Course Objectives:
At the end of this course the participants will be able to:
- Examine the area of wireless security protocols, their security attributes, and their potential insecurities within the organization, and in public spaces.
- Illustrate how penetration testing and ethical hacking enhance organizational security.
- Evaluate and apply two of the most important aspects in the modern day of cyber-adversity: Open Source Intelligence (OSINT) and cyber threat intelligence.
- Apply information security standards to their organization and its critical assets.
- Identify the threats presented by viruses, malware, active code, and Active Persistent Threats (APT) and consider the different mitigating options.
- Formulate and manage effective cybersecurity teams, and apply the Computer Security Incident Response Team (CSIRT) framework, tools, and capabilities to deliver cost-effective and robust solutions to protect the organisation.
Targeted Audience:
- IT professionals.
- Security professionals.
- Auditors.
- Site administrators.
- General management.
- Anyone tasked with managing and protecting the integrity of the network infrastructure.
- Anyone already familiar and involved with IT/cyber/digital security and seeking to build on their fundamental principles of security.
Day 1: Adapting to evolving standards
- Information security standards (e.g. PCI-DSS/ISO27001).
- Documented tools (ISO/IEC 27001, PAS 555, Control Objectives for Information and Related Technology COBIT).
- Future standards (ISO/IEC 2018, EU privacy regulations, Local and international government stipulations implicating access to private data).
Day 2: Principles of IT security
- Enterprise security (External defenses, Web filtering, Intruder Prevention Systems (IPS), Intruder Detection Systems (IDS), Firewalls).
- Software Development Lifecycles (SDL).
- Potential insecurities within developed applications.
- WiFi security protocols and attributes.
- Voice over IP (VoIP) security.
- Governance Risk and Compliance (GRC).
- Security Incident Event Management (SEIM) applications.
- Cloud security.
- Third-party security and compliance.
Day 3: Adopting cybersecurity measures
- Employee perception of security through Neuro-Linguistic Programming (NLP).
- Security education and awareness: techniques, systems, and methodologies.
- Penetration testing.
- Ethical hacking.
- Options to mitigate viruses, malware, active code threats and Active Persistent Threats (APT).
- The Computer Incident Response Team (CSIRT) frameworks, tools, and capabilities.
- Incident first response: proven methodologies, tools, and systems.
- The science of applying robust digital forensics: applicable law, capabilities, and methodologies.
Day 4: Building cybersecurity teams
- Supervisory Controls and Data Acquisition (SCADA); security requirements, processes, and methodologies.
- Abuse images: complying with local and international law.
- Creation and management of a Secure Operations Center (SOC).
- Development of the Corporate Security Organization Framework.
- Formulation and deployment of a Computer Security Incident Response Team (CSIRT).
- Bespoke Security Incident and Event System (SIEM) for the operational deployment.
- Risks associated with I/O Security (e.g. USBs, CDs, other forms of media).
- Risks of Active Code Injection, and mitigation techniques.
Day 5: Advanced cyber risks and tools
- Cybercrime and the darknet/dark web: the world of the hackers/hacktivists.
- The underground of cyber criminality.
- Social engineering as a tool to test operational resilience.
- Open Source Intelligence (OSINT).
- Cyber threat intelligence.
- Open source and commercial security tools.
- The operational use of encryption.
- Virtual private networks.
PLACE: London (UK)
VENUE (TBC): INDUSTRIOUS (1 and 2, 245 Hammersmith Road Floors, London W6 8PW)
LANGUAGE: English