349 Information Security Awareness courses delivered Online

Duration 3 Days 18 CPD hours This course is intended for Risk managersBusiness Process OwnersBusiness Finance ManagersBusiness Risk ManagersRegulatory Compliance ManagersProject ManagementPersons responsible for information security or conformity within an organization Overview To understand the concepts, approaches, methods and techniques allowing an effective risk managementaccording to ISO 31000To understand the relationship between the risk management and the compliance with the requirements ofdifferent stakeholders of an organizationTo acquire the competence to implement, maintain and manage an ongoing risk management program accordingto ISO 31000To acquire the competence to effectively advise organizations on the best practices in risk management In this three-day intensive course participants develop the competence to master a model for implementing risk management processes throughout their organization using the ISO 31000:2009 standard as a reference framework. Day 1 Introduction to the Risk Management framework according to ISO 31000 Concepts and definitions related to Risk Management Risk Management standards, frameworks and methodologies Implementation of a Risk Management framework Understanding an organization and its context Day 2 Risk identification and assessment, risk evaluation, treatment, acceptance, communication and surveillance according to ISO 31000 Risk identification Risk analysis and risk evaluation Risk treatment Risk acceptance and residual risk management Risk communication and consultation Risk monitoring and review Day 3 Risk assessment methodologies according to ISO 31000 and Certification Exam Presentation of risk assessment methodologies Certification Exam

Duration 2 Days 12 CPD hours This course is intended for This is an introduction to database security course for intermediate skilled team members. Attendees might include DBAs, system administrators, developers and other enterprise team members. Ideally, students should have approximately 6 months to a year of database working knowledge. Overview Students who attend Securing Databases will leave the course armed with the skills required to recognize actual and potential database vulnerabilities, implement defenses for those vulnerabilities, and test those defenses for sufficiency. This course introduces students to the most common security vulnerabilities faced by databases today. Each vulnerability is examined from a database perspective through a process of describing the threat and attack mechanisms, recognizing associated vulnerabilities, and, finally, designing, implementing, and testing effective defenses. Multiple practical demonstrations reinforce these concepts with real vulnerabilities and attacks. Students will learn how to design and implement the layered defenses they will need in defending their own databases. Securing Databases is an essential training course for DBAs and developers who need to produce secure database applications and manage secure databases. Data, databases, and related resources are at the heart of most IT infrastructures. These assets can have high value from a business, regulatory, and liability perspective, and must be protected accordingly. This course showcases demonstrations on how to repeatedly attack and then defend various assets associated with a fully functional database. This approach illustrates the mechanics of how to secure databases in the most practical of terms. Security experts agree that the least effective approach to security is 'penetrate and patch'. It is far more effective to 'bake' security into an application throughout its lifecycle. After spending significant time trying to defend a poorly designed (from a security perspective) database application, students will learn how to build secure their databases and applications, starting at project inception. Securing Databases Foundation Why Hunt for Security Defects? Fingerprinting Databases Principles of Information Security Database Security Vulnerabilities Database Security Concerns Vulnerabilities Cryptography Overview Database Security Database Security What Next? Secure Development Lifecycle (SDL) SDL Process Overview Taking Action Now Asset Analysis Design Review Making Application Security Real

Duration 4 Days 24 CPD hours This course is intended for C - Level Managers IT Managers Cyber Security Personelle Engineers Information Systems Owners ISSO's CISSP Students ISO's Overview Upon completion, the Certified Security Leadership Officer candidate be able to competently take the C)SLO exam. You will be versed in implementing strong security controls and managing an organization with an industry acceptable security posture. Certified Security Leadership Officerÿ course is designed for mid and upper-level managers.ÿ If you are an engineer, this course will increase your knowledge in the leading information system security teams. Plus, the C)SLO will give you an essential understanding of current security issues, best practices, and technology. With this knowledge you will then be prepared to manage the security component of an information technology project. As a Security Leadership Officer, you will be the bridge between cybersecurity and business operations. Course Outline Security Management Risk Management Encryption Information Security Access Control Concepts Incident Handling and Evidence Operations Security Network Security Additional course details: Nexus Humans C)SLO-Certified Security Leadership Officer Mile 2 training program is a workshop that presents an invigorating mix of sessions, lessons, and masterclasses meticulously crafted to propel your learning expedition forward. This immersive bootcamp-style experience boasts interactive lectures, hands-on labs, and collaborative hackathons, all strategically designed to fortify fundamental concepts. Guided by seasoned coaches, each session offers priceless insights and practical skills crucial for honing your expertise. Whether you're stepping into the realm of professional skills or a seasoned professional, this comprehensive course ensures you're equipped with the knowledge and prowess necessary for success. While we feel this is the best course for the C)SLO-Certified Security Leadership Officer Mile 2 course and one of our Top 10 we encourage you to read the course outline to make sure it is the right content for you. Additionally, private sessions, closed classes or dedicated events are available both live online and at our training centres in Dublin and London, as well as at your offices anywhere in the UK, Ireland or across EMEA.

Duration 1 Days 6 CPD hours This course is intended for This course is designed primarily for IT leaders and company executives who are responsible for complying with incident response legislation. This course focuses on the knowledge, resources, and skills necessary to comply with incident response, and incident handling process requirements. Overview In this course, you will understand, assess and respond to security threats and operate a system and network security analysis platform. You will: Explain the importance of best practices in preparation for incident response Given a scenario, execute incident response process Explain general mitigation methods and devices Assess and comply with current incident response requirements. This course covers incident response methods and procedures are taught in alignment with industry frameworks such as US-CERT?s NCISP (National Cyber Incident Response Plan), and Presidential Policy Directive (PPD) 41 on Cyber Incident Coordination Policy. It is ideal for candidates who have been tasked with managing compliance with state legislation and other regulatory requirements regarding incident response, and for executing standardized responses to such incidents. The course introduces procedures and resources to comply with legislative requirements regarding incident response. This course is designed to assist students in preparing for the CertNexus Incident Responder Credential (CIR-110). What you learn and practice in this course can be a significant part of your preparation. Assessment of Information Security Risks The Importance of Risk Management Integrating Documentation into Risk Management Response to Cybersecurity Incidents Deployment of Incident Handling and Response Architecture Containment and Mitigation of Incidents Preparation for Forensic Investigation as a CSIRT Investigating Cybersecurity Incidents Use a Forensic Investigation Plan Securely Collect and Analyze Electronic Evidence Follow Up on the Results of an Investigation Complying with Legislation Examples of Legislation (if this is covered in above topics, no need to include here) GDPR, HIPPA, Elections Case study: Incident Response and GDPR (Using GDPR legislation, create a response that is compliant with it ? this could be discussion-based activity as well.) State Legislation Resources and Example Search terms to find state legislation Using NYS as example use the NYS Privacy Response act or other legislation to create a similar case study as previous. Provide answers on when to use federal versus state and do you have to follow both?

Duration 4.125 Days 24.75 CPD hours This course is intended for The job roles best suited to the material in this course are: Project managers and consultants involved in business continuity Expert advisors seeking to master the implementation of the business continuity management system Individuals responsible to maintain conformity with BCMS requirements within an organization Members of the BCMS team Overview Understand the concepts, approaches, methods, and techniques used for the implementation and effective management of a BCMS. Learn how to interpret and implement the requirements of ISO 22301 in the specific context of an organization. Understand the operation of the business continuity management system and its processes based on ISO 22301. Learn how to interpret and implement the requirements of ISO 22301 in the specific context of an organization. No two disasters in the world cause equal damage. Between the unpredictability of natural disasters, information security breaches, and incidents of different nature, preparedness can make you stand out in the crowd and predict the future of your business. In light of this, proper planning is essential to mitigating risks, avoiding consequences, coping with the negative effects of disasters and incidents, but at the same time, continuing your daily operations so that customer needs do not remain unfulfilled.This training course will prepare its participants to implement a business continuity management system (BCMS) in compliance with the requirements of ISO 22301. Attending this training course allows you to gain a comprehensive understanding of the best practices of the business continuity management system and to be able to establish a framework that allows the organization to continue operating efficiently during disruptive events Introduction to ISO 22301 and initiation of a BCMS Training course objectives and structure Standards and regulatory frameworks Business continuity management system (BCMS) Fundamental business continuity concepts and principles Initiation of the BCMS implementation Understanding the organization and its context BCMS scope Implementation plan of a BCMS Leadership and commitment Business continuity policy Risks, opportunities, and business continuity objectives Support for the BCMS Business impact analysis Risk assessment Implementation of a BCMS Business continuity strategies and solutions Business continuity plans and procedures Incident response and emergency response Crisis management Exercise programs Monitoring, measurement, analysis, and evaluation Internal audit BCMS monitoring, continual improvement, and preparation for the certification audi Management review Treatment of nonconformities Continual improvement Preparation for the certification audit Closing of the training course

Duration 3 Days 18 CPD hours This course is intended for Organizations today demand a professional-level cybersecurity threat intelligence analyst who can extract the intelligence from data by implementing various advanced strategies. Such professional-level programs can only be achieved when the core of the curricula maps with and is compliant to government and industry published threat intelligence frameworks. Ethical Hackers Security Practitioners, Engineers, Analysts, Specialist, Architects, and Managers Threat Intelligence Analysts, Associates, Researchers, Consultants Threat Hunters SOC Professionals Digital Forensic and Malware Analysts Incident Response Team Members Any mid-level to high-level cybersecurity professionals with a minimum of 2 years of experience. Individuals from the information security profession and who want to enrich their skills and knowledge in the field of cyber threat intelligence. Individuals interested in preventing cyber threats. Overview This program will benefit students who are looking to build effective threat intelligence for their organization in order to combat modern-day cyber-attacks and prevent future attacks. Certified Threat Intelligence Analyst (C|TIA) is designed and developed in collaboration with cybersecurity and threat intelligence experts across the globe to help organizations identify and mitigate business risks by converting unknown internal and external threats into known threats. It is a comprehensive, specialist-level program that teaches a structured approach for building effective threat intelligence. Introduction to Threat Intelligence Understanding Intelligence Understanding Cyber Threat Intelligence Overview of Threat Intelligence Lifecycle and Frameworks Cyber Threats and Kill Chain Methodology Understanding Cyber Threats Understanding Advanced Persistent Threats (APTs) Understanding Cyber Kill Chain Understanding Indicators of Compromise (IoCs) Requirements, Planning, Direction, and Review Understanding Organization?s Current Threat Landscape Understanding Requirements Analysis Planning Threat Intelligence Program Establishing Management Support Building a Threat Intelligence Team Overview of Threat Intelligence Sharing Reviewing Threat Intelligence Program Data Collection and Processing Overview of Threat Intelligence Data Collection Overview of Threat Intelligence Collection Management Overview of Threat Intelligence Feeds and Sources Understanding Threat Intelligence Data Collection and Acquisition Understanding Bulk Data Collection Understanding Data Processing and Exploitation Data Analysis Overview of Data Analysis Understanding Data Analysis Techniques Overview of Threat Analysis Understanding Threat Analysis Process Overview of Fine-Tuning Threat Analysis Understanding Threat Intelligence Evaluation Creating Runbooks and Knowledge Base Overview of Threat Intelligence Tools Intelligence Reporting and Dissemination Overview of Threat Intelligence Reports Introduction to Dissemination Participating in Sharing Relationships Overview of Sharing Threat Intelligence Overview of Delivery Mechanisms Understanding Threat Intelligence Sharing Platforms Overview of Intelligence Sharing Acts and Regulations Overview of Threat Intelligence Integration

Duration 4 Days 24 CPD hours This course is intended for This is an intermediate -level programming course, designed for experienced Java developers who wish to get up and running on developing well defended software applications. Familiarity with Java and JEE is required and real world programming experience is highly recommended. Ideally students should have approximately 6 months to a year of Java and JEE working knowledge. Overview Students who attend Attacking and Securing Java Web Applications will leave the course armed with the skills required to recognize actual and potential software vulnerabilities and implement defenses for those vulnerabilities. This course begins by developing the skills required to fingerprint a web application and then scan it for vulnerabilities and bugs. Practical labs using current tools and techniques provide students with the experience needed to begin testing their own applications. Students also gain a deeper understanding of how attackers probe applications to understand the runtime environment as well as find potential weaknesses. This course the introduces developers to the most common security vulnerabilities faced by web applications today. Each vulnerability is examined from a Java/JEE perspective through a process of describing the threat and attack mechanisms, recognizing associated vulnerabilities, and, finally, designing, implementing, and testing effective defenses. Practical labs reinforce these concepts with real vulnerabilities and attacks. Students are then challenged to design and implement the layered defenses they will need in defending their own applications. There is an emphasis on the underlying vulnerability patterns since the technologies, use cases, and methods of attack as constantly changing. The patterns remain the same through all the change and flux. This 'skills-centric' course is about 50% hands-on lab and 50% lecture, designed to train attendees in secure web application development, coding and design, coupling the most current, effective techniques with the soundest industry practices. Our engaging instructors and mentors are highly experienced practitioners who bring years of current 'on-the-job' experience into every classroom. This lab-intensive course provides hands-on Java / JEE security training that offers a unique look at Java application security. Beginning with penetration testing and hunting for bugs in Java web applications, you embrace best practices for defensively coding web applications, covering all the OWASP Top Ten as well as several additional prominent vulnerabilities. You will repeatedly attack and then defend various assets associated with fully functional web applications and services, allowing you to experience the mechanics of how to secure JEE web applications in the most practical of terms. Bug Hunting Foundation Why Hunt Bugs? Safe and Appropriate Bug Hunting/Hacking Scanning Web Applications Scanning Applications Overview Moving Forward from Hunting Bugs Removing Bugs Foundation for Securing Applications Principles of Information Security Bug Stomping 101 Unvalidated Data Broken Authentication Sensitive Data Exposure XML External Entities (XXE) Broken Access Control Bug Stomping 102 Security Misconfiguration Cross Site Scripting (XSS) Deserialization/Vulnerable Components Insufficient Logging and Monitoring Spoofing, CSRF, and Redirects Moving Forward with Application Security Applications: What Next? Making Application Security Real

Duration 4 Days 24 CPD hours This course is intended for This is an intermediate-level programming course, designed for experienced .Net developers who wish to get up and running on developing well defended software applications. Real world programming experience with .Net is required. Overview Students who attend Attacking and Securing .Net Web Applications will leave the course armed with the skills required to recognize actual and potential software vulnerabilities and implement defenses for those vulnerabilities. This course begins by developing the skills required to fingerprint a web application and then scan it for vulnerabilities and bugs. Practical labs using current tools and techniques provide students with the experience needed to begin testing their own applications. Students also gain a deeper understanding of how attackers probe applications to understand the runtime environment as well as find potential weaknesses. This course the introduces developers to the most common security vulnerabilities faced by web applications today. Each vulnerability is examined from a .Net perspective through a process of describing the threat and attack mechanisms, recognizing associated vulnerabilities, and, finally, designing, implementing effective defenses. Practical labs reinforce these concepts with real vulnerabilities and attacks. Students are then challenged to design and implement the layered defenses they will need in defending their own applications. There is an emphasis on the underlying vulnerability patterns since the technologies, use cases, and methods of attack as constantly changing. The patterns remain the same through all the change and flux. This 'skills-centric' course is about 50% hands-on lab and 50% lecture, designed to train attendees in secure web application development, coding and design, coupling the most current, effective techniques with the soundest industry practices. Our instructors and mentors are highly experienced practitioners who bring years of current 'on-the-job' experience into every classroom. This lab-intensive course provides hands-on .Net security training that offers a unique look at .Net application security. Beginning with penetration testing and hunting for bugs in .Net web applications, you thoroughly examine best practices for defensively coding web applications, covering all the OWASP Top Ten as well as several additional prominent vulnerabilities. You will repeatedly attack and then defend various assets associated with fully functional web applications and services, driving home the mechanics of how to secure .Net web applications in the most practical of terms. Bug Hunting Foundation Why Hunt Bugs? Safe and Appropriate Bug Hunting/Hacking Scanning Web Applications Scanning Applications Overview Moving Forward from Hunting Bugs Removing Bugs Foundation for Securing Applications Principles of Information Security Bug Stomping 101 Unvalidated Data Injection Broken Authentication Sensitive Data Exposure XML External Entities (XXE) Broken Access Control Bug Stomping 102 Security Misconfiguration Cross Site Scripting (XSS) Deserialization/Vulnerable Components Insufficient Logging and Monitoring Spoofing, CSRF, and Redirects Moving Forward with Application Security Applications: What Next? .NET Issues and Best Practices Making Application Security Real Time Permitting Topics Cryptography Overview .NET Cryptographic Services

Duration 5 Days 30 CPD hours This course is intended for Although there are no mandatory prerequisites, the course is particularly suited for the following audiences: Cybersecurity engineer Cybersecurity investigator Incident manager Incident responder Network engineer SOC analysts currently functioning at entry level with 2+ years of experience Overview After taking this course, you should be able to: Describe the types of service coverage within a SOC and operational responsibilities associated with each. Compare security operations considerations of cloud platforms. Describe the general methodologies of SOC platforms development, management, and automation. Explain asset segmentation, segregation, network segmentation, micro-segmentation, and approaches to each, as part of asset controls and protections. Describe Zero Trust and associated approaches, as part of asset controls and protections. Perform incident investigations using Security Information and Event Management (SIEM) and/or security orchestration and automation (SOAR) in the SOC. Use different types of core security technology platforms for security monitoring, investigation, and response. Describe the DevOps and SecDevOps processes. Explain the common data formats, for example, JavaScript Object Notation (JSON), HTML, XML, CommaSeparated Values (CSV). Describe API authentication mechanisms. Analyze the approach and strategies of threat detection, during monitoring, investigation, and response. Determine known Indicators of Compromise (IOCs) and Indicators of Attack (IOAs). Interpret the sequence of events during an attack based on analysis of traffic patterns. Describe the different security tools and their limitations for network analysis (for example, packet capture tools, traffic analysis tools, network log analysis tools). Analyze anomalous user and entity behavior (UEBA). Perform proactive threat hunting following best practices. The Performing CyberOps Using Cisco Security Technologies (CBRCOR) v1.0 course guides you through cybersecurity fundamentals and prepares you for the role of Information Security Analyst on a Security Operations Center team. You?ll learn to automate for security using cloud platforms and how to apply your knowledge to real-world scenarios Course Outline Understanding Risk Management and SOC Operations Understanding Analytical Processes and Playbooks Investigating Packet Captures, Logs, and Traffic Analysis Investigating Endpoint and Appliance Logs Understanding Cloud Service Model Security Responsibilities Understanding Enterprise Environment Assets Threat Tuning Threat Researching and Threat Intelligence Practices Understanding APIs Understanding SOC Development and Deployment Models Performing Security Analytics and Reports in a SOC Malware Forensics Basics Threat Hunting Basics Additional course details: Nexus Humans Cisco Performing CyberOps Using Cisco Security Technologies (CBRCOR) v1.0 training program is a workshop that presents an invigorating mix of sessions, lessons, and masterclasses meticulously crafted to propel your learning expedition forward. This immersive bootcamp-style experience boasts interactive lectures, hands-on labs, and collaborative hackathons, all strategically designed to fortify fundamental concepts. Guided by seasoned coaches, each session offers priceless insights and practical skills crucial for honing your expertise. Whether you're stepping into the realm of professional skills or a seasoned professional, this comprehensive course ensures you're equipped with the knowledge and prowess necessary for success. While we feel this is the best course for the Cisco Performing CyberOps Using Cisco Security Technologies (CBRCOR) v1.0 course and one of our Top 10 we encourage you to read the course outline to make sure it is the right content for you. Additionally, private sessions, closed classes or dedicated events are available both live online and at our training centres in Dublin and London, as well as at your offices anywhere in the UK, Ireland or across EMEA.

Duration 2 Days 12 CPD hours This course is intended for There is no specific prerequisite for the CDRP© course. However, participants who have at least three years' experience in a data centre and/or IT infrastructures will be best suited. Overview After completion of the course, the participant will be able to: 1. Understand the different standards and methodologies for risk management and assessment 2. Establish the required project team for risk management 3. Perform the risk assessment, identifying current threats, vulnerabilities and the potential impact based on customised threat catalogues 4. Report on the current risk level of the data centre both quantitative and qualitative 5. Anticipate and minimise potential financial impacts 6. Understand the options for handling risk 7. Continuously monitor and review the status of risk present in the data centre 8. Reduce the frequency and magnitude of incidents 9. Detect and respond to events when they occur 10. Meet regulatory and compliance requirements 11. Support certification processes such as ISO/IEC 27001 12. Support overall corporate and IT governance Introduction to Risk Management Risk management concepts Senior management and risk Enterprise Risk Management (ERM) Benefits of risk management Data Centre Risk and Impact Risk in facility, power, cooling, fire suppression, infrastructure and IT services Impact of data centre downtime Main causes of downtime Cost factors in downtime Standards, Guidelines and Methodologies ISO/IEC 27001:2013, ISO/IEC 27005:2011, ISO/IEC 27002:2013 NIST SP 800-30 ISO/IEC 31000:2009 SS507:2008 ANSI/TIA-942 Other methodologies (CRAMM, EBIOS, OCTAVE, etc.) Risk Management Definitions Asset Availability/Confidentiality/Integrity Control Information processing facility Information security Policy Risk Risk analysis/Risk assessment/Risk evaluation/ Risk treatment Threat/Vulnerability Types of risk Risk Assessment Software The need for software Automation Considerations Risk Management Process The risk management process Establishing the context Identification Analysis Evaluation Treatment Communication and consultation Monitoring and review Project Approach Project management principles Project management methods Scope Time Cost Cost estimate methods Context Establishment General considerations Risk evaluation, impact and acceptance criteria Severity rating of impact Occurrence rating of probability Scope and boundaries Scope constraints Roles & responsibilities Training, awareness and competence Risk Assessment - Identification The risk assessment process Identification of assets Identification of threats Identification of existing controls Identification of vulnerabilities Identification of consequences Hands-on exercise: Identification of assets, threats, existing controls, vulnerabilities and consequences Risk Assessment - Analysis and Evaluation Risk estimation Risk estimation methodologies Assessment of consequences Assessment of incident likelihood Level of risk estimation Risk evaluation Hands-on exercise: Assessment of consequences, probability and estimating level of risk Risk Treatment The risk treatment process steps Risk Treatment Plan (RTP) Risk modification Risk retention Risk avoidance Risk sharing Constraints in risk modification Control categories Control examples Cost-benefit analysis Control implementation Residual risk Communication Effective communication of risk management activities Benefits and concerns of communication Risk Monitoring and Review Ongoing monitoring and review Criteria for review Risk scenarios Risk assessment approach Data centre site selection Data centre facility Cloud computing UPS scenarios Force majeure Organisational shortcomings Human failure Technical failure Deliberate acts Exam: Certified Data Centre Risk Professional Actual course outline may vary depending on offering center. Contact your sales representative for more information.