing methodology. Vulnerability analysis
External network penetration testing
methodology
Internal network penetration testing
methodology
Key Outcomes Exam Information
Firewall penetration testing methodology
IDS penetration testing methodology
Introduce to security analysis and Credit towards certification: ECSA v9 Web application penetration testing
penetration testing methodologies Number of questions: 150 methodology
In-depth vulnerability analysis, network Passing score: 70% SQL penetration testing methodology
penetration testing from external and
internal evading firewalls and ids Test duration: 4 hours Database penetration testing methodology

Learn to own web applications and Wireless network penetration testing


databases, and take over cloud services methodology

Analyze security of mobile devices and Mobile devices penetration testing


wireless networks methodology

Present findings in a structured actionable Cloud penetration testing methodology


report Report writing and post-test actions

16
TM

ECIH
EC-Council Certified Incident Handler
EC-Council Certified Incident Handler (ECIH)

Course Description Course Outline

Introduction to incident response and


The ECIH program is designed to provide the fundamental skills to handle and respond to the computer handling
security incidents in an information system. The course addresses various underlying principles and
Risk assessment
techniques for detecting and responding to current and emerging computer security threats.
Incident response and handling steps
The comprehensive training program will make students proficient in handling as well as responding to CSIRT
various security incidents such as network security incidents, malicious code incidents, and insider attack
Handling network security incidents
threats.
Handling malicious code incidents
Handling insider threats
Forensic analysis and incident response
Key Outcomes Exam Information Incident reporting
Incident recovery
Principals, processes and techniques for Credit towards certification: ECIH 212-89 Security policies and laws
detecting and responding to security threats/ exam
breaches Test format: Multiple choice
Liaison with legal and regulatory bodies Test delivery: ECC exam, VUE

Learn to handle incidents and conduct


assessments

Cover various incidents like malicious code,


network attacks, and insider attacks

17
TM

C HFI
Computer Hacking Forensic
INVESTIGATOR
Computer Hacking and Forensic Investigator (CHFI)

Course Description Course Outline

Computer forensics in todays world


CHFI is a comprehensive course covering major forensic investigation scenarios, enabling students to Computer forensics investigation process
acquire hands-on experience.
Understanding hard disks and file systems
The program provides a strong baseline knowledge of key concepts and practices in the digital forensic
domains relevant to todays organizations. Moreover, CHFI provides firm grasp on the domains of digital Defeating anti-forensics techniques
forensics. Operating system forensics

Network forensics

Investigating web attacks


Key Outcomes Exam Information Database forensics

Cloud forensics
Comprehensive forensics investigation Number of Questions: 150 Malware forensics
process Passing Score: 70%
Forensics of file systems, operating systems, Investigating email crimes
Test Duration: 4 hours
network and database, websites, and email Mobile forensics
systems Test Format: Multiple choice
Techniques for investigating on cloud, Test Delivery: ECC exam portal Forensics report writing and presentation
malware, and mobile Data Acquisition and Duplication
Data acquisition and analysis as well as
anti-forensic techniques
Thorough understanding of chain of custody,
forensic report, and presentation

18
TM

E C S P JAVA
EC-Council Certified Secure Programmer
EC-Council Certified Secure Programmer (ECSP) Java

Course Description Course Outline

Java security principles and secure coding


practices Java Security Platform, Sandbox,
JVM, Class loading, Bytecode verifier, Security
The ECSP Java program is a comprehensive course that provides hands-on training covering Java security Manager, security policies, and Java Security
features, policies, strengths, and weaknesses. It helps developers understand how to write secure and Framework
robust Java applications, and provides advanced knowledge in various aspects of secure Java development Secure SDLC, threat modelling, software
that can effectively prevent hostile and buggy code. security frameworks, and secure software
architectures
Best practices and standards and guidelines for
secure file input/output and serialization
Java input validation techniques, validation
errors, and best practices
Key Outcomes Exam Information Java exceptions, erroneous behaviors, and the
best practices to handle or avoid them
Secure authentication and authorization
processes
Introduces Java security architecture and Number of questions: 50 Java Authentication and Authorization
common security threats Service (JAAS), its architecture, Pluggable
Passing score: 70%
Secure software development lifecycle Authentication Module (PAM) Framework,
(SDLC) Test duration: 2 Hours and access permissions through Java Security
Model
Common threats and mitigation approaches Test format: Multiple choice Secure Java concurrency and session
Detailed coverage of input validation, output management
encoding, authentication and authorization, Test delivery: EC-Council exam center Core security coding practices of Java
and other secure coding practices Cryptography that includes Encryption, Key
Exam prefix: 312-94 Generator and implementation of Cipher Class,
Thorough understanding of Sandbox, JVM,
Digital signatures, secret keys, and key
Bytecode Verifier, Security Manager, and JSF management
(Java Security Framework) Various Java application vulnerabilities

19
EC-Council Certified Secure Programmer (ECSP) .Net

Course Description Course Outline

.Net Application Security, ASP.Net Security


Architecture common security threats to
The ECSP .Net program covers identification of security flaws and implementation of security .Net framework
countermeasures throughout the software development lifecycle to improve the overall quality of products Security attacks on .Net framework and
and applications. This course is purposefully built with a number of labs with three days of training, offering Secure SDLC
participants critical hands on time to fully grasp the new techniques and strategies in secure programming.
Common threats to .Net assemblies and
stack walking processes
Input validation
Authorization and authentication
processes and common threats
Key Outcomes Exam Information Various security principles for session
management
Importance of cryptography in .Net,
Introduces .Net security architecture and Number of questions: 50 different types of cryptographic attacks in
common security threats .Net
Passing score: 70%
Secure software development lifecycle Symmetric and asymmetric encryption,
(SDLC) Test duration: 2 Hours hashing concepts, digital certificates,
digital and XML signatures
Common threats and mitigation approaches Test format: Multiple choice
Principles of secure error handling,
Detailed coverage of input validation, output Test delivery: EC-Council exam center different levels of exception handling, and
encoding, authentication and authorization, various .Net logging tools
Exam prefix: 312-93
and other secure coding practices File handling concepts

20
TM

L PT
Licensed Penetration Tester (Master)
EC-Council Licensed Penetration Tester (LPT) Master

Course Description Course Outline


Testimonials

My overall experience was really good and taught


The LPT (Master) credential is developed in collaboration with SMEs and practitioners around the world after a me great skills. LPT (Master) is a must for every cyber
security specialist and I guarantee its worth a try
thorough job role, job task, and skills-gap analysis.
Adithya Naresh
The LPT (Master) practical exam is the capstone to EC-Councils entire information security track, right from the
CEH to the ECSA Program. The LPT (Master) exam covers the skill-sets, technical analysis and report writing,
required to be a true professional penetration tester. A certification is always a nice thing to show to other
parties, but when you have a credential like the LPT
(Master), you can proudly say that this is just not
another multiple-choice exam. It proves that you can
actually do an end-to-end penetration test of world-
class quality!

Key Outcomes Exam Information Ali Isikli

The LPT (Master) certification allows people like me


to speak from a sense of authority. When presenting
LPT Demonstrates Number of questions: 125 penetration testing results to clients you have a sense
of security that what you are saying is accurate and
real when you are backed up by a certification such
Mastery of penetration testing skills Test duration: 4 hours as this.

Ability to perform repeatable methodology Test format: Multiple choice Mark Horvat
Commitment to code of ethics Test delivery: ECC exam portal
The ECSA program also gave me the correct
professional experience in how to interact with my
Ability to present analysed results through customers in a professional manner before, during,
structured reports and after completing my service to them.

Moustafa Mohamed
Mohsen

21
CAST 611 - Advanced Penetration Testing
Center for Advanced Security Training

Course Description Course Outline

Information gathering and OSINT

Scanning
The CAST 611 Advanced Penetration Testing is a specialized training program covering key information
security domains, at an advanced level. Students completing this course will gain in-depth knowledge Enumeration
about information gathering, scanning, enumeration, exploitation and post exploitation, data analysis and
reporting, and a number of advanced techniques. Vulnerability analysis

Exploitation

Post exploitation

Advanced techniques
Key Outcomes Exam Information Data analysis and reporting

Introduces a comprehensive process for a Based on practical results


security test, producing findings and report
for an enterprise class setting 60 questions

75 minutes
Complemented with Cyber Ranges that
progresses in difficulty and reflect an Open book, note and access to range is
enterprise level architecture, with defenses allowed during the test
to defeat and challenges to overcome
70% minimum required to pass
Exposure to evasion techniques

22
CAST 612 Advanced Mobile Forensics and Security
Center for Advanced Security Training

Course Description Course Outline

Mobile forensics challenges


Mobile forensics process
The CAST 612 Advanced Mobile Forensics and Security focuses on what todays mobile forensics
practitioner requires. Some of the advanced areas this course covers are the intricacies of manual Mobile hardware design and architectures
acquisition (physical vs. logical) and advanced analysis using reverse engineering, understanding how the
popular Mobile OSs are hardened to defend against common attacks and exploits. Mobile OS architecture, boot process, and
file systems
Mobile threats and security
Mobile evidence acquisition and analysis
Mobile application reverse engineering
Key Outcomes Exam Information
Mobile forensics reporting and expert
testimony
Advanced concepts of forensic imaging of Onsite workshop
mobile devices, including logical, file, and
storage system

Data carving and analysis

Bypassing pattern and password locks

Reverse engineering of Apps and DB


analysis

23
CAST 613 Hacking and Hardening Corporate Web Apps
Center for Advanced Security Training

Course Description Course Outline

Cryptography decryption

Account management
The CAST 613 Hacking and Hardening Corporate Web Apps is a course designed with the average
security unaware programmer in mind. The course is designed with more than 50% involving hands- Parameter diddling
on coding labs. The ideal participant should have a development background, coding, or architecting
Transport layer protection
background either currently or previously.
Cross site scripting

Cookies

Internal implementation disclosure


Key Outcomes Exam Information SQL injection

Cross site attacks


Advanced techniques of hacking and Exam Title: CAST 613 - Hacking and
hardening a Website/Web App Hardening your Corporate Web Application

Key concepts of cryptography, TLS, user Exam Code: CAST613


account management, and session Number of Questions: 50
management Duration: 2 hours
Reducing the attack surface with disclosure Availability: EC-Council Exam Portal
controls as well as mitigation of XSS, SQLi, Passing Score: 70%
and CSRF, etc.

24
CAST 614 Advanced Network Defense
Center for Advanced Security Training

Course Description Course Outline

Firewalls

Advanced filtering
The CAST 614 Advanced Network Defense will enable you to evaluate advanced hacking methods
of defense fortification, bringing you closer to establishing perfect security best practices and
Firewall configuration
methodologies you can apply to secure environments. It will cover fundamental areas of fortifying
your defenses by discovering methods of developing a secure baseline and hardening your enterprise Hardening: establishing a secure baseline
architecture from the most advanced attacks.
Intrusion detection and prevention

Protecting web applications

Key Outcomes Exam Information Memory analysis

Endpoint protection
Get introduced to concepts of advanced Onsite workshop
firewall controls and hardening of systems Securing wireless

Understand intrusions, detection and


prevention

Defending web applications, end points,


and critical infrastructure systems

25
CAST 616 Securing Windows Infrastructure
Center for Advanced Security Training

Course Description Course Outline

Windows 7 & 8 hardening

Windows Server 2008 R2 / Windows Server


The CAST 616 Securing Windows Infrastructure focuses on the key aspects of Windows Infrastructure 2012 hardening
Security. It is designed with the single purpose of providing infosec professionals complete knowledge and
practical skills necessary for ensuring the security of their network infrastructure, that is fast becoming, if Hardening Microsoft network roles
already not, a top priority and a major challenge for most organizations.
Windows high availability

Data and application security

Monitoring, troubleshooting and auditing


Windows
Key Outcomes Exam Information Automating Windows hardening

Organizational security
Key aspects of Windows infrastructure Three-day technical workshop
security

Architecture and its interconnected nature in


an enterprise system

Application of best practices to secure with a


holistic framework

26
TM

Disaster
EC-Council Recovery EC-Council Disaster Recovery Professional (EDRP)
Professional

Course Description Course Outline

Introduction to disaster recovery and


business continuity
The EDRP course identifies vulnerabilities and takes appropriate countermeasures to prevent and mitigate Nature and causes of disasters
failure risks for an organization. It also provides the networking professional a foundation in disaster
Emergency management
recovery course principles, including preparation of a disaster recovery plan, assessment of risks in the
enterprise, development of policies and procedures, an understanding of the roles and relationships of Laws and acts
various members of an organization, implementation of a plan, and recovering from a disaster. Business continuity management
Disaster recovery planning process
Risk management
Facility protection
Data recovery
Key Outcomes Exam Information System recovery
Backup and recovery
Centralized and decentralized system
Introduction to business continuity, risk Number of questions: 50 recovery
management, and disaster recovery Windows data recovery tools
Test duration: 2 hours
Disasters and emergency management, and Linux, Mac and Novell Netware data
applicable regulations Test format: Multiple choice recovery tools
Test delivery: ECC exam portal Incident response
DR planning process, preparation, recovery
of systems and facilities Role of public services in disaster
Organizations providing services during
Incident response and liaison with public disasters
services and regulatory bodies Organizations providing disaster recovery
Exposure to various services from solutions
government and other entities Case studies

27
TM

C CISO
Certified Chief Information Security Officer
Certified Chief Information Security Officer (C|CISO)

Course Description Course Outline

Governance
The C|CISO certification is an industry-leading program that recognizes the real-world experience necessary
to succeed at the highest executive levels of information security. Bringing together all the components Security risk management, controls, and
required for a C-Level positions, the C|CISO program combines audit management, governance, IS controls, audit management
human capital management, strategic program development, and the financial expertise vital for leading a
highly successful IS program. Security program management and
operations
The C|CISO Training Program can be the key to a successful transition to the highest ranks of information
Information security core concepts
security management.
Strategic planning, finance, and vendor
management

Key Outcomes Exam Information

Establishes the role of CISO and models for Exam Format : Multiple Choice
governance Total number of questions : 150
Core concepts of information security Exam duration : 2.5 Hours
controls, risk management, and compliance Required passing score : 72%
Builds foundation for leadership through
strategic planning, program management,
and vendor management

28
Bachelor of Science in Cyber Security (BSCS)
ACCREDITED. FLEXIBLE. ONLINE.

Course Description Course Outline


Courses
CIS 300 Fundamentals of information systems
security
CIS 301 Legal issues in cyber security
CIS 302 Managing risk in information systems
The Bachelor of Science in Cyber Security (BSCS) prepares students the knowledge for careers in cyber CIS 303 Security policies and implementation
security and assurance. The program consists of topical areas dealing with computer security management, issues
incident response, and security threat assessment, etc. CIS 304 Auditing IT infrastructures for
compliance
CIS 308 Access control
CIS 401 Security strategies in Windows
platforms and applications
CIS 402 Security strategies in Linux platforms
Key Outcomes Exam Information
Graduation Requirements
and applications
CIS 403 Network security, Firewalls, and VPNs
CIS 404 Hacker techniques, tools, and incident
handling
Knowledge and hands-on experience on Completion of 60 credit hours of 300/400 CIS 405 Internet Security: How to defend
various foundational cyber security concepts level courses in which the candidate earned against online attackers
a cumulative GPA of 2.5 or better CIS 406 System forensics, investigation, and
Some of the key topics include security
response
management and incident response, security Satisfactory completion of the summative
CIS 407 Cyberwarfare
threat assessment and risk management, capstone course
CIS 408 Wireless and mobile device security
legal and regulatory issues and compliance
All degree requirements must be completed CIS 410 Capstone course
Cyber defense and cyber warfare, within four years from the date the student ENG 340 English communications
implementation of security controls, and enrolls in the University and begins the MTH 350 Introduction to statistics
auditing program PSY 360 Social psychology
BIS 430 Ethics for the business professional
Capstone Project ECN 440 Principles of microeconomics
MGT 450 Introduction to project management

29
Graduate Certificate Programs
ACCREDITED. FLEXIBLE. ONLINE.

Course Description Course


CoursesOutline

EC-Council Universitys Graduate Certificate Program focuses on the competencies necessary Information security professional
for information assurance professionals to become managers, directors, and CIOs. Students will
experience not only specialized technical training in a variety of IT security areas, but will also acquire ECCU 500 Managing secure network
an understanding of organizational structure and behavior, the skills to work within and across that systems
organizational structure, and the ability to analyze and navigate its hierarchy successfully. Each certificate ECCU 501 Ethical hacking and
targets skills and understandings specific to particular roles in the IT security framework of an organization. Countermeasures
The certificates can be taken singly or as a progressive set of five, each building on the one before it to
move students from IT practitioner skill levels to IT executive skill levels. ECCU 505 Research and writing for the
IT practitioner

Digital forensics
Key Outcomes Exam Information
Certificate Requirements Disaster recovery

Executive information assurance


Preparation for industry recognized Completion of mandated credit hours of IT Analyst
certifications courses in which the candidate earned a
cumulative GPA of 2.5 or better
NSA program mappings
All certificate requirements must be
Executive leadership development completed within six months-one year
Masters level education from the date the student enrolls in the
university and begins the program
Promoting critical thinking

Ethical practice

Scholarship and research

30
Master of Science in Cyber Security (MSS)
ACCREDITED. FLEXIBLE. ONLINE.

Course Description Course Outline


Courses
ECCU 500 Managing secure network systems
MGMT 502 Business essentials
The Master of Science in Cyber Security (MSS) Program prepares information technology professionals ECCU 501 Ethical hacking and
for careers in cyber security and assurance. The program consists of topical areas dealing with computer countermeasures
security management, incident response, and cyber security threat assessment, which require students to ECCU 502 Investigating network intrusions
be the creators of knowledge and inventors of cyber security processes, not merely users of information. and computer forensics
Additionally, students will receive instruction in leadership and management in preparation for becoming ECCU 503 Security analysis and vulnerability
cyber security leaders, managers, and directors. assessment
ECCU 504 Foundations of organizational
behavior for the IT practitioner
ECCU 505 Introduction to research and writing
for the IT practitioner

Key Outcomes Exam Information


Graduation Requirements ECCU 506 Conducting penetration and
security tests
ECCU 507 Linux networking and security
ECCU 509 Securing wireless networks
Application of cyber security technical strategies, Completion of thirty-six (36) credits of 500 ECCU 510 Secure programming
tools, and techniques to secure data and level courses in which the candidate earned
information for a customer or client ECCU 511 Global business leadership
a cumulative GPA of 3.0 or better
Adherence to a high standard of cyber security ECCU 512 Beyond business continuity
ethical behavior Satisfactory completion of the summative ECCU 513 Disaster recovery
Use of research in both established venues and
innovative applications to expand the body of capstone course ECCU 514 Quantum leadership
knowledge in cyber security ECCU 515 Project management in IT security
Application of principles of critical thinking to All degree requirements must be completed
ECCU 516 The hacker mind: Profiling the IT
creatively and systematically solve the problems within four years from the date the student criminal
and meet the challenges of the everchanging enrolls in the university and begins the
ECCU 517 Cyber law
environments of cyber security program
Mastery of the skills necessary to move into cyber ECCU 518 Special topics
security leadership roles in companies, agencies, ECCU 519 Capstone
divisions, or departments

31
Course Description Course Outline

Key Outcomes Exam Information

w w w.e ccouncil.org
32

You might also like