DXC Security Training

Size: px
Start display at page:

Download "DXC Security Training"

Transcription

1 DXC Security Training

2 DXC Security Training Table of contents About DXC Security Training 2 About DXC Technology 3 Inforsec Registered Assessors Program (IRAP) 4 ISM Fundamentals 6 Cyber Security Incident Management 7 Vulnerability Testing 8 Web Application Secure Coding 9 e-learning Security Awareness Courses 10 About DXC Security Training DXC Technology s Security Training (via Saltbush Training) is an accredited Registered Training Organisation RTO number We can conduct training needs analysis and specifically design or tailor a training course for your business. We offer in-house, off-site and on-line training delivery options. DXC can offer training in a range of courses including: Inforsec Registered Assessors Program (IRAP) ISM Fundamentals Cyber Security Incident Management Vulnerability Testing Web Application Secure Coding Security Awareness. For more information, visit DXC Security Training website at dxc.technology/au/security/training. About DXC Security In Australia and New Zealand, the constant evolution of cyber security threats and shortage of cyber security skills has made it increasingly challenging for organisations to secure their businesses. DXC Technology has worked closely with its clients to protect their businesses by developing strategies, processes and solutions. We are one of the few companies in the world that can provide end-to-end security solutions from expert advisory services to fully managed security operations. At DXC, we believe the value of cybersecurity is in its enablement. To help our clients operate securely in today s environment, we offer expertise and services through our Government certified Security Operations Centres (SOCs). Our global network of SOCs is staffed by an international team who efficiently deliver integrated, 24x7x365 security services. For more information, visit the DXC Security website at dxc.technology/au/security.

3 3 About DXC Technology DXC.technology is the world s leading independent, end-to-end IT services company, helping clients harness the power of innovation to thrive on change. Created by the merger of CSC and the Enterprise Services business of Hewlett Packard Enterprise, DXC.technology serves nearly 6,000 private and public-sector clients across 70 countries. The company s technology independence, global talent and extensive partner network combine to deliver powerful next-generation IT services and solutions. DXC.technology is recognized among the best corporate citizens globally. For more information, visit DXC.technology s website at dxc.technology/au.

4 DXC Security Training INFORSEC Registered Assessors Program (IRAP) IRAP is a program of activities sponsored by the Australian Signals Directorate (ASD) culminating in the endorsement and registration of individuals as competent to assess information security systems in accordance with Australian Government information security standards and policy documents. IRAP provides the framework to endorse individuals from the private and public sectors to provide cyber security assessment services to Australian governments. Endorsed IRAP Assessors can provide an independent assessment of ICT security, suggest mitigations and highlight residual risks. IRAP Assessors may provide assessment up to the TOP SECRET level for: Candidates qualifying as IRAP registered assessors are endorsed to carry out the following types of assessment work: Gateway certifications Cloud services Network/system assessments Gatekeeper assessments FedLink audits, and FedLink connection assessments IRAP Application Form To be eligible for IRAP Assessor training and examinations you must provide: An up to date CV indicating the dates for each engagement or project minimum of a Baseline security clearance (Australian citizenship required) see Australian Government Security Vetting Agency for further details Find out more about the IRAP Program two certifications - one from Category A and one from Category B With some cloud services being more deeply integrated than others, benchmarking cloud risk is extremely challenging compared with the same exercise for an on-site architecture where most of the data is in the organisation s servers and data centres Category A CISM CISSP GSLC Category B CISA CRISC CSNA ISO Lead Auditor PCI QSA

5 5 INFORSEC Registered Mandatory Annual Training Assessor Program (IRAP MAT) Find out more about the IRAP program. IRAP registered assessors undertake Mandatory Annual Training. This is done through a maintenance program that provides assurance that assessors have satisfactorily completed any mandatory training maintenance requirements throughout the 12 months of their registration and are up to date with ISM/policy changes. The performance of work within the scope of the Program carried out by assessors will also be subject to review at the time of re-registration. Saltbush Training has been providing training to IRAP assessors since the program s inception in Saltbush currently offers an online version of the IRAP refresher. This course is only available to current IRAP assessors after the Information Security Manual (ISM) is released annually. For more information, please contact us at AdvisoryTraining-au@dxc.com

6 DXC Security Training ISM Fundamentals Course This two-day seminar will give you an understanding of the security requirements stipulated by the Australian Signals Directorate (ASD) while introducing you to the Information Security Manual (ISM) and how it should best be used within your organisation. Course outline From Incident Response Plans to ICT Security Standards, the Saltbush ISM Fundamentals course is your go-to for getting up to speed on the standard for all government ICT systems. Topics covered include: Security Governance. Includes management structures, forum sand frameworks Security Policy. The over-arching policy, its purpose and basic content Security Risk Management. The difference between strategic and operational risk and the purpose of the Security Risk Management Plan in the secure management of systems Incident Response Plan. This baseline document allows System Managers to tap into and leverage the organisations systematic approach to responding to incidents System Security Plans. The SSP defines the way administrative and technical controls are to be employed Standard Operating Procedures. The SOP is a detailed work instruction a how to do it document. We ll look at who needs them and for what tasks Accreditation and Certification. We ll look at what this is and who is responsible for it Change Management. The role of security in any change to an ICT system is explored Security Awareness Training. A key tool that ensures the success of any security strategy ICT Security Standards. We ll touch on ASD s requirements for gateways, hardware selection, software security, access control, network security, cryptography and data transfer. Who should attend IT Security Advisers, Security Executives, System Managers, Security Administrators All of your team members who need to become more security aware. Your presenter Your presenter is a highly skilled security specialist enabling you to make your ICT Security problems a thing of the past. Your presenter will be selected from our pool of Certificate IV qualified trainers, all of whom have considerable hands-on security experience to support the training they deliver. For more information, please contact us at AdvisoryTraining-au@dxc.com

7 7 Cyber Security Incident Management Course This one-day course will help you to safeguard your business against the worst ICT Security problems. It will ensure that your Computer Incident Response Team has the skills to handle a cyber-security incident. Course outline This course will highlight how to detect an incident, the process for declaring and responding to a security incident and will help attendees workshop their own response procedure. Topics covered include: What constitutes an information security Incident Distinguishing the different incident classes and discussing strategies to deal with them How to harness the human based detection systems within your organisation What technologies are available to detect security incidents and how to best deploy them in your network How to develop response plans to cater for the various incident types Tips on how to preserve forensic evidence and when and who to call for help Understanding options for involving external actors including the AFP. For more information, please contact us at AdvisoryTraining-au@dxc.com Who should attend IT Security Advisers and Managers that have a need to establish an Incident Response Plan for their organisations and how this will impact their compliance programs Security Executives, System Managers, Security Administrators or in fact anyone who needs to appreciate the complexities of detecting and responding to security incidents. Your presenter Your presenter is a highly skilled security specialist enabling you to make your ICT Security problems a thing of the past. Your presenter will be selected from our pool of Certificate IV qualified trainers, all of whom have considerable handson security experience to support the training they deliver. Your presenter will be selected from our pool of Certificate IV qualified trainers, all of whom have considerable hands-on security experience to support the training they deliver.

8 DXC Security Training Vulnerability Testing Course The Vulnerability Testing course provides real, hands on skills in assessing vulnerabilities in applications. Using the industry standard Open Web Application Security Project (OWASP) testing methodology, you will learn valuable and practical techniques to test for weaknesses in applications. Course outline Course Outline The Vulnerability Testing Course will teach participants to test for web application vulnerabilities within various environments including those of the Australian Government. Testing will involve practical exercises where participants will search for, discover, verify and exploit web application vulnerabilities in a hands on laboratory environment. Topics covered include: Understanding the OWASPv4 Test Guide. This will cover methodology for assessing vulnerabilities and all vulnerability types as categorised by OWASPv4 including: Information Gathering; Configuration Management; Identity Management; Authentication; Autherisation; Session Management; Input Validation; Error Handling; Weak Cryptography; Business Logic; Client-side Focused, hands-on vulnerability exploitation exercises using multiple tools Techniques to mitigate discovered vulnerabilities Reporting vulnerabilities Measuring vulnerability severity. Pre-requisites This is not a class for non-technical students. Participants require some basic knowledge of high level programing languages like PHP and Java. They will require significant knowledge of HTML, HTTP and JavaScript. They will also be required to be familiar with Linux operating systems. For more information, please contact us at AdvisoryTraining-au@dxc.com Who should attend Designers of Internet applications and those responsible for deployment of web-based applications Developers responsible for the production of code Security Practitioners such as IT Security Advisers Security Managers and Officers, System Administrators and IT Operations Managers Your presenter Your presenter is a highly skilled security specialist enabling you to make your ICT Security problems a thing of the past. Your presenter will be selected from our pool of Certificate IV qualified trainers, all of whom have considerable hands-on security experience to support the training they deliver.

9 9 Web Application Secure Coding Course The Web Application Secure Coding course covers the most prevalent and dangerous security defects in today s applications, supplying hands on and actionable guidelines to remediate against these common defects. Course outline From common vulnerabilities and their potential consequences to how to avoid these vulnerabilities, this course is a hands-on exercise in secure coding. With practical exercises to exploit or hack common vulnerabilities, students will obtain valuable experience as both an attacker and defender of web applications. Topics covered include: Injection flaws, such as SQL, Operating System and LDAP injection Broken Authentication and Session Management Cross-Site Scripting Security Misconfiguration Sensitive Data Exposure Missing Function Access Control Cross-Site Request Forgery Using Components with Known Vulnerabilities Unvalidated Redirects and Forwards An overview of the OWASP Testing Guide v3.0 methodology An overview of the OWASP Developer Guide 2013 methodology Hands-on vulnerability exploitation (hacking) exercises using the OWASP WebGoat tool Hands-on vulnerability patching exercises using the OWASP WebGoat tool and others. Insecure Direct Object References Pre-requisites Each participant must have their own Windows laptop with at least 4GB of RAM. Who should attend Designers of Internet systems and those responsible for deployment of Internet connected infrastructure Developers responsible for the production of code IT security practitioners and reviewers responsible for assessing the security of deployed systems Fraud and security investigations staff seeking an understanding of common attack vectors. Your presenter Your presenter is a highly skilled security specialist enabling you to make your ICT Security problems a thing of the past. Your presenter will be selected from our pool of Certificate IV qualified trainers, all of whom have considerable hands-on security experience to support the training they deliver.

10 DXC Security Training E-learning Security Awareness Course In order to effectively secure your assets and information your staff must be aware, comprehend and, most importantly, follow the IT Policies, Plans and Procedures that you have so thoughtfully created. Education is the key. Informing your employees how to be Cyber security aware is essential. elearning is one of the most efficient ways to improve the IT culture within your organization. elearning can be tailored to your needs to bring an effective security mindset into your company. Whether you are a large or small enterprise, we can assist you to implement the most constructive security awareness course for your business. Our elearning content includes a suite of training modules produced by cyber security experts with a breadth of knowledge constantly updated by their currently involvement at the coalface of cyber technology. Our training helps you to: Adopt a security attitude that starts at home and carries through to the workplace Foster a security awareness program that will start a culture change Reduce the organisation s exposure to information risks and security threats through improved employee training, awareness and reduced clickthrough rates Improve executive awareness of threats and increase support for threat remediation activities Provide metrics and up-to-date material that is relevant to staff. All our courses are WCAG compliant and can be delivered as a SCORM compliant zip file with flexible delivery options of us hosting on our Learning Management System or on your Learning Management System. We make our courses interactive, relevant to those attending and engaging. If you required follow-up, course success can be managed through our continuous improvement tracking. Who should attend All of your team members who need to become more security aware. Your presenter Your presenter is a highly skilled security specialist enabling you to make your ICT Security problems a thing of the past. Your presenter will be selected from our pool of Certificate IV qualified trainers, all of whom have considerable hands-on security experience to support the training they deliver. For more information, please contact us at AdvisoryTraining-au@dxc.com

11 11

12 About DXC Technology DXC Technology (DXC: NYSE) is the world s leading independent, end-to-end IT services company, serving nearly 6,000 private and public-sector clients from a diverse array of industries across 70 countries. The company s technology independence, global talent and extensive partner network deliver transformative digital offerings and solutions that help clients harness the power of innovation to thrive on change. DXC Technology is recognized among the best corporate citizens globally. For more information, visit DXC Technology Company. All rights reserved. MD_8761a-19. August 2018

t a Foresight Consulting, GPO Box 116, Canberra ACT 2601, AUSTRALIA e foresightconsulting.com.

t a Foresight Consulting, GPO Box 116, Canberra ACT 2601, AUSTRALIA e foresightconsulting.com. e info@ Mr. James Kavanagh Chief Security Advisor Microsoft Australia Level 4, 6 National Circuit, Barton, ACT 2600 19 August 2015 Microsoft CRM Online IRAP Assessment Letter of Compliance Dear Mr. Kavanagh,

More information

BRING EXPERT TRAINING TO YOUR WORKPLACE.

BRING EXPERT TRAINING TO YOUR WORKPLACE. BRING EXPERT TRAINING TO YOUR WORKPLACE. ISACA s globally respected training and certification programs inspire confidence that enables innovation in the workplace. ISACA s On-Site Training brings a unique

More information

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE EXECUTIVE SUMMARY ALIGNING CYBERSECURITY WITH RISK The agility and cost efficiencies

More information

Security Communications and Awareness

Security Communications and Awareness Security Communications and Awareness elearning OVERVIEW Recent high-profile incidents underscore the need for security awareness training. In a world where your employees are frequently exposed to sophisticated

More information

TRAINING CURRICULUM 2017 Q2

TRAINING CURRICULUM 2017 Q2 TRAINING CURRICULUM 2017 Q2 Index 3 Why Security Compass? 4 Discover Role Based Training 6 SSP Suites 7 CSSLP Training 8 Course Catalogue 14 What Can We Do For You? Why Security Compass? Role-Based Training

More information

Digital Health Cyber Security Centre

Digital Health Cyber Security Centre Digital Health Cyber Security Centre Current challenges Ransomware According to the ACSC Threat Report 2017, cybercrime is a prevalent threat for Australia. Distributed Denial of Service (DDoS) Targeting

More information

CYBER RESILIENCE & INCIDENT RESPONSE

CYBER RESILIENCE & INCIDENT RESPONSE CYBER RESILIENCE & INCIDENT RESPONSE www.nccgroup.trust Introduction The threat landscape has changed dramatically over the last decade. Once the biggest threats came from opportunist attacks and preventable

More information

FOUNDATION CERTIFICATE IN INFORMATION SECURITY v2.0 INTRODUCING THE TOP 5 DISCIPLINES IN INFORMATION SECURITY SUMMARY

FOUNDATION CERTIFICATE IN INFORMATION SECURITY v2.0 INTRODUCING THE TOP 5 DISCIPLINES IN INFORMATION SECURITY SUMMARY FOUNDATION CERTIFICATE IN INFORMATION SECURITY v2.0 INTRODUCING THE TOP 5 DISCIPLINES IN INFORMATION SECURITY SUMMARY The Foundation Certificate in Information Security (FCIS) course is designed to provide

More information

Security Communications and Awareness

Security Communications and Awareness Security Communications and Awareness elearning OVERVIEW Recent high-profile incidents underscore the need for security awareness training. In a world where your employees are frequently exposed to sophisticated

More information

Certified Cyber Security Specialist

Certified Cyber Security Specialist Certified Cyber Security Specialist Page 1 of 7 Why Attend This course will provide participants with in-depth knowledge and practical skills to plan, deliver and monitor IT/cyber security to internal

More information

Training on CREST Practitioner Security Analyst (CPSA)

Training on CREST Practitioner Security Analyst (CPSA) 1 Training on CREST Practitioner Security Analyst (CPSA) Objectives This programme introduces to you to the CPSA, CREST Practitioner Security Analyst, and certification. This instructor led course covers

More information

Ingram Micro Cyber Security Portfolio

Ingram Micro Cyber Security Portfolio Ingram Micro Cyber Security Portfolio Ingram Micro Inc. 1 Ingram Micro Cyber Security Portfolio Services Trainings Vendors Technical Assessment General Training Consultancy Service Certification Training

More information

NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT?

NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT? NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT? What the new data regulations mean for your business, and how Brennan IT and Microsoft 365 can help. THE REGULATIONS: WHAT YOU NEED TO KNOW Australia:

More information

Predstavenie štandardu ISO/IEC 27005

Predstavenie štandardu ISO/IEC 27005 PERFORMANCE & TECHNOLOGY - IT ADVISORY Predstavenie štandardu ISO/IEC 27005 ISMS Risk Management 16.02.2011 ADVISORY KPMG details KPMG is a global network of professional services firms providing audit,

More information

Hacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK

Hacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK Hacker Academy Ltd COURSES CATALOGUE Hacker Academy Ltd. LONDON UK TABLE OF CONTENTS Basic Level Courses... 3 1. Information Security Awareness for End Users... 3 2. Information Security Awareness for

More information

Securing Your Digital Transformation

Securing Your Digital Transformation Securing Your Digital Transformation Security Consulting Managed Security Leveraging experienced, senior experts to help define and communicate risk and security program strategy using real-world data,

More information

CYBER SECURITY TRAINING

CYBER SECURITY TRAINING CYBER Security skills for the digital age. Cyber Crime has never been more predominant. The number of breaches is exponentially rising year on year leading to an ever increasing Cyber Security threat.

More information

CSWAE Certified Secure Web Application Engineer

CSWAE Certified Secure Web Application Engineer CSWAE Certified Secure Web Application Engineer Overview Organizations and governments fall victim to internet based attacks every day. In many cases, web attacks could be thwarted but hackers, organized

More information

Position Description. Computer Network Defence (CND) Analyst. GCSB mission and values. Our mission. Our values UNCLASSIFIED

Position Description. Computer Network Defence (CND) Analyst. GCSB mission and values. Our mission. Our values UNCLASSIFIED Position Description Computer Network Defence (CND) Analyst Position purpose: Directorate overview: The CND Analyst seeks to discover, analyse and report on sophisticated computer network exploitation

More information

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK. Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK. In today s escalating cyber risk environment, you need to make sure you re focused on the right priorities by

More information

POSITION DESCRIPTION

POSITION DESCRIPTION UNCLASSIFIED IT Security Certification Assessor POSITION DESCRIPTION Unit, Directorate: Location: IT & Physical Security, Protective Security Wellington Salary range: H $77,711 - $116,567 Purpose of position:

More information

Val-EdTM. Valiant Technologies Education & Training Services. Workshop for CISM aspirants. All Trademarks and Copyrights recognized.

Val-EdTM. Valiant Technologies Education & Training Services. Workshop for CISM aspirants. All Trademarks and Copyrights recognized. Val-EdTM Valiant Technologies Education & Training Services Workshop for CISM aspirants All Trademarks and Copyrights recognized Page 1 of 8 Welcome to Valiant Technologies. We are a specialty consulting

More information

Cyber Security School

Cyber Security School Cyber Cyber Security School FUTURE PROOF Y SECURITY TALENT "The UK needs to tackle the systemic issues at the heart of the Cyber skills shortage..." National Cyber Security Strategy 2016-2021, HM Government

More information

Fintech District. The First Testing Cyber Security Platform. In collaboration with CISCO. Cloud or On Premise Platform

Fintech District. The First Testing Cyber Security Platform. In collaboration with CISCO. Cloud or On Premise Platform Fintech District The First Testing Cyber Security Platform In collaboration with CISCO Cloud or On Premise Platform WHAT IS SWASCAN? SWASCAN SERVICES Cloud On premise Web Application Vulnerability Scan

More information

EU General Data Protection Regulation (GDPR) Achieving compliance

EU General Data Protection Regulation (GDPR) Achieving compliance EU General Data Protection Regulation (GDPR) Achieving compliance GDPR enhancing data protection and privacy The new EU General Data Protection Regulation (GDPR) will apply across all EU member states,

More information

IoT & SCADA Cyber Security Services

IoT & SCADA Cyber Security Services RIOT SOLUTIONS PTY LTD P.O. Box 10087 Adelaide St Brisbane QLD 4000 BRISBANE HEAD OFFICE Level 22, 144 Edward St Brisbane, QLD 4000 T: 1300 744 028 Email: sales@riotsolutions.com.au www.riotsolutions.com.au

More information

CISA Course. Course Details: iathena.com, a Navitus Education Venture

CISA Course. Course Details: iathena.com, a Navitus Education Venture iathena.com, a Navitus Education Venture CISA Course Course Details: Modules: 5 Contents: Interactive Supplements: Overview, Tips n Tricks, 1 Exam Type: Self-Paced (30, 90 & 180 Days) Copyright: Navitus

More information

"Charting the Course to Your Success!" Securing.Net Web Applications Lifecycle Course Summary

Charting the Course to Your Success! Securing.Net Web Applications Lifecycle Course Summary Course Summary Description Securing.Net Web Applications - Lifecycle is a lab-intensive, hands-on.net security training course, essential for experienced enterprise developers who need to produce secure.net-based

More information

Students should have an understanding and a working knowledge in the following topics, or attend these courses as a pre-requisite:

Students should have an understanding and a working knowledge in the following topics, or attend these courses as a pre-requisite: Secure Java Web Application Development Lifecycle - SDL (TT8325-J) Day(s): 5 Course Code: GK1107 Overview Secure Java Web Application Development Lifecycle (SDL) is a lab-intensive, hands-on Java / JEE

More information

ASD CERTIFICATION REPORT

ASD CERTIFICATION REPORT ASD CERTIFICATION REPORT Amazon Web Services Elastic Compute Cloud (EC2), Virtual Private Cloud (VPC), Elastic Block Store (EBS) and Simple Storage Service (S3) Certification Decision ASD certifies Amazon

More information

DATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI

DATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI DATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI EXECUTIVE SUMMARY The shortage of cybersecurity skills Organizations continue to face a shortage of IT skill

More information

Cybersecurity Auditing in an Unsecure World

Cybersecurity Auditing in an Unsecure World About This Course Cybersecurity Auditing in an Unsecure World Course Description $5.4 million that s the average cost of a data breach to a U.S.-based company. It s no surprise, then, that cybersecurity

More information

Workshop IT Star IT Security Professional Positioning and Monitoring: e-cfplus support

Workshop IT Star IT Security Professional Positioning and Monitoring: e-cfplus support Workshop IT Star 2016 IT Security Professional Positioning and Monitoring: e-cfplus support Roberto Bellini AICA-Milan October, 28 th 2016 agenda 1. e-cf standard and the enriched e-cfplus System 2. IT

More information

Training + Information Sharing: Pillars of enhancing cybersecurity posture

Training + Information Sharing: Pillars of enhancing cybersecurity posture Training + Information Sharing: Pillars of enhancing cybersecurity posture Welland Chu VP, Professional Development & Secretary ISACA China Hong Kong Chapter June 2018 www.isaca.org Reported cyber incidents

More information

Gatekeeper Public Key Infrastructure Framework. Information Security Registered Assessors Program Guide

Gatekeeper Public Key Infrastructure Framework. Information Security Registered Assessors Program Guide Gatekeeper Public Key Infrastructure Framework Information Security Registered Assessors Program Guide V 2.1 December 2015 Digital Transformation Office Commonwealth of Australia 2015 This work is copyright.

More information

Chapter 18 SaskPower Managing the Risk of Cyber Incidents 1.0 MAIN POINTS

Chapter 18 SaskPower Managing the Risk of Cyber Incidents 1.0 MAIN POINTS Chapter 18 SaskPower Managing the Risk of Cyber Incidents 1.0 MAIN POINTS The Saskatchewan Power Corporation (SaskPower) is the principal supplier of power in Saskatchewan with its mission to deliver power

More information

90% of data breaches are caused by software vulnerabilities.

90% of data breaches are caused by software vulnerabilities. 90% of data breaches are caused by software vulnerabilities. Get the skills you need to build secure software applications Secure Software Development (SSD) www.ce.ucf.edu/ssd Offered in partnership with

More information

SALARY $ $72.54 Hourly $3, $5, Biweekly $8, $12, Monthly $103, $150, Annually

SALARY $ $72.54 Hourly $3, $5, Biweekly $8, $12, Monthly $103, $150, Annually SALARY $49.72 - $72.54 Hourly $3,977.88 - $5,803.27 Biweekly $8,618.75 - $12,573.75 Monthly $103,425.00 - $150,885.00 Annually ISSUE DATE: 03/21/18 THE POSITION DIRECTOR OF CYBER SECURITY OPEN TO THE PUBLIC

More information

GDPR Update and ENISA guidelines

GDPR Update and ENISA guidelines GDPR Update and ENISA guidelines 2016 [Type text] There are two topics that should be uppermost in every CISO's mind, how to address the growing demand for Unified Communications (UC) and how to ensure

More information

SECURITY TRAINING SECURITY TRAINING

SECURITY TRAINING SECURITY TRAINING SECURITY TRAINING SECURITY TRAINING Addressing software security effectively means applying a framework of focused activities throughout the software lifecycle in addition to implementing sundry security

More information

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

Enhancing the Cybersecurity of Federal Information and Assets through CSIP TECH BRIEF How BeyondTrust Helps Government Agencies Address Privileged Access Management to Improve Security Contents Introduction... 2 Achieving CSIP Objectives... 2 Steps to improve protection... 3

More information

locuz.com SOC Services

locuz.com SOC Services locuz.com SOC Services 1 Locuz IT Security Lifecycle services combine people, processes and technologies to provide secure access to business applications, over any network and from any device. Our security

More information

SERVICE DESCRIPTION ISO Lex. Certifications

SERVICE DESCRIPTION ISO Lex. Certifications SERVICE DESCRIPTION Lex ISO/IEC 20000-1 INFORMATION TECHNOLOGY - SERVICE MANAGEMENT SYSTEM Companies of any size rely on effective IT service management. No matter where you re based or what you do, your

More information

THE KERNEL. Our in-house professional team is highly skilled in delivering cutting-edge solutions to our clients.

THE KERNEL. Our in-house professional team is highly skilled in delivering cutting-edge solutions to our clients. THE KERNEL Our in-house professional team is highly skilled in delivering cutting-edge solutions to our clients. Since our founding in 1986, and establishing The Kernel s UAE office in 2008, our company

More information

TEL2813/IS2820 Security Management

TEL2813/IS2820 Security Management TEL2813/IS2820 Security Management Security Management Models And Practices Lecture 6 Jan 27, 2005 Introduction To create or maintain a secure environment 1. Design working security plan 2. Implement management

More information

Certified Information Security Manager (CISM) Course Overview

Certified Information Security Manager (CISM) Course Overview Certified Information Security Manager (CISM) Course Overview This course teaches students about information security governance, information risk management, information security program development,

More information

Suma Soft s IT Risk & Security Management Solutions for Global Enterprises

Suma Soft s IT Risk & Security Management Solutions for Global Enterprises Suma Soft s IT Risk & Security Management Solutions for Global Enterprises Overview: For over 16 years, Suma Soft has provided IT risk management solutions for varied SMEs and MNCs and helped solve regulatory,

More information

Security Solutions. Overview. Business Needs

Security Solutions. Overview. Business Needs Security Solutions Overview Information security is not a one time event. The dynamic nature of computer networks mandates that examining and ensuring information security be a constant and vigilant effort.

More information

Sage Data Security Services Directory

Sage Data Security Services Directory Sage Data Security Services Directory PROTECTING INFORMATION ASSETS ENSURING REGULATORY COMPLIANCE FIGHTING CYBERCRIME Discover the Sage Difference Protecting your business from cyber attacks is a full-time

More information

ITU CBS. Digital Security Capacity Building: Role of the University GLOBAL ICT CAPACITY BUILDING SYMPOSIUM SANTO DOMINGO 2018

ITU CBS. Digital Security Capacity Building: Role of the University GLOBAL ICT CAPACITY BUILDING SYMPOSIUM SANTO DOMINGO 2018 GLOBAL ICT CAPACITY BUILDING SYMPOSIUM ITU CBS SANTO DOMINGO 2018 Digital Capacity Building: Role of the University 18 20 June 2018 Santo Domingo, Dominican Republic Dr. Nizar Ben Neji Faculty of Sciences

More information

CYBER FRAUD & DATA BREACHES 16 CPE s May 16-17, 2018

CYBER FRAUD & DATA BREACHES 16 CPE s May 16-17, 2018 CYBER FRAUD & DATA BREACHES 16 CPE s May 16-17, 2018 Cyber fraud attacks happen; they can t all be stopped. The higher order question must be how can we, as fraud examiners and assurance professionals,

More information

EC-Council Certified Incident Handler v2. Prepare to Handle and Respond to Security Incidents EC-COUNCIL CERTIFIED INCIDENT HANDLER 1

EC-Council Certified Incident Handler v2. Prepare to Handle and Respond to Security Incidents EC-COUNCIL CERTIFIED INCIDENT HANDLER 1 EC-Council Certified Incident Handler v2 Prepare to Handle and Respond to Security Incidents EC-COUNCIL CERTIFIED INCIDENT HANDLER 1 THE CRITICAL NATURE OF INCIDENT HANDLING READINESS An organized and

More information

SRM Service Guide. Smart Security. Smart Compliance. Service Guide

SRM Service Guide. Smart Security. Smart Compliance. Service Guide SRM Service Guide Smart Security. Smart Compliance. Service Guide Copyright Security Risk Management Limited Smart Security. Smart Compliance. Introduction Security Risk Management s (SRM) specialists

More information

ISO 27001:2013 certification

ISO 27001:2013 certification www.pwc.ch/cybersecurity ISO 27001:2013 certification Building confidence in your digital future Our approach to certification PwC offers a four-phase approach to help with your ISO 27001 project, using

More information

Managed Application Security trends and best practices in application security

Managed Application Security trends and best practices in application security Managed Application Security trends and best practices in application security Adrian Locusteanu, B2B Delivery Director, Telekom Romania adrian.locusteanu@telekom.ro About Me Adrian Locusteanu is the B2B

More information

Risk Advisory Academy Training Brochure

Risk Advisory Academy Training Brochure Academy Brochure 2 Academy Brochure Cyber Security Our Cyber Security trainings are focused on building your internal capacity to leverage IT related technologies more confidently and manage risk and uncertainty

More information

CERTIFICATE IV IN COMPLIANCE & RISK MANAGEMENT

CERTIFICATE IV IN COMPLIANCE & RISK MANAGEMENT 10131NAT CERTIFICATE IV IN COMPLIANCE & RISK MANAGEMENT Associate GRC Institute (AGRCI) GRC Institute 10131NAT Certificate IV in Compliance and Risk Management Overview INTRODUCTION developed to provide

More information

HP Fortify Software Security Center

HP Fortify Software Security Center HP Fortify Software Security Center Proactively Eliminate Risk in Software Trust Your Software 92% of exploitable vulnerabilities are in software National Institute for Standards and Technology (NIST)

More information

Data Sheet The PCI DSS

Data Sheet The PCI DSS Data Sheet The PCI DSS Protect profits by managing payment card risk IT Governance is uniquely qualified to provide Payment Card Industry (PCI) services. Our leadership in cyber security and technical

More information

Department of Management Services REQUEST FOR INFORMATION

Department of Management Services REQUEST FOR INFORMATION RESPONSE TO Department of Management Services REQUEST FOR INFORMATION Cyber-Security Assessment, Remediation, and Identity Protection, Monitoring, and Restoration Services September 3, 2015 250 South President

More information

Gujarat Forensic Sciences University

Gujarat Forensic Sciences University Gujarat Forensic Sciences University Knowledge Wisdom Fulfilment Cyber Security Consulting Services Secure Software Engineering Infrastructure Security Digital Forensics SDLC Assurance Review & Threat

More information

CyberVista Certify cybervista.net

CyberVista Certify cybervista.net ONLINE CYBERSECURITY CERTIFICATION TRAINING CyberVista Certify ONLINE CYBERSECURITY CERTIFICATION TRAINING CyberVista Certify CyberVista offers the industry s most comprehensive cybersecurity training

More information

13.f Toronto Catholic District School Board's IT Strategic Review - Draft Executive Summary (Refer 8b)

13.f Toronto Catholic District School Board's IT Strategic Review - Draft Executive Summary (Refer 8b) AGENDA ADDENDU TE REGULAR EETING OF TE AUDIT COITTEE COITTEE PUBLIC SESSION Tuesday, June 6, 2017 6:30 P.. Pages 13. Staff Reports 13.f Toronto Catholic District School Board's IT Strategic Review - Draft

More information

IT SECURITY OFFICER. Department: Information Technology. Pay Range: Professional 18

IT SECURITY OFFICER. Department: Information Technology. Pay Range: Professional 18 Pierce County Classification Description IT SECURITY OFFICER Department: Information Technology Job Class #: 634900 Pay Range: Professional 18 FLSA: Exempt Represented: No Classification descriptions are

More information

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data Kenna Platform Security A technical overview of the comprehensive security measures Kenna uses to protect your data V3.0, MAY 2017 Multiple Layers of Protection Overview Password Salted-Hash Thank you

More information

to Enhance Your Cyber Security Needs

to Enhance Your Cyber Security Needs Our Service to Enhance Your Cyber Security Needs Since the business critical systems by its nature are ON all of the time and the increasingly connected world makes you open your organization to everything

More information

Hands-On Hacking Course Syllabus

Hands-On Hacking Course Syllabus Hands-On Hacking Course Syllabus Version 0. 1 Hands-On Hacking 1 Table of Contents HANDS-ON HACKING... 1 TABLE OF CONTENTS... 2 COURSE SYLLABUS... 3 Course... 3 Student Pre-requisites... 3 Laptop Requirements...

More information

Effective COBIT Learning Solutions Information package Corporate customers

Effective COBIT Learning Solutions Information package Corporate customers Effective COBIT Learning Solutions Information package Corporate customers Thank you f o r y o u r interest Thank you for showing interest in COBIT learning solutions from ITpreneurs. This document provides

More information

White Paper. View cyber and mission-critical data in one dashboard

White Paper. View cyber and mission-critical data in one dashboard View cyber and mission-critical data in one dashboard Table of contents Rising cyber events 2 Mitigating threats 2 Heighten awareness 3 Evolving the solution 5 One of the direct benefits of the Homeland

More information

Course support.

Course support. Certificate IV/Diploma/Advanced Diploma of The Moreland Group is a Registered Training Organisation (RTO) within Australia and is able to offer a nationally accredited qualification of Certificate IV in

More information

Wolfpack Cyber Academy Training Catalogue

Wolfpack Cyber Academy Training Catalogue Wolfpack Cyber Academy Training Catalogue IT GOVERNANCE I INFORMATION RISK I CYBERSECURITY I PRIVACY I FOUNDATION I INTERMEDIATE I ADVANCED 2017 WOLF PACK www.wolfpackrisk.com Contents About Wolfpack Information

More information

Les joies et les peines de la transformation numérique

Les joies et les peines de la transformation numérique Les joies et les peines de la transformation numérique Georges Ataya CISA, CGEIT, CISA, CISSP, MSCS, PBA Professor, Solvay Brussels School of Economics and Management Academic Director, IT Management Education

More information

STUDENT LEARNING OUTCOMES Beacom College of Computer and Cyber Sciences

STUDENT LEARNING OUTCOMES Beacom College of Computer and Cyber Sciences STUDENT LEARNING OUTCOMES Beacom College of Computer and Cyber Sciences Undergraduate Programs - Bachelor B.S. Computer Game Design Upon completion of the B.S. degree in Computer Game Design, students

More information

CISA Training.

CISA Training. CISA Training www.austech.edu.au WHAT IS CISA TRAINING? The CISA, Certified Information Systems Auditor, is a professional designation which provides great benefits and increased influence for an individual

More information

CYBERSECURITY HOW IT IS TRANSFORMING THE IT ASSURANCE FIELD

CYBERSECURITY HOW IT IS TRANSFORMING THE IT ASSURANCE FIELD CYBERSECURITY HOW IT IS TRANSFORMING THE IT ASSURANCE FIELD December 2014 KEVIN GROOM ISACA Involvement (Middle Tennessee Chapter) Treasurer (2009 2011) Vice President (2011 2013) President (2013 present)

More information

Application. Security. on line training. Academy. by Appsec Labs

Application. Security. on line training. Academy. by Appsec Labs Application Security on line training Academy by Appsec Labs APPSEC LABS ACADEMY APPLICATION SECURITY & SECURE CODING ON LINE TRAINING PROGRAM AppSec Labs is an expert application security company serving

More information

Governance, Organisation, Law, Regulation and Standards Syllabus QAN 603/0855/2

Governance, Organisation, Law, Regulation and Standards Syllabus QAN 603/0855/2 Making IT good for society Governance, Organisation, Law, Regulation and Standards Syllabus QAN 603/0855/2 Version 5.0 April 2018 This is a United Kingdom government regulated qualification which is administered

More information

ISO / IEC 27001:2005. A brief introduction. Dimitris Petropoulos Managing Director ENCODE Middle East September 2006

ISO / IEC 27001:2005. A brief introduction. Dimitris Petropoulos Managing Director ENCODE Middle East September 2006 ISO / IEC 27001:2005 A brief introduction Dimitris Petropoulos Managing Director ENCODE Middle East September 2006 Information Information is an asset which, like other important business assets, has value

More information

NCSF Foundation Certification

NCSF Foundation Certification NCSF Foundation Certification Overview This ACQUIROS accredited training program is targeted at IT and Cybersecurity professionals looking to become certified on how to operationalize the NIST Cybersecurity

More information

CISM - Certified Information Security Manager. Course Outline. CISM - Certified Information Security Manager.

CISM - Certified Information Security Manager. Course Outline. CISM - Certified Information Security Manager. Course Outline CISM - Certified Information Security Manager 20 Nov 2017 Contents 1. Course Objective 2. Pre-Assessment 3. Exercises, Quizzes, Flashcards & Glossary Number of Questions 4. Expert Instructor-Led

More information

Data Security and Privacy at Handshake

Data Security and Privacy at Handshake Data Security and Privacy at Handshake Introduction 3 A Culture of Security 3 Employee Background Checks 3 Dedicated Security and Privacy Teams 3 Ongoing Team Training 4 Compliance 4 FERPA 4 GDPR 4 Security

More information

in Compliance Management NSW Associate Intensive (AGRCI)

in Compliance Management NSW Associate Intensive (AGRCI) Certificate IV in Compliance Management 91516 NSW Associate Intensive (AGRCI) Overview Introduction GRCI s Certificate IV in Compliance Management 91516 NSW has been developed to provide GRC professionals

More information

IT Governance ISO/IEC 27001:2013 ISMS Implementation. Service description. Protect Comply Thrive

IT Governance ISO/IEC 27001:2013 ISMS Implementation. Service description. Protect Comply Thrive IT Governance ISO/IEC 27001:2013 ISMS Implementation Service description Protect Comply Thrive 100% guaranteed ISO 27001 certification with the global experts With the IT Governance ISO 27001 Implementation

More information

OWASP Top 10 The Ten Most Critical Web Application Security Risks

OWASP Top 10 The Ten Most Critical Web Application Security Risks OWASP Top 10 The Ten Most Critical Web Application Security Risks The Open Web Application Security Project (OWASP) is an open community dedicated to enabling organizations to develop, purchase, and maintain

More information

External Supplier Control Obligations. Cyber Security

External Supplier Control Obligations. Cyber Security External Supplier Control Obligations Cyber Security Control Title Control Description Why this is important 1. Cyber Security Governance The Supplier must have cyber risk governance processes in place

More information

M a d. Take control of your digital security. Advisory & Audit Security Testing Certification Services Training & Awareness

M a d. Take control of your digital security. Advisory & Audit Security Testing Certification Services Training & Awareness M a d Take control of your digital security Advisory & Audit Security Testing Certification Services Training & Awareness Safeguarding digital security is a profession The digitalisation of our society

More information

Qualification Specification. Level 2 Award in Cyber Security Awareness For Business

Qualification Specification. Level 2 Award in Cyber Security Awareness For Business Qualification Specification Level 2 Award in Cyber Security Awareness For Business ProQual 2015 Contents Page Introduction 3 Qualification profile 3 Centre requirements 4 Support for candidates 4 Assessment

More information

RiskSense Attack Surface Validation for IoT Systems

RiskSense Attack Surface Validation for IoT Systems RiskSense Attack Surface Validation for IoT Systems 2018 RiskSense, Inc. Surfacing Double Exposure Risks Changing Times and Assessment Focus Our view of security assessments has changed. There is diminishing

More information

RiskSense Attack Surface Validation for Web Applications

RiskSense Attack Surface Validation for Web Applications RiskSense Attack Surface Validation for Web Applications 2018 RiskSense, Inc. Keeping Pace with Digital Business No Excuses for Not Finding Risk Exposure We needed a faster way of getting a risk assessment

More information

Security by Default: Enabling Transformation Through Cyber Resilience

Security by Default: Enabling Transformation Through Cyber Resilience Security by Default: Enabling Transformation Through Cyber Resilience FIVE Steps TO Better Security Hygiene Solution Guide Introduction Government is undergoing a transformation. The global economic condition,

More information

Cybersecurity, safety and resilience - Airline perspective

Cybersecurity, safety and resilience - Airline perspective Arab Civil Aviation Commission - ACAC/ICAO MID GNSS Workshop Cybersecurity, safety and resilience - Airline perspective Rabat, November, 2017 Presented by Adlen LOUKIL, Ph.D CEO, Resys-consultants Advisory,

More information

ISO Professional Services Guide to Implementation and Certification AND

ISO Professional Services Guide to Implementation and Certification AND ISO 27001 Professional Services Guide to Implementation and Certification AND 1 DEKRA Company Overview Founded in Stuttgart, Germany in 1925 In more than 50 countries around the world GLOBAL PARTNER FOR

More information

Automating the Top 20 CIS Critical Security Controls

Automating the Top 20 CIS Critical Security Controls 20 Automating the Top 20 CIS Critical Security Controls SUMMARY It s not easy being today s CISO or CIO. With the advent of cloud computing, Shadow IT, and mobility, the risk surface area for enterprises

More information

Certified Secure Web Application Engineer

Certified Secure Web Application Engineer Certified Secure Web Application Engineer ACCREDITATIONS EXAM INFORMATION The Certified Secure Web Application Engineer exam is taken online through Mile2 s Assessment and Certification System ( MACS ),

More information

Security In A Box. Modular Security Services Offering - BFSI. A new concept to Security Services Delivery.

Security In A Box. Modular Security Services Offering - BFSI. A new concept to Security Services Delivery. Modular Security Services Offering - BFSI Security In A Box A new concept to Security Services Delivery. 2017 Skillmine Technology Consulting Pvt. Ltd. The information in this document is the property

More information

Predictive Insight, Automation and Expertise Drive Added Value for Managed Services

Predictive Insight, Automation and Expertise Drive Added Value for Managed Services Sponsored by: Cisco Services Author: Leslie Rosenberg December 2017 Predictive Insight, Automation and Expertise Drive Added Value for Managed Services IDC OPINION Competitive business leaders are challenging

More information

Your Trusted Partner in Europe European Business Reliance Centre

Your Trusted Partner in Europe European Business Reliance Centre Your Trusted Partner in Europe European Business Reliance Centre Fit4Exchange 23 Septembre 2015 ebrc.com 24/09/2015 Public 1 EBRC -European Business Reliance Centre Our vision: To be the Centre of Excellence

More information

Cyber Security - Information Security & Testing

Cyber Security - Information Security & Testing Cyber Security - Information Security & Testing Strategic delivery: Setting standards Increasing and informing choice Demonstrating efficiency economy and value Details: Meeting AGC Agenda item 11 Paper

More information

New Zealand Certificate in Regulatory Compliance (Core Knowledge) (Level 3)

New Zealand Certificate in Regulatory Compliance (Core Knowledge) (Level 3) New Zealand Certificate in Regulatory Compliance (Core Knowledge) (Level 3) If your staff need to learn the basics about regulatory compliance in New Zealand, then this is the paper for them. This qualification

More information

Security Management Models And Practices Feb 5, 2008

Security Management Models And Practices Feb 5, 2008 TEL2813/IS2820 Security Management Security Management Models And Practices Feb 5, 2008 Objectives Overview basic standards and best practices Overview of ISO 17799 Overview of NIST SP documents related

More information