Cyber Security Skills for IT Staff (New Cyber Security course)

Duration: 3 days

Venue: 5-7 Museum Place, Cardiff. CF10 3BD

Introduction:

The 21st century cybersecurity industry is expanding rapidly and is a solid area to pursue a long-standing and rewarding career in Information Security. Hence, this cyber security skills training has been designed by our experts in the Cyber Security industry and is based broadly on the 8 domains of CISSP. This course will be useful as a primer to those wishing to follow a self-study route to obtain the certification or as a refresher. However, the course will be also be useful to all those candidates with existing IT skills who are entering into a new role in information or cyber security.

This 3-day cyber security skills course features a significant amount of live demonstration and attendee participation (either alone and in groups) to provide a comprehensive overview of the main topics of cyber security.

Pre-requisites:

No formal cyber security experience is required however, candidates will need to have an intermediate-level in technical skills and experience in the areas of data networking (TCP/IP), and operating systems (Windows and/or Linux).

Day 1

  • Security and Risk Management
  • Asset Security
  • Security Architecture and Engineering

Day 2

  • Communications and Network Security
  • Identity and Access Management
  • Security Assessment and Testing

Day 3

  • Security Operations
  • Software Development Security

Course Content

Part 1: Security and Risk Management

  1. Information Security & Cyber Security Management Governance
  2. The CIA Triad: Confidentiality, Integrity & Availability
  3. Constructing Security Policies
  4. Managing Technical Information and Cyber Security Risks
  5. Managing Personnel and Administrative Security Risks
  6. Computer Crime and UK Law
  7. Major UK statutory and regulatory
  8. Intellectual Property (IP) law
  9. UK Data Protection Act & EU Council General Directive on Data Protection
  10. Business Continuity and Disaster Recovery Planning

(Exercises: Examine scenarios of risk management selected from a number of sectors and fictional organisations as worked examples)

Part 2: Asset Security

  1. Information Classification
  2. Determine and maintain ownership
  3. Maintaining Privacy
  4. Information Asset Handling and Retention

(Exercises/Demos: Work through a series of scenarios to select information classification and privacy policies).

Part 3: Security Engineering

  1. Defining Security Engineering practices and principles
  2. Architecture Frameworks
  3. Security Modelling
  4. Evaluation Criteria
  5. Enterprise and System Security Architecture
  6. Distributed Systems
  7. Security Threats, Safeguards & Countermeasures
  8. Cryptographic techniques
  9. Physical security controls

(Exercises/Demos: Following the supplied sample documentation, identify threats and threat actors, and choose suitable controls).

Part 4: Communications and Network Security

  1. Network and communications architecture design principles
  2. Securing networks and communication paths
  3. Network Attacks & Defences

(Exercises/Demos: Review sample simulated network devices and configurations).

Part 5: Identity and Access Management

  1. Physical and Logical access controls for information assets
  2. Identification and Authentication methods
  3. Identity and Access services and lifecycle
  4. Authorisation methods
  5. Access Control Attacks & Defences

(Exercises/Demos: Review sample authentication controls applied to Windows & Linux devices).

Part 6: Security Assessment and Testing

  1. Design verification and validation and testing strategies
  2. Conducting security control testing
  3. Collecting security performance indicators and metrics
  4. Test analysis and reporting
  5. Internal and External Auditing

(Exercises/Demos: Worked example of test strategy & plans with reporting and analysis).

Part 7: Security Operations

  1. Planning investigations
  2. Security Investigation types
  3. Logging and monitoring
  4. Provisioning resources
  5. Concepts of Security Operations
  6. Resource protection techniques
  7. Incident Management
  8. Preventative & Detective operations
  9. Implement and support patch and vulnerability management
  10. Participate in and understand change management processes
  11. Implement recovery strategies and disaster recovery processes

(Exercises/Demos: Simulated setup of SIEM and Incident scenarios, with change management and disaster).

Part 8: Software Development Security

  1. Secure Software Development Lifecycle
  2. Security Controls and best practices for Development Environments
  3. Audit and Risk Management in software development
  4. Testing Software

(Exercises/Demos: Planning a development environment and test plan). Review of Course and Next Steps

Scroll Up