Course title: Cyber Security Assessments – Methods and Standards
Course type: Intensive course online on Cybertrusion’s learning platform, in small groups along with other participants
Course length: 2 weeks (every Monday to Friday, weekends used for deepening practical knowledge)
- Explanation of terminology, differentiating between audits, assessments, policies, guidelines, best practice etc.
- Typical tasks, various types of security analyses, document types for security directives
- Determining security needs, allocation into protection categories
- BSI baseline protection and ISO 2700x
- NIST Security and Risk Framework
- Testing the system configuration on the example of Windows, Unix/Linux, Mac OS X
- Automated assessment: SCAP und Security Content Automation
- Learn about essential documents and guidelines from NSA, DoD, NIST, BSI, ENISA, RFC, ISO/IEC, OWASP
- Penetration testing part A: methods and standards
- Penetration testing part B: practical execution, tools, evaluation
- ITIL, COBIT, OCTAVE, plus further standards and methods
- Tendering and planning assessment projects
- Final evaluation reports: document types, contents, tips for structure and preparation
- Translating search results into guidance and to-do lists
- Evaluation and discussion of practical tasks (homework)
Over the course, you will regularly work through small tasks and receive tips and feedback from the course leader. You will discuss the course contents together with other participants in internal discussion forums and are able to participate in expert exchanges. Finally, towards the end of the course, you will create a short text based on a self-selected question (task takes a half to whole day).
Certificate of completion: if you completed your homework and your participation was regular you will receive upon completing the course a certificate of completion. The small tests are exclusively for your personal self-assessment; no grade is given.
Advantages: intensive, daily support from course leaders, discussions and expert exchanges with other participants, regular self-assessment through multiple choice tests and quizzes, working through various tasks including feedback.
Overview and training objectives: Over the following course, we are concerned with audits and assessments, namely the testing and analysis of IT systems and networks. We explain the necessary technical and organizational equipment for accomplished security specialists as well as for their contractors.
Organizations which regularly carry out security tests require a security assessment policy and well-documented, appropriate assessment methods. Their creation requires specific knowledge as to how such assessments can be optimally designed for the relevant case of use. In turn, security advisors and project leaders are expected to know and use such standardized methods. Moreover, documented procedures make training new colleagues easier.
As information security professionals, we are confronted with diverse challenges. However, despite that diversity, most tasks can be placed in existing categories, for example ‘penetration test’, ‘baseline analysis’, ‘audit of operating system configuration’ and more. For most of these tasks, standardized procedural methods are developed. These are well documented, freely accessible and tried and tested. As a project member, you will profit in terms of both substance and efficiency by making use of these methods and standards. Contractors enjoy increased confidence if they can be directed to recognized models or standards.
The first requirement is always to find out which manner of security testing is the most appropriate. Here it is important to become acquainted with the various types of testing and their respective positives and negatives. Chosen a testing type? The next question is about the appropriate method. For penetration tests, there are for example at least a dozen differing approaches. For security assessments, it is a given that there are models of approach whose set-ups are so diverse from each other that the selection of the model makes a decisive contribution to a project’s success.
Profit from the experience of other expert colleagues and IT security experts, from their approaches and tips for successfully completing demanding projects.
Who should attend: This course is aimed at consultants, companies and government employees with one of the following requirements:
- You are entrusted with the implementation or contracting of security testing
- You have to know appropriate requirements when formulating security projects or tendering
- You allow your colleagues to enjoy systematic further education in addition to ‘learning on the job’
- You are an experienced IT security professional and would like to see what working methods other colleagues make use of
- Security managers
- Security consultants
- Anyone who for work reasons wants to find out how to analyze IT security in systems and networks
Prerequisites: Our courses are directed at participants with a background in IT. Basic knowledge of cyber security is useful in order to make the most of our course. Knowledge of technical details (network protocols, system administration etc) are not necessary as this course emphasizes methodology.
Requirements for participation:
- You would need to plan in half a day (or a whole evening) daily for working through the course contents and reading the standards and guidelines used
- You will require a computer with connection to the Internet, a word processor of your choice and the ability to create PDF documents
Tuition | Dates | Registration:
- Course date: currently in-house only
- Early Bird Discount: if you register up to one month before starting date: your course fee is 980 USD
- For late registrations (30 days or less before starting date): 1180 USD
- Payment is to be made after registration is confirmed. Places are limited, and as such early registration is recommended
Infos about the process and setup of our online courses are found >>here<<.
→ Registration: You can register here with our online registration form.