Certified Cloud Security Professional (CCSP)

Certified Cloud Security Professional (CCSP)

TRAINING SCHEDULE

CCSP 4 Days Online Class

DATE

TBD

Training Type

Virtual

ENROLL BELOW

All training runs from 9:00 to 16:30 every day.

About the CCSP Course

Certified Cloud Security Professional (CCSP) is one of the industry’s premier cloud security certifications offered for individuals and enterprise teams to manage cloud assets securely. This 4-day Certified Cloud Security Professional (CCSP) certification is governed by the not-for-profit International Information Systems Security Certification Consortium (ISC)2. Check out the dates below and enroll today for the CCSP certification course.

Key Features of this CISSP Training:

  • Instructor-led Certified Cloud Security Professional (CCSP) Certification Training
  • Get access to a free course preview to begin your preparation
  • Expert CCSP instructors across the globe
  • Accredited CCSP course material prepared by SMEs
  • Get key resources from ISC2
  • CCSP Sample papers provided
  • Industry-recognized Course Completion certificate provided
  • Take advantage of 1-to-1 Training and Fly me a Trainer option
  • Training provided across 100+ locations globally

You Will Learn How To:

  • Strategically focus your preparation for CCSP Certification
  • Plan a secure environment aligned with organizational objectives, compliance requirements, and industry-standard architectures
  • Develop operational security and continuity through preventive and recovery mechanisms

Course Description

Domain 1: Architectural Concepts & Design Requirements

Cloud computing concepts & definitions based on the ISO/IEC 17788 standard; security concepts and principles relevant to secure cloud computing.

  • Understand Cloud Computing Concepts
  • Describe Cloud Reference Architecture
  • Understand Security Concepts Relevant to Cloud Computing
  • Understand Design Principles of Secure Cloud Computing
  • Identify Trusted Cloud Service

Domain 2: Cloud Data Security

  • Concepts, principles, structures, and standards used to design, implement,monitor, and secure, operating systems, equipment, networks, applications, and those controls used to enforce various levels of confidentiality, integrity, and availability in cloud environments.
  • Understand Cloud Data Lifecycle
  • Design and Implement Cloud Data Storage Architectures
  • Design and Apply Data Security Strategies
  • Understand and Implement Data Discovery and Classification Technologies
  • Design and Implement Relevant Jurisdictional Data Protections for Personally Identifiable Information (PII)
  • Design and Implement Data Rights Management
  • Plan and Implement Data Retention, Deletion, and Archiving Policies
  • Design and Implement Auditability, Traceability and Accountability of Data Eve

Domain 3: Cloud Platform & Infrastructure Security

Knowledge of the cloud infrastructure components,both the physical and virtual, existing threats, and mitigating and developing plans to deal with those threats.

  • Comprehend Cloud Infrastructure Components
  • Analyze Risks Associated to Cloud Infrastructure
  • Design and Plan Security Controls
  • Plan Disaster Recovery and Business Continuity Managemen

Domain 4: Cloud Application Security

Processes involved with cloud software assurance and validation; and these of verified secure software.

  • Recognize the need for Training and Awareness in Application Security
  • Understand Cloud Software Assurance and Validation
  • Use Verified Secure Software
  • Comprehend the Software Development LifeCycle (SDLC) Process
  • Apply the Secure Software Development LifeCycle
  • Comprehend the Specifics of Cloud Application Architecture
  • Design Appropriate Identity and Access Management (IAM) Solutio

Domain 5: Operations

Identifying critical information and the execution of selected measures that eliminate or reduce adversary exploitation of it; requirements of cloud architecture to running and managing that infrastructure; definition of controls over hardware, media, and the operators with access privileges as well as the auditing and monitoring are the mechanisms, tools and facilities.

  • Support the Planning Process for the Data Center Design
  • Implement and Build Physical Infrastructure for Cloud Environment
  • Run Physical Infrastructure for Cloud Environment
  • Manage Physical Infrastructure for Cloud Environment
  • Build Logical Infrastructure for Cloud Environment
  • Run Logical Infrastructure for Cloud Environment
  • Manage Logical Infrastructure for Cloud Environment
  • Ensure Compliance with Regulations and Controls (e.g., ITIL, ISO/IEC 200001)
  • Conduct Risk Assessment to Logical and Physical Infrastructure
  • Understand the Collection, Acquisition and Preservation of Digital Evidence
  • Manage Communication with Relevant Parties

Domain 6: Legal & Compliance

Addresses ethical behavior and compliance with regulatory frameworks. Includes investigative measures and techniques, gathering evidence (e.g., Legal Controls, eDiscovery, and Forensics); privacy issues and audit process and methodologies; implications of cloud environments in relation to enterprise risk management.

  • Understand Legal Requirements and Unique Risks within the Cloud Environment
  • Understand Privacy Issues, Including Jurisdictional Variation
  • Understand Audit Process, Methodologies, and Required Adaption’s for a Cloud Environment
  • Understand Implications of Cloud to Enterprise Risk Management
  • Understand Outsourcing and Cloud Contract Design
  • Execute Vendor Management

The Online Classroom includes:

  • Access to recordings and course content for 360 days.
  • Interactive flash cards to reinforce learning
  • Independent reading and learning activities
  • Case studies and real-world scenarios
  • Knowledge checks after each domain
  • Post-course assessment questions to gauge exam readiness

Target Audience

This training course is intended for professionals who have at least 2 years of recent full-time professional work experience in 2 or more of the 8 domains of the CISSP CBK and are pursuing CISSP training and certification to acquire the credibility and mobility to advance within their current information security careers. The training is ideal for those working in positions such as, but not limited to:

  • Security Consultant
  • Security Manager
  • IT Director/Manager
  • Security Auditor
  • Security Architect
  • Security Analyst
  • Security Systems Engineer
  • Chief Information Security Officer
  • Director of Security
  • Network Architect

Understanding Data Loss Prevention (DLP)

Understanding Data Loss Prevention (DLP)

TRAINING

Understanding Data Loss Prevention (DLP)

DATE

January 21-22, 2021

TRAINING TYPE

Virtual

ENROLL BELOW

All training runs from 9:00 to 16:30 every day.

About the Data Loss Prevention (DLP) Course

Data Loss is one of the biggest security challenges faced by companies today. This pose significant risks to the organization in terms of compliance to regulations, financial and reputational risk that can result from a breach of confidential data. Organization needs to find ways to protect their data and keep the customer’s data secure through. Data Loss Prevention (DLP) systems is one of the method used for this. It helps organizations to identify, monitor, and protect data in use and in transit.

The workshop will focus on the following topics:

  • Overview of data prevention.
  • The need for data loss prevention.
  • The risk of Data Loss to the organization.
  • A look at leading data loss prevention systems.
  • Understand and learn to implement Data Loss Prevention Solutions to meet the data protection needs.
  • Implement DLP systems with Security Information and Events Management (SIEM) systems.

The Online Classroom includes:

  • Access to recordings and course content for 360 days.
  • Interactive flash cards to reinforce learning
  • Independent reading and learning activities
  • Case studies and real-world scenarios
  • Knowledge checks after each domain
  • Post-course assessment questions to gauge exam readiness

Target Audience

This training course is intended for professionals who would like to keep up to date with the new technology and apply them in real life environment.

  • CISO’s
  • Security Risk Managers
  • Security Engineers
  • Information Security Managers.
  • Information Security Directors.
  • All other security professionals who want to be kept up to date.

 

ISO 27001 Lead Auditor

ISO 27001 Lead Auditor

TRAINING SCHEDULE

ISO 27001 Lead Auditor 4 Days
ISO 27001 Lead Auditor (1 day a Week X 4 weeks)

DATE

TBD
TBD

TRAINING TYPE

Virtual
Virtual

ENROLL BELOW

All training runs from 9:00 to 16:30 every day.

About the ISO 27001 Lead Auditor Course

This certification covers the international standard published by the International Standardization Organization (ISO), that describes how to manage information security in a company. ISO 27001 can be implemented in any kind of organization, profit or non-profit, private, small or large government owned. It also enables companies to become certified, which means that an independent certification body has confirmed that an organization has implemented information security compliant with ISO 27001.

During this training course, you will acquire the knowledge and skills to plan and carry out internal and external audits in compliance with ISO 19011 and ISO/IEC 17021-1 certification process. Based on practical exercises, you will be able to master audit techniques and become competent to manage an audit program, audit team, communication with customers, and conflict resolution.

After acquiring the necessary expertise to perform this audit, you can sit for the exam and apply for a “PECB Certified ISO/IEC 27001 Lead Auditor” credential. By holding a PECB Lead Auditor Certificate, you will demonstrate that you have the capabilities and competencies to audit organizations based on best practices. This training is based on both theory and best practices used in ISMS audits. Lecture sessions are illustrated with examples based on case studies. Practical exercises are based on a case study which includes role-playing and discussions. Practice tests are similar to the Certification Exam.

Course Description

Key Features of the ISO 27001 Lead Auditor Training:

  • Understand the operations of an Information Security Management System based on ISO/IEC 27001
  • Acknowledge the correlation between ISO/IEC 27001, ISO/IEC 27002 and other standards and regulatory frameworks
  • Understand an auditor’s role to: plan, lead and follow-up on a management system audit in accordance with ISO 19011
  • Learn how to lead an audit and audit team
  • Learn how to interpret the requirements of ISO/IEC 27001 in the context of an ISMS audit
  • Acquire the competencies of an auditor to: plan an audit, lead an audit, draft reports, and follow-up on an audit in compliance with ISO 19011
Introduction to Information Security Management Systems (ISMS) and ISO/IEC 27001
  • Course objectives and structure
  • Standards and regulatory frameworks
  • Certification process
  • Fundamental principles of Information Security Management Systems
  • Information Security Management Systems (ISMS)
Audit principles, preparation and launching of an audit
  • Fundamental audit concepts and principles
  • Evidence based audit approach
  • Initiating the audit
  • Stage 1 audit
  • Preparing the stage 2 audit (on-site audit)
  • Stage 2 audit (Part 1)
On-site audit activities
  • Stage 2 audit (Part 2)
  • Communication during the audit
  • Audit procedures
  • Creating audit test plans
  • Drafting audit findings and non-conformity reports
Closing the audit
  • Documentation of the audit and the audit quality review
  • Closing the audit
  • Evaluating action plans by the auditor
  • Benefits of the initial audit
  • Managing an internal audit program
  • Competence and evaluation of auditors
  • Closing the training

The Online Classroom includes:

  • Access to recordings and course content for 360 days.
  • Interactive flash cards to reinforce learning
  • Independent reading and learning activities
  • Case studies and real-world scenarios
  • Knowledge checks after each domain
  • Post-course assessment questions to gauge exam readiness

Target Audience

This training course is intended for professionals who are working in the field of information security and would like to use ISO/IEC 27001 International Standard to assess an organization’s ability to meet their own information security requirements.

  • Internal auditors
  • Auditors wanting to perform and lead Information Security Management System (ISMS) certification audits
  • Project managers or consultants wanting to master the Information Security Management System audit process
  • CxO and Senior Managers responsible for the IT governance of an enterprise and the management of its risks
  • Members of an information security team
  • Expert advisors in information technology
  • Technical experts wanting to prepare for an Information security audit function

 

ISO 27001 Information Security Management Lead Implementer

ISO 27001 Information Security Management Lead Implementer

TRAINING SCHEDULE

ISO 27001 Information Security Management Lead Implementer 5 Days
ISO 27001 Information Security Management Lead Implementer (1 day a Week X 5 weeks)

DATE

TBD
TBD

Training Type

Virtual
Virtual

ENROLL BELOW

All training runs from 9:00 to 16:30 every day.

About the ISO 27001 Lead Implementer Course

ISO/IEC 27001 Lead Implementer five-day intensive course enables the participants to develop an expertise to support an organization in implementing and managing an Information Security Management System (ISMS) as specified in ISO/IEC 27001. Participants will also master the best practices for implementing information security controls from eleven areas of ISO/IEC 27002:2005.

The Online Classroom includes:

  • Access to recordings and course content for 360 days.
  • Interactive flash cards to reinforce learning
  • Independent reading and learning activities
  • Case studies and real-world scenarios
  • Knowledge checks after each domain
  • Post-course assessment questions to gauge exam readiness

Course Description

Key Features of the ISO 27001 Lead Implementer Training:

  • Understanding the application of an Information Security Management System in the ISO/IEC 27001 context
  • Mastering the concepts, approaches, standards, methods and techniques allowing an effective management of an Information Security Management System
  • Understand the relationship between an Information Security Management System, including risk management and controls, and compliance with the requirements of different stakeholders of the organization
  • Acquiring expertise to support an organization in implementing, managing and maintaining an ISMS as specified in ISO/IEC 27001
  • Acquiring the expertise necessary to manage a team in implementing the ISO/IEC 27001:2005 standard
  • Develop personal skills and knowledge required to advise organizations on best practices in management of information security
  • Improve the capacity for analysis and decision-making in a context of information security management
Introduction to Information Security Management System (ISMS) concepts as required by ISO 27001; initiating an ISMS
  • Introduction to the management systems and the process approach
  • Presentation of the ISO 27000 family standards and regulatory framework
  • Fundamental principles of Information Security
  • Preliminary analysis and determining the level of maturity based on ISO 21827
  • Writing a business case and a project plan for the implementation of an ISMS
Planning the implementation of an ISMS based on ISO 27001
  • Defining the scope of an ISMS
  • Drafting an ISMS and Information Security policies
  • Selection of the approach and methodology for risk assessment
  • Risk management: identification, analysis and treatment of risk (based on ISO 27005)
  • Drafting the statement of applicability
Implementing an ISMS based on ISO 27001
  • Implementation of a document management framework
  • Design of and implementation of controls
  • Information Security training, awareness and communication program
  • Incident management (drawing on guidance from ISO 27035)
  • Operations management of an ISMS
Control, monitor and measure an ISMS and the certification audit of the ISMS in accordance with ISO 27001
  • Monitoring the ISMS controls
  • Development of metrics, performance indicators and dashboards in accordance with ISO 27004
  • ISO 27001 internal audit
  • Management review of an ISMS
  • Implementation of a continual improvement program
  • Preparing for an ISO 27001 certification audit

Domain 1: Fundamental principles and concepts in information security

Main Objective: To ensure that the ISO 27001 Lead Implementer candidate can understand, interpret and illustrate the main Information Security concepts related to an Information Security Management System (ISMS)

Domain 2: Information Security Control Best Practice based on ISO 27002

Main Objective: Main Objective: To ensure that the ISO 27001 Lead Implementer candidate can understand, interpret and provide guidance on how to implement and manage Information Security controls best practices based on ISO 27002

Domain 3: Planning an ISMS based on ISO 27001

Main Objective: Main Objective: To ensure that the ISO 27001 Lead Implementer candidate can plan the implementation of an ISMS in preparation for an ISO 27001 certification

Domain 4: Implementing an ISMS based on ISO 27001

Main Objective: To ensure that the ISO 27001 Lead Implementer candidate can implement the processes and security controls of an ISMS required for an ISO 27001 certification

Domain 5: Performance evaluation, monitoring and measurement of an ISMS based on ISO 27001

Main Objective: To ensure that the ISO 27001 Lead Implementer candidate can evaluate, monitor and measure the performance of an ISMS in the context of an ISO 27001 certification

Domain 6: Continuous improvement of an ISMS based on ISO 27001

Main Objective: To ensure that the ISO 27001 Lead Implementer candidate can provide guidance on the continuous improvement of an ISMS in the context of ISO 27001

Domain 7: Preparation for an ISMS certification audit

Main Objective: To ensure that the ISO 27001 Lead Implementer candidate can prepare and assist an organization for the certification of an ISMS against the ISO 27001 standard

Target Audience

This training course is intended for professionals who are working in the field of information security and would like to use ISO/IEC 27001 International Standard to assess an organization’s ability to meet their own information security requirements.

  • Internal auditors
  • Auditors wanting to perform and lead Information Security Management System (ISMS) certification audits
  • Project managers or consultants wanting to master the Information Security Management System audit process
  • CxO and Senior Managers responsible for the IT governance of an enterprise and the management of its risks
  • Members of an information security team
  • Expert advisors in information technology
  • Technical experts wanting to prepare for an Information security audit function

 

CISO: The first 90 days

CISO: The First 90 days and Beyond

TRAINING SCHEDULE

CISO: The First 90 Days and Beyond

DATE

TBD

Training Type

Virtual

”ENROLL

All training runs from 9:00 to 16:30 every day.

CISO: The First 90 days and Beyond

The function of Chief Information Security Officer (CISO) is becoming a requirement for many organizations. This important security position is important in every organization to help create, manage and align the security programs with organizational goal and objectives. In this training will learn about the challenges of the new CISO and how to resolve them. The three days CISO Masterclass program is a very hands-on training program for those starting out with the role of the CISO or those who are already in the role and would like to understand more and get practical help on how to fulfil the role effectively.

 At the end of this workshop participant will understand the full scope of the CISO job description, where it is positioned in the organization. What is expected from a CISO and how to get started being a CISO and implementing security programs within the organization. Based on real world scenario and case studies you will see practical examples on how a CISO implement the content learned from the Master class. It provides you CISO specific tools such as the NICE Framework you need to start making progress beyond the first 90 days. It provides the knowledge, roadmap and the tools to accomplish the following:

 

 

 

You Will Learn How To:

  • Strategically focus your preparation to become a CISO
  • Learn to set up security programs for your organisation.
  • Plan a secure environment aligned with organizational objectives, compliance requirements, and industry-standard architectures
  • Learn to start with what you have already.

The Online Classroom includes:

  • Access to recordings and course content for 365 days.
  • Case studies and real-world scenarios
  • Knowledge checks after each domain

Target Audience

This training is designed for people who are aspiring or have just been appointed as the CISO in their organisation and would like to have a head start to know how to take charge of the new position.

SEC102 Certified Information Systems Security Professional CISSP Exam Prep

Certified Information Systems Security Professional (CISSP) Exam Prep

TRAINING SCHEDULE

CISSP 2 Days Online Exam Only Preparation Training

DATE

TBD

Training Type

Virtual

ENROLL BELOW

All training runs from 9:00 to 16:30 every day and conducted in English language unless explicitly stated.

About the CISSP Course

This CISSP Exam preparation training is designed for those who have undergone a self study program and would like an instructor to help with the finishing touches to prepare for the exam. It is also for candidates who were unsuccessful in taking the exam or are having challenges in understanding the English language questions. The two-day program will help such candidates prepare for the exam with the support from an experience instructor.

Key Features of this CISSP Exam Training:

  • Earn CISSP certification.
  • Review over 200 questions with the instructor with explanation and examples.
  • Access to hundreds of additional exam prep questions
  • Communicate with the instructor and other students after the training in our After-Training instructor coaching program via our social learning portal.

You Will Learn How To:

  • Strategically focus your preparation for CISSP Certification.
  • Understand your area of weakness and how to zoom in those areas and optimized your result.
  • Properly review the questions and eliminate bogus options to get the correct answer.

The Online Classroom includes:

  • Access to recordings and course content for 360 days.
  • Interactive flash cards to reinforce learning.
  • Independent reading and learning activities.

Course Description

Domain 1: Security and Risk Management

Security and Risk Management comprises about 15% of the CISSP exam.

This is the largest domain in CISSP, providing a comprehensive overview of the things you need to know about information systems management. It covers:

  • The confidentiality, integrity and availability of information;
  • Security governance principles;
  • Compliance requirements;
  • Legal and regulatory issues relating to information security;
  • IT policies and procedures; and
  • Risk-based management concepts.

Domain 2: Asset Security

Asset Security comprises about 10% of the CISSP exam.

This domain addresses the physical requirements of information security. It covers:

  • The classification and ownership of information and assets;
  • Privacy;
  • Retention periods;
  • Data security controls; and
  • Handling requirements.

Domain 3: Security Architecture and Engineering

Security Engineering comprises about 13% of the CISSP exam.

This domain covers several important information security concepts, including:

  • Engineering processes using secure design principles;
  • Fundamental concepts of security models;
  • Security capabilities of information systems;
  • Assessing and mitigating vulnerabilities in systems;
  • Cryptography; and
  • Designing and implementing physical security.

Domain 4: Communications and Network Security

Communications and Network Security comprises about 14% of the CISSP exam.

This domain covers the design and protection of an organisation’s networks. This includes:

  • Secure design principles for network architecture;
  • Secure network components; and
  • Secure communication channels.

Domain 5: Identity and Access Management

Identity and Access Management comprises about 13% of the CISSP exam.

This domain helps information security professionals understand how to control the way users can access data. It covers:

  • Physical and logical access to assets;
  • Identification and authentication;
  • Integrating identity as a service and third-party identity services;
  • Authorisation mechanisms; and
  • The identity and access provisioning lifecycle.

Domain 6: Security Assessment and Testing

Security Assessment and Testing comprises about 12% of the CISSP exam.

This domain focuses on the design, performance and analysis of security testing. It includes:

  • Designing and validating assessment and test strategies;
  • Security control testing;
  • Collecting security process data;
  • Test outputs; and
  • Internal and third-party security audits.

Domain 7: Security Operations

Security Operations comprises about 13% of the CISSP exam.

This domain addresses the way plans are put into action. It covers:

  • Understanding and supporting investigations;
  • Requirements for investigation types;
  • Logging and monitoring activities;
  • Securing the provision of resources;
  • Foundational security operations concepts;
  • Applying resource protection techniques;
  • Incident management;
  • Disaster recovery;
  • Managing physical security; and
  • Business continuity.

Domain 8: Software Development Security

Software Development Security comprises about 10% of the CISSP exam.

This domain helps professionals to understand, apply and enforce software security. It covers:

  • Security in the software development life cycle;
  • Security controls in development environments;
  • The effectiveness of software security; and
  • Secure coding guidelines and standards.

Target Audience

This exam training is intended for CISSP candidates who have at least 2 years of recent full-time professional work experience in 2 or more of the 8 domains of the CISSP CBK and are pursuing CISSP certifications but are having challenges taking the exam.

 

en_USEnglish