350 Information Security (IS) courses

Duration 4 Days 24 CPD hours This course is intended for This course is designed for the aspiring or sitting upper-level manager striving to advance his or her career by learning to apply their existing deep technical knowledge to business problems. In this course, students will learn in-depth content in each of the 5 CCISO Domains Domain 01 - Governance Define, Implement, Manage, and Maintain an Information Security Governance Program Information Security Drivers Establishing an information security management structure Laws/Regulations/Standards as drivers of Organizational Policy/Standards/Procedures Managing an enterprise information security compliance program Risk Management Risk mitigation, risk treatment, and acceptable risk Risk management frameworks NIST Other Frameworks and Guidance (ISO 31000, TARA, OCTAVE, FAIR, COBIT, and ITIL) Risk management plan implementation Ongoing third-party risk management Risk management policies and processes Conclusion Domain 2 - Security Risk Management, Controls, & Audit Management INFORMATION SECURITY CONTROLS COMPLIANCE MANAGEMENT GUIDELINES, GOOD AND BEST PRACTICES AUDIT MANAGEMENT SUMMARY Domain 03 - Security Program Management and Operations PROGRAM MANAGEMENT OPERATIONS MANAGEMENT Summary Domain 04 - Information Security Core Concepts ACCESS CONTROL PHYSICAL SECURITY NETWORK SECURITY ENDPOINT PROTECTION APPLICATION SECURITY ENCRYPTION TECHNOLOGIES VIRTUALIZATION SECURITY CLOUD COMPUTING SECURITY TRANSFORMATIVE TECHNOLOGIES Summary Domain 05 - Strategic Planning, Finance, Procurement and Vendor Management STRATEGIC PLANNING Designing, Developing, and Maintaining an Enterprise Information Security Program Understanding the Enterprise Architecture (EA) FINANCE PROCUREMENT VENDOR MANAGEMENT Summary

Penetration testing training course description An advanced technical hands on course focusing on hacking and counter hacking. The course revolves around a series of exercises based on "hacking" into a network (pen testing the network) and then defending against the hacks. What will you learn Perform penetration tests. Explain the technical workings of various penetration tests. Produce reports on results of penetration tests. Defend against hackers. Penetration testing training course details Who will benefit: Technical support staff, auditors and security professionals. Staff who are responsible for network infrastructure integrity. Prerequisites: IP Security IP VPNs Duration 5 days Penetration testing training course contents Introduction Hacking concepts, phases, types of attacks, 'White hacking', What is penetration testing? Why use pen testing, black box vs. white box testing, equipment and tools, security lifecycles, counter hacking, pen testing reports, methodologies, legal issues. Physical security and social engineering Testing access controls, perimeter reviews, location reviews, alarm response testing. Request testing, guided suggestions, trust testing. Social engineering concepts, techniques, counter measures, Identity theft, Impersonation on social media, Footprints through social engineering Reconnaissance (discovery) Footprinting methodologies, concepts, threats and countermeasures, WHOIS footprinting, Gaining contacts and addresses, DNS queries, NIC queries, ICMP ping sweeping, system and server trails from the target network, information leaks, competitive intelligence. Scanning pen testing. Gaining access Getting past passwords, password grinding, spoofed tokens, replays, remaining anonymous. Scanning (enumeration) Gaining OS info, platform info, open port info, application info. Routes used, proxies, firewalking, Port scanning, stealth port scanning, vulnerability scanning, FIN scanning, Xmas tree scanning, Null scanning, spoofed scanning, Scanning beyond IDS. Enumeration concepts, counter measures and enumeration pen testing. Hacking Hacking webservers, web applications, Wireless networks and mobile platforms. Concepts, threats, methodology, hacking tools and countermeasures. Trojan, Backdoors, Sniffers, Viruses and Worms Detection, concepts, countermeasures, Pen testing Trojans, backdoors, sniffers and viruses. MAC attacks, DHCP attacks, ARP poisoning, DNS poisoning Anti-Trojan software, Malware analysis Sniffing tools. Exploiting (testing) vulnerabilities Buffer overflows,, simple exploits, brute force methods, UNIX based, Windows based, specific application vulnerabilities. DoS/DDoS Concepts, techniques, attack tools, Botnet, countermeasures, protection tools, DoS attack pen testing. SQL Injection Types and testing, Blind SQL Injection, Injection tools, evasion and countermeasures. Securing networks 'Hurdles', firewalls, DMZ, stopping port scans, IDS, Honeypots, Router testing, firewall testing, IDS testing, Buffer Overflow. Cryptography PKI, Encryption algorithms, tools, Email and Disk Encryption. Information security Document grinding, privacy.

Duration 5 Days 30 CPD hours This course is intended for The CCSP is ideal for IT and information security leaders responsible for applying best practices to cloud security architecture, design, operations and service orchestration. Overview Upon completing this course, the participants will gain valuable knowledge and skills including the ability to: - Successfully pass the CCSP exam. - Understand the fundamentals of the cloud computing architecture framework. - Understand security challenges associated with different types of cloud services. - Identify and evaluate security risks for their organization?s cloud environments. - Select and implement appropriate controls to ensure secure implementation of cloud services. - Thoroughly understand the 6 essential core domains of the CCSP common body of knowledge: 1. Architectural Concepts & Design Requirements 2. Cloud Data Security 3. Cloud Platform & Infrastructure Security 4. Cloud Application Security 5. Operations 6. Legal & Compliance The goal of the course is to prepare professionals for the challenging CCSP exam by covering the objectives of the exam based on the six domains as defined in the (ISC)2 CCSP common body of knowledge. 1 - Architectural Concepts and Design Requirements Cloud Computing Concepts Cloud Reference Architecture Cloud Computing Security Concepts Design Principles of Secure Cloud Computing Trusted Cloud Services 2 - Cloud Data Security CSA (Cloud Security Alliance) Cloud Data Lifecycle Cloud Data Storage Architectures Data Security Strategies Data Discovery and Classification Technologies Protecting Privacy and PII (Personally Identifiable Information) Data Rights Management Data Retention, Deletion, and Archiving Policies Auditability, Traceability, and Accountability of Data Events 3 - Cloud Platform and Infrastructure Security Cloud Infrastructure Components Cloud Infrastructure Risks Designing and Planning Security Controls Disaster Recovery and Business Continuity Management 4 - Cloud Application Security The Need for Security Awareness and Training in application Security Cloud Software Assurance and Validation Verified Secure Software SDLC (Software Development Life Cycle) Process Secure SDLC Specifics of Cloud Application Architecture Secure IAM (Identity and Access Management) Solutions 5 - Operations Planning Process for the Data Center Design Installation and Configuration of Physical Infrastructure for Cloud Environment Running Physical Infrastructure for Cloud Environment Managing Physical Infrastructure for Cloud Environment Installation and Configuration of Logical Infrastructure for Cloud Environment Running Logical Infrastructure for Cloud Environment Managing Logical Infrastructure for Cloud Environment Compliance with Regulations and Controls Risk Assessment for Logical and Physical Infrastructure Collection, Acquisition, and Preservation of Digital Evidence Managing Communication with Stakeholders 6 - Legal and Compliance Legal Requirements and Unique Risks within the Cloud Environment Relevant Privacy and PII Laws and Regulations Audit Process, Methodologies, and Required Adaptions for a Cloud Environment Implications of Cloud to Enterprise Risk Management Outsourcing and Cloud Contract Design Vendor Management

Duration 5 Days 30 CPD hours This course is intended for The C|CT is ideal for anyone looking to start their career in cybersecurity or add a strong foundational understanding of the cybersecurity concepts and techniques required to be effective on the job. The course is especially well suited to: Early-career IT professionals, IT managers, career changers, and career advancers Students and recent graduates Overview After completing this course, you will understand: Key concepts in cybersecurity, including information security and network security Information security threats, vulnerabilities, and attacks The different types of malware Identification, authentication, and authorization Network security controls Network security assessment techniques and tools (threat hunting, threat intelligence, vulnerability assessment, ethical hacking, penetration testing, configuration and asset management) Application security design and testing techniques Fundamentals of virtualization, cloud computing, and cloud security Wireless network fundamentals, wireless encryption, and related security measures Fundamentals of mobile, IoT, and OT devices and related security measures Cryptography and public-key infrastructure Data security controls, data backup and retention methods, and data loss prevention techniques Network troubleshooting, traffic and log monitoring, and analysis of suspicious traffic The incident handling and response process Computer forensics and digital evidence fundamentals, including the phases of a forensic investigation Concepts in business continuity and disaster recovery Risk management concepts, phases, and frameworks EC-Council?s C|CT certification immerses students in well-constructed knowledge transfer. Training is accompanied by critical thinking challenges and immersive lab experiences that allow candidates to apply their knowledge and move into the skill development phase in the class itself. Upon completing the program, C|CT-certified professionals will have a strong foundation in cybersecurity principles and techniques as well as hands-on exposure to the tasks required in real-world jobs. Course Outline Information Security Threats and Vulnerabilities Information Security Attacks Network Security Fundamentals Identification, Authentication, and Authorization Network Security Controls: Administrative Controls Network Security Controls: Physical Controls Network Security Controls: Technical Controls Network Security Assessment Techniques and Tools Application Security Virtualization and Cloud Computing Wireless Network Security Mobile Device Security Internet of Things (IoT) and Operational Technology (OT) Security Cryptography Data Security Network Troubleshooting Network Traffic Monitoring Network Log Monitoring and Analysis Incident Response Computer Forensics Business Continuity and Disaster Recovery Risk Management

Duration 5 Days 30 CPD hours This course is intended for The intended audience for this course is information systems security professionals, internal review auditors, and other individuals who have an interest in aspects of information systems audit, controls, and security. Overview Upon successful completion of this course, students will be able to: - implement information systems audit services in accordance with information systems audit standards, guidelines, and best practices. - evaluate an organizations structure, policies, accountability, mechanisms, and monitoring practices. - evaluate information systems acquisition, development, and implementation. - evaluate the information systems operations, maintenance, and support of an organization; and evaluate the business continuity and disaster recovery processes used to provide assurance that in the event of a disruption, IT services are maintained. - define the protection policies used to promote the confidentiality, integrity, and availability of information assets. In this course, students will evaluate organizational policies, procedures, and processes to ensure that an organizations information systems align with its overall business goals and objectives. 1 - The Process of Auditing Information Systems ISACA Information Systems Auditing Standards and Guidelines Fundamental Business Processes Develop and Implement an Information Systems Audit Strategy Plan an Audit Conduct an Audit The Evidence Life Cycle Communicate Issues, Risks, and Audit Results Support the Implementation of Risk Management and Control Practices 2 - IT Governance and Management Evaluate the Effectiveness of IT Governance Evaluate the IT Organizational Structure and HR Management Evaluate the IT Strategy and Direction Evaluate IT Policies, Standards, and Procedures Evaluate the Effectiveness of Quality Management Systems Evaluate IT Management and Monitoring of Controls IT Resource Investment, Use, and Allocation Practices Evaluate IT Contracting Strategies and Policies Evaluate Risk Management Practices Performance Monitoring and Assurance Practices Evaluate the Organizations Business Continuity Plan 3 - Information Systems Acquisition, Development, and Implementation Evaluate the Business Case for Change Evaluate Project Management Frameworks and Governance Practices Development Life Cycle Management Perform Periodic Project Reviews Evaluate Control Mechanisms for Systems Evaluate Development and Testing Processes Evaluate Implementation Readiness Evaluate a System Migration Perform a Post-Implementation System Review 4 - Information Systems Operations, Maintenance, and Support Perform Periodic System Reviews Evaluate Service Level Management Practices Evaluate Third-Party Management Practices Evaluate Operations and End User Management Practices Evaluate the Maintenance Process Evaluate Data Administration Practices Evaluate the Use of Capacity and Performance Monitoring Methods Evaluate Change, Configuration, and Release Management Practices Evaluate Problem and Incident Management Practices Evaluate the Adequacy of Backup and Restore Provisions 5 - Protection of Information Assets Information Security Design Encryption Basics Evaluate the Functionality of the IT Infrastructure Evaluate Network Infrastructure Security Evaluate the Design, Implementation, and Monitoring of Logical Access Controls Risks and Controls of Virtualization Evaluate the Design, Implementation, and Monitoring of Data Classification Process Evaluate the Design, Implementation, and Monitoring of Physical Access Controls Evaluate the Design, Implementation, and Monitoring of Environmental Controls

  European Data Protection   Principles of Data Protection in Europe covers the essential pan-European and national data protection laws, as well as industry-standard best practices for corporate compliance with these laws. Those taking this course will gain an understanding of the European model for privacy enforcement, key privacy terminology and practical concepts concerning the protection of personal data and trans-border data flows.   The training is based on the body of knowledge for the IAPP's ANSI-accredited Certified Information Privacy Professional/Europe (CIPP/E) certification program. Privacy Programme Management   Principles of Privacy Management is the how-to training on implementing a privacy program framework, managing the privacy program operational lifecycle and structuring a knowledgeable, high-performing privacy team. Those taking this course will learn the skills to manage privacy in an organisation through process and technology-regardless of jurisdiction or industry.   The Principles of Privacy Program Management training is based on the body of knowledge for the IAPP's ANSI-accredited Certified Information Privacy Manager (CIPM) certification programme. Make a difference in your organization and in your career. The CIPM designation says that you're a leader in privacy program administration and that you've got the goods to establish, maintain and manage a privacy program across all stages of its lifecycle.  About This Course   Delivered in a modular format, this four day course covers   Days 1 & 2   Module 1: Data Protection Laws Introduces key European data protection laws and regulatory bodies, describing the evolution toward a Harmonised European Legislative Framework.  Module 2: Personal Data Defines and differentiates between types of data-including personal, anonymous, pseudo-anonymous and special categories.  Module 3: Controllers and Processors Describes the roles and relationships of controllers and processors.  Module 4: Processing Personal Data Defines data processing and GDPR processing principles, Explains the application of the GDPR and outlines the legitimate bases for processing personal data. Module 5: Information provision Explains controller obligations for providing information about data processing activities to data subjects and Supervisory Authorities.  Module 6: Data Subjects 'Rights Describes data subjects' rights, applications of rights and obligations controller and processor.  Module 7: Security or Processing Discusses considerations and duties of controllers and processors for Ensuring security of personal data and providing notification of data breaches.  Module 8: Accountability Investigates accountability requirements, data protection management systems, data protection impact assessments, privacy policies and the role of the data protection officer.  Module 9: International Data Transfers Outlines options and obligations for transferring data outside the European Economic Area, Decisions adequacy and appropriateness safeguards and derogations.  Module 10: Supervision and Enforcement Describes the role, powers and procedures or Supervisory Authorities; the composition and tasks of the European Data Protection Board; the role of the European Data Protection Supervisor; and remedies, liabilities and penalties for non-compliance.  Module 11: Compliance Discusses the applications of European data protection law, legal bases and compliance requirements for processing personal data in practice, employers-including processing employee data, surveillance, direct marketing, Internet technology and communications and outsourcing.    Days 3 & 4   Module 1: Introduction to privacy program management Identifies privacy program management responsibilities, and describes the role of accountability in privacy program management.  Module 2: Privacy governance Examines considerations for developing and implementing a privacy program, including the position of the privacy function within the organization, role of the DPO, program scope and charter, privacy strategy, support and ongoing involvement of key functions and privacy frameworks.  Module 3: Applicable laws and regulations Discusses the regulatory environment, common elements across jurisdictions and strategies for aligning compliance with organizational strategy.  Module 4: Data assessments Relates practical processes for creating and using data inventories/maps, gap analyses, privacy assessments, privacy impact assessments/data protection impact assessments and vendor assessments.  Module 5: Policies Describes common types of privacy-related policies, outlines components and offers strategies for implementation.  Module 6: Data subject rights Discusses operational considerations for communicating and ensuring data subject rights, including privacy notice, choice and consent, access and rectification, data portability, and erasure and the right to be forgotten.  Module 7: Training and awareness Outlines strategies for developing and implementing privacy training and awareness programs.  Module 8: Protecting personal information Examines a holistic approach to protecting personal information through privacy by design.  Module 9: Data breach incident plans Provides guidance on planning for and responding to a data security incident or breach.  Module 10: Measuring, monitoring and auditing program performance Relates common practices for monitoring, measuring, analyzing and auditing privacy program performance Prerequisites   There are no prerequisites for this course but attendees would benefit from a review of the materials on the IAPP SITE What's Included?   1 years membership of the IAPP Breakfast, Lunch, mid-morning and afternoon snacks, teas, coffees Official Study Guides* Official Participant Guides* Official Exam Q&A's* Both exam fees * In electronic format for Live Online and hard copy for Classroom delegates     Who Should Attend?   This course is suitable for aspiring Data Protection Officers, as well as Information Security Managers, Lawyers, Data Managers, Analysts and Risk Teams. Provided by Our Guarantee   We are an approved IAPP Training Partner. You can learn wherever and whenever you want with our robust classroom and interactive online training courses. Our courses are taught by qualified practitioners with a minimum of 25 years commercial experience. We strive to give our delegates the hands-on experience. Our courses are all-inclusive with no hidden extras.  The one-off cost covers the training, all course materials, and exam voucher. Our aim: To achieve a 100% first time pass rate on all our instructor-led courses. Our Promise: Pass first time or 'train' again for FREE. *FREE training offered for retakes - come back within a year and only pay for the exam.

ICA International Diploma in Financial Crime Prevention This advanced level qualification will better equip you to meet the many challenges associated with identifying, understanding, and mitigating financial crime risks including fraud, cybercrime, corruption, money laundering and terrorist financing. It will deepen your understanding and enhance your professional credibility. Benefits of studying with ICA: Flexible learning solutions that are suited to you Our learner-centric approach means that you will gain relevant practical and academic skills and knowledge that can be used in your current role Improve your career options by undertaking a globally recognised qualification that hiring managers look for as part of their hiring criteria Many students have stated that they have received a promotion and/or pay rise as a direct result of gaining their qualification The qualifications ensure that you are enabled to develop strategies to help manage and prevent risk within your firm, thus making you an invaluable asset within the current climate. This course is awarded in association with Alliance Manchester Business School, the University of Manchester. how will you learn 9-month course assessed by 3 written assignments (3,000 - 3,500 words) A mixture of guided online study and participation in live sessions:2 x virtual classrooms1 x immersive learning scenario (putting you at the centre of a story)3 x tutorials (a chance to discuss elements of the course in more depth)3 x assessment preparation sessions Videos covering the latest industry developments and case studies Access to the ICA members' portal containing additional reading and resources Proactive support throughout the course to help you stay on track Completion of the ICA Diploma in Financial Crime Prevention training course will produce the following outcomes: Professional qualification: ICA Diploma in Financial Crime Prevention-participants will be able to use the designation 'Dip (Fin.Crime).' Eligibility to apply for Professional membership of the ICA Detailed knowledge on the nature of financial crime Practical understanding of best practice and how to prevent financial crime This course is awarded in association with Alliance Manchester Business School, the University of Manchester. This ICA Diploma in Financial Crime Prevention provides Participants with in-depth knowledge and skills in the following areas: Understanding and managing financial crime Practical application of the International Standards The prevention and detection of specific financial crime risks Data and information security Bribery and corruption Electronic crime Investigation, prosecution and recovery.

Enhance cloud security expertise with specialized training, bridge skill gaps for job growth, and excel in cloud controls and best practices. This course is delivered online by Sean Hanna, three time EC-Council global trainer of the year award winner.

Duration 3 Days 18 CPD hours This course is intended for This course is intended for security engineers, security architects, and information security professionals. Overview Identify security benefits and responsibilities of using the AWS Cloud Build secure application infrastructures Protect applications and data from common security threats Perform and automate security checks Configure authentication and permissions for applications and resources Monitor AWS resources and respond to incidents Capture and process logs Create and configure automated and repeatable deployments with tools such as AMIs and AWS CloudFormation This course demonstrates how to efficiently use AWS security services to stay secure in the AWS Cloud. The course focuses on the security practices that AWS recommends for enhancing the security of your data and systems in the cloud. The course highlights the security features of AWS key services including compute, storage, networking, and database services. You will also learn how to leverage AWS services and tools for automation, continuous monitoring and logging, and responding to security incidents. Prerequisites We recommend that attendees of this course have: Working knowledge of IT security practices and infrastructure concepts Familiarity with cloud computing concepts Completed AWS Security Essentials and Architecting on AWS courses 1 - Security on AWS Security in the AWS cloud AWS Shared Responsibility Model Incident response overview DevOps with Security Engineering 2 - Identifying Entry Points on AWS Identify the different ways to access the AWS platform Understanding IAM policies IAM Permissions Boundary IAM Access Analyzer Multi-factor authentication AWS CloudTrail 3 - Security Considerations: Web Application Environments Threats in a three-tier architecture Common threats: user access Common threats: data access AWS Trusted Advisor 4 - Application Security Amazon Machine Images Amazon Inspector AWS Systems Manager 5 - Data Security Data protection strategies Encryption on AWS Protecting data at rest with Amazon S3, Amazon RDS, Amazon DynamoDB Protecting archived data with Amazon S3 Glacier Amazon S3 Access Analyzer Amazon S3 Access Points 6 - Securing Network Communications Amazon VPC security considerations Amazon VPC Traffic Mirroring Responding to compromised instances Elastic Load Balancing AWS Certificate Manager 7 - Monitoring and Collecting Logs on AWS Amazon CloudWatch and CloudWatch Logs AWS Config Amazon Macie Amazon VPC Flow Logs Amazon S3 Server Access Logs ELB Access Logs 8 - Processing Logs on AWS Amazon Kinesis Amazon Athena 9 - Security Considerations: Hybrid Environments AWS Site-to-Site and Client VPN connections AWS Direct Connect AWS Transit Gateway 10 - Out-Of-Region Protection Amazon Route 53 AWS WAF Amazon CloudFront AWS Shield AWS Firewall Manager DDoS mitigation on AWS 11 - Security Considerations: Serverless Environments Amazon Cognito Amazon API Gateway AWS Lambda 12 - Threat Detection and Investigation Amazon GuardDuty AWS Security Hub Amazon Detective 13 - Secrets Management on AWS AWS KMS AWS CloudHSM AWS Secrets Manager 14 - Automation and Security by Design AWS CloudFormation AWS Service Catalog 15 - Account Management and Provisioning on AWS AWS Organizations AWS Control Tower AWS SSO AWS Directory Service

The “ISO 27001: 2013 Lead Auditor” course provides comprehensive training in the ISO 27001: 2013 standard and all its requirements from the Lead auditor’s point of view, as well as basic skills necessary to Lead audit activities. It’s a practical-oriented training that should be considered “a must” for every ISO 27001: 2013 Lead auditor.