Training Catalogue Nitroxis Rue de Nivelles Anderlues

Transcription

1 Training Catalogue 2016 Nitroxis Rue de Nivelles Anderlues

2 Who We Are Nitroxis is a consultancy company founded in 2011 and specialized in Information Security Systems and IT Governance. Nitrox is the common term in the diving community for any mixture of nitrogen and oxygen. «IS» stands for Information Security, Information Systems, Infrastructures. The use of Nitrox has the advantage of increasing diving time and safety, it also provides welfare during and after diving. STABILITY Reach the maximum stability and durability for your project OPTIMIZATION Optimize planning and risk management RELATIONSHIP Build a trustful relationship that increases mutual satisfaction RESOURCES Optimize resources management Nitrox Through the use of Nitrox, we provide: A LONGER SECURITY CURVE FOR THE SAME DIVING DEPTH A SHORTER DECOMPRESSION STOP FOR A SAME DIVING DURATION A SHORTER SURFACE INTERVAL BE- TWEEN TWO DIVES We benefit from longer and successive dives (missions) with reduced decompression stops. The strain of business is less important.

3 Our Values BUOYANCY CONTROL DEVICE «BCD» We are aiming at the maximum stability and durability for your project by deploying different control systems : preventive, deterrent, detective and corrective. TRANSPARENCY Like in diving it s better when your sight is clear. We bring all the facts to your knowledge with no sugar-coating or camouflage. NEVER DIVE ALONE Trust is an essential factor regarding IT Governance projects. We are also well aware that some projects require very specific skills. You can count on our trusted partners network to provide you with a wide range of expertise. PLAN YOUR DIVE NITROXIS never engages in a mission without careful planning and a full internal/external factors assessment. That s the key to our success. ENTHUSIASM Each project and each dive is a unique adventure: we enjoy and share both our IT & Diving passions with our partners. Divers are always happy and ready for the next dive. They share their knowledge and experience with the divers community. DISCOVERY Because the IT world is in perpetual evolution we dedicate ourselves to a continuous learning and training program.

4 Our Training Partners Through these partnerships, Nitroxis now intends to position itself as a key player in the Belgian landscape of Information Security. PECB Founded in 2005, PECB Inc. is a personnel certification body for a wide range of professional standards, including ISO 9001, ISO 14001, ISO/IEC 20000, ISO/IEC 27001, ISO/IEC 27005, ISO 22301, ISO 26000, ISO 22000, OHSAS and ISO Our mission is to provide our clients comprehensive examination and certification services for individuals. Certification represents the intersection of protection of the public, fairness to candidates, and often, various interests of the profession. Although these may appear to be competing interests, a well-designed certification program will be most effective in meeting these interests when its resources are deployed to enhance validity and reliability. The guidance that follows in our Quality Manual is intended to ensure that PECB develops, maintains and improves a high quality recognized certification program. ALTIRIAN Altirian is an audit and security architecture service company, based in Luxembourg and that operates globally. We help organization getting more compliant and efficient in the Information Security Management, Risk Management, IT Audit and Vulnerability Management fields. We also provide our partners network in EMEA with the most accurate InfoSec training and certification programs for individuals, in close combination with accredited professional certification bodies. With our ZenSecure program, we will drive you down the roads of fully integrated security shared & managed services for giving your business what it deserves the most Security in Serenity! A diver never dives alone. Our partners are our logistics bud- We are yours underwater. dies.

5 Our Training Locations Vision-IT Group ( ) Chaussée de la Hulpe 1170 Watermael-Boitsfort Belgium Approach Belgium sa/nv Axis Parc Rue Edouard Belin Mont-Saint-Guibert Belgium CQHN asbl Aéropole, Maison de l Industrie Rue Auguste Piccard, Gosselies Belgium ALTIRIAN S.A. Grand rue, Clervaux Luxembourg Devoteam Luxembourg 7, rue des Trois Cantons 8399 Windhof Luxembourg We can also organise some trainings at your premises and you can take some in the comfort of your home too (check our self-study section for more information).

6 What Our Customers Say About Us I was literally impressed by the way the training was done. The training was interactive, always pictured with comprehensive examples. I enjoyed that training, I learned a lot, my goal was achieved. I warmly recommend it, certainly given by Nitroxis. Christian Bistaffa, Principal Consultant Expertum training! A lot of useful information concerning the ISO27001 standard, completed by relevant practical examples. Dominique Becker, Security Officer Proximus Nice well mastered course with an in-depth practical experience. Marc Stern, Head of Security Consulting Approach Very I have enjoyed the class very much. The teacher was on hand to his students. The instructions were clear and accurate. We received many real world examples to illustrate the concepts. I definitely recommend Nitroxis ISO Lead Implementer Training. Salvatore Lombardo, Information Security Management ComputerLand and just-in-time training provided, leading to required certification. Relevant panel of supported certifications. Good support. Mr Michaël Raison, CISO SPF Justice Gaming Commission Efficient and attractive training leading to an efficient preparation for the Certification. Marc Masure, Head of Security Sixdots Pragmatic, and learned from this useful training, given by a highly qualified & pragmatic expert as the trainer, in an appropriate environment. Dirk De Nijs, Information Security Consultant and Managing Director Enjoyed ModuleBuilder

7 Awards We are proud to announce our new PECB Partnership Level Status intended to structure our partnership and canalize our joint efforts. We achieved it by maintaining an average course evaluation of at least 85% annually and sold at least 250 PECB Credits (e.g. 50 seats Lead course). PECB Gold partnership level is intended for experienced partners who have a demonstrated track record in providing PECB certified training courses.

8 Types of Trainings TRAINING WITH CERTIFICATION Trainings have an exam included. In case of success of the exam, and after validating their experience, trainees are entitled to a certificate title that depends on their experience or the exam they have taken. CERTIFIED SELF STUDY Our Self Study modules only contain Training with Certification. See our special Self Study Section. TAILORED TRAINING Training at your premises, or with a specific schedule (e.g.: split days). Or if you already followed a PECB training, we can shorten the next one without you losing the benefit of a full session. EVENING SESSIONS All the benefits from the daytime sessions, while remaining billable. BOOTCAMPS These are intensive trainings to completely review a topic in order for you to pass an external exam with ISACA or (ISC) 2 for example. Transparency and flexibility run deep into our veins. Contact us for more information about other requests you would have. Prices in this brochure refer to Belgium. For Luxembourg prices, please ask.

9 Self Study We believe that if you already followed a PECB Training and passed an exam, you don t need to sit for 5 days in a classroom again. Rather we can shorten this training class or give you the opportunity to study at your own pace. A unique chance to learn at your own pace from the comfort of your home and to join a growing community of Certified Professionals. Each dive is a new adventure, each course is different. The Certified Trainer will show you the most interesting parts of the course, offering you a unique chance to move to the next level in your Certification process. WHO SHOULD GIVE IT A TRY? Consultants and Freelances - Senior with at least 5 years of experience. People already with a good knowledge on the subject matter. MAIN BENEFITS: Flexibility. Reduced cost. You remain billable while studying. Get certified by passing the examination just like you would on the last day of a standard training session! Contact us for more information about this process.

10 HOW? Evening Sessions The training is split on several evenings; a course calendar is agreed between parties. For example any Lead Implementer/Auditor training is divided into eight sessions of 3 hours + one session for the Exam. WHY? As consultants, we know the pressure on budgets and trainings is high. WHEN? The training takes places between 6pm and 9pm. WHO SHOULD GIVE IT A TRY? Consultancy firms which can host after office hours sessions MAIN BENEFITS: Flexibility. Reduced cost. You remain billable while studying. Get certified by passing the examination just like you would at your company premises or in one of our training centres. As divers, when we don t have enough time to dive during day, we dive at night. the

11 Self Study Levels Nitrox You are already familiar with the PECB concepts and you are willing to optimize the preparation of the exam with a last rehearsal. You want to be well prepared, we define your program together. We are your enriched air (Safer - Shorter surface interval so you can go quickly for the exam - Reduced Exhaustion). 4h with your teacher 2000 Stress and Rescue Your tank is empty - you ran out of air - you haven t had time to complete all the subject matter and you need more preparation. You have other specific questions that take time or you need more time to get prepared for the exam. You feel lost for the Dive-Day (Exam). We prepare you for the exam or specific concept. We determine together how much hours you need to feel secure for the Exam. On demand. Ask for a quote Start diving in ISO training with Nitroxis, and get all the advantages of our flexibility! We're sure, once you'll have tried it you'll love it!

12 Incentives Because we are thinking an individual investing in high quality training should be rewarded... Some of our trainings are eligible for our loyalty program. This loyalty program gives you access to unique offerings such as scuba diving incentives. Look for this pictogram in the course descriptions for eligible trainings. Contact us for more information about the complete choice of incentives available to you! Please note that some incentives may be subject to local taxes, independently from us.

13 INFORMATION SECURITY MANAGEMENT Information Security is more than ever at the heart of business concerns. Our ambition is to develop your skills so you gain in autonomy, satisfaction and can dive deeper in Information Security. Cybersecurity is not an IT problem, rather a business concern.

14 Certified ISO Lead Implementer This five-day intensive course enables participants to develop the necessary expertise to support an organization in implementing and managing an Information Security Management System (ISMS) based on ISO/IEC 27001:2013. CERTIFIED To Understand the implementation of an Information Security Management System in accordance with ISO To Gain a comprehensive understanding of the concepts, approaches, standards, methods and techniques required for the effective management of an Information Security Management System. To Understand the relationship between the components of an Information Security Management System, including risk management, controls and compliance with the requirements of different stakeholders of the organization. To Acquire the necessary expertise to support an organization in implementing, managing and maintaining an ISMS as specified in ISO To Acquire the necessary expertise to manage a team implementing ISO To Develop the knowledge and skills required to advise organizations on best practices in the management of information security. To Improve the capacity for analysis and decision making in the context of information security management. This five-day intensive course enables participants to develop the necessary expertise to support an organization in implementing and managing an Information Security Management System (ISMS) based on ISO/IEC 27001:2013. Participants will also gain a thorough understanding of best practices used to implement information security controls from all areas of ISO This training is consistent with the project management practices established in ISO (Quality Management Systems - Guidelines for Quality Management in Projects). This training is also fully compatible with ISO (Guidelines for the Implementation of an ISMS), ISO (Measurement of Information Security) and ISO (Risk Management in Information Security). Project managers or consultants wanting to prepare and to support an organization in the implementation of an Information Security Management System (ISMS). ISO auditors who wish to fully understand the Information Security Management System implementation process. CxO and Senior Managers responsible for the IT governance of an enterprise and the management of its risks. Members of an information security team. Expert advisors in information technology. Technical experts wanting to prepare for an information security function or for an ISMS project management function. ISO Foundation Certification or a basic knowledge of ISO is recommended. Day 1: Introduction to Information Security Management System (ISMS) concepts as required by ISO Day 2: Planning the implementation of an ISMS based on ISO Day 3: Implementing an ISMS based on ISO Day 4: Controlling, monitoring, measuring and improving an ISMS; certification audit of the ISMS Day 5: Certification Exam 2500 Be, Lux 5 days INCLUDED Feb 2016 (Be) FR 7-11 Mar 2016 (Lux) EN Apr 2016 (Be) FR 6-10 Jun 2016 (Lux) FR 5-9 Sep 2016 (Lux) EN 5-9 Dec 2016 (Lux) FR Certification examination takes place on the last day of the session Examination is available in English and French

15 Certified ISO Lead Auditor This five-day intensive course enables participants to develop the necessary expertise to audit an Information Security Management System (ISMS) and to manage a team of auditors by applying widely recognized audit principles, procedures and techniques CERTIFIED To acquire the expertise to perform an ISO internal audit following ISO guidelines. To acquire the expertise to perform an ISO certification audit following ISO guidelines and the specifications of ISO and ISO To acquire the necessary expertise to manage an ISMS audit team To understand the operation of an ISO conformant information security management system. To understand the relationship between an Information Security Management System, including risk management, controls and compliance with the requirements of different stakeholders of the organization. To improve the ability to analyse the internal and external environment of an organization, its risk assessment and audit decision-making. This five-day intensive course enables participants to develop the necessary expertise to audit an Information Security Management System (ISMS) and to manage a team of auditors by applying widely recognized audit principles, procedures and techniques. During this training, the participant will acquire the necessary knowledge and skills to proficiently plan and perform internal and external audits in compliance with ISO the certification process according to ISO Based on practical exercises, the participant will develop the skills (mastering audit techniques) and competencies (managing audit teams and audit program, communicating with customers, conflict resolution, etc.) necessary to efficiently conduct an audit. Internal auditors. Auditors wanting to perform and lead Information Security Management System (ISMS) certification audits. Project managers or consultants wanting to master the Information Security Management System audit process. CxO and Senior Managers responsible for the IT governance of an enterprise and the management of its risks. Members of an information security team. Expert advisors in information technology. Technical experts wanting to prepare for an Information security audit function. ISO Foundation Certification or a basic knowledge of ISO is recommended. Day 1: Introduction to Information Security Management System (ISMS) concepts as required by ISO Day 2: Planning and Initiating an ISO audit Day 3: Conducting an ISO audit Day 4: Concluding and ensuring the follow-up of an ISO audit Day 5: Certification Exam 2500 Be, Lux 5 days INCLUDED Jun 2016 (Be) FR Certification examination takes place on the last day of the session Examination is available in English and French

16 Certified ISO Foundation Become acquainted with the best practices for implementing and managing an information security management system (ISMS) based on ISO CERTIFIED To Understand the implementation of an Information Security Management System in accordance with ISO To Understand the relationship between an Information Security Management System, including risk management, controls and compliance with the requirements of different stakeholders of the organization. To Know the concepts, approaches, standards, methods and techniques allowing to effectively manage an Information Security Management System. To Acquire the necessary Knowledge to contribute in implementing an Information Security Management System (ISMS) as specified in ISO This course enables participants to learn about the best practices for implementing and managing an Information Security Management System (ISMS) as specified in ISO/IEC 27001:2013, as well as the best practices for implementing the information security controls of the eleven domains of the ISO This training also helps to understand how ISO and ISO relate with ISO (Guidelines for the implementation of an ISMS), ISO (Measurement of information security) and ISO (Risk Management in Information Security). Members of an information security team. IT Professionals wanting to gain a comprehensive knowledge of the main processes of an Information Security Management System (ISMS). Staff involved in the implementation of the ISO standard. Technicians involved in operations related to an ISMS. Auditors. CxO and Senior Managers responsible for the IT governance of an enterprise and the management of its risks. None. Day 1: Introduction to Information Security Management System (ISMS) concepts as required by ISO Day 2: Implementing controls in Information Security according to ISO and Certification Exam 1100 CQHN 2 days INCLUDED May 2016 FR Certification examination takes place on the last day of the session Examination is available in English and French

17 Introduction to ISO Introduction to the implementation of an Information Security Management System (ISMS) based on ISO To understand the fundamentals of information security. To knowing the interrelationships between ISO and the other information security standards (ISO 27002, ISO 27003, ISO 27004, and ISO ) To know the key components of an Information Security Management System (ISMS) in accordance with ISO To introduce the concepts, approaches, standards, methods and techniques allowing to effectively manage an ISMS. To understand the relationship between an Information Security Management System, including risk management, controls and compliance with the requirements of different stakeholders of the organization. To understand the stages of the ISO27001 certification process. This one-day training enables participants to be familiar with the basic concepts of the implementation and management of an Information Security Management System (ISMS) as specified in ISO/IEC 27001:2013. The participant will learn the different components of an ISMS, including the ISMS policy, risk management, measuring performance, management s commitment, internal audit, management review and continual improvement. IT Professionals wanting to gain a comprehensive knowledge of the main processes of an Information Security Management System (ISMS) Staff involved in the implementation of the ISO standard Expert advisors in IT CxO and Senior Managers responsible for the IT governance of an enterprise and the management of its risks Auditors None. Introduction to the ISO standards family Introduction to management systems and the process approach General requirements: presentation of the clauses 4 to 8 of ISO Implementation phases of the ISO framework Introduction to risk management according to ISO Continual improvement of information security Conducting an ISO certification audit 400 CQHN 14 Mar day N/A

18 Certified ISO Lead Implementer This five-day intensive course enables participants to develop, acquire, implement and use trustworthy applications, at an acceptable (or tolerable) security cost. More specifically, these components, processes and frameworks provide verifiable evidence that applications have reached and maintained a targeted level of trust as specified in ISO/IEC CERTIFIED To understand the implementation of an AS in accordance with ISO/ IEC To gain a comprehensive understanding of the concepts, approaches, standards, methods and techniques required for the effective management of an AS. To understand the relationship between the components of an AS including risk management, controls and compliance with the requirements of different stakeholders of the organization. To acquire necessary expertise to support an organization in implementing, managing and maintaining an AS as specified in ISO/IEC To acquire necessary expertise to manage a team implementing ISO/ IEC To develop knowledge and skills required to advise organizations on best practices in the management of an AS. To improve the capacity for analysis and decision making in the context of an AS. The purpose of ISO/IEC Lead Implementer is to assist organizations in integrating security seamlessly throughout the life cycle of their applications. Applications Security applies to the original software of an application and to its contributing factors that impact its security, such as data, technology, application development life cycle processes, supporting processes and actors,and it applies to all sizes and all type of organizations (e.g. commercial enterprises, government agencies, non-profit organizations) exposed to risk associated with applications. The multi-part standard provided guidance on specifying, designing/ selecting an implementing information security controls through a set of processes integrated throughout an organization s System Development Life Cycle/s (SDLC). Project managers or consultants wanting to prepare and to support an organization in the implementation of an Application Security. ISO auditors who wish to fully understand the Application Security implementation process. Administrators. Software acquirers. Software development managers. Applications owners. Line Managers, who supervises employees. None. Day 1: Introduction to IT - Security Techniques - Application Security overview and concepts as required by ISO Day 2: Implementation of IT - Security Techniques - Application Security based on ISO Day 3: Protocols and Application Security control data structure based on ISO Day 4: Security guidance for Specific Applications Day 5: Certification Exam 2500 Luxembourg TBD 5 days INCLUDED Certification examination takes place on the last day of the session Examination is available in English and French

19 Certified Lead Security Incident Professional In this five-day intensive course participants develop the competence to master a model for implementing an incident management process throughout their organisation using the ISO standard as a reference framework. CERTIFIED To understand the concepts, approaches, methods, tools and techniques allowing an effective information security incident management according to ISO To understand, interpret and provide guidance on how to implement and manage incident management processes based on best practices of ISO and other relevant standards. To acquire the competence to implement, maintain and manage an ongoing information security incident management program according to ISO To acquire the competence to effectively advise organizations on the best practices in information security Management. Based on practical exercises, participants acquire the necessary knowledge and skills to manage information security incidents in time by being familiar with their life cycle. During this training, we will present the ISO information security incident management standard, a process model for designing and developing an organisational incident management process, and how companies may use the standard. This training is also fully compatible with ISO which supports ISO by providing guidance for incident management. The course material has also taken into consideration leading industry standards, such as NIST SP Incident managers. Business Process Owners. Information Security Risk Managers. Regulatory Compliance Managers. Members of Incident Response Team. Persons responsible for information security or conformity within an organization. Business Continuity Managers. Security and Business Process consultants. A basic knowledge of Information Security Incident Management is recommended. Day 1: Introduction, Incident Management Framework according to ISO Day 2: Planning the implementation of an Organizational Incident Management Process based on ISO Day 3: Implementing an Incident Management Process based on ISO Day 4: Monitoring, measuring and improving an Incident Management Process Day 5: Certification Exam 2500 ANY On demand. 5 days INCLUDED Certification examination takes place on the last day of the session Examination is available in English and French

20 Certified Lead Privacy Implementer This five-day intensive course enables participants to develop the necessary expertise to support an organization in implementing and managing a Privacy Framework based on ISO 29100, the Generally Accepted Privacy principles and guidance from international information commissioners. CERTIFIED To understand the core competences on Privacy Framework. To gain a comprehensive understanding of the concepts, approaches, standards, methods and techniques required for the effective protection of personally identifiable information (PII). To define privacy safeguarding requirements related to PII within an ICT environment. To understand the relationship between the components of Privacy Framework with existing security standards and various applicable laws. To acquire necessary expertise in privacy governance, specifically in personally identifiable information governance. To acquire necessary expertise in privacy risk management compliance connected with personally identifiable information. To develop knowledge and skills required to advise for improve organizations privacy programs through the use of best practices. To improve the capacity for analysis of privacy incident management. To understand the relationship between the components of Privacy Framework with existing security standards and various applicable laws and directives. Participants will gain a thorough understanding of how to design, build and lead organizations privacy programs covering business processes, ICT systems and services, through the use of best practices. The training provides a privacy framework which specifies a common privacy terminology, defines the actors and their roles in processing personally identifiable information (PII), describes privacy safeguarding considerations and provides references to known privacy principles for information technology. Based on this knowledge delegates will have the skills to build privacy frameworks that allow their organisation to maintain compliance to the many privacy directives and laws worldwide. Project managers or consultants wanting to prepare and to support organizations on implementing and managing a Privacy Framework Security auditors who wish to fully understand the Privacy Framework implementation process Experienced IT security management professionals IT security professionals interested in earning Privacy Management Framework certification Privacy Officers, Data Protection Officers, and Compliance professionals with an interest in privacy legislation and risk Security professionals with front-line experience Information security staff Expert advisors in information technology Persons and organizations involved in tasks where privacy controls are required for the processing of PII Legal practitioners who wish to understand the practical aspects of privacy frameworks Knowledge on the Privacy Framework in Information Security is preferred. Day 1: Introduction to Privacy Framework concepts as recommended by ISO Day 2: Planning the implementation of the Privacy Framework Day 3: Implementing a Privacy Framework Day 4: Privacy Framework measurement and continuous improvement Day 5: Certification Exam 2500 ANY On demand. 5 days INCLUDED Certification examination takes place on the last day of the session Examination is available in English and French

21 Certified Lead SCADA Professional This five-day intensive course enables participants to develop the necessary expertise to plan, design, and implement an effective program to protect SCADA systems. CERTIFIED To understand and explain the purpose and risks to SCADA Systems, Distributed Control Systems and Programmable Logic Controllers. To understand the risks faced by these environments and the appropriate approaches to manage such risks. To develop the expertise to support a pro-active SCADA security program including policies and vulnerability management. To define and design network architecture incorporating defense in depth security controls for SCADA. To explain the relationship between management, operational and technical controls in a SCADA security program. To improve the ability to design resilient high availability SCADA systems. To be able to manage a program of effective security testing activities. Participants will be able to understand common Industrial Control System (ICS) threats, vulnerabilities, and risks related to ICS systems and how they can be managed. This training focuses on a mix of knowledge and skills related to SCADA/ICS security. The course has been designed by industry experts with in-depth experience in SCADA and Industrial Control Systems Security. Unlike other certifications, this course focuses specifically on the knowledge and skills needed by a professional looking to advice on, or manage risks related to SCADA environments and systems. Given the high profile nature, and the significant impacts associated with such environments, a holistic professional approach to security is needed and that is exactly what this course is designed to provide. In addition to presenting the theoretical knowledge needed by a SCA- DA Security Professional, a comprehensive methodology for the implementation is presented. Thus, at the end of this course, participants will gain knowledge on how to effectively implement a security program for SCADA/ ICS systems. Security professionals wanting to gain SCADA security professional skills IT staff looking to enhance their technical skills and knowledge IT and Risk Managers seeking a more detailed understanding of ICS and SCADA systems SCADA system developers SCADA Engineers and Operators SCADA IT personnel Knowledge of SCADA systems is preferred. Day 1: Introduction to SCADA and ICS with Fundamental Principles Day 2: Designing a Security Program and Network Security Architecture Day 3: Implementing ICS Security Controls, Incident Management and Business Continuity Day 4: Security testing of SCADA systems Day 5: Certification Exam 2500 ANY On demand. 5 days INCLUDED Certification examination takes place on the last day of the session Examination is available in English and French

22 CISA Certified Information Security Auditor This course will prepare CISA exam, Certified Information Systems Auditor, covering the entire curriculum CBK (Common Body of Knowledge) common core of knowledge in security as defined by ISACA, Information Systems Audit and Control Association. Deepen your knowledge and improve your competencies in Information Security Management Systems. Analyse and master the different domains covered by the CISA examination. Learn the vocabulary and the directive ideas of the CISA examination. Train over the examination process and acquire the strategies to answering the questionnaire. Get prepared to pass the CISA certification. The CISA designation is a globally recognized certification for IS audit control, assurance and security professionals. Being CISA certified showcases your audit experience, skills and knowledge, and demonstrates you are capable to assess vulnerabilities, report on compliance and institute controls within the enterprise. As the different tasks refer to the respective COBIT processes, COBIT is completely integrated into the CISA certification. The Job Practice Areas covered by the CISA certification are spread over 5 domains, 38 tasks and 80 knowledge statements. Information System (IS) Directors, auditors, responsible for business continuity or security, or for which the control of IS is fundamental in achieving their goals. Basic knowledge of the Information Systems is recommended. Domain 1 : The Process of Auditing Information Systems Domain 2 : Governance and IT Management Domain 3 : Information Systems Acquisition, Development and Implementation Domain 4 : Information Systems Operations, Maintenance and Support Domain 5 : Protection of Information Assets Preparation and Certification 2500 ANY On demand. 5 days Via ISACA Certification examination registration has to be done directly with the ISACA that organises the certification.

23 CISM Certified Information Security Manager This 3 days course will prepare for the CISM exam Certified Information Security Manager, covering the entire CBK (Common Body of Knowledge) common core of knowledge in security as defined by ISACA, Information Systems Audit and Control Association. Deepen your knowledge and improve your competencies in Information Security Management Systems. Analyse and master the different domains covered by the CISM examination. Learn the vocabulary and the directive ideas of the CISM examination. Train over the examination process and acquire the strategies to answering the questionnaire. Get prepared to pass the CISM certification. The CISM training given by an expert in Information Security Systems will allow the trainees to acquire the required skills to: Elaborate an Information Security Strategy in order to have it aligned to the corporate strategy. Define the roles and responsibilities in governance and information security. Develop a systemic and analytic approach, and a continuous process of risk management. Create and maintain plans to implement a carefully crafted frame for governance and information security. Efficiently integrate information security policies, procedures, instructions and accountability within the organisation s culture. Information System (IS) Directors, auditors, responsible for business continuity or security, or for which the control of IS is fundamental in achieving their goals. Basic knowledge of the Information Systems is recommended. Understanding English is necessary because the documentation is in English (the training is in French or English). Domain 1: Information Security Governance Domain 2: Information Risk Management and Compliance Domain 3: Information Security Program Development and Management Domain 4: Information Security Incident Management Preparation and Certification 1500 ANY On demand. 3 days Via ISACA Certification examination registration has to be done directly with the ISACA that organises the certification.

24 CISSP Certified Information Systems Security Professional The vendor-neutral CISSP certification is the ideal credential for those with proven deep technical and managerial competence, skills, experience, and credibility to design, engineer, implement, and manage their overall information security program to protect organizations from growing sophisticated attacks. Understand the 8 domains of knowledge that are covered on the CIS- SP exam. Analyse questions on the exam and be able to select the correct answer. Apply the knowledge and testing skills learned in class to pass the CISSP exam. Understand and explain all of the concepts covered in the 8 domains of knowledge. Apply the skills learned across the 8 domains to solve security problems when you return to work. This training seminar provides a comprehensive review of information security concepts and industry best practices, covering the 8 domains of the CISSP CBK (Common Body of Knowledge). Several types of activities are used throughout the course to reinforce topics and increase knowledge retention. These activities include open ended questions from the instructor to the students, matching and poll questions, group activities, open/closed questions, and group discussions. This interactive learning technique is based on sound adult learning theories. This training course will help candidates review and refresh their information security knowledge and help identify areas they need to study for the CISSP exam and features. Security Consultant, Security Manager, IT Director/Manager, Security Auditor, Security Architect, Security Analyst, Security Systems Engineer, Chief Information Security Officer, Director of Security, Network Architect Basic knowledge of the Information Systems is recommended. Understanding English is necessary because the documentation is in English (the training is in French or English). 1. Security and Risk Management 2. Asset Security 3. Security Engineering 4. Communications and Network Security 5. Identity and Access Management 6. Security Assessment and Testing 7. Security Operations 8. Software Development Security 2500 Be, Lux 5 days Via (ISC) Apr 2016 (Be) Apr 2016 (Lux) Certification examination registration has to be done directly with the (ISC) 2 that organises the certification.

25 RISK MANAGEMENT Managers need to understand the importance of risk management as a tool for meeting business needs and developing management program to support these needs. The objective of Risk Management is to identify, analyse, quantify and manage information (security-related) risks to achieve business objectives through a number of tasks. Risk management is a process aimed at achieving an optimal balance between realizing opportunities for gain and minimizing vulnerabilities and loss. This is usually accomplished by ensuring that the impact of threats exploiting vulnerabilities is within acceptable limits at an acceptable cost.

26 Certified ISO Risk Manager In this three-day intensive course participants develop the competence to master a model for implementing risk management processes throughout their organization using the ISO 31000:2009 standard as a reference framework. CERTIFIED To Understand the concepts, approaches, methods, tools and techniques allowing an effective risk management according to ISO and IEC/ISO To understand the relationship between the risk management and the compliance with the requirements of different stakeholders of an organization. To acquire the competence to implement, maintain and manage an ongoing risk management program according to ISO To acquire the competence to effectively advise organizations on the best practices in risk management. Based on practical exercises, participants acquire the necessary knowledge and skills to perform an optimal risk assessment and manage risks in time by being familiar with their life cycle. During this training, we will present the ISO general risk management standard, the process model it recommends, and how companies may use the standard. This training is also fully compatible with IEC/ISO which supports ISO by providing guidance for risk assessment. Risk managers. Business process owners. Business finance managers. Business Risk Managers. Regulatory compliance managers. Project Management. Persons responsible for information security or conformity within an organization. None. Day 1: Introduction to Risk Management framework according to ISO Day 2: Risk identification and assessment, risk evaluation, treatment, acceptance, communication and surveillance according to ISO Day 3: Risk assessment methodologies according to IEC/ISO and Exam 1500 ANY 3 days INCLUDED May 2016 (Be) FR Certification examination takes place on the last day of the session Examination is available in English and French

27 Certified ISO Risk Manager Mastering risk assessment and optimal risk management in information security based on ISO CERTIFIED To understand the concepts, approaches, methods and techniques allowing an effective risk management according to ISO To interpret the requirements of ISO on information security risk management. To understand the relationship between the information security risk management, the security controls and the compliance with the requirements of different stakeholders of an organization. To acquire the competence to implement, maintain and manage an ongoing information security risk management program according to ISO To acquire the competence to effectively advise organizations on the best practices in information security risk management. In this three-day intensive course participants develop the competence to master the basic risk management elements related to all assets of relevance for information security using the ISO/IEC 27005:2011 standard as a reference framework. Based on practical exercises and case studies, participants acquire the necessary knowledge and skills to perform an optimal information security risk assessment and manage risks in time by being familiar with their life cycle. During this training, we will also present other risk assessment methods such as OCTAVE, EBIOS, MEHARI and Harmonized TRA. This training fits perfectly with the implementation process of the ISMS framework in ISO/IEC 27001:2013 standard. Risk managers. Member of the information security team. Persons responsible for information security or conformity within an organization. Staff implementing or seeking to comply with ISO or involved in a risk management program. IT consultants. None. Day 1: Introduction, risk management program according to ISO Day 2: Risk identification and assessment, risk evaluation, treatment, acceptance, communication and surveillance according to ISO Day 3: Overview of other information security risk assessment methods and Exam 1500 Be, Lux 3 days INCLUDED Jun 2016 (Be) FR Certification examination takes place on the last day of the session Examination is available in English and French

28 Introduction to ISO Learning the best practices in risk management based on ISO To understand the concepts, approaches, methods and techniques allowing an effective risk management according to ISO To understand the relationship between the risk management and the compliance with the requirements of different stakeholders of an organization. This one day course allows the participants to familiarize themselves with the fundamentals of risk management using the standard ISO 31000:2009 as a reference framework. Participants will see different parts of a risk management program and the implementation stages of an optimal risk assessment. During this training, we will explore the ISO general risk management standard, the process model it recommends, and how companies may use the standard, and its companion risk assessment tools document IEC/ISO Risk managers. Business Process Owners. Business Finance Managers. Business Risk Managers. Regulatory Compliance Managers. Project Management. Persons responsible for information security or conformity within an organization. None. Concepts and definitions related to risk management Standards, frameworks and methodologies in risk management Implement a risk management program Risk assessment Acceptance of risk and management of residual risks Communicating, monitoring and controlling risk Risk assessment tools of IEC/ISO CQHN 5 Feb day N/A

29 Introduction to risk management methodologies Learning the different methodologies in risk management. To understand the concepts, approaches, methods and techniques allowing an effective management of risk according to ISO To interpret the requirements of ISO on information security risk management. To understand the relationship between the information security risk management, the security controls and the compliance with the requirements of different stakeholders of an organization. To become familiar with the most used risk management methods on the market as NIST , Microsoft Security Risk Management Guide, OCTAVE, Harmonized TRA, EBIOS and MEHARI. This one day course allows the participants to learn about the different methods of risk estimation, most used on the market, as NIST , Microsoft Security Risk Management Guide, OCTAVE, Harmonized TRA, EBIOS and, MEHARI. The methods discussed are compatible with the principles of ISO/IEC 27005:2011 and within the framework of an implementation process of ISO Participants will see different stages of conducting a risk assessment based on each of the methodologies presented. IT professionals wishing to obtain a comprehensive understanding of risk management within an organization. Staff implementing or seeking to comply with ISO or involved in a risk management program. Member of the information security team. None. Concepts and definitions related to risk management according to ISO Standards, frameworks and methodologies in risk management Introduction to NIST Introduction to Microsoft Security Risk Management Introduction to OCTAVE Introduction to Harmonized TRA Introduction to EBIOS Introduction to MEHARI 400 CQHN TBD 1 day N/A

30 Introduction to ISO Learning the best practices in risk management based on ISO To understand the basics of the implementation, management and maintenance of an ongoing risk management program. To introduce the concepts, approaches, standards, methods and techniques allowing an effective management of risk. To interpret the requirements of ISO on information security risk management. To understand the relationship between the information security risk management, the security controls and the compliance with the requirements of different stakeholders of an organization. This one day course allows the participants to familiarize themselves with the fundamentals of risk management related to information security using the standard ISO/IEC 27005:2011 as a reference framework. Participants will see different parts of a risk management program and the implementation stages of an optimal risk assessment. It should be noted that this course fits perfectly into the framework of a process of implementation of ISO IT professionals wishing to obtain a comprehensive understanding of risk management within an organization. Staff implementing or seeking to comply with ISO or involved in a risk management program. Member of the information security team. None. Concepts and definitions related to risk management Standards, frameworks and methodologies in risk management Implement a risk management program Risk identification and risk analysis Risk evaluation and risk treatment Acceptance of risk and management of residual risks Communicating, monitoring and controlling risk 400 CQHN On demand. 1 day N/A

31 BUSINESS CONTINUITY MANAGEMENT Business continuity is the capability of the organization to continue delivery of products or services at acceptable predefined levels following a disruptive incident. Business continuity management (BCM) is the process of achieving business continuity and is about preparing an organization to deal with disruptive incidents that might otherwise prevent it from achieving its objectives.

32 Certified ISO Lead Implementer This five-day intensive course enables participants to develop the necessary expertise to support an organisation in implementing and managing a Business Continuity Management System (BCMS) based on ISO 22301:2011. CERTIFIED To Understand the implementation of a Business Continuity Management System (BCMS) in accordance with ISO 22301, ISO or BS To Gain a comprehensive understanding of the concepts, approaches, standards, methods and techniques required for the effective management of a Business Continuity Management System. To Acquire the necessary expertise to support an organization in implementing, managing and maintaining a BCMS as specified in ISO22301 or BS To Acquire the necessary expertise to manage a team implementing ISO22301 or BS To Develop the knowledge and skills required to advise organizations on best practices in the management of business continuity. To Improve the capacity for analysis and decision making in the context of business continuity management. This five-day intensive course enables participants to develop the necessary expertise to support an organisation in implementing and managing a Business Continuity Management System (BCMS) based on ISO 22301:2011. Participants will also gain a thorough understanding of best practices used to implement business continuity processes from the ISO This training is consistent with the project management practices established in ISO (Quality Management Systems - Guidelines for Quality Management in Projects). This training is fully compatible with BS (Business continuity management specification) and ISO (Guidelines for information and communication technology readiness for business continuity). Project managers or consultants wanting to prepare and to support an organization in the implementation of a Business Continuity Management System (BCMS). Business continuity auditors who wish to fully understand the implementation of a Business Continuity Management System. Persons responsible for the business continuity conformity in an organization. Members of an business continuity team. Expert advisors in business continuity. Members of an organization that want to prepare for an business continuity function or for a BCMS project management function. ISO Foundation Certification or basic knowledge of ISO or BS and business continuity concepts is recommended. Day 1: Introduction to Business Continuity Management System (BCMS) concepts as required by ISO 22301; Initiating a BCMS Day 2: Planning a BCMS based on ISO Day 3: Implementing a BCMS based on ISO Day 4: Controlling, monitoring and measuring and improving a BCMS and certification audit of a BCMS Day 5: Certification Exam 2500 Be, Lux TBD 5 days INCLUDED Certification examination takes place on the last day of the session Examination is available in English and French

33 Certified ISO Lead Auditor This five-day intensive course enables participants to develop the necessary expertise to audit a Business Continuity Management System (BCMS) and to manage a team of auditors by applying widely recognised audit principles, procedures and techniques. CERTIFIED To acquire the expertise to perform an ISO or BS internal audit following ISO guidelines. To acquire the expertise to perform an ISO or BS certification audit following ISO guidelines and the specifications of ISO To acquire the expertise necessary to manage a BCMS audit team. Understanding the operation of the Business Continuity Management System in accordance with ISO22301, ISO or BS To understand the relationship between a Business Continuity Management System, including risk management, controls and compliance with the requirements of different stakeholders of the organization. To improve the ability to analyse the internal and external environment of an organization, risk assessment and audit decision-making in the context of a BCMS. This five-day intensive course enables participants to develop the necessary expertise to audit a Business Continuity Management System (BCMS) and to manage a team of auditors by applying widely recognised audit principles, procedures and techniques. During this training, the participant will acquire the necessary knowledge and skills to proficiently plan and perform internal and external audits in compliance with ISO the certification process according to Based on practical exercises, the participant will develop the skills (mastering audit techniques) and competencies (managing audit teams and audit program, communicating with customers, conflict resolution, etc.) necessary to efficiently conduct an audit. This training is compatible with BS audit (Business continuity management specification) and ISO (Guidelines for information and communication technology readiness for business continuity). Internal auditors. Auditors wanting to perform and lead Business Continuity Management System (BCMS) certification audits. Project managers or consultants wanting to master the Business Continuity Management System audit process. Persons responsible for the Business continuity conformity in an organisation. Members of an business continuity team. Expert advisors in information technology. Technical experts wanting to prepare for an Business continuity audit function. ISO Foundation Certification or basic knowledge of ISO or BS and business continuity concepts is recommended. Day 1: Introduction to Business Continuity Management System (BCMS) concepts as required by ISO Day 2: Planning and Initiating an ISO audit Day 3: Conducting an ISO audit Day 4: Concluding and ensuring the follow-up of an ISO audit Day 5: Certification Exam 2500 ANY On demand. 5 days INCLUDED Certification examination takes place on the last day of the session Examination is available in English and French

34 Introduction to ISO Introduction to the implementation of a Business Continuity Management System (BCMS) based on ISO To understand the fundamentals of business continuity. To know the interrelationships between ISO 22301, ISO and the other business continuity standards as BS To know the key components of a Business Continuity Management System (BCMS) in accordance with ISO 22301, ISO or BS To introduce the concepts, approaches, standards, methods and techniques allowing to effectively manage a BCMS. To understand the relationship between a Business Continuity Management System, including risk management, controls and compliance with the requirements of different stakeholders of the organization. To understand the stages of the ISO22301 or BS certification process. This one-day training enables participants to be familiar with the basic concepts of the implementation and management of a Business Continuity Management System (BCMS) as specified in ISO 22301:2010, as well as the best practices for implementing the business continuity processes based on the ISO/PAS The participant will learn the different components of a BCMS, including the BCMS policy, risk management, measuring performance, management s commitment, internal audit, management review and continual improvement. This training is fully compatible with BS (Business continuity management specification) and ISO (Guidelines for information and communication technology readiness for business continuity). Professionals wanting to gain a comprehensive knowledge of the main processes of a Business Continuity Management System (BCMS). Staff involved in the implementation of the ISO standard. Expert advisors in business continuity. Managers responsible for implementing a BCMS. Auditors. None. Presentation of the standards ISO 22301, ISO 27031, ISO/PAS 22399, BS and regulatory framework Introduction to management systems and the process approach General requirements: presentation of the clauses 4 to 10 of ISO Implementation phases of the ISO framework Business impact analysis (BIA) and risk management Continual improvement of business continuity Conducting ISO certification audit 400 CQHN 1 day N/A 3 Jun 2016 (Be) FR

35 GOVERNANCE ITIL, Project Management, CGEIT and more. A selection of high quality governance trainings is offered to you.

36 Certified ISO Lead Implementer The ISO/IEC Implementer certifications are professional certifications for professionals needing to implement an Service Management System (SMS) and, in case of the ISO/IEC Lead Implementer Certification, needing to manage an implementation project. CERTIFIED To understand the implementation of a Service Management System in accordance with ISO To gain a comprehensive understanding of the concepts, approaches, standards, methods and techniques allowing an effective management of a Service Management System. To know the interrelationships between ISO/IEC , ISO/IEC and ITIL. To acquire expertise to support an organization in implementing, managing and maintaining a Service Management System (SMS) as specified in ISO/IEC To acquire the necessary expertise to manage a team in implementing the ISO standard. This five-day intensive course enables the participants to develop the necessary expertise to support an organization in implementing and managing a Service Management System as specified in ISO/IEC Also, the participants will gain a thorough understanding of best practices for planning and implementing Service Management processes based on ISO planning, and implementing new and changed services, service delivery process, relationship management processes, problem resolution process, control processes and release processes. This training is consistent with the project management practices established in ISO (Quality Management Systems - Guidelines for Quality Management in Projects). This training is fully compatible with ISO (Guidelines for the Implementation of an SMS) and ITIL. Manager or consultant wanting to implement an Service Management System (SMS). Project manager or consultant wanting to master the Service Management System implementation process. Person responsible for the Service or conformity in an organization Member of the Service team. Expert advisor in information technology service management. Technical expert wanting to prepare for an service management audit function. ISO Foundation Certification or basic knowledge of ISO and ITIL is recommended. Day 1: Introduction to Service Management System (SMS) concepts as required by ISO Initiating a SMS Day 2: Planning a SMS based on ISO Day 3: Implementing a SMS based on ISO Day 4: Controlling, monitoring, measuring and improving a SMS certification audit of an SMS in accordance with ISO Day 5: Certification Exam 2500 Be 5 days INCLUDED 28 Mar - 1 Apr 2016 FR Certification examination takes place on the last day of the session Examination is available in English and French

37 Certified ISO Lead Auditor The ISO/IEC Auditor certifications are credentials for professionals needing to audit an Service Management System (SMS) and, in case of the ISO Lead Auditor» Certification, able to manage a team of auditors. CERTIFIED To acquire the expertise of performing an ISO internal audit, following the ISO guidelines. To acquire the expertise of performing an ISO certification audit, following the ISO guidelines and ISO specifications. To acquire the necessary expertise of performing a SMS audit team. To understand the operation of an ISO conformant service management system. To know the interrelationships between ISO/IEC , ISO/IEC and ITIL. This five day intensive course enables the participants to develop the necessary expertise to audit a Service Management System (SMS) based on ISO and to manage a team of auditors by applying widely recognized audit principles, procedures and techniques. During this training, the participant will acquire necessary knowledge and skills to proficiently plan and perform internal and external audits in compliance with ISO and certification audits according to ISO Based on practical exercises, the participant will develop the skills (mastering audit techniques) and competencies (managing audit teams and audit program, communicating with customers, conflict resolution, etc.) necessary to efficiently conduct an audit. Auditor wanting to perform and lead an Service Management System (SMS) audits as the responsible of an audit team. Project manager or consultant wanting to master the Service Management System audit process. Person responsible for the Service or conformity in an organization. Member of the Service team. Expert advisor in information technology service management. Technical expert wanting to prepare for an ITSM audit function. ISO Foundation Certification or basic knowledge of ISO and ITIL is recommended. Day 1: Introduction to Service Management System (SMS) concepts as required by ISO Day 2: Planning and initiating an ISO audit Day 3: Conducting an ISO audit Day 4: Concluding and ensuring the follow-up of an ISO audit Day 5: Certification Exam 2500 ANY On demand. 5 days INCLUDED Certification examination takes place on the last day of the session Examination is available in English and French

38 Introduction to ISO Introduction to the implementation of an Information Technology Service Management System (ITSMS) based on ISO To understand the fundamentals of IT management. To know the interrelationships between ISO/IEC :2011 and ISO/IEC :2005. To know the key components of an IT Service Management System in an ISO/ context. To introduc the concepts, approaches, standards, methods and techniques allowing an effective management of an IT Service Management System in accordance with ISO To understand the relationship between the information technology service management system, including the management processes and compliance with the requirements of different stakeholders of the organization. To understand the stages of the ISO certification process. This one-day training enables participants to be familiar with the basic concepts of implementation and management of an Information Technology Service Management System (ITSMS) as specified in ISO/IEC :2011. The participant will learn the different components of an ITSMS, including the ITSMS policy, measuring performance, management s commitment, internal audit, management review and continual improvement. IT Professionals wanting to gain a comprehensive knowledge of the main processes of an Information Technology Service Management System (ITSMS) Staff involved in the implementation of the ISO standard Expert advisors in IT Managers responsible for implementing an ITSMS Auditors None. Introduction to the ISO family of standards family Introduction to management systems and the process approach Presentation of main processes of an ITSMS Implementation phases of the ISO framework Continual improvement of IT management Conducting an ISO certification audit 400 CQHN On demand. 1 day N/A

39 MISCELLANEOUS MANAGEMENT TRAININGS From ISO 9001 to ISO 22000, and many more. A selection of high quality trainings is offered to you.