Cyber Security Training Courses

This is a one day Introduction to ISO27001

HIPAA (Health Insurance Portability and Accountability Act of 1996) is a legislation in the United States that provides provisions for data privacy and security for handling and storing medical information. These guidelines are a good standard to follow in developing health applications, regardless of territory. HIPAA compliant applications are recognized and more trusted globally.

In this instructor-led, live training (remote), participants will learn the fundamentals of HIPAA as they step through a series of hands-on live-lab exercises.

By the end of this training, participants will be able to:

- Understand the basics of HIPAA
- Develop health applications that are compliant with HIPAA
- Use developer tools for HIPAA compliance

Audience

- Developers
- Product Managers
- Data Privacy Officers

Format of the Course

- Part lecture, part discussion, exercises and heavy hands-on practice.

Note

- To request a customized training for this course, please contact us to arrange.

This course was put together focusing on what today’s Mobile Forensics practitioner requires, Basics of Android and iOS areas this course will be cover & the analysis using reverse engineering understanding how the popular Mobile OSs are hardened to defend against common attacks and exploits.

MITRE ATT&CK is a framework of tactics and techniques used to classify attacks and assesses an organization's risk. ATT&CK brings awareness to an organization's security, identifying holes in defenses and prioritizing risks.

This instructor-led, live training (online or onsite) is aimed at information system analysts who wish to use MITRE ATT&CK to decrease the risk of a security compromise.

By the end of this training, participants will be able to:

- Set up the necessary development environment to start implementing MITRE ATT&CK.
- Classify how attackers interact with systems.
- Document adversary behaviors within systems.
- Track attacks, decipher patterns, and rate defense tools already in place.

Format of the Course

- Interactive lecture and discussion.
- Lots of exercises and practice.
- Hands-on implementation in a live-lab environment.

Course Customization Options

- To request a customized training for this course, please contact us to arrange.

Audiance

All staff who need a working knowledge of Compliance and the Management of Risk

Format of the course

A combination of:

- Facilitated Discussions
- Slide Presentations
- Case Studies
- Examples

Course Objectives

By the end of this course, delegates will be able to:

- Understand the major facets of Compliance and the national and international efforts being made to manage the risk related to it
- Define the ways in which a company and its staff might set up a Compliance Risk Management Framework
- Detail the roles of Compliance Officer and Money Laundering Reporting Officer and how they should be integrated into a business
- Understand some other “hot spots” in Financial Crime – especially as they relate to International Business, Offshore Centres and High-Net-Worth Clients

Malware, an abbreviation for malicious software, refers to viruses, worms, trojans, ransomware, spyware and other harmful programs designed to damage computer systems, data or to gain unauthorized access to a system or network.

This instructor-led, live training (online or onsite) is aimed at computer users who wish to understand malware and take appropriate measures to minimize its threat.

By the end of this training, participants will be able to:

- Understand the concept of malware.
- Identify the different types of malware.
- Take necessary steps to mitigate malware (procedural, technological, awareness, etc).

Format of the Course

- Interactive lecture and discussion.
- Lots of exercises and practice.
- Hands-on implementation in a live-lab environment.

Course Customization Options

- To request a customized training for this course, please contact us to arrange.

This course will give you the skills to build up information security according to ISO 27005, which is dedicated to information security risk management based on ISO 27001.

Internet of Things (IoT) is a network infrastructure that connects physical objects and software applications wirelessly, allowing them to communicate with each other and exchange data via network communications, cloud computing, and data capture. One of the major hurdles in deployment of IoT solutions is security. Since IoT technologies involves a broad range of devices, designing IoT security is critical to a successful IoT deployment.

In this instructor-led, live training, participants will understand Internet of Things (IoT) architectures and learn the different IoT security solutions applicable to their organization.

By the end of this training, participants will be able to:

- Understand IoT architectures.
- Understand emerging IoT security threats and solutions.
- Implement technologies for IoT security in their organization.

Format of the course

- Part lecture, part discussion, exercises and heavy hands-on practice

Note

- To request a customized training for this course, please contact us to arrange

Information Systems Security refers to the protection of information systems against unauthorized access.

This instructor-led, live training (online or onsite) is aimed at engineers who wish to learn the methods and tools needed to protect their organization's information systems against attack.

By the end of this training, participants will be able to:

- Understand information security at both the computer level and communications level.
- Prevent physical and digital access to private information systems.
- Prevent the modification of information that is in storage, being processed, or being transmitted.
- Protect against denial of service attacks.
- Take the necessary measures to detect, document, and counter security threats.
- Ensure that organizational information is kept confidential.

Format of the Course

- Interactive lecture and discussion.
- Lots of exercises and practice.
- Hands-on implementation in a live-lab environment.

Course Customization Options

- To request a customized training for this course, please contact us to arrange.

Description:

This course is the non-certifcation version of the "[CISA - Certified Information Systems Auditor](/cc/cisa)" course. CISA® is the world-renowned and most popular certification for professionals working in the field of IS audit and IT risk consulting.

Objectives:

- Use the knowledge gained to benefit your organisation
- Provide audit services in accordance with IT audit standards
- Provide assurance on leadership and organizational structure and processes
- Provide assurance on acquisition/ development, testing and implementation of IT assets
- Provide assurance on IT operations including service operations and third party
- Provide assurance on organization’s security policies, standards, procedures, and controls to ensure confidentiality, integrity, and availability of information assets.

Target Audience:

Finance/CPA professionals, I.T. professionals, Internal & External auditors, Information security, and risk consulting professionals.

Course Style:

This is an Instructor led course, and is the non-certification version of the "[CISMP - Certificate in Information Security Management Principles](/cc/cismp)" course

Description:;

The course will provide you with the knowledge and understanding of the main principals required to be an effective member of an information security team with security responsibilities as part of your day to day role. It will also prepare individuals who are thinking of moving into information security or related functions.

Objectives:

To provide students with the skills and knowledge required to demonstrate the following:

- Knowledge of the concepts relating to information security management (confidentiality, availability, vulnerability, threats, risks and countermeasures etc.)
- Understanding of current legislation and regulations which impact upon information security management in the UK; Awareness of current national and international standards, frameworks and organisations which facilitate the management of information security;
- Understanding of the current business and technical environments in which information security management has to operate;
- Knowledge of the categorisation, operation and effectiveness of controls of different types and characteristics.

Interactive Application Security Testing (IAST) is a form of application security testing that combines Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) or Runtime Application Self-protection (RASP) techniques. IAST is able to report the specific lines of code responsible for a security exploit and replay the behaviors leading to and following such an exploit.

In this instructor-led, live training, participants will learn how to secure an application by instrumenting runtime agents and attack inducers to simulate application behavior during an attack.

By the end of this training, participants will be able to:

- Simulate attacks against applications and validate their detection and protection capabilities
- Use RASP and DAST to gain code-level visibility into the data path taken by an application under different runtime scenarios
- Quickly and accurately fix the application code responsible for detected vulnerabilities
- Prioritize the vulnerability findings from dynamic scans
- Use RASP real-time alerts to protect applications in production against attacks.
- Reduce application vulnerability risks while maintaining production schedule targets
- Devise an integrated strategy for overall vulnerability detection and protection

Audience

- DevOps engineers
- Security engineers
- Developers

Format of the course

- Part lecture, part discussion, exercises and heavy hands-on practice

Course goal:

To ensure that an individual has the core understanding of GRC processes and capabilities, and the skills to integrate governance, performance management, risk management, internal control, and compliance activities.

Overview:

- GRC Basic terms and definitions
- Principles of GRC
- Core components, practices and activities
- Relationship of GRC to other disciplines

NetNORAD is a system built by Facebook to troubleshoot network problems via end-to-end probing, independent of device polling.

In this instructor-led, live training, participants will learn how NetNORAD and active path testing can help them improve their network troubleshooting methods.

By the end of this training, participants will be able to:

- Understand how NetNORAD works
- Learn the design principles behind NetNORAD
- Use open-source NetNORAD tools with their own code to implement a fault detection system

Audience

- Network engineers
- Developers
- System engineers

Format of the course

- Part lecture, part discussion, exercises and heavy hands-on practice

This course provides leaders and managers an overview of issues and activities associated with cybersecurity.

Leaders will receive information in various topics that will build their knowledge and hone executive decision-making in regard to the cybersecurity threat.

This class will immerse the students into an interactive environment where they will be shown how to scan, test, hack and secure their own systems. The lab intensive environment gives each student in-depth knowledge and practical experience with the current essential security systems. Students will begin by understanding how perimeter defenses work and then be lead into scanning and attacking their own networks, no real network is harmed. Students then learn how intruders escalate privileges and what steps can be taken to secure a system. Students will also learn about Intrusion Detection, Policy Creation, Social Engineering, DDoS Attacks, Buffer Overflows and Virus Creation. When a student leaves this intensive 5 day class they will have hands on understanding and experience in Ethical Hacking.

The purpose of the Ethical Hacking Training is to:

- Establish and govern minimum standards for credentialing professional information security specialists in ethical hacking measures.
- Inform the public that credentialed individuals meet or exceed the minimum standards.
- Reinforce ethical hacking as a unique and self-regulating profession.

Audience:

The Course is ideal for those working in positions such as, but not limited to:

- Security Engineers
- Security Consultants
- Security Managers
- IT Director/Managers
- Security Auditors
- IT Systems Administrators
- IT Network Administrators
- Network Architects
- Developers

This course is designed to show delegates how easy it can be for others to obtain data about ourselves through various means, but also how much of this can be stopped with a few tweaks to our machines and our online behavior.

This instructor-led, live training introduces the system architectures, operating systems, networking, storage, and cryptographic issues that should be considered when designing secure embedded systems.

By the end of this course, participants will have a solid understanding of security principles, concerns, and technologies. More importantly, participants will be equipped with the techniques needed for developing safe and secure embedded software.

Format of the course

- Interactive lecture and discussion.
- Lots of exercises and practice.
- Hands-on implementation in a live-lab environment.

Course Customization Options

- To request a customized training for this course, please contact us to arrange.

Description:

This class will immerse the students into an interactive environment where they will be shown how to scan, test, hack and secure their own systems. The lab intensive environment gives each student in-depth knowledge and practical experience with the current essential security systems. Students will begin by understanding how perimeter defences work and then be lead into scanning and attacking their own networks, no real network is harmed. Students then learn how Intruders escalate privileges and what steps can be taken to secure a system. Students will also learn about Intrusion Detection, Policy Creation, Social Engineering, DDoS Attacks, Buffer Overflows and Virus Creation.

Target Audience:

This course will significantly benefit security officers, auditors, security professionals, site administrators, and anyone who is concerned about the integrity of the network infrastructure.

This two days course s designed for those with some data protection responsibilities in an
organization or who, for other reasons, wish to achieve and demonstrate a broad
understanding of the law, including the EU General Data Protection Regulation (GDPR) and
the UK Data Protection Bill and their practical application. It is recognized that those with
overall responsibility for data protection within an organization will need to develop a detailed
understanding of the law"

Digital Forensics and Investigations is a comprehensive entry level course to teach the basic theoretical concepts of digital forensics as well as the practical side of digital forensics, i.e. how to conduct digital forensic investigations.

This course is designed for a wide range of people such as law enforcers, crime investigators, managers in larger organizations, technical personnel in larger organizations, and anyone else interested in a general background of digital forensics.

Digital identity refers to the information used by computer systems to verify user identity. Some issues related to digital identity include e-signatures, access control and fraud detection.

This instructor-led, live training (online or onsite) is aimed at engineers in telecommunication companies who wish to set up an end-to-end digital identity management system.

By the end of this training, participants will be able to:

- Understand, evaluate and adopt different approaches to managing usernames and passwords.
- Setup a single login system that works across all applications used in a telecom environment.
- Use identity technology to get a clear understanding of their customers and their needs.
- Implement an authentication system that works across different platforms (laptop, mobile, etc.).

Format of the Course

- Interactive lecture and discussion.
- Lots of exercises and practice.
- Hands-on implementation in a live-lab environment.

Course Customization Options

- To request a customized training for this course, please contact us to arrange.

In this course, you will learn the principles and techniques for digital forensics investigation and the spectrum of available computer forensics tools. You will learn about core forensics procedures to ensure court admissibility of evidence, as well as the legal and ethical implications.

You will learn how to perform a forensic investigation on both Unix/Linux and Windows systems with different file systems. with many advanced topics like wireless, network, web, DB and Mobile crimes investigation

DevOps is a software development approach that aligns application development with IT operations. Some of the tools that have emerged to support DevOps include: automation tools, containerization and orchestration platforms. Security has not kept up with these developments.

In this instructor-led, live course, participants will learn how to formulate the proper security strategy to face the DevOps security challenge.

Format of the course

- Interactive lecture and discussion.
- Lots of exercises and practice.
- Hands-on implementation in a live-lab environment.

Course Customization Options

- To request a customized training for this course, please contact us to arrange.

NB-IoT allows IoT devices to operate over carrier networks such as GSM and "guard bands" between LTE channels. NB-IoT needs only 200kHz of bandwidth and can efficiently connect large numbers of endpoint devices (up to 50,000 per NB-IoT network cell). Its low power requirements makes it ideal for use in small, uncomplicated IoT gadgets such as smart parking, utilities and wearables.

Most of today's IoT connections are industrial. Industrial IoT (IIoT) connections require Low Power Wide Area (LPWA) technologies to provide connectivity, coverage and subscription capabilities for low bandwidth applications. Although these requirements could be served by existing cellular networks, such networks may not be ideal. NB-IoT (Narrow Band IoT) technology offers a promising solution.

In this instructor-led, live training, participants will learn about the various aspects of NB-IoT (also known as LTE Cat NB1) as they develop and deploy a sample NB-IoT based application.

By the end of this training, participants will be able to:

- Identify the different components of NB-IoT and how to fit together to form an ecosystem.
- Understand and explain the security features built into NB-IoT devices.
- Develop a simple application to track NB-IoT devices.

Format of the course

- Part lecture, part discussion, exercises and heavy hands-on practice

Audience:

System Administrators and Network Administrators as well as anyone who is interested in defensive network security technologies.

The RESILIA course starts with the purpose, key terms, the distinction between resilience and security, and the benefits of implementing cyber resilience. It introduces risk management and the key activities needed to address risks and opportunities. Further, it explains the relevance of common management standards and best practice frameworks to achieve cyber resilience. Subsequently, it identifies the cyber resilience processes, the associated control objectives, interactions and activities that should be aligned with corresponding ITSM activities. In the final part of the course, it describes the segregation of duties and dual controls related to cyber resilience roles and responsibilities.

Target Audience would be - Network server administrators, firewall administrators, information security analysts, system administrators, and risk assessment professionals

This course covers the basic concepts of security and IT Security, with an emphasis on defending against network attacks. Participants will gain an understanding of essential security protocols and security concepts of web services. Recent attacks against cryptosystems and some recent related vulnerabilities will be referrenced

Ubuntu is an open-source, Linux-based operating system (OS) built on the base of discretion-dependent access control. Its three leading editions, Ubuntu Core, Desktop, and Server OS are customizable for configuring administration firewall and general security of a network system.

This instructor-led, live training (online or onsite) is aimed at security engineers and system administrators who wish to integrate more security into their Ubuntu Linux distribution and protect their system from threats.

By the end of this training, participants will be able to:

- Install and configure Ubuntu operating system.
- Reinforce the physical security of Ubuntu Linux distribution.
- Embed encrypted server features to protect the administration system.
- Secure device interactions within the Ubuntu System.
- Recognize general security threats to Ubuntu environment and execute the proper solutions.

Format of the Course

- Interactive lecture and discussion.
- Lots of exercises and practice.
- Hands-on implementation in a live-lab environment.

Course Customization Options

- To request a customized training for this course, please contact us to arrange.