379 Computing & IT courses about Cyber Security

Duration 5 Days 30 CPD hours This course is intended for This course is targeted towards the information technology (IT) professional that has a minimum 1 year IT Security and Networking experience. This course would be ideal for Information System Owners, Security Officers, Ethical Hackers, Information Owners, Penetration Testers, System Owner and Managers as well as Cyber Security Engineers. Overview Upon completion, the Certified Professional Ethical Hacker candidate will be able to competently take the CPEH exam. The CPEH certification training enables students to understand the importance of vulnerability assessments and how to implement counter response along with preventative measures when it comes to a network hack. Security Fundamentals Overview The Growth of Environments and Security Our Motivation? The Goal: Protecting Information! CIA Triad in Detail Approach Security Holistically Security Definitions Definitions Relationships Method: Ping The TCP/IP Stack Which Services Use Which Ports? TCP 3-Way Handshake TCP Flags Malware Types of Malware Types of Malware Cont... Types of Viruses More Malware: Spyware Trojan Horses Back Doors DoS DDoS Packet Sniffers Passive Sniffing Active Sniffing Firewalls, IDS and IPS Firewall ? First Line of Defense IDS ? Second Line of Defense IPS ? Last Line of Defense? Firewalls Firewall Types: (1) Packet Filtering Firewall Types: (2) Proxy Firewalls Firewall Types ? Circuit-Level Proxy Firewall Type of Circuit- Level Proxy ? SOCKS Firewall Types ? Application-Layer Proxy Firewall Types: (3) Stateful Firewall Types: (4) Dynamic Packet-Filtering Firewall Types: (5) Kernel Proxies Firewall Placement Firewall Architecture Types ? Screened Host Multi- or Dual-Homed Screened Subnet Wi-Fi Network Types Wi-Fi Network Types Widely Deployed Standards Standards Comparison 802.11n - MIMO Overview of Database Server Review Access Controls Overview Role of Access Control Definitions More Definitions Categories of Access Controls Physical Controls Logical Controls ?Soft? Controls Security Roles Steps to Granting Access Access Criteria Physical Access Control Mechanisms Biometric System Types Synchronous Token Asynchronous Token Device Memory Cards Smart Card Cryptographic Keys Logical Access Controls OS Access Controls Linux Access Controls Accounts and Groups Password & Shadow File Formats Accounts and Groups Linux and UNIX Permissions Set UID Programs Trust Relationships Review Protocols Protocols Overview OSI ? Application Layer OSI ? Presentation Layer OSI ? Session Layer Transport Layer OSI ? Network Layer OSI ? Data Link OSI ? Physical Layer Protocols at Each OSI Model Layer TCP/IP Suite Port and Protocol Relationship Conceptual Use of Ports UDP versus TCP Protocols ? ARP Protocols ? ICMP Network Service ? DNS SSH Security Protocol SSH Protocols ? SNMP Protocols ? SMTP Packet Sniffers Example Packet Sniffers Review Cryptography Overview Introduction Encryption Cryptographic Definitions Encryption Algorithm Implementation Symmetric Encryption Symmetric Downfalls Symmetric Algorithms Crack Times Asymmetric Encryption Public Key Cryptography Advantages Asymmetric Algorithm Disadvantages Asymmetric Algorithm Examples Key Exchange Symmetric versus Asymmetric Using the Algorithm Types Together Instructor Demonstration Hashing Common Hash Algorithms Birthday Attack Example of a Birthday Attack Generic Hash Demo Instructor Demonstration Security Issues in Hashing Hash Collisions MD5 Collision Creates Rogue Certificate Authority Hybrid Encryption Digital Signatures SSL/TLS SSL Connection Setup SSL Hybrid Encryption SSH IPSec - Network Layer Protection IPSec IPSec Public Key Infrastructure Quantum Cryptography Attack Vectors Network Attacks More Attacks (Cryptanalysis) Review Why Vulnerability Assessments? Overview What is a Vulnerability Assessment? Vulnerability Assessment Benefits of a Vulnerability Assessment What are Vulnerabilities? Security Vulnerability Life Cycle Compliance and Project Scoping The Project Overview Statement Project Overview Statement Assessing Current Network Concerns Vulnerabilities in Networks More Concerns Network Vulnerability Assessment Methodology Network Vulnerability Assessment Methodology Phase I: Data Collection Phase II: Interviews, Information Reviews, and Hands-On Investigation Phase III: Analysis Analysis cont. Risk Management Why Is Risk Management Difficult? Risk Analysis Objectives Putting Together the Team and Components What Is the Value of an Asset? Examples of Some Vulnerabilities that Are Not Always Obvious Categorizing Risks Some Examples of Types of Losses Different Approaches to Analysis Who Uses What? Qualitative Analysis Steps Quantitative Analysis ALE Values Uses ALE Example ARO Values and Their Meaning ALE Calculation Can a Purely Quantitative Analysis Be Accomplished? Comparing Cost and Benefit Countermeasure Criteria Calculating Cost/Benefit Cost of a Countermeasure Can You Get Rid of All Risk? Management?s Response to Identified Risks Liability of Actions Policy Review (Top-Down) Methodology Definitions Policy Types Policies with Different Goals Industry Best Practice Standards Components that Support the Security Policy Policy Contents When Critiquing a Policy Technical (Bottom-Up) Methodology Review Vulnerability Tools of the Trade Vulnerability Scanners Nessus SAINT ? Sample Report Tool: Retina Qualys Guard http://www.qualys.com/products/overview/ Tool: LANguard Microsoft Baseline Analyzer MBSA Scan Report Dealing with Assessment Results Patch Management Options Review Output Analysis and Reports Overview Staying Abreast: Security Alerts Vulnerability Research Sites Nessus SAINT SAINT Reports GFI Languard GFI Reports MBSA MBSA Reports Review Reconnaissance, Enumeration & Scanning Reconnaissance Overview Step One in the Hacking ?Life-Cycle? What Information is Gathered by the Hacker? Passive vs. Active Reconnaissance Footprinting Defined Social Access Social Engineering Techniques Social Networking Sites People Search Engines Internet Archive: The WayBack Machine Footprinting Tools Overview Maltego GUI Johnny.Ihackstuff.com Google (cont.) Domain Name Registration WHOIS Output DNS Databases Using Nslookup Traceroute Operation Web Server Info Tool: Netcraft Introduction to Port Scanning Which Services use Which Ports? Port Scan Tips Port Scans Shou

Duration 4 Days 24 CPD hours This course is intended for This is an intermediate-level programming course, designed for experienced .Net developers who wish to get up and running on developing well defended software applications. Real world programming experience with .Net is required. Overview Students who attend Attacking and Securing .Net Web Applications will leave the course armed with the skills required to recognize actual and potential software vulnerabilities and implement defenses for those vulnerabilities. This course begins by developing the skills required to fingerprint a web application and then scan it for vulnerabilities and bugs. Practical labs using current tools and techniques provide students with the experience needed to begin testing their own applications. Students also gain a deeper understanding of how attackers probe applications to understand the runtime environment as well as find potential weaknesses. This course the introduces developers to the most common security vulnerabilities faced by web applications today. Each vulnerability is examined from a .Net perspective through a process of describing the threat and attack mechanisms, recognizing associated vulnerabilities, and, finally, designing, implementing effective defenses. Practical labs reinforce these concepts with real vulnerabilities and attacks. Students are then challenged to design and implement the layered defenses they will need in defending their own applications. There is an emphasis on the underlying vulnerability patterns since the technologies, use cases, and methods of attack as constantly changing. The patterns remain the same through all the change and flux. This 'skills-centric' course is about 50% hands-on lab and 50% lecture, designed to train attendees in secure web application development, coding and design, coupling the most current, effective techniques with the soundest industry practices. Our instructors and mentors are highly experienced practitioners who bring years of current 'on-the-job' experience into every classroom. This lab-intensive course provides hands-on .Net security training that offers a unique look at .Net application security. Beginning with penetration testing and hunting for bugs in .Net web applications, you thoroughly examine best practices for defensively coding web applications, covering all the OWASP Top Ten as well as several additional prominent vulnerabilities. You will repeatedly attack and then defend various assets associated with fully functional web applications and services, driving home the mechanics of how to secure .Net web applications in the most practical of terms. Bug Hunting Foundation Why Hunt Bugs? Safe and Appropriate Bug Hunting/Hacking Scanning Web Applications Scanning Applications Overview Moving Forward from Hunting Bugs Removing Bugs Foundation for Securing Applications Principles of Information Security Bug Stomping 101 Unvalidated Data Injection Broken Authentication Sensitive Data Exposure XML External Entities (XXE) Broken Access Control Bug Stomping 102 Security Misconfiguration Cross Site Scripting (XSS) Deserialization/Vulnerable Components Insufficient Logging and Monitoring Spoofing, CSRF, and Redirects Moving Forward with Application Security Applications: What Next? .NET Issues and Best Practices Making Application Security Real Time Permitting Topics Cryptography Overview .NET Cryptographic Services

Duration 3 Days 18 CPD hours This course is intended for Blockchain Architects Blockchain DevelopersApplication Developers Blockchain System AdministratorsNetwork Security Architects Cyber Security ExpertsIT Professionals w/cyber security experience Overview Those who attend the Security for Blockchain Professionals course and pass the exam certification will have a demonstrated knowledge of:Identifying and differentiating between security threats and attacks on a Blockchain network.Blockchain security methods, best practices, risk mitigation, and more.All known (to date) cyber-attack vectors on the Blockchain.Performing Blockchain network security risk analysis.A complete understanding of Blockchain?s inherent security features and risks.An excellent knowledge of best security practices for Blockchain System/Network Administrators.Demonstrating appropriate Blockchain data safeguarding techniques. This course covers all known aspects of Blockchain security that exist in the Blockchain environment today and provides a detailed overview of all Blockchain security issues, including threats, risk mitigation, node security integrity, confidentiality, best security practices, advanced Blockchain security and more. Fundamental Blockchain Security Cryptography for the Blockchain Hash Functions Public Key Cryptography Elliptic Curve Cryptography A Brief Introduction to Blockchain The Blocks The Chains The Network Promises of the Blockchain Blockchain Security Assumptions Digital Signature Security Hash Function Security Limitations of Basic Blockchain Security Public Key Cryptography Review Real-Life Public Key Protection Cryptography and Quantum Computers Lab 1 (Tentative) Finding Hash Function Collisions Reversible hash function Hash function with poor non-locality Hash function with small search space Breaking Public Key Cryptography Brute Forcing a Short Private Key Brute Forcing a Poorly-Chosen Private Key Consensus in the Blockchain Blockchain Consensus and Byzantine Generals Blockchain Networking Review Byzantine Generals Problem Relation to Blockchain Byzantine Fault Tolerance Introduction to Blockchain Consensus Security Blockchain Consensus Breakthrough Proof of Work What is Proof of Work? How does Proof of Work Solve BGP? Proof of Work Security Assumptions Attacking Proof of Work Proof of Stake What is Proof of Stake? How does Proof of Stake Solve BGP? Proof of Stake Security Assumptions Attacking Proof of Stake General Attacks on Blockchain Consensus Other Blockchain Consensus Algorithms Lab 2 (Tentative) Attacking Proof of Work Performing a 51% Attack Performing a Selfish Mining Attack Attacking Proof of Stake Performing a XX% Attack Performing a Long-Range Attack Malleable Transaction Attacks Advanced Blockchain Security Mechanisms Architectural Security Measures Permissioned Blockchains Checkpointing Advanced Cryptographic Solutions Multiparty Signatures Zero-Knowledge Proofs Stealth Addresses Ring Signatures Confidential Transactions Lab 3 (Tentative) Permissioned Blockchains 51% on a Checkpointed Blockchain Data mining on a blockchain with/without stealth addresses Zero-Knowledge Proof Simulation Trying to fake knowledge of a ZKP Module 4: Blockchain for Business Introduction to Ethereum Security What is Ethereum Consensus in Ethereum Smart Contracts in Ethereum Ethereum Security Pros and Cons of Ethereum Blockchains Introduction to Hyperledger Security What is Hyperledger Consensus in Hyperledger Smart Contracts in Hyperledger Hyperledger Security Pros and Cons of Hyperledger Blockchains Introduction to Corda Security What is Corda Consensus in Corda Smart Contracts in Corda Corda Security Pros and Cons of Corda Blockchains Lab 4 Blockchain Risk Assessment What are the Risks of the Blockchain? Information Security Information Sensitivity Data being placed on blockchain Risks of disclosure Regulatory Requirements Data encryption Data control PII protection Blockchain Architectural Design Public and Private Blockchains Open and Permissioned Blockchains Choosing a Blockchain Architecture Lab 5 Exploring public/private open/permissioned blockchains? Basic Blockchain Security Blockchain Architecture User Security Protecting Private Keys Malware Update Node Security Configuring MSPs Network Security Lab 6 (TBD) Smart Contract Security Introduction to Smart Contracts Smart Contract Security Considerations Turing-Complete Lifetime External Software Smart Contract Code Auditing Difficulties Techniques Tools Lab 7 (Tentative) Try a couple of smart contract code auditing tool against different contracts with built-in vulnerabilities Module 8: Security Implementing Business Blockchains Ethereum Best Practices Hyperledger Best Practices Corda Best Practices Lab 8 Network-Level Vulnerabilities and Attacks Introduction to Blockchain Network Attacks 51% Attacks Denial of Service Attacks Eclipse Attacks Routing Attacks Sybil Attacks Lab 9 Perform different network-level attacks System-Level Vulnerabilities and Attacks Introduction to Blockchain System Vulnerabilities The Bitcoin Hack The Verge Hack The EOS Vulnerability Lab 10 Smart Contract Vulnerabilities and Attacks Introduction to Common Smart Contract Vulnerabilities Reentrancy Access Control Arithmetic Unchecked Return Values Denial of Service Bad Randomness Race Conditions Timestamp Dependence Short Addresses Lab 11 Exploiting vulnerable smart contracts Security of Alternative DLT Architectures What Are Alternative DLT Architectures? Introduction to Directed Acyclic Graphs (DAGs) DAGs vs. Blockchains Advantages of DAGs DAG Vulnerabilities and Security Lab 12 Exploring a DAG network

Information on the risks and practical advice to address them TSC's eBooks, whitepapers, and reports cover some of the most important risks in information and cyber security — risks that constantly challenge information and cyber security professionals who work tirelessly to reduce them across their organisations and home users alike.

Information on the risks and practical advice to address them TSC's eBooks, whitepapers, and reports cover some of the most important risks in information and cyber security — risks that constantly challenge information and cyber security professionals who work tirelessly to reduce them across their organisations and home users alike.

Duration 3 Days 18 CPD hours This course is intended for Cybersecurity analysts and engineers and security operations specialists, as well as administrators and product deployers. Overview Successful completion of this instructor-led course with hands-on lab activities should enable you to: Describe the architecture and components of the Cortex XDR family Use the Cortex XDR management console, including reporting Create Cortex XDR agent installation packages, endpoint groups, and policies Deploy Cortex XDR agents on endpoints Create and manage Exploit and Malware Prevention profiles Investigate alerts and prioritize them using starring and exclusion policies Tune Security profiles using Cortex XDR exceptions Perform and track response actions in the Action Center Perform basic troubleshooting related to Cortex XDR agents Deploy a Broker VM and activate the Local Agents Settings applet Understand Cortex XDR deployment concepts and activation requirements Work with the Customer Support Portal and Cortex XDR Gateway for authentication and authorization This instructor-led training enables you to prevent attacks on your endpoints. After an overview of the Cortex XDR components, the training introduces the Cortex XDR management console and demonstrates how to install agents on your endpoints and how to create Security profiles and policies. The training enables you to perform and track response actions, tune profiles, and work with Cortex XDR alerts. The training concludes with discussions about basic troubleshooting of the agent, the on-premises Broker VM component, and Cortex XDR deployment. Course Outline Module 1 - Cortex XDR Overview Module 2 - Cortex XDR Main Components Module 3 - Cortex XDR Management Console Module 4 - Profiles and Policy Rules Module 5 - Malware Protection Module 6 - Exploit Protection Module 7 - Cortex XDR Alerts Module 8 - Tuning Policies Using Exceptions Module 9 - Response Actions Module 10 - Basic Agent Troubleshooting Module 11 - Broker VM Overview Module 12 - Deployment Considerations Additional course details: Nexus Humans Palo Alto Networks : Cortex XDR 3.2: Prevention and Deployment (EDU-260) training program is a workshop that presents an invigorating mix of sessions, lessons, and masterclasses meticulously crafted to propel your learning expedition forward. This immersive bootcamp-style experience boasts interactive lectures, hands-on labs, and collaborative hackathons, all strategically designed to fortify fundamental concepts. Guided by seasoned coaches, each session offers priceless insights and practical skills crucial for honing your expertise. Whether you're stepping into the realm of professional skills or a seasoned professional, this comprehensive course ensures you're equipped with the knowledge and prowess necessary for success. While we feel this is the best course for the Palo Alto Networks : Cortex XDR 3.2: Prevention and Deployment (EDU-260) course and one of our Top 10 we encourage you to read the course outline to make sure it is the right content for you. Additionally, private sessions, closed classes or dedicated events are available both live online and at our training centres in Dublin and London, as well as at your offices anywhere in the UK, Ireland or across EMEA.

Information on the risks and practical advice to address them TSC's eBooks, whitepapers, and reports cover some of the most important risks in information and cyber security — risks that constantly challenge information and cyber security professionals who work tirelessly to reduce them across their organisations and home users alike.

Duration 2 Days 12 CPD hours This course is intended for This course is recommended for technical professionals who need to deploy and manage Endpoint Security within their security environment. Overview Explain how Endpoint Security works to enforce corporate security compliance for end users and their devices. Become familiar with the Check Point Endpoint Security Solution architecture and how it integrates with Check Point Network Security Management. Identify and describe key elements of the SmartEndpoint Management console. Discuss Endpoint Security Software Blade options and how they are managed from the SmartEndpoint Management console. Explain how to create and assign security policies for Endpoint clients using Endpoint Security. Understand deployment methods and server considerations for Endpoint Security Management installation. Identify the different ways to install and configure Endpoint clients. Recognize how to configure VPN connectivity to allow clients connecting outside of the network perimeter to securely access corporate resources. Understand how Endpoint Security authenticates and verifies clients connecting to the Endpoint Security Management Server. Describe additional server configurations that are available to help manage Endpoint clients. Recognize the different types of data security protections available to deploy on end user machines. Describe how Full Disk Encryption technology protects and recovers data accessed and stored on Endpoint computers. Understand how to secure removable media devices. Become familiar with the Remote Help tool and how it supports clients experiencing FDE and Media Encryption issues. Recognize the types of threats that target Endpoint computers. Describe Check Point SandBlast Agent and how to deploy it in the Endpoint Security environment. Explain how SandBlast Agent technology prevents malware from infiltrating Endpoint machines and corporate resources. Identify SmartEndpoint reporting tools used to monitor and respond quickly to security events. Understand how to troubleshoot and debug issues. The goal of this course is to provide a comprehensive understanding of Check Point Endpoint Security and how to deploy it within the corporate network environment. Course Topics Introduction to Endpoint Security Endpoint Security Management Deploying Endpoint Security Additional Endpoint Server Configurations Data Security Protection Advanced Threat Prevention Reporting and Troubleshooting LAB EXERCISES Installing the Endpoint Security Management Solution Deploying Endpoint Client Packages Deploying Endpoint Policy Servers Configuring High Availability for Endpoint Security Modifying Client Installations Working with Deployment Rules Working with SandBlast Agent Additional course details: Nexus Humans CCES Check Point Certified Endpoint Specialist training program is a workshop that presents an invigorating mix of sessions, lessons, and masterclasses meticulously crafted to propel your learning expedition forward. This immersive bootcamp-style experience boasts interactive lectures, hands-on labs, and collaborative hackathons, all strategically designed to fortify fundamental concepts. Guided by seasoned coaches, each session offers priceless insights and practical skills crucial for honing your expertise. Whether you're stepping into the realm of professional skills or a seasoned professional, this comprehensive course ensures you're equipped with the knowledge and prowess necessary for success. While we feel this is the best course for the CCES Check Point Certified Endpoint Specialist course and one of our Top 10 we encourage you to read the course outline to make sure it is the right content for you. Additionally, private sessions, closed classes or dedicated events are available both live online and at our training centres in Dublin and London, as well as at your offices anywhere in the UK, Ireland or across EMEA.

Duration 2 Days 12 CPD hours This course is intended for Security architects System designers Network administrators Operations engineers Network managers, network or security technicians, and security engineers and managers responsible for web security Cisco integrators and partners Overview After taking this course, you should be able to: Describe Cisco WSA Deploy proxy services Utilize authentication Describe decryption policies to control HTTPS traffic Understand differentiated traffic access policies and identification profiles Enforce acceptable use control settings Defend against malware Describe data security and data loss prevention Perform administration and troubleshooting This course shows you how to implement, use, and maintain Cisco© Web Security Appliance (WSA), powered by Cisco Talos, to provide advanced protection for business email and control against web security threats. Through a combination of expert instruction and hands-on practice, you?ll learn how to deploy proxy services, use authentication, implement policies to control HTTPS traffic and access, implement use control settings and policies, use the solution?s anti-malware features, implement data security and data loss prevention, perform administration of Cisco WSA solution, and more.This course helps you prepare to take the exam, Securing the Web with Cisco Web Security Appliance (300-725 SWSA). Describing Cisco WSA Technology Use Case Cisco WSA Solution Cisco WSA Features Cisco WSA Architecture Proxy Service Integrated Layer 4 Traffic Monitor Data Loss Prevention Cisco Cognitive Intelligence Management Tools Cisco Advanced Web Security Reporting (AWSR) and Third-Party Integration Cisco Content Security Management Appliance (SMA) Deploying Proxy Services Explicit Forward Mode vs. Transparent Mode Transparent Mode Traffic Redirection Web Cache Control Protocol Web Cache Communication Protocol (WCCP) Upstream and Downstream Flow Proxy Bypass Proxy Caching Proxy Auto-Config (PAC) Files FTP Proxy Socket Secure (SOCKS) Proxy Proxy Access Log and HTTP Headers Customizing Error Notifications with End User Notification (EUN) Pages Utilizing Authentication Authentication Protocols Authentication Realms Tracking User Credentials Explicit (Forward) and Transparent Proxy Mode Bypassing Authentication with Problematic Agents Reporting and Authentication Re-Authentication FTP Proxy Authentication Troubleshooting Joining Domains and Test Authentication Integration with Cisco Identity Services Engine (ISE) Creating Decryption Policies to Control HTTPS Traffic Transport Layer Security (TLS)/Secure Sockets Layer (SSL) Inspection Overview Certificate Overview Overview of HTTPS Decryption Policies Activating HTTPS Proxy Function Access Control List (ACL) Tags for HTTPS Inspection Access Log Examples Understanding Differentiated Traffic Access Policies and Identification Profiles Overview of Access Policies Access Policy Groups Overview of Identification Profiles Identification Profiles and Authentication Access Policy and Identification Profiles Processing Order Other Policy Types Access Log Examples ACL Decision Tags and Policy Groups Enforcing Time-Based and Traffic Volume Acceptable Use Policies, and End User Notifications Defending Against Malware Web Reputation Filters Anti-Malware Scanning Scanning Outbound Traffic Anti-Malware and Reputation in Policies File Reputation Filtering and File Analysis Cisco Advanced Malware Protection File Reputation and Analysis Features Integration with Cisco Cognitive Intelligence Enforcing Acceptable Use Control Settings Controlling Web Usage URL Filtering URL Category Solutions Dynamic Content Analysis Engine Web Application Visibility and Control Enforcing Media Bandwidth Limits Software as a Service (SaaS) Access Control Filtering Adult Content Data Security and Data Loss Prevention Data Security Cisco Data Security Solution Data Security Policy Definitions Data Security Logs Performing Administration and Troubleshooting Monitor the Cisco Web Security Appliance Cisco WSA Reports Monitoring System Activity Through Logs System Administration Tasks Troubleshooting Command Line Interface

Duration 4 Days 24 CPD hours This course is intended for This course assumes the student has successfully taken and passed the NCSF Foundation 2.0 course based on the NIST Cybersecurity Framework version 1.1, release April 2018. Following the course introduction, the course provides an introduction to the intersection between digital transformation and cybersecurity, which is followed by an overview of the threat landscape. Following an approach to the implementation of cybersecurity controls, the course delves into an organizational approach to cybersecurity that starts governance, management, and a supportive culture,Finally, the course provides additional guidance for the cybersecurity practitioner to determine the current state, the desired state, and a plan to close the gap - and to do this over and over again to inculcate it into organizational DNA. Overview This course looks at the impact of digital transformation on cybersecurity risks, an understanding of the threat landscape, and an approach to the application of cybersecurity controls. It provides guidance for students on the best approach to design and build a comprehensive cybersecurity program. Executives are keenly aware of the risks but have limited knowledge on the best way to mitigate these risks. This course also enables our executives to answer the critical question - Are we secure? The class includes lectures, informative supplemental reference materials, quizzes, exercises, and formal examination. The exercises are a critical aspect of the course; do not skip them. Outcomes and benefits from this class is a practical approach that students can use to build and maintain comprehensive cybersecurity and cyber-risk management programs. This course is targeted at IT and Cybersecurity professionals looking to become certified on how to operationalize the NIST Cybersecurity Framework (NCSP) across an enterprise and its supply chain. Digital Transformation Explores what the Practitioner needs to know about the relationship between digital transformation and cybersecurity Explain how to determine the impact of cybersecurity on DX. Explain the relationships between culture and digital transformation from the perspective of a practitioner. Explain the delivery of value to stakeholders in a DX & cybersecurity environment. Illustrate the interdependent relationship between cybersecurity and DX. Threat Landscape The Practitioner needs to understand what threat actors do and their capabilities. Compare the evolving attack type impact to the threat environment. Apply knowledge about the threat landscape to maintain a readiness to respond. Develop a risk profile based on business impact analysis Establish the relationship between awareness and training in the continual improvement of cybersecurity posture. Develop and treat training & awareness as a critical aspect of deterrence Use knowledge about the threat landscape as a predicate to the adoption and adaptation of your cybersecurity posture. The Controls This chapter provides a sample set of controls based on an informative reference. Understand the purpose goals & objectives for each control. Characterize & explain the informative reference controls Discover how to apply the controls in an organizational context. Adopt & Adapt Adopt is a decision about governance; adapt is the set of management decisions that result from the decision to adopt. Distinguish Adopt, Adapt, Management & Governance. Develop an approach to adoption & adaptation. Distinguish & demonstrate the impact of organizational culture on developing cybersecurity as a capability. Develop an assessment approach to define current state. Adaptive Way of Working Threat actors are agile and highly adaptive. The cybersecurity Practitioner must develop the same capabilities Break down what constitutes an adaptive approach. Characterize & apply the need for crossfunctional teams. Recognize and prioritize the first steps (get started). Demonstrate & establish cybersecurity phases. Break down the impact of the flows. Rapid Adoption & Rapid Adaptation FastTrack FastTrack? is an approach to allow organizations to learn to adapt to an evolving threat landscape rapidly. Approach: Establish what it takes to adopt CS. Determine how that impacts management adaptation of CS. Determine how that impacts the capability to assess. CS Capability: Determine the gap between existing & needed capabilities. Establish what must be developed. Develop appropriate risk management profile. Discover how cybersecurity impacts people, practice & technology impacts organization. Differentiate CIS Implementation groups. Determine appropriate implementation group & approach. Develop appropriate phase approaches. CIIS Practice Cybersecurity is an ongoing game of cat and mouse. Organizations must learn how to inculcate cybersecurity improvement into their DNA. Break down & develop mechanisms for ongoing cybersecurity improvement that includes developing a learning organization. Illustrate an improvement plan based on the NIST 7-Step Approach. Illustrate an improvement plan based on the Improvement GPS Demonstrate understanding of Cybersecurity Maturity Model Certification Break down the balancing loop & how it fits into the escalation archetype Use the Fast Track? (improvement & implementation) cycles.