Select Page
Understanding Cybersecurity Using the OSI Model

Understanding Cybersecurity Using the OSI Model

Understanding Cybersecurity Using the OSI Model

All training runs from 9:00 to 16:30 every day and conducted in English language unless explicitly stated.

About The Understanding Cybersecurity Using the OSI Model

IT professionals of all types need to have a deep understanding of security and this impact their work in their areas of expertise. They could start this journey by looking at security from a comprehensive understanding of the OSI model. It is by doing this professional can have a holistic view of security which they can apply in their areas of expertise.

This course is a comprehensive look at Cybersecurity from the OSI seven-layer model perspective. It covers everything from core security terminology, security standards and how to implement security standards in each of the OSI layer.

You Will Learn How To:

You will learn the core concept of security from the physical security level to the application level. It includes access control, new ways to look at passwords, cryptographic principles, network attacks & malware, wireless security, firewalls and many other security technologies, web & browser security, backups, virtual machines & cloud computing.Based on the OSI model you will learn the following real-world cybersecurity fundamentals to serve as the foundation of your career skills and knowledge for years to come:

  • Learn to communicate with confidence regarding information security topics, terms, and concepts.
  • Understand and apply the Confidentiality, Integrity, and Availability (CIA) for prioritization of critical security resources.
  • Understand and apply the Principles of The Least Privilege
  • Grasp basic cryptographic principles, processes, procedures, and applications.
  • Have a fundamental grasp of any number of technical acronyms: TCP/IP, IP, TCP, UDP, MAC, ARP, NAT, ICMP, and DNS, and the list goes on.
  • Recognize and be able to discuss various security technologies, including anti-malware, firewalls, intrusion detection systems, sniffers, ethical hacking, active defense, and threat hunting.
  • Understand wireless security of technologies such as WiFi, Bluetooth, mobile phones and the Internet of Things (IoT)
  • Explain a variety of frequent attacks such as social engineering, drive-by downloads, watering hole attacks, lateral movement, and other attacks.
  • Understand different types of malware
  • Understand browser security and the privacy issues associated with web browsing.

Course Description

Layer 1: Physical Layer

The Physical layer of the OSI model is responsible for converting data packets from the Data Link layer (Layer 2) into electrical signals.  Learn how to keep data safe at the physical security layer and allow only unauthorized access and restricting access to critical servers.

Security in the OSI Physical layer comprises the enterprise’s physical and site security concerns, which includes all these aspects:

  • Access Control
  • Power management
  • Environment management
  • Smoke & Fire suppression
  • Backups
  • Protection of the physical layer infrastructure

Layer 2. Data Link Layer

The Data Link layer is primarily concerned with physical addressing, line discipline, network topology, error notification, ordered delivery of frames, and flow control. Devices such as s switches and bridges work at this level. Understand the security threats that may occur at this level and how to mitigate them. Some of these threats are:

  • Gratuitous ARPs or ARP spoof
  • MAC flooding
  • Spanning tree attack

Layer 3: Network Layer

At this layer there are many protocols Internet Protocol (IP) responsible for routing of data and network information. It is important to understand how attackers could misuse any of these protocols and gain access or spoof your network. Lots of security attack that can happen here includ:

  • Packet sniffing and DoS attacks.
  • ICMP attacks or ping of death.
  • IP Address Spoofing
  • Routing attacks
  • Back Hole/Selective Forwarding

Layer 4: Transport Layer

This is where the TCP protocol resides. To understand the security issues relating to the TCP and UDP protocol suite is essential to cybersecurity. Some security threats that occur at these levels include the following:

  • Endpoint identification
  • Unauthorized Internet access
  • SYN flood
  • Ping of death
  • Smurf Attack

Layer 5: Session Layer

The session layer manages the establishment and tearing down of connections. These connections could require authentication, authorization, session restoration, tokens etc to set up. During this process it is possible for the session to be hijacked through a man-in-the-middle attack.

You will learn security elements in this layer and how to protect your data and including:

  • The fundamentals of using Secure Socket Layer (SSL) and Transport Socket Layer (TSL)
  • Secure Shell (SSH)
  • Kerberos
  • Internet Protocol Security (IPSEC) to protect communication at the session layer.

Layer 6: Presentation Layer

The presentation layer ensures that the communications passing through are in the appropriate form for the recipient. Some of the services at this layer are data conversion, character code translation, compression, Encryption and Decryption.

  • Malformed SSL requests.
  • Attacker could use SSL to tunnel HTTP attacks to target the server.
  • SSL Hijacking

Layer 7 Application Layer

The application layer is the hardest to defend for several reasons. For a starter, the layer is the most accessible and the most exposed to the outside world through Port 80 (HTTP) or Port 443 (HTTPS). Secondly, it provides services to application procedures that are located outside the OSI layer. According to Gartner 70% of successful attacks occurred at the

Application layer attacks include:

  • Denial-of-service attacks (DDoS) attacks
  • HTTP floods
  • SQL injections
  • cross-site scripting
  • parameter tampering
  • Slowloris attacks.

Learn about security issues involved with web application technologies such as HTTP, HTML, and JAVA) and other application security flaws involving some following:

  • Authentication/Access Control
  • Cryptographic Algorithm
  • Input Validation
  • Parameter/Data Manipulation
  • Sensitive Data Handling
  • Session Management
  • Virus
  • Worm
  • Phishing

Target Audience

This course is for IT professionals and students who would like to understand cybersecurity. The course provides the fundamentals of Security

Security Training and Tutoring

Security Training and Tutoring

Professional security Training & Tutoring

Take Your information security Training to the next level

Optimize Your Information Security Results Today!

Get A Free Consultation

Do More With Less

Optimize Your Training Budget And Get More Results

Information Security has become vital to every business. Data breaches have led to the demise of some organizations. Today, business leaders and government regulations demand that organizations make information security a high priority. Organizations are expected to have  someone responsible for information security.

However, having someone with the title such a Chief Information Security Office (CISO) to head information security is not always practicable for many organizations due to various constrains.

Therefore, our security training support program is designed to combine practical training with support of security professionals in the implementation of security in their organizations.  The goal is to combine security training with practical implementation. We help you take steps to create quick wins in information security with the resources you already have.

Our Security Training & Mentoring Program

Train People to take action and not just pass a certification Exam

Security And Tutoring  Service
Our Security support program combines training and tutoring that helps small & medium size businesses manage their own information security program with the resources they have.

Phishing Simulation
Through our security awareness program companies gets a phishing simulation program that helps their employees avoid serious security pitfalls.

Cloud Security Consulting
The cloud is a major challenge for modern business today. We teach you the best way to use cloud services and still ensure data safety and protection from hacking attacks.

Security Audit And Assessment Training
We teach and provide you the knowledge to have clear visibility into the vulnerabilities in your company and carry out an Information Audit and self-assessment.

Business Security Support
We educate  and provide you with a one-one tutoring with high-quality security advice and know-how to take step-step actions and to implement security in your businesses.

Roadmap To Empower Your Organization

Step 1: Orientation Meeting

The orientation meeting is a free one-hour virtual meeting with you to discuss and find out what you are trying to archive. Based on the findings from this meeting we can create a working plan that meet your needs.

Step 2: Planning

Based on the result of the orientation meeting we will set up a training plan which will cover the theory and practical hands-on implementation of the subject matter based on what you are trying to archive in your organisation.

Step 3: Working session

This series of 3-hours training workshop consist of teaching of the theory and practical knowledge of the subject. Our instructor will work with the participants to learn how to implement the security program in reallife based on company goals and objectives.

Step 4: Work Review

There will be a review at the end of a series of 3 hours working sessions to determine if more time is needed to complete the work or the participant have enough knowledge to move further on their own. The instructor will be available for further tutoring in the future as needed. 

Risk Management Case Study

In this case study you will see how you can leverage the time and resources spent on traditional training to get better ROI from training by combining our training program directly into on the job practical experience.

GDPR Compliance Case study

Combine training with the practical implementation of GDPR in your company. See how staff can learn about GDPR at the same time and actually create policies and setup plans and start putting this plan into action at the same time.

WE CAN PROVIDE  INFORMATION SECURITY TRAINING AND TUTORING IN THESE AREAS
  • ISO 27001 Certification support
  • Setting Up Risk Management Program
  • Identity and Access Management
  • Security Alignment with Organizational Goals and Objectives
  • Developing security awareness program
  • Setup Security Programs
  • Security Policies development
  • GDPR  (Privacy) implementation
  • Building Security into System Development LifeCycle (SDLC)
  • Threat Modelling
  • Incident Management
  • Security Monitoring and Management
  • Business continuity Development

 

Get In Touch

Erfstede 4b
3421 KH
Nieuwegein
info@intellfence.com

Understanding Zero Trust Security (ZTS)

Understanding Zero Trust Security (ZTS)

Understanding Zero Trust Security (ZTS)

TRAINING

Understanding Zero Trust Security (ZTS)

DATE

TBD

TRAINING TYPE

Virtual

ENROLL BELOW

All training runs from 9:00 to 16:30 every day.

About the Zero Trust Security (ZTS) Course

This 2-day intense course focuses on this new way of thinking about network security. Learn about the fundamentals of Zero Trust Security and how to start with its implementation in your company. During the training you will learn the following:

  • Introduction to Zero Trust Security
  • Zero Trust vs traditional perimeter security?
  • Why do we need Zero Trust Security?
  • Why is the Zero Trust Model Important?
  • Understanding micro Segmentation
  • Implementing a perimeterless Design
  • Identity management for Zero Trust Security
  • The Pillars of Zero Trust Security
  • Device Trust
  • User Trust
  • The five steps to a Zero Trust network
  • How to architect a Zero Trust network
  • A look at some vendor implementation of Zero Trust Security Model
  • Zero Trust Security in the Cloud using  Cloud Access Security Broker (CASB)

At the end of this course all participants will understand what Zero Security is and able to determine if it will be useful for their company and how to get started with it.

Target Audience

This training course is intended for professionals who would like to keep up to date with the new technology and apply them in real life environment.

  • CISO’s
  • Security Risk Managers
  • Security Engineers
  • Information Security Managers.
  • Information Security Directors.
  • All other security professionals who want to be kept up to date.

 

The Online Classroom includes:

  • Access to recordings and course content for 360 days.
  • Interactive flash cards to reinforce learning
  • Independent reading and learning activities
  • Case studies and real-world scenarios
  • Knowledge checks after each domain
  • Post-course assessment questions to gauge exam readiness

Understanding Data Loss Prevention (DLP)

Understanding Data Loss Prevention (DLP)

Understanding Data Loss Prevention (DLP)

All training runs from 9:00 to 16:30 every day.

About the Data Loss Prevention (DLP) Course

Data Loss is one of the biggest security challenges faced by companies today. This pose significant risks to the organization in terms of compliance to regulations, financial and reputational risk that can result from a breach of confidential data. Organization needs to find ways to protect their data and keep the customer’s data secure through. Data Loss Prevention (DLP) systems is one of the method used for this. It helps organizations to identify, monitor, and protect data in use and in transit.

The workshop will focus on the following topics:

  • Overview of data prevention.
  • The need for data loss prevention.
  • The risk of Data Loss to the organization.
  • A look at leading data loss prevention systems.
  • Understand and learn to implement Data Loss Prevention Solutions to meet the data protection needs.
  • Implement DLP systems with Security Information and Events Management (SIEM) systems.

The Online Classroom includes:

  • Access to recordings and course content for 360 days.
  • Interactive flash cards to reinforce learning
  • Independent reading and learning activities
  • Case studies and real-world scenarios
  • Knowledge checks after each domain
  • Post-course assessment questions to gauge exam readiness

Target Audience

This training course is intended for professionals who would like to keep up to date with the new technology and apply them in real life environment.

  • CISO’s
  • Security Risk Managers
  • Security Engineers
  • Information Security Managers.
  • Information Security Directors.
  • All other security professionals who want to be kept up to date.

 

CISO: The first 90 days

CISO: The first 90 days

CISO:
The First 90 days

and Beyond

All training runs from 9:00 to 16:30 every day.

CISO: The First 90 days and Beyond

The function of Chief Information Security Officer (CISO) is becoming a requirement for many organizations. This important security position is important in every organization to help create, manage and align the security programs with organizational goal and objectives. In this training will learn about the challenges of the new CISO and how to resolve them. The three days CISO Masterclass program is a very hands-on training program for those starting out with the role of the CISO or those who are already in the role and would like to understand more and get practical help on how to fulfil the role effectively.

 At the end of this workshop participant will understand the full scope of the CISO job description, where it is positioned in the organization. What is expected from a CISO and how to get started being a CISO and implementing security programs within the organization. Based on real world scenario and case studies you will see practical examples on how a CISO implement the content learned from the Master class. It provides you CISO specific tools such as the NICE Framework you need to start making progress beyond the first 90 days. It provides the knowledge, roadmap and the tools to accomplish the following:

 

 

 

You Will Learn How To:

  • Strategically focus your preparation to become a CISO
  • Learn to set up security programs for your organisation.
  • Plan a secure environment aligned with organizational objectives, compliance requirements, and industry-standard architectures
  • Learn to start with what you have already.

The Online Classroom includes:

  • Access to recordings and course content for 365 days.
  • Case studies and real-world scenarios
  • Knowledge checks after each domain

Target Audience

This training is designed for people who are aspiring or have just been appointed as the CISO in their organisation and would like to have a head start to know how to take charge of the new position.

The Master Class: Information Security Management

The Master Class: Information Security Management

Master Class:
Information Security Management

This master class program is designed for people responsible for setting up and managing information security in organizations.  It contains deep learning in all major areas of information security management. It is indented for people who would like to go beyond the theory and be able to carry out the job in the various areas of information security management. As a bonus after the training candidate can prepare to take major information security certification exams.

What is included in the Master Class?

  • 1 x Master Class per subject area
  • 20 Webinars per year on selected information Security topics
  • 4 x One-day live security events per year
  • 1 x Yearly information security event
  • Several Continue Education Events
  • Certificate of completion is awarded at the end of every session for your CPE

What is in a Master Class Program

This Master class program is designed for security professionals who would like to gain the knowledge required to obtain multiple information security management certifications. The class is optimized to present the required knowledge to the student in a compact and straight form without redundancies.

One of the challenges of Information security management training offers today is the lack of dept and repetition of various subjects. In this program we have examined four certification programs that are geared toward the information security management professionals and compress them into the master class. By doing this we have reduced the time spent on these certifications totally with about 40%. Despite this we can go very deep in each subject and provide the students practical help on real life implementation.

How did we do this? Each of these certification programs has some unique subjects that are useful to the security professionals. However, there are also lots of recurring and redundant subjects such as Risk management, Business Continuity Planning, Incident management, cloud security, Assets management, Data classification, Networking, etc. Therefore, instead of doing these programs four times from different vendors, we have grouped them into similar topics and handle them at once going deep.

The Information Security Management Master class covers the following certification program:

  • ISC2 Certified Information Systems Security Professional (CISSP)
  • ISACA Certified Information Security Management (CISM)
  • EC Council Certified Chief Information Security Officer (CCISO)
  • ISACA Certified in Risk and Information Security Control (CRISC)

Despite the concentration of this program you will get additional support and resources to pass the associated certification exam.

After Class Instructor Support

Each Master class in supported through our online portal where instructors are available to answer students’ questions and help them with difficult challenges. The support is available throughout the duration of the master class program.

Exam Preparation

We organized Exam preparation days for those who are interested to help them prepare for the examination. There are four optional exam preparation days. One for the certification exam.

  • ISC2 Certified Information Systems Security Professional (CISSP) I day
  • ISACA Certified Information Security Management (CISM) 1 day
  • EC Council Certified Chief Information Security Officer (CCISO) 1 day
  • ISACA Certified in Risk and Information Security Control (CRISC) 1 day

Master Class Support Content

All our Master class participants can attend any of our security events during the year free. We have several security events each month specific to the Information Security Management field to provide the students with insights and in-depth discussions and workshops on related information security topics. Below are some examples of our security events:

  • How to protect against Social Engineering
  • Understand and protect the organisation from Ransomware
  • Helping the organisation with the GDPR Compliance
  • Introduction to cybersecurity
  • Implementing Mobile Device Security
  • Introduction to Cloud Security
  • The First 90 days of CISO
  • Cyber Security Risk Management
  • Building Security into Software Development
  • Threat Modelling in Software Development Life Cycle (SDLC).
  • Integrating security into Agile Software development.
  • Integrating security into DevOps
  • Understanding Zero Trust Security
  • Implementing Data Loss Prevention (DLP) Program
  • Severless Security