The Cybersecurity Operations Specialist® course gives professionals a holistic view of the cybersecurity landscape, ongoing threats, and the effective approach to keeping the entire enterprise safe and running beyond the network perimeter, third-party risk, compliance to industry and regulatory requirements, and having in place an effective incident response mechanism, to deal with the ever-present cyber threats.
The Cybersecurity Operations Specialist® course gives professionals a holistic view of the cybersecurity landscape, ongoing threats, and the effective approach to keeping the entire enterprise safe and running beyond the network perimeter, third-party risk, compliance to industry and regulatory requirements, and having in place an effective incident response mechanism, to deal with the ever-present cyber threats.
Description
Who Should Take This Course?
Operations and SOC Personnel Cybersecurity Project Managers Cybersecurity Stakeholders What You Will Learn
Cybersecurity ecosystem management Cybersecurity threat identification and handling Cybersecurity policies and procedures Application security management Day-to-day effective cybersecurity operations HR, vendor, 3rd-party, SLA & OLA management Syllabus
Cybersecurity Overview Malware & Types of Attacks Governance Governance for Cybersecurity Effective Cybersecurity Programme Governance Cybersecurity Governance: Effective Versus Ineffective Cybersecurity Governance Activities Cybersecurity Organizational Structure Risk Management Cybersecurity Risk oversight of the Board Cybersecurity Risk management Principles Cybersecurity Risk Policies & Procedures Cybersecurity Risk Strategic Performance Management Cybersecurity Standards & Frameworks Cybersecurity Risks: Identify, Analyze and Evaluate How to treat Cybersecurity Risk Using Process Capabilities to Treat Cybersecurity Risks Using Insurance and Finance to Treat Cybersecurity Risks Physical IT-Related Asset management: Acquisition, Development & Maintenance Build, Buy or Update: Embedding Cybersecurity Requirements and Establishing Best Practices Development & Implementation End of Useful Life and Disposal Commercial Off-the-Shelf Applications Physical Security Risk Landscape View and the Impact on Cybersecurity Manage/Review the Cybersecurity Organization Design/Review Integrated Security Measures Data Center Scenario Reworked Understanding Objectives for Security Measures Understanding Controls for the Data Center Scenario Calculate/Review Exposure to Adversarial Attacks Simulating the Path of an Adversary Calculate the Probability of Interrupting & Disrupting the Adversary Optimize Return on Security Investment Vulnerability Identification and Management: Treating Cybersecurity Risks Cybersecurity Risk Treatment in Line with Organization’s Risk profile Determine Cybersecurity Risk Profile Cybersecurity Risk Treatment Focus on the Crown Jewels Preventive Measures Along Side Detective Measures Ability of the Organization to Respond Must Remain the Focus Cooperation Remains Essential Alignment of Cybersecurity Risk Treatment Cybersecurity Risk Treatment Practice Business-As-Usual: Integrated into Enterprise Risk Management Business-As-Usual: Integrated with the Regular Three Lines of Defense Applies for Model Business-As -Usual: Managing Risk with Predefined Risk Appetite Business-As-Usual: Using the Embedded Risk Management Processes Business-As-usual: Treatment of Cybersecurity Risks Threat Identification & Handling Management: Identify, Analyze & Evaluate Assessing & Managing Risk: A structured Approach Cybersecurity Incident and Crisis Management Cybersecurity Incident Management When to declare a Cybersecurity Event an Incident How to qualify the two categories of Incident Sources How to follow the Incident Management Policy and Processes Incident handling Process Planning Collect and Protect Incident Information System and Network Logging Functions Integrating Incident Reporting into Enterprise Risk Management (ERM) Cybersecurity Crisis Management From Incident Management to Crisis Management Operating Principles of Crisis Management Operationalising Cybersecurity Crisis Unit and its Structure Tools & Techniques for Managing Cybersecurity Crisis Cybersecurity Crisis Management Next steps Integrating Cybersecurity & Business Continuity Management What is Business Continuity Understand/Analyze the organization and Integrate with Cybersecurity Determine BCM Strategy & Integrate with Cybersecurity Developing and Implementing BCM Responses, Integrate with Cybersecurity Exercising/Validating BCM and integrate with Cybersecurity BCM Policy & Programme Management Embedding BCM in the organizational culture Organizational Structure Cybersecurity and The Internal Organizational Structure Standards & Guidance Approaches Cybersecurity within the Enterprise Adapting Cybersecurity to address Enterprise Exposures Designing own Cybersecurity Risk Function Operating Model The Enterprise Function Roles most involved in Cybersecurity across the Enterprise Aligning Cybersecurity within the Enterprise Functions Governance & Risk Oversight Functions for Cybersecurity Cybersecurity and Executive Management Functions Cybersecurity Draws Support from Other Enterprise Management Functions Human Factors and Culture Organizations as Social Systems Cybersecurity More Than a Technology Problem Cybersecurity and Human Factors Social Engineering Threats Business Model Information Security (BMIS) Human Factors & Technology Trends Measuring Human Behaviours for Cybersecurity Cybersecurity Due to Human Errors Can Be Reduced The Application Ecosystem
Application Security Application Development Security Application Based Attacks Standardization of Application Security Features Techniques to Enforce Application Security Practical Cybersecurity Mitigants Spyware and Adware Mitigation Cybersecurity Considerations for the 7-Layers of the Application Ecosystem Information Technology Layer Site Facility Infrastructure Layer Application Ecosystem Management: Cybersecurity Day-to-Day Operations The Importance of Managing Change When should Changes be Made? What are the Impact Changes bring? The safeguard Effect of Internal Control in Change Management Organizational Change Management Access Control Access Control & A New Perspective Organizations requirements for Access Control User Registration and Deregistration Access Provisioning for Users Privileged Access Rights Management Users Secret Authentication Information Management User Rights: Removal & Adjustments Application & System Access Control Access Restriction to Information Procedures for Secure-Logins Password Management System Privileged Utility Programs Usage Program Source Code & Controlled Access External Context & Supply Chain Supply Chain Support Strategy Planning How to Create Supply Relationships How to Identify Competent External Suppliers Maintaining Situational Awareness Situational Awareness Plan Situational Awareness Process Cybersecurity Service Level Agreement SLA Constraints & Service Management 
