• Grab A Quote

    Grab A Quote


    Services Required
     Security Posture Assessment
     Penetration Testing
     Vulnerability Assessment
     Architecture Review
     Source Code Review
     Other Services Required

    Disclaimer: We require this information to understand your needs and provide you with a better service. Your privacy is important to us. We will not disclose your personal information to any third party.
  • Got Hacked? Get Instant Help 24/7

    Got hacked ? Let Us Help You




    Disclaimer: We require this information to understand your needs and provide you with a better service. Your privacy is important to us. We will not disclose your personal information to any third party.

InfoSec Programmes

infosecprogram.jpg#asset:2602

AKATI Academy is committed to deliver excellence through our professional cybersecurity training programmes covering both management and technical tracks focusing on specialisations. All training programmes can be customised to suit the needs and requirements of cyber security practitioners.

INFORMATION TECHNOLOGY GOVERNANCE & BUSINESS RESILIENCE
Enterprise Architecture
LEVEL COURSE DURATION  
FOUNDATION Enterprise Architecture Foundation & Landscape 2 Days COURSE DESCRIPTION
COURSE
Enterprise Architecture Foundation & Landscape

LEVEL
FOUNDATION

DURATION
2 Days
WHO SHOULD ATTEND

This training was designed for a broad audience, but focuses mainly on starting architects, managers and consultants who want to get a sense of the Enterprise Architecture field.

DESCRIPTION

Enterprise Architecture (EA) is a structured approach to innovate your organization, to connect business and IT and to become more flexible. Enterprise Architecture increases the transparency in your organization and its complex changes and relations. EA also helps to analyze impact of change and reducing IT risks and cost. This foundation training will give you a good overview of the field of Enterprise Architecture. We discuss the value and background of the discipline. We’ll give an overview of the most important Enterprise Architecture frameworks and tools.

EXPERT Zachman Certified Enterprise Architect 4 Days COURSE DESCRIPTION
COURSE
Zachman Certified Enterprise Architect

LEVEL
EXPERT

DURATION
4 Days
WHO SHOULD ATTEND

Enterprise Architects

DESCRIPTION

This 4-day, hand's-on modeling workshop, we develop the science behind EA, as derived from the Zachman Framework Ontology. We'll be looking at real-life examples and case studies from real consulting projects and finally give you the ability to answer the question "how do I use The Zachman Framework?" We "workshop" how to build and implement PRIMITIVE models and then actually see how that once you get some primitives built, then creating and changing the composite models and implementations in order to get at General Management problems is quite simple. We explore this by using several methodologies and tools that will help you "implement" the Zachman concepts in your enterprise. Understanding this "science" offers great capability to EAs for analysis and simulation solutions in their enterprise. It is a different EA paradigm

INFORMATION SECURITY AWARENESS – SAFE: Security Awareness For Everyone
LEVEL COURSE DURATION  
FOUNDATION SAFE #1 – General Employees 1 Day COURSE DESCRIPTION
COURSE
SAFE #1 – General Employees

LEVEL
FOUNDATION

DURATION
1 Day
WHO SHOULD ATTEND

all our employees plus contractors, consultants etc. working on our premises

DESCRIPTION

Prime targets for the awareness program are the people who use IT systems, handle corporate/personal information or control IT assets.  In practice, this means practically everyone within the organization (including those in the next two  groups), and perhaps some others (such as contractors and consultants working for us).  Managing information may or may not be a central part of their daily working lives but we believe everybody has a part to play in the information security culture. We will update the information security content for the new employee induction  process, for example, and introduce a refresher program. All employees will be encouraged to keep track of information security policies and issues through general awareness materials, and will in future be required to acknowledge their acceptance of information security responsibilities formally once a year. Wide coverage will reduce the chance that anyone can reasonably claim to be ignorant of their information security responsibilities and/or the rules: demonstrable awareness of the organization’s information security rules is vital if we are to take disciplinary or legal action following a breach.

FOUNDATION SAFE #2 – Executive Managers 1 Day COURSE DESCRIPTION
COURSE
SAFE #2 – Executive Managers

LEVEL
FOUNDATION

DURATION
1 Day
WHO SHOULD ATTEND

Management from the CEO to team-leader level Some items may be circulated more narrowly e.g. to specific directors or managers

DESCRIPTION

Staffs look  up to their team leaders, supervisors,  junior/middle/senior managers and executive directors for direction and guidance in all sorts of areas. In the case of information security, managers should openly demonstrate their commitment and support for the system of controls, implying the need to inform them about the controls and their obligations (naturally, it is important that managers comply with information security rules). Furthermore, managerial oversight is itself an important class of information security controls, so managers need to be aware of their governance responsibilities including monitoring and supporting their subordinates

ADVANCED SAFE #3 – Technologists 1 Day COURSE DESCRIPTION
COURSE
SAFE #3 – Technologists

LEVEL
ADVANCED

DURATION
1 Day
WHO SHOULD ATTEND

Most IT/ technical staff especially IT operations, developers and others with obvious information security responsibilities. Also “power-users” within the business Some sensitive or highly detailed items may be circulated more narrowly

DESCRIPTION

This category includes IT network and systems managers, application developers, information security administrators, computer auditors, “power users” (end -users who develop and share spread sheet and database applications etc.) and various others. Technologists are largely ignored by Traditional Information  security awareness activities yet we expect them to understand, implement and operate most of our technical security controls. The awareness program will redress the balance through technical briefings, white papers and possibly training courses. Technical details relating to design and operation of information security controls will be most relevant to these people. Improved understanding of information security will help persuade technologists to incorporate appropriate technical controls in systems they build and operate, and make use of controls in systems they use.

INFORMATION SYSTEMS AUDITING
LEVEL COURSE DURATION  
FOUNDATION IT Auditing Essentials 3 Days COURSE DESCRIPTION
COURSE
IT Auditing Essentials

LEVEL
FOUNDATION

DURATION
3 Days
WHO SHOULD ATTEND

This course is intended for those needing a better understanding of IT controls and audit, whether they are:

• business auditors seeking a better grasp of IT and its related control concepts;

• experienced IT practitioners preparing for an audit, or taking part in an audit as a team member.

• Audit or IT managers wanting to ensure they are adequately dealing with IT control issues.

DESCRIPTION

This three-day workshop is designed to provide new IT assurance and control professionals with the core skills needed by all Information Technology Auditors. You will review and understand key audit and control principles, as well as many practical techniques, which are all necessary to complete a wide range of IT audit assignments within today’s complex computing environments.    

Topics covered include overall IT audit planning and objectives, as well as audit risk assessment. We’ll also examine the wide range of controls needed for managing the IT function, system development / acquisition and implementation, IT operations, logical and physical security, and business resumption / disaster recovery. Included are the vital business process controls found within specific financial tracking and reporting systems. In addition, we will consider important technology components that IT auditors must be able to understand, use, and evaluate.

ADVANCED Certified Information Systems Auditor (CISA) 5 Days COURSE DESCRIPTION
COURSE
Certified Information Systems Auditor (CISA)

LEVEL
ADVANCED

DURATION
5 Days
WHO SHOULD ATTEND

CISA is designed for;

· IS/IT Auditors

· IS/IT Consultants

· IS/IT Audit Managers

· Security Professionals Non-IT Auditors

DESCRIPTION

Enterprises demand IS audit professionals that possess the knowledge and expertise to help them identify critical issues and customize practices to support trust in and value from information systems

The skills and practices that CISA promotes and evaluates are the building blocks of success in the field. Possessing the CISA demonstrates proficiency and is the basis for measurement in the profession.

CISA Certification:

  • Confirms your knowledge and experience
  • Quantifies and markets your expertise
  • Demonstrates that you have gained and maintained the level of knowledge required to meet the dynamic challenges of a modern enterprise
  • Is globally recognized as the mark of excellence for the IS audit professional
  • Combines the achievement of passing a comprehensive exam with recognition of work and educational experience, providing you with credibility in the marketplace.
  • Increases your value to your organization
  • Gives you a competitive advantage over peers when seeking job growth Helps you achieve a high professional standard through ISACA’s requirements for continuing education and ethical conduct
EXPERT Real World IT Audit Techniques 3 Days COURSE DESCRIPTION
COURSE
Real World IT Audit Techniques

LEVEL
EXPERT

DURATION
3 Days
WHO SHOULD ATTEND

·  IS/IT Auditors

·  IS/IT Consultants

·  IS/IT Audit Managers

DESCRIPTION

This course addresses the specific issues of how we can attest to the efficacy of our information resources and provide assurance that the objectives and performance of these systems are being met. The course will use concurrent auditing techniques for a 'real life' case study and may use industry standard audit software to set integrated test facilities. The course concludes with a review of future IS audit techniques, methodologies and social implications

BUSINESS CONTINUITY AND DISASTER RECOVERY
LEVEL COURSE DURATION  
FOUNDATION Business Continuity Management & Resilience 5 Days COURSE DESCRIPTION
COURSE
Business Continuity Management & Resilience

LEVEL
FOUNDATION

DURATION
5 Days
WHO SHOULD ATTEND

Those responsible for implementing a business continuity management system (BCMS) or individuals who wish to understand the benefits of compliance with the ISO 22301 standard. This includes business continuity managers, IT managers, business managers, quality managers, compliance managers, project managers, ISO 22301 auditors and emergency planners.

DESCRIPTION

This course provides a comprehensive introduction to the ISO/IEC 22301:2012 standard and the requirements of a business continuity management system (BCMS). ISO 22301, the international standard for business  continuity, outlines the requirements of a business continuity management system (BCMS). An ISO 22301-compliant BCMS will reassure customers, investors and other stakeholders that an organisation is prepared to deal effectively with disruptions such as fire, theft, cyber attack, IT service issues, staff absences, terrorist activity and natural disasters. The ISO 22301 Certified BCMS Foundation Training Course provides a comprehensive overview of the requirements and benefits of a BCMS, and leads to the award of the ISO 22301 Certified BCMS Foundation (CBC F) qualification. Through a mixture of presentations, practical exercises and case studies, you will be able to:

•  Understand business continuity concepts, terms and definitions

•  Explain the benefits of a BCMS to an organisation

•  Recognise the process elements of a BCMS

•  Understand the principles of business impact analysis and risk assessment

•  Understand the principles of incident response and business continuity management

•  Understand the principles of exercising business continuity arrangements

•  Understand how the Plan-Do-Check-Act cycle is applied to a BCMS •  Appreciate the benefits of accredited certification

ADVANCED EC-Council Disaster Recovery Professional (EDRP) 5 Days COURSE DESCRIPTION
COURSE
EC-Council Disaster Recovery Professional (EDRP)

LEVEL
ADVANCED

DURATION
5 Days
WHO SHOULD ATTEND

Network server administrators, firewall administrators, systems administrators, application developers, and IT security officers.

DESCRIPTION

The EDRP course teaches you the methods in identifying vulnerabilities and takes appropriate countermeasures to prevent and mitigate failure risks for an organization. It also provides the networking professional with a foundation in it disaster recovery course principles, including preparation of a disaster recovery plan, assessment of risks in the enterprise, development of policies, and procedures, and understanding of the roles and relationships of various members of an organization, implementation of the plan, and recovering from a disaster.

This IT disaster recovery course EDRP takes an enterprise-wide approach to developing a disaster recovery plan. Students will learn how to create a secure network by putting policies and procedures in place, and how to restore a network in the event of a disaster.

ADVANCED ISO 22301 Lead Implementer 5 Days COURSE DESCRIPTION
COURSE
ISO 22301 Lead Implementer

LEVEL
ADVANCED

DURATION
5 Days
WHO SHOULD ATTEND

Anyone who is looking to lead the implementation of a BCMS that will either align with the management framework or certify to the requirements of ISO 22301:2012

DESCRIPTION

The objective of this course is to provide delegates with the necessary skills and tools to implement a Business Continuity Management System (BCMS) that meets the certification requirements of ISO 22301:2012. 

The course will prepare delegates for the ISO 22301 Lead Implementer Certificate and provide delegates with useful tools and a reference framework for implementation.

EXPERT ISO 22301 Lead Auditor 5 Days COURSE DESCRIPTION
COURSE
ISO 22301 Lead Auditor

LEVEL
EXPERT

DURATION
5 Days
WHO SHOULD ATTEND

Who should attend?

  • Business continuity managers and consultants
  • Risk, information security, IT, operations managers and consultants
  • Existing auditors who want to audit to ISO 22301
  • Those who want to improve business continuity through an independent audit
DESCRIPTION

Become a business continuity lead auditor with our ISO 22301 Lead Auditor training course. Ensure excellence in business continuity management by leading independent audits and managing auditing teams at each stage of the audit process. As an ISO 22301 lead auditor your findings can make sure business continuity management systems provide the capability to deal with disruptions to your organization, and achieve or maintain certification.

BUSINESS CONTINUITY AND DISASTER RECOVERY
LEVEL COURSE DURATION  
FOUNDATION Business Continuity Management & Resilience 5 Days COURSE DESCRIPTION
COURSE
Business Continuity Management & Resilience

LEVEL
FOUNDATION

DURATION
5 Days
ADVANCED EC-Council Disaster Recovery Professional (EDRP) 5 Days COURSE DESCRIPTION
COURSE
EC-Council Disaster Recovery Professional (EDRP)

LEVEL
ADVANCED

DURATION
5 Days
ADVANCED ISO 22301 Lead Implementer 5 Days COURSE DESCRIPTION
COURSE
ISO 22301 Lead Implementer

LEVEL
ADVANCED

DURATION
5 Days
EXPERT Certified in Risk and Information Systems Control (CRISC) 5 Days COURSE DESCRIPTION
COURSE
Certified in Risk and Information Systems Control (CRISC)

LEVEL
EXPERT

DURATION
5 Days
EXPERT Enterprise Risk Management 5 Days COURSE DESCRIPTION
COURSE
Enterprise Risk Management

LEVEL
EXPERT

DURATION
5 Days
EXPERT ISO 31000 Certified Risk Manager 5 Days COURSE DESCRIPTION
COURSE
ISO 31000 Certified Risk Manager

LEVEL
EXPERT

DURATION
5 Days
RISK MANAGEMENT
LEVEL COURSE DURATION  
FOUNDATION IT Risk Management 3 Days COURSE DESCRIPTION
COURSE
IT Risk Management

LEVEL
FOUNDATION

DURATION
3 Days
WHO SHOULD ATTEND

IT Risk and Security Managers, IT Technology and Systems Managers, IT Auditors, IT Operations Managers, IT Project Managers

DESCRIPTION

Every organization has a mission. In this digital era, as organizations use automated information technology (IT) systems1 to process their information for better support of their missions, risk management plays a critical role in protecting an organization’s information assets, and therefore its mission, from IT-related risk. An effective risk management process is an important component of a successful IT security program. The principal goal of an organization’s risk management process should be to protect the organization and its ability to perform their mission, not just its IT assets. Therefore, the risk management process should not be treated primarily as a technical function carried out by the IT experts who operate and manage the IT system, but as an essential management function of the organization. The objective of this course is to provide attendees with the necessary perspective, knowledge and skills to understand the essential elements and benefits of applying effective IT risk management and to learn how it assists:

•  Management in ensuring that the appropriate resources are effectively applied in order to achieve the mission

• Users in ensuring that proper controls are applied to address integrity, confidentiality, and availability of the IT systems and data that they own

• IT professionals in promoting IT policy adherence and maintain security of the IT systems

INTERMEDIATE Information Security Risk Management using ISO 27005 3 Days COURSE DESCRIPTION
COURSE
Information Security Risk Management using ISO 27005

LEVEL
INTERMEDIATE

DURATION
3 Days
WHO SHOULD ATTEND

Risk managers, information security managers, IT consultants, staff implementing or seeking to comply with ISO 27001 c.q. ISO 27005 or are involved in a Risk Management program.

DESCRIPTION

The purpose of ISO 27005 (latest update) is to provide guidelines for Information Security Risk Management. ISO 27005 supports the general concepts specified in ISO 27001 and is designed to assist the satisfactory implementation of Information Security based on a Risk Management approach. ISO 27005 does not specify or recommend any specific risk analysis method, although it does specify a structured, systematic and rigorous process from analyzing risks to creating the risk treatment plan. The 3-day Certified ISO 27005 Risk Manager training offers you also knowledge of the concepts, models, processes and terminologies, described in ISO 27001 and ISO 27002, important for a complete understanding of the international ISO 27005 standard.

EXPERT Certified in Risk and Information Systems Control (CRISC) 5 Days COURSE DESCRIPTION
COURSE
Certified in Risk and Information Systems Control (CRISC)

LEVEL
EXPERT

DURATION
5 Days
WHO SHOULD ATTEND

The CRISC certification was specifically created for risk and control professionals, which include:

 • IT professionals

• Risk professionals

• Control professionals

 • Business analysts

• Project managers  

• Compliance professionals

DESCRIPTION

In today’s business environment, enterprises need to innovate in order to survive and flourish. Innovation, however, almost always involves risk. To maintain or attain their competitiveness, future-thinking enterprise leaders are increasingly recognizing the need for professionals who understand technology, and specifically how to implement and align effective risk management and control frameworks with their enterprise’s business goals. To help meet the rising demand for professionals with this critical blend of technical and business understanding, ISACA® brought together its industry experts from around the globe to develop what is fast becoming the gold standard designation for risk management—the Certified in Risk and Information Systems Control™ (CRISC™ ) certification.

EXPERT Enterprise Risk Management 5 Days COURSE DESCRIPTION
COURSE
Enterprise Risk Management

LEVEL
EXPERT

DURATION
5 Days
WHO SHOULD ATTEND

•  Accounting and finance professionals who need to know more about risk management in their roles.

•  Managers, directors or controllers who are responsible for protecting their organization, managing risk and/or embedding effective systems of corporate governance.

•  CEOs, CFOs, VPs and other executives and heads of departments who require a better understanding of risk management and the role it should play in their organizations.

DESCRIPTION

Traditional risk management, while well established, has its limitations. Traditional risk management approaches are typically done on a “silo” basis. Each risk type is usually handled in isolation: financial risk in the investment department; technology risk in the I/T department; talent management risks in the H.R. department; etc. In addition, only the financial risks have commonly received robust quantification. As a result, what has generally been lacking is the ability for companies to address all their key risks on a consistent, integrated basis and in a quantitative manner. Without this, companies have struggled to:

•  Prioritize and manage their individual key risks

•  Understand the integrated impact of multiple risks occurring simultaneously

•  Aggregate risk exposure metrics to the enterprise level

•  Determine the overall risk appetite of the organization, and manage risk exposures to within the risk appetite

•  Provide appropriate risk disclosures to investors and other stakeholders Enterprise risk management (ERM) is a significant advancement in the field of risk management, and provides a process for companies to identify, measure, manage, and disclose all key risks to increase value to stakeholders. ERM solves the challenges discussed above. In addition, ERM provides a better framework for fundamental risk-return decision-making at the highest levels, elevating ERM to advancement in business management.

EXPERT ISO 31000 Certified Risk Manager 5 Days COURSE DESCRIPTION
COURSE
ISO 31000 Certified Risk Manager

LEVEL
EXPERT

DURATION
5 Days
WHO SHOULD ATTEND

ISO 31000 offers a successful approach for effective risk management that is suitable for any type of organisation and all sorts of risks. This certifying training is a must for anyone engaged in (managing) risk management, such as ISO auditors, operational auditors, security/facility managers, compliance managers, (IT) risk managers, (IT) auditors, managers internal audit, business continuity managers, security managers, general/operational/line managers, quality managers and business controllers.

DESCRIPTION

This 3-day Risk Management training enables you to become a Certified ISO 31000 Risk Management Professional. Both the training and the exam are based on the ISO 31000 Risk Management standard which can be used by private and public organizations of any size, industry or sector. In this intensive 3-day training you develop the competence in the foundations of the ISO 31000 Risk Management Standard.

By means of in-depth training, practical exercises and sample multiple-choice questions, you will acquire the necessary knowledge and skills to succesfully pass the official exam. You will become familiar with the vocabulary, principles, framework and risk management process, proposed in the ISO 31000 Standard. 

During the training, the general ISO 31000 Risk Management Principles and Guidelines will be presented and its 2 companions, the ISO Guide 73 Risk Management Vocabulary and the ISO 31010 Risk Management Risk Assessment Techniques.

INFORMATION SECURITY MANAGEMENT
LEVEL COURSE DURATION  
FOUNDATION COBIT (Control Objectives for Information and Related Technology) 5 Foundation 3 Days COURSE DESCRIPTION
COURSE
COBIT (Control Objectives for Information and Related Technology) 5 Foundation

LEVEL
FOUNDATION

DURATION
3 Days
WHO SHOULD ATTEND

IT auditors, IT managers, IT quality professionals, IT leadership, IT developers, process practitioners and managers in IT service providing firm

DESCRIPTION

COBIT 5 is the only business framework for the governance and management of enterprise IT. Launched in April 2012, COBIT 5 helps maximize the value of information by incorporating the latest thinking in enterprise governance and management techniques, and provides globally accepted principles, practices, analytical tools and models to help increase the trust in, and value from, information systems.

Learn the importance of an effective framework to enable business value. Delve into the elements of ISACA’s evolutionary framework to understand how COBIT 5 covers the business end-to-end and helps you effectively govern and manage enterprise IT. Developed for anyone interested in obtaining foundation-level knowledge of COBIT, the course explains the COBIT framework and supporting materials in a logical and example-driven approach.

FOUNDATION Introduction to ISO 27001:2013 2 Days COURSE DESCRIPTION
COURSE
Introduction to ISO 27001:2013

LEVEL
FOUNDATION

DURATION
2 Days
WHO SHOULD ATTEND

• Professionals who are responsible for handling management systems based on ISO 27001.

• IT and Security professionals 

• Professionals who wish to follow with the ISO27001:2013 Lead Implementer and Lead Auditor courses

DESCRIPTION

Introduction to ISO27001:2013 is a 2-day course, designed to provide a fundamental understanding of the use of the ISO27001:2013 standard which forms the basis for a systematic and integrated approach to audit of an Information Security Management System (ISMS). ISO27001:2013 standard aids organisations to manage the security of their financial information, employee information, intellectual property, third-party data that has been entrusted to the organisation and similar information assets. 

Why you should attend

  • The course provides a taster to the ISO27001:2013 standard
  • The course helps you decide if your organisation is in a position to implement the standard.
  • This course is designed to benefit all IT and Security professionals, regardless of whether you directly get involved in the implementation of management systems based on ISO27001:2013 standard or not.
  • The course provides sufficient knowledge on how to effectively utilise the ISO27001:2013 standard

The Introduction to ISO27001:2013 course also serves as a great starter for more in-depth courses such as ISO27001:2013 Lead Implementer and Lead Auditor.

INTERMEDIATE COBIT 5 Implementation 3 Days COURSE DESCRIPTION
COURSE
COBIT 5 Implementation

LEVEL
INTERMEDIATE

DURATION
3 Days
WHO SHOULD ATTEND

IT auditors, IT managers, IT quality professionals, IT leadership, IT developers, process practitioners and managers in IT service providing firms, business managers

DESCRIPTION

Get a practical appreciation of how to apply COBIT 5 to specific business problems, pain points, trigger events and risk scenarios within the organization. Learn how to implement and apply COBIT 5 into your enterprise and how to effectively use it for client initiatives. Attendees will walk away with an appreciation of how to effectively use COBIT 5 for different organizational scenarios. The course material is supported by practical exercises and case-based scenarios. Candidates learn how to apply the COBIT 5 continual improvement lifecycle approach to address requirements and establish and maintain a sustainable approach to governing and managing enterprise IT as “normal business practice”

INTERMEDIATE ISO 27001:2005-2013 Transition Training 2 Days COURSE DESCRIPTION
COURSE
ISO 27001:2005-2013 Transition Training

LEVEL
INTERMEDIATE

DURATION
2 Days
WHO SHOULD ATTEND

Anyone with ISO/IEC 27001 responsibility, including

  • Business Continuity, Risk, Information Security, IT and Operations Managers or Consultants
  • Management system practitioners who will be converting to ISO/IEC 27001:2013
  • Internal and external management system auditors who will be auditing to ISO/IEC 27001:2013
  • People interested in finding out how ISO/IEC 27001:2013 differs from its 2005 version
DESCRIPTION

Are you already familiar with ISO/IEC 27001:2005 and want to find out what has changed in the transition to ISO/IEC 27001:2013? This course is particularly valuable for individuals directly involved in the planning, implementing, maintaining or auditing of an ISO/IEC 27001 Information Security Management System (ISMS).

An experienced instructor will explain the new ISO (high level) structure applied to new management systems and then through application: explain the resulting differences between ISO/IEC 27001:2005 and ISO/IEC 27001:2013, while explaining the impact of additions and amendments contained within the new international standard.

The course will also deal with the certification transition where this is applicable to your organization

INTERMEDIATE ISMS (Information Security Management System) Implementation Workshop 3 Days COURSE DESCRIPTION
COURSE
ISMS (Information Security Management System) Implementation Workshop

LEVEL
INTERMEDIATE

DURATION
3 Days
WHO SHOULD ATTEND

This course is designed for people assigned to implement an ISMS practically e.g. managers already involved with control of another management system, consultants

DESCRIPTION

Two days  ISMS  Foundation course gives a thorough introduction to Information Security Management, together with the requirements for ISMS implementation. Objectives - To give an understanding of:

•  What an information security management system (ISMS) is and how it can help business

•  Why companies are going for registration to ISO 27001:2013

•  The basic registration process

•  Where to get help and information

•  Where to start to implement a system

•  The ISO 27001 standard and its documentation requirements

•  Risk assessment

•  To identify the requirements for an ISMS

•  To explain the tools used to meet the requirements

•  To assist people in attaining the skills to be able to implement an effective ISMS

•  The relationship between ISO/IEC 17799:2000 & ISO 27001:2013

•  The control objectives in ‘Annex A’

•  A statement of applicability and a risk treatment plan •  The audit process utilising a risk treatment plan

ADVANCED COBIT 5 Assessor for Security 3 Days COURSE DESCRIPTION
COURSE
COBIT 5 Assessor for Security

LEVEL
ADVANCED

DURATION
3 Days
WHO SHOULD ATTEND

Internal and external auditors, IT auditors and consultant

DESCRIPTION

The COBIT 5 Assessor course provides a basis for assessing an enterprise’s process capabilities against the COBIT 5 Process Assessment Model (PAM). Evidence-based to enable a reliable, consistent and repeatable way to assess IT process capabilities, this model helps IT leaders gain C-level and board member buy-in for change and improvement initiatives.

Assessment results provide a determination of process capability. They can be used for process improvement, delivering value to the business, measuring the achievement of current or projected business goals, benchmarking, consistent reporting and organizational compliance.

ADVANCED Certified Information Security Manager (CISM) 5 Days COURSE DESCRIPTION
COURSE
Certified Information Security Manager (CISM)

LEVEL
ADVANCED

DURATION
5 Days
WHO SHOULD ATTEND
  • Information Security Managers
  • Aspiring Information Security Managers 
  • IS/IT Consultants
DESCRIPTION

The demand for skilled information security management professionals is on the rise, and the CISM certification is the globally accepted standard of achievement in this area.

CISMs understand the business. They know how to manage and adapt technology to their enterprise and industry.

  • Demonstrates your understanding of the relationship between an information security program and broader business goals and objectives
  • Distinguishes you as having not only information security expertise, but also knowledge and experience in the development and management of an information security program
  • Puts you in an elite peer network
  • Is considered essential to ongoing education, career progression and value delivery to enterprises.
ADVANCED ISO 27001:2013 Lead Implementer 5 Days COURSE DESCRIPTION
COURSE
ISO 27001:2013 Lead Implementer

LEVEL
ADVANCED

DURATION
5 Days
WHO SHOULD ATTEND

This is intended for those who will be involved in advising top management on the introduction of ISO/IEC 27001:2013 into an organization. It is especially relevant for those who have the responsibility to lead the implementation of an ISMS in a business or provide consultation on the subject.

  • Information Security Managers
  • IT and Corporate Security Managers
  • Corporate Governance Managers
  • Risk and Compliance Managers
  • Information Security Consultants
DESCRIPTION

In this five day course, our experienced tutors teach you everything you need to know to be able to set up an ISMS that conforms to ISO/IEC 27001:2013 in an organization.

You will cover the requirements of the standard and consider the state of your organization’s current information security management practices in preparation to put in an ISMS.

We will help you develop your skills and understanding of the practicalities involved when setting up a typical management system framework that conforms with the standard. This includes learning how to set up policies, processes and procedures for your ISMS.

Additionally, you will also focus on developing your project management ability to lead a team with the implementing an ISMS in your business. This can be crucial if your ISMS will need to scale throughout your organization.

EXPERT Certified in the Governance of Enterprise IT (CGEIT) 5 Days COURSE DESCRIPTION
COURSE
Certified in the Governance of Enterprise IT (CGEIT)

LEVEL
EXPERT

DURATION
5 Days
WHO SHOULD ATTEND
  • IS/IT Directors
  • IS/IT Managers
  • IS/IT Consultants
  • IT Governance Professionals
  • IS/IT Executive
DESCRIPTION
  • IS/IT Directors
  • IS/IT Managers
  • IS/IT Consultants
  • IT Governance Professionals
  • IS/IT Executives

For the Professional, CGEIT Provides:

A global and prestigious, lifelong symbol of knowledge and expertise. Competitive advantage that will distinguish you from your peers. Higher earnings and greater career growth.The benefits of becoming part of an elite peer network.The ability to leverage the tools and resources of a global community of industry experts. CGEIT enhances credibility, influence and recognition. CGEIT combines the achievement of passing a comprehensive exam with recognition of work, management and educational experience, providing greater 

EXPERT ISO 27001:2013 Lead Auditor 5 Days COURSE DESCRIPTION
COURSE
ISO 27001:2013 Lead Auditor

LEVEL
EXPERT

DURATION
5 Days
WHO SHOULD ATTEND

•  Professionals who are responsible for developing and implementing management systems based on ISO 27001.

•  Auditors and lead auditors who are required to conduct internal/external security audits

•  IT and Security professionals

DESCRIPTION

The  information presented in this two-day course forms the basis for a systematic and integrated approach to audit of an Information Security Management System (ISMS). It also enables participants to gain an understanding of the requirements of all the elements in ISO/IEC 27001:2013. The course examines the compatibility of ISMS with other management systems and explains the significant features of ISMS and the terminology & methodology used in the ISO/IEC 27001:2013 Standard. The Manual provides plain English explanation; ISMS audit tools and sample checklists.

ON THE FIELD
COMPUTER FORENSICS
LEVEL COURSE DURATION  
FOUNDATION Corporate Fraud 3 Days COURSE DESCRIPTION
COURSE
Corporate Fraud

LEVEL
FOUNDATION

DURATION
3 Days
WHO SHOULD ATTEND

CXOs, Chief Internal Auditors, Heads of Internal Audit, Chief security officers, Headsof Risk Management, Heads of Legal Department, Heads of Regulatory Compliance, Heads of Legal, In-house Legal Counsel, Accountants, Internal, External Auditors

DESCRIPTION

This course combines fraud accounting with digital forensics and explains to the participants the nature of financial fraud, how to detect fraudulent activities, and most importantly how to investigate any type of financial fraud. It also explores the various possible avenues of computer-based investigations. The training focuses on audit techniques, fraud detection techniques, accounting and law, practically auditing and investigation of frauds, collection of evidence/documentation that can stand the test of legal scrutiny and write succinct, factual reports. It is power-packed with case studies designed to give participants a clear idea of real-world frauds and how investigative techniques can be deployed to nail the fraudsters and determine the extent and exact nature of the fraud. 

The objectives of this course is as follows:

•  Understanding nature of fraud and fraudster

•  Purpose of Investigation

•  How to Detect Large Value Frauds

•  Forensic Auditing Techniques

•  Computer-based Forensics

•  Data Analytics for Fraud Detection and Investigation

•  Evidence Presentation •  Report Writing and Articulation

FOUNDATION CSI: Computer System Investigation 2 Days COURSE DESCRIPTION
COURSE
CSI: Computer System Investigation

LEVEL
FOUNDATION

DURATION
2 Days
WHO SHOULD ATTEND

CISO and Staff

Chief Technology Officers and Staff

Computer Security Officers and staff

Managers at all levels who use networks and are concerned about protecting

sensitive information

Program Managers

IT Directors / Managers

Law Enforcement Community who are responsible for computer systems

First Responder Communities

Inspector General Staff

Digital and Computer Forensic Executives, Managers, and Staff Incident Response Executives, Managers and Staff

DESCRIPTION

In this 3-day interactive hands-on workshop, participants will discover how to identify an intruder’s footprints and properly gather the necessary evidence to prosecute in a court of law. Securing and analyzing electronic evidence is a central theme in an ever increasing conflict situations and criminal cases. Electronic evidence is critical in the

following situations:

•  Disloyal employees

•  Computer break-ins

•  Possession of pornography

•  Breach of contract

•  Industrial espionage

•  E-mail Fraud

•  Bankruptcy

•  Disputed dismissals

•  Web page defacements

•  Theft of company documents

Evidence might be sought in a wide range of computer crime or misuse, including but not limited to theft of trade secrets, theft of or destruction of intellectual property, and fraud. Computer Forensics Investigators can draw on an array of methods for discovering data that  resides in a computer system, or recovering deleted, encrypted, or damaged file informatio

INTERMEDIATE CSI Reloaded: Incident Response & Forensics 3 Days COURSE DESCRIPTION
COURSE
CSI Reloaded: Incident Response & Forensics

LEVEL
INTERMEDIATE

DURATION
3 Days
WHO SHOULD ATTEND

CISO and Staff

•  Chief Technology Officers and Staff

•  Computer Security Officers and staff

•  Managers at all levels who use networks and are concerned about protecting sensitive information

•  Program Managers

•  Law Enforcement Community who are responsible for computer systems

•  First Responder Communities Inspector General Staff

•  Digital and Computer Forensic Executives, Managers, and Staff •  Incident Response Executives, Managers and Staff

DESCRIPTION

In this age of prolific Internet use, a major concern that has emerged among organizations is the threat of hacking. Given frequency and complexity of today's attacks, incident response has become a critical function for organizations. Securing an infrastructure is a complex task of balancing business needs against security risks. With the discovery of new vulnerabilities almost on a daily basis, there is always the potential for an intrusion. Detecting and efficiently responding to incidents, especially those where critical resources are exposed to elevated risks, has become paramount. To be effective, incident response efforts must have strong management processes to facilitate and guide them. Incident response and handling requires special skills and knowledge. A background in information security management or security engineering is not sufficient for managing incidents. Computer forensics enables the systematic and careful identification of evidence in computer related crime and abuse cases. This may range from tracing the tracks of a hacker through a client’s systems, to tracing the originator of defamatory emails, to recovering signs of fraud. Discover in these 3 days interactive hands on workshop how to identify an intruder’s footprints and to properly gather the necessary evidence to prosecute in the court of law. Furthermore, incident responders with strong technical skills do not necessarily become effective incident response managers. Thus this training is necessary.

Why You Should Attend:

•  Candid factual information you can use. Yes, really use!

•  Material too new to be available in books.

•  Interactive Hands-on workshop.

•  Interactive environment to address your concerns. 

•  You really need the information that will be covered

ADVANCED EC-Council Computer Hacking Forensic Investigator (CHFI) 5 Days COURSE DESCRIPTION
COURSE
EC-Council Computer Hacking Forensic Investigator (CHFI)

LEVEL
ADVANCED

DURATION
5 Days
WHO SHOULD ATTEND

E-Business Security Professionals, Systems Administrators, Legal Professionals, Chief Technology Officers, Computer Security Officers, Managers (at relevant levels), IT Managers, Project Managers, Network Engineers and Designers, Database Engineers /Administrators, Policy Designers, Auditors and various  other departments.

DESCRIPTION

The Computer Forensics course will give participants the necessary skills to identify an intruder's footprints and to properly gather the necessary evidence to prosecute. Many of today's top tools of the forensic trade will be taught during this course, including software, hardware and specialized techniques. The need for businesses to become more efficient and integrated with one another, as well as the home user, has given way to a new type of criminal, the "cyber criminal." It is no longer a matter of "will your organization be comprised (hacked)?" but, rather, "when?" Today's battles between corporations, governments, and countries are no longer fought only in the typical arenas of boardrooms or battlefields using physical force. Now the battlefield starts in the technical realm, which ties into almost every facet of modern day life. If you or your organization requires the knowledge or skills to identify, track, and prosecute the cybercriminal, then this is the course for you.

EXPERT Cybercrime Investigations for Law Enforcement 5 Days COURSE DESCRIPTION
COURSE
Cybercrime Investigations for Law Enforcement

LEVEL
EXPERT

DURATION
5 Days
WHO SHOULD ATTEND

This course is designed particularly for officers in law enforcement agencies that deal with cybercrime.

DESCRIPTION

With the rapid increase of cyber crime, police departments are faced with a serious responsibility of dealing with a wide range of issues that involve computers and electronic devices in general.  These cybercrime cases may involve cyber attacks, hacking incidents, the abuse of social media accounts, fraud and theft over digital media and so forth. In such criminal cases officers are required to collect and interpret digital media carefully. This course prepares investigators to collect, analyse, preserve and present digital media.

IT SECURITY PRACTITIONER AND PROFESSIONAL
LEVEL COURSE DURATION  
FOUNDATION Security+ 5 Days COURSE DESCRIPTION
COURSE
Security+

LEVEL
FOUNDATION

DURATION
5 Days
WHO SHOULD ATTEND

IT administrators IT staff

DESCRIPTION

IT security is paramount to organizations as cloud computing and mobile devices have changed the way we do business. With the massive amounts of data transmitted and stored on networks throughout the world, it’s essential to have effective security practices in place. That’s where CompTIA Security+ comes in. Get the Security+ certification to show that you have the skills to secure a network and deter hackers and you’re ready for the job.

FOUNDATION Network+ 5 Days COURSE DESCRIPTION
COURSE
Network+

LEVEL
FOUNDATION

DURATION
5 Days
WHO SHOULD ATTEND

Network administrator

DESCRIPTION

The stakes are high. Data networks are more crucial for businesses than ever before. They are the lifeline to the critical financial, healthcare and information services that need to function at the highest, most secure level. With a CompTIA Network+ certification, you will possess the key skills to troubleshoot, configure and manage these systems and keep your company productive.

ADVANCED Advanced Security Professional 5 Days COURSE DESCRIPTION
COURSE
Advanced Security Professional

LEVEL
ADVANCED

DURATION
5 Days
WHO SHOULD ATTEND

Recommended for IT professionals with at least 5 years of experience.

DESCRIPTION

The current landscape of cybersecurity requires specialized skills to troubleshoot via customized hacks and build solid solutions. Each hack is unique and must be combated with master-level security skills and experience.

ADVANCED EC-Council Certified Ethical Hacker (CEH) 5 Days COURSE DESCRIPTION
COURSE
EC-Council Certified Ethical Hacker (CEH)

LEVEL
ADVANCED

DURATION
5 Days
WHO SHOULD ATTEND

Security officers, auditors, security professionals, site administrators, and anyone who is concerned about the integrity of the network infrastructure.

DESCRIPTION

This class will immerse the students into an interactive environment where they will be shown how to scan, test, hack and secure their own systems. The lab intensive environment gives each student in-depth knowledge and practical experience with the current essential security systems. Students will begin by understanding how perimeter defenses work and then be lead into scanning and attacking their own networks, no real network is harmed. Students then learn how intruders escalate privileges and what steps can be taken to secure a system. Students will also learn about Intrusion Detection, Policy Creation, Social Engineering, DDoS Attacks, Buffer Overflows and Virus Creation. When a student leaves this intensive 5 day class they will have hands on understanding and experience in Ethical Hacking

EXPERT EC-Council Certified Security Analyst (ECSA) 5 Days COURSE DESCRIPTION
COURSE
EC-Council Certified Security Analyst (ECSA)

LEVEL
EXPERT

DURATION
5 Days
WHO SHOULD ATTEND

Ethical Hackers, Penetration Testers Network server administrators, Firewall Administrators, Security Testers, System Administrators and Risk Assessment professionals.

DESCRIPTION

The ECSA penetration testing certification is a security credential like no other! The ECSA penetration testing course provides you with a real world hands-on penetration testing experience and is a globally accepted hacking and penetration testing class available that covers the testing of modern infrastructures, operating systems and application environments while teaching the students how to document and write a penetration testing report. 

ECSA pen testing course is designed keeping in mind that books can only teach you so much. Our online cyber-range simulates a real-time enterprise network that enables you to learn a repeatable pen testing methodology to assess your information systems against conventional and current attack vectors. The program offers you a holistic security assessment methodology that goes beyond conventional attack vectors such as SQL injection, XSS, CSRF, DoS, etc. It equips professionals with necessary knowledge, tools, tricks and templates to successfully plan and execute a pen testing engagement.  The program not only enables you to discover and exploit vulnerabilities but also demonstrate how to write Proof-of-Concepts and use post exploitation to prove your argument. It’s an advanced pen testing world where you are encouraged to explore and probably the only one where curiosity does not kill but empowers. 

It is a highly interactive, comprehensive, standards-based and methodology intensive training program 5-day security class which teaches information security professionals to conduct real life penetration tests. 

TECHNICAL DEEP DIVE
NEXT GENERATION SECURITY
LEVEL COURSE DURATION  
FOUNDATION Mobile Security 3 Days COURSE DESCRIPTION
COURSE
Mobile Security

LEVEL
FOUNDATION

DURATION
3 Days
WHO SHOULD ATTEND

Those tasked with implementing, testing and deploying secure mobile applications and devices

DESCRIPTION

In this course, you learn to mitigate the risks associated with mobile devices as well  as how to develop and deploy mobile applications. You also gain the skills to implement an effective mobile device security strategy for your organization, identify potential flaws in proprietary and third party iOS and Android applications, and leverage development and security best practices.In particular, you will learn how to:

•  Develop secure applications for Android and iOS

•  Leverage OWASP best practices for secure application development

•  Identify and mitigate the most significant threats to mobile apps

•  Protect application data at rest and in motion

•  Implement optimum platform-specific application security configuration •  Secure credentials in Android and iOS Keychains

INTERMEDIATE Social Media Security Professional 3 Days COURSE DESCRIPTION
COURSE
Social Media Security Professional

LEVEL
INTERMEDIATE

DURATION
3 Days
WHO SHOULD ATTEND

The SMSP course is ideal for individuals who work with social media solutions and have experience in the cyber security space. Candidate job roles include: information security technician, security administrator, security architect, security engineer or any other role that is responsible for information security.

DESCRIPTION

Businesses of all sizes are using social media to expand their reach, connect with clients and establish their own Internet foundation. Of course, with any enterprise endeavor, security risk and infrastructure demands can threaten these organizations’ goals. The CompTIA Social Media Security Professional (SMSP) certification shows organizations that you are talented and capable enough to manage business’s most complex social media environments while providing security knowhow to keep them steady for years.

ADVANCED Advanced VoIP Security 2 Days COURSE DESCRIPTION
COURSE
Advanced VoIP Security

LEVEL
ADVANCED

DURATION
2 Days
WHO SHOULD ATTEND
  • Network professionals who are responsible for designing and deploying secure VoIP infrastructures.
  • Security professionals who are concerned about the weaknesses of VoIP environments.
  • Members and leaders of incident handling teams who are interested in adding VoIP to their analysis and response capabilities.
  • Service provider professionals who are interested in adding security to their VoIP offerings.
  • Penetration testers who want to include VoIP security assessments in their organization's services offerings.
  • Auditors who must evaluate VoIP infrastructures to ensure they meet an acceptable level of risk.
DESCRIPTION

This course is a hands on class that will cover a wide variety techniques for assessing the security of VoIP telephony implementations. The course covers VoIP security at the raw protocol level, concentrating on attack methodologies that are used against the most popular VoIP protocols, SIP and H.323. This course discusses and addresses how to mitigate current threats such as VoIP network scanning & enumeration, password attacks & registration hijacking, two-stage dialing, caller ID Spoofing, Metasploit 5 R3 VoIP hacking tools usage, extensive toll fraud coverage including the theft of VoIP minutes, sniffing & unauthorized call recording, call audio injection, covert tunnels over RTP, Vishing & SPAM (SPIT) and TDoS 

ADVANCED Malware Analysis & Reverse Engineering 3 Days COURSE DESCRIPTION
COURSE
Malware Analysis & Reverse Engineering

LEVEL
ADVANCED

DURATION
3 Days
WHO SHOULD ATTEND

This course acts as a practical and concise on-ramp into the world of malware analysis. It is useful both for individuals looking to enter this exciting field, as well as for those who seek to formalize and expand their skills in this area.

DESCRIPTION

The course begins by covering fundamental aspects of malware analysis. You will learn how to set up an inexpensive and flexible laboratory for understanding the inner-workings of malicious software and will understand how to use the lab for uncovering characteristics of real-world malware samples. Then you will learn to examine the specimens' behavioral patterns and code. The course continues by discussing essential x86 assembly language concepts. You will examine malicious code to understand its key components and execution flow. Additionally, you will learn to identify common malware characteristics by looking at suspicious Windows API patterns employed by bots, rootkits, keyloggers, downloaders and other types of malware. This course serves as a prerequisite to the Advanced Malware Analysis & Reverse Engineering 

EXPERT Advanced Malware Analysis & Reverse Engineering 3 Days COURSE DESCRIPTION
COURSE
Advanced Malware Analysis & Reverse Engineering

LEVEL
EXPERT

DURATION
3 Days
WHO SHOULD ATTEND

This course acts as a practical and concise on-ramp into the world of malware analysis. It is useful both for individuals looking to enter this exciting field, as well as for those who seek to formalize and expand their skills in this area. Attendees who found this course especially useful often had responsibilities in the areas of incident response, forensic investigation, information security, and system administration.

Course participants have included:

•  Individuals who have dealt with incidents involving malware and wanted to learn

how to understand key aspects of malicious programs.

•  Technologists who have informally experimented with aspects of malware

analysis prior to the course and were looking to formalize and expand their

expertise in this area.

•  Forensic investigators and IT practitioners looking to expand their skillsets and learn how to play a pivotal role in the incident response process

DESCRIPTION

This course explores malware analysis tools and techniques in depth. It helps

forensic investigators, incident responders, security engineers, and IT administrators

acquire the practical skills to examine malicious programs that target and infect

Windows systems. Understanding the capabilities of malware is critical to an

organization's ability to derive threat intelligence, respond to information security

incidents, and fortify defenses. This course builds a strong foundation for reverse-engineering malicious software using a variety of system and network monitoring utilities, a disassembler, a debugger, and other tools useful for turning malware inside out.

End the end of the course, participants will be able to:

•  Build an isolated, controlled laboratory environment for analyzing the code and

behavior of malicious programs.

•  Employ network and system-monitoring tools to examine how malware interacts

with the file system, registry, network, and other processes in a Windows

environment.

•  Uncover and analyze malicious JavaScript and VBScript components of web

pages, which are often used by exploit kits for drive-by attacks.

•  Control relevant aspects of the malicious program's behavior through network

traffic interception and code patching to perform effective malware analysis.

•  Use a disassembler and a debugger to examine the inner workings of malicious

Windows executables.

•  Bypass a variety of packers and other defensive mechanisms designed by

malware authors to misdirect, confuse, and otherwise slow down the analyst.

•  Recognize and understand common assembly-level patterns in malicious code,

such as DLL injection and anti-analysis measures.

•  Assess the threat associated with malicious documents, such as PDF and

Microsoft Office files, in the context of targeted attacks.

•  Derive Indicators of Compromise from malicious executables to perform

incident response triage.

•  Utilize practical memory forensics techniques to examine the capabilities of rootkits and other malicious program types

SECURITY POSTURE ASSESSMENT
LEVEL COURSE DURATION  
FOUNDATION Strategic Security Posture Assessment 3 Days COURSE DESCRIPTION
COURSE
Strategic Security Posture Assessment

LEVEL
FOUNDATION

DURATION
3 Days
WHO SHOULD ATTEND

Information Security staff Penetration testers

DESCRIPTION

The overall security plan of an organisation which includes the organisation's approach to security planning to implementation is its security posture. Security Posture is defined by both technical and non-technical policies, procedures and controls that protect the organisation from both internal and external threats. Every organisation regardless of how large or small will sooner or later experience a security breach. The key is to have a plan to get back to business as soon as possible. A Security Posture Assessment enables an organisation to determine how secure its networks and systems are. This course will enable candidates to strategically plan a successful Security Posture Assessment. Both hands-on and theoretical aspects are included in the course. 

INTERMEDIATE AKATI Consulting Penetration Test (ACPT) Level 1 5 Days COURSE DESCRIPTION
COURSE
AKATI Consulting Penetration Test (ACPT) Level 1

LEVEL
INTERMEDIATE

DURATION
5 Days
WHO SHOULD ATTEND

Penetration Testing connoisseurs -  If you or your organization requires the knowledge or skills to identify, track, and remediate information security vulnerabilities, then this is the workshop for you

DESCRIPTION

In this age of prolific Internet use, a major concern that has emerged among organizations is the threat of hacking. Given frequency and complexity of today's attacks, penetration-testing skills have become a critical function for organizations. ACPT Level 1 is unique in that it provides all the necessary advanced skills to carry out a thorough and professional penetration test. Thanks to the extensive use of hands-on labs and the coverage of the latest researches in the information security field, the ACPT Level 1 course is not only the most practical training course on the subject but also the most up to date.The course, although based on the offensive approach, contains, for each chapter, advices and best practices to solve the security issues detected during the penetration test.

ADVANCED AKATI Consulting Penetration Test (ACPT) Level 2 5 Days COURSE DESCRIPTION
COURSE
AKATI Consulting Penetration Test (ACPT) Level 2

LEVEL
ADVANCED

DURATION
5 Days
WHO SHOULD ATTEND

If you or your organization requires the knowledge or skills to identify, track, and remediate the web security vulnerabilities, then this is the workshop for you.

DESCRIPTION

ACPT Level 2 is unique in that it provides all the necessary advanced skills to carry out a thorough and professional penetration test against modern web applications. Thanks to the extensive use of hands-on labs and the coverage of the latest researches in the web application security field, the ACPT Level 2 course is not only the most practical training course on the subject but also the most up to date. The course, although based on the offensive approach, contains, for each chapter, advices and best practices to solve the security issues detected during the penetration test.

Why You Should Attend:

Candid factual information you can use. Yes, really use!

Material too new to be available in books.

Interactive Hands-on workshop.

Interactive environment to address your concerns. You really need the information that will be covered.

ADVANCED Lead Pentest Professional 5 Days COURSE DESCRIPTION
COURSE
Lead Pentest Professional

LEVEL
ADVANCED

DURATION
5 Days
WHO SHOULD ATTEND

·       Security professionals wanting to gain formal penetration testing skills

·       IT staff looking to enhance their technical skills and knowledge

·       Auditors looking to understand the penetration testing processes

·       IT and Risk Managers seeking a more detailed understanding of the appropriate and beneficial use of penetration tests

·       Incident handlers and Business Continuity professionals looking to use testing as part of their testing regimes

DESCRIPTION

This intensive course enables participants to develop the necessary expertise to lead a professional penetration test using a mix of practical technical techniques and management skills.

The course has been designed by Industry experts with in-depth experience in the Penetration Testing fields. Unlike other certifications, this course focuses specifically on the knowledge and skills needed by a professional looking to lead or take part in a penetration test. We drill down into the latest technical knowledge, tools and techniques in key areas including Infrastructure, Web Application and Mobile security as well as Social Engineering. In addition, the course focuses on how to practically apply what has been learned on current day-to-day penetration testing and does not expand on unrelated, dated or unnecessary theoretical concepts.

Along with the in-depth technical hands on skills we teach our participants the management skills they need to lead a penetration test taking into account business risk and key business issues, allowing individuals who complete the course to have the right blend of the real business and technical competencies needed to be a respected, understood and professional penetration tester

ADVANCED RESILIA – Cyber Resilience Best Practice 5 Days COURSE DESCRIPTION
COURSE
RESILIA – Cyber Resilience Best Practice

LEVEL
ADVANCED

DURATION
5 Days
WHO SHOULD ATTEND

The qualification is aimed at professionals with responsibility for IT and security functions or risk and compliance operations within an organization.

Other core business areas including HR, Finance, Procurement, Operations and Marketing, will also benefit from having cyber resilience expertise within their teams, often including a local champion or mentor for all staff to refer to.

DESCRIPTION

RESILIA is a framework of best practice, developed by AXELOS and supported by a qualification scheme, to build cyber resilience skills across an organization. Based on the Cyber Resilience Best Practices guide, it offers practical knowledge to enhance existing management strategies and help align cyber resilience with IT operations, security and incident management. Using the ITIL lifecycle it develops the skills and insight needed to detect, respond to and recover from cyber-attacks.

EXPERT AKATI Consulting Penetration Test (ACPT) Level 3 5 Days COURSE DESCRIPTION
COURSE
AKATI Consulting Penetration Test (ACPT) Level 3

LEVEL
EXPERT

DURATION
5 Days
WHO SHOULD ATTEND

If you or your organization requires the knowledge or skills to identify, track, and remediate the web security vulnerabilities, then this is the workshop for you.

DESCRIPTION

In this age of prolific Internet use, a major concern that has emerged among organizations is the threat of hacking. Given frequency and complexity of today's attacks, penetration testing skills have become a critical function for organizations. ACPT Level 3 is unique in that it provides all the necessary advanced skills to carry out a thorough and professional penetration test. Thanks to the extensive use of hands-on labs and the coverage of the latest researches in the information security field, the ACPT Level 3 course is not only the most practical training course on the subject but also the most up to date. The course, although based on the offensive approach, contains, for each chapter, advices and best practices to solve the security issues detected during the penetration test.

Why You Should Attend:

•  Candid factual information you can use. Yes, really use!

•  Material too new to be available in books.

•  Interactive Hands-on workshop.

•  Interactive environment to address your concerns. 

•  You really need the information that will be covered

EXPERT Emerging Security Threats & Counter Measures 2 Days COURSE DESCRIPTION
COURSE
Emerging Security Threats & Counter Measures

LEVEL
EXPERT

DURATION
2 Days
WHO SHOULD ATTEND

This course is focused on all security enthusiasts, team leads, IT managers, decision makers, senior managers to understand the latest threats to information security and the preventive measures for the same.

DESCRIPTION

People are the key information assets of an organization. Unfortunately, they are often not properly trained to detect and identify threats noticing them on time. This becomes easy for an adversary to easily siphon out organization’s intellectual property such as blueprints, business plans, policy details, source codes, patents, copyrights causing irreplaceable competitive advantage and reputation in industry. The only proven and time-tested deterrent to such nefarious activities is a well groomed security mindset that people need to imbibe through regular training in security.

This course will include:

•  Introduction to real-life incidents, which have caused multi-million dollar losses

to companies due to lax security controls and implementation.

•  Understanding the discovery and reconnaissance techniques, which are

popularly used  by attackers to know about the weak points of entry in the

organization’s network.

•  Specific attack techniques such as privilege escalation, password cracking,

denial-of-service attacks and so on are put forward to demonstrate how weak

security practices and implementation go a long way to compromise the security

of the systems where the information assets reside.

•  Security exploits framework, Threat modeling are now put forward to

demonstrate how an attacker is able to penetrate and compromise the security

of the organization’s network.

•  Defensive strategies to contain the impact of threat agent to the most prized

information asset(s) in the organization.

•  If a breach occurs, the incident management procedures are put forward for proper asset recovery and salvaging

PUBLIC KEY INFRASTRUCTURE (PKI)
LEVEL COURSE DURATION  
ADVANCED PKI for Security Professionals – A 5 Days COURSE DESCRIPTION
COURSE
PKI for Security Professionals – A

LEVEL
ADVANCED

DURATION
5 Days
WHO SHOULD ATTEND

Information Security Officers and Managers, PKI designers, technical managers overseeing security, and those responsible for developing enterprise security policies, Information Systems Administrators and Auditors, Network Administrators, Information Assurance Consultants, Systems and Data- Security Analysts, Project Managers.

DESCRIPTION

A Public key infrastructure ( PKI ) is a critical component for ensuring confidentiality, integrity and authentication in an enterprise that must minimize Private identifying information exposure and manage the threat of risk. This hands-on course provides essential data protection knowledge and skills needed to select, design and deploy a PKI to secure existing and future applications within your organization. 


Web and other forms of E-Commerce introduce a whole new group of information security challenges. Traditional password authentication, access controls and network perimeter security safeguards often fall short in a dynamic mobile business environment. Data traveling over untrusted networks must be protected by encryption methods that are highly dependent on flexible and robust key management schemes. In this comprehensive, hands-on course, you'll learn how to plan, evaluate, develop, and implement a successful enterprise network security framework using Public Key Infrastructure (PKI), authentication, identity, and access authorization systems.

PYTHON FOR SECURITY
LEVEL COURSE DURATION  
FOUNDATION Python Essentials 2 Days COURSE DESCRIPTION
COURSE
Python Essentials

LEVEL
FOUNDATION

DURATION
2 Days
WHO SHOULD ATTEND

Advanced users, system administrators and web site administrators who want to use Python to support their server installations, as well as anyone else who wants to automate or simplify common tasks with the use of Python script

DESCRIPTION

This 4 day course leads the student from the basics of writing and running Python scripts to more advanced features such as file operations, regular expressions, working with binary data, and using the extensive functionality of Python modules. Extra emphasis is placed on features unique to Python, such as tuples, array slices, and output formatting. This is a hands-on programming class. All concepts are reinforced by informal practice during the lecture followed by graduated lab exercises. Python Programming is a practical introduction to a working programming language, not an academic overview of syntax and grammar. Students will immediately be able to use Python to complete tasks in the real world.

ADVANCED Python for Security Professionals 3 Days COURSE DESCRIPTION
COURSE
Python for Security Professionals

LEVEL
ADVANCED

DURATION
3 Days
WHO SHOULD ATTEND

Specifically designed for beginners, i.e. for non-coders, who are curious to learn this critical scripting language for their successful career in penetration testing and cyber security.

DESCRIPTION

Through this course learn how to apply the functions of Python to penetration testing, security research and attack automation without knowing the complete programming language.

You'll learn about networking protocols, fuzzing, and information gathering automation in a simple and easy-to-understand format.

However, there are certain commands and functions that are critical to becoming a top-tier professional

ADVANCED Python for Incident Response & Forensics 3 Days COURSE DESCRIPTION
COURSE
Python for Incident Response & Forensics

LEVEL
ADVANCED

DURATION
3 Days
WHO SHOULD ATTEND

Forensic analysts Information Security officers

DESCRIPTION

Python is a high-level language that provides an outstanding interface for forensic analysts to write scripts to examine evidence. Python is the driving language for several current open-source forensic analysis projects from Volatility, for memory analysis to libPST for abstracting the process of examining email. This course introduces the taxonomy of the different forensics libraries and examples of code that a forensic analyst can quickly generate using Python to further examine evidence.

SECURE SOFTWARE ENGINEERING
LEVEL COURSE DURATION  
FOUNDATION ACL: Certified Secure Software Engineer 3 Days COURSE DESCRIPTION
COURSE
ACL: Certified Secure Software Engineer

LEVEL
FOUNDATION

DURATION
3 Days
WHO SHOULD ATTEND

Software Engineers including managers and team leaders of software developing companies. Students studying software development can also follow this training program

DESCRIPTION

This hands-on training program will teach the students that the secure code they develop need to be secured in architecture, design, implementation, operations, automation and testing. This course exposes you to 'Secure Coding' fundamentals and prepares you to dive into common languages. C|SSE course curriculum will touch on programing languages such as C, Java, .NET, but it is not a specialized coding course. C|SSE course prepares you for extensive secure coding training courses specializing in a particular programing language offered by the International Council of Electronic Commerce Consultants (EC-Council), USA.

Students going through C|SSE training will learn:

•  Provide insight into current efforts and future plans for corporate network security via Secure Coding.

•  Provide helpful perspective on nature of today's Internet security risk 

•  Provide guidelines to achieving goals of rock-solid code

ADVANCED EC-Council Certified Secure Programmer (ECSP) 5 Days COURSE DESCRIPTION
COURSE
EC-Council Certified Secure Programmer (ECSP)

LEVEL
ADVANCED

DURATION
5 Days
WHO SHOULD ATTEND

You must have programming fundamental knowledge.

DESCRIPTION

EC-Council Certified Secure Programmer lays the basic foundation required by all application developers and development organizations to produce applications with greater stability and posing lesser security risks to the consumer. The Certified Secure Application Developer standardizes the knowledge base for application development by incorporating the best practices followed by experienced experts in the various domains.   The distinguishing aspect of software security course ECSP is that unlike vendor or domain specific certifications, it exposes the aspirant to various programming languages from a security perspective. This drives greater appreciation for the platform / architecture / language one specializes on as well as an overview on related ones. The ECSP certification is intended for programmers who are responsible for designing and building secure Windows/Web based applications with .NET/Java Framework. It is designed for developers who have C#, C++, Java, PHP, ASP, .NET and SQL development skills.

ADVANCED C/C++ Secure Coding 3 Days COURSE DESCRIPTION
COURSE
C/C++ Secure Coding

LEVEL
ADVANCED

DURATION
3 Days
WHO SHOULD ATTEND

Programmers who use C and C+ programming languages IT students

DESCRIPTION

This four-day course provides a detailed explanation of common programming errors in C and C++ and describes how these errors can lead to code that is vulnerable to exploitation. The course concentrates on security issues intrinsic to the C and C++ programming languages and associated libraries. The intent is for this course to be useful to anyone involved in developing secure C and C++ programs regardless of the specific application.

ADVANCED Advanced Android Secure Coding 3 Days COURSE DESCRIPTION
COURSE
Advanced Android Secure Coding

LEVEL
ADVANCED

DURATION
3 Days
WHO SHOULD ATTEND

This course specifically designed for all Android application developers, architects and testers.

DESCRIPTION

Android is an open platform for mobile devices such as handsets and tablets. It has a large variety of security features to make developing secure software easier; however, it is also missing certain security aspects that are present in other hand-held platforms. This advanced course gives a comprehensive overview of these features putting an equal emphasis on both native code issues and Java security, allowing a deeper analysis of the vulnerabilities, attacks, protection techniques and counter attacks in three days.

ADVANCED Advanced iOS Secure Coding 3 Days COURSE DESCRIPTION
COURSE
Advanced iOS Secure Coding

LEVEL
ADVANCED

DURATION
3 Days
WHO SHOULD ATTEND

Recommended for programmers developing apps, who want to understand the security features of iOS as well as the typical mistakes one can commit on this platform.

DESCRIPTION

OS is a mobile operating system distributed exclusively for Apple hardware and designed with security at its core; key security features including sandboxing, native language exploit mitigations or hardware supported encryption all offer a very effective environment for secure software development. The devil is however in the details – a programmer can still commit plenty of mistakes to make the resulting apps vulnerable. This course introduces the iOS security model and the usage of various components, but also deals with the vulnerabilities and attacks, focusing on the mitigation techniques and the best practices to avoid them.

ADVANCED .NET, C#, ASP.NET Secure Coding 3 Days COURSE DESCRIPTION
COURSE
.NET, C#, ASP.NET Secure Coding

LEVEL
ADVANCED

DURATION
3 Days
WHO SHOULD ATTEND

.NET, C# and ASP.NET developers, software architects and testers

DESCRIPTION

A number of programming languages are available today to compile code to .NET and ASP.NET frameworks. The environment provides powerful means for security development, but developers should know how to apply the architecture- and coding-level programming techniques in order to implement the desired security functionality and avoid vulnerabilities or limit their exploitation.

The aim of this course is to teach developers through numerous hands-on exercises how to prevent untrusted code from performing privileged actions, protect resources through strong authentication and authorization, provide remote procedure calls, handle sessions, introduce different implementations for certain functionality, and many more.

Introduction of different vulnerabilities starts with presenting some typical programming problems committed when using .NET, while the discussion of vulnerabilities of the ASP.NET also deals with various environment settings and their effects. Finally, the topic of ASP.NET-specific vulnerabilities not only deals with some general Web application security challenges, but also with special issues and attack methods like attacking the ViewState, or the string termination attacks.

ADVANCED JAVA Secure Coding 3 Days COURSE DESCRIPTION
COURSE
JAVA Secure Coding

LEVEL
ADVANCED

DURATION
3 Days
WHO SHOULD ATTEND

Java developers, software architects and testers

DESCRIPTION

The Java language and the Runtime Environment (JRE) was designed to be free from the most problematic common security vulnerabilities experienced in other languages, like C/C++. Yet, software developers and architects should not only know how to use the various security features of the Java environment (“Java for security”), but should also be aware of the numerous vulnerabilities that are still relevant for Java development (“security of Java”).

The introduction of security services is preceded with a brief overview of the foundations of cryptography, providing a common baseline for understanding the purpose and the operation of the applicable components. The use of these components is presented through several practical exercises, where participants can try out the discussed APIs for themselves.

The course also goes through and explains the most frequent and severe programming flaws of the Java language and platform. Besides the typical bugs committed by Java programmers, the introduced security vulnerabilities cover both language-specific issues and problems stemming from the runtime environment. All vulnerabilities and the relevant attacks are demonstrated through easy-to-understand exercises, followed by the recommended coding guidelines and the possible mitigation techniques.

ADVANCED Advanced Web Application Security 5 Days COURSE DESCRIPTION
COURSE
Advanced Web Application Security

LEVEL
ADVANCED

DURATION
5 Days
WHO SHOULD ATTEND

Web developers, architects, and testers

DESCRIPTION

Protecting applications that are accessible via the Web requires well-prepared security professional who are at all time aware of current attack methods and trends. Plethora of technologies and environments exist that allow comfortable development of Web applications (like Java, ASP.NET or PHP). One should not only be aware of the security issues relevant to these platforms, but also of all general vulnerabilities that apply regardless of the used development tools. The course gives an overview of the applicable security solutions in Web applications, focusing on the most important technologies like secure communication and Web services, tackling both transport-layer security and end-to-end security solutions and standards like Web Services Security. The Web-based vulnerabilities are demonstrated through presenting the relevant attacks, while the recommended coding techniques and mitigation methods are explained to avoid the associated problems. Exercises can be easily followed by programmers using different programming languages, thus the Web application-related topics can be easily combined with other secure coding subjects, and can thus effectively satisfy the needs of corporate development groups, who typically deal with various languages and development platforms to develop Web applications

ADVANCED Secure Coding in PL/SQL (Procedural Language/Structured Query Language) 2 Days COURSE DESCRIPTION
COURSE
Secure Coding in PL/SQL (Procedural Language/Structured Query Language)

LEVEL
ADVANCED

DURATION
2 Days
WHO SHOULD ATTEND
  • Database Administrators
  • Developers
DESCRIPTION

This course is a one day seminar, that teaches the delegates about the common security issues often located in PL/SQL code and created by developers without an experience of database security. The course first places PL/SQL into the context of the problem of securing data and then looks at all of the common types of issues that make PL/SQL code vulnerable. Each type of PL/SQL coding issue is demonstrated so that the delegates can appreciate what vulnerable code looks like and then sample exploitations are demonstrated to show how the code is actually exploited by an attacker. Then for each example the code is re‐written to show how it can be made secure. Common issues include SQL and PL/SQL injection and design issues that allow this to happen.

The course also includes a look at other issues such as encryption, leakage of critical data, dangerous functions and use of incorrect privileges. The class also considers how to protect your PL/SQL code to make it harder for an attacker to steal or run code out of context.

VIRTUALIZATION SECURITY
LEVEL COURSE DURATION  
FOUNDATION Virtualization Security Essentials 3 Days COURSE DESCRIPTION
COURSE
Virtualization Security Essentials

LEVEL
FOUNDATION

DURATION
3 Days
WHO SHOULD ATTEND

· Anybody interested in working with virtualised servers

· Individuals already working the Virtual Infrastructure environment where they are responsible for the implementation and configuration of virtualized servers using VMware ESXi and VMware VirtualCenter

DESCRIPTION

This course delivers the fundamental knowledge required to secure a virtualized computer environment in an enterprise. The course provides candidates the skill set and knowledge to operate in a modern IT organization that is utilizing virtualization techniques and allows IT professionals to operate effectively in a cloud environment as they speak the appropriate language, and demonstrate an understanding of the key concepts and terminology relevant to virtualization. It provides the baseline foundation needed in order to successfully complete subsequent vendor-specific training programs

EXPERT Certified Virtualization Security Expert 5 Days COURSE DESCRIPTION
COURSE
Certified Virtualization Security Expert

LEVEL
EXPERT

DURATION
5 Days
WHO SHOULD ATTEND

Candidates for this examination typically work in one of two areas; most candidates are responsible, at some level, for the security of their infrastructure in that:

  • they are managing their security staff and are implementing the daily security initiatives of the virtualized and physical environment. Or
  • they are working in the Virtual Infrastructure environment where they are responsible for the implementation and configuration of virtualized servers using VMware ESXi and VMware VirtualCenter.
DESCRIPTION

The objective of the Certified Virtualization Security Expert (CVSE®) designation is to confer upon the certificate holder the best-of-breed virtual infrastructure security professional certification. The CVSE® conveys that the individual, who merits this certification, does not just deserve the certification through merely the examination process. More importantly, it assures in-depth knowledge related to virtual security, virtual design, maintenance, infrastructure management, expertise in the field of virtualization and that his/her training is current, relevant and complete.

CRITICAL INFRASTRUCTURE PROTECTION
LEVEL COURSE DURATION  
FOUNDATION ICS (Industrial Control Systems) Cyber Security Awareness 1 Day COURSE DESCRIPTION
COURSE
ICS (Industrial Control Systems) Cyber Security Awareness

LEVEL
FOUNDATION

DURATION
1 Day
WHO SHOULD ATTEND

The course is designed for the range of individuals who work in, interact with, or can affect industrial control system environments, including asset owners, vendors, integrators, and other third parties. These personnel primarily come from four domains

  • IT (includes operational technology support)
  • IT security (includes operational technology security)
  • Engineering
  • Corporate, industry, and professional standards
DESCRIPTION

The course is designed to ensure that the workforce involved in supporting and defending industrial control systems is trained to keep the operational environment safe, secure, and resilient against current and emerging cyber threats

INTERMEDIATE Understanding, Assessing & Securing Industrial Control Systems 5 Days COURSE DESCRIPTION
COURSE
Understanding, Assessing & Securing Industrial Control Systems

LEVEL
INTERMEDIATE

DURATION
5 Days
WHO SHOULD ATTEND
  • IT (includes operational technology support)
  • IT security (includes operational technology security)
  • Engineering
  • Corporate, industry, and professional standards
DESCRIPTION

This course is focused entirely on securing or "blue teaming" the industrial control system (ICS) architecture, and will include extensive demonstrations that will be used to reinforce the selection and implementation of security controls relating specifically to ICS. A total of 25% of the overall course time will be spend on a multi-day, comprehensive team-based exercise that will reinforce assessing and securing an actual ICS.

Many of those individuals responsible for auditing, installing, or operating industrial control systems are aware of the need for cyber security, yet are confused on exactly what to implement, and how to verify the resulting solution. This course provides a solid foundation in addressing these concepts.

INTERMEDIATE ISA99/IEC 62443 Cybersecurity Fundamental Specialist Certificate Program 2 Days COURSE DESCRIPTION
COURSE
ISA99/IEC 62443 Cybersecurity Fundamental Specialist Certificate Program

LEVEL
INTERMEDIATE

DURATION
2 Days
WHO SHOULD ATTEND

Professionals involved in IT and control system security roles that need to develop a command of industrial cybersecurity terminology and understanding of the material embedded in the ISA99/IEC 62443 standards.

DESCRIPTION

ISA has developed this program to increase knowledge and awareness of the ISA99/IEC 62442 standards. The first certificate in the program is the ISA99/IEC 62443 Cybersecurity Fundamentals Specialist.

ADVANCED Lead SCADA (Supervisory Control and Data Acquisition) Security Professional 5 Days COURSE DESCRIPTION
COURSE
Lead SCADA (Supervisory Control and Data Acquisition) Security Professional

LEVEL
ADVANCED

DURATION
5 Days
WHO SHOULD ATTEND

Security professionals wanting to gain SCADA security professional skills IT staff looking to enhance their technical skills and knowledge IT and Risk Managers seeking a more detailed understanding of ICS and SCADA systems SCADA system developers SCADA Engineers and Operators SCADA IT personnel

DESCRIPTION

The "PECB Certified SCADA Professional" credential is a professional certification for professionals needing to demonstrate the competence to implement, maintain and manage effective programs to protect SCADA systems.

Unlike other certifications, this course focuses specifically on the knowledge and skills needed by a professional looking to advice on, or manage risks related to SCADA environments and systems. Given the high profile nature, and the significant impacts associated with such environments, a holistic professional approach to security is needed and that is exactly what this course is designed to provide.

NETWORK SECURITY
LEVEL COURSE DURATION  
FOUNDATION Network Security Essentials 3 Days COURSE DESCRIPTION
COURSE
Network Security Essentials

LEVEL
FOUNDATION

DURATION
3 Days
WHO SHOULD ATTEND

Network Server Administrators,

Network Policy Designers,

Network Architects/Designers, 

Firewall Administrators, 

Systems Administrators, 

E-Business Consultants, 

Application Developers, 

Support Staff and IT Security Officers

DESCRIPTION

This course is designed to provide fundamental skills that require analyzing the      internal and external security threats against a network, and to develop security policies that will protect their information. Participants will learn various methods to evaluate network and Internet security issues and design, and ways to implement successful security policies and firewall strategies. In addition, they will learn how to expose system and network vulnerabilities and defend against them.

ADVANCED EC-Council Network Security Administrator (ENSA) 5 Days COURSE DESCRIPTION
COURSE
EC-Council Network Security Administrator (ENSA)

LEVEL
ADVANCED

DURATION
5 Days
WHO SHOULD ATTEND

Network Server Administrators, Network Policy Designers, Network Architects / Designers, Firewall Administrators, Systems Administrators, E-Business Consultants, Application Developers, Support Staff and IT Security Officers.

DESCRIPTION

This course is designed to provide fundamental skills that require analyzing the internal and external security threats against a network, and to develop security policies that will protect their information. Participants will learn various methods to evaluate network and Internet security issues and design, and ways to implement successful security policies and firewall strategies. In addition, they will learn how to expose system and network vulnerabilities and defend against them.

EXPERT Network Security Master-class: Wired & Wireless Network 3 Days COURSE DESCRIPTION
COURSE
Network Security Master-class: Wired & Wireless Network

LEVEL
EXPERT

DURATION
3 Days
WHO SHOULD ATTEND

Network Security Masterclass course provides coverage of security issues from both a business and technical perspective. The course is intended for anyone involved in wired & wireless security implementations, decision-making management or analysis, including IT Managers & Project Managers, IT Security, System Architects, Network Infrastructure, and Internal IT Auditors.

DESCRIPTION

Without protection, wireless or wired networks are vulnerable. The wireless communication revolution has brought fundamental changes to data networking and is making integrated networks a reality. Many organizations have implemented wireless networks lured by the promise of reduced network setup costs, greater portability and flexibility and increased productivity. Focusing on the networking and user aspects of the field, Wireless Networks pro-vides a global forum for archival value contributions documenting these fast growing areas of interest. However, the nature of wireless networking poses a significant threat and has its share of security weaknesses that can potentially expose corporate data. The need to address wireless network security and to provide timely solid technical contributions has reached its highest level. Only a comprehensive security framework can ensure information integrity and help you meet the compliance requirements needed. As a network administrator, architect, or security professional, you need to under-stand the capabilities, limitations, and risks associated with integrating wireless LAN technology into your current wired infrastructure. This workshop provides an overview of the evolving technology, identifies common vulnerabilities in device settings and configuration, and discusses practical ways in which wired & wireless security can be improved. Focusing on the  novel and practical ways, you will learn to analyze and deploy a full spectrum view of 802.11, from the minute details of the specification, to deployment, monitoring, and troubleshooting.

Participants in this course will take away:

•  An understanding of how wired & wireless networks operate and some examples of wireless technologies that are currently available

•  An appreciation for the current state of wireless technology and its weaknesses

•  Knowledge of the risks, threats and potential consequences of default implementations

•  An hands-on understanding of the Defense in Depth approach to improving Security

• An awareness of existing business drivers for deploying wireless networks and organisational policy that supports enforcement of security 

•  An insight into future developments in wireless technology

ERP SECURITY
LEVEL COURSE DURATION  
FOUNDATION SAP® ERP Security Essentials 2 Days COURSE DESCRIPTION
COURSE
SAP® ERP Security Essentials

LEVEL
FOUNDATION

DURATION
2 Days
WHO SHOULD ATTEND

Starting Role Administrators

Security / Compliance Manager

Security / Compliance Officer

Security / Compliance Consultant

Auditors / Internal controls Advisors

SAP Authorization Consultants

SAP Consultants

DESCRIPTION

The training guides through the security processes of SAP. It further highlights key security elements for protecting the system and the business processes in the SAP system. At the end of this training you will be able to create a basic authorization concept and understand how SAP security works in general

ADVANCED SAP® ERP Security Advanced 3 Days COURSE DESCRIPTION
COURSE
SAP® ERP Security Advanced

LEVEL
ADVANCED

DURATION
3 Days
WHO SHOULD ATTEND

IT auditors; Audit managers (responsible for audit planning); SAP security administrators; SAP Basis Methodology.

DESCRIPTION

This course will provide the knowledge and develop your skills to progress beyond the basic auditing employed by many auditors and become competent at an advanced auditing level. This three-day course will provide participants with an in-depth understanding of SAP Basis and security assessment techniques necessary for performing an in-depth technical audit and will help take SAP technical auditing skills to the next level. You will learn the advanced risks and control opportunities that should be considered in a thorough audit of the SAP basis system and security.

DATA SECURITY
LEVEL COURSE DURATION  
FOUNDATION Data Classification & Security 5 Days COURSE DESCRIPTION
COURSE
Data Classification & Security

LEVEL
FOUNDATION

DURATION
5 Days
WHO SHOULD ATTEND

IT Audit staff 

IT Policy makers

DESCRIPTION

A Data Classification Program is an extremely important first step to building a secure organization. Classifying data is the process of categorizing data assets based on nominal values according to its sensitivity (e.g., impact of applicable laws and regulations). By classifying data, the company can prepare generally to identify the risk and impact of an incident based upon what type of data is involved. The classifications as listed (public, internal, confidential) give a basis for determining the impact based upon the level and type of access to data.

INTERMEDIATE Secure Big Data Implementations 5 Days COURSE DESCRIPTION
COURSE
Secure Big Data Implementations

LEVEL
INTERMEDIATE

DURATION
5 Days
WHO SHOULD ATTEND

Chief Information Officers
Computer Security Officers
Managers
Business and IT (at relevant levels) persons charged with establishing or reviewing the implications of establishing strategies related to Big Data

DESCRIPTION

Organizations use big data systems to store and process a large volume of enterprise data that keeps growing exponentially. This ever-growing stores of Big Data systems need to be secured to make sure  data breaches don't occur and to comply with regulations such as the Payment Card Industry Data Security Standard (PCI DSS), Sarbanes Oxley, HIPAA, HITECH and many state and federal data privacy laws.

It's important to incorporate a comprehensive solution for data security and data governance when building a Big Data strategy.

This course discusses how data security and data governance can be achieved in an organisation with the use of appropriate security tools and clear policy definitions. 

INTERMEDIATE Hardening & Securing Oracle 5 Days COURSE DESCRIPTION
COURSE
Hardening & Securing Oracle

LEVEL
INTERMEDIATE

DURATION
5 Days
WHO SHOULD ATTEND

Database Administrators

DESCRIPTION

Reduce the risk of data breach by securing your information from the “inside-out” with Oracle Security Design and Hardening.

This course gives the participants an understanding of how to harden Oracle databases by:
- Reducing security risks due to database configuration issues
- Tightening database security practices and standards
- Identifying and fixes critical security patches and upgrades that place systems at risk and ensuring that proper logging and auditing techniques are in place

EXPERT Oracle Database Security Auditing 5 Days COURSE DESCRIPTION
COURSE
Oracle Database Security Auditing

LEVEL
EXPERT

DURATION
5 Days
WHO SHOULD ATTEND

IT auditors
Professionals that are skilled in implementing solutions using Oracle Database 

DESCRIPTION

Oracle Databases often store the data that's being targeted. Oracle Databases are very complex and challenging to audit! Auditors need to be able to effectively audit the processes and controls in place around the database to ensure the asset is being properly protected and the risks properly managed.

This course provides all of the details, including the IT process, procedural and technical controls, that you as an auditor should look for when conducting an Oracle database audit. Even better, you have the opportunity to get firsthand experience extracting and interpreting data from a live Oracle Database which allows you to be able to return and immediately conduct an Oracle Database audit. By getting hands-on experience, you get a better understanding of exactly how an Oracle Database operates and what data is available for audit purposes. The course is also put together in such a way that you can add additional value to the business and provide further security recommendations and benefits for the database being audited.

CLOUD SECURITY
LEVEL COURSE DURATION  
FOUNDATION Cloud Essentials 2 Days COURSE DESCRIPTION
COURSE
Cloud Essentials

LEVEL
FOUNDATION

DURATION
2 Days
WHO SHOULD ATTEND

·       IT students interested in cloud computing

·       Employees interested in the business aspects of the IT infrastructure

·       Company executives who have to make financial or IT business decisions

·       IT staff and freelancers who want to gain an understanding of cloud computing

DESCRIPTION

We've all heard of cloud computing and the chances are you are already using it when we access e-mail, watch videos online or listen to music but what exactly is it? This entry level course explains what actually constitutes cloud computing. We look not only at the technical aspects but the business issues (benefits and risks).

The curse will cover:

  • Models of cloud computing available
  • Learning common cloud terminology
  • Things to consider before moving to the cloud
  • Which parts of the IT department we can move to the cloud
  • Considerations if our cloud provider goes out of business
  • How to migrate our IT services to the cloud
  • Cost considerations (pros and cons)
  • IT Governance and cloud computing (managing it all)
  • Understanding the big vendor options
INTERMEDIATE Cloud Computing Security 5 Days COURSE DESCRIPTION
COURSE
Cloud Computing Security

LEVEL
INTERMEDIATE

DURATION
5 Days
WHO SHOULD ATTEND

Internal and external auditors (IT, financial, operational), Chief Technology Officers, General Counsels, Chief Information Officers, Chief Security Officers, Controllers, and persons charged with establishing or reviewing the implications of establishing strategies that embrace cloud computing and coordinate the role of organizational IT in substantiating organizational compliance to today’s (and tomorrow’s) governance regulations, as well as professionals who generally want to learn more about cloud computing and assessing their organization’s implementation of cloud computing technologies.

DESCRIPTION

As organizations transition to cloud computing technology, security issues are a vital concern. In order to protect sensitive data and maintain regulatory compliance, you must address the unique cyber security challenges faced when moving to a cloud environment. This course provides hands-on experience identifying and resolving the security issues specific to public and private clouds.

You Will Learn How To:

•  Analyze and implement security for public and private clouds

•  Establish data integrity and privacy in the cloud to manage risk

•  Maintain platform security and protect data confidentiality

•  Protect networks, operating systems and applications in various cloud deployments 

•  Achieve organizational cyber security compliance