ITU-IMPACT Training and Skills Development Course Catalogue
|
|
- Andra Ferguson
- 8 years ago
- Views:
Transcription
1 ITU-IMPACT Training and Skills Development Course Catalogue Management Track Technical Track Course Area Management Incident Response Digital Forensics Network Application Law Enforcement Foundation Management Essentials Intermediate Developing Policies and Procedures ISO Information Management System (ISMS) Concepts and Awareness ISO Information Management System (ISMS) Implementation Developing and Implementing Computer Incident Response Team (CIRT) Incident Handling and Response Advanced Incident Handling and Response Malware Analysis Introduction to Digital Forensics Network Forensics and Investigations Audit Mac and Mobile Forensics Cloud Forensics Securing Networks Vulnerability Assessment / Penetration Testing NetFlow Analysis Web Application Cybercrime Inves igation for Law Enforcement Advanced (ISC) 2 CISSP CBK Review Seminar Target Audience CIO, CISO, IT Managers, Incident Managers, Responders and Forensics Analysts, Forensics Investigators, Network Administrator, Network Support, Web Application Law Enforcement Developers, Officers, IT Executives, Analysts, Incident Handlers, Incident Handlers, Webmasters, Legal Officers, Compliance Managers, Network and System and Malware Analysts. Network Managers, and Application and Lawyers. Dept. Heads, Managers and Administrators, and IT Support, Support Executives. Executives. Malware Researchers IT Administrators, and Investigators. and CIRT Analysts.
2 ITU-IMPACT Management and Specialised Tracks - The Roadmap TECHNICAL TRACK Incident Response Developing and Implementing Computer Incident Response Team (CIRT) Incident Handling and Response Advanced Incident Handling and Response Malware Analysis Introduction to Digital Forensics Advanced Network Forensics Digital Forensics Audit Mac and Mobile Forensics Cloud Forensics Securing Networks Network Vulnerability Assessment / Penetration Testing NetFlow Analysis MANAGEMENT TRACK Application Web Application Management Essentials Developing Policies and Procedures ISO Information Management System (ISMS) Concepts and Awareness Management Law Enforcement Cybercrime Investigations for Law Enforcement ISO Information Management System (ISMS) and Implementation
3 1. Management Track This track addresses management s concerns on the overall information security management for businesses and organisations which has evolved from a technical perspective to business. Key success factors are areas such as security or corporate governance taking into account the adoption of security frameworks, information security standards, security policies, best practices, guidelines, and risk management. 1.1 Management Organisations today are exposed to more complexities and uncertainties with the increasing use of technology and the pace at which the risk environment is changing. As every business assets and processes are exposed to both internal and external threats, organisations must implement internationally accepted information security standards, best practices and controls to identify, manage and mitigate these threats. Organisation-centric approaches to security management taking into consideration the impact of risks on the organisation determines the best security activities and practices most suitable for the organisations cybersecurity resilience Management Essentials Management is a comprehensive course which provides IT professionals and practitioners with the most up-to-date developments in cybersecurity. This course covers the key concepts, definitions, principles and goals of information security taking into consideration both management and technological aspects. Key topics include firewalls, intrusion detection and prevention systems, risk management models including ISO 27001, standards, security policies, tools and techniques used in cyber threats, security risks to networks, defending against attacks through the implementation of proper security mechanisms, encryption, authentication and authorisation technologies. Participants will also see live demonstrations of the tools and techniques used by malicious individuals to attack vulnerable applications and systems. Awareness is included as part of the course targeting all audiences specifically managers and IT Administrators. This is a value added offering to ensure participants are well informed of most current security threats and issues related to their roles and respons bilities. Awareness for Managers is targeted at those with responsibility for staff and protection of assets, while Awareness for IT Administrators is targeted at those with IT and Network Systems administration, developmental, and supporting responsibilities. This course sets the core foundation of IT security knowledge. It is suitable for any member of the IT community from the newest of the team to the most experienced professional. It descr bes the core fundamentals of information security in an interesting and relevant manner, covers the close alignment of information security with the changing business requirements, enabling participants to effectively understand information security concepts in business processes and designs. Target Audience IT Managers/Executives, IT Systems Administrators, Administrators, Database Administrators, Access Control Administrators, Systems Analysts and Designers, Application Developers, Business Analysts, and user representatives. Course Duration This course can be customised according to participant s requirement. Delivery Mode Lecture with presentation slides, course materials, learning activities, case studies, and review questions Developing Policies and Procedures As business needs as well as the environment change, new risks are always on the horizon and critical systems are continually exposed to new vulnerabilities. Policy development and assessment are a continual process. This is a hands-on intensive course on writing, implementing and assessing security policies. This intensive course is suitable for IT and non-it professionals carrying out cybersecurity duties including creating and maintaining of policy and procedures. It provides hands on training on writting, implementing and assessing security policies. Participants will be assigned to write policy template. Target Audience: Managers, CISOs, CSOs and anyone responsible for developing security policies. Course Duration: 3 days
4 1.1.3 ISO Information Management System (ISMS) Concepts and Awareness ISMS is a risk management approach to maintaining the confidentiality, integrity and availability of the organisation s information. This course is designed to promote awareness of the objectives and benefits of information security, as well as the requirements of Target Audience: This is a non technical security course concerning information security management. It is suitable for executives and managers from a wide range of disciplines, and should be attended by a broad range of IT security professionals. 1. ISO for ISMS establishment, implementation, operation, monitoring, review, maintenance and improvement, and 2. ISO on information security controls. It also provides an insight into the emerging ISO series of standards. Course Duration: 3 days ISO Information Management (ISMS) Implementation Recent high-profile information security breaches and increased awareness of the value of information are highlighting the ever-increasing need for organisations to protect their information assets. An information security management system (ISMS) is a risk management approach to maintaining the confidentiality, integrity and availability of the organisation s information. This course leads participants through a series of exercises following the requirements of ISO 27001:2005 for ISMS implementation. Implementation exercises are supplemented with case studies on risk management techniques using relevant tools and solutions. Target Audience: This is a non-technical IT information security management course suitable for managers from a wide range of disciplines. Pre-requisite: Participants should have a basic knowledge of business information systems and competency productivity tools i.e. word processors, spreadsheets and presentation software. 2. Technical Track This highly specialised track focuses on designing, developing, configuring, implementing, and managing technical security solutions for organisation and constituents. Participants will be able to enhance their knowledge and skills using the current industry practices, and have access to the latest technology, methodologies, and best practices. The courses offered in this track are centred around proactive and reactive solutions required for practitioners to effectively perform their duties in managing and mitigating cyber threats against their organisations security infrastructures and information systems. 2.1 Incident Response Incident response is a structured approach in addressing and managing the aftermath of an incident. The goal is to handle the situation in a way that limits damage and reduces recovery time and costs. If not managed properly, an incident can escalate into an emergency, a crisis, or even a disaster, decreasing the organisations resilience ability Developing and Implementing a Computer Incident Response Team (CIRT) This course will provide participants who have imited knowledge, experience, or background required to formulate the policies, processes, management structure, equipment, and other requirements necessary to respond to network incidents. It provides information on refining the current structure and capabilities for a Computer Incident Response Team (CIRT) or a team with similar capabilities. Target Audience: CIRT Manager, CIRT Analyst, Incident Handler, Analyst
5 2.1.2 Incident Handling and Response The course is designed to provide insight into the work an incident handler may perform. It will provide an overview of the incident handling arena, including CIRT services, intruder threats, and the nature of incident response activities. Participants will: 1. Learn how to gather the information required to handle an incident; 2. Realize the importance of having and following pre-defined CIRT policies and procedures; 3. Understand the technical issues relating to commonly reported attack types; 4. Perform analysis and response tasks for various sample incidents; 5. Apply critical thinking skills in responding to incidents, and 6. Identify potential problems to avoid while taking part in CIRT work. Target Audience: CIRT Manager, Analyst and any technical staff; Incident Responders; and Network Administrators. Those with little or no incident handling experience are encouraged to attend. The course incorporates interactive instructions, practical exercises, and role playing. Participants will have hands-on exercises on sample incidents taken from real life scenarios Advanced Incident Handling and Response This course is designed to further enhance the knowledge and skills of incident handlers and responders involved in solving compromises and breaches by analysing events and formulating effective remedial actions and strategies. Participants will work as a team on several incident scenarios, artefacts and exercises applying industry best practices, effective methodologies and tools. They will be taken through a series of work plans and processes to identify, analyse, and then present the findings and response strategies to interested parties. This course will also include modules on artefact analysis, vulnerability handling and producing security advisories. Target Audience: Incident Managers, Responders and Analyst, Network and System Administrators, Malware Researchers and Investigators. Delivery Mode: Lectures with presentation slides, extensive hands-on group exercises, and case studies Malware Analysis Determining the functionality of malware is critical both during the incident response process and to identify where threats originate from. The course examines malware in both static and runtime environments. It will take into account the viewpoint of an incident responder attempting to determine what malicious activities the malware has conducted in order to mitigate further malicious activity and remove the malware from an infected system. The course will also consider the perspective of a Computer Incident Response Team (CIRT) or security team involved in investigating, analysing and reporting on malware related incidents. Both static and runtime malware analysis techniques and reverse engineering tools such as IDA Pro and Ollydbg will be covered. Target Audience: Incident Responders, Network and System Administrators, CIRT Personnel, Malware Researchers, Malware Investigators, Antivirus Analysts 2.2 Digital Forensics The ability to preserve and to analyse data found on digital storage media, computer systems and networks is essential for understanding and mitigating cyber attack against IT infrastructures. Forensics professional s must be highly competent in collecting, examining, analysing and reporting on digital evidence in order to preserve critical information. They are also required to know the legal aspects associated with forensics investigation particularly for representation in a court of law. The use of real-world scenarios would enable participants not only to learn the required skills, but also gain experience in their practical application Introduction to Digital Forensics Investigating what happened on a computer system after a suspected intrusion is critical to quantifying losses from a security breach. This course will teach network and system administrators on identifying the particular consequences of an intrusion. It helps administrators to identify what data has been compromised by applying host forensics techniques and conducting log analysis. The focus will be on the discovery of data hiding techniques, rootkits, malware functionality and time-based analytics. Analysis of the FAT, NTFS and EXT2 file systems will also be covered. This course serves as a good foundation for further instruction on commercial tools or to use open source forensics tools more effectively. Target Audience: Incident Responders, Network Administrators, System Administrators, and CIRT Personnel.
6 2.2.2 Network Forensics and Investigations Participants will gain real world knowledge and skills to analyse network traffic, improve network security and reliability, and protect networks from malicious and criminal attacks. In addition, they will learn the techniques to identify suspicious traffic patterns, a breached host, and signs of Bots running in a network, as well as the techniques to deal with and manage compromised machines. Target Audience: IT Practitioner, Forensic Analyst, Incident Handlers, Network Administrators, Law Enforcement Officers and Support Staff. Delivery Mode: Instructor-led, group-paced, classroom-delivery learning model Audit This is a comprehensive course designed to equip security practitioners with the technical knowledge and skills to investigate and better understand their IT environment including computers, applications, network systems, and services. This course covers topics such as technical concepts, data analysis on devices, file systems, operating systems, common threats, security best practices and the tools used to identify, analyse and mitigate cyber threats faced by users, devices and organisations. Target Audience: Network and System Administrators, CIRT Analyst, Cybercrime and Forensic Investigators. Delivery Mode: Lectures with presentation slides, case studies and extensive hands-on exercises Mac and Mobile Forensics The course emphasises solid forensic practices in mobile phone investigation as well as reporting. Stepping through the logical and physical acquisition of memory with such a variety of devices is challenging to say the least. The class addresses the strengths and weaknesses for many of the mobile forensic tools being utilised in the field. The Mac forensics training aims to form a well-rounded investigator by introducing Mac forensics into a Windows-based forensics world. The programme focuses on topics such as the HFS+ file system, Mac specific data files, tracking user activity, system configuration, analysis and correlation of Mac logs, Mac applications, and Mac exclusive technologies. Target Audience: Experienced Digital Forensics Analysts, Media Exploitation Analysts, Incident Response Team Members, Information Practitioners, technical team members, and those with national responsibilities in cybersecurity issues. Delivery Mode: Lectures with presentation slides, case studies and group exercises and hands-on forensic analysis Cloud Forensics This course provides a clear statement of the knowledge and skills required by a professional dealing with cloud forensics. The objectives of this course are: 1. To enhance knowledge and skills required by a professional dealing with cloud forensics, 2. To share with participants risk assessment and mitigation strategies for cloud adoption to be reflected adequately in cloud services contracts 3. Consideration of various legal implications of cloud investigations, and 4. Demonstrate technical competence in handling investigative cases in cloud computing environments. Target Audience: CEO, CIO, CISO, policy makers, security architects, ethical hackers, forensic practitioners, law enforcement, legal professionals and advisors, researchers and academics. Delivery Mode: Lectures with presentation slides and extensive hands-on exercises.
7 2.3. Network Network courses are designed to equip IT professionals and practitioners with the knowledge and skills required for implementing, designing, configuring, maintaining and reviewing a secure network system to prevent and manage network vulnerabilities. Participants will learn the skills needed to identify and to analyse common internal and external security threats against a network so proactive security and audit strategies can be implemented to protect the organisation's information assets and systems from weaknesses. These weaknesses are often exploited by remote users using publicly and commercially available software tools and through manual techniques. Web-based applications need to be audited to ensure that vulnerabilities are discovered, where risks mitigated promptly and effectively. Policies, processes, management structures, equipment, and other requirements are also necessary to respond to any unforeseen network incidents Securing Networks In today's network dependent business environment, organisations link their systems enterprise wide and virtual private networks, as well as connect remote users. In this course, participants learn to analyse risks to networks and steps needed to select and deploy appropriate countermeasures to reduce the exposure to these threats. Target Audience: Network Administrators, Network Support, System Support, Incident Handlers, Network Managers, IT Support. Course Duration: 3 days Vulnerability Analysis / Penetration Testing Breach of network security is a growing problem faced by many organisations worldwide and it is becoming complex as intruders resort to highly advanced methods to gain access. This course exposes participants to network vulnerabilities, the methods used by intruders to gain access into a network system and tools used to ward off such attacks. The course revolves around a series of hands-on exercises based on techniques for penetrating into a network and defending against attacks. It focuses on attack techniques, exploit techniques, vulnerability assessment and penetrating testing techniques. Participants will gain skills to perform penetration testing and countermeasures for the organisations. Target Audience: Incident Responders, Network and System Administrators, CIRT/CSIRT Personnel, IT/ Auditors Delivery Mode: Lectures with presentation slides, case studies and extensive hands-on exercises. Pre-requisite: Basic knowledge and skills in network architectures and operating systems NetFlow Analysis This course focuses on network analysis and hunting of malicious activity from a security operations centre s perspective. It provides an understanding of NetFlow data format, common netflow collection, analysis, and visualization tools. It would cover NetFlow strengths, operational limitations of NetFlow, strategic sensor placement, NetFlow tools, visualization of network data, analytic trade craft for network situational awareness, and networking hunting scenarios. Target Audience: Incident Responders, Network and System Administrators, CIRT/CSIRT Personnel, IT/ Auditors, Network Administrator, System Administrators. Course Duration: 3 days Delivery Mode: Lectures with presentation slides, case studies, and extensive hands-on exercises.
8 2.4 Application Business applications and processes increasingly moving towards the web services and adopting the software-as-a-service (SaaS) model, many organisations today are exposing data and critical business services to untested or insecure web-based applications. These applications with inadequate or non-existent security offer opportunity for malicious hackers to access your critical database containing customer information, credit card data, proprietary data or classified information. Participants will gain skills on how to assess applications from a hacker s perspective, understand application security vulnerabilities, and learn how to mitigate these security holes so they are never exploited by a hacker Web Application Understanding web application attack vectors is critical for web application developers responsible for maintaining and securing a web-based system. Web application vulnerabilities have been the cause of computer security breaches for organisations. Businesses and customer-related information are the target of web application attacks. This course covers common methods for attacking web applications, such as SQL Injection, Cross-Site Scripting, command injection, data leakage attacks, session hijacking and PHP/Javascript/ASP vulnerabilities. Basic vulnerability discovery in web applications will also be covered, as well as secure coding techniques and the OWASP. Target Audience: Web Application Developers, Penetration Testers, Web Application Testers. Pre-requisite: Some understanding of programming is required, preferably PHP, Javascript, or ASP Law Enforcement Cyber criminals today are targeting organisations with the intent of stealing confidential and financial information to commit crime. Using the internet platform, this criminal activity is highly possible due to unsecured application, systems, and networks. When these cyber criminal falls in the hand of law enforcement, the officer must be well versed in conducting investigation, analysis and reporting using relevant tools and techniques to assist and bring in the culprits to justice Cyber crime investigation for Law Enforcement This network investigations course is tailored specifically to the needs of law enforcement officers who are investigating cyber crimes. The course will begin by reviewing the common types of cyber crimes, how criminal activities are conducted on the Internet, the tools and motivations driving the Internet as a medium for criminal activity. It investigates how Internet crime is commited using tools such as Botnets, DDoS attacks, illicit file hosting, underground economy marketplaces, spam, phishing, extortion, and more. The course demonstrates common hacking activities through web application exploits, remote operating system, application exploits, social engineering and web drive-by attacks. The objective of the course is to give law enforcement officers a full set of tools and knowledge for conducting effective network investigations. Target Audience: Law Enforcement Officers and support staff.
9 Scholarship As a global, non-profit organisation, ITU-IMPACT has received generous donations from leading information security training providers. These organisations are widely acknowledged as the top information security certification bodies in the world and are renowned for providing exceptional high quality courses and certifications recognised throughout the information security community. These funds enable ITU-IMPACT to offer highly sought-after training courses to qualified security professionals from any one of our partner countries. EC-Council Information Training Sponsorship Programme (ISTP) ISTP is co-sponsored by EC-Council and is part of ITU-IMPACT s global agenda to combat cyber threats. The courses are awarded to selected recipients from ITU-IMPACT partner countries. ITU-IMPACT is seeking suitable candidates with technical background in cybersecurity, good communication and presentation skills, and have keen interest in becoming a cybersecurity trainer in support of the scholarship programme. The EC-Council programmes identified under the ISTSP are Network Administrator (E NSA), Certified Ethical Hacker (C EH), Computer Hacking Forensics Investigators (C HFI), Certified Analyst (E CSA), Licensed Penetration Tester (L PT) and Certified Disaster Recovery Professional (E DRP). About ITU-IMPACT Centre for Training and Skills Development The centre provides world-class training in cybersecurity. All training courses, specialised seminars and workshops are conducted in collaboration with the leading ICT companies and institutions that include ITU, EC-Council, (ISC) 2 and Honeynet Project. Our specialised courses bring together global expertise in a broad range of specialisations, allowing ITU-IMPACT to work with governments and individual organisations to build internal capabilities in order to secure vital infrastructure, mitigate threats and respond to unauthorised or unlawful activities. We carefully examine the needs and desires of our partner countries with an eye toward continual improvement and development. As future requirements are identified, ITU-IMPACT will strive to develop and deploy effective training courses to meet specific needs of information security practitioners and professionals. For more information or enquiries, please contact: International Multilateral Partnership Against Cyber Threats (IMPACT) Jalan IMPACT Cyberjaya Malaysia T: +60 (3) F: +60 (3) E: training@impact-alliance.org W:
(BDT) BDT/POL/CYB/Circular-002. +41 22 730 6057 +41 22 730 5484 cybersecurity@itu.int
2011 15 (BDT) BDT/POL/CYB/Circular-002 +41 22 730 6057 +41 22 730 5484 cybersecurity@itu.int 2008 2010 2010 International Telecommunication Union Place des Nations CH-1211 Geneva 20 Switzerland Tel: +41
More informationExternal Supplier Control Requirements
External Supplier Control s Cyber Security For Suppliers Categorised as Low Cyber Risk 1. Asset Protection and System Configuration Barclays Data and the assets or systems storing or processing it must
More informationInfoSec Academy Application & Secure Code Track
Fundamental Courses Foundational Courses InfoSec Academy Specialized Courses Advanced Courses Certification Preparation Courses Certified Information Systems Security Professional (CISSP) Texas Security
More informationCYBER SECURITY TRAINING SAFE AND SECURE
CYBER SECURITY TRAINING KEEPING YOU SAFE AND SECURE Experts in Cyber Security training. Hardly a day goes by without a cyber attack being reported. With this ever-increasing threat there is a growing need
More informationKASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES. www.kaspersky.com
KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES www.kaspersky.com EXPERT SERVICES Expert Services from Kaspersky Lab are exactly that the services of our in-house experts, many of them global
More informationCourse Descriptions November 2014
Master of Science In Information Security Management Course Descriptions November 2014 Master of Science in Information Security Management The Master of Science in Information Security Management (MSISM)
More informationThe Cyber Threat Profiler
Whitepaper The Cyber Threat Profiler Good Intelligence is essential to efficient system protection INTRODUCTION As the world becomes more dependent on cyber connectivity, the volume of cyber attacks are
More informationCybersecurity and internal audit. August 15, 2014
Cybersecurity and internal audit August 15, 2014 arket insights: what we are seeing so far? 60% of organizations see increased risk from using social networking, cloud computing and personal mobile devices
More informationWHAT ARE THE BENEFITS OF OUTSOURCING NETWORK SECURITY?
WHAT ARE THE BENEFITS OF OUTSOURCING NETWORK SECURITY? Contents Introduction.... 3 What Types of Network Security Services are Available?... 4 Penetration Testing and Vulnerability Assessment... 4 Cyber
More informationCyber Security. A professional qualification awarded in association with University of Manchester Business School
ICA Advanced Certificate in Cyber Security A professional qualification awarded in association with University of Manchester Business School An Introduction to the ICA Advanced Certificate In Cyber Security
More informationAuditing After a Cyber Attack JAX IIA Chapter Meeting Cybersecurity and Law Enforcement
Auditing After a Cyber Attack JAX IIA Chapter Meeting Cybersecurity and Law Enforcement Copyright Elevate Consult LLC. All Rights Reserved 1 Presenter Ray Guzman MBA, CISSP, CGEIT, CRISC, CISA Over 25
More informationInformation Systems Security Certificate Program
Information Technologies Programs Information Systems Security Certificate Program Accelerate Your Career extension.uci.edu/infosec University of California, Irvine Extension s professional certificate
More informationProtecting against cyber threats and security breaches
Protecting against cyber threats and security breaches IBM APT Survival Kit Alberto Benavente Martínez abenaventem@es.ibm.com IBM Security Services Jun 11, 2015 (Madrid, Spain) 12015 IBM Corporation So
More informationInformation Security Services
Information Security Services Information Security In 2013, Symantec reported a 62% increase in data breaches over 2012. These data breaches had tremendous impacts on many companies, resulting in intellectual
More informationWho Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence. AIBA Quarterly Meeting September 10, 2015
Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence AIBA Quarterly Meeting September 10, 2015 The Answer 2 Everyone The relationship between the board, C-suite, IT, and compliance leaders
More informationEC-Council. Certified Ethical Hacker. Program Brochure
EC-Council C Certified E Ethical Hacker Program Brochure Course Description The (CEH) program is the core of the most desired information security training system any information security professional
More informatione-discovery Forensics Incident Response
e-discovery Forensics Incident Response NetSecurity Corporation 21351 Gentry Drive Suite 230 Dulles, VA 20166 VA DCJS # 11-5605 Phone: 703.444.9009 Toll Free: 1.866.664.6986 Web: www.netsecurity.com Email:
More informationSecurity Intelligence Services. Cybersecurity training. www.kaspersky.com
Kaspersky Security Intelligence Services. Cybersecurity training www.kaspersky.com CYBERSECURITY TRAINING Leverage Kaspersky Lab s cybersecurity knowledge, experience and intelligence through these innovative
More informationETHICAL HACKING 010101010101APPLICATIO 00100101010WIRELESS110 00NETWORK1100011000 101001010101011APPLICATION0 1100011010MOBILE0001010 10101MOBILE0001
001011 1100010110 0010110001 010110001 0110001011000 011000101100 010101010101APPLICATIO 0 010WIRELESS110001 10100MOBILE00010100111010 0010NETW110001100001 10101APPLICATION00010 00100101010WIRELESS110
More informationSecurity-as-a-Service (Sec-aaS) Framework. Service Introduction
Security-as-a-Service (Sec-aaS) Framework Service Introduction Need of Information Security Program In current high-tech environment, we are getting more dependent on information systems. This dependency
More informationThreat Intelligence Pty Ltd info@threatintelligence.com 1300 809 437. Specialist Security Training Catalogue
Threat Intelligence Pty Ltd info@threatintelligence.com 1300 809 437 Specialist Security Training Catalogue Did you know that the faster you detect a security breach, the lesser the impact to the organisation?
More informationContinuous Network Monitoring
Continuous Network Monitoring Eliminate periodic assessment processes that expose security and compliance programs to failure Continuous Network Monitoring Continuous network monitoring and assessment
More informationInto the cybersecurity breach
Into the cybersecurity breach Tim Sanouvong State Sector Cyber Risk Services Deloitte & Touche LLP April 3, 2015 Agenda Setting the stage Cyber risks in state governments Cyber attack vectors Preparing
More informationLogical Operations CyberSec First Responder: Threat Detection and Response (CFR) Exam CFR-110
Logical Operations CyberSec First Responder: Threat Detection and Response (CFR) Exam CFR-110 Exam Information Candidate Eligibility: The CyberSec First Responder: Threat Detection and Response (CFR) exam
More informationInfoSec Academy Forensics Track
Fundamental Courses Foundational Courses InfoSec Academy Specialized Courses Advanced Courses Certification Preparation Courses Certified Information Systems Security Professional (CISSP) Texas Security
More informationA Decision Maker s Guide to Securing an IT Infrastructure
A Decision Maker s Guide to Securing an IT Infrastructure A Rackspace White Paper Spring 2010 Summary With so many malicious attacks taking place now, securing an IT infrastructure is vital. The purpose
More informationLegislative Council Panel on Information Technology and Broadcasting. Information Security
For Information on 8 July 2013 LC Paper No. CB(4)834/12-13(05) Legislative Council Panel on Information Technology and Broadcasting Information Security Purpose This paper updates Members on the latest
More informationNational Cyber Security Policy -2013
National Cyber Security Policy -2013 Preamble 1. Cyberspace 1 is a complex environment consisting of interactions between people, software and services, supported by worldwide distribution of information
More informationSPSP Phase III Recruiting, Selecting, and Developing Secure Power Systems Professionals: Job Profiles
PNNL-24138 SPSP Phase III Recruiting, Selecting, and Developing Secure Power Systems Professionals: Job Profiles March 2015 LR O Neil TJ Conway DH Tobey FL Greitzer AC Dalton PK Pusey Prepared for the
More informationCyber Security in Taiwan's Government Institutions: From APT To. Investigation Policies
Cyber Security in Taiwan's Government Institutions: From APT To Investigation Policies Ching-Yu, Hung Investigation Bureau, Ministry of Justice, Taiwan, R.O.C. Abstract In this article, we introduce some
More informationWeb application security Executive brief Managing a growing threat: an executive s guide to Web application security.
Web application security Executive brief Managing a growing threat: an executive s guide to Web application security. Danny Allan, strategic research analyst, IBM Software Group Contents 2 Introduction
More informationASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES
ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES Leonard Levy PricewaterhouseCoopers LLP Session ID: SEC-W03 Session Classification: Intermediate Agenda The opportunity Assuming
More informationCyber Resilience Implementing the Right Strategy. Grant Brown Security specialist, CISSP @TheGrantBrown
Cyber Resilience Implementing the Right Strategy Grant Brown specialist, CISSP @TheGrantBrown 1 2 Network + Technology + Customers = $$ 3 Perfect Storm? 1) Increase in Bandwidth (extended reach) 2) Available
More informationDefensible Strategy To. Cyber Incident Response
Cyber Incident Response Defensible Strategy To Cyber Incident Response Cyber Incident Response Plans Every company should develop a written plan (cyber incident response plan) that identifies cyber attack
More informationCompTIA Security+ (Exam SY0-410)
CompTIA Security+ (Exam SY0-410) Length: Location: Language(s): Audience(s): Level: Vendor: Type: Delivery Method: 5 Days 182, Broadway, Newmarket, Auckland English, Entry Level IT Professionals Intermediate
More informationIT Security Testing Services
Context Information Security T +44 (0)207 537 7515 W www.contextis.com E gcloud@contextis.co.uk IT Security Testing Services Context Information Security Contents 1 Introduction to Context Information
More informationEC Council Certified Ethical Hacker V8
Course Code: ECCEH8 Vendor: Cyber Course Overview Duration: 5 RRP: 2,445 EC Council Certified Ethical Hacker V8 Overview This class will immerse the delegates into an interactive environment where they
More informationSECURITY. Risk & Compliance Services
SECURITY Risk & Compliance s V1 8/2010 Risk & Compliances s Risk & compliance services Summary Summary Trace3 offers a full and complete line of security assessment services designed to help you minimize
More informationSymantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team
Symantec Cyber Threat Analysis Program Symantec Cyber Threat Analysis Program Team White Paper: Symantec Security Intelligence Services Symantec Cyber Threat Analysis Program Contents Overview...............................................................................................
More informationHelmi Rais CERT-TCC Team Manager National Agency for Computer Security, Tunisia helmi.rais@ansi.tn helmi.rais@gmail.com
Promoting a Cybersecurity Culture: Tunisian Experience ITU Regional Cybersecurity Forum for Eastern and Southern Africa Lusaka, Zambia, 25-28 August 2008 Helmi Rais CERT-TCC Team Manager National Agency
More informationPenetration Testing Services. Demonstrate Real-World Risk
Penetration Testing Services Demonstrate Real-World Risk Penetration Testing Services The best way to know how intruders will actually approach your network is to simulate a real-world attack under controlled
More informationInformation Security Engineering
Master of Science In Information Security Engineering Course Descriptions November 2014 Master of Science in Information Security Engineering The program of study for the Master of Science in Information
More informationINFORMATION SECURITY TRAINING CATALOG (2015)
INFORMATICS AND INFORMATION SECURITY RESEARCH CENTER CYBER SECURITY INSTITUTE INFORMATION SECURITY TRAINING CATALOG (2015) Revision 3.0 2015 TÜBİTAK BİLGEM SGE Siber Güvenlik Enstitüsü P.K. 74, Gebze,
More informationHow Your Current IT Security System Might Be Leaving You Exposed TAKEAWAYS CHALLENGES WHITE PAPER
WHITE PAPER CHALLENGES Protecting company systems and data from costly hacker intrusions Finding tools and training to affordably and effectively enhance IT security Building More Secure Companies (and
More informationInternal audit of cybersecurity. Presentation to the Atlanta IIA Chapter January 2015
Internal audit of cybersecurity Presentation to the Atlanta IIA Chapter January 2015 Agenda Executive summary Why is this topic important? Cyber attacks: increasing complexity arket insights: What are
More informationCYBERTRON NETWORK SOLUTIONS
CYBERTRON NETWORK SOLUTIONS CybertTron Certified Ethical Hacker (CT-CEH) CT-CEH a Certification offered by CyberTron @Copyright 2015 CyberTron Network Solutions All Rights Reserved CyberTron Certified
More informationMicrosoft s cybersecurity commitment
Microsoft s cybersecurity commitment Published January 2015 At Microsoft, we take the security and privacy of our customers data seriously. This focus has been core to our culture for more than a decade
More informationCyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.
Cyber Security Automation of energy systems provides attack surfaces that previously did not exist Cyber attacks have matured from teenage hackers to organized crime to nation states Centralized control
More informationAttachment A. Identification of Risks/Cybersecurity Governance
Attachment A Identification of Risks/Cybersecurity Governance 1. For each of the following practices employed by the Firm for management of information security assets, please provide the month and year
More informationInformation Security. Training
Information Security Training Importance of Information Security Training There is only one way to keep your product plans safe and that is by having a trained, aware and a conscientious workforce. - Kevin
More informationThreat landscape how are you getting attacked and what can you do better protect yourself and your e-commerce platform
Threat landscape how are you getting attacked and what can you do better protect yourself and your e-commerce platform Sebastian Zabala Senior Systems Engineer 2013 Trustwave Holdings, Inc. 1 THREAT MANAGEMENT
More informationHackers are here. Where are you?
1 2 What is EC-Council Certified Security Analyst Licensed Penetration Tester Program You are an ethical hacker. Your last name is Pwned. You dream about enumeration and you can scan networks in your sleep.
More informationDEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER
DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND Introduction > New security threats are emerging all the time, from new forms of malware and web application exploits that target
More informationInternet Safety and Security: Strategies for Building an Internet Safety Wall
Internet Safety and Security: Strategies for Building an Internet Safety Wall Sylvanus A. EHIKIOYA, PhD Director, New Media & Information Security Nigerian Communications Commission Abuja, NIGERIA Internet
More informationCESG Certification of Cyber Security Training Courses
CESG Certification of Cyber Security Training Courses Supporting Assessment Criteria for the CESG Certified Training (CCT) Scheme Portions of this work are copyright The Institute of Information Security
More informationCOMPANY PROFILE REV 4.0
COMPANY PROFILE REV 4.0 Company Background and Core Values Secor is a highly innovative company based in Lebanon and Dubai, focusing on the exploding market of the information security in the Middle East
More informationCyber Threat Intelligence Move to an intelligencedriven cybersecurity model
Cyber Threat Intelligence Move to an intelligencedriven cybersecurity model Stéphane Hurtaud Partner Governance Risk & Compliance Deloitte Laurent De La Vaissière Director Governance Risk & Compliance
More informationWhat keep the CIO up at Night Managing Security Nightmares
What keep the CIO up at Night Managing Security Nightmares Tajul Muhammad Taha and Law SC Copyright 2011 Trend Micro Inc. What is CIOs real NIGHTMARES? Security Threats Advance Persistence Threats (APT)
More informationCourse 4202: Fraud Awareness and Cyber Security Workshop (3 days)
Course introduction It is vital to ensure that your business is protected against the threats of fraud and cyber crime and that operational risk processes are in place. This three-day course provides an
More informationHackers are here. Where are you?
1 2 What is EC-Council Certified Security Analyst Licensed Penetration Tester Program You are an ethical hacker. Your last name is Pwned. You dream about enumeration and you can scan networks in your sleep.
More informationHow small and medium-sized enterprises can formulate an information security management system
How small and medium-sized enterprises can formulate an information security management system Royal Holloway Information Security Thesis Series Information security for SMEs Vadim Gordas, MSc (RHUL) and
More informationThe Next Generation of Security Leaders
The Next Generation of Security Leaders In an increasingly complex cyber world, there is a growing need for information security leaders who possess the breadth and depth of expertise necessary to establish
More informationDefending against modern threats Kruger National Park ICCWS 2015
Defending against modern threats Kruger National Park ICCWS 2015 Herman Opperman (CISSP, ncse, MCSE-Sec) - Architect, Cybersecurity Global Practice Microsoft Corporation Trends from the field Perimeter
More informationEnterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006
Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,
More information05.0 Application Development
Number 5.0 Policy Owner Information Security and Technology Policy Application Development Effective 01/01/2014 Last Revision 12/30/2013 Department of Innovation and Technology 5. Application Development
More informationWhere every interaction matters.
Where every interaction matters. Peer 1 Vigilant Web Application Firewall Powered by Alert Logic The Open Web Application Security Project (OWASP) Top Ten Web Security Risks and Countermeasures White Paper
More informationSession 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness
Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness Wayne A. Wheeler The Aerospace Corporation GSAW 2015, Los Angeles, CA, March 2015 Agenda Emerging cyber
More informationCompliance. Review. Our Compliance Review is based on an in-depth analysis and evaluation of your organization's:
Security.01 Penetration Testing.02 Compliance Review.03 Application Security Audit.04 Social Engineering.05 Security Outsourcing.06 Security Consulting.07 Security Policy and Program.08 Training Services
More informationAUSTRALIAN GOVERNMENT INFORMATION MANAGEMENT OFFICE CYBER SECURITY CAPABILITY FRAMEWORK & MAPPING OF ISM ROLES
AUSTRALIAN GOVERNMENT INFORMATION MANAGEMENT OFFICE CYBER SECURITY CAPABILITY FRAMEWORK & MAPPING OF ISM ROLES Final Report Prepared by Dr Janet Tweedie & Dr Julie West June 2010 Produced for AGIMO by
More informationMaster of Science in Information Systems & Security Management. Courses Descriptions
Master of Science in Information Systems & Security Management Security Related Courses Courses Descriptions ISSM 530. Information Security. 1 st Semester. Lect. 3, 3 credits. This is an introductory course
More informationI D C A N A L Y S T C O N N E C T I O N
I D C A N A L Y S T C O N N E C T I O N Robert Westervelt Research Manager, Security Products T h e R o l e a nd Value of Continuous Security M o nitoring August 2015 Continuous security monitoring (CSM)
More informationCisco Security Optimization Service
Cisco Security Optimization Service Proactively strengthen your network to better respond to evolving security threats and planned and unplanned events. Service Overview Optimize Your Network for Borderless
More informationComplete Web Application Security. Phase1-Building Web Application Security into Your Development Process
Complete Web Application Security Phase1-Building Web Application Security into Your Development Process Table of Contents Introduction 3 Thinking of security as a process 4 The Development Life Cycle
More informationCYBERSECURITY BEST PRACTICES FOR SMALL AND MEDIUM PENNSYLVANIA UTILITIES
CYBERSECURITY BEST PRACTICES FOR SMALL AND MEDIUM PENNSYLVANIA UTILITIES The information provided in this document is presented as a courtesy to be used for informational purposes only. This information
More informationThe Business Case for Security Information Management
The Essentials Series: Security Information Management The Business Case for Security Information Management sponsored by by Dan Sullivan Th e Business Case for Security Information Management... 1 Un
More informationHOSTING. Managed Security Solutions. Managed Security. ECSC Solutions
Managed Security Managed Security MANAGED SECURITY SOLUTIONS I would highly recommend for your company s network review... were by far the best company IT Manager, Credit Management Agency Presenting IT
More informationFedVTE Training Catalog SUMMER 2015. advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov
FedVTE Training Catalog SUMMER 2015 advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov Access FedVTE online at: fedvte.usalearning.gov If you need any assistance please
More informationCourse Title: Penetration Testing: Network & Perimeter Testing
Course Title: Penetration Testing: Network & Perimeter Testing Page 1 of 7 Course Description: The Security Analyst Series from EC-Council Press is comprised of five books covering a broad base of topics
More informationCFIR - Finance IT 2015 Cyber security September 2015
www.pwc.dk Cyber security Audit. Tax. Consulting. Our global team and credentials Our team helps organisations understand dynamic cyber challenges, adapt and respond to risks inherent to their business
More informationKEY STEPS FOLLOWING A DATA BREACH
KEY STEPS FOLLOWING A DATA BREACH Introduction This document provides key recommended steps to be taken following the discovery of a data breach. The document does not constitute an exhaustive guideline,
More informationdefense through discovery
defense through discovery about krypton krypton is an advisory and consulting services firm, specialized in the domain of information technology (it) and it-related security krypton is a partnership amongst
More informationInformation Technology Security Review April 16, 2012
Information Technology Security Review April 16, 2012 The Office of the City Auditor conducted this project in accordance with the International Standards for the Professional Practice of Internal Auditing
More informationdefending against advanced persistent threats: strategies for a new era of attacks agility made possible
defending against advanced persistent threats: strategies for a new era of attacks agility made possible security threats as we know them are changing The traditional dangers IT security teams have been
More informationProtecting critical infrastructure from Cyber-attack
Protecting critical infrastructure from Cyber-attack ACI-NA BIT Workshop, Session 6 (Cybersecurity) Long Beach, California October 4, 2015 Ben Trethowan Aviation Systems & Security Architect The scale
More informationEmerging Network Security Threats and what they mean for internal auditors. December 11, 2013 John Gagne, CISSP, CISA
Emerging Network Security Threats and what they mean for internal auditors December 11, 2013 John Gagne, CISSP, CISA 0 Objectives Emerging Risks Distributed Denial of Service (DDoS) Attacks Social Engineering
More informationProtecting Your Organisation from Targeted Cyber Intrusion
Protecting Your Organisation from Targeted Cyber Intrusion How the 35 mitigations against targeted cyber intrusion published by Defence Signals Directorate can be implemented on the Microsoft technology
More informationCAST CENTER FOR ADVANCED SECURITY TRAINING. CAST618 Designing and Implementing Cloud Security CAST
CENTER FOR ADVANCED SECURITY TRAINING 618 Designing and Implementing Cloud Security About EC-Council Center of Advanced Security Training () The rapidly evolving information security landscape now requires
More informationHow to start a software security initiative within your organization: a maturity based and metrics driven approach OWASP
How to start a software security initiative within your organization: a maturity based and metrics driven approach Marco Morana OWASP Lead/ TISO Citigroup OWASP Application Security For E-Government Copyright
More informationRational AppScan & Ounce Products
IBM Software Group Rational AppScan & Ounce Products Presenters Tony Sisson and Frank Sassano 2007 IBM Corporation IBM Software Group The Alarming Truth CheckFree warns 5 million customers after hack http://infosecurity.us/?p=5168
More informationDefense-in-Depth Strategies for Secure, Open Remote Access to Control System Networks
Defense-in-Depth Strategies for Secure, Open Remote Access to Control System Networks A look at multi-vendor access strategies Joel Langill TÜV FSEng ID-1772/09, CEH, CPT, CCNA Security Consultant / Staff
More informationCyber Security Metrics Dashboards & Analytics
Cyber Security Metrics Dashboards & Analytics Feb, 2014 Robert J. Michalsky Principal, Cyber Security NJVC, LLC Proprietary Data UNCLASSIFIED Agenda Healthcare Sector Threats Recent History Security Metrics
More informationPreparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS
Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS CONTENTS PAGE RECONNAISSANCE STAGE 4 INCURSION STAGE 5 DISCOVERY STAGE 6 CAPTURE STAGE 7 EXFILTRATION STAGE
More informationEvolving Threats and Attacks: A Cloud Service Provider s viewpoint. John Howie Senior Director Online Services Security and Compliance
Evolving Threats and Attacks: A Cloud Service Provider s viewpoint John Howie Senior Director Online Services Security and Compliance Introduction Microsoft s Cloud Infrastructure Evolution of Threats
More informationFedVTE Training Catalog SPRING 2015. advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov
FedVTE Training Catalog SPRING 2015 advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov If you need any assistance please contact the FedVTE Help Desk here or email the
More informationEC-Council Ethical Hacking and Countermeasures
EC-Council Ethical Hacking and Countermeasures Description This class will immerse the students into an interactive environment where they will be shown how to scan, test, hack and secure their own systems.
More informationSecure by design: taking a strategic approach to cybersecurity
Secure by design: taking a strategic approach to cybersecurity The cybersecurity market is overly focused on auditing policy compliance and performing vulnerability testing when the level of business risk
More informationCybercrime & Cybersecurity: the Ongoing Battle International Hellenic University
Cybercrime & Cybersecurity: the Ongoing Battle International Hellenic University Andreas Athanasoulias, CISM, CISSP Information Security Officer & Security Consultant Brief introduction My career path
More informationPractical Steps To Securing Process Control Networks
Practical Steps To Securing Process Control Networks Villanova University Seminar Rich Mahler Director, Commercial Cyber Solutions Lockheed Martin Lockheed Martin Corporation 2014. All Rights Reserved.
More informationCYBERSTRAT IS PART OF GMTL LLP, 26 YORK STREET, LONDON, W1U 6PZ, UNITED KINGDOM WWW.CYBERSTRAT.CO INFO@CYBERSTRAT.CO
CYBERSTRAT IS PART OF GMTL LLP, 26 YORK STREET, LONDON, W1U 6PZ, UNITED KINGDOM WWW.CYBERSTRAT.CO INFO@CYBERSTRAT.CO CYBER, INFORMATION SECURITY - OVERVIEW A cyber security breach is no longer just an
More informationCGI Cyber Risk Advisory and Management Services for Insurers
CGI Cyber Risk Advisory and Management Services for Insurers Minimizing Cyber Risks cgi.com 3 As organizations seek to create value in today s highly interconnected world, they inherently increase their
More information