Cyber Security Skills Training
Duration: 3 days
Venue: 5-7 Museum Place, Cardiff. CF10 3BD
Introduction:
The 21st century cybersecurity industry is expanding rapidly and is a solid area to pursue a long-standing and rewarding career in Information Security. Hence, this cyber security skills training has been designed by our experts in the Cyber Security industry and is based broadly on the 8 domains of CISSP. This course will be useful as a primer to those wishing to follow a self-study route to obtain the certification or as a refresher. However, the course will be also be useful to all those candidates with existing IT skills who are entering into a new role in information or cyber security.
This 3-day cyber security skills course features a significant amount of live demonstration and attendee participation (either alone and in groups) to provide a comprehensive overview of the main topics of cyber security.
Pre-requisites:
No formal cyber security experience is required however, candidates will need to have an intermediate-level in technical skills and experience in the areas of data networking (TCP/IP), and operating systems (Windows and/or Linux).
Day 1
- Security and Risk Management
- Asset Security
- Security Architecture and Engineering
Day 2
- Communications and Network Security
- Identity and Access Management
- Security Assessment and Testing
Day 3
- Security Operations
- Software Development Security
Course Content
Part 1: Security and Risk Management
- Information Security & Cyber Security Management Governance
- The CIA Triad: Confidentiality, Integrity & Availability
- Constructing Security Policies
- Managing Technical Information and Cyber Security Risks
- Managing Personnel and Administrative Security Risks
- Computer Crime and UK Law
- Major UK statutory and regulatory
- Intellectual Property (IP) law
- UK Data Protection Act & EU Council General Directive on Data Protection
- Business Continuity and Disaster Recovery Planning
(Exercises: Examine scenarios of risk management selected from a number of sectors and fictional organisations as worked examples)
Part 2: Asset Security
- Information Classification
- Determine and maintain ownership
- Maintaining Privacy
- Information Asset Handling and Retention
(Exercises/Demos: Work through a series of scenarios to select information classification and privacy policies).
Part 3: Security Engineering
- Defining Security Engineering practices and principles
- Architecture Frameworks
- Security Modelling
- Evaluation Criteria
- Enterprise and System Security Architecture
- Distributed Systems
- Security Threats, Safeguards & Countermeasures
- Cryptographic techniques
- Physical security controls
(Exercises/Demos: Following the supplied sample documentation, identify threats and threat actors, and choose suitable controls).
Part 4: Communications and Network Security
- Network and communications architecture design principles
- Securing networks and communication paths
- Network Attacks & Defences
(Exercises/Demos: Review sample simulated network devices and configurations).
Part 5: Identity and Access Management
- Physical and Logical access controls for information assets
- Identification and Authentication methods
- Identity and Access services and lifecycle
- Authorisation methods
- Access Control Attacks & Defences
(Exercises/Demos: Review sample authentication controls applied to Windows & Linux devices).
Part 6: Security Assessment and Testing
- Design verification and validation and testing strategies
- Conducting security control testing
- Collecting security performance indicators and metrics
- Test analysis and reporting
- Internal and External Auditing
(Exercises/Demos: Worked example of test strategy & plans with reporting and analysis).
Part 7: Security Operations
- Planning investigations
- Security Investigation types
- Logging and monitoring
- Provisioning resources
- Concepts of Security Operations
- Resource protection techniques
- Incident Management
- Preventative & Detective operations
- Implement and support patch and vulnerability management
- Participate in and understand change management processes
- Implement recovery strategies and disaster recovery processes
(Exercises/Demos: Simulated setup of SIEM and Incident scenarios, with change management and disaster).
Part 8: Software Development Security
- Secure Software Development Lifecycle
- Security Controls and best practices for Development Environments
- Audit and Risk Management in software development
- Testing Software
(Exercises/Demos: Planning a development environment and test plan). Review of Course and Next Steps
Check out our OTHER COURSES
Online and Zoom-pro based training
We are offering online and Zoom based training as well as our usual classroom courses. Should there be further lockdown restrictions more courses are likely to be done either through Zoom or via online. However as of this moment, we are providing all of our training as normal in classrooms. We are also ensuring that classroom training courses are done in very small numbers of no more than 4. This is so we can not only provide the highest quality of training, but also we ensure everyone’s safety during these times.
Should you be interested in Zoom training you will need to have a PC or laptop and a free Zoom account. If you do not have a Zoom account, we can help you to setup one.