Security Management Training Courses

Security Management Training

Security Management courses

Testi...Client Testimonials

CISM - Certified Information Security Manager

communication skills of the trainer

Flavio Guerrieri - RANDSTAD ITALIA SPA Attention: Anna Ceriani Purchasing Specialist

Security Management Course Outlines

Code Name Duration Overview
iso27005 Building up information security according to ISO 27005 21 hours This course will give you the skills to build up information security according to ISO 27005, which is dedicated to information security risk management based on ISO 27001.1. Introduction to risk management 2. Risk assessment methodologies 3. The ISO 27005 information security risk management framework and process model 4. Classification and identification of information assets 5. Definition of threats to information assets 6. Identification of the vulnerabilities these threats might exploit 7. Risk analysis: risk scoring using scales and simple calculations 8. An introduction to risk analysis tools 9. Risk evaluation and acceptance strategies 10. Risk treatment and the selection of mitigating control measures 11. Review and continual improvement of risk assessment and management 12. Risk communications and consultation 13. Integrating the ISO 27005 information security risk management framework into an ISO 27001 ISMS
ethhack Ethical Hacker 35 hours This class will immerse the students into an interactive environment where they will be shown how to scan, test, hack and secure their own systems. The lab intensive environment gives each student in-depth knowledge and practical experience with the current essential security systems. Students will begin by understanding how perimeter defenses work and then be lead into scanning and attacking their own networks, no real network is harmed. Students then learn how intruders escalate privileges and what steps can be taken to secure a system. Students will also learn about Intrusion Detection, Policy Creation, Social Engineering, DDoS Attacks, Buffer Overflows and Virus Creation. When a student leaves this intensive 5 day class they will have hands on understanding and experience in Ethical Hacking. The purpose of the Ethical Hacking Training is to: Establish and govern minimum standards for credentialing professional information security specialists in ethical hacking measures. Inform the public that credentialed individuals meet or exceed the minimum standards. Reinforce ethical hacking as a unique and self-regulating profession. Audience: The Course is ideal for those working in positions such as, but not limited to: Security Engineers Security Consultants Security Managers IT Director/Managers Security Auditors IT Systems Administrators IT Network Administrators Network Architects Developers 01. Introduction to Ethical Hacking 02. Footprinting and Reconnaissance 03. Scanning Networks & Systems 04. Windows Hacking 05. Linux Hacking 06. Viruses, Worms, Trojans and Malware 07. Sniffing and MITM 08. Social Engineering 09. Denial-of-Service and DDOS 10. Web Hacking 11. Hacking Web Applications 12. SQL Injection and Cross Site Scripts 13. Hacking Wireless Networks 14. Android Hacking 15. Cryptography
devopssecurity DevOps Security: Creating a DevOps security strategy 7 hours DevOps is a software development approach that aligns application development with IT operations. Some of the tools that have emerged to support DevOps include: automation tools, containerization and orchestration platforms. Security has not kept up with these developments. In this course, participants will learn how to formulate the proper security strategy to face the DevOps security challenge. Audience     Devops engineers     Security engineers Format of the course     Part lecture, part discussion, some hands-on practice Introduction     How DevOps creates more security risk for organizations         The price of agility, speed and de-centralized control Inadequacies of traditional security tools     Security policies     Firewall rules     Lack of APIs for integration     Lack of visualization tools Implementing a DevOps-ready security program Aligning security with business goals Removing the security bottleneck Implementing detailed visibility Standardizing security configurations Adding sensors into the application     Interactive Application Security Testing     Runtime Application Self-Protection Providing security data to DevOps tools through RESTful APIs On-demand scaling, micro-perimeterization of security controls Per-resource granular security policies Automating attacks against pre-production code Continually testing the production environment Protecting web applications from an Agile/DevOps perspective Securing containers and clouds Embracing next generation automated security tools The future of DevOps and its strategic role in security Closing remarks
cissp CISSP - Certified Information Systems Security Professional 35 hours Overview: Certified Information Systems Security Professional certification is recognised as a key qualification for developing a senior career in information security, audit and IT governance management. Held by over 30,000 qualified professionals worldwide, the Certified Information Systems Security Professional qualification shows proven knowledge and is the key to a higher earning potential in roles that include CISO, CSO and senior security manager. You will learn to: Use the knowledge gained in a practical manner beneficial to your organisation Protect your organisational assets using access control techniques and strengthen confidentiality and integrity controls from the world of cryptography Secure your network architecture and design (implement Cyber security) Achieve your organisational objectives such as legal & compliance, Information assurance, security and data governance Enhance IT services secure delivery via Security operations, architecture and design principles Implement business resiliency via Business Continuity Plan You will gain a thorough understanding of the 8 domains as prescribed by (ISC)2® The Main Goal: To pass your CISSP examination first time. Target Audience: This training is intended for individuals preparing for the CISSP certification exam. The Domains of the ISC2 CISSP Certifications: Security and Risk Management Asset Security Security Engineering Communications and Network Security Identity and Access Management Security Assessment and Testing Security Operations Software Development Security
cismp CISMP - Certificate in Information Security Management Principles 35 hours A thorough, practical, 5 day course designed to provide the knowledge and skills required to manage information security, information assurance or information risk based processes. The CISMP course is aligned with the latest national information assurance frameworks (IAMM), as well as ISO/IEC 27002 & 27001; the code of practice and standard for information security. This course is a CESG Certified Training (CCT) course. The course follows the latest BCS syllabus and prepares delegates for the 2 hour multiple choice BCS examination which is sat on the afternoon of the last day of the course. This qualification provides delegates with detailed knowledge of the concepts relating to information security; (confidentiality, integrity, availability, vulnerability, threats, risks and countermeasures), along with an understanding of current legislation and regulations which impact information security management. Award holders will be able to apply the practical principles covered throughout the course ensuring normal business processes become robust and more secure. The need for Information Security Information Security Management System (ISMS) concepts & definitions Information risk management Corporate governance Organisational responsibilities Policies, standards & procedures ISO/IEC 27002, 27001 & 13335 Information security controls Incident management Legal framework - personal data, DPA, CMA, IPR & copyright, HR & employment issues Cryptographic models Data Communications & networks Physical security Auditing & gap analysis Training & raising awareness Business continuity Security investigations & forensics Examination  
cism CISM - Certified Information Security Manager 28 hours Description:; CISM® is the most prestigious and demanding qualification for Information Security Managers around the globe today. This qualification provides you with a platform to become part of an elite peer network who have the ability to constantly learn and relearn the growing opportunities/ challenges in Information Security Management. Our CISM training methodology provides an in-depth coverage of contents across the Four CISM domains with a clear focus on building concepts and solving ISACA released CISM exam questions. The course is an intense training and hard-core exam preparation for ISACA’s Certified Information Security Manager (CISM®) Examination. We have delivered more than 100+ CISM training events in the United Kingdom and Europe. Our instructors encourage all attending delegates to go through the ISACA released CISM QA&E (Questions, Answers and Explanations) as exam preparation - you get this FREE as part of our course. The QA&E is exceptional in helping delegates understand the ISACA style of questions, approach to solving these questions and it helps rapid memory assimilation of the CISM concepts during live classroom sessions. All our trainers have extensive experience in delivering CISM training. We will thoroughly prepare you for the CISM examination. If you do not pass first time, then join us again for exam preparation free of charge. Goal: The ultimate goal is to pass your CISM examination first time. Objectives: Use the knowledge gained in a practical manner beneficial to your organisation Establish and maintain an Information security governance framework to achieve your organization goals and objectives Manage Information risk to an acceptable level to meet the business and compliance requirements Establish and maintain information security architectures (people, process, technology) Integrate information security requirements into contracts and activities of third parties/ suppliers Plan, establish and manage the capability to detect, investigate, respond to and recover from information security incidents to minimize business impact Target Audience: Security professionals with 3-5 years of front-line experience; Information security managers or those with management responsibilities; Information security staff, information security assurance providers who require an in-depth understanding of information security management including: CISO's, CIO's, CSO's, privacy officers, risk managers, security auditors and compliance personnel, BCP / DR personnel, executive and operational managers responsible for assurance functions. Domain 1—Information Security Governance (24%) Establish and maintain an information security governance framework and supporting processes to ensure that the information security strategy is aligned with organizational goals and objectives, information risk is managed appropriately and program resources are managed responsibly. 1.1 Establish and maintain an information security strategy in alignment with organizational goals and objectives to guide the establishment and ongoing management of the information security program. 1.2 Establish and maintain an information security governance framework to guide activities that support the information security strategy. 1.3 Integrate information security governance into corporate governance to ensure that organizational goals and objectives are supported by the information security program. 1.4 Establish and maintain information security policies to communicate management’s directives and guide the development of standards, procedures and guidelines. 1.5 Develop business cases to support investments in information security. 1.6 Identify internal and external influences to the organization (for example, technology, business environment, risk tolerance, geographic location, legal and regulatory requirements) to ensure that these factors are addressed by the information security strategy. 1.7 Obtain commitment from senior management and support from other stakeholders to maximize the probability of successful implementation of the information security strategy. 1.8 Define and communicate the roles and responsibilities of information security throughout the organization to establish clear accountabilities and lines of authority. 1.9 Establish, monitor, evaluate and report metrics (for example, key goal indicators [KGIs], key performance indicators [KPIs], key risk indicators [KRIs]) to provide management with accurate information regarding the effectiveness of the information security strategy. Domain 2—Information Risk Management and Compliance (33%) Manage information risk to an acceptable level to meet the business and compliance requirements of the organization. 2.1 Establish and maintain a process for information asset classification to ensure that measures taken to protect assets are proportional to their business value. 2.2 Identify legal, regulatory, organizational and other applicable requirements to manage the risk of noncompliance to acceptable levels. 2.3 Ensure that risk assessments, vulnerability assessments and threat analyses are conducted periodically and consistently to identify risk to the organization’s information. 2.4 Determine appropriate risk treatment options to manage risk to acceptable levels. 2.5 Evaluate information security controls to determine whether they are appropriate and effectively mitigate risk to an acceptable level. 2.6 Identify the gap between current and desired risk levels to manage risk to an acceptable level. 2.7 Integrate information risk management into business and IT processes (for example, development, procurement, project management, mergers and acquisitions) to promote a consistent and comprehensive information risk management process across the organization. 2.8 Monitor existing risk to ensure that changes are identified and managed appropriately. 2.9 Report noncompliance and other changes in information risk to appropriate management to assist in the risk management decision-making process. Domain 3—Information Security Program Development and Management (25%) Establish and manage the information security program in alignment with the information security strategy. 3.1 Establish and maintain the information security program in alignment with the information security strategy. 3.2 Ensure alignment between the information security program and other business functions (for example, human resources [HR], accounting, procurement and IT) to support integration with business processes. 3.3 Identify, acquire, manage and define requirements for internal and external resources to execute the information security program. 3.4 Establish and maintain information security architectures (people, process, technology) to execute the information security program. 3.5 Establish, communicate and maintain organizational information security standards, procedures, guidelines and other documentation to support and guide compliance with information security policies. 3.6 Establish and maintain a program for information security awareness and training to promote a secure environment and an effective security culture. 3.7 Integrate information security requirements into organizational processes (for example, change control, mergers and acquisitions, development, business continuity, disaster recovery) to maintain the organization’s security baseline. 3.8 Integrate information security requirements into contracts and activities of third parties (for example, joint ventures, outsourced providers, business partners, customers) to maintain the organization’s security baseline. 3.9 Establish, monitor and periodically report program management and operational metrics to evaluate the effectiveness and efficiency of the information security program. Domain 4—Information Security Incident Management (18%) Plan, establish and manage the capability to detect, investigate, respond to and recover from information security incidents to minimize business impact. 4.1 Establish and maintain an organizational definition of, and severity hierarchy for, information security incidents to allow accurate identification of and response to incidents. 4.2 Establish and maintain an incident response plan to ensure an effective and timely response to information security incidents. 4.3 Develop and implement processes to ensure the timely identification of information security incidents. 4.4 Establish and maintain processes to investigate and document information security incidents to be able to respond appropriately and determine their causes while adhering to legal, regulatory and organizational requirements. 4.5 Establish and maintain incident escalation and notification processes to ensure that the appropriate stakeholders are involved in incident response management. 4.6 Organize, train and equip teams to effectively respond to information security incidents in a timely manner. 4.7 Test and review the incident response plan periodically to ensure an effective response to information security incidents and to improve response capabilities. 4.8 Establish and maintain communication plans and processes to manage communication with internal and external entities. 4.9 Conduct post-incident reviews to determine the root cause of information security incidents, develop corrective actions, reassess risk, evaluate response effectiveness and take appropriate remedial actions. 4.10 Establish and maintain integration among the incident response plan, disaster recovery plan and business continuity plan.
cisa CISA - Certified Information Systems Auditor 28 hours Description: CISA® is the world-renowned and most popular certification for professionals working in the field of IS audit and IT risk consulting. Our CISA course is an intense, very competitive and exam focused training course. With experience of delivering more than 150+ CISA trainings in Europe and around the world and training more than 1200+ CISA delegates, the Net Security CISA training material has been developed in house with the top priority of ensuring CISA delegates pass the ISACA CISA® Exam. The training methodology focuses on understanding the CISA IS auditing concepts and practicing large number of ISACA released question banks from the last three years. Over a period, CISA holders have been in huge demand with renowned accountings firms, global banks, advisory, assurance, and internal audit departments. Delegates may have years of experience in IT auditing but perspective towards solving CISA questionnaires will solely depend on their understanding to globally accepted IT assurance practices. CISA exam is very challenging because the possibility of a very tight clash between two possible answers exists and that is where ISACA tests you on your understanding in global IT auditing practices. To address these exam challenges, we always provide the best trainers who have extensive experience in delivering CISA training around the world. The Net Security CISA manual covers all exam-relevant concepts, case studies, Q&A's across CISA five domains. Further, the Trainer shares the key CISA supporting material like relevant CISA notes, question banks, CISA glossary, videos, revision documents, exam tips, and CISA mind maps during the course. Goal: The ultimate goal is to pass your CISA examination first time. Objectives: Use the knowledge gained in a practical manner beneficial to your organisation Provide audit services in accordance with IT audit standards Provide assurance on leadership and organizational structure and processes Provide assurance on acquisition/ development, testing and implementation of IT assets Provide assurance on IT operations including service operations and third party Provide assurance on organization’s security policies, standards, procedures, and controls to ensure confidentiality, integrity, and availability of information assets. Target Audience: Finance/CPA professionals, I.T. professionals, Internal & External auditors, Information security, and risk consulting professionals. Domain 1—The Process of Auditing Information Systems (14%) Provide audit services in accordance with IT audit standards to assist the organization in protecting and controlling information systems. 1.1 Develop and implement a risk-based IT audit strategy in compliance with IT audit standards to ensure that key areas are included. 1.2 Plan specific audits to determine whether information systems are protected, controlled and provide value to the organization. 1.3 Conduct audits in accordance with IT audit standards to achieve planned audit objectives. 1.4 Report audit findings and make recommendations to key stakeholders to communicate results and effect change when necessary. 1.5 Conduct follow-ups or prepare status reports to ensure appropriate actions have been taken by management in a timely manner. Domain 2—Governance and Management of IT (14%) Provide assurance that the necessary leadership and organization structure and processes are in place to achieve objectives and to support the organization's strategy. 2.1 Evaluate the effectiveness of the IT governance structure to determine whether IT decisions, directions and performance support the organization’s strategies and objectives. 2.2 Evaluate IT organizational structure and human resources (personnel) management to determine whether they support the organization’s strategies and objectives. 2.3 Evaluate the IT strategy, including the IT direction, and the processes for the strategy’s development, approval, implementation and maintenance for alignment with the organization’s strategies and objectives. 2.4 Evaluate the organization’s IT policies, standards, and procedures, and the processes for their development, approval, implementation, maintenance, and monitoring, to determine whether they support the IT strategy and comply with regulatory and legal requirements. 2.5 Evaluate the adequacy of the quality management system to determine whether it supports the organization’s strategies and objectives in a cost-effective manner. 2.6 Evaluate IT management and monitoring of controls (e.g., continuous monitoring, QA) for compliance with the organization’s policies, standards and procedures. 2.7 Evaluate IT resource investment, use and allocation practices, including prioritization criteria, for alignment with the organization’s strategies and objectives. 2.8 Evaluate IT contracting strategies and policies, and contract management practices to determine whether they support the organization’s strategies and objectives. 2.9 Evaluate risk management practices to determine whether the organization’s IT-related risks are properly managed. 2.10 Evaluate monitoring and assurance practices to determine whether the board and executive management receive sufficient and timely information about IT performance. 2.11 Evaluate the organization’s business continuity plan to determine the organization’s ability to continue essential business operations during the period of an IT disruption. Domain 3—Information Systems Acquisition, Development, and Implementation (19%) Provide assurance that the practices for the acquisition, development, testing, and implementation of information systems meet the organization’s strategies and objectives. 3.1 Evaluate the business case for the proposed investments in information systems acquisition, development, maintenance and subsequent retirement to determine whether it meets business objectives. 3.2 Evaluate the project management practices and controls to determine whether business requirements are achieved in a cost-effective manner while managing risks to the organization. 3.3 Conduct reviews to determine whether a project is progressing in accordance with project plans, is adequately supported by documentation and status reporting is accurate. 3.4 Evaluate controls for information systems during the requirements, acquisition, development and testing phases for compliance with the organization's policies, standards, procedures and applicable external requirements. 3.5 Evaluate the readiness of information systems for implementation and migration into production to determine whether project deliverables, controls and organization's requirements are met. 3.6 Conduct post-implementation reviews of systems to determine whether project deliverables, controls and organization's requirements are met. Domain 4—Information Systems Operations, Maintenance and Support (23%) Provide assurance that the processes for information systems operations, maintenance and support meet the organization’s strategies and objectives. 4.1 Conduct periodic reviews of information systems to determine whether they continue to meet the organization’s objectives. 4.2 Evaluate service level management practices to determine whether the level of service from internal and external service providers is defined and managed. 4.3 Evaluate third party management practices to determine whether the levels of controls expected by the organization are being adhered to by the provider. 4.4 Evaluate operations and end-user procedures to determine whether scheduled and non-scheduled processes are managed to completion. 4.5 Evaluate the process of information systems maintenance to determine whether they are controlled effectively and continue to support the organization’s objectives. 4.6 Evaluate data administration practices to determine the integrity and optimization of databases. 4.7 Evaluate the use of capacity and performance monitoring tools and techniques to determine whether IT services meet the organization’s objectives. 4.8 Evaluate problem and incident management practices to determine whether incidents, problems or errors are recorded, analyzed and resolved in a timely manner. 4.9 Evaluate change, configuration and release management practices to determine whether scheduled and non-scheduled changes made to the organization’s production environment are adequately controlled and documented. 4.10 Evaluate the adequacy of backup and restore provisions to determine the availability of information required to resume processing. 4.11 Evaluate the organization’s disaster recovery plan to determine whether it enables the recovery of IT processing capabilities in the event of a disaster. Domain 5—Protection of Information Assets (30%) Provide assurance that the organization’s security policies, standards, procedures and controls ensure the confidentiality, integrity and availability of information assets. 5.1 Evaluate the information security policies, standards and procedures for completeness and alignment with generally accepted practices. 5.2 Evaluate the design, implementation and monitoring of system and logical security controls to verify the confidentiality, integrity and availability of information. 5.3 Evaluate the design, implementation, and monitoring of the data classification processes and procedures for alignment with the organization’s policies, standards, procedures, and applicable external requirements. 5.4 Evaluate the design, implementation and monitoring of physical access and environmental controls to determine whether information assets are adequately safeguarded. 5.5 Evaluate the processes and procedures used to store, retrieve, transport and dispose of information assets (e.g., backup media, offsite storage, hard copy/print data, and softcopy media) to determine whether information assets are adequately safeguarded.
cybersecfun Cybersecurity Fundamentals 28 hours Description: Cybersecurity skills are in high demand, as threats continue to plague enterprises around the world. An overwhelming majority of professionals surveyed by ISACA recognise this and plan to work in a position that requires cybersecurity knowledge. To fill this gap, ISACA has developed the Cybersecurity Fundamentals Certificate, which provides education and verification of skills in this area. Objectives: With cybersecurity threats continuing to rise and the shortage of appropriately-equipped security professionals growing worldwide, ISACA's Cybersecurity Fundamentals Certificate programme is the perfect way to quickly train entry-level employees and ensure they have the skills and knowledge they need to successfully operate in the Cyber arena. Target Audience: The certificate program is also one of the best ways to gain foundational knowledge in cybersecurity and begin to build your skills and knowledge in this crucial area. DOMAIN 1: CYBERSECURITY CONCEPTS 1.1 Knowledge of information assurance (IA) principles used to manage risks related to the use, processing, storage and transmission of information or data. 1.2 Knowledge of security management. 1.3 Knowledge of risk management processes, including steps and methods for assessing risk. 1.4 Knowledge of the organization’s enterprise information technology (IT) goals and objectives. 1.5 Knowledge of different operational threat environments (e.g., first generation [script kiddies], second generation [non-nation state sponsored] and third generation [nation state sponsored]). 1.6 Knowledge of information assurance (IA) principles and organizational requirements that are relevant to confidentiality, integrity, availability, authentication and non-repudiation. 1.7 Knowledge of common adversary tactics, techniques, and procedures (TTPs) in assigned area of responsibility (e.g., historical country-specific TTPs, emerging capabilities). 1.8 Knowledge of different classes of attacks (e.g., passive, active, insider, close-in, distribution). 1.9 Knowledge of relevant laws, policies, procedures and governance requirements. 1.10 Knowledge of relevant laws, policies, procedures or governance as they relate to work that may impact critical infrastructure. DOMAIN 2: CYBERSECURITY ARCHITECTURE PRINCIPLES 2.1 Knowledge of network design processes, to include understanding of security objectives, operational objectives and tradeoffs. 2.2 Knowledge of security system design methods, tools and techniques. 2.3 Knowledge of network access, identity and access management (e.g., public key infrastructure [PKI]). 2.4 Knowledge of information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption). 2.5 Knowledge of current industry methods for evaluating, implementing and disseminating information technology (IT) security assessment, monitoring, detection and remediation tools and procedures, utilizing standards-based concepts and capabilities. 2.6 Knowledge of network security architecture concepts, including topology, protocols, components and principles (e.g., application of defence in depth). 2.7 Knowledge of malware analysis concepts and methodology. 2.8 Knowledge of intrusion detection methodologies and techniques for detecting host-and network- based intrusions via intrusion detection technologies. 2.9 Knowledge of defence in depth principles and network security architecture. 2.10 Knowledge of encryption algorithms (e.g., internet Protocol Security [IPSEC], Advanced Encryption Standard [AES], Generic Routing Encapsulation [GRE]). 2.11 Knowledge of cryptology. 2.12 Knowledge of encryption methodologies. 2.13 Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol and Internet Protocol [ITCP/IP], Open System Interconnection model [OSI]). 2.14 Knowledge of network protocols (e.g., Transmission Control Protocol and Internet Protocol DOMAIN 3: SECURITY OF NETWORK, SYSTEM, APPLICATION AND DATA 3.1 Knowledge of computer network defence (CND) and vulnerability assessment tools, including open source tools, and their capabilities. 3.2 Knowledge of basic system administration, network and operating system hardening techniques. 3.3 Knowledge of risk associated with virtualizations. 3.4 Knowledge of penetration testing principles, tools and techniques (e.g., metasploit, neosploit). 3.5 Knowledge of network systems management principles, models, methods (e.g., end-to-end systems performance monitoring) and tools. 3.6 Knowledge of remote access technology concepts. 3.7 Knowledge of systems administration concepts. 3.8 Knowledge of Unix command line. 3.9 Knowledge of system and application security threats and vulnerabilities. 3.10 Knowledge of system lifecycle management principles, including software security and usability. 3.11 Knowledge of local specialized system requirements (e.g., critical infrastructure systems that may not use standard information technology [IT]) for safety, performance and reliability. 3.12 Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code). 3.13 Knowledge of social dynamics of computer attackers in a global context. 3.14 Knowledge of secure configuration management techniques. 3.15 Knowledge of capabilities and applications of network equipment including hubs, routers, switches, bridges, servers, transmission media and related hardware. 3.16 Knowledge of communication methods, principles and concepts that support the network infrastructure. 3.17 Knowledge of the common networking protocols (e.g., Transmission Control Protocol and Internet Protocol [TCP/IP]) and services (e.g., web, mail, Domain Name System [DNS]) and how they interact to provide network communications. 3.18 Knowledge of different types of network communication (e.g., Local Area Network [LAN], Wide Area Network [WAN], Metropolitan Area Network [MAN], Wireless Local Area Network [WLAN], Wireless Wide Area Network [WWAN]). 3.19 Knowledge of virtualization technologies and virtual machine development and maintenance. 3.20 Knowledge of application vulnerabilities. 3.21 Knowledge of information assurance (IA) principles and methods that apply to software development. 3.22 Knowledge of risk threat assessment. DOMAIN 4: INCIDENT RESPONSE 4.1 Knowledge of incident categories, incident responses and timelines for responses. 4.2 Knowledge of disaster recovery and continuity of operations plans. 4.3 Knowledge of data backup, types of backups (e.g., full, incremental) and recovery concepts and tools. 4.4 Knowledge of incident response and handling methodologies. 4.5 Knowledge of security event correlation tools. 4.6 Knowledge of investigative implications of hardware, operating systems and network technologies. 4.7 Knowledge of processes for seizing and preserving digital evidence (e.g., chain of custody). 4.8 Knowledge of types of digital forensics data and how to recognize them. 4.9 Knowledge of basic concepts and practices of processing digital forensic data. 4.10 Knowledge of anti-forensics tactics, techniques, and procedures (TTPS). 4.11 Knowledge of common forensic tool configuration and support applications (e.g., VMWare, Wireshark). 4.12 Knowledge of network traffic analysis methods. 4.13 Knowledge of which system files (e.g., log files, registry files, configuration files) contain relevant information and where to find those system files. DOMAIN 5: SECURITY OF EVOLVING TECHNOLOGY 5.1 Knowledge of new and emerging information technology (IT) and information security technologies. 5.2 Knowledge of emerging security issues, risks, and vulnerabilities. 5.3 Knowledge of risk associated with mobile computing. 5.4 Knowledge of cloud concepts around data and collaboration. 5.5 Knowledge of risk of moving applications and infrastructure to the cloud. 5.6 Knowledge of risk associated with outsourcing 5.7 Knowledge of supply chain risk management processes and practices
pki Public Key Infrastructure 21 hours The training is directed to all operating systems administrators, who plan to implement a public key infrastructure based on MS Windows Server 2012 R2 and plan to use qualified electronic signature certificates.  The participants will learn about the basic issues related to the implementation of public key infrastructure, and also with the idea of ​​applying the latest cryptographic solutions for securing information systems.  On the basis of MS Windows Server 2012 R2 are discussed possibilities of using certification services for the enterprise.During the training in a virtual environment is installed complete certification center and discuss the most important issues related to the management and administration of public key infrastructure in an Active Directory domain. The training includes theoretical and practical knowledge on the use of electronic signatures issued by certification centers in Poland under the "Act on Electronic Signatures." These are legal issues, legal requirements, as well as examples of the use of certificates of electronic signatures in Poland. The participants will gain the knowledge needed to create electronic correspondence relating to communication with the public authorities and other services that allow or require the use of a type of ID. Theory Fundamentals of Information Security verification of identity Features and characteristics of electronic documents Basics of cryptography Implementations of solutions cryptographic systems certification center Certification Path and trust Certificates qualified and unqualified Verification of electronic signatures Renewing and revoking certificates Legal issues use of electronic signatures The use of electronic signature certificates in Poland (e-government, e-invoice, etc.). e-PUAP profile and trusted Practical Basic Administration and security of Windows Server 2008R2 / 2012R2 Configuration tools BitLocker and TrueCrypt Installation and configuration of Certification Center in the Active Directory domain Managing certificates on Windows 7/8 / 8.1,10 Certificate management for cryptographic cards Signing and encrypting of electronic documents Time stamping of electronic documents Signing and encrypting e-mail Log in to the system using smart cards Configuring SSL certificates for websites Configuring EFS Configuring IPSec Signing PowerShell scripts using certificates codesign Summary

Upcoming Courses

CourseCourse DateCourse Price [Remote / Classroom]
DevOps Security: Creating a DevOps security strategy - Belfast City CentreTue, 2017-10-31 09:30£1100 / £1350

Other regions

Weekend Security Management courses, Evening Security Management training, Security Management boot camp, Security Management instructor-led , Security Management private courses, Security Management instructor,Weekend Security Management training, Security Management one on one training , Security Management on-site, Security Management coaching, Security Management trainer , Evening Security Management courses, Security Management classes

Course Discounts

Course Discounts Newsletter

We respect the privacy of your email address. We will not pass on or sell your address to others.
You can always change your preferences or unsubscribe completely.

Some of our clients