117 Cyber Security courses delivered Live Online

Duration 3 Days 18 CPD hours This course is intended for This course is designed for software developers, testers, and architects who design and develop software in various programming languages and platforms, including desktop, web, cloud, and mobile, and who want to improve their ability to deliver software that is of high quality, particularly regarding security and privacy. This course is also designed for students who are seeking the CertNexus Cyber Secure Coder (CSC) Exam CSC-210 certification Overview In this course, you will employ best practices in software development to develop secure software.You will: Identify the need for security in your software projects. Eliminate vulnerabilities within software. Use a Security by Design approach to design a secure architecture for your software. Implement common protections to protect users and data. Apply various testing methods to find and correct security defects in your software. Maintain deployed software to ensure ongoing security... The stakes for software security are very high, and yet many development teams deal with software security only after the code has been developed and the software is being prepared for delivery. As with any aspect of software quality, to ensure successful implementation, security and privacy issues should be managed throughout the entire software development lifecycle. This course presents an approach for dealing with security and privacy throughout the entire software development lifecycle. You will learn about vulnerabilities that undermine security, and how to identify and remediate them in your own projects. You will learn general strategies for dealing with security defects and misconfiguration, how to design software to deal with the human element in security, and how to incorporate security into all phases of development. IDENTIFYING THE NEED FOR SECURITY IN YOUR SOFTWARE PROJECTS * Identify Security Requirements and Expectations * Identify Factors That Undermine Software Security * Find Vulnerabilities in Your Software * Gather Intelligence on Vulnerabilities and Exploits HANDLING VULNERABILITIES * Handle Vulnerabilities Due to Software Defects and Misconfiguration * Handle Vulnerabilities Due to Human Factors * Handle Vulnerabilities Due to Process Shortcomings DESIGNING FOR SECURITY * Apply General Principles for Secure Design * Design Software to Counter Specific Threats DEVELOPING SECURE CODE * Follow Best Practices for Secure Coding * Prevent Platform Vulnerabilities * Prevent Privacy Vulnerabilities IMPLEMENTING COMMON PROTECTIONS * Limit Access Using Login and User Roles * Protect Data in Transit and At Rest * Implement Error Handling and Logging * Protect Sensitive Data and Functions * Protect Database Access TESTING SOFTWARE SECURITY * Perform Security Testing * Analyze Code to find Security Problems * Use Automated Testing Tools to Find Security Problems MAINTAINING SECURITY IN DEPLOYED SOFTWARE * Monitor and Log Applications to Support Security * Maintain Security after Deployment

Duration 2 Days 12 CPD hours This course is intended for The target audience for the DevOps Foundation course includes Management, Operations, Developers, QA and Testing professionals such as: Individuals involved in IT development IT operations or IT service management. Individuals who require an understanding of DevOps principles. IT professionals working within, or about to enter, an Agile Service Design Environment The following IT roles: Automation Architects, Application Developers, Business Analysts, Business Managers, Business Stakeholders, Change Agents, Consultants, DevOps Consultants, DevOps Engineers, Infrastructure Architect, Integration Specialists, IT Directors, IT Managers, IT Operations, IT Team Leaders, Lean Coaches, Network Administrators, Operations Managers, Project Managers, Release Engineers, Software Developers, Software Tester/QA, System Administrators, Systems Engineers, System Integrators, Tool Providers. Overview The learning objectives for DevOps Foundation include an understanding of: DevOps objectives and vocabulary Benefits to the business and IT Principles and practices including Continuous Integration, Continuous Delivery, testing, security and the Three Ways DevOps relationship to Agile, Lean and ITSM Improved workflows, communication and feedback loops Automation practices including deployment pipelines and DevOps toolchains Scaling DevOps for the enterprise Critical success factors and key performance indicators Real-life examples and results The DevOps Foundation course provides a baseline understanding of key DevOps terminology to ensure everyone is talking the same language and highlights the benefits of DevOps to support organizational success. Learners will gain an understanding of DevOps, the cultural and professional movement that stresses communication, collaboration, integration, and automation to improve the flow of work between software developers and IT operations professionals. This course prepares you for the DevOps Foundation (DOFD) certification. EXPLORING DEVOPS * Defining DevOps * Why Does DevOps Matter? * CORE DEVOPS PRINCIPLES * The Three Ways * The First Way * The Theory of Constraints * The Second Way * The Third Way * Chaos Engineering * Learning Organizations KEY DEVOPS PRACTICES * Continuous Testing, Integration, Delivery, Deployment * Site Reliability & Resilience Engineering * DevSecOps * ChatOps * Kanban BUSINESS AND TECHNOLOGY FRAMEWORKS * Agile * ITSM * Lean * Safety Culture * Learning Organizations * Continuous Funding CULTURE, BEHAVIORS & OPERATING MODELS * Defining Culture * Cultural Debt * Behavioral Models * Organizational maturity models AUTOMATION & ARCHITECTING DEVOPS TOOLCHAINS * CI/CD * Cloud, Containers, and Microservices * AI and Machine Learning * Automation * DevOps Toolchains MEASUREMENT, METRICS, AND REPORTING * The Importance of Measurement * DevOps Metrics - Speed, Quality, Stability, Culture * Change lead/cycle time * Value Driven Metrics SHARING, SHADOWING AND EVOLVING * DevOps in the Enterprise * Roles * DevOps Leadership * Organizational Considerations * Getting Started * Challenges, Risks, and Critical Success Factors ADDITIONAL COURSE DETAILS: Nexus Humans DevOps Foundation (DevOps Institute) training program is a workshop that presents an invigorating mix of sessions, lessons, and masterclasses meticulously crafted to propel your learning expedition forward. This immersive bootcamp-style experience boasts interactive lectures, hands-on labs, and collaborative hackathons, all strategically designed to fortify fundamental concepts. Guided by seasoned coaches, each session offers priceless insights and practical skills crucial for honing your expertise. Whether you're stepping into the realm of professional skills or a seasoned professional, this comprehensive course ensures you're equipped with the knowledge and prowess necessary for success. While we feel this is the best course for the DevOps Foundation (DevOps Institute) course and one of our Top 10 we encourage you to read the course outline to make sure it is the right content for you. Additionally, private sessions, closed classes or dedicated events are available both live online and at our training centres in Dublin and London, as well as at your offices anywhere in the UK, Ireland or across EMEA.

Duration 3 Days 18 CPD hours This course is intended for This course is ideal for Professionals preparing to become CRISC certified. Risk practitioners Students or recent graduates Overview At course completions, students will understand the essential concepts in the 4 ISACA CRISC domains: Governance IT Risk Assessment Risk Response and Reporting Information Technology and Security This 3 Day CRISC course is geared towards preparing students to pass the ISACA Certified in Risk and Information Systems Control examination. The course covers all four of the CRISC domains, and each section corresponds directly to the CRISC job practice. CRISC validates your experience in building a well-defined, agile risk-management program, based on best practices to identify, analyze, evaluate, assess, prioritize and respond to risks. This enhances benefits realization and delivers optimal value to stakeholders. GOVERNANCE - A. ORGANIZATIONAL GOVERNANCE * Organizational Strategy, Goals, and Objectives * Organizational Structure, Roles, and Responsibilities * Organizational Culture * Policies and Standards * Business Processes * Organizational Assets GOVERNANCE - B. RISK GOVERNANCE * Enterprise Risk Management and Risk Management Framework * Three Lines of Defense * Risk Profile * Risk Appetite and Risk Tolerance * Legal, Regulatory, and Contractual Requirements * Professional Ethics of Risk Management IT RISK ASSESSMENT - A. IT RISK IDENTIFICATION * Risk Events (e.g., contributing conditions, loss result) * Threat Modelling and Threat Landscape * Vulnerability and Control Deficiency Analysis (e.g., root cause analysis) * Risk Scenario Development IT RISK ASSESSMENT - B. IT RISK ANALYSIS AND EVALUATION * Risk Assessment Concepts, Standards, and Frameworks * Risk Register * Risk Analysis Methodologies * Business Impact Analysis * Inherent and Residual Risk RISK RESPONSE AND REPORTING - A. RISK RESPONSE * Risk Treatment / Risk Response Options * Risk and Control Ownership * Third-Party Risk Management * Issue, Finding, and Exception Management * Management of Emerging Risk RISK RESPONSE AND REPORTING - B. CONTROL DESIGN AND IMPLEMENTATION * Control Types, Standards, and Frameworks * Control Design, Selection, and Analysis * Control Implementation * Control Testing and Effectiveness Evaluation RISK RESPONSE AND REPORTING - C. RISK MONITORING AND REPORTING * Risk Treatment Plans * Data Collection, Aggregation, Analysis, and Validation * Risk and Control Monitoring Techniques * Risk and Control Reporting Techniques (heatmap, scorecards, dashboards) * Key Performance Indicators * Key Risk Indicators (KRIs) * Key Control Indicators (KCIs) INFORMATION TECHNOLOGY AND SECURITY - A. INFORMATION TECHNOLOGY PRINCIPLES * Enterprise Architecture * IT Operations Management (e.g., change management, IT assets, problems, incidents) * Project Management * Disaster Recovery Management (DRM) * Data Lifecycle Management * System Development Life Cycle (SDLC) * Emerging Technologies INFORMATION TECHNOLOGY AND SECURITY - B. INFORMATION SECURITY PRINCIPLES * Information Security Concepts, Frameworks, and Standards * Information Security Awareness Training * Business Continuity Management * Data Privacy and Data Protection Principles

CYBER SECURITY TRAINING COURSE DESCRIPTION The reliance of the world on the Internet and computer systems means the protection of information systems is vitally important. This is even more important smart devices and the Internet of Things increase the number of devices. This Cyber Security provides a concise overview on the threats and attacks that can happen along with the counter measures that can be taken. WHAT WILL YOU LEARN * Recognise the different types of attack. * Describe the attacks that can be made against information systems. * Describe the counter measures available. CYBER SECURITY TRAINING COURSE DETAILS * Who will benefit: Non-technical staff working with computers. * Prerequisites: None. * Duration 1 day CYBER SECURITY TRAINING COURSE CONTENTS * What is Cyber Security? Computer security, Policies, Types of security breach, denial of service, data manipulation, data theft, data destruction, security checklists, incident response. * Attacks Physical access, Social engineering, Privilege escalation, Malware, Trojans, worms, viruses, rootkits, Backdoors, Denial of Service (DOS), Distributed DOS, Eavesdropping, Spoofing, Man the middle tampering. * Countermeasures Prevention, detection, response. Physical, user accounts, Firewalls, IDS, AAA, authentication, cryptography, encryption, data integrity. * Cyber security standards ETSI, ISO 27001, 27002, NIST, ISA/IEC 62443.

CYBER SECURITY TRAINING COURSE DESCRIPTION This cyber security course focusses on the network side of security. Technologies rather than specific products are studied focussing around the protection of networks using firewalls and VPNs. WHAT WILL YOU LEARN * Describe: - Basic security attacks - RADIUS - SSL - VPNs * Deploy firewalls and secure networks * Explain how the various technologies involved in an IP VPN work. * Describe and implement: - L2TP - IPsec - SSL - MPLS, L3, VPNs. CYBER SECURITY TRAINING COURSE DETAILS * Who will benefit: Anyone working in the security field. * Prerequisites: TCP/IP foundation for engineers * Duration 5 days CYBER SECURITY TRAINING COURSE CONTENTS * Security review Denial of service, DDOS, data manipulation, data theft, data destruction, security checklists, incident response. * Security exploits IP spoofing, SYN attacks, hijacking, reflectors and amplification, keeping up to date with new threats. Hands on port scanning, use a 'hacking' tool. * Client and Server security Windows, Linux, Log files, syslogd, accounts, data security. Hands on Server hardening. * Firewall introduction What is a firewall? Firewall benefits, concepts. HAnds on launching various attacks on a target. * Firewall types Packet filtering, SPI, Proxy, Personal. Software firewalls, hardware firewalls. Firewall products. Hands on Simple personal firewall configuration. * Packet filtering firewalls Things to filter in the IP header, stateless vs. stateful filtering. ACLs. Advantages of packet filtering. Hands on Configuring packet filtering firewalls. * Stateful packet filtering Stateful algorithms, packet-by-packet inspection, application content filtering, tracks, special handling (fragments, IP options), sessions with TCP and UDP. Firewall hacking detection: SYN attacks, SSL, SSH interception. Hands on SPI firewalls. * Proxy firewalls Circuit level, application level, SOCKS. Proxy firewall plusses and minuses. Hands on Proxy firewalls. * Firewall architectures Small office, enterprise, service provider, what is a DMZ? DMZ architectures, bastion hosts, multi DMZ. Virtual firewalls, transparent firewalls. Dual firewall design, high availability, load balancing, VRRP. Hands on Resilient firewall architecture. * Testing firewalls Configuration checklist, testing procedure, monitoring firewalls, logging, syslog. Hands on Testing firewalls. * Encryption Encryption keys, Encryption strengths, Secret key vs Public key, algorithms, systems, SSL, SSH, Public Key Infrastructures. Hands on Password cracking. * Authentication Types of authentication, Securid, Biometrics, PGP, Digital certificates, X.509 v3, Certificate authorities, CRLs, RADIUS. Hands on Using certificates. * VPN overview What is a VPN? What is an IP VPN? VPNs vs. Private Data Networks, Internet VPNs, Intranet VPNs, Remote access VPNs, Site to site VPNs, VPN benefits and disadvantages. * VPN Tunnelling VPN components, VPN tunnels, tunnel sources, tunnel end points, tunnelling topologies, tunnelling protocols, which tunnelling protocol? Requirements of tunnels. * L2TP Overview, components, how it works, security, packet authentication, L2TP/IPsec, L2TP/PPP, L2 vs L3 tunnelling. Hands on Implementing a L2TP tunnel. * IPsec AH, HMAC, ESP, transport and tunnel modes, Security Association, encryption and authentication algorithms, manual vs automated key exchange, NAT and other issues. Hands on Implementing an IPsec VPN. * SSL VPNs Layer 4 VPNs, advantages, disadvantages. SSL. TLS. TLS negotiation, TLS authentication. TLS and certificates. Hands on Implementing a SSL VPN. * MPLS VPNs Introduction to MPLS, why use MPLS, Headers, architecture, label switching, LDP, MPLS VPNs, L2 versus L3 VPNs. Point to point versus multipoint MPLS VPNs. MBGP and VRFs and their use in MPLS VPNs. Hands on Implementing a MPLS L3 VPN. * Penetration testing Hacking webservers, web applications, Wireless networks and mobile platforms. Concepts, threats, methodology. Hands on Hacking tools and countermeasures.

OVERVIEW -------------------------------------------------------------------------------- Cyber Security plays an important role in every business as it encompasses everything that relates to protecting sensitive data, personal information, intellectual property, data, and governmental and industry information systems from theft and damage attempted by criminals and adversaries. This course is designed to understand and gain practical skills to plan, deliver and monitor IT/cyber security to internal and external clients understanding a complete, knowledge in the areas of IT policies, Security-Operational-Run-Book, security/penetration testing, ethical hacking and black hat hacking including understanding the basics of Kali Operating System and its tools and techniques. It will also cover WiFi security, Website security, human factors, cyber forensics, and cyber security team management, including all other areas in relation to Cyber Security.

Duration 5 Days 30 CPD hours This course is intended for The CHFI course will benefit: Police and other laws enforcement personnel Defense and Military personnel e-Business Security professionals Systems administrators Legal professionals Banking, Insurance and other professionals Government agencies Overview At the end of this course, you will possess the skills needed to: Understand the fundamentals of computer forensics Understand the computer forensic investigation process Describe in detail different types of hard disks and file systems Understand data acquisition and duplication Counteract anti-forensic techniques Leverage forensic skills in Windows, Linux, and Mac Investigate web attacks Understand dark web forensics Deploy forensic techniques for databases, cloud, and networks Investigate email crimes including malware Perform forensics in mobile and IoT environments Every crime leaves a digital footprint, and you need the skills to track those footprints. In this course, students will learn to unravel these pieces of evidence, decode them and report them. From decoding a hack to taking legal action against the perpetrators, they will become an active respondent in times of cyber-breaches. COMPUTER FORENSICS IN TODAY?S WORLD * 1.1. Understand the Fundamentals of Computer Forensics * 1.2. Understand Cybercrimes and their Investigation Procedures * 1.3. Understand Digital Evidence * 1.4. Understand Forensic Readiness, Incident Response and the Role of SOC (Security * Operations Center) in Computer Forensics * 1.5. Identify the Roles and Responsibilities of a Forensic Investigator * 1.6. Understand the Challenges Faced in Investigating Cybercrimes * 1.7. Understand Legal Compliance in Computer Forensics * COMPUTER FORENSICS INVESTIGATION PROCESS * 2.1. Understand the Forensic Investigation Process and its Importance * 2.2. Understand the Pre-investigation Phase * 2.3. Understand First Response * 2.4. Understand the Investigation Phase * 2.5. Understand the Post-investigation Phase * UNDERSTANDING HARD DISKS AND FILE SYSTEMS * 3.1. Describe Different Types of Disk Drives and their Characteristics * 3.2. Explain the Logical Structure of a Disk * 3.3. Understand Booting Process of Windows, Linux and Mac Operating Systems * 3.4. Understand Various File Systems of Windows, Linux and Mac Operating Systems * 3.5. Examine File System Using Autopsy and The Sleuth Kit Tools * 3.6 Understand Storage Systems * 3.7. Understand Encoding Standards and Hex Editors * 3.8. Analyze Popular File Formats Using Hex Editor * DATA ACQUISITION AND DUPLICATION * 4.1. Understand Data Acquisition Fundamentals * 4.2. Understand Data Acquisition Methodology * 4.3. Prepare an Image File for Examination * DEFEATING ANTI-FORENSICS TECHNIQUES * 5.1. Understand Anti-forensics Techniques * 5.2. Discuss Data Deletion and Recycle Bin Forensics * 5.3. Illustrate File Carving Techniques and Ways to Recover Evidence from Deleted Partitions * 5.4. Explore Password Cracking/Bypassing Techniques * 5.5. Detect Steganography, Hidden Data in File System Structures, Trail Obfuscation, and File Extension Mismatch * 5.6. Understand Techniques of Artifact Wiping, Overwritten Data/Metadata Detection, and Encryption * 5.7. Detect Program Packers and Footprint Minimizing Techniques * 5.8. Understand Anti-forensics Countermeasures * WINDOWS FORENSICS * 6.1. Collect Volatile and Non-volatile Information * 6.2. Perform Windows Memory and Registry Analysis * 6.3. Examine the Cache, Cookie and History Recorded in Web Browsers * 6.4. Examine Windows Files and Metadata * 6.5. Understand ShellBags, LNK Files, and Jump Lists * 6.6. Understand Text-based Logs and Windows Event Logs * LINUX AND MAC FORENSICS * 7.1. Understand Volatile and Non-volatile Data in Linux * 7.2. Analyze Filesystem Images Using The Sleuth Kit * 7.3. Demonstrate Memory Forensics Using Volatility & PhotoRec * 7.4. Understand Mac Forensics * * NETWORK FORENSICS * 8.1. Understand Network Forensics * 8.2. Explain Logging Fundamentals and Network Forensic Readiness * 8.3. Summarize Event Correlation Concepts * 8.4. Identify Indicators of Compromise (IoCs) from Network Logs * 8.5. Investigate Network Traffic * 8.6. Perform Incident Detection and Examination with SIEM Tools * 8.7. Monitor and Detect Wireless Network Attacks * INVESTIGATING WEB ATTACKS * 9.1. Understand Web Application Forensics * 9.2. Understand Internet Information Services (IIS) Logs * 9.3. Understand Apache Web Server Logs * 9.4. Understand the Functionality of Intrusion Detection System (IDS) * 9.5. Understand the Functionality of Web Application Firewall (WAF) * 9.6. Investigate Web Attacks on Windows-based Servers * 9.7. Detect and Investigate Various Attacks on Web Applications * DARK WEB FORENSICS * 10.1. Understand the Dark Web * 10.2. Determine How to Identify the Traces of Tor Browser during Investigation * 10.3. Perform Tor Browser Forensics * DATABASE FORENSICS * 11.1. Understand Database Forensics and its Importance * 11.2. Determine Data Storage and Database Evidence Repositories in MSSQL Server * 11.3. Collect Evidence Files on MSSQL Server * 11.4. Perform MSSQL Forensics * 11.5. Understand Internal Architecture of MySQL and Structure of Data Directory * 11.6. Understand Information Schema and List MySQL Utilities for Performing Forensic Analysis * 11.7. Perform MySQL Forensics on WordPress Web Application Database * CLOUD FORENSICS * 12.1. Understand the Basic Cloud Computing Concepts * 12.2. Understand Cloud Forensics * 12.3. Understand the Fundamentals of Amazon Web Services (AWS) * 12.4. Determine How to Investigate Security Incidents in AWS * 12.5. Understand the Fundamentals of Microsoft Azure * 12.6. Determine How to Investigate Security Incidents in Azure * 12.7. Understand Forensic Methodologies for Containers and Microservices * INVESTIGATING EMAIL CRIMES * 13.1. Understand Email Basics * 13.2. Understand Email Crime Investigation and its Steps * 13.3. U.S. Laws Against Email Crime * MALWARE FORENSICS * 14.1. Define Malware and Identify the Common Techniques Attackers Use to Spread Malware * 14.2. Understand Malware Forensics Fundamentals and Recognize Types of Malware Analysis * 14.3. Understand and Perform Static Analysis of Malware * 14.4. Analyze Suspicious Word and PDF Documents * 14.5. Understand Dynamic Malware Analysis Fundamentals and Approaches * 14.6. Analyze Malware Behavior on System Properties in Real-time * 14.7. Analyze Malware Behavior on Network in Real-time * 14.8. Describe Fileless Malware Attacks and How they Happen * 14.9. Perform Fileless Malware Analysis - Emotet * MOBILE FORENSICS * 15.1. Understand the Importance of Mobile Device Forensics * 15.2. Illustrate Architectural Layers and Boot Processes of Android and iOS Devices * 15.3. Explain the Steps Involved in Mobile Forensics Process * 15.4. Investigate Cellular Network Data * 15.5. Understand SIM File System and its Data Acquisition Method * 15.6. Illustrate Phone Locks and Discuss Rooting of Android and Jailbreaking of iOS Devices * 15.7. Perform Logical Acquisition on Android and iOS Devices * 15.8. Perform Physical Acquisition on Android and iOS Devices * 15.9. Discuss Mobile Forensics Challenges and Prepare Investigation Report * IOT FORENSICS * 16.1. Understand IoT and IoT Security Problems * 16.2. Recognize Different Types of IoT Threats * 16.3. Understand IoT Forensics * 16.4. Perform Forensics on IoT Devices *

This is the perfect launch pad for a technical career in Cyber Security and fully prepares every delegate for the prestigious Certified Ethical Hacking (CEH) Course that comes next on the Cyber & Hacking Learning Pathways by Nemstar.

Duration 3 Days 18 CPD hours This course is intended for This course is intended for security engineers, security architects, and information security professionals. Overview Identify security benefits and responsibilities of using the AWS Cloud Build secure application infrastructures Protect applications and data from common security threats Perform and automate security checks Configure authentication and permissions for applications and resources Monitor AWS resources and respond to incidents Capture and process logs Create and configure automated and repeatable deployments with tools such as AMIs and AWS CloudFormation This course demonstrates how to efficiently use AWS security services to stay secure in the AWS Cloud. The course focuses on the security practices that AWS recommends for enhancing the security of your data and systems in the cloud. The course highlights the security features of AWS key services including compute, storage, networking, and database services. You will also learn how to leverage AWS services and tools for automation, continuous monitoring and logging, and responding to security incidents. Prerequisites We recommend that attendees of this course have: * Working knowledge of IT security practices and infrastructure concepts * Familiarity with cloud computing concepts * Completed AWS Security Essentials and Architecting on AWS courses 1 - SECURITY ON AWS * Security in the AWS cloud * AWS Shared Responsibility Model * Incident response overview * DevOps with Security Engineering 2 - IDENTIFYING ENTRY POINTS ON AWS * Identify the different ways to access the AWS platform * Understanding IAM policies * IAM Permissions Boundary * IAM Access Analyzer * Multi-factor authentication * AWS CloudTrail 3 - SECURITY CONSIDERATIONS: WEB APPLICATION ENVIRONMENTS * Threats in a three-tier architecture * Common threats: user access * Common threats: data access * AWS Trusted Advisor 4 - APPLICATION SECURITY * Amazon Machine Images * Amazon Inspector * AWS Systems Manager 5 - DATA SECURITY * Data protection strategies * Encryption on AWS * Protecting data at rest with Amazon S3, Amazon RDS, Amazon DynamoDB * Protecting archived data with Amazon S3 Glacier * Amazon S3 Access Analyzer * Amazon S3 Access Points 6 - SECURING NETWORK COMMUNICATIONS * Amazon VPC security considerations * Amazon VPC Traffic Mirroring * Responding to compromised instances * Elastic Load Balancing * AWS Certificate Manager 7 - MONITORING AND COLLECTING LOGS ON AWS * Amazon CloudWatch and CloudWatch Logs * AWS Config * Amazon Macie * Amazon VPC Flow Logs * Amazon S3 Server Access Logs * ELB Access Logs 8 - PROCESSING LOGS ON AWS * Amazon Kinesis * Amazon Athena 9 - SECURITY CONSIDERATIONS: HYBRID ENVIRONMENTS * AWS Site-to-Site and Client VPN connections * AWS Direct Connect * AWS Transit Gateway 10 - OUT-OF-REGION PROTECTION * Amazon Route 53 * AWS WAF * Amazon CloudFront * AWS Shield * AWS Firewall Manager * DDoS mitigation on AWS 11 - SECURITY CONSIDERATIONS: SERVERLESS ENVIRONMENTS * Amazon Cognito * Amazon API Gateway * AWS Lambda 12 - THREAT DETECTION AND INVESTIGATION * Amazon GuardDuty * AWS Security Hub * Amazon Detective 13 - SECRETS MANAGEMENT ON AWS * AWS KMS * AWS CloudHSM * AWS Secrets Manager 14 - AUTOMATION AND SECURITY BY DESIGN * AWS CloudFormation * AWS Service Catalog 15 - ACCOUNT MANAGEMENT AND PROVISIONING ON AWS * AWS Organizations * AWS Control Tower * AWS SSO * AWS Directory Service

ABOUT THIS VIRTUAL INSTRUCTOR LED TRAINING (VILT) This 3 half-day Virtual Instructor Led Training (VILT) course will help participants grasp the idea of real-world risk management and how this relates to the cyber world. The VILT course will cover topics surrounding identifying cyber risks and vulnerabilities, guidance on applying administrative actions, and comprehensive solutions to ensure your organization is adequately secure and protected. The VILT course will guide participants on how to conduct a security risk assessment for their organization, and equip them with the skills to develop a risk compliance assessment plan as well as methods to develop risk management strategies which can improve their organization's security posture. The VILT course has at least a 30% hands-on approach through the use of Table Top Exercises. The VILT course will cover the following modules: 1. Introduction to Risk Assessments (RA) 2. Threat Actors and Their Motivations 3. Threat and Risk Assessment 4. Critical Controls Identification 5. Maturity Assessment 6. Treated Cyber Risk Profile 7. Target Cyber Risk Profile and Strategy Target Audience The VILT course is intended for professionals responsible for organizational information and security system and those involved in operating and maintenance of critical information and IT network & sotware systems. Professionals who are designated as the Single Point of Accountability (SPoA) as well as system auditors will find this course useful. Course Level * Basic or Foundation Training Methods The VILT course will be delivered online in 3 half-day sessions comprising 4 hours per day, with 2 x 10 minutes break per day, including time for lectures, discussion, quizzes and short classroom exercises. Course Duration: 3 half-day sessions, 4 hours per session (12 hours in total). This VILT course is delivered in partnership with ENGIE Laborelec. Trainer Your expert course leader is a is specialized in cybersecurity risk management. Before joining ENGIE, she worked for The National Cybersecurity Agency of France (ANSSI) based in Paris (France) and for Deloitte Belgium located in Zaventem (Belgium). She has been involved in cybersecurity projects focusing on the principle of protecting critical infrastructures. Her different experiences in Cyber Security, Anti-Money Laundering and Global Trade Compliance (including Export Control and Customs) gave her the opportunity to use methodologies tackling strategic, operational and financial control issues at all levels of an organization: people, business processes, IT applications and infrastructure, legal and regulatory compliance. She was an EBIOS Risk Manager (RM) trainer while she worked for the French government; EBIOS RM is the French method for assessing and treating digital risks. She also had the opportunity to represent France towards European institutions and other relevant stakeholders for topics related to cybersecurity risk management. POST TRAINING COACHING SUPPORT (OPTIONAL) To further optimise your learning experience from our courses, we also offer individualized 'One to One' coaching support for 2 hours post training. We can help improve your competence in your chosen area of interest, based on your learning needs and available hours. This is a great opportunity to improve your capability and confidence in a particular area of expertise. It will be delivered over a secure video conference call by one of our senior trainers. They will work with you to create a tailor-made coaching program that will help you achieve your goals faster. Request for further information about post training coaching support and fees applicable for this. Accreditions And Affliations