Internet Security Schulungen

Internet Security Schulungen

Internet Security Courses

Testi...Client Testimonials

CISM - Certified Information Security Manager

communication skills of the trainer

Flavio Guerrieri - RANDSTAD ITALIA SPA Attention: Anna Ceriani Purchasing Specialist

Unterkategorien

Internet Security Schulungsübersicht

Code Name Dauer Übersicht
cisa CISA - Certified Information Systems Auditor 28 hours Description: CISA® is the world-renowned and most popular certification for professionals working in the field of IS audit and IT risk consulting. Our CISA course is an intense, very competitive and exam focused training course. With experience of delivering more than 150+ CISA trainings in Europe and around the world and training more than 1200+ CISA delegates, the Net Security CISA training material has been developed in house with the top priority of ensuring CISA delegates pass the ISACA CISA® Exam. The training methodology focuses on understanding the CISA IS auditing concepts and practicing large number of ISACA released question banks from the last three years. Over a period, CISA holders have been in huge demand with renowned accountings firms, global banks, advisory, assurance, and internal audit departments. Delegates may have years of experience in IT auditing but perspective towards solving CISA questionnaires will solely depend on their understanding to globally accepted IT assurance practices. CISA exam is very challenging because the possibility of a very tight clash between two possible answers exists and that is where ISACA tests you on your understanding in global IT auditing practices. To address these exam challenges, we always provide the best trainers who have extensive experience in delivering CISA training around the world. The Net Security CISA manual covers all exam-relevant concepts, case studies, Q&A's across CISA five domains. Further, the Trainer shares the key CISA supporting material like relevant CISA notes, question banks, CISA glossary, videos, revision documents, exam tips, and CISA mind maps during the course. Goal: The ultimate goal is to pass your CISA examination first time. Objectives: Use the knowledge gained in a practical manner beneficial to your organisation Provide audit services in accordance with IT audit standards Provide assurance on leadership and organizational structure and processes Provide assurance on acquisition/ development, testing and implementation of IT assets Provide assurance on IT operations including service operations and third party Provide assurance on organization’s security policies, standards, procedures, and controls to ensure confidentiality, integrity, and availability of information assets. Target Audience: Finance/CPA professionals, I.T. professionals, Internal & External auditors, Information security, and risk consulting professionals. Domain 1—The Process of Auditing Information Systems (14%) Provide audit services in accordance with IT audit standards to assist the organization in protecting and controlling information systems. 1.1 Develop and implement a risk-based IT audit strategy in compliance with IT audit standards to ensure that key areas are included. 1.2 Plan specific audits to determine whether information systems are protected, controlled and provide value to the organization. 1.3 Conduct audits in accordance with IT audit standards to achieve planned audit objectives. 1.4 Report audit findings and make recommendations to key stakeholders to communicate results and effect change when necessary. 1.5 Conduct follow-ups or prepare status reports to ensure appropriate actions have been taken by management in a timely manner. Domain 2—Governance and Management of IT (14%) Provide assurance that the necessary leadership and organization structure and processes are in place to achieve objectives and to support the organization's strategy. 2.1 Evaluate the effectiveness of the IT governance structure to determine whether IT decisions, directions and performance support the organization’s strategies and objectives. 2.2 Evaluate IT organizational structure and human resources (personnel) management to determine whether they support the organization’s strategies and objectives. 2.3 Evaluate the IT strategy, including the IT direction, and the processes for the strategy’s development, approval, implementation and maintenance for alignment with the organization’s strategies and objectives. 2.4 Evaluate the organization’s IT policies, standards, and procedures, and the processes for their development, approval, implementation, maintenance, and monitoring, to determine whether they support the IT strategy and comply with regulatory and legal requirements. 2.5 Evaluate the adequacy of the quality management system to determine whether it supports the organization’s strategies and objectives in a cost-effective manner. 2.6 Evaluate IT management and monitoring of controls (e.g., continuous monitoring, QA) for compliance with the organization’s policies, standards and procedures. 2.7 Evaluate IT resource investment, use and allocation practices, including prioritization criteria, for alignment with the organization’s strategies and objectives. 2.8 Evaluate IT contracting strategies and policies, and contract management practices to determine whether they support the organization’s strategies and objectives. 2.9 Evaluate risk management practices to determine whether the organization’s IT-related risks are properly managed. 2.10 Evaluate monitoring and assurance practices to determine whether the board and executive management receive sufficient and timely information about IT performance. 2.11 Evaluate the organization’s business continuity plan to determine the organization’s ability to continue essential business operations during the period of an IT disruption. Domain 3—Information Systems Acquisition, Development, and Implementation (19%) Provide assurance that the practices for the acquisition, development, testing, and implementation of information systems meet the organization’s strategies and objectives. 3.1 Evaluate the business case for the proposed investments in information systems acquisition, development, maintenance and subsequent retirement to determine whether it meets business objectives. 3.2 Evaluate the project management practices and controls to determine whether business requirements are achieved in a cost-effective manner while managing risks to the organization. 3.3 Conduct reviews to determine whether a project is progressing in accordance with project plans, is adequately supported by documentation and status reporting is accurate. 3.4 Evaluate controls for information systems during the requirements, acquisition, development and testing phases for compliance with the organization's policies, standards, procedures and applicable external requirements. 3.5 Evaluate the readiness of information systems for implementation and migration into production to determine whether project deliverables, controls and organization's requirements are met. 3.6 Conduct post-implementation reviews of systems to determine whether project deliverables, controls and organization's requirements are met. Domain 4—Information Systems Operations, Maintenance and Support (23%) Provide assurance that the processes for information systems operations, maintenance and support meet the organization’s strategies and objectives. 4.1 Conduct periodic reviews of information systems to determine whether they continue to meet the organization’s objectives. 4.2 Evaluate service level management practices to determine whether the level of service from internal and external service providers is defined and managed. 4.3 Evaluate third party management practices to determine whether the levels of controls expected by the organization are being adhered to by the provider. 4.4 Evaluate operations and end-user procedures to determine whether scheduled and non-scheduled processes are managed to completion. 4.5 Evaluate the process of information systems maintenance to determine whether they are controlled effectively and continue to support the organization’s objectives. 4.6 Evaluate data administration practices to determine the integrity and optimization of databases. 4.7 Evaluate the use of capacity and performance monitoring tools and techniques to determine whether IT services meet the organization’s objectives. 4.8 Evaluate problem and incident management practices to determine whether incidents, problems or errors are recorded, analyzed and resolved in a timely manner. 4.9 Evaluate change, configuration and release management practices to determine whether scheduled and non-scheduled changes made to the organization’s production environment are adequately controlled and documented. 4.10 Evaluate the adequacy of backup and restore provisions to determine the availability of information required to resume processing. 4.11 Evaluate the organization’s disaster recovery plan to determine whether it enables the recovery of IT processing capabilities in the event of a disaster. Domain 5—Protection of Information Assets (30%) Provide assurance that the organization’s security policies, standards, procedures and controls ensure the confidentiality, integrity and availability of information assets. 5.1 Evaluate the information security policies, standards and procedures for completeness and alignment with generally accepted practices. 5.2 Evaluate the design, implementation and monitoring of system and logical security controls to verify the confidentiality, integrity and availability of information. 5.3 Evaluate the design, implementation, and monitoring of the data classification processes and procedures for alignment with the organization’s policies, standards, procedures, and applicable external requirements. 5.4 Evaluate the design, implementation and monitoring of physical access and environmental controls to determine whether information assets are adequately safeguarded. 5.5 Evaluate the processes and procedures used to store, retrieve, transport and dispose of information assets (e.g., backup media, offsite storage, hard copy/print data, and softcopy media) to determine whether information assets are adequately safeguarded.
GDRPAd GDPR Advanced 21 hours This is more in-depth and would be for those working a great deal with the GDPR and who may be appointed to the GDPR team. This would be ideal for IT, human resources and marketing employees and they will deal extensively with the GDPR. Data privacy impact assessment What this is and why you need to do this Examining existing data The role of the DPO and do you need one. Key legislation Risk management framework Data mapping Dealing with cloud providers Demonstrating compliance Developing data collection policies and procedures Developing permission policies and procedures. Developing data loss prevention and data breach strategies and management programs How to proceed and how to address individuals’ requests and complaints Employees’ training and awareness program Anonymizing and pseudo-anonymizing data Maintenance Data inventory and data transfer mechanism Track legislation changes etc. Monitor data handling practices Internal audits and assessments – also ad-hoc in case of an event Documentations, certifications, accreditations etc. Security risks Look at existing security measures Integrate the new GDPR with security measures (intrusion detection, firewalls) Maintain human resources security (pre-screening, referencing paper-based files) Implement data protection into information security policy Establish data loss prevention strategy Conduct regular tests Data Breach management program What to do if you have a data breach Create a data privacy incident / breach response plan Maintain a log of incidents Create a policy for a data breach Appoint a forensic investigation team. 
cybersecfun Cybersecurity Fundamentals 28 hours Description: Cybersecurity skills are in high demand, as threats continue to plague enterprises around the world. An overwhelming majority of professionals surveyed by ISACA recognise this and plan to work in a position that requires cybersecurity knowledge. To fill this gap, ISACA has developed the Cybersecurity Fundamentals Certificate, which provides education and verification of skills in this area. Objectives: With cybersecurity threats continuing to rise and the shortage of appropriately-equipped security professionals growing worldwide, ISACA's Cybersecurity Fundamentals Certificate programme is the perfect way to quickly train entry-level employees and ensure they have the skills and knowledge they need to successfully operate in the Cyber arena. Target Audience: The certificate program is also one of the best ways to gain foundational knowledge in cybersecurity and begin to build your skills and knowledge in this crucial area. DOMAIN 1: CYBERSECURITY CONCEPTS 1.1 Knowledge of information assurance (IA) principles used to manage risks related to the use, processing, storage and transmission of information or data. 1.2 Knowledge of security management. 1.3 Knowledge of risk management processes, including steps and methods for assessing risk. 1.4 Knowledge of the organization’s enterprise information technology (IT) goals and objectives. 1.5 Knowledge of different operational threat environments (e.g., first generation [script kiddies], second generation [non-nation state sponsored] and third generation [nation state sponsored]). 1.6 Knowledge of information assurance (IA) principles and organizational requirements that are relevant to confidentiality, integrity, availability, authentication and non-repudiation. 1.7 Knowledge of common adversary tactics, techniques, and procedures (TTPs) in assigned area of responsibility (e.g., historical country-specific TTPs, emerging capabilities). 1.8 Knowledge of different classes of attacks (e.g., passive, active, insider, close-in, distribution). 1.9 Knowledge of relevant laws, policies, procedures and governance requirements. 1.10 Knowledge of relevant laws, policies, procedures or governance as they relate to work that may impact critical infrastructure. DOMAIN 2: CYBERSECURITY ARCHITECTURE PRINCIPLES 2.1 Knowledge of network design processes, to include understanding of security objectives, operational objectives and tradeoffs. 2.2 Knowledge of security system design methods, tools and techniques. 2.3 Knowledge of network access, identity and access management (e.g., public key infrastructure [PKI]). 2.4 Knowledge of information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption). 2.5 Knowledge of current industry methods for evaluating, implementing and disseminating information technology (IT) security assessment, monitoring, detection and remediation tools and procedures, utilizing standards-based concepts and capabilities. 2.6 Knowledge of network security architecture concepts, including topology, protocols, components and principles (e.g., application of defence in depth). 2.7 Knowledge of malware analysis concepts and methodology. 2.8 Knowledge of intrusion detection methodologies and techniques for detecting host-and network- based intrusions via intrusion detection technologies. 2.9 Knowledge of defence in depth principles and network security architecture. 2.10 Knowledge of encryption algorithms (e.g., internet Protocol Security [IPSEC], Advanced Encryption Standard [AES], Generic Routing Encapsulation [GRE]). 2.11 Knowledge of cryptology. 2.12 Knowledge of encryption methodologies. 2.13 Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol and Internet Protocol [ITCP/IP], Open System Interconnection model [OSI]). 2.14 Knowledge of network protocols (e.g., Transmission Control Protocol and Internet Protocol DOMAIN 3: SECURITY OF NETWORK, SYSTEM, APPLICATION AND DATA 3.1 Knowledge of computer network defence (CND) and vulnerability assessment tools, including open source tools, and their capabilities. 3.2 Knowledge of basic system administration, network and operating system hardening techniques. 3.3 Knowledge of risk associated with virtualizations. 3.4 Knowledge of penetration testing principles, tools and techniques (e.g., metasploit, neosploit). 3.5 Knowledge of network systems management principles, models, methods (e.g., end-to-end systems performance monitoring) and tools. 3.6 Knowledge of remote access technology concepts. 3.7 Knowledge of systems administration concepts. 3.8 Knowledge of Unix command line. 3.9 Knowledge of system and application security threats and vulnerabilities. 3.10 Knowledge of system lifecycle management principles, including software security and usability. 3.11 Knowledge of local specialized system requirements (e.g., critical infrastructure systems that may not use standard information technology [IT]) for safety, performance and reliability. 3.12 Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code). 3.13 Knowledge of social dynamics of computer attackers in a global context. 3.14 Knowledge of secure configuration management techniques. 3.15 Knowledge of capabilities and applications of network equipment including hubs, routers, switches, bridges, servers, transmission media and related hardware. 3.16 Knowledge of communication methods, principles and concepts that support the network infrastructure. 3.17 Knowledge of the common networking protocols (e.g., Transmission Control Protocol and Internet Protocol [TCP/IP]) and services (e.g., web, mail, Domain Name System [DNS]) and how they interact to provide network communications. 3.18 Knowledge of different types of network communication (e.g., Local Area Network [LAN], Wide Area Network [WAN], Metropolitan Area Network [MAN], Wireless Local Area Network [WLAN], Wireless Wide Area Network [WWAN]). 3.19 Knowledge of virtualization technologies and virtual machine development and maintenance. 3.20 Knowledge of application vulnerabilities. 3.21 Knowledge of information assurance (IA) principles and methods that apply to software development. 3.22 Knowledge of risk threat assessment. DOMAIN 4: INCIDENT RESPONSE 4.1 Knowledge of incident categories, incident responses and timelines for responses. 4.2 Knowledge of disaster recovery and continuity of operations plans. 4.3 Knowledge of data backup, types of backups (e.g., full, incremental) and recovery concepts and tools. 4.4 Knowledge of incident response and handling methodologies. 4.5 Knowledge of security event correlation tools. 4.6 Knowledge of investigative implications of hardware, operating systems and network technologies. 4.7 Knowledge of processes for seizing and preserving digital evidence (e.g., chain of custody). 4.8 Knowledge of types of digital forensics data and how to recognize them. 4.9 Knowledge of basic concepts and practices of processing digital forensic data. 4.10 Knowledge of anti-forensics tactics, techniques, and procedures (TTPS). 4.11 Knowledge of common forensic tool configuration and support applications (e.g., VMWare, Wireshark). 4.12 Knowledge of network traffic analysis methods. 4.13 Knowledge of which system files (e.g., log files, registry files, configuration files) contain relevant information and where to find those system files. DOMAIN 5: SECURITY OF EVOLVING TECHNOLOGY 5.1 Knowledge of new and emerging information technology (IT) and information security technologies. 5.2 Knowledge of emerging security issues, risks, and vulnerabilities. 5.3 Knowledge of risk associated with mobile computing. 5.4 Knowledge of cloud concepts around data and collaboration. 5.5 Knowledge of risk of moving applications and infrastructure to the cloud. 5.6 Knowledge of risk associated with outsourcing 5.7 Knowledge of supply chain risk management processes and practices
pkiimpman PKI: Implement and Manage 21 hours Overview This Public Key Infrastructure – Implement and Manage course helps any individual to gain knowledge in managing robust PKI and having better understanding of topics surrounding public key infrastructure. Moreover, the PKI course is a preparation for the increasingly critical component – which ensures confidentiality, integrity, and authentication in an enterprise. Our PKI course provides the knowledge and skills necessary to select, design and deploy PKI, to secure existing and future applications within your organization. It also gives a deeper look into the foundations of cryptography and the working principles of the algorithms being used. Throughout the whole course, participants will gain in-depth knowledge on the following topics: Legal aspects of a PKI Elements of a PKI PKI management Trust in a digital world Digital signature implementation Trust models After completing the PKI course, each individual will be able to successfully design, setup, deploy, and manage a public key infrastructure (PKI). This is a 3-day course is considered essential for anyone who needs to understand Public Key Infrastructure (PKI) and the issues surrounding its implementation. It covers the issues and technologies involved in PKI in-depth and gives hands-on practical experience of setting up and maintaining a variety of PKI solutions. Detailed knowledge of issues surrounding PKI helps to put recent attacks which have appeared in the news headlines into context and enable valid decisions to be made about their relevance to your organisation. Objectives To introduce the student to the theoretical aspects of the foundations and benefits of Public Key Infrastructure (PKI), including different types of encryption, digital signatures, digital certificates and Certificate Authorities. To give students hands on experience of implementing and using PKI solutions with a variety of applications. To give students an understanding of the concepts of evaluating and selecting PKI technologies Audience Anyone involved in Public Key Infrastructure | PKI decision-making, implementing and securing e-commerce and other Internet applications, including CIOs, Chief Security Officers, MIS Directors, Security Managers and Internal Auditors. Introduction to PKI Basic Security Concepts Public Key Infrastructure Defined Digital Certificates and Signatures Smart Cards PKI Standards Basic cryptography Uses of Cryptography History of Cryptography including early methods Symmetric and Asymmetric Encryption plus Algorithms Diffie-Hellman Key Generation Hashing for Integrity plus Algorithms Practical uses for encryption and associated issues Signed and Encrypted Email using S/MIME and PGP Secure connections to websites Digitally signing PDFs Encrypting files Encrypting hard drives Encrypting “containers” SSL, VPN and Wireless PKI and Cloud Computing Attacks on Encryption Certificate Authorities Public v Private CAs Regulations governing CAs CA Certificate Policies Types of Certificates Provided CA Hierarchies Certificate Authority Operations Certificate expiration Certificate revocation Certificate Revocation Lists (CRL) Online Certificate Status Protocol (OCSP) Key recovery Installing a CA and issuing certificates Certificate Templates Summary Top 5 Deployment Issues Top 10 Risks Advanced PKI Topics and Futures Summary of Public Key Infrastructure
cdp CDP - Certificate in Data Protection 35 hours Description: There is a need to provide adequate training on the Data Protection Act 1998 "the Act" and its implications for both organisations and individuals. There are important differences between the Act and its predecessor, the Data Protection Act 1984. In particular, the Act contains important new obligations in relation to manual records and transborder data flows, a new notification system and amended principles. It is important to understand the Act in the European context. Those experienced in data protection issues, as well as those new to the subject, need to be trained so that their organisations are confident that legal compliance is continually addressed. It is necessary to identify issues requiring expert data protection advice in good time in order that organisational reputation and credibility are enhanced through relevant data protection policies and procedures. Objectives: The aim of the syllabus is to promote an understanding of how the data protection principles work rather than simply focusing on the mechanics of regulation. The syllabus places the Act in the context of human rights and promotes good practice within organisations. On attaining the certificate, award holders will possess: an appreciation of the broader context of the Act. an understanding of the way in which the Act and the Privacy and Electronic Communications (EC Directive) Regulations 2003 work a broad understanding of the way associated legislation relates to the Act an understanding of what has to be done to achieve compliance a recognised qualification in data protection Course Synopsis: The syllabus comprises three main parts, each with many sub-sections! Context - this will address the origins of and reasons for the Act together with consideration of privacy in general. Law – Data Protection Act - this will address the main concepts and elements of the Act and subordinate legislation. Application - this will consider how compliance is achieved and how the Act works in practice. 1. Context The objective is to ensure a basic appreciation of the context of data protection law and in particular that privacy is wider than data protection. 1.1 What is privacy? 1.1.1 The right to private and family life and the relevance of confidentiality. 1.1.1 European Convention on Human Rights and Fundamental Freedoms, UK Human Rights Act 1.2 History of data protection legislation in the UK 1.2.1 OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data 1980 1.2.2 Council of Europe Convention 108, 1981 1.2.3 Data Protection Act 1984 1.2.4 Data Protection Directive 95/46/EC 1.2.5 Telecommunications Directive 97/66/EC, Privacy and Electronic Communications 2. The Law 2.1 Data Protection Act 2.1.1 The definitions The objective is to ensure that candidates know, and understand the major definitions in the Act and how to apply them in order to identify what information and processing activities are subject to the Act. 2.1.2 The Role of the Commissioner The objective is to ensure an understanding of the role and main powers of the Information commissioner. The following are to be covered. 2.1.2.1 Enforcement (including roles of the First-tier Tribunal and the Courts) Information and Enforcement Notices Prosecution Warrants (entry/inspection) (Schedule 9,1(1) & 12 only – that is a basic understanding of grounds for issuing and nature of offences) Assessment Notices (s41A-s41C) including effect of s55 (3) added by the Coroners and Justice Act 2009 which provides that the Information Commissioner may not issue a monetary penalty notice in respect of anything found in pursuance of an assessment notice or an assessment under s51 (7). Monetary penalties (s55A-55E) including the effect of the s55 (3A) provision. Undertakings (NB candidates are required to have a basic understanding of how the ICO uses ‘undertakings’ and that they do not derive from any provision in the DPA98. They are not expected to know the detail of their status and provenance). 2.1.2.2 Carrying out s42 assessments 2.1.2.3 Codes of Practice (including s52A-52E Code of Practice on data sharing) and all current ICO issued Codes but not any codes issued by other bodies. Candidates will be expected to have a broad understanding of s52A-E, to appreciate the distinction between a statutory code and other ICO issued codes and have a broad understanding (but not a detailed knowledge) of ICO issued codes. 2.1.3 Notification The exemptions from notification. A basic understanding of the two tier fee regime. 2.1.4 The Data Protection Principles The objective is to ensure an understanding of how the principles regulate the processing of personal data and how they are enforced, as well as an understanding of the individual principles in the light of guidance on their interpretation found in Part II of Schedule 1. Candidates will be required to show an understanding of the need to interpret and apply the principles in context. Introduction: how the principles regulate and how they are enforced including Information and Enforcement Notices. 2.1.5 Individual Rights The objective is to ensure an understanding of the rights conferred by the Act and how they can be applied and enforced. 2.1.6 Exemptions The objective is to ensure awareness of the fact that there are exemptions from certain provisions of the Act, and knowledge and understanding of some of these and how to apply them in practice. Candidates are not expected to have a detailed knowledge of all the exemptions. The following are expected to be covered in some detail: 2.1.7 Offences The objective is to ensure an awareness of the fact that there are a range of offences under the Act and of the role of the Courts as well as an appreciation of how certain specified offences apply in practice. It is not intended that candidates should have a detailed knowledge of all the offences. The candidates will be expected to cover: Unlawful obtaining and disclosure of personal data Unlawful selling of personal data Processing without notification Failure to notify changes in processing Failure to comply with an Enforcement Notice, an Information Notice or Special Information Notice. Warrant offences (Schedule 9,12) 2.2 Privacy and Electronic Communications (EC Directive) Regulations 2003 The objective is to ensure an awareness of the relationship between the above Regulations and the Act, an awareness of the broad scope of the Regulations and a detailed understanding of the practical application of the main provisions relating to unsolicited marketing. 2.3 Associated legislation The objective is to ensure a basic awareness of some other legislation which is relevant and an appreciation that data protection legislation must be considered in the context of other law. 3. Application The objective is to ensure an understanding of the practical application of the Act in a range of circumstances. This will include detailed analysis of sometimes complex scenarios, and deciding how the Act applies in particular circumstances and explaining and justifying a decision taken or advice given. 3.1 How to comply with the Act 3.2 Addressing scenarios in specific areas 3.3 Data processing topics Monitoring – internet, email, telephone calls and CCTV Use of the internet (including Electronic Commerce) Data matching Disclosure and Data sharing
eccsecana EC-Council Security Analyst 35 hours Description: The EC–Council Security Analyst (ECSA) programme is a comprehensive, standards-based, methodology intensive training program which teaches information security professionals to conduct real life penetration tests by utilizing EC-Council’s published penetration testing methodology. The ECSA Programme is a 5-day complete hands-on training programme. This Penetration Testing training course uses real-time scenarios to train students in penetration testing methodologies. EC-Council’s Certified Security Analyst (ECSA) course will help you master a documented penetration testing methodology that is repeatable and that can be used in a penetration testing engagement, globally ECSA Lab Environment: The ECSA course is a fully hands-on program. The exercises cover real world scenario. By practicing the skills that are provided to you in the ECSA class, we are able to bring candidates up to speed with the latest threats that organizations may be vulnerable to. This can be achieved with the EC-Council iLabs cyber range. It allows students to dynamically access a host of Virtual Machines preconfigured with vulnerabilities, exploits, tools, and scripts from anywhere with an internet connection. With iLabs, lab exercises can be accessed 24x7 allowing the student to practice skills in a safe, fully functional network anytime it’s convenient. Target Audience: Network server administrators, firewall administrators, information security analysts, system administrators, and risk assessment professionals all benefit from the ECSA programme Core modules: 1. Need for Security Analysis 2. TCP IP Packet Analysis 3. Penetration Testing Methodologies 4. Customers and legal Agreements 5. Rules of Engagement 6. Penetration Testing Planning and Scheduling 7. Pre- Penetration Testing Steps 8. Information gathering 9. Vulnerability Analysis 10. External penetration Testing 11. Internal Network Pen Testing 12. Firewall Penetration Testing 13. IDS Penetration Testing 14. Password Cracking Penetration Testing 15. Social Engineering Penetration testing 16. Web Application Penetration Testing 17. SQL Penetration Testing 18. Penetration Testing Reports and Post Testing Actions Self Study Modules: 1. Router and Switches Penetration Testing 2. Wireless Network Penetration Testing 3. Denial-of-Service Penetration Testing 4. Stolen Laptop, PDAs and Cell Phones Penetration Testing 5. Source Code Penetration Testing 6. Physical Security Penetration Testing 7. Surveillance Camera Penetration Testing 8. Database Penetration Testing 9. VoIP Penetration Testing 10. VPN Penetration Testing 11. Cloud Penetration Testing 12. Virtual Machine Penetration Testing 13. War Dialling 14. Virus and Trojan Detection 15. Log Management Penetration Testing 16. File Integrity Checking 17. Mobile Devices Penetration Testing 18. Telecommunication and Broadband Communication Penetration Testing 19. Email Security Penetration Testing 20. Security Patches Penetration Testing 21. Data Leakage Penetration Testing 22. SAP Penetration Testing 23. Standards and Compliance 24. Information System Security Principles 25. Information System Incident and Response 26. Information System Auditing and Certification
chfi CHFI - Certified Digital Forensics Examiner 35 hours The Certified Digital Forensics Examiner vendor neutral certification is designed to train Cyber Crime and Fraud Investigators whereby students are taught electronic discovery and advanced investigation techniques. This course is essential to anyone encountering digital evidence while conducting an investigation. The Certified Digital Forensics Examiner training teaches the methodology for conducting a computer forensic examination.  Students will learn to use forensically sound investigative techniques in order to evaluate the scene, collect and document all relevant information, interview appropriate personnel, maintain chain-of-custody, and write a findings report. The Certified Digital Forensics Examiner course will benefit organizations, individuals, government offices, and law enforcement agencies interested in pursuing litigation, proof of guilt, or corrective action based on digital evidence. Computer forensics enables the systematic and careful identification of evidence in computer related crime and abuse cases. This may range from tracing the tracks of a hacker through a client’s systems, to tracing the originator of defamatory emails, to recovering signs of fraud. Module 1:                  Introduction Module 2:                  Computer Forensic Incidents Module 3:                  Investigation Process Module 4:                  Disk Storage Concepts Module 5:                  Digital Acquisition & Analysis Module 6:                  Forensic Examination Protocols Module 7:                  Digital Evidence Protocols Module 8:                  CFI Theory Module 9:                  Digital Evidence Presentation Module 10:                Computer Forensic Laboratory Protocols Module 11:                Computer Forensic Processing Techniques Module 12:                Digital Forensics Reporting Module 13:                Specialized Artifact Recovery Module 14:                e-Discovery and ESI Module 15:                Mobile Device Forensics Module 16:                USB Forensics Module 17:                Incident Handling Mile2 - Lab 1:  Preparing Forensic Workstation AccessData FTK Imager Installation Autopsy Installation National Software Reference Library (NSRL) for autopsy 7z Installation Install Registry Viewer Install Password Recovery Tool Kit (PRTK – 5.21) Lab 2:  Chain of Custody Chain of Custody Search and Seizure Chain of Custody Forensic Imaging Lab 3:  Imaging Case Evidence / FTK Imager Lab 4:  Create a new case for Autopsy Creating a Case in Autopsy Lab 5:  Reviewing Evidence / Autopsy (Case #1) User MTBG attempting to hack his/her previous employer Reviewing Evidence in Autopsy Case Study scenario: The evidence you are required to discover (Challenge) Final Report for MTBG case           Lab 6:  Reviewing Evidence / Autopsy (Case #2) Greg Schardt case Case Study Scenario: The evidence you are required to discover (Challenge)
eccehcm EC-Council – Ethical Hacking and Countermeasures 35 hours Description: This class will immerse the students into an interactive environment where they will be shown how to scan, test, hack and secure their own systems. The lab intensive environment gives each student in-depth knowledge and practical experience with the current essential security systems. Students will begin by understanding how perimeter defences work and then be lead into scanning and attacking their own networks, no real network is harmed. Students then learn how Intruders escalate privileges and what steps can be taken to secure a system. Students will also learn about Intrusion Detection, Policy Creation, Social Engineering, DDoS Attacks, Buffer Overflows and Virus Creation. When a student leaves this intensive 5 day class they will have hands on understanding and experience in Ethical Hacking. This course prepares you for EC-Council Certified Ethical Hacker exam 312-50. Objectives: To prepare the student for the Ethical Hacking and Countermeasures examination. On passing this examination you will be awarded the Certified Ethical Hacker certification awarded by the EC-Council (The International Council of Electronic Commerce Consultants). Target Audience: This course will significantly benefit security officers, auditors, security professionals, site administrators, and anyone who is concerned about the integrity of the network infrastructure. Overview: The Ethical Hacking and Countermeasures curriculum consists of instructor-led training and self-study. The Instructor will provide the details of self-study modules to the students at the beginning of the class. Module 1: Introduction to Ethical Hacking Module 2: Footprinting and Reconnaissance Module 3: Scanning Networks Module 4: Enumeration Module 5: System Hacking Module 6: Trojans and Backdoors Module 7: Viruses and Worms Module 8: Sniffers Module 9: Social Engineering Module 10: Denial of Service Module 11: Session Hijacking Module 12: Hacking Webservers Module 13: Hacking Web applications Module 14: SQL Injection Module 15: Hacking Wireless Networks Module 16: Hacking Mobile Platforms Module 17: Evading IDS, Firewalls and Honeypots Module 18: Buffer Overflow Module 19: Cryptography Module 20: Penetration Testing
eccnetsecadm EC-Council - Network Security Administrator 35 hours Description: The EC-Council's NSA certification looks at network security from a defensive view. The NSA program is designed to provide fundamental skills needed to analyse the internal and external security threats against your network, and to help you develop the correct security posture that will protect your organisation. Students will learn how to evaluate network and Internet security issues. They will design and implement successful security policies relevant to you. In addition, they will learn how to expose systems and network vulnerabilities and defend against them. Why should you attend this course before Certified Ethical Hacker (C|EH)? Although attending this course and passing the exam is not a prerequisite of C|EH training or subsequently taking the C|EH exam, it is highly recommended. The C|EH program looks at security in offensive mode, while the NSA program looks at network security in defensive mode, therefore they compliment each other and help build a complete picture of today's Information Security landscape. Audience: System Administrators and Network Administrators as well as anyone who is interested in defensive network security technologies. Please note: Due to the required depth and breadth of knowledge needed to pass this ECNSA exam QA has taken the step of scheduling the exam separately to the course. This has been done in order to allow for a period of further self study to fully prepare for the exam. Delegates will sit the ECNSA exam at 10.30 am on the Friday two weeks after the course is concluded. Delegates will be required to book on to the ECNSAEX. The exam duration is maxiumum four hours. During this two week period delegates will be provided with further structured self study materials and will be assisted in their study via two scheduled Webinar sessions hosted by your delivering instructor. Full details of the self study resources and the Webinar sessions will be provided to the delegates during the course. Module 1: Introduction to Network Security Network topology; Network Types and the OSI Model Module 2: Network Protocols Network Protocols: SLIP; PPP; ARP; RARP; IGMP; ICMP; SNMP, HTTP IP: Attacks and Countermeasures TCP, UDP: Attacks and Countermeasures FTP, TFTP, TELNET, SMTP: Vulnerabilities Module 3: Security Policy What is Security Policy? What Defines a good security policy Security Policy Structure Developing and Implementing security policies Requirements of Effective Security Policy Module 4: Physical Security Physical Security Threats Locks and Keys TEMPEST Fire Safety: Fire Suppression, Gaseous Emission Systems Laptop Security: Physical Security Countermeasures Biometric Devices PC Security: Boot Access Module 5: Network Attacks Current Statistics Defining Terms: Threats, Attack and Exploit Classification of Hackers and Attacks Spoofing; Spamming; Eaves Dropping; Phishing; War Dialing; Password Cracking Web Page Defacement; SQL Injection; Wire Tapping; Buffer Overflow War Driving; War Chalking; War Flying Denial of Service (DOS) Attacks and Distributed DOS Module 6: Intrusion Detection System Characteristics of IDS Host based IDS Vs Network based IDS IDS Detection Methods; Types of Signatures Intrusion Prevention System IDS Vs IPS IPS Tool Module 7: Firewalls Handling threats and security tasks Protection against hacking Centralization and Documentation Multi-layer firewall protection Packet filtering and Stateful Packet Filtering Multi firewall DMZ Specialty firewalls and Reverse firewalls Module8: Packet Filtering and Proxy Servers Network Address Translation Application layer gateway and Proxying Virtual Private Network and the Authentication process Module 9: Bastion Host and Honeypots Bastion Host Honeypots and Honeynet Module 10: Hardening Routers Internet work Operating Systems (IOS) Troubleshooting a router Hardening a Router Components of router security Router security: testing tools Module 11: Hardening Operating Systems Security Windows Security Objects And Permissions NTFS File System Permissions Active Directory Kerberos Authentication And Security IP Security Linux Module 12: Patch Management Red Hat Up2date Patch Management Utility Installation Steps Microsoft Patch Management Process and Windows Update Services Patch Management Tools: Qchain Patch Management Tool: Microsoft Baseline Security Analyzer Other Patch Management Tools Module 13: Application Security Securing Web Applications IPSec And SSL Security Writing Secure Code; Best Practices Remote Administration Security Module 14: Web Security Network Devices and Design Altering the Network Addresses Client Authorization and Secure Client Transmissions Portable Applications Malicious Code Detection Browser Security Settings Common Gateway Interface (CGI) Web Application Input Data Validation and Buffer Overflows Module 15: E-Mail Security Components Of An Email E-mail protocols E-Mail Security Risks How to defend against E-Mail security risks Module 16: Encryption Firewalls Implementing Encryption Maintaining confidentiality Digital certificates Public and Private Keys (including PGP) Choosing the size of keys Analyzing popular encryption schemes including IPSEC Module 17: Virtual Private Networks VPN Tunneling Protocols PPTP and L2TP VPN Security Module 18: WLAN Wireless Network Types Antenna WLAN Standards BlueTooth And Ultra Wideband WEP Description Tool (Air Snort and WEPCrack) WLAN Security;WPA; TKIP; WTLS EAP Methods Advanced Encryption Standards (AES); DES; RSA Encryption RADIUS; Multifactor Authentication Mobile Security Through Certificates Certificate Management Through PKI Module 19: Creating Fault Tolerance Network Security: Fault Tolerance Why Create Fault Tolerance Planning For Fault Tolerance Reasons For System Failure Preventive Measures Module 20: Incident Response What Is an Incident Step by Step Procedure Managing Incidents What Is an Incident Response Six Step Approach for Incident Handling (PICERF Methodology) Incident Response Team Module 21: Disaster Recovery and Planning What is a Disaster Recovery Disaster Recovery Planning Business Continuity Planning Process Disaster Prevention Module 22: Network Vulnerability Assessment Vulnerability Assessment Goals of vulnerability assessment Network vulnerability Assessment methodology: Selecting vulnerability assessment tools
ccsk CCSK - Certificate of Cloud Security Knowledge - Plus 14 hours Description: This 2-day CCSK Plus course includes all content from the CCSK Foundation course, and expands on it with extensive hands-on labs in a second day of training. Students will learn to apply their knowledge by performing a series of exercises involving a scenario that brings a fictional organization securely into the cloud. After completing this training, students will be well prepared for the CCSK certification exam, sponsored by Cloud Security Alliance. This second day of training includes additional lecture, although students will spend most of their time assessing, building, and securing a cloud infrastructure during the exercises. Objectives: This is a two day class that begins with the CCSK- Basic training, followed by a second day of additional content and hands-on activities Target Audience: This class is geared towards security professionals, but is also useful for anyone looking to expand their knowledge of cloud security. DAY 1 Introduction and Cloud Architecture Define cloud computing Cloud computing stack components Cloud reference model and security Infrastructure Security for Cloud Computing Understand the components of cloud infrastructure Assess security implications of deployment models Advantages and disadvantages of virtual Cloud management plane Different service models security basics Managing cloud computing security and risk Risk and governance Legal and compliance Audit Portability and interoperability Incident response Data security for cloud Different cloud storage models Security issues for data in cloud Address cloud security and governance Apply lifecycle to use cases Discuss data encryption Securing applications and users Application architecture design and operations lifecycle Discuss impact on SDLC Examine application security tools Discuss role of compliance in Cloud Cloud Risk assessment Adopt cloud computing Migrate existing apps and systems Create and secure a public cloud Understand public IaaS architectures Review EC2 components Launch and connect to your first instance Learn how to secure your instance DAY 2 Encrypting an EBS volume Why encrypt Select a method Create and attach Amazon EBS Encrypt and format Understand key management options Understand effects of rebooting Attach encrypted volume to another instance Identity and access management Learn how to secure your EC2 with AWS IAM Understand federated identity architectures Implement federated identity for application using OpenID How to apply same principles in an enterprise production environment Deploy and secure a Private Cloud Understand private cloud architecture Review OpenStack components Create and connect a compute node Manage OpenStack tenants and IAM Secure OpenStack management plane Investigate hypervisor security Understand security automation Selecting Cloud services Enabling security strategy Selecting a cloud provider Security as a service Summary and review
ciaa CIAA - Certificate in Information Assurance Architecture 35 hours Description: The IA Architect is based on a set of skills defined by the Institute of Information Security Professionals (IISP) and the UK Government’s GCHQ department. The IA Architect, also referred to in industry as the Security Architect must be able to drive beneficial security change into an organisation through the development or review of security architectures so that they: Meet business requirements for security. Mitigate identified risks and conform to relevant corporate security policies. Balance information risk against the cost of countermeasures. This course aligns to Level 3 (Skilful Application) competence as defined in the Skills Framework developed by the IISP. Objectives: Candidates that have successfully completed the Practitioner in IA Architecture course should be able to: Describe the business environment and the information risks that apply to systems. Describe and apply security design principles. Identify information risks that arise from potential solution architectures. Design alternate architectures or countermeasures to mitigate identified information risks. Ensure that proposed architectures and countermeasures adequately mitigate identified information risks. Apply ‘standard’ security techniques and architectures to mitigate security risks. Develop new architectures that mitigate the risks posed by new technologies and business practices. Provide consultancy and advice to explain Information Assurance and architectural problems. Securely configure ICT systems in compliance with their approved security architectures. Audience: Candidates who wish to gain the BCS IA Architecture certificate. System Administrators who wish to become Security Architects. Technical Architects looking to move into the field of security architecture. Security professionals wishing to gain an appreciation of the technical and business aspects of their profession, or to move into a more senior architecture role. Module 1 - The Basics of IA Architecture: What is IA Architecture? The Role of an IA Architect. Security Design Principles. Conceptual Architectures. At the end of this module the candidates will be able to: Describe the role of the IA Architect and the concept of security architectures in context of enterprise architectures. Explain the skills, especially soft skills, an IA Architect must possess. Explain concepts and design principles used by IA Architects when designing systems. Design principles such as least privileged and segregation of duties are described. Describe security architectures at a high level using appropriate contextual terms and have sufficient knowledge to describe architectural concepts related to security concerns. Explain the importance of design patterns and conceptual architectures. Recognise separation of systems as a way to reduce risk. Module 2 – Advanced Security Architecture Concepts: Core Security Mechanisms. Security Services. Security Design. At the end of this module the candidate will be able to: Describe common methods for identification and authentication. Describe common methods for access control. Describe requirements and methods for auditing and alerting. Describe common methods for content control, such as anti-virus and data loss prevention. Describe common cryptographic based services, such as a public key infrastructure. Describe intruder detection and prevention services and their placement in systems. Describe the role of directories in a system. Describe the functions of security management within a system. Describe a wide range of network security controls and the threats they counter. This includes layer 2 controls and the use of packet filtering and firewalls. Identify common methods for resilience and recognise different recovery capabilities and techniques, including back-up and audit trails. Identify security aspects of virtualisation. Appreciate practicality as an issue in the selection of security mechanisms. Appreciate the need for correctness of input and on-going correctness of all stored data including parameters for all generalised software. Distinguish between different cryptographic mechanisms and techniques. Appreciate the use of threat modelling techniques to establish where security services should be positioned within a system. Describe a number of design patterns being able to explain the threats and security controls used to counter the threats Module 3 – Information Assurance Methodologies: Information Assurance Frameworks. Cryptographic Assurance. Product and Service Assurance. Vulnerability and Penetration Testing. At the end of this module the candidate will be able to: Explain a wide range of Information Assurance methodologies. Compare the benefits of using different methodologies. Describe how Information Assurance methodologies can reduce risk. Employ methods, tools and techniques for identifying potential vulnerabilities. Apply different testing strategies depending on the risk profile of a system Recognise that business processes need to be tested and not just the ICT elements. Explain the role of vulnerability and penetration testing. Plan and manage a penetration test Explain the typical structure of a penetration test report. Describe the typical findings of a penetration test report. Module 4 – Innovation and Business Improvement Business Change, Security Metrics and ROI. Risk, Security Postures and Security Culture. Security as a Business Enabler. IA Maturity Models. At the end of this module the candidate will be able to: Discuss the security implications of business transition (mergers, de-mergers, in-sourcing and out-sourcing, etc.). Describe the nature of organisational risk culture and exposure. Recognise security as a business enabler. Describe continuous improvement as a philosophy. Propose security metrics. Describe a number of different IA maturity models. Module 5 – Security Across the Lifecycle: Security Across the Lifecycle. At the end of this module the candidate will be able to: Describe the typical Terms of Reference of an IA Architect. Explain why it is important to brief Engineering teams at the start of a development process. Describe the concepts of audit and traceability. Describe the different types of design artefacts at the conceptual, logical and physical layers. Recognise the security issues associated with commercial off-the-shelf / outsourced / off shore systems / applications / products. Describe the role of hardening and coding standards in the development of a system and sources of guidance. Describe the OWASP top ten risks. Discuss the importance of links with the whole business process. Identify the benefits of separation of development, test and support from operational systems Module 6 – Preparation for the IA Architecture Examination and Mock Examination: Format, structure and scoring of the examination. Mock examination, using the BCS sample paper. At the end of this module the candidate will: Understand the format and scoring of the examination. Be prepared to take the IA Architecture examination
pcbc PCBC - Practitioner Certificate in Business Continuity Management 35 hours Description: This is a 'Practitioner' course and leans heavily on practical exercises designed to reinforce the concepts being taught and to build the delegates confidence in implementing business continuity management. The course is also designed to encourage debate, and the sharing of knowledge and experience between students. Delegates will benefit from the practical and extensive experiences of ours trainers who are practicing business continuity management and ISO 22301:2012 specialists. Delegates will learn how to: Explain the need for business continuity management (BCM) in all organisations Define the business continuity lifecycle Conducting business continuity programme management Understand their organisation sufficiently to identify mission-critical impact areas Determine their organisation's business continuity strategy Establish a business continuity response Exercise, maintain and review plans Embed business continuity in an organisation Define terms and definitions appropriate to business continuity By the end of the course, delegates will have a detailed understanding of all the key components of business continuity management and be able to return to their work, making a significant contribution to the business continuity management process. 1. Introduction to Business Continuity Management This section of the module provides a basic introduction to the discipline of business continuity management, describes how it should fit in with the overall strategy of a business, provides a brief overview of risk management. 1.1 The need for Business Continuity Management 1.2 The context of Business Continuity Management in the business 1.3 Leadership and senior management commitment to Business Continuity 1.4 Review of Risk Management Fundamentals 1.5 The Business Continuity Institute’s Lifecycle 2. BC Policy and Programme Management This section of the module describes both the initial stages and the requirements for the ongoing management of the business continuity management programme. 2.1 Initial activities 2.2 Implementing the BC Programme 2.3 Supply Chain Continuity 2.4 Documentation 3. Understanding the Organisation (Analysis) – 10 hours This section of the module describes how the business continuity manager sets about understanding the organisation and initiates the overall business continuity management programme. 3.1 Identification of Business–Critical Areas 3.2 Terminology 3.3 Business Impact Analysis 3.4 Continuity Requirements Analysis 3.5 Threat and Vulnerability Assessments 3.6 Horizon Scanning 3.7 Risk Assessment 3.8 Evaluation of Options 3.9 Business Cases and Programme Sign-Off 4. Determining the Business Continuity strategy (Design) This section of the module describes how the organisation develops an overall business continuity strategy. 4.1 Strategic Options 4.2 People 4.3 Premises 4.4 Processes and Procedures 4.5 Technology 4.6 Information 4.7 Supply Chain 4.8 Stakeholders 4.9 Civil Emergencies 5. Business Continuity Response (Implementation) – 6 hours This section of the module describes how the organisation develops and implements the Business Continuity response. 5.1 Overall Incident Response Structure 5.2 Types of Plan 5.3 Incident Management Plans 5.4 Business Continuity Plans 5.5 Disaster Recovery Plans 5.6 Business Resumption Plans 6. Exercising, maintenance and review (Validation) – 4 hours This section of the module describes the overall Business Continuity exercising, maintenance and review programme. 6.1 Exercising and Testing of Plans 6.2 Maintenance of Plans 6.3 Review of Plans 7. Embedding Business Continuity Awareness in the Organisation – 3 hours This section of the module describes how Business Continuity awareness should be embedded into the organisation 7.1 Overall Awareness 7.2 Skills Training 8. Annexes This section of the module describes the overall Business Continuity Management programme 8.1 Glossary of Terms and Definitions 8.2 References
pcirm PCIRM - Practitioner Certificate in Information Risk Management 35 hours Description: The Practitioner Certificate in Information Risk Management (PCIRM) provides security practitioners with a comprehensive and highly practical course enabling them to develop a business focused information security and governance risk strategy. It closely follows the approaches recommended in the ISO 27001 and ISO 27005 standards. The five-day course prepares delegates to confidently sit the BCS/ISEB Practitioner Certificate in Information Risk Management examination. Target Audience: Information security and governance practitioners Internal IT auditors Staff from within compliance and operational risk functions IT managers and senior staff Project managers and others responsible for designing security in to information systems. Objectives: On completion of this course delegates will be able to: develop an information risk management strategy conduct threat vulnerability and likelihood assessments, business impact analyses and risk assessments explain how the management of information risk will bring about significant business benefits explain and make full use of information risk management terminology explain the principles of controls and risk treatment present results of the risk assessment in a format which will form the basis of a risk treatment plan explain and produce information classification schemes confidently sit the ISEB examination 1. The concepts and framework of information risk management In this section of the syllabus, delegates will explore the overall concept of risk management and how it is used in the context of information risk. 1.1 The need for information risk management 1.2 The context of risk in the organisation 2 Information risk management fundamentals This section of the syllabus examines the information risk management environment and terminology in greater detail. 2.1 Review of information security fundamentals 2.2 The use of information risk management standards and good practice guides 2.3 The process of information risk management 2.4 Terms and definitions 3 Establishing an information risk management programme This section of the syllabus examines the requirements for an information risk management programme, the strategic nature of its approach and the need for information classification. 3.1 The information risk management programme requirements 3.2 Development of the strategic approach to information risk management 3.3 Information classification 4 Risk identification This section of the syllabus examines the first part of the information risk management programme, and deals in greater detail with the identification of information risk. 4.1 Identification of assets 4.2 Business impact analysis 4.3 Threat and vulnerability assessment 5 Risk assessment This section of the syllabus deals with how risks are analysed and evaluated, how the results are recorded and prioritised and how appropriate controls may be selected. 5.1 Risk analysis 5.2 Risk evaluation 5.3 Options for risk management control 6 Risk treatment This section of the syllabus covers the process for reporting and presenting the results of the risk assessment process and for gaining senior management approval to apply the appropriate controls. 6.1 Risk reporting and presentation 6.2 Business cases 6.3 Risk treatment plans 7 Monitor and review 7.1 Information risk monitoring 7.2 Information risk review
secitp Security for IT Practitioners 35 hours Description: A 5-day course that will take anyone in a current IT job role into the world of Information Security. This is a fantastic start point for those wanting to go into the major growth area of IT which is Security. Many practical labs are used throughout the course to improve student understanding of theoretical concepts and give them experience of real-world products. This course is aimed at individuals who want to move into the Information Security arena or simply want to gain a broader working knowledge of the topic. Objectives: To give students of all levels a good appreciation of security issues when dealing with computers and networks. Audience: People who work in IT 1 Introduction to security a) What is security b) White hats v black hats c) Threats to resources d) A simple security model e) Industry security standards f) Security policies g) Authentication h) Encryption i) Access control j) Audit and administer 2 TCP/IP for Security a) TCP/IP Architecture b) LANs and WANs c) IP and ICMP services d) ARP and routing e) Transport services 3 Applied Cryptography a) Encryption and trust relationships b) Symmetric encryption c) Asymmetric encryption d) Message digests e) Digital certificates f) Certificate authorities g) IPSec and VPNs 4 Virtual Private Networks a) VPN Benefits b) PPP with PAP and CHAP c) Tunnelling Protocols d) Virtual Private Dialup Networks e) IPSec a) Internet Key Exchange (IKE) 5 Types of Attack a) Spoofing b) Man-in-the-middle c) Denial of service d) Insider attacks e) Bug-based attacks f) Key logging g) Brute force attacks h) Trojans, viruses and worms i) Root kits 6 Firewall Roles and Types a) Packet filters b) Stateful inspection c) Circuit level gateways d) Application proxies e) Demilitarised zones f) Network address translation 7 Firewall Design Topology and Management a) Design principles b) Common topologies c) ICMP and firewalls d) Firewall management 8 World Wide Web Security a) Web technologies b) Browser privacy c) Cookies d) Mobile code threats e) Web server security f) Web traffic security 9 Intrusion Detection Systems a) IDS methodologies b) IDS concerns 10 Operating System Security a) Key OS vulnerabilities b) Windows security components c) Linux security components 11 The Auditing Process a) Introduction b) Risk analysis c) Ethical hacking d) Auditing and log analysis e) Windows & Linux logging f) Making recommendations and producing reports 12 Wireless Networking a) Protocols and security standards
cgeit CGEIT – Certified in the Governance of Enterprise IT 28 hours Description: This four day event (CGEIT training) is the ultimate preparation for exam time and is designed to ensure that you pass the challenging CGEIT exam on your first attempt. The CGEIT qualification is an internationally recognised symbol of excellence in IT governance awarded by ISACA. It is designed for professionals responsible for managing IT governance or with significant advisory or assurance responsibility for IT governance. Achieving CGEIT status will provide you with wider recognition in the marketplace, as well as increased influence at executive level. Objectives: This seminar has been designed to prepare Delegates for the CGEIT examination by enabling them to supplement their existing knowledge and understanding so as to be better prepared to pass the exam, as defined by ISACA. Target Audience: Our training course is for IT and business professionals, with significant IT governance experience who are undertaking the CGEIT exam. Domain 1: Framework for the Governance of Enterprise IT (25%) Ensure the definition, establishment, and management of a framework for the governance of enterprise IT in alignment with the mission, vision and values of the enterprise. Domain 1—Knowledge Statements: Knowledge of components of a framework for the governance of enterprise IT Knowledge of IT governance industry practices, standards and frameworks (for example, COBIT, Information Technology Infrastructure Library [ITIL], International Organization for Standardization [ISO] 20000, ISO 38500) Knowledge of business drivers related to IT governance (for example, legal, regulatory and contractual requirements) Knowledge of IT governance enablers (for example, principles, policies and frameworks; processes; organizational structures; culture, ethics and behaviour; information; services, infrastructure and applications; people, skills and competencies) Knowledge of techniques used to identify IT strategy (for example, SWOT, BCG Matrix) Knowledge of components, principles, and concepts related to enterprise architecture (EA) Knowledge of Organizational structures and their roles and responsibilities (for example, enterprise investment committee, program management office, IT strategy committee, IT architecture review board, IT risk management committee) Knowledge of methods to manage organizational, process and cultural change Knowledge of models and methods to establish accountability for information requirements, data and system ownership; and IT processes Knowledge of IT governance monitoring processes/mechanisms (for example, balanced scorecard (BSC) Knowledge of IT governance reporting processes/mechanisms Knowledge of communication and promotion techniques Knowledge of assurance methodologies and techniques Knowledge of continuous improvement techniques and processes Domain 2: Strategic Management (20%) Ensure that IT enables and supports the achievement of enterprise objectives through the integration and alignment of IT strategic plans with enterprise strategic plans. Domain 2—Knowledge Statements: Knowledge of an enterprise’s strategic plan and how it relates to IT Knowledge of strategic planning processes and techniques Knowledge of impact of changes in business strategy on IT strategy Knowledge of barriers to the achievement of strategic alignment Knowledge of policies and procedures necessary to support IT and business strategic alignment Knowledge of methods to document and communicate IT strategic planning processes (for example, IT dashboard/balanced scorecard, key indicators) Knowledge of components, principles and frameworks of enterprise architecture (EA) Knowledge of current and future technologies Knowledge of prioritization processes related to IT initiatives Knowledge of scope, objectives and benefits of IT investment programs Knowledge of IT roles and responsibilities and methods to cascade business and IT objectives to IT personnel Domain 3: Benefits Realization (16%) Ensure that IT-enabled investments are managed to deliver optimized business benefits and that benefit realization outcome and performance measures are established, evaluated and progress is reported to key stakeholders. Domain 3—Knowledge Statements: Knowledge of IT investment management processes, including the economic life cycle of investments Knowledge of basic principles of portfolio management Knowledge of benefit calculation techniques (for example, earned value, total cost of ownership, return on investment) Knowledge of process and service measurement techniques (for example, maturity models, benchmarking, key performance indicators [KPIs]) Knowledge of processes and practices for planning, development, transition, delivery, and support of IT solutions and services Knowledge of continuous improvement concepts and principles Knowledge of outcome and performance measurement techniques (for example, service metrics, key performance indicators [KPIs]) Knowledge of procedures to manage and report the status of IT investments& Knowledge of cost optimization strategies (for example, outsourcing, adoption of new technologies) Knowledge of models and methods to establish accountability over IT investments Knowledge of value delivery frameworks (for example, Val IT) Knowledge of business case development and evaluation techniques Domain 4: Risk Optimization (24%) Ensure that an IT risk management framework exists to identify, analyze, mitigate, manage, monitor, and communicate IT-related business risk, and that the framework for IT risk management is in alignment with the enterprise risk management (ERM) framework. Domain 4—Knowledge Statements: Knowledge of the application of risk management at the strategic, portfolio, program, project and operations levels Knowledge of risk management frameworks and standards (for example, RISK IT, the Committee of Sponsoring Organizations of the Treadway Commission Enterprise Risk Management—Integrated Framework (2004) [COSO ERM], International Organization for Standardization (ISO) 31000) Knowledge of the relationship of the risk management approach to legal and regulatory compliance Knowledge of methods to align IT and enterprise risk management (ERM) Knowledge of the relationship of the risk management approach to business resiliency (for example, business continuity planning [BCP] and disaster recovery planning [DRP]) Knowledge of risk, threats, vulnerabilities and opportunities inherent in the use of IT Knowledge of types of business risk, exposures and threats (for example, external environment, internal fraud, information security) that can be addressed using IT resources Knowledge of risk appetite and risk tolerance Knowledge of quantitative and qualitative risk assessment methods Knowledge of risk mitigation strategies related to IT in the enterprise Knowledge of methods to monitor effectiveness of mitigation strategies and/or controls Knowledge of stakeholder analysis and communication techniques Knowledge of methods to establish key risk indicators (KRIs) Knowledge of methods to manage and report the status of identified risk Domain 5: Resource Optimization (15%) Ensure the optimization of IT resources including information, services, infrastructure and applications, and people, to support the achievement of enterprise objectives. Domain 5—Knowledge Statements: Knowledge of IT resource planning methods Knowledge of human resource procurement, assessment, training, and development methodologies Knowledge of processes for acquiring application, information, and infrastructure resources Knowledge of outsourcing and offshoring approaches that may be employed to meet the investment program and operation level agreements (OLAs) and service level agreements (SLAs) Knowledge of methods used to record and monitor IT resource utilization and availability Knowledge of methods used to evaluate and report on IT resource performance Knowledge of interoperability, standardization and economies of scale
basel3 Basel III – Certified Basel Professional 21 hours Description: Basel III is a global regulatory standard on bank capital adequacy, stress testing and market liquidity risk. Having initially been agreed upon by the Basel Committee on Banking Supervision in 2010–11, changes to The Accord have extended implementation to 31st March 2019. Basel III strengthens bank capital requirements by increasing bank liquidity and decreasing bank leverage. Basel III differs from Basel I & II in that it requires different levels of reserves for different forms of deposits and other types of borrowings, so it does not supersede them so much as it does work alongside Basel I and Basel II. This complex and constantly changing landscape can be hard to keep up with, our course and training will help you manage likely changes and their impact on your institution. We are accredited with and a training partner to the Basel Certification Institute and as such the quality and suitability of our training and material is guaranteed to be up to date and effective Objectives: Preparation for the Certified Basel Professional Examination. Define hands-on strategies and techniques for the definition, measurement, analysis, improvement, and control of operational risk within a banking organization. Target Audience: Board members with risk responsibilities CROs and Heads of Risk Management Members of the Risk Management team Compliance, legal and IT support staff Equity and Credit Analysts Portfolio Managers Rating Agency Analysts Overview: Introduction to Basel norms and amendments to the Basel Accord (III) Regulations for market, credit, counterparty and liquidity risk Stress testing for various risk measures including how to formulate and deliver stress tests The likely effects of Basel III on the international banking industry, including demonstrations of its practical application Need For The New Basel Norms The Basel III Norms Objectives of The Basel III Norms Basel III – Timeline 1. What is Basel III? 1.1. The Basel III papers 1.2. Was Basel II responsible for the market crisis? 1.3. Introduction to the Basel III Amendments 1.4. The Financial Stability Board (FSB), the G20 and the Basel III framework 2. The New Basel III Principles for risk management and corporate governance The key areas where the Basel Committee believes the greatest focus is necessary 2.1 Board practices 2.2 Senior management 2.3 Risk management and internal controls 2.4 Compensation 2.5 Complex or opaque corporate structures 2.6 Disclosure and transparency 3. The Quality of Capital 3.1 The numerator: A strict definition of capital 3.2 Limits and Minima 3.3 Common Equity Tier 1 3.4 Common shares issued by the bank 3.5 Additional Tier 1 capital 3.6 Tier 2 capital 3.7 Investments held by banks in capital instruments of other banks and financial and insurance entities 3.8 The corresponding deduction approach and the changes in the business model 3.9 Double Gearing and Basel III 3.10 Securitisation and Resecuritisation 4. The Risk Weighted Assets 4.1 The denominator: Enhanced risk coverage 4.2 Understanding securitization 5. The Capital Ratio 5.1 In addition to the quality of capital and risk coverage 5.2 Calibration 5.3 Transition period 6. Global Liquidity Standards 6.1 Introduction of global minimum liquidity standards 6.2 The Liquidity Coverage Ratio (LCR) that makes banks more resilient to potential short-term disruptions 6.3 Stock of high-quality liquid assets 6.4 Total net cash outflows 6.5 The Net Stable Funding Ratio (NSFR) that addresses longer-term structural liquidity mismatches 6.6 Available stable funding (ASF) 6.7 Required stable funding (RSF) 6.8 Contractual maturity mismatch 6.9 Concentration of funding 6.10 Available unencumbered assets 6.11 LCR by significant currency 6.12 Market-related monitoring tools 6.13 Transitional arrangements 7. Capital Conservation 7.1 Distribution policies that are inconsistent with sound capital conservation principles 7.2 Supervisors enforce capital conservation discipline 8. Leverage Ratio 8.1 Strong Tier 1 risk based ratios with high levels of on and off balance sheet leverage 8.2 Simple, non-risk-based leverage ratio 8.3 Introducing additional safeguards against model risk and measurement error 8.4 Calculation of the leverage ratio 9. Countercyclical Capital Buffer 9.1 Procyclical or Countercyclical? 9.2 The new countercyclical capital buffer 9.3 Home / Host Challenges 9.4 Guidance for national authorities operating the countercyclical capital buffer 9.5 Principles underpinning the role of judgement 9.6 Principle 1: (Objectives) 9.7 Principle 2: (Common reference guide) 9.8 Principle 3: (Risk of misleading signals) 9.9 Principle 4: (Prompt release) 9.10 Principle 5: (Other macroprudential tools) 9.11 Jurisdictional reciprocity 9.12 Frequency of buffer decisions and communications 9.13 Treatment of surplus when buffer returns to zero 10. Systemically Important Financial Institutions (SIFIs) 10.1 SIFIs and G-SIFIs 10.2 Improvements to resolution regimes 10.3 Additional loss absorption capacity 10.4 More intensive supervisory oversight 10.5 Stronger robustness standards 10.6 Peer review 10.7 Developments at the national and regional level 10.8 The Financial Stability Oversight Council (FSOC) 10.9 The European Systemic Risk Board (ESRB) 10.10 Strengthening SIFI supervision 11. Systemically Important Markets and Infrastructures (SIMIs) 11.1 The Basel Committee and Financial Stability Board endorse central clearing and trade reporting on OTC derivatives 11.2 Derivative counterparty credit exposures to central counterparty clearing houses (CCPs) 12. Risk Modelling, Stress Testing and Scenario Analysis 12.1 Capture of systemic risk/tail events in stress testing and risk modelling 12.2 VaR shortcomings: the normality assumption 12.3 Need for a strong stress testing programme 12.4 Systemic risk capture in banks’ risk models 13. Pillar 2 Amendments: Stress testing) 13.1 Pillar 2 Amendments: Stress testing 13.2 Principles for sound stress testing practices and supervision 13.3 15 stress testing principles for banks 13.4 Firm-wide stress testing 13.5 6 stress testing principles for supervisors 14. The Impact of Basel III 14.1 The Impact of Basel III 14.2 Investment Banking, Corporate Banking, Retail Banking 14.3 Investment banks are primarily affected, particularly in trading and securitization businesses 14.4 The new capital rules have a substantial impact on profitability 14.5 Basel III Impact on Regional Banks 14.6 Basel III Impact on Pillar 2 14.7 Basel III effect on financial sector 14.8 Basel III implications for bank risk management 14.9 Implications for European Systemic Risk Board 14.10 Impact of Basel III for commercial banks? 14.11 Basel III implications for indigenous banks 14.12 Can regional banks mitigate Basel III impacts? 14.13 Other Implications of Basel III 14.14 Areas of Focus 15. Conclusions 16. Examples (Case Studies) Basel III Capital Structure A worked example of a bank Basel III – explanation of changes Basel III Capital Structure
grmcfun Governance, Risk Management & Compliance (GRC) Fundamentals 21 hours Course goal: To ensure that an individual has the core understanding of GRC processes and capabilities, and the skills to integrate governance, performance management, risk management, internal control, and compliance activities. Overview: GRC Basic terms and definitions Principles of GRC Core components, practices and activities Relationship of GRC to other disciplines   Day One GRC Fundamentals Training Course Overview GRC Capability Model –Introduction GRC Key Definitions Day Two Learn Component Align Component Perform Component Day three Review Component GRC standards and frameworks GRC applications and technology GRC certifications
crisc CRISC - Certified in Risk and Information Systems Control 21 hours Description: This class is intended as intense and hard core exam preparation for ISACA’s Certified Information Systems Auditor (CRISC) Examination. The five (5) domains of ISACA’s CRISC syllabus will be covered with a big focus on the Examination. The Official ISACA CIRSC Review Manual and Question, Answer and Explanation, (Q,A&E), supplements will ALSO be provided when attending. The Q,A&E is exceptional in helping delegates understand the ISACA style of questions, the type of answers ISACA are looking for and it helps rapid memory assimilation of the material. The technical skills and practices that ISACA promotes and evaluates within the CRISC certification are the building blocks of success in the field. Possessing the CRISC certification demonstrates your skill within the profession. With a growing demand for professionals holding risk and control expertise, ISACA’s CRISC has positioned itself to be the preferred certification program by individuals and enterprises around the world. The CRISC certification signifies commitment to serving an enterprise and the chosen profession with distinction. Objectives: To help you pass the CRISC examination first time possessing this certification will signify your commitment to serving an enterprise with distinction the growing demand for professionals with risk and control skills will allow holders of this certification to command better positions and salary You will learn: To help enterprises accomplish business objectives by designing, implementing, monitoring and maintaining risk-based, efficient and effective IS controls. The technical skills and practices that CRISC promotes, these are the building blocks of success in the field Domains Risk Identification, Assessment and Evaluation Risk Response Risk Monitoring Information Systems Control Design and Implementation IS Control Monitoring and Maintenance
cas CAS: Setting up an single-sign-on authentication server 7 hours CAS, or Central Authentication Service, is an open-source, enterprise-level, single-sign on protocol for the web. CAS gives users access to multiple applications using a single sign-on and allows web applications to authenticate users without giving them access to user passwords. CAS has a Java server component and various client libraries written in PHP, PL/SQL, Java, and more. In this course, we discuss CAS's architecture and features and practice installing and configuring a CAS server. By the end of the course, participants will have an understanding of CAS's implementation of SOS (Single-Sign-On-Authentication) as well as the necessary practice to deploy and manage their own authentication server. Audience     System administrators Format of the course     Part lecture, part discussion, heavy hands-on practice Introduction     The case for SOS (Single-Sign-On-Authentication)     CAS vs LDAP vs OpenID An overview of the CAS architecture     System components     CAS Server     CAS clients     Supported protocols     Software components         Spring MVC/Spring Webflow         Ticketing         Authentication Building CAS as an Overlay project     Building and deploying with Gradle, Maven and Docker     Using custom and third-party source     Managing dependencies Configuring authentication in CAS     Orchestrating authentication handlers with authentication manager     Choosing authentication handlers and schemes     Testing the default authentication scheme     Principal Resolution     Transforming the user id     Setting up "Remember Me" long-term authentication     Setting up proxy authentication     Multi-factor authentication (MFA)     Limiting failed login attempts with login throttling     Configuring an SSO session cookie Attribute resolution and release     Principal-Id attribute: receiving authenticated userid     Attribute release policy: Releasing attributes to applications     Caching attributes: Caching resolved attributes     Encrypting attributes: Conditionally encrypting attributes
iast Interactive Application Security Testing (IAST) 14 hours Interactive Application Security Testing (IAST) is a form of application security testing that combines Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) or Runtime Application Self-protection (RASP) techniques. IAST is able to report the specific lines of code responsible for a security exploit and replay the behaviors leading to and following such an exploit. In this instructor-led, live training, participants will learn how to secure an application by instrumenting runtime agents and attack inducers to simulate application behavior during an attack.   By the end of this training, participants will be able to: Simulate attacks against applications and validate their detection and protection capabilities Use RASP and DAST to gain code-level visibility into the data path taken by an application under different runtime scenarios Quickly and accurately fix the application code responsible for detected vulnerabilities Prioritize the vulnerability findings from dynamic scans Use RASP real-time alerts to protect applications in production against attacks. Reduce application vulnerability risks while maintaining production schedule targets Devise an integrated strategy for overall vulnerability detection and protection Audience DevOps engineers Security engineers Developers Format of the course Part lecture, part discussion, exercises and heavy hands-on practice To request a customized course outline for this training, please contact us.
cyberwarfare Fundamentals of corporate cyberwarfare 14 hours Audience Cyber security specialists System administrators Cyber security managers Cyber security auditors CIOs Format of the course Heavy emphasis on hands-on practice. Most of the concepts are learned through samples, exercises and hands-on development. Introduction Different aspects of enterprise security Companies are more vulnerable to cyber warfare than governments Corporate espionage (industrial espionage) Corporate sabotage (industrial sabotage) Extortion Beyond traditional enterprise security Non-standard approaches to breaching your systems Compromising your company...without breaching your systems Artificial Intelligence (AI) in the age of corporate cyber warfare How AI will be used to launch the next cyber attack on your company Beyond database injection Fooling a company's computers and employees The offensive mindset vs detection mindset Attack patterns Systems and tools for launching cyber attacks Beyond dumb bots. Intelligent bots. Humans or robots? Designing intelligence Building comprehensive AI response systems The future of corporation cyber security in a world of AI, big data, and cyber warfare  
iso27005 Building up information security according to ISO 27005 21 hours This course will give you the skills to build up information security according to ISO 27005, which is dedicated to information security risk management based on ISO 27001.1. Introduction to risk management 2. Risk assessment methodologies 3. The ISO 27005 information security risk management framework and process model 4. Classification and identification of information assets 5. Definition of threats to information assets 6. Identification of the vulnerabilities these threats might exploit 7. Risk analysis: risk scoring using scales and simple calculations 8. An introduction to risk analysis tools 9. Risk evaluation and acceptance strategies 10. Risk treatment and the selection of mitigating control measures 11. Review and continual improvement of risk assessment and management 12. Risk communications and consultation 13. Integrating the ISO 27005 information security risk management framework into an ISO 27001 ISMS
devopssecurity DevOps Security: Creating a DevOps security strategy 7 hours DevOps is a software development approach that aligns application development with IT operations. Some of the tools that have emerged to support DevOps include: automation tools, containerization and orchestration platforms. Security has not kept up with these developments. In this course, participants will learn how to formulate the proper security strategy to face the DevOps security challenge. Audience     Devops engineers     Security engineers Format of the course     Part lecture, part discussion, some hands-on practice Introduction     How DevOps creates more security risk for organizations         The price of agility, speed and de-centralized control Inadequacies of traditional security tools     Security policies     Firewall rules     Lack of APIs for integration     Lack of visualization tools Implementing a DevOps-ready security program Aligning security with business goals Removing the security bottleneck Implementing detailed visibility Standardizing security configurations Adding sensors into the application     Interactive Application Security Testing     Runtime Application Self-Protection Providing security data to DevOps tools through RESTful APIs On-demand scaling, micro-perimeterization of security controls Per-resource granular security policies Automating attacks against pre-production code Continually testing the production environment Protecting web applications from an Agile/DevOps perspective Securing containers and clouds Embracing next generation automated security tools The future of DevOps and its strategic role in security Closing remarks
shadowsocks Shadowsocks: Set up a proxy server 7 hours Shadowsocks is an open-source, secure socks5 proxy. In this instructor-led, live training, participants will learn how to secure an internet connection through a Shadowsocks proxy. By the end of this training, participants will be able to: Install and configure Shadowsocks on any of a number of supported platforms, including Windows, Linux, Mac, Android, iOS, and OpenWRT. Deploy Shadosocks with package manager systems, such as pip, aur, freshports and others. Run Shadowsocks on mobile devices and wireless networks. Understand how Shadowsocks encrypts messages and ensures integrity and authenticity. Optimize a Shadowsocks server Audience Network engineers Computer technicians Format of the course Part lecture, part discussion, exercises and heavy hands-on practice To request a customized course outline for this training, please contact us.
cissp CISSP - Certified Information Systems Security Professional 35 hours Overview: Certified Information Systems Security Professional certification is recognised as a key qualification for developing a senior career in information security, audit and IT governance management. Held by over 30,000 qualified professionals worldwide, the Certified Information Systems Security Professional qualification shows proven knowledge and is the key to a higher earning potential in roles that include CISO, CSO and senior security manager. You will learn to: Use the knowledge gained in a practical manner beneficial to your organisation Protect your organisational assets using access control techniques and strengthen confidentiality and integrity controls from the world of cryptography Secure your network architecture and design (implement Cyber security) Achieve your organisational objectives such as legal & compliance, Information assurance, security and data governance Enhance IT services secure delivery via Security operations, architecture and design principles Implement business resiliency via Business Continuity Plan You will gain a thorough understanding of the 8 domains as prescribed by (ISC)2® The Main Goal: To pass your CISSP examination first time. Target Audience: This training is intended for individuals preparing for the CISSP certification exam. The Domains of the ISC2 CISSP Certifications: Security and Risk Management Asset Security Security Engineering Communications and Network Security Identity and Access Management Security Assessment and Testing Security Operations Software Development Security
webap WEBAP - Web Application Security 28 hours Description: This course will give the participants thorough understanding about security concepts, web application concepts and frameworks used by developers in order to be able to exploit and protect targeted application. In today’s world, that is changing rapidly and thus all the technologies used are also changed at a fast pace, web applications are exposed to hackers attacks 24/7. In order to protect the applications from external attackers one has to know all the bits and pieces that makes the web application, like frameworks, languages and technologies used in web application development, and much more than that. The problem is that attacker has to know only one way to break into the application and developer (or systems administrator) has to know all of the possible exploits in order to prevent this from happening. Because of that it is really difficult to have a bullet proof secured web application, and in most of the cases web application is vulnerable to something. This is regularly exploited by cyber criminals and casual hackers, and it can be minimized by correct planning, development, web application testing and configuration. Objectives: To give you the skill and knowledge needed to understand and identify possible exploits in live web applications, and to exploit identified vulnerabilities. Because of the knowledge gained through the identification and exploitation phase, you should be able to protect the web application against similar attacks. After this course the participant will be able to understand and identify OWASP top 10 vulnerabilities and to incorporate that knowledge in web application protection scheme. Audience: Developers, Police and other law enforcement personnel, Defense and Military personnel, e-Business Security professionals, Systems administrators, Banking, Insurance and other professionals, Government agencies, IT managers, CISO’s, CTO’s. Module 1: Security concepts Module 2: Risk management Module 3: Hackers attack phases Module 4: Penetration testing Module 5: Networking MitM attacks Module 6: Overview of web technologies and frameworks Module 7: Tools of the trade Module 8: Bypassing client side controls Module 9: Authentication attacks Module 10: Design/implementation flaws Module 11: Web application attacks: Injection (A1) Module 12: Web application attacks: XSS/CSRF (A3/A8) Module 13: Web application attacks: Broken authentication and session management (A2) Module 14: Web application attacks: Insecure direct object references/Missing function level access control (A4/A7) Module 15: Web application attacks: Security mis-configuration/Sensitive data exposure (A5/A6) Module 16: Web application attacks: Unvalidated redirect and forwards (A10) Module 17: Logical flaws
cismp CISMP - Certificate in Information Security Management Principles 35 hours A thorough, practical, 5 day course designed to provide the knowledge and skills required to manage information security, information assurance or information risk based processes. The CISMP course is aligned with the latest national information assurance frameworks (IAMM), as well as ISO/IEC 27002 & 27001; the code of practice and standard for information security. This course is a CESG Certified Training (CCT) course. The course follows the latest BCS syllabus and prepares delegates for the 2 hour multiple choice BCS examination which is sat on the afternoon of the last day of the course. This qualification provides delegates with detailed knowledge of the concepts relating to information security; (confidentiality, integrity, availability, vulnerability, threats, risks and countermeasures), along with an understanding of current legislation and regulations which impact information security management. Award holders will be able to apply the practical principles covered throughout the course ensuring normal business processes become robust and more secure. The need for Information Security Information Security Management System (ISMS) concepts & definitions Information risk management Corporate governance Organisational responsibilities Policies, standards & procedures ISO/IEC 27002, 27001 & 13335 Information security controls Incident management Legal framework - personal data, DPA, CMA, IPR & copyright, HR & employment issues Cryptographic models Data Communications & networks Physical security Auditing & gap analysis Training & raising awareness Business continuity Security investigations & forensics Examination  
shiro Apache Shiro: Securing your Java application 7 hours Apache Shiro is a powerful Java security framework that performs authentication, authorization, cryptography, and session management. In this instructor-led, live training, participants will learn how to secure a web application with Apache Shiro. By the end of this training, participants will be able to: Use Shiro's API to secure various types of applications, including mobile, web and enterprise Enable logins from various data sources, including LDAP, JDBC, Active Directory, etc. Audience Developers Security engineers Format of the course Part lecture, part discussion, exercises and heavy hands-on practice Introduction Overview of Shiro features Project setup and configuration Overview of the Security Manager Securing an application with Shiro Authentication Authorization Realm configuration Logging out Session management Using Shiro with Spring Integrating with Java EE Securing a mobile application Troubleshooting Deploying and monitoring your application Closing remarks
cism CISM - Certified Information Security Manager 28 hours Description:; CISM® is the most prestigious and demanding qualification for Information Security Managers around the globe today. This qualification provides you with a platform to become part of an elite peer network who have the ability to constantly learn and relearn the growing opportunities/ challenges in Information Security Management. Our CISM training methodology provides an in-depth coverage of contents across the Four CISM domains with a clear focus on building concepts and solving ISACA released CISM exam questions. The course is an intense training and hard-core exam preparation for ISACA’s Certified Information Security Manager (CISM®) Examination. We have delivered more than 100+ CISM training events in the United Kingdom and Europe. Our instructors encourage all attending delegates to go through the ISACA released CISM QA&E (Questions, Answers and Explanations) as exam preparation - you get this FREE as part of our course. The QA&E is exceptional in helping delegates understand the ISACA style of questions, approach to solving these questions and it helps rapid memory assimilation of the CISM concepts during live classroom sessions. All our trainers have extensive experience in delivering CISM training. We will thoroughly prepare you for the CISM examination. If you do not pass first time, then join us again for exam preparation free of charge. Goal: The ultimate goal is to pass your CISM examination first time. Objectives: Use the knowledge gained in a practical manner beneficial to your organisation Establish and maintain an Information security governance framework to achieve your organization goals and objectives Manage Information risk to an acceptable level to meet the business and compliance requirements Establish and maintain information security architectures (people, process, technology) Integrate information security requirements into contracts and activities of third parties/ suppliers Plan, establish and manage the capability to detect, investigate, respond to and recover from information security incidents to minimize business impact Target Audience: Security professionals with 3-5 years of front-line experience; Information security managers or those with management responsibilities; Information security staff, information security assurance providers who require an in-depth understanding of information security management including: CISO's, CIO's, CSO's, privacy officers, risk managers, security auditors and compliance personnel, BCP / DR personnel, executive and operational managers responsible for assurance functions. Domain 1—Information Security Governance (24%) Establish and maintain an information security governance framework and supporting processes to ensure that the information security strategy is aligned with organizational goals and objectives, information risk is managed appropriately and program resources are managed responsibly. 1.1 Establish and maintain an information security strategy in alignment with organizational goals and objectives to guide the establishment and ongoing management of the information security program. 1.2 Establish and maintain an information security governance framework to guide activities that support the information security strategy. 1.3 Integrate information security governance into corporate governance to ensure that organizational goals and objectives are supported by the information security program. 1.4 Establish and maintain information security policies to communicate management’s directives and guide the development of standards, procedures and guidelines. 1.5 Develop business cases to support investments in information security. 1.6 Identify internal and external influences to the organization (for example, technology, business environment, risk tolerance, geographic location, legal and regulatory requirements) to ensure that these factors are addressed by the information security strategy. 1.7 Obtain commitment from senior management and support from other stakeholders to maximize the probability of successful implementation of the information security strategy. 1.8 Define and communicate the roles and responsibilities of information security throughout the organization to establish clear accountabilities and lines of authority. 1.9 Establish, monitor, evaluate and report metrics (for example, key goal indicators [KGIs], key performance indicators [KPIs], key risk indicators [KRIs]) to provide management with accurate information regarding the effectiveness of the information security strategy. Domain 2—Information Risk Management and Compliance (33%) Manage information risk to an acceptable level to meet the business and compliance requirements of the organization. 2.1 Establish and maintain a process for information asset classification to ensure that measures taken to protect assets are proportional to their business value. 2.2 Identify legal, regulatory, organizational and other applicable requirements to manage the risk of noncompliance to acceptable levels. 2.3 Ensure that risk assessments, vulnerability assessments and threat analyses are conducted periodically and consistently to identify risk to the organization’s information. 2.4 Determine appropriate risk treatment options to manage risk to acceptable levels. 2.5 Evaluate information security controls to determine whether they are appropriate and effectively mitigate risk to an acceptable level. 2.6 Identify the gap between current and desired risk levels to manage risk to an acceptable level. 2.7 Integrate information risk management into business and IT processes (for example, development, procurement, project management, mergers and acquisitions) to promote a consistent and comprehensive information risk management process across the organization. 2.8 Monitor existing risk to ensure that changes are identified and managed appropriately. 2.9 Report noncompliance and other changes in information risk to appropriate management to assist in the risk management decision-making process. Domain 3—Information Security Program Development and Management (25%) Establish and manage the information security program in alignment with the information security strategy. 3.1 Establish and maintain the information security program in alignment with the information security strategy. 3.2 Ensure alignment between the information security program and other business functions (for example, human resources [HR], accounting, procurement and IT) to support integration with business processes. 3.3 Identify, acquire, manage and define requirements for internal and external resources to execute the information security program. 3.4 Establish and maintain information security architectures (people, process, technology) to execute the information security program. 3.5 Establish, communicate and maintain organizational information security standards, procedures, guidelines and other documentation to support and guide compliance with information security policies. 3.6 Establish and maintain a program for information security awareness and training to promote a secure environment and an effective security culture. 3.7 Integrate information security requirements into organizational processes (for example, change control, mergers and acquisitions, development, business continuity, disaster recovery) to maintain the organization’s security baseline. 3.8 Integrate information security requirements into contracts and activities of third parties (for example, joint ventures, outsourced providers, business partners, customers) to maintain the organization’s security baseline. 3.9 Establish, monitor and periodically report program management and operational metrics to evaluate the effectiveness and efficiency of the information security program. Domain 4—Information Security Incident Management (18%) Plan, establish and manage the capability to detect, investigate, respond to and recover from information security incidents to minimize business impact. 4.1 Establish and maintain an organizational definition of, and severity hierarchy for, information security incidents to allow accurate identification of and response to incidents. 4.2 Establish and maintain an incident response plan to ensure an effective and timely response to information security incidents. 4.3 Develop and implement processes to ensure the timely identification of information security incidents. 4.4 Establish and maintain processes to investigate and document information security incidents to be able to respond appropriately and determine their causes while adhering to legal, regulatory and organizational requirements. 4.5 Establish and maintain incident escalation and notification processes to ensure that the appropriate stakeholders are involved in incident response management. 4.6 Organize, train and equip teams to effectively respond to information security incidents in a timely manner. 4.7 Test and review the incident response plan periodically to ensure an effective response to information security incidents and to improve response capabilities. 4.8 Establish and maintain communication plans and processes to manage communication with internal and external entities. 4.9 Conduct post-incident reviews to determine the root cause of information security incidents, develop corrective actions, reassess risk, evaluate response effectiveness and take appropriate remedial actions. 4.10 Establish and maintain integration among the incident response plan, disaster recovery plan and business continuity plan.
GDPR1 GDPR Workshop 7 hours This one-day course is for people looking for a brief outline of the GDPR – General Data Protection Regulations coming out May 25, 2018. This is ideal for managers, department heads, and employees who need to understand the basics of the GDPR. What is the GDPR What is personal data / sensitive data Picking your team Understanding GDPR terms Privacy by design and privacy by default Appointing a team Choosing the people to help with GDPR (legal, marketing, IT, hr) What is a DPO and do you need one Permissions Determine if it’s personal data Who can access data How and where data is stored i.e. electronically or paper-based Securing data Rights and obligations Data Subjects and their rights Controller’s obligations Processor’s obligations Dealing with data requests International data transfers What is a data breach Fines and penalties Third-party services Internatinal data transfers Developing policies and procedures (legal issues) Creating a data privacy policy for employees and clients Document legal basis for having the data Establish codes of conduct for collecting and handling data Examine outside third-party contracts with other suppliers Maintenance Updating data – you need to ensure data you hold is updated Update privacy notices and procedures as GDPR changes Update contracts as needed.

Kommende Kurse

Other regions

Internet Security Schulung, Internet Security boot camp, Internet Security Abendkurse, Internet Security Wochenendkurse , Internet Security Coaching, Internet Security Seminare, Internet Security Lehrer , Internet Security Seminar, Internet Security Training, Internet Security Privatkurs

Spezialangebote

Course Ort Schulungsdatum Kurspreis (Fernkurs / Schulungsraum)
Training Neural Network in R Zürich Di, 2017-11-21 09:30 1872EUR / 2372EUR
Semantic Web Überblick Zürich Mi, 2017-11-29 09:30 972EUR / 1322EUR
Tomcat Bern Mo, 2018-02-05 09:30 2475EUR / 3125EUR
Drools Rules Administration Bern Mi, 2018-02-28 09:30 2961EUR / 3611EUR
Ubuntu Server Überblick Bern Di, 2018-03-27 09:30 891EUR / 1241EUR

Course Discounts Newsletter

We respect the privacy of your email address. We will not pass on or sell your address to others.
You can always change your preferences or unsubscribe completely.

EINIGE UNSERER KUNDEN