Cyber Security Foundation®: Course Contents | ALC Training News

  • No comments
1    Introduction
  • Concepts and Definitions
    • Difference between IT Security, Information Security and Cyber Security
    • Assets, Threats & Vulnerabilities
    • Likelihood, Consequence and Impact
    • Inherent Risk, Current Risk and Residual Risk
  • Cyber Security Strategy
    • Supporting Business Goals and Objectives
    • Cyber Security Policy Framework
    • Awareness, Training and Education
2    Risk Management
  • Risk Management Concepts and Definitions
    • Risk Avoidance, Mitigation, Transfer and Acceptance
    • Risk Appetite and Risk Tolerance
  • Threats and Opportunities
    • Assessing the current threat landscape
    • Advanced Persistent Threats
    • Bring Your Own Device or Technologies
    • The Internet of Things
    • Insourcing and Outsourcing
  • Controls and Enablers
  • Business Impact Analysis
3    Security Architecture
  • The key role of security architecture
  • Concepts and Definitions
  • Security Architecture Frameworks
  • Security Architecture Design Principles
  • Service Models
    • In-sourcing
    • Managed Services
    • Cloud Services
  • OSI and TCP/IP Models
  • Cryptography
    • Symmetric, Asymmetric and Hashing Algorithms
    • Non-Repudiation
    • Real-world Use Cases
4   Implementing Security
  • Network Security
    • Routers, switches, firewalls, intrusion detection and prevention
  • Endpoint Security
    • Servers, desktop systems, laptops, tablets and mobile devices
  • Application Security
    • Software Development Lifecycle
    • OWASP Top 10
    • Web Application Firewall
  • Data Security
    • Data owners, data classification, labelling
    • Access control
    • Data governance and lifecycle
    • Data remanence
5   Business Continuity and Disaster Recovery Planning
  • Business Continuity Planning
  • Disaster Recovery Planning
  • BCP/DRP Training and Awareness
  • Testing and Maintenance of the BCP/DRP
  • Security Assurance
    • Vulnerability Assessments and Penetration Testing
    • Minimum Security Baselines
6    Incident Response
  • Detection
    • Auditing, logging and security technologies
    • Security Information and Event Management System (SIEM)
  • Prevention
    • Authorisation, encryption, firewalls, intrusion prevention, anti-malware
  • Response
    • Security events and incidents
    • Legal aspects
    • Incident Response Process
    • Incident Management Team
    • Computer Forensics

Client