8/18/2019 Infosec Courses

1/14

 

Ethical Hacking Course For Beginners

About Course An Ethical Hacker is a technology expert; typically employed by an organization to assess the security system of the

organization in order to discover vulnerabilities that can be exploited. Ethical hackers may use the same methods as

the black hat hackers, but report the problems instead of taking advantage of them.

This course on Ethical Hacking for Beginners goes deep down into the depths of networking, systems, web

applications and actual exploitation and helps beginners to take their confident first step towards information security

field. This 6 weeks course is designed to give the participants the real world exposure in information security by

hands on experience in tools and techniques.

Why should you attend this course?

One of the greatest highlights of this course is that it is built by experts who do penetration testing on a regular basis.

Since it is built by practitioners in the field, it is regularly updated with the latest tools, techniques, and real-world

scenarios.

The lab setup for the course will give beginners a very good practical hands on experience of ethical hacking rather

than just plain theory explanation. The participants will get to break into vulnerable applications and systems that

have been set up to create levels of challenges and sharpen their skills.

Who should attend this course?

 Anyone looking to build a career in information security is most welcome to join the course. If you’re already in this

field, but want to learn the professional concepts of hacking, then this is the course for you. Instead of burdening you

with a huge amount of courseware, this 6 weeks course provides a systematic practical approach towards learning

and helps to take your confident first step towards ethical hacking; focusing on the real-world practical tools and

techniques of hacking.

A Professional Ethical Hacker SHOULD:

  Obtain prior written approval from senior management before testing the security of organization

  STRICTLY work within the project scope boundaries as defined in the engagement letter

  Carry out responsible disclosure; means whatever weaknesses are discovered during the penetration testing,

they are dutifully informed to senior management and technical team

  Carry out security scans ONLY during scheduled time (usually during non-peak business hours). They should

NEVER be done before or after.

  Point out potential security risks that may impact business operations. They must be rated properly on severity

levels

  Put forward the recommendations to address those potential security risks

  Respect the individual's or company's privacy and only go looking for security issues.

8/18/2019 Infosec Courses

2/14

 

— 

  Report all security vulnerabilities responsibly you detect to the company, not leaving anything open for you or

someone else to come in at a later time.

— 

  Let the software developer or hardware manufacturer know of any security vulnerabilities you locate in their

software or hardware if not already known by the company.

— 

  Dynamically update the knowledge and encourage transferring the same to the peers to build a secured

environment

A Professional Ethical Hacker SHOULD NOT:

  Proceed with security testing until prior written approval is obtained from senior management

  Exceed project scope boundaries as defined in engagement letter

  Carry out direct testing on production data for any service or application

  Carry out exploitation on discovered vulnerabilities until he/she gets explicit approval from the senior

management

  Take advantage of discovered vulnerabilities for any personal profit or competitive gain

  Disclose any sensitive corporate design or information to anyone if that is found during testing. The same should

be reported to senior management at the earliest

  Report any vague/ incorrect findings to senior management or to the technical team. The findings must not stand

ambiguous in context.

  Report any finding(s) without "sufficient" and necessary proof(s)

  Make any vague / incorrect recommendation(s) to address potential security risks.

Course Contents

Week 1: Information Security - What & Why? 

  Introduction to Information security

  Overview IT Act

  E-Crimes & Penalties

  Understanding PenTest methodologies (black/white/gray - box)

  Introduction to Computer Networks

  Major Topologies in Networks

http://www.iisecurity.in/courses/ethical-hacking-course.html#collapseOnehttp://www.iisecurity.in/courses/ethical-hacking-course.html#collapseOnehttp://www.iisecurity.in/courses/ethical-hacking-course.html#collapseOnehttp://www.iisecurity.in/courses/ethical-hacking-course.html#collapseOne

8/18/2019 Infosec Courses

3/14

 

  Network Design & Components

  IP addressing

  Network protocols

Week 2: Network Basics 

  Concept of routing and switching

  OSI reference model

  TCP/IP model

  Diving into OSI layers in details

  TCP v/s UDP services

  Common TCP and UDP services

  Understanding ICMP messages

Week 3: Protocol Analysis 

  Understanding things in the packet layer

  Wireshark-The packet analyzer

   Analyzing the host-to-host packet transmission

  synchronizations of hosts

  termination of hosts

  finishing of host

Week 4: Operating System Basics 

  Introduction to Windows Server - 2008

   Active Directory Fundamentals

  Operational Units

  Concept of ACL

  File system implementation  Diving into the Pentest folder - Backtrack

  Understanding Linux shell

Week 5: Breaking into Networks 

http://www.iisecurity.in/courses/ethical-hacking-course.html#collapseTwohttp://www.iisecurity.in/courses/ethical-hacking-course.html#collapseTwohttp://www.iisecurity.in/courses/ethical-hacking-course.html#collapseThreehttp://www.iisecurity.in/courses/ethical-hacking-course.html#collapseThreehttp://www.iisecurity.in/courses/ethical-hacking-course.html#collapseFourhttp://www.iisecurity.in/courses/ethical-hacking-course.html#collapseFourhttp://www.iisecurity.in/courses/ethical-hacking-course.html#collapseFivehttp://www.iisecurity.in/courses/ethical-hacking-course.html#collapseFivehttp://www.iisecurity.in/courses/ethical-hacking-course.html#collapseFivehttp://www.iisecurity.in/courses/ethical-hacking-course.html#collapseFivehttp://www.iisecurity.in/courses/ethical-hacking-course.html#collapseFourhttp://www.iisecurity.in/courses/ethical-hacking-course.html#collapseFourhttp://www.iisecurity.in/courses/ethical-hacking-course.html#collapseThreehttp://www.iisecurity.in/courses/ethical-hacking-course.html#collapseThreehttp://www.iisecurity.in/courses/ethical-hacking-course.html#collapseTwohttp://www.iisecurity.in/courses/ethical-hacking-course.html#collapseTwo

8/18/2019 Infosec Courses

4/14

 

  Portscan - Beginner to Expert level

  Mastering Nmap

  Working with LUA

  Cooking custom Nmap scripts

  Concept of fingerprinting and footprinting

  Google Hacking  Enumeration of services

  Banner Grabbing

Week 6: Exploiting the target 

  Finding vulnerability - Automated methods

  Using Vulnerability Scanners (Nessus & GFI)

  Interpreting the automated scanner report  Getting into the system

  Working with exploit code - Exploitation Framework (msf)

   Attacking LAN

  Firewall Evasion

  Firewall introduction & types

  Detection methodologies

  Fire-walking

  Evasion Methodologies

  Packet crafting

  Understanding Overflow

  Buffer Overflow (Stack & Heap)

  Exploiting Windows & Linux

  Protection Mechanisms

Network Security & Exploitation

Learn Fundamental Aspects of Security in Modern Networked Environment

About Course

With the explosion of internet and e-world, computer networks, if adequately not secured, are getting targeted for a

large amount of threats, and exploited further which can cause huge damages to the enterprise. The primary goal of

this course is to give a good idea on various network security issues, how to identify them, and what are the proper

controls that need to be implemented to prevent these security issues.

This training covers fundamental aspects of security in a modern networked environment with the focus on system

design aspects in the specific context of network / internetwork security. We take a peek into network security best

practices such as LAN segregation, Network Controls, Logging, Hardening, DMZ configuration, Traffic Analysis and

Monitoring Tools etc. Router and Wireless Security are also discussed later.

Who should attend this course?

http://www.iisecurity.in/courses/ethical-hacking-course.html#collapseSixhttp://www.iisecurity.in/courses/ethical-hacking-course.html#collapseSixhttp://www.iisecurity.in/courses/ethical-hacking-course.html#collapseSixhttp://www.iisecurity.in/courses/ethical-hacking-course.html#collapseSix

8/18/2019 Infosec Courses

5/14

 

 Anyone looking to build a career in information security, or if you're someone who's already in this field, but want to

learn the professional concepts of hacking, then this is the course for you. It simply will not get more practical and

more hands-on than this. Instead of burdening you with a huge amount of courseware, and hundreds of tools, the

CPH course focuses on the real-world practical tools and techniques of hacking.

Duration

6 Weeks

Course Contents

Week 1 

  Introduction & Case Studies

  Understanding PenTest methodologies (black/white/gray – box)

  Kali OS – The Hacker’s Box 

  Understanding Linux (BT) structure

  Kali Basic Usage

  Network Basics

  TCP/IP Fundamentals

  Common TCP and UDP services

  Understanding ICMP messages

  Understanding things in the packet layer

  Wireshark – The packet analyzer   Analyzing the host-to-host packet transmission

o  synchronizations of hostso  termination of hostso  finishing of host

Week 2 

  Fingerprinting & Footprinting

  Google hacking

  Portscanning

  Mastering Nmap

  Netcat Kungfu

  Packet crafting using hping3

http://www.iisecurity.in/courses/network-security-exploitation.html#collapseOnehttp://www.iisecurity.in/courses/network-security-exploitation.html#collapseOnehttp://www.iisecurity.in/courses/network-security-exploitation.html#collapseTwohttp://www.iisecurity.in/courses/network-security-exploitation.html#collapseTwohttp://www.iisecurity.in/courses/network-security-exploitation.html#collapseThreehttp://www.iisecurity.in/courses/network-security-exploitation.html#collapseTwohttp://www.iisecurity.in/courses/network-security-exploitation.html#collapseTwohttp://www.iisecurity.in/courses/network-security-exploitation.html#collapseOnehttp://www.iisecurity.in/courses/network-security-exploitation.html#collapseOne

8/18/2019 Infosec Courses

6/14

 

Week 3 

  Finding Vulnerability – Manual methodso  Banner Grabbingo  Testing on clear text protocols (FTP, TFTP, Telnet, HTTP)o  Testing on SNMPo  Testing on SMTPo  Testing on Fingero  Testing on DB ports

  Service Level Securityo  Concept of ACLo  Hardening SSHo  Hardening SMTP Server

Week 4 

  Finding vulnerability – Automated methodso  Nessus Vulnerability scannero  GFI scannero  Interpreting the automated scanner reporto  Getting exploit code – Exploitation Framework (msf introduction)o  Getting into the systemo   Attacking LAN

  Metasploiting the targeto  Metasploit the universeo  Metasploit Module & Architectureo  Working with Auxiliarieso  Working with Exploitso  Working with encoderso  Working with payloadso  Understanding Meterpreter

Week 5 

  Network securityo  Secure Network designo  DMZo  VLANso  Firewallso  IDS / IPSo  Wireless LAN Securityo  VPNs

http://www.iisecurity.in/courses/network-security-exploitation.html#collapseFourhttp://www.iisecurity.in/courses/network-security-exploitation.html#collapseFourhttp://www.iisecurity.in/courses/network-security-exploitation.html#collapseFivehttp://www.iisecurity.in/courses/network-security-exploitation.html#collapseFivehttp://www.iisecurity.in/courses/network-security-exploitation.html#collapseFivehttp://www.iisecurity.in/courses/network-security-exploitation.html#collapseFivehttp://www.iisecurity.in/courses/network-security-exploitation.html#collapseFourhttp://www.iisecurity.in/courses/network-security-exploitation.html#collapseFour

8/18/2019 Infosec Courses

7/14

 

Week 6 

  Wireless securityo  Understanding Wireless Technologyo  Protocol Analysiso   Attacks on Open Authenticated WiFio  Dumpsterdivingo  WPA/WPA2 Securityo  Wardriving Concepts

Web App & Wifi Security Training (Advance Level)

Comprehensive Coverage of Web Application & WiFi Security

The course is focused on a comprehensive coverage of web application security. It will present security guidelines

and considerations in web applications development. The participants will learn the basics of application security,

how to enforce security on a web application, Basics of Threat Modeling, Threat Profiling, OWASP Top Ten Testing

and Black Box Testing.

We will also cover security guidelines and considerations in wireless networking. The participants will learn the latest

security standards, including all 802.1x/EAP types used in WLANs , how to locate and triangulate rogue access

points and implement Wireless Intrusion Prevention Systems, assess the security of wireless networks using the

same hacking tools the bad guys do.

Objectives of the course

Upon completion of this course, participants will be able to:

  Understand the need for security

  Understand the various security threats and countermeasures

  Design and Develop secured web applications

  Understand wireless standards & security architecture

   Analyze the wireless protocol, and algorithmic flaws

  Conduct penetration testing of wireless network

  Understand Enterprise Security on wireless network

Duration

6 Weeks

Course Contents

http://www.iisecurity.in/courses/network-security-exploitation.html#collapseSixhttp://www.iisecurity.in/courses/network-security-exploitation.html#collapseSixhttp://www.iisecurity.in/courses/web-app-wifi-security-training.html#collapseOnehttp://www.iisecurity.in/courses/network-security-exploitation.html#collapseSixhttp://www.iisecurity.in/courses/network-security-exploitation.html#collapseSix

8/18/2019 Infosec Courses

8/14

 

Week 1 

   Application Security Fundamentals

  Recap on Application Development Technologies  Database Fundamental

   Application Security Overview

  OWASP Top 10

Week 2 

   Attacks & Defense

o   A1-Injectiono   A2-Cross Site Scripting (XSS)o   A3-Broken Authentication and Session Managemento   A4-Insecure Direct Object Referenceso   A5-Cross Site Request Forgery (CSRF)o   A6-Security Misconfigurationo   A7-Insecure Cryptographic Storageo   A8-Failure to Restrict URL Accesso   A9-Insufficient Transport Layer Protectiono   A10-Unvalidated Redirects and Forwards

  Proxy Based Attacks – Burp Suite

Week 3 

  Wireless Technology Background

  Risks of using Wireless Technologies

  Current Wireless Security

  Wireless Standards & Terminologies

   Attack Taxonomy

  Introduction 802.11 Standard

  Features of 802.11 Standard

  Packet types of 802.11 Standards

Week 4 

  802.11 Protocol Analysis

http://www.iisecurity.in/courses/web-app-wifi-security-training.html#collapseTwohttp://www.iisecurity.in/courses/web-app-wifi-security-training.html#collapseTwohttp://www.iisecurity.in/courses/web-app-wifi-security-training.html#collapseThreehttp://www.iisecurity.in/courses/web-app-wifi-security-training.html#collapseThreehttp://www.iisecurity.in/courses/web-app-wifi-security-training.html#collapseFourhttp://www.iisecurity.in/courses/web-app-wifi-security-training.html#collapseFourhttp://www.iisecurity.in/courses/web-app-wifi-security-training.html#collapseFourhttp://www.iisecurity.in/courses/web-app-wifi-security-training.html#collapseFourhttp://www.iisecurity.in/courses/web-app-wifi-security-training.html#collapseThreehttp://www.iisecurity.in/courses/web-app-wifi-security-training.html#collapseThreehttp://www.iisecurity.in/courses/web-app-wifi-security-training.html#collapseTwohttp://www.iisecurity.in/courses/web-app-wifi-security-training.html#collapseTwo

8/18/2019 Infosec Courses

9/14

 

  802.11 authentication types

  802.11 Discovery

  Understanding Software Requirements

  Wireless Hardware and Drivers

Week 5 

   Aircrack-ng Kungfu

   Attacking Open Wireless Network

  De-authenticating users

  Hidden SSID – Security through Obscurity

  Defeating MAC Filtering

  WEP Cracking

  Concept of IVs  WPA/WPA2 Cracking

   Advanced Wireless Attack

Week 6 

  Wireless securityo  Evil Twin Attacko

 SSL Man In The Middle Attacks

o  Securing 802.11 Networkso  Wired Equivalent Privacy (WEP)o   Adding extra layer of external securityo  Wireless IDS (WIDS) and Wireless IPS (WIPS)o  Enterprise Level WiFi Security & Best Practices

Certified Information Security Consultant (CISC) (6

Months)

Best Training To Convert Amateurs Into Experts in Information Security

  CISC is 6 months training in information security for amateurs and professionals to make you an expert in the

field of Information Security.

  The course is ideal for those wanting to differentiate themselves from candidates with an undergraduate degree

only, as well as those already in industry wishing to advance their skills in this constantly evolving area.

  Many companies are actively recruiting security specialists and this course will prepare graduates for senior

technical and management positions in many industry sectors. 

http://www.iisecurity.in/courses/web-app-wifi-security-training.html#collapseFivehttp://www.iisecurity.in/courses/web-app-wifi-security-training.html#collapseFivehttp://www.iisecurity.in/courses/web-app-wifi-security-training.html#collapseSixhttp://www.iisecurity.in/courses/web-app-wifi-security-training.html#collapseSixhttp://www.iisecurity.in/courses/web-app-wifi-security-training.html#collapseSixhttp://www.iisecurity.in/courses/web-app-wifi-security-training.html#collapseSixhttp://www.iisecurity.in/courses/web-app-wifi-security-training.html#collapseFivehttp://www.iisecurity.in/courses/web-app-wifi-security-training.html#collapseFive

8/18/2019 Infosec Courses

10/14

 

CISC training

  The CISC training is designed to make you an expert in the domain of information security.  While most certification programs are geared towards purely technical know-how, the CISC also arms you with

the necessary consulting skills in order to help you make your mark in this exciting field.

  CISC covers a wide variety of topics, starting right from the basics, and then leading up to compliance standards,

and even forensics and cyber crime investigations.

  CISC includes over 45+ sessions, including the basic fundamentals as well as advanced concepts.

  These 45+ sessions will be divided into four quarters, all of which will be covered in 6 months.

  Each session will be further broken down into 15-20 modules.

  You will be given comprehensive and highly useful study material on all the sessions.

  The best part about the CISC is the fact that you get hands-on practical training on live projects.

Benefits of CISC

  The CISC is the only completely hands-on, real-world oriented security certification.

  It is a course designed by security professionals, and for security professionals.

  The best in the business personally mentor you.

  You are trained by a group of professionals who have worked on prestigious international projects, presented at

the leading security conferences around the world, and written numerous books and articles.

  The course comprehensively covers all the main aspects of information security from the basics to compliance

standards making you one of the most sought after IS professionals

  The content is updated very regularly in accordance to the requirements of this dynamic industry.  There are many opportunities available for students with our consulting arm, NII, as well as our extensive clients

in India and overseas

  We will conduct exams after every quarter with practicals and theory

  Experts will set up these exams

  The USP of the CISC is the fact that you'll be put on live projects

Schedule

Course is of 4 hrs from Monday to Friday

Course Contents

Module 1: Fundamentals 

  Network Fundamentalso  OSI Layers

http://www.iisecurity.in/courses/certified-information-security-consultant-cisc.html#collapseOnehttp://www.iisecurity.in/courses/certified-information-security-consultant-cisc.html#collapseOnehttp://www.iisecurity.in/courses/certified-information-security-consultant-cisc.html#collapseOnehttp://www.iisecurity.in/courses/certified-information-security-consultant-cisc.html#collapseOne

8/18/2019 Infosec Courses

11/14

 

o  TCP/IP Layerso  TCP Flagso  IP Addressingo  Basics Network Deviceso  Subnet &Superneto  Understanding Protocolso  Packet Analysis - Wireshark

  OS Fundamentalso  Windows Server Architectureo   AD Overviewo  Windows Registrieso  File Artifactso  Linux Server Architectureo  Linux basic commandso  Linux file systems

Module 3: Network Security 

  Reconnaissanceo  Passive Recono   Active Recono  ―Nmap‖ing network o  Evasion during scanningo  Social Engineering

  Packet Craftingo  Hpingo  Scapy

  Manual Test Caseso   ARP Poisoning -MITMo  SYN Floodingo  SMURF Attacko  IP Spoofingo  Password Cracking Techniques

o  Offline Crackingo  Online Cracking

Testing HTTP/HTTPS

Testing SMTP

Testing SNMP

Testing Database Servers – Oracle, MS SQL Server

Testing NTP

Testing Firewalls – firewalking

Testing VPNTesting SMTP

Testing FTP

Testing Telnet, SSH

Testing DNS

DNS Cache Poisoning

Vulnerability Discovery

Manual Discovery

o  Security Advisories Search Automated Discovery

http://www.iisecurity.in/courses/certified-information-security-consultant-cisc.html#collapseThreehttp://www.iisecurity.in/courses/certified-information-security-consultant-cisc.html#collapseThreehttp://www.iisecurity.in/courses/certified-information-security-consultant-cisc.html#collapseThreehttp://www.iisecurity.in/courses/certified-information-security-consultant-cisc.html#collapseThree

8/18/2019 Infosec Courses

12/14

 

o  Scanners (Nessus)Interpreting scan reports

Exploitation

Metasploit the universe

Understanding the msf modules – Auxiliaries, Exploits and Payloads

 Attacking Windows Services

 Attacking Linux Services

Wireless Security

Understanding 802.11 Standard

Packet Types

 Attacking Open Authenticated WiFi Network

Concept of War-Driving

Breaking Hidden SSID

Breaking MAC Filtering

 Attacking WEP

Understanding Weak IV

Problems with RC4

Replay Attack

Chop Chop Attack

 Attacking WPA2Creating wordlist for effective WPA2 cracking

Using JTR to crack WPA2

 Attacking WPS

Network Security Audit

 Architecture Review

Device Auditing

Configuration Review - Nipper

Firewall – Rule Based Auditing

Report Writing

Module 4: Server Security 

  Database Securityo  Oracle Database Securityo  MS SQL Database Security

  Operating System Securityo  Windows 2008 Server Securityo  Linux Server Security

Module 5: Application Security 

   Application Securityo  Working with Proxy – Burp suiteo  OWASP Top 10 2013

o   A1-Injectiono   A2-Broken Authentication and Session Management

http://www.iisecurity.in/courses/certified-information-security-consultant-cisc.html#collapseFourhttp://www.iisecurity.in/courses/certified-information-security-consultant-cisc.html#collapseFourhttp://www.iisecurity.in/courses/certified-information-security-consultant-cisc.html#collapseFivehttp://www.iisecurity.in/courses/certified-information-security-consultant-cisc.html#collapseFivehttp://www.iisecurity.in/courses/certified-information-security-consultant-cisc.html#collapseFivehttp://www.iisecurity.in/courses/certified-information-security-consultant-cisc.html#collapseFivehttp://www.iisecurity.in/courses/certified-information-security-consultant-cisc.html#collapseFourhttp://www.iisecurity.in/courses/certified-information-security-consultant-cisc.html#collapseFour

8/18/2019 Infosec Courses

13/14

 

o   A3-Cross-Site Scripting (XSS)o   A4-Insecure Direct Object Referenceso   A5-Security Misconfigurationo   A6-Sensitive Data Exposureo   A7-Missing Function Level Access Controlo   A8-Cross-Site Request Forgery (CSRF)o   A9-Using Components with Known Vulnerabilitieso   A10-Unvalidated Redirects and Forwards

Identify the vulnerability

o   Automated tools (Accunetix/Netsparker) Attacking the issue

Impact analysis

Countermeasures

Risk Based Security Testing (Business Logic Testing)

ESAPI Security

Threat Modeling

Source Code Analysis

Report Writing

Module 6: Digital Forensics 

  Introduction & Case studies

  Principle of CIAo   Against personalso   Against corporateo   Against governments

  IT Act overview

  Introduction to Forensics  Understanding Incident Response Methodologies

  Thump rules of investigation

  Type of forensics investigationo  Live forensicso  Dead forensics

  Pre-Incident Preparation

  Detection of Incidents

  Initial Response Phase

  Preserving ―Chain of Custody‖ 

  Response Strategy Formulation

  Setting up Forensics Labo  Forensics Distros

o

  SANS SIFTo  DEFT LinuxForensics Evidence Management

Evidence Collection and Analysis

Forensically Sound Evidence Collection

Evidence Handling

Host vs Network Based Evidence

Online vs Offline Response

Digital Forensics - Putting on the Gloves

The 6 A's Principle

http://www.iisecurity.in/courses/certified-information-security-consultant-cisc.html#collapseSixhttp://www.iisecurity.in/courses/certified-information-security-consultant-cisc.html#collapseSixhttp://www.iisecurity.in/courses/certified-information-security-consultant-cisc.html#collapseSixhttp://www.iisecurity.in/courses/certified-information-security-consultant-cisc.html#collapseSix

8/18/2019 Infosec Courses

14/14

 

The Investigative Guidelines

Reporting the Investigation

Understanding Branches of Digital Forensics

Understanding Network Crimes

 Analyzing Logs

Network based log analysis

Web Server log analysis

Data Acquisition & Analysis

Encase forensics

Sysinternals Essentials

Memory Analysis – volatility

Registry Forensics

Email Forensics

Opensource Forensics Methodologies

Module 7: Compliance 

   Auditing Principle

  Information Security Management System (ISO 27001:2013)

  Risk Assessment

  Business Continuity (ISO 22301:2012)

  PCI DSS v3

  Overview – ITIL & COBIT

http://www.iisecurity.in/courses/certified-information-security-consultant-cisc.html#collapseSevenhttp://www.iisecurity.in/courses/certified-information-security-consultant-cisc.html#collapseSevenhttp://www.iisecurity.in/courses/certified-information-security-consultant-cisc.html#collapseSevenhttp://www.iisecurity.in/courses/certified-information-security-consultant-cisc.html#collapseSeven