Cyber Security Foundation & Practitioner

Price: $3,260.00 (ex. GST)
Code: CSFP
Duration: 5 days
Location: Virtual Classroom (AEST)
Schedule: Virtual Classroom (AEST)
  • 17/06/2024 - 21/06/2024
  • 15/07/2024 - 19/07/2024
  • 19/08/2024 - 23/08/2024
  • 16/09/2024 - 20/09/2024
  • 14/10/2024 - 18/10/2024
  • 18/11/2024 - 22/11/2024
  • 16/12/2024 - 20/12/2024
Enquire Now
Book Your Course
Clear
    Attendees
    Reset options

Introduction

This 5-day Cyber Security Foundation + Practitioner course is designed for anyone who wants a sound understanding of Information / Cyber Security and a solid base on which to build their career. It is ideal for someone wanting to start a career in Cyber, or to transition their career. There are no pre-requisites to attend.

The course follows a robust syllabus that covers all the key areas you need to know. At the same time, it provides maximum regional relevance by fully taking into account appropriate sections from the Australian Government Information Security Manual (ISM).

Audience Profile

The course is designed for:

  • Anyone starting a career in Information / Cyber security
  • IT professionals wanting to transition their career into Cyber Security
  • Anyone needing a robust introduction to Cyber Security
  • Anyone planning to work in a position that requires cyber security knowledge
  • Anyone with information / cyber security responsibilities
  • Anyone who has learned “on the job” but who would benefit from a formal presentation to consolidate their knowledge
  • Professionals familiar with basic IT and information security concepts and who need to round out their knowledge.

Outcomes

The key objective of the course is for each participant to be able to leave the course with a very solid understanding and appreciation of the fundamentals of Cyber Security:

  • Cyber Security Concepts
  • Risk Management
  • Security Architecture
  • Implementing security in networks, endpoint systems, applications and data
  • Cryptography
  • Business Continuity and Disaster Recovery Planning
  • Incident Response

One of the special features of this course is its mix of theory and practical exercises, all designed to maximise understanding and retention. Strong use is made of a case study. Participants are provided with sample Word and Excel templates for use. Exercises include:

  • Develop an asset register
  • Identify threats and determine risks, and make recommendations
  • Create a data classification scheme and use this for managing risks with cloud solutions
  • Identify and discuss the advantages and disadvantages of different encryption technologies
  • List and prioritise business-critical operations for business continuity
  • Identify and discuss various approaches to security assurance
  • Identify risk remediation strategies and include in a brief management report.

Cyber Security Concepts and Definitions

  • Difference between IT Security, Information Security and Cyber Security
  • Assets, Threats & Vulnerabilities
  • Likelihood, Consequence and Impact
  • Inherent Risk, Current Risk and Residual Risk

 

Cyber Security Strategy

  • Supporting Business Goals and Objectives
  • Cyber Security Policy Framework
  • Awareness, Training and Education

 

Laws, Regulations and Industry Standards

Roles and Responsibilities

Professional Organisations and Ethics

Introduction to the Case Study

Practical session:

  • Exercise #1 Development of a cyber asset register

Risk Management Concepts and Definitions

  • The stages of risk
  • Systemic and systematic Risk, Risk Aggregation
  • Risk Acceptance, Reduction, Transfer and Avoidance
  • Risk Appetite and Tolerance
  • Governance, Risk Management and Compliance (GRC)
  • Risk Management Process
  • Quantitative, Semi-quantitative and Qualitative Risk

 

Threats and Opportunities

  • Assessing the current threat landscape
  • Developing a threat taxonomy
  • Advanced Persistent Threats
  • Bring Your Own Device or Technologies
  • The Internet of Things

 

Controls, Countermeasures and Enablers

Business Impact Analysis

  • Sample Business Impact Analysis Template
  • Sample Business Impact Levels

 

Practical session:

  • Exercise #2.1 Development of a threat taxonomy and identification of vulnerabilities
  • Exercise #2.2 Evaluate inherent risk, current controls, current risk, recommend controls and residual risk

Security Architecture Concepts and Definitions

Security Architecture Frameworks

  • SABSA
  • TOGAF

 

Security Architecture Design Principles

Service Models

  • Insourcing
  • Outsourcing
  • Managed Services Single provider, multiple provider and prime provider
  • Cloud Services Cloud service models and Cloud deployment models

 

Practical session:

  • Exercise #3 Recommendations for service provider models in addressing risks
  • Exercise #4 Identification of security architecture design principles

OSI and TCP/IP Models

Network Fundamentals

  • Network Security
  • Network Topologies
  • Security Zones
  • Network Security Technologies
  • Virtualisation Benefits and Security Challenges

 

Endpoint Security

  • Servers, desktops, laptops, tablets, mobile devices, wearables
  • Endpoint Security Technologies
  • Specialised Endpoint Systems

 

Application Security

  • Software Development Lifecycle
  • OWASP Top 10
  • Web Application Firewall and Database Firewall

 

Data Security

  • Data owners, data classification, labelling
  • Access control
  • Data governance and lifecycle
  • Data remanence

 

Australian Signals Directorate Top 35 and Essential Eight

  • ASD Top 4
  • ASD Essential Eight
  • SANS Top 20 mapped to ASD Top 35 and other frameworks

 

Practical session:

  • Exercise #5 Establish a data classification scheme
  • Exercise #6 Design a secure network topology incorporating network security zones, overlay the data classification scheme and placement of recommended controls

Cryptography Key Terms and Concepts

Symmetric Algorithms

  • Data Encryption Standard (DES)
  • Triple DES
  • Advanced Encryption Standard (AES)
  • Other symmetric algorithms

 

Asymmetric Algorithms

Hashing Algorithms

Non-Repudiation

Cryptographic Attacks

  • Side-channel
  • Birthday
  • Implementation
  • Other attack methods

 

Implementing Cryptography in the Real World

  • Public Key Infrastructure (PKI)
  • Electronic Document Exchange
  • Virtual Private Networks (VPNs)
  • Secure e-mail
  • Steganography
  • Digital Watermarks
  • Wireless Security
  • Secure Shell
  • Key Management

 

Practical session:

  • Exercise #7 Select appropriate symmetric, asymmetric and hashing algorithms and develop a draft encryption standard

Business Continuity Planning

  • NIST SP800-34 as a framework

 

Disaster Recovery Planning

  • Relationship between the BCP and DRP
  • Events that trigger a BCP/DRP

 

Developing the BCP and DRP

  • Application of NIST SP800-34
  • Initiation
  • Business Impact Analysis
  • Identification of preventive controls
  • Recovery strategies
  • Plan design and development and important BCP/DRP frameworks
  • Ongoing maintenance

 

Practical session:

  • Exercise #8 Identify and rank the most important business operations

NIST Cyber Security Framework

  • Identify
  • Protect
  • Detect
  • Respond
  • Recover

 

Cyber Forensics

  • General phases of the forensic process
  • Anti-forensics
  • Forensic media analysis
  • Network forensics
  • Forensic analysis of software, Embedded devices and Electronic Discovery

 

Incident Response Management

  • Security events and Security incidents
  • Incident Response Methodology using NIST SP800-61

 

Security Assurance

  • Defining and implementing meaningful metrics
  • Configuration management
  • Minimum Security Baselines
  • Vulnerability Assessments
  • Penetration Testing
  • Security Audits
  • Security Assessments
  • Log reviews, retention, centralisation and analysis
  • Security Information and Event Management System (SIEM)

 

Practical session:

  • Exercise #9 Examination of insourcing or using a managed service for incident response
  • Exercise #10 Develop the first part of a management report highlighting the most appropriate strategies for managing various risks and a high-level roadmap of activities

Two hours, multiple choice.

Reviews

There are no reviews yet.

Enquire now

Enquire now

    Cart
    Unfortunately, Your Cart Is Empty
    Please Add Something In Your Cart