The Certificate in Information Security Management Principles (CISMP) course is designed to provide the foundation of knowledge necessary for individuals who have information security responsibilities as part of their day-to-day role, or who are thinking of moving into an information security function.
The CISMP course and associated qualification provides the opportunity for those already serving as information security professionals to enhance or refresh their knowledge and, in the process, gain a recognised industry qualification, regulated by the British Computer Society (BCS). This is useful to both the individual and employer in terms of attesting to the level of professional ability an individual has attained.
The InfoSec Skills CISMP course primes the student with all the knowledge needed to sit the BCS’s ISMP examination.
This certificate in Business Continuity Management is intended for (but not limited to) those who are involved in the areas of information security and information assurance.
The certification contains a number of practical sessions, designed to build on the 'taught' components of the module, and to encourage debate and the sharing of knowledge and experience between students.
The certification promotes a hands-on approach to Business Continuity Management, making use of current standards, enabling students to make immediate use of the module on their return to their organisations.
The InfoSec Skills CBCM course primes the student with all the knowledge needed to sit the BCS’s PCiBCM examination.
This certificate is intended for (but not limited to) those who are involved in the areas of information security and information assurance.
It contains a number of practical sessions, designed to build on the 'taught' components of the certificate, and to encourage debate and the sharing of knowledge and experience between students.
The certificate promotes a hands-on approach to Information Risk Management, making use of current international standards, enabling students to make immediate use of the certificate on their return to their organisations.
The InfoSec Skills CIRM course primes the student with all the knowledge needed to sit the BCS’s PCiIRM examination.
The InfoSec Skills course in Data Protection is designed for people having data protection responsibilities or who want to move into this role. Our course aims at promoting an in-depth understanding of how the data protection principles work in practice. The course is based on the BCS syllabus and prepares attendees for the Certificate in Data Protection exam. It is the only DPA course, which is delivered both on-line (e-Learning) as well as at live public or private events.
Upon completion of the course, attendees will be able to develop and maintain practical policies and procedures for their organisation and an understanding of what needs to be done to achieve compliance.
The InfoSec Skills CPDP course primes the student with all the knowledge needed to sit the BCS’s PCiDP examination.
An SA must be able to drive beneficial security change into an organisation through the development or review of security architectures, so that they:
• Fit business requirements for security
• Mitigate identified risks and conform to relevant corporate security policies
• Balance information risk against the cost of countermeasures
• Know how to “build” security and assurance into a product, service or architecture
• Have a good appreciation of a wide range of technologies
CSAP covers the first four points above, with the ASA core and elective courses covering the final area.
CSAP is a three day course and is available in both classroom and e-learning formats.
The InfoSec Skills CSAP and CASA courses prime the student with all the knowledge needed to sit the BCS’s PCiSA examination.
ASA (Elective Courses)
These elective courses range from one to three days in length, depending on the subject matter. They are provided so that you may fill in the skills gaps you may have before attempting the BCS PCiSA or CREST CCIAS exams. These courses are only available in e-learning form. The following sections provide a brief synopsis of each of the elective courses.
Having the ability to monitor what your users (and administrators) are doing, who is sending what to whom, who is accessing what data, and which services are connecting to which network components, are all essential questions you need to be able to answer if you want to understand your overall security posture. This is known as situational awareness and provides an operational window onto what’s going on within your enterprise. The tenets of a comprehensive situational awareness solution are Auditing, Accounting and Alerting (often shortened to AAA). This course introduces the student to the requirements of AAA and explains how these requirements can be met.
Enterprise architecture (EA) is the complete definition of an enterprise, joining together business vision and strategy to the processes and technologies that implement that vision. It allows an enterprise to describe its future state and enables evolution. In this course the student will learn about the major EA frameworks, such as TOGAF, together with how they approach security architectures. The student will also be introduced to two enterprise security frameworks, namely Sherwood Applied Business Security Architecture (SABSA) and Open Enterprise Security Architecture (O-ESA).
The student will gain an understanding of the concepts behind systems management and the practical tasks that need to be performed in order to keep a system running and securely. Systems management provides centralised management of a company’s information technology assets and encompasses many different tasks required to monitor and manage IT systems to resolve problems. From a SA practitioner viewpoint the student will understand what tools can be provided to administration staff to monitor the secure state of a system ensuring patches are up to date, AV signatures are current and configurations have not been changed.
This course allows the student to obtain the skills required to develop a secure network infrastructure, recognising the threats and vulnerabilities to networks and mitigating security threats. It is designed to provide the skills needed to analyse the internal and external security threats against a network and then implement security controls to protect an organisation’s information. The use of network security design patterns helps the student visualise what a secure network will look like when fully implemented.
Modern organisations use many different IT client platforms to support their business, be they Microsoft, Unix/Linux, Apple Macs, tablet or mobile systems (such as Android and iOS). They also will typically use a wide range of systems such as database and file servers, SAN and NAS systems, multi-function devices (MFDs) and building management and security systems. This course looks at the key security characteristics of these platforms, examining the security functionality they provide, such as access controls and how they enforce least privilege.
Microsoft Active Directory (AD) is at the core of most IT systems in the enterprise, especially office-based systems. The AD is an extremely sophisticated and complicated product. This course explains to the student how to design, build and roll out an AD infrastructure in as secure a way as possible. An element of AD is the use of Group Policies to controls what users can and cannot do on a system, for example, to enforce a password complexity policy. This course provides the student with a solid understanding of how to use group policies to enforce an organisation’s security policies. Finally, the course will explain Window’s User Account Control (UAC).
In this course the student gains a good appreciation of application security and the wide range of attacks that applications can be subject to. Some attacks vectors are introduced by bad programming techniques and hence the student will begin to understand the value of adopting and promoting secure coding standards. Details of secure coding are covered in the ASA-DEV course. At the start of the course a wide range of web-based technologies and components are initially explained so the student has sufficient knowledge prior to examining the risks and mitigations later on in the course. This course also briefly covers Digital Rights Management (DRM).
By introducing a Software Development Life Cycle (SDLC) an organisation can improve the quality and security of software. This course examines the requirements for a SDLC in the context of different development methodologies, such as waterfall, rapid and agile.
All systems with users have some element of identity management (IdM). This module introduces the student to the world of IdM and explains its different components and lifecycle stages. In recent years, federation technologies have emerged and this module explains a number of different technologies such as Security Assertion Markup Language (SAML) and WS-Federation. Finally, this module explains the role of web-based access management.
A large number of security controls in a system are based on cryptographic mechanisms. This module introduces the student to these security controls. Many businesses require their systems and users to communicate securely to preserve confidentiality and integrity of information, including consumers interacting with corporate websites presented on the Internet. The ability for users and systems to securely communicate is based on Trust Infrastructures. In this course the student is introduced to the most commonly used Trust Infrastructure, known as a Public Key Infrastructure.
Many organisations are using aspects of virtualisation, whether it is bare-metal hypervisors, thin clients or application virtualisation. This course explains a wide range of virtualisation technologies before going on to examine the security risks and controls within this technology.
A Security Architect must have the ability to be able to assess the security mechanisms employed within the systems they are responsible for. This allows them to establish whether their intended design goals have been achieved. In addition, the Security Architect may be required to assist the engineering staff in resolving security issues. In this course the student will learn which tools can assist in accomplishing both these requirements. One of the functions of a Security Architect is to define the scope of penetration test and perhaps to manage the overall process. This module also describes the overall pen testing process and the role of a Security Architect within it.
CASA is primarily aimed at preparing students to answer the scenario-based questions that form part of the BCS PCiSA and CREST CCIAS examinations.
The following topics are covered in the course:
• Security Architecture Design Principles Recapped
• Bringing it Together: Layered Defence and Controls
• Using Design Patterns
• Case studies – real world design patterns
• Preparation for the BCS PCiSA and CREST CCIAS examinations
CASA is a two-day course and is only available as a classroom version. It is not available as e-learning because the course is focused on practical workshopping of SA principles..
The InfoSec Skills CSAP and CASA courses prime the student with all the knowledge needed to sit the BCS’s PCiSA examination.
This course is delivered by InfoSec Skills using licensed materials from CESG, The National Technical Authority for Information Assurance. InfoSec Skills Information Assurance courses contribute to the attainment of the CESG Certified Professional (CCP).
This one day course will provide an overview of Information Assurance (IA) within a government environment. It covers the main roles and responsibilities for IA within a government department or agency.
IA policy and guidance, principles of risk and privacy impact assessment are introduced.
This course is delivered by InfoSec Skills using licensed materials from CESG, The National Technical Authority for Information Assurance. InfoSec Skills Information Assurance courses contribute to the attainment of the CESG Certified Professional (CCP).
This two day course will provide an introduction to Technical Risk Assessment and Risk Management using IA Standard 1 & 2. The course builds on the Fundamentals of Information Assurance in HMG course and is based around exercises with selected risk scenarios.
The InfoSec Skills IRMHMG course primes the student with all the knowledge needed to sit the CESG Certified Professional (CCP) interview.
The Certificate in the Foundation of Informatics (CFOI) course is especially designed for students wishing to pursue a career in ICT. The focus is to provide a broad-based understanding of concepts and concerns across the entire field of information technology. Coursework covers the full spectrum of current informatics topics including: the technology development timeline; hardware and architecture; computer types and operating systems; programming languages; application development schemas; data structures & storage design; artificial intelligence; data communications and networking.
Employers need new hires who have basic tech skills, they have to know their way around a command prompt or know how to fix a PC when it's not responding to input from the mouse. These skills are often needed when you're troubleshooting computers, a task that's often part of an entry-level IT job.
A unique teaching approach engages students by combining rich companion media and teaches computer technology the way students would experience it in real life and in today's businesses. The sequence of topics covers concepts using a spiralling approach between modules that mirrors the typical student learning experience.
The resulting CFOI certificate provides third party verification of skills learned and knowledge gained that employers expect new hires to have as a minimum. The CFOI certificate is also recommended before attempting any other InfoSec Skills Infromation Security course.
Although our courses are already very flexible, so that customers can mix-and-match modules to create their own courses, we are still often asked for a custom course branded to and focused on a particular company and it's policies, procedures, specific job-roles/skill-sets and company objectives.
Our world-class Faculty of experienced authors and Subject Matter Experts (SMEs) are available to create those perfect courses for your organisation. We will provide a FREE consultation to analyse your needs and provide a no-obligation quotation based upon a day rate or a fixed cost. For your FREE consultation, please Contact Us.
