The course covers a range of topics related to preventing and dealing with ransomware incursions. We will provide an understanding of ransomware for those tasked with protecting organisations from this growing threat. It is designed to better equip attendees to avoid damage from ransomware within their firms.
Enter your details below to register:
Intermediate More Info
Moderate-level short course where some prior knowledge or concepts may be assumed. Content may be aimed at late-undergraduate or early-Masters students
Module 1: Corporate Ransomware and Intrusion Pathways
In the first week we’ll be introducing the concept of ransomware targeting large organisations and a brief history of how we got to where we are today. We’ll then be discussing the way in which ransomware penetrates an organisation’s technical environment.
- Ransomware history
- Common ransomware targets
- Perimeter systems
- Phishing and endpoint systems
- Protection measures
Module 2: Lateral Movement, Accounts and Vulnerabilities
This week we’ll be covering the methods in which ransomware obtains a foothold a technical environment and how it moves from one system to another. We’ll cover how an attacker will accumulate valid accounts and identify system vulnerabilities.
- The beachhead
- Lateral movement tools
- User, system, and service accounts
- Corporate system vulnerabilities
- Protection measures
Module 3: Privilege Escalation and Intruder Detection
Covering pathways that an intruder will take to elevate privileges to obtain ultimate access to critical systems. We’ll then swap to how an incident response team is able to detect the techniques that have been covered in previous modules.
- Active Directory Security
- Critical systems
- Damage from ransomware
- Detecting system intrusion
- SIEM, SOC, logs and alerts
Module 4: Incident Response and System Recovery
In the final week we’ll be covering the process of incident response to minimise damage to organisational assets. A part of this is ensuring that all systems have been recovered and are working as expected by the business users.
- Incident response Phases
- Critical first steps
- Investigations and forensics
- Legal and regulatory
- Exam pass mark: 50%
- Time limit: 1 hour
- Attempts allowed: One
Course Information Q&A
Who will present the webinars?
This course was developed by Jeremy Koster. Jeremy has 20 years of experience in Cyber Security within large enterprises. Jeremy has a range of security qualifications including GIAC Penetration Testing (GPEN), CISM, CISSP, PCIP, GCIH, CEH and CHFI and completed his Masters of Information System Security with Charles Sturt University (CSU) in 2006. He is a CompTIA Certified Technical Trainer and has been an industry based, part-time lecturer with CSU since 2011.
What is the aim of this short course?
The aim of the short course is to give you a ‘taster’ of what it is like to undertake postgraduate study via online learning with Charles Sturt University. The intent is to provide an understanding of ransomware for those tasked with protecting large organisations from this growing threat. It is hoped that those that do the exam might be better equipped to avoid damage from ransomware within their organisations. It is related to subjects within the Master of Cyber Security, including ITE514 – Professional Systems Security, ITE512 – Incident Response and ITE516 – Hacking Countermeasures.
What is included?
In addition to the weekly hour-long interactive webinars, you will be provided with suggested reading materials, audio lectures, an active discussion forum and a weekly activity to complete.
This course includes a practical element during which you can earn ‘flags’ that will assist with the final exam.
Is there a final exam?
Yes — the short course exam will be a timed, open-book exam that you will sit at your computer.
Do I get a completion certificate if I complete the course?
Yes — provided you receive a pass mark (50% or over) for the exam.
Will the course qualify me for university credit?
Yes — successful completion of three or more of our short courses will qualify you for one credit for an industry elective subject in our postgraduate courses. Click here for further details.
Are there any pre-requisites for the course?
No, you can sit this short course all by itself however there are some technical components.
Students will need to obtain flags from a pre-built Windows workstation that simulates some of the techniques used by ransomware actors. This involves the use of Virtual Machines, Kali Linux and hacking tools.
This course is aimed at students familiar with the importance of business information, with a user-level knowledge of information management. This is primarily a non-technical subject and students do not need a technical data background.
Will I need to purchase any study materials to complete the course?
No — all essential materials will be supplied.
Will the webinars be recorded?
Yes — all webinars are recorded and you will be able to access them, and all other free course materials, by registering for the course.