6477 Awareness courses in Cardiff delivered Online

Duration 2 Days 12 CPD hours This course is intended for The intended audience for this comprehensive course on Information Assurance and STIGs includes professionals with roles such as: IT professionals - System administrators, network engineers, and security analysts who are responsible for maintaining and securing IT infrastructure and web applications. Developers - Software engineers and web developers who design, implement, and maintain web applications, and need to integrate security best practices throughout the development process. Project teams - Cross-functional teams that collaborate on application development projects, including members from development, testing, and deployment teams. Technical leads - Senior software engineers or architects who oversee technical aspects of projects and ensure the implementation of secure design and coding practices. Project managers - Professionals responsible for planning, executing, and closing projects, ensuring that security requirements are met throughout the project lifecycle. Overview Working in an interactive learning environment, guided by our application security expert, you'll explore: The concepts and terminology behind defensive coding Threat Modeling as a tool in identifying software vulnerabilities based on realistic threats against meaningful assets The entire spectrum of threats and attacks that take place against software applications in today's world The role that static code reviews and dynamic application testing to uncover vulnerabilities in applications The vulnerabilities of programming languages as well as how to harden installations The basics of Cryptography and Encryption and where they fit in the overall security picture The requirements and best practices for program management as specified in the STIGS The processes and measures associated with the Secure Software Development (SSD) The basics of security testing and planning Understand the concepts and terminology behind defensive coding Understand Threat Modeling as a tool in identifying software vulnerabilities based on realistic threats against meaningful assets Learn the entire spectrum of threats and attacks that take place against software applications in today's world Discuss the role that static code reviews and dynamic application testing to uncover vulnerabilities in applications Understand the vulnerabilities of programming language as well as how to harden installations Understand the basics of Cryptography and Encryption and where they fit in the overall security picture Understand the fundamentals of XML Digital Signature and XML Encryption as well as how they are used within the web services arena Understand the requirements and best practices for program management as specified in the STIGS Understand the processes and measures associated with the Secure Software Development (SSD) Understand the basics of security testing and planning The Information Assurance (STIG) Overview is a comprehensive two-day course that delves into the realm of Information Assurance, empowering you to enhance your cybersecurity skills, understand the essentials of STIGs, and discover cutting-edge web application security practices. This immersive experience is tailored for IT professionals, developers, project teams, technical leads, project managers, testing/QA personnel, and other key stakeholders who seek to expand their knowledge and expertise in the evolving cybersecurity landscape. The course focuses on the intricacies of best practices for design, implementation, and deployment, inspired by the diverse and powerful STIGs, ultimately helping participants become more proficient in application security.The first half of the course covers the foundations of DISA's Security Technical Implementation Guides (STIGs) and learn the ethical approach to bug hunting, while exploring the language of cybersecurity and dissecting real-life case studies. Our expert instrtors will guide you through the importance of respecting privacy, working with bug bounty programs, and avoiding common mistakes in the field.The next half delves into the core principles of information security and application protection, as you learn how to identify and mitigate authentication failures, SQL injections, and cryptographic vulnerabilities. You?ll gain experience with STIG walkthroughs and discover the crucial steps for securing web applications.Throughout the course, you'll also explore the fundamentals of application security and development, including checklists, common practices, and secure development lifecycle (SDL) processes. You?ll learn from recent incidents and acquire actionable strategies to strengthen your project teams and IT organizations. You'll also have the opportunity to explore asset analysis and design review methodologies to ensure your organization is prepared to face future cybersecurity challenges. DISA's Security Technical Implementation Guides (STIGs) The motivations behind STIGs Requirements that the various software development roles must meet Implementing STIG requirements and guidelines Why Hunt Bugs? The Language of CyberSecurity The Changing Cybersecurity Landscape AppSec Dissection of SolarWinds The Human Perimeter Interpreting the 2021 Verizon Data Breach Investigation Report First Axiom in Web Application Security Analysis First Axiom in Addressing ALL Security Concerns Lab: Case Study in Failure Safe and Appropriate Bug Hunting/Hacking Working Ethically Respecting Privacy Bug/Defect Notification Bug Bounty Programs Bug Hunting Mistakes to Avoid Principles of Information Security Secuity Is a Lifecycle Issue Minimize Attack Surface Area Layers of Defense: Tenacious D Compartmentalize Consider All Application States Do NOT Trust the Untrusted Identification and Authentication Failures Applicable STIGs Quality and Protection of Authentication Data Proper hashing of passwords Handling Passwords on Server Side Session Management HttpOnly and Security Headers Lab: STIG Walk-Throughs Injection Applicable STIGs Injection Flaws SQL Injection Attacks Evolve Drill Down on Stored Procedures Other Forms of Server-Side Injection Minimizing Injection Flaws Client-side Injection: XSS Persistent, Reflective, and DOM-Based XSS Best Practices for Untrusted Data Lab: STIG Walk-Throughs Applications: What Next? Common Vulnerabilities and Exposures CWE/SANS Top 25 Most Dangerous SW Errors Strength Training: Project Teams/Developers Strength Training: IT Organizations Cryptographic Failures Applicable STIGs Identifying Protection Needs Evolving Privacy Considerations Options for Protecting Data Transport/Message Level Security Weak Cryptographic Processing Keys and Key Management Threats of Quantum Computing Steal Now, Crack Later Threat Lab: STIG Walk-Throughs Application Security and Development Checklists Checklist Overview, Conventions, and Best Practices Leveraging Common AppSec Practices and Control Actionable Application Security Additional Tools for the Toolbox Strength Training: Project Teams/Developers Strength Training: IT Organizations Lab: Recent Incidents SDL Overview Attack Phases: Offensive Actions and Defensive Controls Secure Software Development Processes Shifting Left Actionable Items Moving Forward Lab: Design Study Review Asset Analysis Asset Analysis Process Types of Application-Related Assets Adding Risk Escalators Discovery and Recon Design Review Asset Inventory and Design Assets, Dataflows, and Trust Boundaries Risk Escalators in Designs Risk Mitigation Options

Duration 0.5 Days 3 CPD hours This course is intended for This course is designed for all users of computers, mobile devices, networks, and the Internet, to enable them to use technology more securely and minimize digital risks, regardless of technical ability. This course is also designed for you to prepare for the CyberSAFE credential. You can obtain your CyberSAFE certificate by completing the CyberSAFE credential process on the CHOICE platform following the course presentation. Overview In this course, you will identify many of the common risks involved in using conventional computing technology, as well as ways to use it safely, to protect yourself from those risks. You will: Identify security compliance measures. Address social engineering attempts. Secure devices such as desktops, laptops, tablets, smartphones, and more. Use the Internet securely. Welcome to CyberSAFE: Exam CBS-410. Regardless of your computer experience, this class will help you become more aware of technology-related risks and what you can do to protect yourself and your organization from them. This course will help you to:Understand both security and compliance needs and requirements.Recognize and avoid phishing and other social engineering attempts.Recognize and avoid viruses, ransomware, and other malware.Help ensure data security on computers, mobile devices, networks, the Internet, and in the cloud.In this course, you will use discussions, case studies, and the experiences of your instructor and fellow students to explore the hazards and pitfalls of technology and learn how to use that technology safely and securely. Identifying Security Compliance Measures Topic A: Identify Organizational Compliance Requirements and Resources Topic B: Identify Legal Compliance Requirements and Resources Topic C: Identify Industry Compliance Requirements and Resources Recognizing and Addressing Social Engineering Attacks Topic A: Recognize Phishing and Other Social Engineering Attacks Topic B: Defend Against Phishing and Other Social Engineering Attacks Securing Devices Topic A: Maintain Physical Security of Devices Topic B: Use Secure Authentication Methods Topic C: Protect Your Data Topic D: Defend Against Malware Topic E: Use Wireless Devices Securely Using the Internet Securely Topic A: Browse the Web Safely Topic B: Use Email Securely Topic C: Use Social Networks Securely Topic D: Use Cloud Services Securely Topic E: Work from Remote Locations Securely

Free, online, 1-hour training course in the fundamentals of Understanding Dementia for both individuals and businesses. Will certify you as a Dementia Champion and meets the criteria for working towards becoming Dementia Friendly.

Duration 3 Days 18 CPD hours This course is intended for Security professionals. This module is intended for everyone who is involved in the implementation, evaluation and reporting of an information security program, such as an Information Security Manager (ISM), Information Security Officer (ISO) or a Line Manager, Process Manager or Project Manager with security responsibilities. Basic knowledge of Information Security is recommended, for instance through the EXIN Information Security Foundation based on ISO/IEC 27001 certification. Overview The module Information Security Management Professional based on ISO/IEC 27001 (ISMP.EN) tests understanding of the organizational and managerial aspects of information security.The subjects of this module are: Information security perspectives: business, customer, service provider/supplier Risk Management: analysis, controls, remaining risks Information security controls: organizational, technical, physical. Information security is the preservation of confidentiality, integrity and availability of information (ISO/IEC 27000 definition). Information security is gaining importance in the Information Technology (IT) world. Globalization of the economy is leading to an ever-increasing exchange of information between organizations (their staff, customers and suppliers) and an explosion in the use of networked computers and computing devices. The core activities of many companies completely rely on IT. Enterprise resource planning (ERP) management systems, the control systems that govern how a building runs or a manufacturing machine functions, day-to-day communications - everything - runs on computers. The vast majority of information - the most valuable commodity in the world - passes through IT. Information is crucial for the continuity and proper functioning of both individual organizations and the economies they fuel; this information must be protected against access by unauthorized people, protected against accidental or malicious modification or destruction and must be available when it is needed. Companies and individual users of technology are also beginning to understand how important security is and are beginning to make choices based on the security of the technology or service. Information Security Perspectives The candidate understands the business interest of information security The canidate understands the customer perspective on governance The candidate understands the supplierïs responsibilities in security assurance Risk Mangement The candidate understands the principles of risk management The candidate knows how to control risks The candidate knows how to deal with remaining risks Information Security Controls The candidate has knowledge of organizational controls The candidate has knowledge of technical controls The candidate has knowledge of physical, employment-related and continuity controls

It is essential that those charged with responsibility for credit control and debt recovery have a full appreciation of the relevant law: no-one can negotiate effectively to recover a debt if they don't understand the ultimate sanctions they can apply. This programme is designed to give them a practical, up-to-date understanding of the law as it applies to your particular organisation. This course will help ensure that participants: Understand the relevant laws Know how and when to invoke legal processes Avoid legal pitfalls in debt collection negotiations Specific, practical learning points include: Definition of 'harassment' How to set up an in-house collection identity Whether cheques in 'full and final settlement' are binding The best steps to trace a 'gone away'... and many, many more. 1 Data protection and debt recovery There are a whole range of things which can be checked on members of the public and which are not affected by the restraints of the Data Protection Act. These will be explained in simple, clear terms so that staff can use this information immediately. 2 County Court suing The expert trainer will show how to sue for money owed, obtain judgment and commence enforcement action without leaving your desk. This module is aimed at showing how to make the Courts work for you instead of the other way around! 3 Enforcement of judgments There are many people who have a County Court Judgment (CCJ) against their debtor but who still remain unpaid. This session explains each of the enforcement methods and how to use them to best effect. Enforcement methods covered include: Warrant of Execution Using the sheriff (now known as High Court Enforcement Officers) Attachment of earnings Third Party Debt Orders Charging Orders (over property and goods) Winding-up companies and making individuals bankrupt 4 Office of Fair Trading rules on debt recovery Surprisingly few people are aware of the Office of Fair Trading rules on debt recovery and many of those that do know think they don't apply to them - but they do. Make sure you know what you need to! 5 New methods to trace elusive, absentee and 'gone away' debtors Why write the money off when you can trace the debtor and collect the money you are owed? 6 Credit checking of new and existing customers It makes sense to credit check would-be, new and existing customers to evaluate the likelihood of payment delays or perhaps not being paid at all. This session shows a range of credit checking steps, many of which can be done completely free of charge, including a sample credit application/ account opening form. 7 Late Payment of Commercial Debts Regulations Do your staff understand this legislation and how to use it to make people pay quicker than ever before? The trainer shows how. 8 The Enterprise Act The Enterprise Act made some startling changes to corporate and personal insolvency. What are the implications for credit control and debt recovery within your organisation?

Who says what's right for you? How aware are you of how much you actually drink each week? Is it more than you want it to be? Does it take the edge off your performance? Or do you just think it's time to change? This session will challenge the way you think about drink. It's not about what someone else thinks you ought to drink - it's about your own attitude to it. Take away a completely fresh way of thinking about drinking. Get some insights into 'how come' you drink what you do. Find out what you can easily do to drink less. During the session you will have the opportunity to take a fresh look at: Your drinking habits - casual/social drinking, habitual drinking, binge drinking 'How come I do this'? How we think about habits 'How could I change my drinking'?

This course follows the Institute of Occupational Safety and Health's syllabus. A one-day programme, it is suitable for all people at all levels in the workplace and gives a basic introduction to the principles of environmental management. On successful completion of the course, participants will be able to: Understand the terms 'environment' and 'pollution' Understand the terms 'hazard' and 'risk' related to the environment Better appreciate environmental issues generally, and specifically in respect of their organisation Identify hazards to the environment from working practices Outline the procedures/controls necessary to prevent damage to the environment 1 What is the environment? - putting the environment in context Key environmental issues and how we contribute Definition of the environment 2 Working with the environment What is pollution? Sources, receptors and pathways Environmental consequences workshop - identifying the environmental consequences of our working practices Environmental risk assessment Effective control mechanisms 3 Protecting the environment - Environmental Management Systems What is an Environmental Management System (EMS)? What are the benefits of having an EMS? EMS structure and models Identifying what elements of EMS your company has and how they work Roles and responsibilities 4 Choice of module Option 1: Organisation-specific moduleThis module can be used to introduce environmental concepts that are specific to your activities and operations, and will be compiled through discussion with your organisation Option 2: Environmental best practiceIf no organisation-specific module is required, or if participants from a number of organisations attend, generic operational environmental best practices can be covered instead. Areas covered include waste management, fuel storage and use, hazardous materials, emissions to air and water and environmental incidents

A thorough account of the UK and European legal framework and its requirements as regards managing environmental performance. This course will help staff to understand: The framework of UK and European legislation and its enforcement The principal features of the legislation as they apply to your organisation's activity/product/service The benefit of having an Environmental Management System such as ISO 14001 How their own actions and decisions can either expose or protect the organisation in relation to its legal obligations 1 Introduction and objectives 2 Introduction to environmental law and enforcement Sources of law (European and UK) Structure and enforcement Key legislation 3 Integrated Pollution Prevention and Control (IPPC) and Local Air Pollution and Control (LAPC) Pollution and Prevention Control Act 1999 EC Directives on PPC The meaning of BAT Transitional provisions Fit and proper persons Control of emissions to air National Air Quality Strategy 4 Packaging and producer responsibilities Who, what and how The Producer Responsibility Obligations (Packaging Waste) Regulations Obligations and exemptions Registration Recycling and recovery obligations Records Duties of the Environment Agency Offences Developments 5 Waste management National Waste Strategy Waste minimisation (re-use/recycling) Waste definition Disposal and recovery Controlled waste management Hazardous waste management 6 Proposed Legislation and EC Directives EU Commission's waste and resources strategies Implementation of ELV (End of Life Vehicles) Directive WEEE (Waste Electrical and Electronic Equipment) Directive transposition into UK legislation Other producer responsibility initiatives Other proposals from the EU 7 Conclusion Open forum Summary Close

Some 60% of injuries at work are caused by lifting heavy objects. This powerful, practical programme is designed to help stop any of your staff from becoming the next statistic. 1 Introduction and objectives 2 Overview of Health and Safety Legislation and HSE Injury Statistics Health and Safety at Work Act 1974 Management of Health and Safety at Work Regulations (MHSWR) 1992 MHSWR 1999 specific duties to risk assess Manual Handling Operations Regulations (MHOR) 1992 Breakdown of injury statistics and costs of poor manual handling 3 The musculoskeletal system explained Prevention and ill-health Ergonomics RSI The spine in detail 4 Risk assessment General principles The TILE method Employees' duties Workplace scenarios

This is an opportunity to benchmark your current and future safety and health vision and priorities in line with global models of safety, and to benefit from good practice gathered from leading organisations from around the world. Through lively discussion, debate and exercises, including benchmarking, gap analysis and case studies, leaders attending this programme deepen their understanding of how to use their skills to drive their organisation to the next level in its safety and health performance. The programme is designed to help leaders: