ALC’s 5-day Cyber Security Foundation+Practitioner™ course is designed for anyone who wants a sound understanding of Information / Cyber Security and a solid base on which to build their career. It is ideal for someone wanting to start a career in Cyber, or to transition their career.  There are no pre-requisites to attend.

The course follows a robust syllabus that covers all the key areas you need to know. At the same time it provides maximum regional relevance by fully taking into account appropriate sections from the Australian Government Information Security Manual (ISM).

Learning outcomes

The key objective of the course is for each participant to be able to leave the course with a very solid understanding and appreciation of the fundamentals of Cyber Security:

  • Cyber Security Concepts
  • Risk Management
  • Security Architecture
  • Implementing security in networks, endpoint systems, applications and data
  • Cryptography
  • Business Continuity and Disaster Recovery Planning
  • Incident Response

One of the special features of this course is its mix of theory and practical exercises, all designed to maximise understanding and retention. Strong use is made of a case study. Participants are provided with sample Word and Excel templates for use. Exercises include:

  • Develop an asset register
  • Identify threats and determine risks, and make recommendations
  • Create a data classification scheme and use this for managing risks with cloud solutions
  • Identify and discuss the advantages and disadvantages of different encryption technologies
  • List and prioritise business-critical operations for business continuity
  • Identify and discuss various approaches to security assurance
  • Identify risk remediation strategies and include in a brief management report

Who should attend

The course is designed for:

  • Anyone starting a career in Information / Cyber security
  • IT professionals wanting to transition their career into Cyber Security
  • Anyone needing a robust introduction to Cyber Security
  • Anyone planning to work in a position that requires cyber security knowledge
  • Anyone with information / cyber security responsibilities
  • Anyone who has learned “on the job” but who would benefit from a formal presentation to consolidate their knowledge
  • Professionals familiar with basic IT and information security concepts and who need to round out their knowledge

Course contents

1. Cyber Security Concepts
  • Cyber Security Concepts and Definitions
    – Difference between IT Security, Information Security and Cyber Security
    – Assets, Threats & Vulnerabilities
    – Likelihood, Consequence and Impact
    – Inherent Risk, Current Risk and Residual Risk
  • Cyber Security Strategy
    – Supporting Business Goals and Objectives
    – Cyber Security Policy Framework
    – Awareness, Training and Education
  • Laws, Regulations and Industry Standards
  • Roles and Responsibilities
  • Professional Organisations and Ethics
  • Introduction to the Case Study
  • Practical session:
    Exercise #1 – Development of a cyber asset register
2. Risk Management
  • Risk Management Concepts and Definitions
    – The stages of risk
    – Systemic and systematic Risk, Risk Aggregation
    – Risk Acceptance, Reduction, Transfer and Avoidance
    – Risk Appetite and Tolerance
    – Governance, Risk Management and Compliance (GRC)
    – Risk Management Process
    – Quantitative, Semi-quantitative and Qualitative Risk
  • Threats and Opportunities
    – Assessing the current threat landscape
    – Developing a threat taxonomy
    – Advanced Persistent Threats
    – Bring Your Own Device or Technologies
    – The Internet of Things
  • Controls, Countermeasures and Enablers
  • Business Impact Analysis
    – Sample Business Impact Analysis Template
    – Sample Business Impact Levels
  • Practical session:
    Exercise #2.1 – Development of a threat taxonomy and identification of vulnerabilities
    Exercise #2.2 – Evaluate inherent risk, current controls, current risk, recommend controls and residual risk
3. Security Architecture
  • Security Architecture Concepts and Definitions
  • Security Architecture Frameworks
    – SABSA
    – TOGAF
  • Security Architecture Design Principles
  • Service Models
    – Insourcing
    – Outsourcing
    – Managed Services – Single provider, multiple provider and prime provider
    – Cloud Services – Cloud service models and Cloud deployment models
  • Practical session:
    Exercise #3 – Recommendations for service provider models in addressing risks
    Exercise #4 – Identification of security architecture design principles
4. Implementing Security
  • OSI and TCP/IP Models
  • Network Fundamentals
    – Network Security
    – Network Topologies
    – Security Zones
    – Network Security Technologies
    – Virtualisation Benefits and Security Challenges
  • Endpoint Security
    – Servers, desktops, laptops, tablets, mobile devices, wearables
    – Endpoint Security Technologies
    – Specialised Endpoint Systems
  • Application Security
    – Software Development Lifecycle
    – OWASP Top 10
    – Web Application Firewall and Database Firewall
  • Data Security
    – Data owners, data classification, labelling
    – Access control
    – Data governance and lifecycle
    – Data remanence
  • Australian Signals Directorate Top 35 and Essential Eight
    – ASD Top 4
    – ASD Essential Eight
    – SANS Top 20 mapped to ASD Top 35 and other frameworks
  • Practical session:
    Exercise #5 – Establish a data classification scheme
    Exercise #6 – Design a secure network topology incorporating network security zones, overlay the data classification scheme and placement of recommended controls
5. Cryptography
  • Cryptography Key Terms and Concepts
  • Symmetric Algorithms
    – Data Encryption Standard (DES)
    – Triple DES
    – Advanced Encryption Standard (AES)
    – Other symmetric algorithms
  • Asymmetric Algorithms
  • Hashing Algorithms
  • Non-Repudiation
  • Cryptographic Attacks
    – Side-channel
    – Birthday
    – Implementation
    – Other attack methods
  • Implementing Cryptography in the Real World
    – Public Key Infrastructure (PKI)
    – Electronic Document Exchange
    – Virtual Private Networks (VPNs)
    – Secure e-mail
    – Steganography
    – Digital Watermarks
    – Wireless Security
    – Secure Shell
    – Key Management
  • Practical session:
    Exercise #7 – Select appropriate symmetric, asymmetric and hashing algorithms and develop a draft encryption standard
6. Business Continuity and Disaster Recovery Planning
  • Business Continuity Planning
    – NIST SP800-34 as a framework
  • Disaster Recovery Planning
    – Relationship between the BCP and DRP
    – Events that trigger a BCP/DRP
  • Developing the BCP and DRP
    – Application of NIST SP800-34
    – Initiation
    – Business Impact Analysis
    – Identification of preventive controls
    – Recovery strategies
    – Plan design and development and important BCP/DRP frameworks
    – Ongoing maintenance
  • Practical session:
    Exercise #8 – Identify and rank the most important business operations
7. Incident Response
  • NIST Cyber Security Framework
    – Identify
    – Protect
    – Detect
    – Respond
    – Recover
  • Cyber Forensics
    – General phases of the forensic process
    – Anti-forensics
    – Forensic media analysis
    – Network forensics
    – Forensic analysis of software, Embedded devices and Electronic Discovery
  • Incident Response Management
    – Security events and Security incidents
    – Incident Response Methodology using NIST SP800-61
  • Security Assurance
    – Defining and implementing meaningful metrics
    – Configuration management
    – Minimum Security Baselines
    – Vulnerability Assessments
    – Penetration Testing
    – Security Audits
    – Security Assessments
    – Log reviews, retention, centralisation and analysis
    – Security Information and Event Management System (SIEM)
  • Practical session:
    Exercise #9 – Examination of insourcing or using a managed service for incident response
    Exercise #10 – Develop the first part of a management report highlighting the most appropriate strategies for managing various risks and a high-level roadmap of activities
8. Cyber Security Foundation+PractitionerTM exam

Two hours, multiple choice.

Course fees

Face-to-face classroom training

Fees per person

Cyber Security Foundation+Practitioner (5 days)

  • $2960 + gst
Course fees include:
  • Course presentation in quality CBD hotel
  • ALC comprehensive course workbook
  • Exclusive: ALC course workbook mobile version, excellent post-course reference on iPad or tablet
  • Foundation+Practitioner Certificate exam in classroom at end of Day 5 (includes one free exam re-sit per participant)
  • Full catering including sit-down lunch each day

Foundation + Practitioner Certificate Exam

The Cyber Security Foundation+Practitioner exam is held in the classroom at the end of Day 5. The exam is 2 hours in duration and comprises two parts. in Part A there are 80 questions worth 1 mark each. In Part B there are 10 questions worth 2 marks each.  The pass mark is 65%.  There is only one correct answer to each question and no marks are deducted for incorrect answers.

The Cyber Security Foundation+Practitioner Certificate is issued to those who successfully pass the exam.

One free exam re-sit is available for each participant.

 


Testimonials – What Others Say

“A very interesting course and has provided an excellent foundation for helping improve security practices at my company. It’s also given me insights into future career paths.”
IT Portfolio Manager, International Charity, Sydney March 2017

Great course & lots of content. Peter was very good & made course content very relevant.
Security Analyst, International Bank, Sydney March 2017

Trainer is very experienced. The examples Peter showed were very interesting and relevant.
Manager, Business Services Support Team, Australian Bank, Sydney March 2017

“I thought the course was excellent – I think the interaction between instructor and students is a large part of being able to learn and understand concepts/ ideas especially with relevant examples. I think Peter did this well working with the class.”
Analyst, Banking, Sydney March 2017

“The course was excellent – content, process, style etc all very good.”
Assistant Director IT Systems, Govt Dept, Canberra June 2017

“Peter is an extremely knowledgeable instructor and exhibited the right personality for effective learning for students across a broad skill set. My thanks and appreciation to Peter for his time and effort during the course.”
Director, Dept Defence, Canberra June 2017

Thank you very much Peter, excellent material – very well presented.”
IT Officer, Govt Agency, Canberra June 2017

“Some topics were a refresher for me which is great. I wish I did this course much earlier in my role, I was able to understand majority of the topics as I had the experience. Course was a good speed for me and Peter took care to bring a lot of worldly experiences and analogies and examples.”
Information Security Governance Officer, Engineering and Infrastructure Services, Canberra June 2017

“Great introductory course covering a good perspective of the overall cyber security space.”
Project Manager, Private Consultant, Melbourne June 2017

“Peter is very experienced and I am very impressed how he communicated on a very digestible and clear format.”
CEO, Technology Services Provider, Brisbane July 2017

Face-to-face classroom training
  • Staff have been extremely positive and supportive.
    Principal consultant | OMNI EXECUTIVE
  • Our trainer was excellent. He made it fun and interesting. Plus we all passed. Fantastic. I feel comfortable that my future projects will be very successful. Pace - Spot on.
    IT Professional | Information Technology
  • "The course was excellent. The instructor was highly knowledgeable and had an extremely personable approach. The learning materials were very good. The venue was most suited and lunch was excellent. Lastly, I am extremely confident that I have the right level of knowledge to proceed and succeed."
    Simon T., Dept of Defence, Business Analysis Foundation, Sydney April 2016
  • "Excellent service provided by ALC customer service. Trainer has exceptionally good training skills and brilliant style of communication. Excellent coach."
    Trainer: Michael Fong Principal  |  Fujitsu Australia Ltd
  • Laurence has incredible subject matter expertise and his person anecdotes added a lot to the learning.
  • Would highly recommend ALC and Laurence for training and obtaining one's certification in Agile PM
    Demi Anderson, Programme Manager
  • Leigh was fantastic. Without doubt the most accurate and interesting presenter by leaps and bounds. Very inspirational.
    System Analyst | Department of Corporate and Information Services
  • "The course was excellent.   The instructor was highly knowledgeable and had an extremely personable approach. The learning materials were very good. The venue was most suited and lunch was excellent. Lastly, I am extremely confident that I have the right level of knowledge to proceed and succeed."
    Simon T., Dept of Defence, Business Analysis Foundation, Sydney April 2016
  • "In regards to the course, the stakeholder and participants were wrapped. The trainer was attentive and engaged and the material was relevant and professional."
    Kathleen O’Riley Learning and Development Advisor  |  SA Water Corporation Course: Business Relationship Management Professional (BRMP®) Trainer: Darren Dove
  • "Excellent course and while content was quite laborious and intense, Peter's delivery was excellent; particularly the 'war stories' and examples provided."
    Russell Close | Head of IT  |  Bennelong Funds Management
  • Well presented and great depth of knowledge by the trainer. A very professional delivery!
  • Just successfully completed three COBIT® 5 courses: Foundation, Implementation and Assessor. Courses were very well managed and presented. Exams were challenging, both in terms of time and knowledge. Very happy to pass all three exams. Highly recommend. Many thanks.
  • Very quick response from Customer service upon enquiry.
  • I must say I really enjoyed the course facilitated by your trainer. He was the best and he really explained the course clearly so that we could understand it. He really is an asset to ALC as he makes sense.
    Service Assurance Release Manager | Westpac Banking Corporation
  • Excellent presentation, anecdotes & examples of real world application. Neil has exemplified my expectation of ALC as atop level training services provider.
    Operations Transition Manager |  Motorola Solutions Australia Pty Ltd
  • The trainer was a great facilitator - lots of real life examples and I felt very prepared for the exam.
    Help Desk Team Leader | Bank SA
  • "Very good training session.  Trainer used multiple examples of non-IT situations to cover various aspects of what was being taught which made it not only easier to understand but also interesting."
    Senior Applications Specialist | Fairfax Media
  • The instructor was clearly knowledgeable, good-humoured and enthusiastic. I did not see anyone fall asleep. Given the notoriety of this course, I sincerely feel that that was a major "achievement".I do feel that I have greatly expanded my knowledge and that I will be more productive at work - The Hallmark of a successful course in my opinion. I would recommend ALC to others. Thank you and well done!
  • Peter’s real world samples went a long was in understanding the content.Waleed Al-Atm – Dept. Justice & Regulation
  • Excellent course that was very well presented and benefited immensely from Darren's practical experience in Service

    Management. Thanks Darren!

    National IT Manager | Information Technology

  • Excellent course and while content was quite laborious and intense, Peter’s delivery was excellent; particularly the ‘war stories’ and examples provided.
  • Michelle Zgalin displays an extremely thorough knowledge of the course content. Pace of the course tailored to suit participants. Presentation of content very good. Ability to deliver large amounts of content was impressive. :)
    PRINCE2 Melbourne Senior Business Analyst | VMIA | Risk Management & Insurance
  • A brilliant trainer, she really knows her stuff and manages to get the most out of us, it was almost like a continuation from Foundation.  I felt like I hadn't left.
    Executive Assistant | Guild Group Holdings Limited
  • Very worthwhile course - learned a lot! Intense, but very well structured. Great Trainer:)."
    Business Analyst | VMIA | Risk Management & Insurance
  • The trainers level of professional experience combined with a capacity to communicate personably and effectively with a diverse group added to my experience and contributed greatly to the amount of information I was able to bring away with  me from the course. I could not recommend Steve highly enough either as a trainer or as a potential PM consultant. Top qualities: Personable, Expert, High Integrity
    Service Delivery Manager | NEC Australia Pty Ltd
  • Great Job, one of the best trainers I have had.  Could not have asked for more.
    ISG | University of New England
  • Really well structured course, very qualified presenter, engaging presentation style, high quality course materials.  Relevant and useful information discussed with a good balance of theory vs "Real World" examples. I thoroughly enjoyed this course, would highly recommend to others.
    Samantha, Program Coordinator, Transport NSW
  • "Enjoyed the training very much, learned heaps but have doubts due to work experience. Will definitely apply the knowledge."
    Manager, IT Risk & Assurance | Ernst & Young
  • "David's vast experiences and shared stories give great insight to the issues and problems which the SABSA framework addresses."
    Information Security Consultant  | Westpac
  • "Thanks David for making this course enjoyable and knowledgeable.  Your experience and insights have been very valuable."
    Security Solutions Designer | Westpac
  • We’ve been training and presentation since 1994. See what just some of our successful delegates have to say about getting certified with ALC Training.“David’s vast experiences and shared stories give great insight to the issues and problems which the SABSA framework addresses.”
    Information Security Consultant | Westpac
  • “Neil was very good in sharing his knowledge using relevant examples.”
    IT Support Officer | Cricket Australia
  • “Good understanding of ITIL Foundations. Neil is a great presenter with excellent people skills & real world experiences.”
    State ICT Manager | Hassell
  • “Excellent presentation, anecdotes & examples of real world application. Neil has exemplified my expectation of ALC as a top level training services provider.”
    Operations Transitions Manager Motorola Solutions Australlia Pty Ltd
  • “I must say I really enjoyed the course facilitated by your trainer. He was the best and he really explained the course clearly so that we could understand it. He really is an asset to ALC as he makes sense.”
    Service Assurance Release Manager | Westpac Banking Corporation
  • “Enjoyed the training very much, learned heaps but have doubts due to work experience. Will definitely apply the knowledge.”
    Manager, IT Risk & Assurance | Ernst & Young
  • “Just successfully completed three COBIT® 5 courses: Foundation, Implementation and Assessor. Courses were very well managed and presented. Exams were challenging, both in terms of time and knowledge. Very happy to pass all three exams. Highly recommend. Many thanks.”
    Manager | ANZ Banking Group
  • “Extremely good – presenter’s experience and depth of knowledge very visible. The trainer was excellent! Good examples, good discussions.”
    Project Manager | Shell Company of Australia Limited Melbourne
  • “The trainers level of professional experience combined with a capacity to communicate personably and effectively with a diverse group added to my experience and contributed greatly to the amount of information I was able to bring away with me from the course. I could not recommend Steve highly enough either as a trainer or as a potential PM consultant. Top qualities: Personable, Expert, High Integrity.”
    Service Delivery Manager | NEC Australia Pty Ltd
  • “I would be happy to recommend Axel to all those looking at a TOGAF training course. His subject matter expertise in TOGAF and his ability to relate to real world examples and experience was fundamental in helping me passing my exam.”
    Daniel Garcia, IT Architect, Strategy and PMO Manager | ANSTO