4605 Courses in Cardiff delivered Online

Duration 4 Days 24 CPD hours This course is intended for This is an intermediate -level programming course, designed for experienced Java developers who wish to get up and running on developing well defended software applications. Familiarity with Java and JEE is required and real world programming experience is highly recommended. Ideally students should have approximately 6 months to a year of Java and JEE working knowledge. Overview Students who attend Attacking and Securing Java Web Applications will leave the course armed with the skills required to recognize actual and potential software vulnerabilities and implement defenses for those vulnerabilities. This course begins by developing the skills required to fingerprint a web application and then scan it for vulnerabilities and bugs. Practical labs using current tools and techniques provide students with the experience needed to begin testing their own applications. Students also gain a deeper understanding of how attackers probe applications to understand the runtime environment as well as find potential weaknesses. This course the introduces developers to the most common security vulnerabilities faced by web applications today. Each vulnerability is examined from a Java/JEE perspective through a process of describing the threat and attack mechanisms, recognizing associated vulnerabilities, and, finally, designing, implementing, and testing effective defenses. Practical labs reinforce these concepts with real vulnerabilities and attacks. Students are then challenged to design and implement the layered defenses they will need in defending their own applications. There is an emphasis on the underlying vulnerability patterns since the technologies, use cases, and methods of attack as constantly changing. The patterns remain the same through all the change and flux. This 'skills-centric' course is about 50% hands-on lab and 50% lecture, designed to train attendees in secure web application development, coding and design, coupling the most current, effective techniques with the soundest industry practices. Our engaging instructors and mentors are highly experienced practitioners who bring years of current 'on-the-job' experience into every classroom. This lab-intensive course provides hands-on Java / JEE security training that offers a unique look at Java application security. Beginning with penetration testing and hunting for bugs in Java web applications, you embrace best practices for defensively coding web applications, covering all the OWASP Top Ten as well as several additional prominent vulnerabilities. You will repeatedly attack and then defend various assets associated with fully functional web applications and services, allowing you to experience the mechanics of how to secure JEE web applications in the most practical of terms. Bug Hunting Foundation Why Hunt Bugs? Safe and Appropriate Bug Hunting/Hacking Scanning Web Applications Scanning Applications Overview Moving Forward from Hunting Bugs Removing Bugs Foundation for Securing Applications Principles of Information Security Bug Stomping 101 Unvalidated Data Broken Authentication Sensitive Data Exposure XML External Entities (XXE) Broken Access Control Bug Stomping 102 Security Misconfiguration Cross Site Scripting (XSS) Deserialization/Vulnerable Components Insufficient Logging and Monitoring Spoofing, CSRF, and Redirects Moving Forward with Application Security Applications: What Next? Making Application Security Real

Description Digital Forensic Diploma Digital Forensic Diploma covers the branch of forensic science called digital forensics. Digital Forensic Diploma is a course that deals with the recovery and investigation of objects that are stored in digital devices. The field is closely related to computer crime and cybercrime. Digital Forensics was originally used to refer to computer forensics but later it extended to all digital devices that are capable of storing digital data. There are multiple applications of learning Digital Forensics Diploma Course. Digital forensics can be employed in the electronic discovery process which is used in courts either criminal or civil to refute a hypothesis. In the private sector, digital forensics has a place in corporate investigations especially the ones dealing with intrusions or unauthorized accesses. Digital forensics covers attribution of evidence to suspects, confirmation of statements and alibis, determination of intent, identification of sources and authentication of documents. The digital forensics investigation is divided into many branches based on the type of digital device involved. They include computer forensics, network forensics, forensic data analysis and mobile device forensics. The digital forensics process involves seizure, forensic imaging or acquisition and analysis of digital media as well as the production of a report on the evidence collected. The Digital Forensic Diploma course is greatly promising to those involved in the forensics, law and digital industry. Anyone with an investigative mindset will find Digital Forensic Diploma highly informative as well as intriguing. If you are interested in online fraud, email analysis, the cloud or anything to do with data security or digital protection, Digital Forensic Diploma is the right course for you. More and more digital devices as well as web-based services are being introduced every day and with each new device and technology, the scope of digital forensics is only growing. What you will learn 1: Knowing more about digital devices 2: The E-Evidence in Crime Investigations 3: The Authority to Search and Seize 4: Documenting and Managing the crime scene 5: Minding and Finding the Loopholes 6: Acquiring and Authenticating E-Evidence 7: Examining E-Evidence 8: Extracting Hidden Data 9: E-Mail and Web Forensics 10: Data Storage and Digital Forensics Course Outcomes After completing the course, you will receive a diploma certificate and an academic transcript from Elearn college. Assessment Each unit concludes with a multiple-choice examination. This exercise will help you recall the major aspects covered in the unit and help you ensure that you have not missed anything important in the unit. The results are readily available, which will help you see your mistakes and look at the topic once again. If the result is satisfactory, it is a green light for you to proceed to the next chapter. Accreditation Elearn College is a registered Ed-tech company under the UK Register of Learning( Ref No:10062668). After completing a course, you will be able to download the certificate and the transcript of the course from the website. For the learners who require a hard copy of the certificate and transcript, we will post it for them for an additional charge.

Radicalism and Terrorism Awareness Certification Albeit the danger from fear monger occurrences is generally low, it is indispensable that businesses, representatives and understudies stay mindful of the danger presented by radical viciousness. Cautiousness supported by a working information on vicious radicalism is the best protection against fear based oppressor related wounds and fatalities. In this course, you will figure out how and why a few group come to embrace fanatic perspectives, how to recognize radicalism in others and how a few people go too far from intense convictions to savagery. The course additionally contains useful guidance to follow should your work environment or establishment go under danger from illegal intimidation. You Will Learn: The contrast among radicalism and illegal intimidation, how the previous shows as the last mentioned and how fear mongers do their assaults. How people come to embrace fanatic perspectives, how radicals spread their message and the individual attributes that make somebody especially helpless against radicalization. Instructions to recognize the most well-known indications of fanatic perspectives and aim to do fear based oppressor exercises in a worker or understudy, and how to utilize the "Conduct Barometer" model to survey the circumstance. What to do in the event that you know or think that somebody you know has been radicalized, and the subsequent stages to take in the event that you speculate that the circumstance is raising. Instructions to utilize ETHANE and "4 C's" to react to a fear based oppressor episode, and how to advance the security and prosperity of workers and understudies. Advantages Of Taking This Course: You will acquire an overall understanding into psychological warfare and fanaticism, which will help you place news and current undertakings into setting. You will be in a situation to exhort others in your working environment or organization about the danger of psychological oppression, and how they can take deterrent measures against assaults. On the off chance that you fill in as a chief or coach, this course will help you meet your obligation to distinguish fanatic perspectives in workers and understudies. On the off chance that you work with youngsters, this course will help you help the individuals who are powerless against radicalisation, which thus empowers you to help protect your local area. A fundamental comprehension of fanaticism and psychological oppression will promote your comprehension of government strategy, fundamental for those hoping to work in the common help or united fields.

Duration 5 Days 30 CPD hours This course is intended for Pen Testers Ethical Hackers Network Auditors Cybersecurity Professionals Vulnerability Assessors Cybersecurity Managers IS Managers Overview A Certified Penetration Testing Engineer imagines all of the ways that a hacker can penetrate a data system. You have to go beyond what you learned as an Ethical Hacker because pen testing explores technical and non-technical ways of breaching security to gain access to a system. Our C)PTE course is built on proven hands-on methods utilized by our international group of vulnerability consultants. In this course you will learn 5 Key Elements of Pen Testing; Information Gathering, Scanning, Enumeration, Exploitation and Reporting. Plus, discover the latest vulnerabilities and the techniques malicious hackers are using to acquire and destroy data. Additionally, you will learn more about the business skills needed to identify protection opportunities, justify testing activities and optimize security controls appropriate to the business needs in order to reduce business risk. Once you have completed this course, you will have learned everything you need know know to move forward with a career in penetration testing. A Certified Penetration Testing Engineer imagines all of the ways that a hacker can penetrate a data system.ÿ You have to go beyond what you learned as an Ethical Hacker because pen testing explores technical and non-technical ways of breaching security to gain access to a system.ÿ ÿ Our C)PTE course is built on proven hands-on methods utilized by our international group of vulnerability consultants.ÿ In this course you will learn 5 Key Elements of Pen Testing; Information Gathering, Scanning, Enumeration, Exploitation and Reporting. Plus, discover the latest vulnerabilities and the techniques malicious hackers are using to acquire and destroy data. Additionally, you will learn more about the business skills needed to identify protection opportunities, justify testing activities and optimize security controls appropriate to the business needs in order to reduce business risk. Once you have completed this course, you will have learned everything you need know know to move forward with a career in penetration testing. Course Outline Business & Technical Logistics of Pen Testing Information Gathering Reconnaissance ? Passive (External Only) Detecting Live Systems ? Reconnaissance (Active) Banner Grabbing and Enumeration Automated Vulnerability Assessment Hacking Operating Systems Advanced Assessment and Exploitation Techniques Evasion Techniques Hacking with PowerShell Networks and Sniffing Accessing and Hacking Web Techniques Mobile and IoT Hacking Report Writing Basics

Information on the risks and practical advice to address them TSC's eBooks, whitepapers, and reports cover some of the most important risks in information and cyber security — risks that constantly challenge information and cyber security professionals who work tirelessly to reduce them across their organisations and home users alike.

Employees, managers and directors should all have a good understanding of the threat posed by cyber-attacks and the importance of guarding against data breaches. This short course will explain why cyber attacks and data breaches happen and provide practical advice on how to set up effective defences. First, the course will identify potential 'cyber threat actors' who initiate cybercrime, along with looking at the main motivations behind cyber-attacks on individuals and organisations. On a more practical level, you'll learn how to recognise and deal effectively with phishing attempts. The course will highlight the importance of keeping passwords secure and cover security for devices, such as smartphones, laptops, tablets or desktop computers. You'll learn how to report a suspected cyber attack, and what to do if you genuinely make a mistake. Finally, we'll underline the importance of cooperation and show how working closely together helps overcome a wide range of cybersecurity issues

***24 Hour Limited Time Flash Sale*** GDPR , Compliance & Information Management Level 3, 5 & 6 at QLS Admission Gifts FREE PDF & Hard Copy Certificate| PDF Transcripts| FREE Student ID| Assessment| Lifetime Access| Enrolment Letter Unleash your potential in the crucial sectors of GDPR, Compliance, and Information Management with our comprehensive course bundle. Included in this unique bundle are three Quality License Scheme (QLS) endorsed courses that provide you with an in-depth understanding of GDPR basics, compliance certification, and information management. To authenticate your learning journey, you'll receive a hardcopy certificate upon completion of these QLS-endorsed courses, marking a noteworthy milestone in your professional development. But that's not all; this course bundle also incorporates five relevant Continued Professional Development (CPD) Quality Standard (QS) accredited courses. These cover important topics like Anti-Money Laundering (AML), Know Your Customer (KYC) guidelines, Cyber Security Awareness, Cyber Law, and Security Management. Equip yourself with this comprehensive GDPR, Compliance & Information Management course bundle and stay ahead in a world that increasingly values data protection and regulatory compliance. Key Features of the GDPR, Compliance & Information Management Level 3, 5 & 6 at QLS Bundle: 3 QLS-Endorsed Courses: We proudly offer 3 QLS-endorsed courses within our GDPR, Compliance & Information Management Level 3, 5 & 6 at QLS bundle, providing you with industry-recognized qualifications. Plus, you'll receive a free hardcopy certificate for each of these courses. QLS Course 01: Data Protection : GDPR Basics QLS Course 02: Certificate in Compliance QLS Course 03: Information Management 5 CPD QS Accredited Courses: Additionally, our bundle includes 5 relevant CPD QS accredited courses, ensuring that you stay up-to-date with the latest industry standards and practices. Course 01: Anti-Money Laundering (AML) Training Course 02: KYC Course 03: Cyber Security Awareness Training Course 04: Cyber Law Online Course Course 05: Security Management Diploma In Addition, you'll get Five Career Boosting Courses absolutely FREE with this Bundle. Course 01: Professional CV Writing Course 02: Job Search Skills Course 03: Self-Esteem & Confidence Building Course 04: Professional Diploma in Stress Management Course 05: Complete Communication Skills Master Class Convenient Online Learning: Our GDPR, Compliance & Information Management Level 3, 5 & 6 at QLS courses are accessible online, allowing you to learn at your own pace and from the comfort of your own home. Learning Outcomes of the GDPR, Compliance & Information Management Level 3, 5 & 6 at QLS Bundle: By the end of this GDPR, Compliance & Information Management bundle course, learners will be able to: Understand the essentials of the General Data Protection Regulation (GDPR). Gain theoretical knowledge of compliance and its significance in businesses. Learn about the intricacies of Information Management. Gain insights into Anti-Money Laundering (AML) measures. Understand the importance of Know Your Customer (KYC) guidelines. Develop awareness about Cyber Security and its importance in the digital age. Gain insights into the essentials of Cyber Law. Understand the principles of Security Management. The GDPR, Compliance & Information Management Level 3, 5 & 6 at QLS bundle offers a wide spectrum of knowledge across several key domains. It empowers you with a fundamental understanding of the GDPR, taking you through its importance in the digital era, and ensuring data protection. The bundle also includes a course on Compliance, which deepens your knowledge of maintaining organisational standards and regulations. The Information Management course provides insights into managing and utilising information effectively in a business setting. Moreover, the bundle also includes relevant CPD QS accredited courses like AML Training and KYC, offering a thorough understanding of financial regulations and customer verification processes. Further, it encompasses courses like Cyber Security Awareness Training, Cyber Law, and Security Management Diploma, amplifying your understanding of the digital security landscape. This comprehensive course bundle promises a thorough theoretical understanding, preparing you for the next steps in your career journey. CPD 250 CPD hours / points Accredited by CPD Quality Standards Who is this course for? This GDPR, Compliance & Information Management bundle course is ideal for: Individuals aspiring for a career in data protection, compliance, or information management. Professionals in the IT or finance sector seeking to enhance their theoretical knowledge. Students studying law, finance, or related fields. Anyone with a keen interest in understanding the legal and regulatory aspects of data management. Career path GDPR Compliance Officer - Salary range in the UK: £25,000 - £55,000 per year Compliance Officer - Salary range in the UK: £26,000 - £60,000 per year Information Management Specialist - Salary range in the UK: £30,000 - £70,000 per year AML Analyst - Salary range in the UK: £30,000 - £55,000 per year Cyber Security Analyst - Salary range in the UK: £30,000 - £70,000 per year Certificates Digital certificate Digital certificate - Included Hard copy certificate Hard copy certificate - Included

Duration 1 Days 6 CPD hours This course is intended for This course is designed for candidates looking to demonstrate foundational-level knowledge of cloud-based solutions to facilitate productivity and collaboration on-site, at home, or a combination of both.ÿCandidates may have knowledge of cloud-based solutions or may be new to Microsoft 365. Overview After completing this course, students will be able to: Describe cloud concepts Describe core Microsoft 365 services and concepts Describe security, compliance, privacy, and trust in Microsoft 365 Describe Microsoft 365 pricing and support This course introduces Microsoft 365, an integrated cloud platform that delivers industry-leading productivity apps along with intelligent cloud services, and world-class security. You?ll learn foundational knowledge on the considerations and benefits of adopting cloud services and the Software as a Service (SaaS) cloud model, with a specific focus on Microsoft 365 cloud service offerings. You will begin by learning about cloud fundamentals, including an overview of cloud computing. You will be introduced to Microsoft 365 and learn how Microsoft 365 solutions improve productivity, facilitate collaboration, and optimize communications. The course then analyzes how security, compliance, privacy, and trust are handled in Microsoft 365, and it concludes with a review of Microsoft 365 subscriptions, licenses, billing, and support. 1 - Describe cloud computing What is cloud computing Describe the shared responsibility model Define cloud models Describe the consumption-based model 2 - Describe the benefits of using cloud services Describe the benefits of high availability and scalability in the cloud Describe the benefits of reliability and predictability in the cloud Describe the benefits of security and governance in the cloud Describe the benefits of manageability in the cloud 3 - Describe cloud service types Describe Infrastructure as a Service Describe Platform as a Service Describe Software as a Service 4 - What is Microsoft 365? Describe the differences between Office 365 and Microsoft 365 Describe Windows 365 Describe how Microsoft 365 empowers workers in this hybrid world of work Explore Microsoft 365 tenant 5 - Describe productivity solutions of Microsoft 365 Describe the productivity capabilities and benefits of Microsoft 365 Describe Microsoft 365 Apps Describe work management tools in Microsoft 365 Describe additional Microsoft 365 productivity apps 6 - Describe collaboration solutions of Microsoft 365 Describe the collaboration capabilities and benefits of Microsoft 365 Describe how Microsoft Teams promotes collaboration and enhances teamwork Describe the Microsoft Viva apps Describe how Yammer helps communities connect and grow 7 - Describe endpoint modernization, management concepts, and deployment options in Microsoft 365 Describe the endpoint management capabilities of Microsoft 365 Compare the differences of Windows 365 and Azure Virtual Desktop Describe the deployment and release models for Windows-as-a-Service (WaaS) Identify deployment methods and update channels for Microsoft 365 Apps 8 - Describe analytics capabilities of Microsoft 365 Describe the capabilities of Viva Insights Describe the capabilities of the Microsoft 365 admin center and Microsoft 365 user portal Describe the reports available in the Microsoft 365 admin center and other admin centers 9 - Describe the services and identity types of Azure AD Describe Azure Active Directory Describe the available Azure AD editions Describe Azure AD identity types Describe the types of external identities Describe the concept of hybrid identity 10 - Describe the access management capabilities of Azure AD Describe Conditional Access in Azure AD Describe the benefits of Azure AD roles and role-based access control 11 - Describe threat protection with Microsoft 365 Defender Describe Microsoft 365 Defender services Describe Microsoft Defender for Office 365 Describe Microsoft Defender for Endpoint Describe Microsoft Defender for Cloud Apps Describe Microsoft Defender for Identity Describe the Microsoft 365 Defender portal 12 - Describe security capabilities of Microsoft Sentinel Describe how Microsoft Sentinel provides integrated threat management Understand Sentinel costs 13 - Describe the compliance management capabilities in Microsoft Purview Describe the Microsoft Purview compliance portal Describe Compliance Manager Describe use and benefits of compliance score 14 - Describe the Service Trust Portal and privacy at Microsoft Describe the Service Trust Portal Describe Microsoft's privacy principles Describe Microsoft Priva 15 - Describe Microsoft 365 pricing, licensing, and billing options Explore pricing models for Microsoft cloud services Explore the billing and bill management options Explore the available licensing and management options 16 - Describe support offerings for Microsoft 365 services Explore support options for Microsoft 365 services Explain service level agreement (SLAs) concepts Identify how to track the service health status Explore how organizations can share feedback on Microsoft 365 services

At the end of the 5 days, Learners will attain an RQF Award in the requirements of FD&FA systems for non-domestic buildings BS 5839-1: 2017.

Overview The demand for skilled cybersecurity professionals is soaring in today's digital landscape. The CompTIA CySA+ Cybersecurity Analyst (CS0-002) course is your gateway to a lucrative and rewarding career in this high-demand industry. This course delves deep into various aspects of cybersecurity, from threat analysis and vulnerability identification to incident response and digital forensics. It's designed to ensure you're ready to excel in the field. This course covers various topics, including threat intelligence, vulnerability identification, incident response, and forensics analysis.  With 60+ hours of engaging content, our expert instructors will equip you with the knowledge and skills required to excel in the CompTIA CySA+ certification exam and kickstart your career in cybersecurity. Enrol in the CompTIA CySA+ Cybersecurity Analyst (CS0-002) course today and secure your future in this high-demand industry! How will I get my certificate? You may have to take a quiz or a written test online during or after the course. After successfully completing the course, you will be eligible for the certificate. Who is This course for? There is no experience or previous qualifications required for enrolment on this CompTIA CySA+ Cybersecurity Analyst (CS0-002). It is available to all students, of all academic backgrounds. Requirements Our CompTIA CySA+ Cybersecurity Analyst (CS0-002) is fully compatible with PC's, Mac's, Laptop, Tablet and Smartphone devices. This course has been designed to be fully compatible with tablets and smartphones so you can access your course on Wi-Fi, 3G or 4G. There is no time limit for completing this course, it can be studied in your own time at your own pace. Career Path Learning this new skill will help you to advance in your career. It will diversify your job options and help you develop new techniques to keep up with the fast-changing world. This skillset will help you to- Open doors of opportunities Increase your adaptability Keep you relevant Boost confidence And much more! Course Curriculum 22 sections • 96 lectures • 11:35:00 total length •Introduction: 00:02:00 •All about the Exam: 00:08:00 •What's New on the CompTIA CySA+ Exam?: 00:05:00 •Meet the Instructors: 00:02:00 •Thinking like the Enemy: 00:09:00 •Tools of the Trade: 00:08:00 •Intelligence Sources and Confidence Levels: 00:08:00 •Threat Indicators and Actors: 00:08:00 •Threat Trends: 00:07:00 •Intelligence Cycle and ISACs: 00:06:00 •Attack Frameworks: 00:06:00 •Threat Research: 00:11:00 •Threat Modeling and Intelligence Sharing: 00:06:00 •Vulnerability Identification: 00:07:00 •Scanning Parameters and Criteria: 00:09:00 •Scanning Special Considerations: 00:06:00 •Validation: 00:03:00 •Remediation and Mitigation: 00:08:00 •Inhibitors to Remediation: 00:07:00 •Web Applications Scanners, Part 1: 00:10:00 •Web Applications Scanners, Part 2: 00:05:00 •Scanning: 00:06:00 •Configuring and Executing Scans: 00:08:00 •Vulnerability Scanning: 00:10:00 •Reverse Engineering: 00:08:00 •Enumeration: 00:06:00 •Wireless Assessment Tools: 00:08:00 •Cloud Assessment Tools: 00:04:00 •Mobile and IoT: 00:10:00 •Embedded and Firmware Systems (RTOS, SoC, and FPGA): 00:09:00 •Access and Vehicles Risk: 00:08:00 •Automation and Control Risk: 00:10:00 •Cloud Models: 00:07:00 •Remote Service Invocation (FaaS, IaC, API): 00:10:00 •Cloud Vulnerabilities: 00:06:00 •Injection and Overflow Attacks: 00:09:00 •Injection and Overflow Attacks: 00:09:00 •Exploits: 00:08:00 •Application Vulnerabilities, Part 1: 00:08:00 •Application Vulnerabilities, Part 2: 00:07:00 •Network Architecture and Asset Management: 00:09:00 •Protecting Your Territory: 00:05:00 •Identity and Access Management: 00:11:00 •Encryption and Active Defense: 00:08:00 •Platforms: 00:07:00 •SOA and DevSecOps: 00:09:00 •Secure Software Development: 00:08:00 •Best Coding Practices: 00:04:00 •Trusted Hardware: 00:10:00 •Hardware Encryption: 00:04:00 •Hardware Security: 00:08:00 •Data Analytics: 00:10:00 •Endpoint Security: 00:08:00 •Recon Results, Part 1: 00:13:00 •Recon Results, Part 2: 00:05:00 •Impact Analysis: 00:05:00 •Collective Tools: 00:09:00 •Query Writing: 00:07:00 •E-mail Analysis, Part 1: 00:10:00 •E-mail Analysis, Part 2: 00:08:00 •Permissions: 00:09:00 •Firewalls: 00:08:00 •Intrusion Prevention Rules: 00:05:00 •DLP and Endpoint Detection: 00:05:00 •Threat Hunting and the Hypothesis: 00:06:00 •Threat Hunting Process: 00:07:00 •Results and Benefits: 00:05:00 •Workflow and Scripting: 00:07:00 •API and Malware Signature Creation: 00:08:00 •Threat Feeds and Machine Learning: 00:06:00 •Protocols, Standards, and Software Engineering: 00:05:00 •IR Roles and Responsibilities: 00:08:00 •IR Active Preparation: 00:10:00 •Incident Response Process: 00:07:00 •Network Symptoms: 00:04:00 •Host Symptoms: 00:08:00 •Application Symptoms: 00:04:00 •Digital Forensics: 00:10:00 •Seizure and Acquisitions: 00:05:00 •Forensics Acquisition Tools: 00:09:00 •Mobile, Virtualization, and Cloud: 00:06:00 •Forensics Analysis, Part 1: 00:04:00 •Forensics Analysis, Part 2: 00:08:00 •Packet Capture: 00:12:00 •Data Privacy and Security: 00:06:00 •Nontechnical Controls: 00:09:00 •Technical Controls: 00:08:00 •Business Impact Analysis: 00:05:00 •Risk Identification: 00:05:00 •Risk Calculation and Communication: 00:06:00 •Training: 00:04:00 •Supply Chain Assessment: 00:04:00 •Frameworks: 00:13:00 •Policies and Procedures: 00:05:00 •Controls and Procedures: 00:08:00 •Verification: 00:06:00