The Cybersecurity Operations Manager (CSOM)® course produces distinguished cybersecurity operational managers, architects, service providers, and mentors and enables them to have leading roles in cybersecurity operations who are engaged with operational aspects of live and running applications while preventing cyber-attacks.
The Cybersecurity Operations Manager (CSOM)® course produces distinguished cybersecurity operational managers, architects, service providers, and mentors and enables them to have leading roles in cybersecurity operations who are engaged with operational aspects of live and running applications while preventing cyber-attacks.
Description
Who Should Take This Course?
Cybersecurity Professionals Cybersecurity Specialists Operations and SOC Personnel Cybersecurity Strategists What You Will Learn
Advanced cybersecurity management principles Proactive and preventive risk management Analyze cybersecurity policies and procedures Cybersecurity ecosystem management Day-to-day effective cybersecurity operations HR, vendor, 3rd-party, SLA & OLA management Application security management Cybersecurity threat identification and handling Syllabus
Introduction And Overview The outset of Cybersecurity Physical Security Threats Cybercrime: Leading Business Risk Globally Definition of Cybersecurity Cybersecurity Principles Principle 1 & its key Activities Principle 2 & its key Activities Principle 3 & its key Activities Principle 4 & its key Activities Cybersecurity Dimensions: Attack & Defense Security Threat to Networks Layered Security & Configuration of Perimeter Intrusion Detection & Penetration System Cybersecurity Risk & Consequences Cybersecurity Trends Understanding the threat landscape Common Threat Agents and Vulnerabilities Attributes of Cyber Attack Understanding the attributes of an Attack Malware & Types of attack Obfuscation and Mutations in Malware Network Access Control & Wireless Network Security An Overview of Network Access Control (NAC) The Network Access Control/Network Access Protection (NAC/NAP) Client/Agent Authentication and Authorization ISO 27001 For Information Security Weaknesses of Existing Cybersecurity Standards Weaknesses of existing standards Why IDCA is critical to filling the gaps Cybersecurity in Cloud Asset Management Pipeline Protecting data in the cloud Cybersecurity for IoT and Edge/or 5G Computing IoT Security Challenges & Landscape Why IoT Security devices are targeted Evolution of IT Computing Models Advantages of Edge Computing OWASP (Open Web Application Security Project) Top 10 Internet of Things Cybersecurity Overview Malware & Types of Attacks Governance Governance for Cybersecurity Effective Cybersecurity Programme Governance Cybersecurity Governance: Effective Versus Ineffective Cybersecurity Governance Activities Cybersecurity Organizational Structure Risk Management Cybersecurity Risk oversight of the Board Cybersecurity Risk management Principles Cybersecurity Risk Policies & Procedures Cybersecurity Risk Strategic Performance Management Cybersecurity Standards & Frameworks Cybersecurity Risks: Identify, Analyze and Evaluate How to treat Cybersecurity Risk Using Process Capabilities to Treat Cybersecurity Risks Using Insurance and Finance to Treat Cybersecurity Risks Physical IT-Related Asset management: Acquisition, Development & Maintenance Build, Buy or Update: Embedding Cybersecurity Requirements and Establishing Best Practices Development & Implementation End of Useful Life and Disposal Commercial Off-the-Shelf Applications Physical Security Risk Landscape View and the Impact on Cybersecurity Manage/Review the Cybersecurity Organization Design/Review Integrated Security Measures Data Center Scenario Reworked Understanding Objectives for Security Measures Understanding Controls for the Data Center Scenario Calculate/Review Exposure to Adversarial Attacks Simulating the Path of an Adversary Calculate the Probability of Interrupting & Disrupting the Adversary Optimize Return on Security Investment Vulnerability Identification and Management: Treating Cybersecurity Risks Cybersecurity Risk Treatment in Line with Organization’s Risk profile Determine Cybersecurity Risk Profile Cybersecurity Risk Treatment Focus on the Crown Jewels Preventive Measures Along Side Detective Measures Ability of the Organization to Respond Must Remain the Focus Cooperation Remains Essential Alignment of Cybersecurity Risk Treatment Cybersecurity Risk Treatment Practice Business-As-Usual: Integrated into Enterprise Risk Management Business-As-Usual: Integrated with the Regular Three Lines of Defense Applies for Model Business-As -Usual: Managing Risk with Predefined Risk Appetite Business-As-Usual: Using the Embedded Risk Management Processes Business-As-usual: Treatment of Cybersecurity Risks Threat Identification & Handling Management: Identify, Analyze & Evaluate Assessing & Managing Risk: A structured Approach Cybersecurity Incident and Crisis Management Cybersecurity Incident Management When to declare a Cybersecurity Event an Incident How to qualify the two categories of Incident Sources How to follow the Incident Management Policy and Processes Incident handling Process Planning Collect and Protect Incident Information System and Network Logging Functions Integrating Incident Reporting into Enterprise Risk Management (ERM) Cybersecurity Crisis Management From Incident Management to Crisis Management Operating Principles of Crisis Management Operationalising Cybersecurity Crisis Unit and its Structure Tools & Techniques for Managing Cybersecurity Crisis Cybersecurity Crisis Management Next steps Integrating Cybersecurity & Business Continuity Management What is Business Continuity Understand/Analyze the organization and Integrate with Cybersecurity Determine BCM Strategy & Integrate with Cybersecurity Developing and Implementing BCM Responses, Integrate with Cybersecurity Exercising/Validating BCM and integrate with Cybersecurity BCM Policy & Programme Management Embedding BCM in the organizational culture Organizational Structure Cybersecurity and The Internal Organizational Structure Standards & Guidance Approaches Cybersecurity within the Enterprise Adapting Cybersecurity to address Enterprise Exposures Designing own Cybersecurity Risk Function Operating Model The Enterprise Function Roles most involved in Cybersecurity across the Enterprise Aligning Cybersecurity within the Enterprise Functions Governance & Risk Oversight Functions for Cybersecurity Cybersecurity and Executive Management Functions Cybersecurity Draws Support from Other Enterprise Management Functions Human Factors and Culture Organizations as Social Systems Cybersecurity More Than a Technology Problem Cybersecurity and Human Factors Social Engineering Threats Business Model Information Security (BMIS) Human Factors & Technology Trends Measuring Human Behaviours for Cybersecurity Cybersecurity Due to Human Errors Can Be Reduced The Application Ecosystem
Application Security Application Development Security Application Based Attacks Standardization of Application Security Features Techniques to Enforce Application Security Practical Cybersecurity Mitigants Spyware and Adware Mitigation Cybersecurity Considerations for the 7-Layers of the Application Ecosystem Information Technology Layer Site Facility Infrastructure Layer Application Ecosystem Management: Cybersecurity Day-to-Day Operations The Importance of Managing Change When should Changes be Made? What are the Impact Changes bring? The safeguard Effect of Internal Control in Change Management Organizational Change Management Access Control Access Control & A New Perspective Organizations requirements for Access Control User Registration and Deregistration Access Provisioning for Users Privileged Access Rights Management Users Secret Authentication Information Management User Rights: Removal & Adjustments Application & System Access Control Access Restriction to Information Procedures for Secure-Logins Password Management System Privileged Utility Programs Usage Program Source Code & Controlled Access External Context & Supply Chain Supply Chain Support Strategy Planning How to Create Supply Relationships How to Identify Competent External Suppliers Maintaining Situational Awareness Situational Awareness Plan Situational Awareness Process Cybersecurity Service Level Agreement SLA Constraints & Service Management 
