ITU-IMPACT Training and Skills Development Course Catalogue

Transcription

1 ITU-IMPACT Training and Skills Development Course Catalogue Management Track Technical Track Course Area Management Incident Response Digital Forensics Network Application Law Enforcement Foundation Management Essentials Intermediate Developing Policies and Procedures ISO Information Management System (ISMS) Concepts and Awareness ISO Information Management System (ISMS) Implementation Developing and Implementing Computer Incident Response Team (CIRT) Incident Handling and Response Advanced Incident Handling and Response Malware Analysis Introduction to Digital Forensics Network Forensics and Investigations Audit Mac and Mobile Forensics Cloud Forensics Securing Networks Vulnerability Assessment / Penetration Testing NetFlow Analysis Web Application Cybercrime Inves igation for Law Enforcement Advanced (ISC) 2 CISSP CBK Review Seminar Target Audience CIO, CISO, IT Managers, Incident Managers, Responders and Forensics Analysts, Forensics Investigators, Network Administrator, Network Support, Web Application Law Enforcement Developers, Officers, IT Executives, Analysts, Incident Handlers, Incident Handlers, Webmasters, Legal Officers, Compliance Managers, Network and System and Malware Analysts. Network Managers, and Application and Lawyers. Dept. Heads, Managers and Administrators, and IT Support, Support Executives. Executives. Malware Researchers IT Administrators, and Investigators. and CIRT Analysts.

2 ITU-IMPACT Management and Specialised Tracks - The Roadmap TECHNICAL TRACK Incident Response Developing and Implementing Computer Incident Response Team (CIRT) Incident Handling and Response Advanced Incident Handling and Response Malware Analysis Introduction to Digital Forensics Advanced Network Forensics Digital Forensics Audit Mac and Mobile Forensics Cloud Forensics Securing Networks Network Vulnerability Assessment / Penetration Testing NetFlow Analysis MANAGEMENT TRACK Application Web Application Management Essentials Developing Policies and Procedures ISO Information Management System (ISMS) Concepts and Awareness Management Law Enforcement Cybercrime Investigations for Law Enforcement ISO Information Management System (ISMS) and Implementation

3 1. Management Track This track addresses management s concerns on the overall information security management for businesses and organisations which has evolved from a technical perspective to business. Key success factors are areas such as security or corporate governance taking into account the adoption of security frameworks, information security standards, security policies, best practices, guidelines, and risk management. 1.1 Management Organisations today are exposed to more complexities and uncertainties with the increasing use of technology and the pace at which the risk environment is changing. As every business assets and processes are exposed to both internal and external threats, organisations must implement internationally accepted information security standards, best practices and controls to identify, manage and mitigate these threats. Organisation-centric approaches to security management taking into consideration the impact of risks on the organisation determines the best security activities and practices most suitable for the organisations cybersecurity resilience Management Essentials Management is a comprehensive course which provides IT professionals and practitioners with the most up-to-date developments in cybersecurity. This course covers the key concepts, definitions, principles and goals of information security taking into consideration both management and technological aspects. Key topics include firewalls, intrusion detection and prevention systems, risk management models including ISO 27001, standards, security policies, tools and techniques used in cyber threats, security risks to networks, defending against attacks through the implementation of proper security mechanisms, encryption, authentication and authorisation technologies. Participants will also see live demonstrations of the tools and techniques used by malicious individuals to attack vulnerable applications and systems. Awareness is included as part of the course targeting all audiences specifically managers and IT Administrators. This is a value added offering to ensure participants are well informed of most current security threats and issues related to their roles and respons bilities. Awareness for Managers is targeted at those with responsibility for staff and protection of assets, while Awareness for IT Administrators is targeted at those with IT and Network Systems administration, developmental, and supporting responsibilities. This course sets the core foundation of IT security knowledge. It is suitable for any member of the IT community from the newest of the team to the most experienced professional. It descr bes the core fundamentals of information security in an interesting and relevant manner, covers the close alignment of information security with the changing business requirements, enabling participants to effectively understand information security concepts in business processes and designs. Target Audience IT Managers/Executives, IT Systems Administrators, Administrators, Database Administrators, Access Control Administrators, Systems Analysts and Designers, Application Developers, Business Analysts, and user representatives. Course Duration This course can be customised according to participant s requirement. Delivery Mode Lecture with presentation slides, course materials, learning activities, case studies, and review questions Developing Policies and Procedures As business needs as well as the environment change, new risks are always on the horizon and critical systems are continually exposed to new vulnerabilities. Policy development and assessment are a continual process. This is a hands-on intensive course on writing, implementing and assessing security policies. This intensive course is suitable for IT and non-it professionals carrying out cybersecurity duties including creating and maintaining of policy and procedures. It provides hands on training on writting, implementing and assessing security policies. Participants will be assigned to write policy template. Target Audience: Managers, CISOs, CSOs and anyone responsible for developing security policies. Course Duration: 3 days

4 1.1.3 ISO Information Management System (ISMS) Concepts and Awareness ISMS is a risk management approach to maintaining the confidentiality, integrity and availability of the organisation s information. This course is designed to promote awareness of the objectives and benefits of information security, as well as the requirements of Target Audience: This is a non technical security course concerning information security management. It is suitable for executives and managers from a wide range of disciplines, and should be attended by a broad range of IT security professionals. 1. ISO for ISMS establishment, implementation, operation, monitoring, review, maintenance and improvement, and 2. ISO on information security controls. It also provides an insight into the emerging ISO series of standards. Course Duration: 3 days ISO Information Management (ISMS) Implementation Recent high-profile information security breaches and increased awareness of the value of information are highlighting the ever-increasing need for organisations to protect their information assets. An information security management system (ISMS) is a risk management approach to maintaining the confidentiality, integrity and availability of the organisation s information. This course leads participants through a series of exercises following the requirements of ISO 27001:2005 for ISMS implementation. Implementation exercises are supplemented with case studies on risk management techniques using relevant tools and solutions. Target Audience: This is a non-technical IT information security management course suitable for managers from a wide range of disciplines. Pre-requisite: Participants should have a basic knowledge of business information systems and competency productivity tools i.e. word processors, spreadsheets and presentation software. 2. Technical Track This highly specialised track focuses on designing, developing, configuring, implementing, and managing technical security solutions for organisation and constituents. Participants will be able to enhance their knowledge and skills using the current industry practices, and have access to the latest technology, methodologies, and best practices. The courses offered in this track are centred around proactive and reactive solutions required for practitioners to effectively perform their duties in managing and mitigating cyber threats against their organisations security infrastructures and information systems. 2.1 Incident Response Incident response is a structured approach in addressing and managing the aftermath of an incident. The goal is to handle the situation in a way that limits damage and reduces recovery time and costs. If not managed properly, an incident can escalate into an emergency, a crisis, or even a disaster, decreasing the organisations resilience ability Developing and Implementing a Computer Incident Response Team (CIRT) This course will provide participants who have imited knowledge, experience, or background required to formulate the policies, processes, management structure, equipment, and other requirements necessary to respond to network incidents. It provides information on refining the current structure and capabilities for a Computer Incident Response Team (CIRT) or a team with similar capabilities. Target Audience: CIRT Manager, CIRT Analyst, Incident Handler, Analyst

5 2.1.2 Incident Handling and Response The course is designed to provide insight into the work an incident handler may perform. It will provide an overview of the incident handling arena, including CIRT services, intruder threats, and the nature of incident response activities. Participants will: 1. Learn how to gather the information required to handle an incident; 2. Realize the importance of having and following pre-defined CIRT policies and procedures; 3. Understand the technical issues relating to commonly reported attack types; 4. Perform analysis and response tasks for various sample incidents; 5. Apply critical thinking skills in responding to incidents, and 6. Identify potential problems to avoid while taking part in CIRT work. Target Audience: CIRT Manager, Analyst and any technical staff; Incident Responders; and Network Administrators. Those with little or no incident handling experience are encouraged to attend. The course incorporates interactive instructions, practical exercises, and role playing. Participants will have hands-on exercises on sample incidents taken from real life scenarios Advanced Incident Handling and Response This course is designed to further enhance the knowledge and skills of incident handlers and responders involved in solving compromises and breaches by analysing events and formulating effective remedial actions and strategies. Participants will work as a team on several incident scenarios, artefacts and exercises applying industry best practices, effective methodologies and tools. They will be taken through a series of work plans and processes to identify, analyse, and then present the findings and response strategies to interested parties. This course will also include modules on artefact analysis, vulnerability handling and producing security advisories. Target Audience: Incident Managers, Responders and Analyst, Network and System Administrators, Malware Researchers and Investigators. Delivery Mode: Lectures with presentation slides, extensive hands-on group exercises, and case studies Malware Analysis Determining the functionality of malware is critical both during the incident response process and to identify where threats originate from. The course examines malware in both static and runtime environments. It will take into account the viewpoint of an incident responder attempting to determine what malicious activities the malware has conducted in order to mitigate further malicious activity and remove the malware from an infected system. The course will also consider the perspective of a Computer Incident Response Team (CIRT) or security team involved in investigating, analysing and reporting on malware related incidents. Both static and runtime malware analysis techniques and reverse engineering tools such as IDA Pro and Ollydbg will be covered. Target Audience: Incident Responders, Network and System Administrators, CIRT Personnel, Malware Researchers, Malware Investigators, Antivirus Analysts 2.2 Digital Forensics The ability to preserve and to analyse data found on digital storage media, computer systems and networks is essential for understanding and mitigating cyber attack against IT infrastructures. Forensics professional s must be highly competent in collecting, examining, analysing and reporting on digital evidence in order to preserve critical information. They are also required to know the legal aspects associated with forensics investigation particularly for representation in a court of law. The use of real-world scenarios would enable participants not only to learn the required skills, but also gain experience in their practical application Introduction to Digital Forensics Investigating what happened on a computer system after a suspected intrusion is critical to quantifying losses from a security breach. This course will teach network and system administrators on identifying the particular consequences of an intrusion. It helps administrators to identify what data has been compromised by applying host forensics techniques and conducting log analysis. The focus will be on the discovery of data hiding techniques, rootkits, malware functionality and time-based analytics. Analysis of the FAT, NTFS and EXT2 file systems will also be covered. This course serves as a good foundation for further instruction on commercial tools or to use open source forensics tools more effectively. Target Audience: Incident Responders, Network Administrators, System Administrators, and CIRT Personnel.

6 2.2.2 Network Forensics and Investigations Participants will gain real world knowledge and skills to analyse network traffic, improve network security and reliability, and protect networks from malicious and criminal attacks. In addition, they will learn the techniques to identify suspicious traffic patterns, a breached host, and signs of Bots running in a network, as well as the techniques to deal with and manage compromised machines. Target Audience: IT Practitioner, Forensic Analyst, Incident Handlers, Network Administrators, Law Enforcement Officers and Support Staff. Delivery Mode: Instructor-led, group-paced, classroom-delivery learning model Audit This is a comprehensive course designed to equip security practitioners with the technical knowledge and skills to investigate and better understand their IT environment including computers, applications, network systems, and services. This course covers topics such as technical concepts, data analysis on devices, file systems, operating systems, common threats, security best practices and the tools used to identify, analyse and mitigate cyber threats faced by users, devices and organisations. Target Audience: Network and System Administrators, CIRT Analyst, Cybercrime and Forensic Investigators. Delivery Mode: Lectures with presentation slides, case studies and extensive hands-on exercises Mac and Mobile Forensics The course emphasises solid forensic practices in mobile phone investigation as well as reporting. Stepping through the logical and physical acquisition of memory with such a variety of devices is challenging to say the least. The class addresses the strengths and weaknesses for many of the mobile forensic tools being utilised in the field. The Mac forensics training aims to form a well-rounded investigator by introducing Mac forensics into a Windows-based forensics world. The programme focuses on topics such as the HFS+ file system, Mac specific data files, tracking user activity, system configuration, analysis and correlation of Mac logs, Mac applications, and Mac exclusive technologies. Target Audience: Experienced Digital Forensics Analysts, Media Exploitation Analysts, Incident Response Team Members, Information Practitioners, technical team members, and those with national responsibilities in cybersecurity issues. Delivery Mode: Lectures with presentation slides, case studies and group exercises and hands-on forensic analysis Cloud Forensics This course provides a clear statement of the knowledge and skills required by a professional dealing with cloud forensics. The objectives of this course are: 1. To enhance knowledge and skills required by a professional dealing with cloud forensics, 2. To share with participants risk assessment and mitigation strategies for cloud adoption to be reflected adequately in cloud services contracts 3. Consideration of various legal implications of cloud investigations, and 4. Demonstrate technical competence in handling investigative cases in cloud computing environments. Target Audience: CEO, CIO, CISO, policy makers, security architects, ethical hackers, forensic practitioners, law enforcement, legal professionals and advisors, researchers and academics. Delivery Mode: Lectures with presentation slides and extensive hands-on exercises.

7 2.3. Network Network courses are designed to equip IT professionals and practitioners with the knowledge and skills required for implementing, designing, configuring, maintaining and reviewing a secure network system to prevent and manage network vulnerabilities. Participants will learn the skills needed to identify and to analyse common internal and external security threats against a network so proactive security and audit strategies can be implemented to protect the organisation's information assets and systems from weaknesses. These weaknesses are often exploited by remote users using publicly and commercially available software tools and through manual techniques. Web-based applications need to be audited to ensure that vulnerabilities are discovered, where risks mitigated promptly and effectively. Policies, processes, management structures, equipment, and other requirements are also necessary to respond to any unforeseen network incidents Securing Networks In today's network dependent business environment, organisations link their systems enterprise wide and virtual private networks, as well as connect remote users. In this course, participants learn to analyse risks to networks and steps needed to select and deploy appropriate countermeasures to reduce the exposure to these threats. Target Audience: Network Administrators, Network Support, System Support, Incident Handlers, Network Managers, IT Support. Course Duration: 3 days Vulnerability Analysis / Penetration Testing Breach of network security is a growing problem faced by many organisations worldwide and it is becoming complex as intruders resort to highly advanced methods to gain access. This course exposes participants to network vulnerabilities, the methods used by intruders to gain access into a network system and tools used to ward off such attacks. The course revolves around a series of hands-on exercises based on techniques for penetrating into a network and defending against attacks. It focuses on attack techniques, exploit techniques, vulnerability assessment and penetrating testing techniques. Participants will gain skills to perform penetration testing and countermeasures for the organisations. Target Audience: Incident Responders, Network and System Administrators, CIRT/CSIRT Personnel, IT/ Auditors Delivery Mode: Lectures with presentation slides, case studies and extensive hands-on exercises. Pre-requisite: Basic knowledge and skills in network architectures and operating systems NetFlow Analysis This course focuses on network analysis and hunting of malicious activity from a security operations centre s perspective. It provides an understanding of NetFlow data format, common netflow collection, analysis, and visualization tools. It would cover NetFlow strengths, operational limitations of NetFlow, strategic sensor placement, NetFlow tools, visualization of network data, analytic trade craft for network situational awareness, and networking hunting scenarios. Target Audience: Incident Responders, Network and System Administrators, CIRT/CSIRT Personnel, IT/ Auditors, Network Administrator, System Administrators. Course Duration: 3 days Delivery Mode: Lectures with presentation slides, case studies, and extensive hands-on exercises.

8 2.4 Application Business applications and processes increasingly moving towards the web services and adopting the software-as-a-service (SaaS) model, many organisations today are exposing data and critical business services to untested or insecure web-based applications. These applications with inadequate or non-existent security offer opportunity for malicious hackers to access your critical database containing customer information, credit card data, proprietary data or classified information. Participants will gain skills on how to assess applications from a hacker s perspective, understand application security vulnerabilities, and learn how to mitigate these security holes so they are never exploited by a hacker Web Application Understanding web application attack vectors is critical for web application developers responsible for maintaining and securing a web-based system. Web application vulnerabilities have been the cause of computer security breaches for organisations. Businesses and customer-related information are the target of web application attacks. This course covers common methods for attacking web applications, such as SQL Injection, Cross-Site Scripting, command injection, data leakage attacks, session hijacking and PHP/Javascript/ASP vulnerabilities. Basic vulnerability discovery in web applications will also be covered, as well as secure coding techniques and the OWASP. Target Audience: Web Application Developers, Penetration Testers, Web Application Testers. Pre-requisite: Some understanding of programming is required, preferably PHP, Javascript, or ASP Law Enforcement Cyber criminals today are targeting organisations with the intent of stealing confidential and financial information to commit crime. Using the internet platform, this criminal activity is highly possible due to unsecured application, systems, and networks. When these cyber criminal falls in the hand of law enforcement, the officer must be well versed in conducting investigation, analysis and reporting using relevant tools and techniques to assist and bring in the culprits to justice Cyber crime investigation for Law Enforcement This network investigations course is tailored specifically to the needs of law enforcement officers who are investigating cyber crimes. The course will begin by reviewing the common types of cyber crimes, how criminal activities are conducted on the Internet, the tools and motivations driving the Internet as a medium for criminal activity. It investigates how Internet crime is commited using tools such as Botnets, DDoS attacks, illicit file hosting, underground economy marketplaces, spam, phishing, extortion, and more. The course demonstrates common hacking activities through web application exploits, remote operating system, application exploits, social engineering and web drive-by attacks. The objective of the course is to give law enforcement officers a full set of tools and knowledge for conducting effective network investigations. Target Audience: Law Enforcement Officers and support staff.

9 Scholarship As a global, non-profit organisation, ITU-IMPACT has received generous donations from leading information security training providers. These organisations are widely acknowledged as the top information security certification bodies in the world and are renowned for providing exceptional high quality courses and certifications recognised throughout the information security community. These funds enable ITU-IMPACT to offer highly sought-after training courses to qualified security professionals from any one of our partner countries. EC-Council Information Training Sponsorship Programme (ISTP) ISTP is co-sponsored by EC-Council and is part of ITU-IMPACT s global agenda to combat cyber threats. The courses are awarded to selected recipients from ITU-IMPACT partner countries. ITU-IMPACT is seeking suitable candidates with technical background in cybersecurity, good communication and presentation skills, and have keen interest in becoming a cybersecurity trainer in support of the scholarship programme. The EC-Council programmes identified under the ISTSP are Network Administrator (E NSA), Certified Ethical Hacker (C EH), Computer Hacking Forensics Investigators (C HFI), Certified Analyst (E CSA), Licensed Penetration Tester (L PT) and Certified Disaster Recovery Professional (E DRP). About ITU-IMPACT Centre for Training and Skills Development The centre provides world-class training in cybersecurity. All training courses, specialised seminars and workshops are conducted in collaboration with the leading ICT companies and institutions that include ITU, EC-Council, (ISC) 2 and Honeynet Project. Our specialised courses bring together global expertise in a broad range of specialisations, allowing ITU-IMPACT to work with governments and individual organisations to build internal capabilities in order to secure vital infrastructure, mitigate threats and respond to unauthorised or unlawful activities. We carefully examine the needs and desires of our partner countries with an eye toward continual improvement and development. As future requirements are identified, ITU-IMPACT will strive to develop and deploy effective training courses to meet specific needs of information security practitioners and professionals. For more information or enquiries, please contact: International Multilateral Partnership Against Cyber Threats (IMPACT) Jalan IMPACT Cyberjaya Malaysia T: +60 (3) F: +60 (3) E: training@impact-alliance.org W: