Cyber Security Skills For It Staff (New Cyber Security Course)

The 21st century cybersecurity industry is expanding rapidly and is a solid area to pursue a long-standing and rewarding career in Information Security.

Hence, this cyber security skills training has been designed by our experts in the Cyber Security industry and is based broadly on the 8 domains of CISSP.

This course will be useful as a primer to those wishing to follow a self-study route to obtain the certification or as a refresher.

However, the course will be also be useful to all those candidates with existing IT skills who are entering into a new role in information or cyber security.

This 3-day cyber security skills course features a significant amount of live demonstration and attendee participation (either alone and in groups) to provide a comprehensive overview of the main topics of cyber security.

Pre-requisites:

No formal cyber security experience is required however, candidates will need to have an intermediate-level in technical skills and experience in the areas of data networking (TCP/IP), and operating systems (Windows and/or Linux).

Day 1

• Security and Risk Management

• Asset Security

• Security Architecture and Engineering

Day 2

• Communications and Network Security

• Identity and Access Management

• Security Assessment and Testing

Day 3

• Security Operations

• Software Development Security

Course Content

Part 1: Security and Risk Management

• Information Security & Cyber Security Management Governance

• The CIA Triad: Confidentiality, Integrity & Availability

• Constructing Security Policies

• Managing Technical Information and Cyber Security Risks

• Managing Personnel and Administrative Security Risks

• Computer Crime and UK Law

• Major UK statutory and regulatory

• Intellectual Property (IP) law

• UK Data Protection Act & EU Council General Directive on Data Protection

• Business Continuity and Disaster Recovery Planning

(Exercises: Examine scenarios of risk management selected from a number of sectors and fictional organisations as worked examples)

Part 2: Asset Security

• Information Classification

• Determine and maintain ownership

• Maintaining Privacy

• Information Asset Handling and Retention

(Exercises/Demos: Work through a series of scenarios to select information classification and privacy policies).

Part 3: Security Engineering

• Defining Security Engineering practices and principles

• Architecture Frameworks

• Security Modelling

• Evaluation Criteria

• Enterprise and System Security Architecture

• Distributed Systems

• Security Threats, Safeguards & Countermeasures

• Cryptographic techniques

• Physical security controls

(Exercises/Demos: Following the supplied sample documentation, identify threats and threat actors, and choose suitable controls).

Part 4: Communications and Network Security

• Network and communications architecture design principles

• Securing networks and communication paths

• Network Attacks & Defences

(Exercises/Demos: Review sample simulated network devices and configurations).

Part 5: Identity and Access Management

• Physical and Logical access controls for information assets

• Identification and Authentication methods

• Identity and Access services and lifecycle

• Authorisation methods

• Access Control Attacks & Defences

(Exercises/Demos: Review sample authentication controls applied to Windows & Linux devices).

Part 6: Security Assessment and Testing

• Design verification and validation and testing strategies

• Conducting security control testing

• Collecting security performance indicators and metrics

• Test analysis and reporting

• Internal and External Auditing

(Exercises/Demos: Worked example of test strategy & plans with reporting and analysis).

Part 7: Security Operations

• Planning investigations

• Security Investigation types

• Logging and monitoring

• Provisioning resources

• Concepts of Security Operations

• Resource protection techniques

• Incident Management

• Preventative & Detective operations

• Implement and support patch and vulnerability management

• Participate in and understand change management processes

• Implement recovery strategies and disaster recovery processes

(Exercises/Demos: Simulated setup of SIEM and Incident scenarios, with change management and disaster).

Part 8: Software Development Security

• Secure Software Development Lifecycle

• Security Controls and best practices for Development Environments

• Audit and Risk Management in software development

• Testing Software