Cybersecurity Operations Specialist (CSOS)®
The Cybersecurity Operations Specialist® course gives professionals a holistic view of the cybersecurity landscape, ongoing threats, and the effective approach to keeping the entire enterprise safe and running beyond the network perimeter, third-party risk, compliance to industry and regulatory requirements, and having in place an effective incident response mechanism, to deal with the ever-present cyber threats.
Best Seller
0 students
0 students
Who Should Take This Course?
Become IDCA Certified
SERVING THE WORLD
Our Customers are Our Partners for Life
What You Will Learn
- Course Info -
Syllabus
Day 1
Cybersecurity Complexity
Malware & Types of Attacks
Governance Objectives
Governance for Cybersecurity
Effective Cybersecurity Programme Governance
Cybersecurity Governance: Effective Versus Ineffective
Cybersecurity Governance Activities
Cybersecurity Organizational Structure
Cybersecurity Risk oversight of the Board
Cybersecurity Risk management Principles
Cybersecurity Risk Policies & Procedures
Cybersecurity Risk Strategic Performance Management
Cybersecurity Standards & Frameworks
Cybersecurity Risks: Identify, Analyze and Evaluate
How to treat Cybersecurity Risk
Using Process Capabilities to Treat Cybersecurity Risks
Using Insurance and Finance to Treat Cybersecurity Risks
Build, Buy or Update: Embedding Cybersecurity Requirements and Establishing Best Practices
Governance & Planning
Development & Implementation
End of Useful Life and Disposal
Specific Considerations
Commercial Off-the-Shelf Applications
Cloud/SaaS Applications
Physical Security
Commit To a Plan
Physical Security Risk Landscape View and the Impact on Cybersecurity
Manage/Review the Cybersecurity Organization
Design/Review Integrated Security Measures
Data Center Scenario Reworked
Understanding Objectives for Security Measures
Understanding Controls for the Data Center Scenario
Calculate/Review Exposure to Adversarial Attacks
Simulating the Path of an Adversary
Calculate the Probability of Interrupting & Disrupting the Adversary
Optimize Return on Security Investment
Introduction
Cybersecurity Risk Treatment in Line with Organization’s Risk profile
Determine Cybersecurity Risk Profile
Cybersecurity Risk Treatment
Focus on the Crown Jewels
The Weakest Link: Humans
Preventive Measures Along Side Detective Measures
Ability of the Organization to Respond Must Remain the Focus
Cooperation Remains Essential
Alignment of Cybersecurity Risk Treatment
Cybersecurity Risk Treatment Practice
Business-As-Usual: Integrated into Enterprise Risk Management
Business-As-Usual: Integrated with the Regular Three Lines of Defense Applies for Model
Business-As -Usual: Managing Risk with Predefined Risk Appetite
Business-As-Usual: Using the Embedded Risk Management Processes
Business-As-usual: Treatment of Cybersecurity Risks
The Risk Landscape
The People Factor
Assessing & Managing Risk: A structured Approach
Cybersecurity Culture
Regulatory Compliance
Maturity Compliance
Protection Prioritised
Day 2
Cybersecurity Incident Management
When to declare a Cybersecurity Event an Incident
How to qualify the two categories of Incident Sources
How to follow the Incident Management Policy and Processes
Incident Handling
Types of Incident
Incident handling Process Planning
Collect and Protect Incident Information
Identification
System and Network Logging Functions
Integrating Incident Reporting into Enterprise Risk Management (ERM)
Cybersecurity Crisis Management
From Incident Management to Crisis Management
Operating Principles of Crisis Management
Operationalising Cybersecurity Crisis Unit and its Structure
Tools & Techniques for Managing Cybersecurity Crisis
Cybersecurity Crisis Management Next steps
What is Business Continuity
ISO 22301 Overview
BCM Lifecycle
Understand/Analyze the organization and Integrate with Cybersecurity
Determine BCM Strategy & Integrate with Cybersecurity
Developing and Implementing BCM Responses, Integrate with Cybersecurity
Exercising/Validating BCM and integrate with Cybersecurity
BCM Policy & Programme Management
Embedding BCM in the organizational culture
Cybersecurity and The Internal Organizational Structure
Standards & Guidance Approaches
Cybersecurity within the Enterprise
Adapting Cybersecurity to address Enterprise Exposures
Designing own Cybersecurity Risk Function Operating Model
The Enterprise Function Roles most involved in Cybersecurity across the Enterprise
Aligning Cybersecurity within the Enterprise Functions
Governance & Risk Oversight Functions for Cybersecurity
Cybersecurity and Executive Management Functions
Cybersecurity Draws Support from Other Enterprise Management Functions
Organizations as Social Systems
Cybersecurity More Than a Technology Problem
Organizational Culture
Cybersecurity and Human Factors
Insider Threats
Social Engineering Threats
Training
Frameworks and Standards
ISO 27001: 2013
Business Model Information Security (BMIS)
MSIT Framework
Human Factors & Technology Trends
Measuring Human Behaviours for Cybersecurity
Cybersecurity Due to Human Errors Can Be Reduced
Day 3
Application Development Security
Application Based Attacks
Web Based Attacks
Standardization of Application Security Features
Techniques to Enforce Application Security
Secure Code Design
Code Reviews
Secure Configuration
Testing for Loopholes
Constant Patching
Practical Cybersecurity Mitigants
Endpoint Security
Ransomware
Ransomware Mitigation
Spyware and Adware
Spyware and Adware Mitigation
Trojan Horses
Trojan Horses Mitigation
Viruses
Viruses Mitigation
Application Layer
Platform Layer
Compute Layer
Information Technology Layer
Site Facility Infrastructure Layer
Site
Topology
Controls Management
Security Controls
Asset Management
Change Management
The Importance of Managing Change
When should Changes be Made?
What are the Impact Changes bring?
The safeguard Effect of Internal Control in Change Management
Organizational Change Management
Access Control & A New Perspective
Organizations requirements for Access Control
User Access Management
User Registration and Deregistration
Access Provisioning for Users
Privileged Access Rights Management
Users Secret Authentication Information Management
User Access Under Review
User Rights: Removal & Adjustments
Responsibility of Users
Application & System Access Control
Access Restriction to Information
Procedures for Secure-Logins
Password Management System
Privileged Utility Programs Usage
Program Source Code & Controlled Access
Overview
Supply Chain Support Strategy
Planning How to Create Supply Relationships
How to Identify Competent External Suppliers
Relationship Management
Overview
Situational Awareness Plan
Situational Awareness Process
Overview
Purpose
Attributes
General Parts of SLA
SLA Service Performance
SLA Constraints & Service Management
SLAs Dos & Don’ts
- What do experts think? -
Live Testimonials
Become IDCA Certified
- Certified Data Center Events -
Upcoming Data Center Trainings
Receive Newsletters & Updates