CSIS Academy Be Better

Transcription

1 CSIS Academy Be Better CSIS Security Officer March 2014 Copyright CSIS Security Group A/S. All rights reserved

2 Page 2 / 7 Content 1 About CSIS The Course: CSIS Security Officer Course skills Agenda and focus areas Day 1: Infrastructure security Day 2: Client security Instructors Participant prerequisites Registration... 7

3 Page 3 / 7 1 About CSIS In 2003, CSIS Security Group was founded with a mission to meet the growing threat of IT criminals. Today, CSIS has become the leading Nordic supplier of anti-ecrime services, and cooperates with all the Danish banks, and a series of major European financial institutions. The experts of CSIS are among the best in the world, which is proven by them winning the DefCon 2011, the world s unofficial hacker championship. Thus, CSIS is the preferred IT security adviser by many companies, organizations, and the media in Scandinavia and Northern Europe. The knowledge gained by continually following the IT criminals' whereabouts is redeployed in the development of solutions that provide optimum protection to organizations as well as private individuals. 2 The Course: CSIS Security Officer This course focuses on your security and infrastructure by introducing you to the most vital hacking techniques and how to protect yourself and the organization against them. We see plenty of data breaches out there, but the year 2013 broke all records with an estimated 1 billion records stolen was also the year where the two largest ever data leaks happened; Adobe lost 153 mio. records and Experian reportedly lost 200 mio. records. Together they account for 1/3 of all records lost in Target lost 40 mio. credit cards from Point of Sale systems and it resulted in an estimated cost of $400 million; one of the most expensive data losses ever. Become acquainted with the latest and greatest in proactive defense, that will not only protect your network, but also your data against any future attacks. After the course is an exam. In case the participant passes this, he/she gets the title of CSIS Security Officer. This course is carefully developed and executed with the current threat picture in mind, and with the basis of CSIS 10 years of malware expertise. Thus, the content is adapted to the threats faced by most companies.

4 Page 4 / 7 CSIS has emphasized the following characteristics in the educational programs: Theory is fine, but practice is better Our instructors have a minimum of five years hands-on experience Course material includes completely up-to-date information Course skills The participant will achieve the following skills: - Be able to sanitize the massive amount of IT security information relevant to his/her company - Be able to understand and choose between different security measures and systems - Understand the current threat landscape and the development of it - Be able to identify and mitigate IT security threats - Understand the most common security issues and exposures within a company - Learn how to detect and react when an incident happens - Learn how to analyze different types of security incidents

5 Page 5 / 7 3 Agenda and focus areas Day 1: Infrastructure security - Anti-spoofing Technology o DKIM o SPF o Sender ID o DMARC - Security Hardening o Password Policy o Session Policy o EMET - Network Segmentation o VLAN o Firewall o VPN - Intrusion Detection System o Forefront TMG, Snort, Bro - Transport Layer Security Hardening - Network Equipment Hardening o DHCP Snooping, STP BPDU Guard - Wireless Security o WPS, WEP, WPA Day 2: Client security - Strong Password Storage o Password Managers o Two-factor Authentication o Leak Notification - Online Services Security o Facebook, Twitter, PayPal - Cloud Data Encryption o Dropbox, Google Drive, OneDrive - Local Data Encryption o GPG o Truecrypt - Browser Hardening o Chrome, Firefox, Internet Explorer - Sandboxing and Virtualization - Secure Communication o Encrypted Mail o Encrypted Instant Messaging o Encrypted SMS/Calls - Incident Response

6 Page 6 / 7 o o Defining an Incident Response Procedure How to investigate a possible infected PC 4 Instructors The same consultants who carry out tasks for large Danish and foreign organizations share their knowledge with you in an open environment. The consultants are working on a daily basis with everything from investigation of computer crimes to security audits and malware analysis. Due to their background and experience, the instructors make the course programs interesting, challenging and inspiring. A selection of the instructors certifications: GIAC Reverse Engineering Malware (GREM) Certified Expert Penetration Tester (CEPT) Certified Penetration Tester (CPT) EC-Council Certified Security Analyst (ECSAv4) Certified Ethical Hacker (CEHv6) Certified Information Systems Auditor (CISA) GIAC Certified Firewall Analyst (GCFW) GIAC Certified Forensics Analyst (GCFA) GIAC Information Security Professional (GISP) Certified Information Systems Security Professional (CISSP) In addition, some of CSIS' instructors were on the winning team, European Nopsled Team, in the Defcon Competition 2011: Capture The Flag; 5 Participant prerequisites There are no prerequisites for this course, but it is advised to have some basic knowledge of the different security measures and systems on the market.

7 Page 7 / 7 6 Registration Registrate online via or give us a call: The course location is at the PwC premises, Strandvejen 44, 2900 Hellerup, during the 10. and 11. of June Please don t hesitate calling us if you have questions. We hope to see you soon! Regards, CSIS Academy Team