7477 Awareness courses

Duration 2 Days 12 CPD hours This course is intended for The intended audience for this comprehensive course on Information Assurance and STIGs includes professionals with roles such as: IT professionals - System administrators, network engineers, and security analysts who are responsible for maintaining and securing IT infrastructure and web applications. Developers - Software engineers and web developers who design, implement, and maintain web applications, and need to integrate security best practices throughout the development process. Project teams - Cross-functional teams that collaborate on application development projects, including members from development, testing, and deployment teams. Technical leads - Senior software engineers or architects who oversee technical aspects of projects and ensure the implementation of secure design and coding practices. Project managers - Professionals responsible for planning, executing, and closing projects, ensuring that security requirements are met throughout the project lifecycle. Overview Working in an interactive learning environment, guided by our application security expert, you'll explore: The concepts and terminology behind defensive coding Threat Modeling as a tool in identifying software vulnerabilities based on realistic threats against meaningful assets The entire spectrum of threats and attacks that take place against software applications in today's world The role that static code reviews and dynamic application testing to uncover vulnerabilities in applications The vulnerabilities of programming languages as well as how to harden installations The basics of Cryptography and Encryption and where they fit in the overall security picture The requirements and best practices for program management as specified in the STIGS The processes and measures associated with the Secure Software Development (SSD) The basics of security testing and planning Understand the concepts and terminology behind defensive coding Understand Threat Modeling as a tool in identifying software vulnerabilities based on realistic threats against meaningful assets Learn the entire spectrum of threats and attacks that take place against software applications in today's world Discuss the role that static code reviews and dynamic application testing to uncover vulnerabilities in applications Understand the vulnerabilities of programming language as well as how to harden installations Understand the basics of Cryptography and Encryption and where they fit in the overall security picture Understand the fundamentals of XML Digital Signature and XML Encryption as well as how they are used within the web services arena Understand the requirements and best practices for program management as specified in the STIGS Understand the processes and measures associated with the Secure Software Development (SSD) Understand the basics of security testing and planning The Information Assurance (STIG) Overview is a comprehensive two-day course that delves into the realm of Information Assurance, empowering you to enhance your cybersecurity skills, understand the essentials of STIGs, and discover cutting-edge web application security practices. This immersive experience is tailored for IT professionals, developers, project teams, technical leads, project managers, testing/QA personnel, and other key stakeholders who seek to expand their knowledge and expertise in the evolving cybersecurity landscape. The course focuses on the intricacies of best practices for design, implementation, and deployment, inspired by the diverse and powerful STIGs, ultimately helping participants become more proficient in application security.The first half of the course covers the foundations of DISA's Security Technical Implementation Guides (STIGs) and learn the ethical approach to bug hunting, while exploring the language of cybersecurity and dissecting real-life case studies. Our expert instrtors will guide you through the importance of respecting privacy, working with bug bounty programs, and avoiding common mistakes in the field.The next half delves into the core principles of information security and application protection, as you learn how to identify and mitigate authentication failures, SQL injections, and cryptographic vulnerabilities. You?ll gain experience with STIG walkthroughs and discover the crucial steps for securing web applications.Throughout the course, you'll also explore the fundamentals of application security and development, including checklists, common practices, and secure development lifecycle (SDL) processes. You?ll learn from recent incidents and acquire actionable strategies to strengthen your project teams and IT organizations. You'll also have the opportunity to explore asset analysis and design review methodologies to ensure your organization is prepared to face future cybersecurity challenges. DISA's Security Technical Implementation Guides (STIGs) The motivations behind STIGs Requirements that the various software development roles must meet Implementing STIG requirements and guidelines Why Hunt Bugs? The Language of CyberSecurity The Changing Cybersecurity Landscape AppSec Dissection of SolarWinds The Human Perimeter Interpreting the 2021 Verizon Data Breach Investigation Report First Axiom in Web Application Security Analysis First Axiom in Addressing ALL Security Concerns Lab: Case Study in Failure Safe and Appropriate Bug Hunting/Hacking Working Ethically Respecting Privacy Bug/Defect Notification Bug Bounty Programs Bug Hunting Mistakes to Avoid Principles of Information Security Secuity Is a Lifecycle Issue Minimize Attack Surface Area Layers of Defense: Tenacious D Compartmentalize Consider All Application States Do NOT Trust the Untrusted Identification and Authentication Failures Applicable STIGs Quality and Protection of Authentication Data Proper hashing of passwords Handling Passwords on Server Side Session Management HttpOnly and Security Headers Lab: STIG Walk-Throughs Injection Applicable STIGs Injection Flaws SQL Injection Attacks Evolve Drill Down on Stored Procedures Other Forms of Server-Side Injection Minimizing Injection Flaws Client-side Injection: XSS Persistent, Reflective, and DOM-Based XSS Best Practices for Untrusted Data Lab: STIG Walk-Throughs Applications: What Next? Common Vulnerabilities and Exposures CWE/SANS Top 25 Most Dangerous SW Errors Strength Training: Project Teams/Developers Strength Training: IT Organizations Cryptographic Failures Applicable STIGs Identifying Protection Needs Evolving Privacy Considerations Options for Protecting Data Transport/Message Level Security Weak Cryptographic Processing Keys and Key Management Threats of Quantum Computing Steal Now, Crack Later Threat Lab: STIG Walk-Throughs Application Security and Development Checklists Checklist Overview, Conventions, and Best Practices Leveraging Common AppSec Practices and Control Actionable Application Security Additional Tools for the Toolbox Strength Training: Project Teams/Developers Strength Training: IT Organizations Lab: Recent Incidents SDL Overview Attack Phases: Offensive Actions and Defensive Controls Secure Software Development Processes Shifting Left Actionable Items Moving Forward Lab: Design Study Review Asset Analysis Asset Analysis Process Types of Application-Related Assets Adding Risk Escalators Discovery and Recon Design Review Asset Inventory and Design Assets, Dataflows, and Trust Boundaries Risk Escalators in Designs Risk Mitigation Options

Duration 0.5 Days 3 CPD hours This course is intended for This course is designed for all users of computers, mobile devices, networks, and the Internet, to enable them to use technology more securely and minimize digital risks, regardless of technical ability. This course is also designed for you to prepare for the CyberSAFE credential. You can obtain your CyberSAFE certificate by completing the CyberSAFE credential process on the CHOICE platform following the course presentation. Overview In this course, you will identify many of the common risks involved in using conventional computing technology, as well as ways to use it safely, to protect yourself from those risks. You will: Identify security compliance measures. Address social engineering attempts. Secure devices such as desktops, laptops, tablets, smartphones, and more. Use the Internet securely. Welcome to CyberSAFE: Exam CBS-410. Regardless of your computer experience, this class will help you become more aware of technology-related risks and what you can do to protect yourself and your organization from them. This course will help you to:Understand both security and compliance needs and requirements.Recognize and avoid phishing and other social engineering attempts.Recognize and avoid viruses, ransomware, and other malware.Help ensure data security on computers, mobile devices, networks, the Internet, and in the cloud.In this course, you will use discussions, case studies, and the experiences of your instructor and fellow students to explore the hazards and pitfalls of technology and learn how to use that technology safely and securely. Identifying Security Compliance Measures Topic A: Identify Organizational Compliance Requirements and Resources Topic B: Identify Legal Compliance Requirements and Resources Topic C: Identify Industry Compliance Requirements and Resources Recognizing and Addressing Social Engineering Attacks Topic A: Recognize Phishing and Other Social Engineering Attacks Topic B: Defend Against Phishing and Other Social Engineering Attacks Securing Devices Topic A: Maintain Physical Security of Devices Topic B: Use Secure Authentication Methods Topic C: Protect Your Data Topic D: Defend Against Malware Topic E: Use Wireless Devices Securely Using the Internet Securely Topic A: Browse the Web Safely Topic B: Use Email Securely Topic C: Use Social Networks Securely Topic D: Use Cloud Services Securely Topic E: Work from Remote Locations Securely

The course covers the latest fire safety regulations and the roles and duties of employees and their responsibilities on Fire Safety. The course is designed to meet and comply with the Regulatory Reform (Fire Safety) Order 2005.

Free, online, 1-hour training course in the fundamentals of Understanding Dementia for both individuals and businesses. Will certify you as a Dementia Champion and meets the criteria for working towards becoming Dementia Friendly.

Duration 3 Days 18 CPD hours This course is intended for Security professionals. This module is intended for everyone who is involved in the implementation, evaluation and reporting of an information security program, such as an Information Security Manager (ISM), Information Security Officer (ISO) or a Line Manager, Process Manager or Project Manager with security responsibilities. Basic knowledge of Information Security is recommended, for instance through the EXIN Information Security Foundation based on ISO/IEC 27001 certification. Overview The module Information Security Management Professional based on ISO/IEC 27001 (ISMP.EN) tests understanding of the organizational and managerial aspects of information security.The subjects of this module are: Information security perspectives: business, customer, service provider/supplier Risk Management: analysis, controls, remaining risks Information security controls: organizational, technical, physical. Information security is the preservation of confidentiality, integrity and availability of information (ISO/IEC 27000 definition). Information security is gaining importance in the Information Technology (IT) world. Globalization of the economy is leading to an ever-increasing exchange of information between organizations (their staff, customers and suppliers) and an explosion in the use of networked computers and computing devices. The core activities of many companies completely rely on IT. Enterprise resource planning (ERP) management systems, the control systems that govern how a building runs or a manufacturing machine functions, day-to-day communications - everything - runs on computers. The vast majority of information - the most valuable commodity in the world - passes through IT. Information is crucial for the continuity and proper functioning of both individual organizations and the economies they fuel; this information must be protected against access by unauthorized people, protected against accidental or malicious modification or destruction and must be available when it is needed. Companies and individual users of technology are also beginning to understand how important security is and are beginning to make choices based on the security of the technology or service. Information Security Perspectives The candidate understands the business interest of information security The canidate understands the customer perspective on governance The candidate understands the supplierïs responsibilities in security assurance Risk Mangement The candidate understands the principles of risk management The candidate knows how to control risks The candidate knows how to deal with remaining risks Information Security Controls The candidate has knowledge of organizational controls The candidate has knowledge of technical controls The candidate has knowledge of physical, employment-related and continuity controls

RSPH level 2 Identifying and Controlling Food Allergy Risks Training Course Do you need an allergy trainer to come to your food business and teach your staff face to face about food and drink allergens, their dangers and how to control them? Our allergy trainer can come to your business and deliver this course at your business premises. Although we are based in London, we are happy to travel and deliver this course at your business location. (Trainer travel fees may be applicable depending on your location). Staff will receive interactive training and coaching on allergens and intolerances with an experienced trainer. We can also tweak the training to include issues you would like to cover. See our website for more details. Special offer for on-site allergy training. £250 plus £20pp includes RSPH exam fees (usually £350 plus £30pp) This course is suitable for any catering business such as restaurants, pubs, hotels, cafes, catering companies, cooks, self employed, artisans, event caterers and more. This course is also important for staff who are Front of House, who take customer orders and relay the orders to cooks and chefs and other people who are preparing food for customers who have allergies and or intolerances. This is a short one day training course, typically 9am-3pm. Topics covered include- Allergens, Allergen Identification, Cross contact, Cross Contamination, Allergic Reactions, Food Intolerances, Coeliac, Anaphylaxis, Natasha's Law, UK Food Safety Regulations, Allergy Controls, Substituting ingredients, Customer Communication and what to do in an Emergency. Contact us to book training.

Who says what's right for you? How aware are you of how much you actually drink each week? Is it more than you want it to be? Does it take the edge off your performance? Or do you just think it's time to change? This session will challenge the way you think about drink. It's not about what someone else thinks you ought to drink - it's about your own attitude to it. Take away a completely fresh way of thinking about drinking. Get some insights into 'how come' you drink what you do. Find out what you can easily do to drink less. During the session you will have the opportunity to take a fresh look at: Your drinking habits - casual/social drinking, habitual drinking, binge drinking 'How come I do this'? How we think about habits 'How could I change my drinking'?

It is essential that those charged with responsibility for credit control and debt recovery have a full appreciation of the relevant law: no-one can negotiate effectively to recover a debt if they don't understand the ultimate sanctions they can apply. This programme is designed to give them a practical, up-to-date understanding of the law as it applies to your particular organisation. This course will help ensure that participants: Understand the relevant laws Know how and when to invoke legal processes Avoid legal pitfalls in debt collection negotiations Specific, practical learning points include: Definition of 'harassment' How to set up an in-house collection identity Whether cheques in 'full and final settlement' are binding The best steps to trace a 'gone away'... and many, many more. 1 Data protection and debt recovery There are a whole range of things which can be checked on members of the public and which are not affected by the restraints of the Data Protection Act. These will be explained in simple, clear terms so that staff can use this information immediately. 2 County Court suing The expert trainer will show how to sue for money owed, obtain judgment and commence enforcement action without leaving your desk. This module is aimed at showing how to make the Courts work for you instead of the other way around! 3 Enforcement of judgments There are many people who have a County Court Judgment (CCJ) against their debtor but who still remain unpaid. This session explains each of the enforcement methods and how to use them to best effect. Enforcement methods covered include: Warrant of Execution Using the sheriff (now known as High Court Enforcement Officers) Attachment of earnings Third Party Debt Orders Charging Orders (over property and goods) Winding-up companies and making individuals bankrupt 4 Office of Fair Trading rules on debt recovery Surprisingly few people are aware of the Office of Fair Trading rules on debt recovery and many of those that do know think they don't apply to them - but they do. Make sure you know what you need to! 5 New methods to trace elusive, absentee and 'gone away' debtors Why write the money off when you can trace the debtor and collect the money you are owed? 6 Credit checking of new and existing customers It makes sense to credit check would-be, new and existing customers to evaluate the likelihood of payment delays or perhaps not being paid at all. This session shows a range of credit checking steps, many of which can be done completely free of charge, including a sample credit application/ account opening form. 7 Late Payment of Commercial Debts Regulations Do your staff understand this legislation and how to use it to make people pay quicker than ever before? The trainer shows how. 8 The Enterprise Act The Enterprise Act made some startling changes to corporate and personal insolvency. What are the implications for credit control and debt recovery within your organisation?

Moving and Handling is so much more than lifting and carrying. Whether we lift, carry, support, push, pull and hold any load then we need to be aware of the correct way to do it. We are only born with one back and we need to look after it. This course will inform you of the legislation surrounding any moving and handling operation, the correct techniques to employ, the process of ergonomics and risk assessing. You should always be safe when moving and handling any load so this course is essential for your health. Course Aims: Explain the theory behind moving and handling Be aware of safe practice using a range of techniques when moving a variety of inanimate loads Manual handling defines “any transporting or supporting of a load by hand or by bodily force This includes: Lifting, putting down, pushing, pulling, carrying or moving Use of mechanical aids, e.g. tr By the end of this module you will be able to: Explain the term manual handling and provide examples Know who to contact Techniques for lifting Techniques for pushing and pulling Carry out manual handling safely Legislation

This course follows the Institute of Occupational Safety and Health's syllabus. A one-day programme, it is suitable for all people at all levels in the workplace and gives a basic introduction to the principles of environmental management. On successful completion of the course, participants will be able to: Understand the terms 'environment' and 'pollution' Understand the terms 'hazard' and 'risk' related to the environment Better appreciate environmental issues generally, and specifically in respect of their organisation Identify hazards to the environment from working practices Outline the procedures/controls necessary to prevent damage to the environment 1 What is the environment? - putting the environment in context Key environmental issues and how we contribute Definition of the environment 2 Working with the environment What is pollution? Sources, receptors and pathways Environmental consequences workshop - identifying the environmental consequences of our working practices Environmental risk assessment Effective control mechanisms 3 Protecting the environment - Environmental Management Systems What is an Environmental Management System (EMS)? What are the benefits of having an EMS? EMS structure and models Identifying what elements of EMS your company has and how they work Roles and responsibilities 4 Choice of module Option 1: Organisation-specific moduleThis module can be used to introduce environmental concepts that are specific to your activities and operations, and will be compiled through discussion with your organisation Option 2: Environmental best practiceIf no organisation-specific module is required, or if participants from a number of organisations attend, generic operational environmental best practices can be covered instead. Areas covered include waste management, fuel storage and use, hazardous materials, emissions to air and water and environmental incidents