Curriculum | 12 credit hours
Our hands-on courses empower you to understand your networked industrial control system environment, monitor it for threats, perform incident response against identified threats, and use knowledge gained from interactions with the adversary to enhance network security and maintain the safety and reliability of operations. This is the curriculum order for this program.
Required Core Courses | 6 credit hours
ISE 6515: ICS/SCADA Security Essentials | ICS410 + GICSPSANS Course: ICS410: ICS/SCADA Security Essentials
Certification: Global Industrial Cyber Security Professional Certification (GICSP)
3 Credit Hours
ISE 6515 ICS/SCADA Security Essentials is an introductory study of how information technologies and operational technologies have converged in today's industrial control system environments. This convergence has led to a greater need than ever for a common understanding between the various groups who support or rely on these systems. Students in ISE 6515 will learn the language, the underlying theory, and the basic tools for industrial control system security in settings across a wide range of industry sectors and applications.
ISE 6520: ICS Active Defense and Incident Response | ICS515 + GRIDSANS Course: ICS515: ICS Visibility, Detection, and Response
Certification: GIAC Response and Industrial Defense (GRID)
3 Credit Hours
ISE 6520 will empower students to understand their networked industrial control system environment, monitor it for threats, perform incident response against identified threats, and learn from interactions with the adversary to enhance network security.
Specialization Elective Course | 3 credit hours
Students select one of the following courses.
ISE 6425: Advanced Digital Forensics, Incident Response, & Threat Hunting | FOR508 + GCFASANS Course: FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics
Certification: GIAC Certified Forensic Analyst (GCFA)
3 Credit Hours
ISE 6425 teaches the necessary capabilities for forensic analysts and incident responders to identify and counter a wide range of threats within enterprise networks, including economic espionage, hacktivism, and financial crime syndicates. The course shows students how to work as digital forensic analysts and incident response team members to identify, contain, and remediate sophisticated threats-including nation-state sponsored Advanced Persistent Threats and financial crime syndicates. Students work in a hands-on lab developed from a real-world targeted attack on an enterprise network in order to learn how to identify what data might be stolen and by whom, how to contain a threat, and how to manage and counter an attack.
ISE 6525: Essentials for NERC Critical Infrastructure Protection | ICS456 + GCIPSANS Course: ICS456: Essentials for NERC Critical Infrastructure Protection
Certification: GIAC Critical Infrastructure Protection Certification (GCIP)
3 Credit Hours
ISE 6525 empowers students with knowledge of the "what" and the "how" of the version 5/6 standards. The course addresses the role of FERC, NERC and the Regional Entities, provides multiple approaches for identifying and categorizing BES Cyber Systems and helps asset owners determine the requirements applicable to specific implementations. Additionally, the course covers implementation strategies for the version 5/6 requirements with a balanced practitioner approach to both cybersecurity benefits, as well as regulatory compliance.
ISE 6610: Cloud Security Essentials | SEC488 + GCLDSANS Course: SEC488: Cloud Security Essentials
Certification: GIAC Cloud Security Essentials Certification (GCLD)
3 Credit Hours
ISE 6610: Cloud Security Essentials will equip you to implement appropriate security controls in the cloud, often using automation to "inspect what you expect." Mature cloud service providers (CSPs) have created a variety of security services that can help customers use their products in a more secure manner, but much about cloud security still resides with the customer organization. This course covers real-world lessons using security services created by the CSPs as well as open-source tools. Each lesson features hands-on lab exercises to help you practice the lessons learned. You will progressively layer multiple security controls in order to end the course with a functional security architecture implemented in the cloud. The course begins by addressing one of the most crucial aspects of the cloud — Identity and Access Management (IAM). From there, you will learn to secure the cloud through discussion and practical, hands-on exercises related to several key topics to defend various cloud workloads operating in the different CSP models of: Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS).
You will be able to:
- Identify the risks and risk control ownership based on the deployment models and service delivery models of the various products offered by cloud service providers (CSPs)
- Evaluate the trustworthiness of CSPs based on their security documentation, service features, third-party attestations, and position in the global cloud ecosystem
- Create accounts and use the services of any one the leading CSPs and be comfortable with the self-service nature of the public cloud, including finding documentation, tutorials, pricing, and security features
- Articulate the business and security implications of a multi-cloud strategy
- Secure access to the consoles used to access the CSP environments
- Use command line interfaces to query assets and identities in the cloud environment
- Use hardening benchmarks, patching, and configuration management to achieve and maintain an engineered state of security for the cloud environment
- Evaluate the logging services of various CSPs and use those logs to provide the necessary accountability for events that occur in the cloud environment
- Configure the command line interface (CLI) and properly protect the access keys to minimize the risk of compromised credentials
- Use basic Bash and Python scripts to automate tasks in the cloud
- Implement network security controls that are native to both AWS and Azure
- Employ an architectural pattern to automatically create and provision patched and hardened virtual machine images to multiple AWS accounts
- Use Azure Security Center to audit the configuration in an Azure deployment and identify security issues
- Use Terraform to deploy a complete "infrastructure as code" environment to multiple cloud providers
- Leverage the Cloud Security Alliance Cloud Controls Matrix to select the appropriate security controls for a given cloud network security architecture and assess a CSP's implementation of those controls using audit reports and the CSP's shared responsibility model
- Follow the penetration testing guidelines put forth by AWS and Azure to invoke your "inner red teamer" to compromise a full stack cloud application
- Use logs from cloud services and virtual machines hosted in the cloud to detect a security incident and take appropriate steps as a first responder according to a recommended incident response methodology
- Perform a preliminary forensic file system analysis of a compromised virtual machine to identify indicators of compromise and create a file system timeline
Elective Courses | 3 credit hours
ISE ___: Technical Elective Course | SANS Class + GIAC Exam
3 Credit Hours
You can choose any 3-credit hour technical course from an approved list of elective courses.