• fullslide1
    MOBILE APPLICATION DEVELOPMENT
    At iKompass, we believe great things are built by a series of small things coming together.
    We'll leave no stone unturned until we find the best way to add value to your business.
  • fullslide1
    iPHONE | iPAD | iOS APPLICATION DEVELOPMENT
    Our Fresh Ideas to help inspire your next app.
  • fullslide1
    ANDROID APPLICATION DEVELOPMENT
    Our Android Apps will bring out the adventurer in you providing you with infinite possibilities.
  • fullslide1
    MOBILE WEB
    We strive hard to align our vision in line with your business growth.
    Our Mobile Web strategy is seamlessly structured to meet your organisational goals.

Cyber Security Foundation

Our 2 days cyber security foundation course equips you with knowledge about various modern digital security threats and provides you with insight about actions to mitigate these threats. The course is focused on non-network technical staff and aimed at people from business and IT. The course provides various options available to deal with myriads of threats including open source and commercial tools.

Cyber security is a vast field and this course helps participants get an understanding of the overall landscape and also to narrow down on areas where they should be focusing on in the near term. Protection of critical infrastructure from data breaches is generally known as cyber security.

Cyber-Attack-Types

CITREP Funding

Enhanced Funding Support for Professionals aged 40 and above and SMEs
 
Pricing_CACS

Professionals aged 40 and above (i.e. self-sponsored individuals) and SMEs who are sponsoring their employees for training (i.e. organisation-sponsored trainees) will be entitled to CITREP enhanced funding support of up to 90% of the nett payable course and certification fees. This is applicable for Singapore Citizens and Permanent Residents (PR’s).

Please find FY17 CITREP+ funding support details as per following:

Organisation- sponsored Non SMEs

course + exam

Up to 70% of the nett payable course and certification fees, capped at $3000 per trainee

exam only

Up to 70% of the nett payable certification fees, capped at $500 per trainee
Singapore Citizens and Permanent Residents (PR’s)
SMEs Up to 90% of the nett payable course and certification fees, capped at $3000 per trainee Up to 70% of the nett payable certification fees, capped at $500 per trainee
Self-Sponsored Professionals (Citizens and PRs) Up to 70% of the nett payable course and certification fees, capped at $3000 per trainee Up to 70% of the nett payable certification fees, capped at $500 per trainee Singapore Citizens and Permanent Residents (PR’s)
Professionals (Citizens 40 years old and above)* as of 1 Jan of the current year Up to 90% of the nett payable course and certification fees, capped at $3000 per trainee Up to 70% of the nett payable certification fees, capped at $500 per trainee
Students (Citizens) and/or Full-Time National Service (NSF) Up to 100% of the nett payable course and certification fees, capped at $2500 per trainee Up to 100% of the nett payable certification fees, capped at $500 per trainee
 
 

Cyber Security Foundation Course

Our Cyber security foundation course addresses common breaches in an enterprise and steps to prevent breaches.

A typical breach remains undiscovered for over 200 days. What does that say about your current defense strategy? More likely that the attackers may be using completely different methods than what you are used to. This critical gap between current enterprise defense strategy and the evolution in adversary tactics is responsible for a growing number of successful intrusions

Let’s assume that your organization has invested significant amount of money in Malware detection. A malware is a piece of software that has been downloaded in your network probably because a user clicked on a link. The piece of software could be sending out critical information periodically. A proactive security analyst or your malware detection software may be able to identify and eliminate the presence of this malware. However, research suggests that Malware is responsible for only 40% of breaches, and external attackers are increasingly leveraging malware-free intrusion approaches to blend in and “fly under the radar” by assuming insider credentials within victim organizations.

Emulating legitimate users

The idea behind a malware-free intrusion is very simple—malware, even if it’s unknown to antivirus, is still very noisy. The obvious answer is that you break in without using malware, emulating legitimate insiders. Insider detection has always been one of the hardest problems to solve in cyber security because the attacker, by definition, looks like someone who is supposed to be inside your network and is doing things that are largely legitimate and expected. Thus, wherever the adversaries can emulate this behavior, they are quite successful in achieving their objective of stealth.

The objective of this course is to apprise the participant of the various components that have enabled the services we use, as well as to explain how these very same tools have simultaneously been diverted for malicious purposes.


How does Phishing work?

Big Data Foundation

 

Cyber Security Foundation

Cyber Security Lifecyle

We examine the components of technology that are being diverted. We start with application code and how it can best be protected with isolation approaches. We look at the general principles of a secure system and then how hackers approach such systems. We follow with an examination of the various forms of infection, including viruses, worms, bots, and Trojans. We then examine encryption, using the Rivest–Shamir–Adelman (RSA) algorithm as our working example. Internet Protocol Security (IPSec)—which is at the heart of the secure virtual private network (VPN) connectivity widely employed by Singapore businesses—is discussed, along with the contrasting use by hackers of their own undetectable VPN, example, the Terracotta VPN, which makes the hackers’ activity appear to be normal traffic entering and traversing “protected” systems.

We will examine web applications, complete web systems, domain name systems (DNSs), and the general structure of the public Internet. And, given that the world has rapidly migrated into a totally mobile, instantaneous communication and download, we examine the present vulnerability of the ubiquitous “smart” devices.

Timeline_small-01

Big Data/ Data Science Foundation Course Outline

DAY 1 TIME TOPIC DELIVERY DESCRIPTION TOOLS
9:30 - 10:00 Cyber security Introduction Theory As the world moves towards innovative solutions such as smart cars and Internet of Things, simultaneously, the “evil” side is growing even faster in its capability, employing those very same technologies for malicious purposes. We’ll explore the current state of cyber security Case studies
10:00 - 10:30 Hackers motivations Theory As an example, a customers file containing 70 million customer records with credit card info, social security number, was sold to middlemen on the dark web at $50 apiece (approx $4 billion in total) and then resold by those middlemen to criminal groups and individuals at a standard price of $350 for each ID. While the biggest motivation is money, its not always just about money. Discussion
10:30 - 10:45 Tea break
10:45 - 12:00 How Systems are breached
  • Spear Phishing
Waterholes
Theory Usually, the goal of the hacker is to “become” the target employee. To this end, they may want to observe all the keystrokes that the employee initiates. The hacker seeks all the passwords and special-access information that the employee normally uses to gain entry to these systems. This is achieved through spear phishing and waterholes. Discussion
12:00 - 13:00 Lunch
13:00 - 14:00 Establishing an Undetectable Anonymous Persistent Presence Practical Frequently, the hackers will employ their special VPN to enter the target site so they look like regular off-site users accessing the systems. Once the password files are downloaded, they must be decrypted. Although the files contain thousands of user passwords, the attackers only need to decrypt an initial working set, so brute-force techniques are employed. Case Study
14:00 - 14:45 Tools Used by Hackers to Acquire Valid Entry Credentials Practical The most common method of stealing sensitive information and authentication credentials in order to traverse the portals to an enterprise’s network is with a keystroke grabber. These programs are secretly installed on target computers to record or log the keys struck on a keyboard by the user on the affected device Demos
14:45 -15:00 Tea break
15:00 - 17:30 Common Attacks Practical Denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks Man-in-the-middle (MitM) attack Phishing and spear phishing attacks Drive-by attack Password attack SQL injection attack Cross-site scripting (XSS) attack Eavesdropping attack Birthday attack Malware attack Viruses, Worms, Bugs, and Botnets Demos

DAY 2 TIME TOPIC DELIVERY DISCRIPTION TOOLS
9:30 - 10:00 Counter Measures – Securing Code Theory Code Isolation and Confinement. Malware creators take advantage of unknowing users who download or use infected code. Such infected code can be directed toward a variety of devices including our computers, tablets, and smartphones. Specialized codecs for media are examples of components that are frequently used to conceal code.. We will cover various confinement measures. Discussion
10:00 - 10:45 Counter Measures – Securing Architecture Theory Hacking and the deployment of an appropriate security architecture are at the forefront of every company’s attention. As many companies are experiencing their systems being hacked, security architectures can be put in place to minimize the severity of such attacks. Discussion
10:30 - 10:45 Tea break
10:45 - 11:15 Access Control Concepts Theory Access control is an approach to restricting system access only to authorized users. The system knows who the user is, and their identity is authenticated by name, password, or further identification credentials. Any user’s access request or process is passed through a reference monitor acting as a gatekeeper and must be validated before the user or the process is granted access. IAM
11:15 - 12:00 Cryptography and the RSA Algorithm Theory Cryptography is the practice of applying encryption techniques to ensure secure communication in the presence of third parties (whom we will consider adversaries). Generally, cryptography is about constructing and analyzing protocols that block adversaries, protect data confidentiality and data integrity, and provide authentication for the sender and the message. Case Study
12:00 - 13:00 Lunch
13:00 - 14:00 Browser Security and Cross-Site Scripting Practical Browser security is an important topic in information security because a large portion of the population uses computers, primarily for browsing the Internet. A simple lack of browser security knowledge plagues many Internet users who fall victim to constant pop-ups, adware, spyware, and other forms of malware
14:00 - 14:45 Session Management, User Authentication, and Web Application Security Practical An open field, file, or form that will take input and allow server processing may not have properly cleansed that input, allowing the remote execution of hidden and embedded code in that data that was not intended to be run on that server. Discussion
14:00 - 14:45 Cybercrime-as-a-Service (CaaS) Practical Over the past 20 years, cybercrime has become a mature industry estimated to produce more than $1 trillion in annual revenues. From products like exploit kits and custom malware to services like botnet rentals and ransomware distribution, the breadth of cybercrime offerings has never been greater. The result: more, and more serious, forms of cybercrime. Case study
14:45 -15:00 Tea break
15:00 - 17:30 Security Incident and Event Management (SIEM) Machine Learning and AI for Cyber Security Practical Security Incident and Event Management (SIEM) is a process that helps cyber security implementation by gathering security-related information (network and application logs for example) at a centralized location or tags those information assets at the edge (the location where the data is generated in the case of IoT) and uses this information for identification of anomalies which indicates breaches to the security infrastructure of an enterprise. Various machine learning algorithms can be used for detection and prevention of cyber attacks. We will discuss some common algorithms for anomaly detection, pattern recognition etc., Demos


Enterprise Architecture for Cyber Security

DSdc_web1

AI and Machine Learning Algorithms in Cyber Security

Big data and cyber security complement each other and play a vital role in each other’s relevance and utility. As more and more devices are getting digitally connected, they are generating more data (volume); the data generated by these connected devices needs to be processed in neartime (velocity) and it follows a variety of forms such as structured, unstructured, and semi-structured (variety). These three Vs constitute Big Data in general which lead to Value as fourth V. The cyber security systems require that the Big Data is processed in its entirety in order to provide actionable insights into the security infrastructure of an enterprise and to help in detecting anomalies and preventing attacks on an organization’s computing assets.

Rules-based alerts and monitoring systems are not sufficient to deal with the cyber security attacks and for protecting CIs. The machine learning models need to be trained based on the historical data (supervised learning) in order to predict the occurrence of malicious activities in advance or in near real time when the intrusion is in progress. The machine learning and AI transitions the cyber security systems to predictive analysis which helps in preventing the attacks.

Machine learning to deal with Phishing

These attacks can be prevented by using machine learning algorithms. The user’s email headers and content can be used as the training data and can train the model to understand the common patterns. This learning can help in detecting the phishing attempt based on the behavioral trends in the historical emails.

Machine learning to deal with Lateral Movement

Machine learning algorithms can be trained with lateral movements to trace data and detect the suspicious user movements. If these movements are tracked by streaming the live network logs through the processing systems, the intrusion can potentially be detected in near real time.

Machine learning to deal with Injection attacks

The malicious code is supplied into the target application via form fields or other input mechanisms. SQL injection is a special case of injection attack where the SQL statements are pushed into the system via field inputs and the SQL commands can get the dump of the sensitive data outside of the network. The attacker can get access to the authentication details if they reside in the database. Despite all the field validations and filtering at the web server layer, the injection attacks are frequent and one of the leading types of attack. The database logs can be used to train machine learning models based on statistical user profiles which can be built over a period of time as the users interacts with the databases.

Cyber-Attack-Types

There is obvious visible information, which one is conscious of and there is information that comes off you. Example, from your phone one can determine which website you visited, who you called, who your friends are, what apps you use. Data science takes it further to reveal how close you are to someone, are you an introvert or an extrovert, when during the day are you most productive, how often do you crave for ice cream, what genre of movies you like, what aspects of social issues interest you the most etc.,

Sensors everywhere

With the possibility of adding sensors to everything, now there is deeper insight into what is going on inside your body. Spending 10 minutes with a doctor who gives you a diagnosis based on stated or observed symptom is less useful than a system that has data about everything going on inside your body. Your health diagnosis is likely to be more accurate with analysis of data collected through devices such as fitbits and implantables.

The amount of data available with wearables and other devices provides for rich insight about how you live, work with others and have fun.

Digital Breadcrumbs

Big Data and analytics is made possible due to the digital breadcrumbs we leave. Digital breadcrumbs include things like location data, browsing habits, information from health apps, credit card transactions etc.,

The data lets us create mathematical models of how people interact, what motivates us, what influences our decision making process and how we learn from each other.

Big Data versus Information

One can think of Big Data as the raw data available in sufficient volume, variety and velocity. Volumes here refer to terabytes of data. Variety refers to the different dimensions of data. Velocity refers to the rate of change.

A bank can use credit card information to develop models that’s more predictive about future credit behavior. This provides better financial access. What you purchased, frequency of purchase, how often do you pay back, where do you spend money are better predictors of payment credibility than a simple one dimensional credit score.


Cyber Security Machine Learning Process

Graph

Encryption

This course also covers the basics of encryption and cryptography for protecting data and services

Encryption has come as a welcome solution to securing data and communication in organizations and also for individuals. It has been accepted as the most trusted way of securing data against the threats that are in existence today. Cryptography, which is the practice of using encryption and decryption, is often one of the last security measures that organizations employ just in case hackers are able to breach through other layers of security. Encryption, which is the process of converting data from plain text to cipher text, is one of the elements used to add reliability and non-repudiation in communication.

This course will take u through the detailed version of encryption from its early methods and gives us a brief idea of how far it has evolved, covering various techniques along with the challenges.

DataEncrypt

FAQs


Foundation Course: Cyber Security is a vast field. In this foundation class, we will be covering the theoretical of attacks and counter measures. As such, we don’t require participants to have a background in coding or system administration.
No. The optional technical modules don’t have additional costs. However, to work through the optional technical modules, you need to have a background in either statistics or programming.
You don’t need to be from IT to avail funding. For CITREP+ funding, you must be a Singapore citizen or Permanent Residents (PR’s). CITREP+ funding is based on a claim that you will make after passing the exam. This means you will pay us the full course fees and IMDA will reimburse 70% or 90% of the course and exam fees after you make a claim. We will assist you with the claim process.
Foundation:ITPACS Certified Associate in Cyber Security – Attacks and Counter measures basics.
You can take the exam 2 times with no additional costs. Beyond the second attempt, you will need to pay for the exam fees.
Yes, the funding applies to all Singapore Citizens and Permanent Residents (PR’s) irrespective of the industry.
The course does not have an academic minimum requirement. However, you need to be familiar with basic technology such as client-server.
The difficulty level of the concepts depends on your background. If your job involves IT, you are likely to find the course easy.
Foundation:No. This is an introductory course. Cyber security is an extensive field and can take years to be an expert. Many experts specialize in one particular domain. This course provides you with an overview of what is involved in Cyber security.
Foundation:The course covers the theoretical aspects of a Cyber Security Solution. The technical aspects of building a Cyber security solution is not covered because there are so many different architectures and technologies.
Most of the participants are managers in companies across different industries who are evaluating opportunities for improving cyber security. These managers are either exploring the application of solutions within their own domain or are already working with cyber security experts. Upon completion of the course, these managers are in a better position to drive cyber security projects in their context. Most of these managers represent the business side.
Cyber Security Foundation Course: We offer a pass guarantee for this exam. In case a participant fails the exam, they have two more attempts to clear the exam at no additional cost. The objective of the foundation course is to facilitate entry into the Cyber Security field for people with no IT background. As such, the exam itself is not difficult. The exam does not have any coding. In the unlikely scenario wherein the participant fails the third time, we will refund the full course fees.
The funding process is done online. After course completion, you will upload some documents such as Invoice, receipt etc., on to IMDA’s system. The funding is a reimbursement made to you by IMDA after course completion. The reimbursement takes 2-4 weeks. This means you have to pay the full amount first and then get the reimbursement. We will support you for through the administrative process for submitting your claim.
Yes. If you are currently in-between jobs, we provide additional discount on the course fees. During registration, let us know about your situation and we will accommodate additional discount.
Recent studies in neuroscience demonstrate that we can change our brain just by thinking. Our concept of “self” is etched in the living latticework of our 100 billion brain cells and their connections. Picking up new skills is about making new connections in the mind. By the time you complete the course, you have changed your brain permanently. If you learned even one bit of information, tiny brain cells have made new connections between them, and who you are is altered. The act of mental stimulation through learning is a powerful way you can grow and mold new circuits in your brain. Growing new circuits is vital to growth and state of being.
There is a small chance that you may be in what a growing body of knowledge point to as “survival mode”. When we live in survival, we limit our growth, because the chemicals of stress will always drive our big-thinking brain to act equal to its chemical substrates. Chronic long-term stress weakens our bodies. We choose to remain in the same circumstances because we have become addicted to the emotional state they produce and the chemicals that arouse that state of being. Far too many of us remain in situations that make us unhappy, feeling as if we have no choice but to be in stress. We choose to live stuck in a particular mindset and attitude, partly because of genetics and partly because a portion of the brain (a portion that has become hardwired by our repeated thoughts and reactions) limits our vision of what’s possible.We can change (and thus, evolve) our brain, so that we no longer fall into those repetitive, habitual, and unhealthy reactions that are produced as a result of our genetic inheritance and our past experiences. Scientists call this neuroplasticity—the ability to rewire and create new neural circuits at any age—to make substantial changes in the quality of your life.Learning a new skill allows new experiences and in turn fires new circuits related to curiosity, creativity etc,
The brain is structured, both macroscopically and microscopically, to absorb and engage novel information, and then store it as routine. When we no longer learn new things or we stop changing old habits, we are left only with living in routine. When we stop upgrading the brain with new information, it becomes hardwired, riddled with automatic programs of behavior that no longer support a healthy state of being. If you are not learning anything new, your brain is constantly firing the same old neurons related to negative states such anxiety, stress and worry. We are marvels of flexibility, adaptability, and a neuroplasticity that allows us to reformulate and repattern our neural connections and produce the kinds of behaviors that we want.
Research is beginning to verify that the brain is not as hardwired as we once thought. We now know that any of us, at any age, can gain new knowledge, process it in the brain, and formulate new thoughts, and that this process will leave new footprints in the brain—that is, new synaptic connections develop. That’s what learning is. In addition to knowledge, the brain also records every new experience. When we experience something, our sensory pathways transmit enormous amounts of information to the brain regarding what we are seeing, smelling, tasting, hearing, and feeling. In response, neurons in the brain organize themselves into networks of connections that reflect the experience. feelings. Every new occurrence produces a feeling, and our feelings help us remember an experience. The process of forming memories is what sustains those new neural connections on a more long-term basis. Memory, then, is simply a process of maintaining new synaptic connections that we form via learning irrespective of age.The reality is that if you are not making new neural connections, the brain cells are decaying or firing the same old routine patterns. This leads to physically aging faster than usual and other health problems.Contrary to the myth of the hardwired brain, we now realize that the brain changes in response to every experience, every new thought, and every new thing we learn. This is called plasticity. Researchers are compiling evidence that the brain has the potential to be moldable and pliable at any age.
AI has two sides. Research and application. Research is about in depth knowledge of how something works. You could spend years in research to find out how electricity and waves works and finally create a microwave. Consumers then use these microwaves to cook various food. A consumer doesn’t need to have extensive knowledge on the inner working of a microwave. They can get creative about the end result of using the microwave. This is the application side of things. Currently, as a result of extensive research, there is plethora of microwaves in the market. Attending a university courses is like creating another microwave, reinventing the wheel. You would rather focus your effort on the application side of AI. Take the already built algorithms and use it for your use cases. The way we teach our course is to apply these algorithms to solves business problems rather than go in-depth into calculus, matrices and trigonometry that make up an algorithm.

Other Courses


Check Out Our Other Professional Courses

PMP® Project Management Professional

Our Project Management Professional course in Singapore covers the best practices in the field of Project Management.

Lorem ipsum blah blah blah blah...

S$ 1390

iOS Application Development

We teach you everything you need to know to build great iOS apps for the iPhone, iPad devices.

S$ 1970

CCC Big Data Foundation
3 Days

We cover Big Data concepts including the business aspects, the technical aspects as well as the deployment and maintenance aspects. Lorem ipsum blah blah blah blah...

S$ 2590

Data Science Bootcamp
3 Weeks

Intensive bootcamp covers in depth concepts around data science. Lorem ipsum blah blah blah blah...

S$ 4990

Android Application Development

We cover Java programming language and then teach you the skills to build apps for devices running Android OS.

S$ 1970

CCC Cloud Technology Associate Lorem ipsum blah blah blah blah...

We cover cloud concepts related to application development. Lorem ipsum blah blah blah blah...

S$ 2970

Web Developer Bootcamp

We cover tools and techniques for full stack development which includes front end, back end and business layer.

S$ 3990

t-ACP® Agile Certified Practitioner

Our Agile covers covers SCRUM, XP and Lean. We teach you the most current Agile tools and techniques. Lorem ipsum blah blah blah blah...Lorem ipsum blah blah blah blah... blah blah blah...Lorem ipsum blah blah blah blah...blah blah blah...

Call for monthly offer

Develop iOS Mobile Applications - School Program

We teach you everything you need to know to build great iOS apps for the iPhone, iPad devices.

Call for monthly offer

iOS Application Development Short Course

We teach you everything you need to know to build great iOS apps for the iPhone, iPad devices.

S$ 990

Android Application Development Short Course

We cover Java programming language and then teach you the skills to build apps for devices running Android OS.

S$ 990

JavaScript Programming Short Course

In this course, you will learn the fundamental programming concepts and syntax of the JavaScript programming language.

S$ 490

Programming, Coding Basics for Non-IT Professionals

In this course, you will learn the basics of programming and apply Object Oriented Programming concepts.

S$ 450

Copyright 2015 iKompass. All rights reserved.