Why
Choose this Training Course?
Today,
the security risks that should be audited is dramatically increasing. To avoid the data breaches that executives
are so afraid of, auditors must have the ability to assess the effectiveness of a company’s cybersecurity
program. To do this they must know what controls are required, how these should be set up, and how to perform
tests to evaluate the effectiveness of these controls.
Participants
will conduct many exercises which have been created to reinforce and establish their knowledge of designing and
executing effective secuirty solutions. This York Britishtraining course will arm participants with the
knowledge and skills needed to perform cyber assessments and ready to become an even more valuable member of
their organizations cyber defense team.
This
training course will feature:
Simulations
of a real cybersecurity program audit
Cybersecuirty
auditing tips
Cyber
risk assessments
Threat
analysis
Case
studies of Cybersecurity breaches and its consequences
What
are the Goals?
By
the end of this training course, delegates will be able to:
Perform
risk analysis of IT security breaches
Get
acquainted with ISO 27001 and COBIT5
Acquire
the knowledge of Information Security Management
Understand
the approach for incident response, Crisis Management and Disaster Recovery
Who
is this Training Course for?
This
York Britishtraining course is suitable for many professionals but will greatly benefit:
Auditors
IT
professionals who are interested in conducting cybersecurity audits, risk assessments, vulnerability and
threat analysis or control self-assessments
How
will this Training Course be Presented?
This
York Britishtraining course will utilise a variety of proven adult learning techniques to ensure maximum
understanding, comprehension and retention of the information presented. This includes theoretical
presentation of the concepts, but the emphasis will be on the exercises performed by the delegates with the
guidance of the instructor, when it comes to the performance of Risk Assessments and Risk Management. The
delegates will be “learning by doing” as the training course is designed around the project of preparing and
executing Cybersecurity audit. Delivery will be by presentation, group syndicate exercises, training e-manual
and interactive seminars, video presentations and active use of software, as well as group discussion on the
results of the exercises. The delegates will also use free software for risk management as well as for
auditing
Day
One: Introduction to cybersecurity
Vulnerability
assessment
Threat
analysis
Cybersecurity
risk assessment
Cybersecurity
program
Cybersecurity
risk auditing
Day
Two: Inventory Security Management
Inventory
authorized and unauthorized devices
Inventory
authorized and unauthorized software
Secure
configurations
Continuous
vulnerability assessment and remediation
Control
use of administrative privileges
Maintenance,
monitoring and analysis of audit logs
Day
Three: Network Security Management
Email
and web browser protection
Malware
defenses
Security
configurations for network devices
Wireless
access control
Limitation
and control of network ports, protocols and services
Day
Four: Data Security Management
Data
protection
Controlled
data access based on need to know
Data
recovery capability
Boundary
defenses
Account
monitoring and control
Security
skills assessment and training
Day
Five: Security Incident Management
Application
software security
Cybersecurity
Incidents
Incident
response management
Penetration
tests
Red
team exercises