Managing Cyber Risks in the Supply Chain Training Course

ISO 28000 Foundation training enables you to learn the basic elements to implement and manage a Supply Chain Security Management System (SCSMS) as specified in ISO 28000. During this training course, you will be able to understand the different modules of a SCSMS, including SCSMS policy, procedures, performance measurements, management commitment, internal audit, management review and continual improvement.

After completing this course, you can sit for the exam and apply for the “PECB Certified ISO 28000 Foundation” credential. A PECB Foundation Certificate shows that you have understood the fundamental methodologies, requirements, framework and management approach.

Who should attend?

• Individuals involved in Supply Chain Security Management
• Individuals seeking to gain knowledge about the main processes of Supply Chain Security Management Systems (SCSMS)
• Individuals interested to pursue a career in Supply Chain Security Management 

Learning objectives

• Understand the elements of a Supply Chain Security Management System (SCSMS) and its principal processes
• Acknowledge  the correlation between ISO 28000 and other standards and regulatory frameworks
• Understand the approaches, methods and techniques used for the implementation and management of a SCSMS

Educational approach

• Lecture sessions are illustrated with practical questions and examples
• Practical exercises include examples and discussions
• Practice tests are similar to the Certification Exam

General Information

• Certification fees are included on the exam price
• Training material containing over 200 pages of information and practical examples will be distributed
• A participation certificate of 14 CPD (Continuing Professional Development) credits will be issued
• In case of exam failure, you can retake the exam within 12 months for free

ISO 28000 Introduction training course enables you to comprehend the basic concepts of a Supply Chain Security Management System. 

By attending the ISO 28000 Introduction course, you will understand the importance of a Supply Chain Security Management System and the benefits that businesses, society, and governments can obtain.

Who should attend?

• Individuals interested in Supply Chain Security Management
• Individuals seeking to gain knowledge about the main processes of Supply Chain Security Management Systems 

Learning objectives

• Understand the concepts, approaches, methods, and techniques used to implement a Supply Chain Security Management 
• Understand the basic elements of a Supply Chain Security Management System 

General Information

• Training material containing over 100 pages of information and practical examples will be distributed 
• A participation certificate of 7 CPD (Continuing Professional Development) credits will be issued

ISO 28000 Lead Auditor training enables you to develop the necessary expertise to perform a Supply Chain Security Management System (SCSMS) audit by applying widely recognized audit principles, procedures and techniques.During this training course, you will acquire the knowledge and skills to plan and carry out internal and external audits in compliance with ISO 19011 and ISO/IEC 17021-1 certification process.

Based on practical exercises, you will be able to master audit techniques and become competent to manage an audit team, audit program, communication with customers, and conflict resolution.

After acquiring the necessary expertise to perform this audit, you can sit for the exam and apply for a “PECB Certified ISO 28000 Lead Auditor” credential. By holding a PECB Lead Auditor Certificate, you will demonstrate that you have the capabilities and competencies to audit organizations based on best practices.

Who should attend?

• Auditors seeking to perform and lead Supply Chain Security Management System (SCSMS) certification audits
• Managers or consultants seeking to master a Supply Chain Security Management System audit process
• Individuals responsible for maintaining conformance with Supply Chain Security Management System requirements
• Technical experts seeking to prepare for a Supply Chain Security Management System audit
• Expert advisors in Supply Chain Security Management

Learning objectives

• Understand the operations of a Supply Chain Security Management System based on ISO 28000
• Acknowledge the correlation between ISO 28000 and other standards and regulatory frameworks
• Understand an auditor’s role to: plan, lead and follow-up on a management system audit in accordance with ISO 19011
• Learn how to lead an audit and audit team
• Learn how to interpret the requirements of ISO 28000 in the context of a SCSMS audit
• Acquire the competencies of an auditor to: plan an audit, lead an audit, draft reports, and follow-up on an audit in compliance with ISO 19011

Educational approach

• This training is based on both theory and best practices used in SCSMS audits 
• Lecture sessions are illustrated with examples based on case studies 
• Practical exercises are based on a case study which includes role playing and discussions
• Practice tests are similar to the Certification Exam

General Information

• Certification fees are included on the exam price
• Training material containing over 450 pages of information and practical examples will be distributed
• A participation certificate of 31 CPD (Continuing Professional Development) credits will be issued
• In case of exam failure, you can retake the exam within 12 months for free

ISO 28000 Lead Implementer training enables you to develop the necessary expertise to support an organization in establishing, implementing, managing and maintaining a Supply Chain Security Management System (SCSMS) based on ISO 28000. During this training course, you will also gain a thorough understanding of the best practices of Supply Chain Security Management Systems and be able to improve efficiency in managing potential security risks and their impacts in an organization`s supply chain. 

After mastering all the necessary concepts of Supply Chain Security Management Systems, you can sit for the exam and apply for a “PECB Certified ISO 28000 Lead Implementer” credential. By holding a PECB Lead Implementer Certificate, you will demonstrate that you have the practical knowledge and professional capabilities to implement ISO 28000 in an organization.

 Who should attend?

• Managers or consultants involved in Supply Chain Security Management
• Expert advisors seeking to master the implementation of a Supply Chain Security Management System
• Individuals responsible for maintaining conformance with SCSMS requirements
• SCSMS team members

Learning objectives

• Acknowledge the correlation between ISO 28000 and other standards and regulatory frameworks
• Master the concepts, approaches, methods and techniques used for the implementation and effective management of a SCSMS
• Learn how to interpret the ISO 28000 requirements in the specific context of an organization
• Learn how to support an organization to effectively plan, implement, manage, monitor and maintain a SCSMS
• Acquire the expertise to advise an organization in implementing Supply Chain Security Management System best practices

Educational approach

• This training is based on both theory and best practices used in the implementation of a SCSMS
• Lecture sessions are illustrated with examples based on case studies
• Practical exercises are based on a case study which includes role playing and discussions
• Practice tests are similar to the Certification Exam

General Information

• Certification fees are included on the exam price
• Training material containing over 450 pages of information and practical examples will be distributed
• A participation certificate of 31 CPD (Continuing Professional Development) credits will be issued
• In case of exam failure, you can retake the exam within 12 months for free

Description:

This class is intended as intense and hard core exam preparation for ISACA’s Certified Information Systems Auditor (CRISC) Examination. The latest four (4) domains of ISACA’s CRISC syllabus will be covered with a big focus on the Examination. The Official ISACA CRISC Review Manual and Question, Answer and Explanation, (Q,A&E), supplements will ALSO be provided when attending. The Q,A&E is exceptional in helping delegates understand the ISACA style of questions, the type of answers ISACA are looking for and it helps rapid memory assimilation of the material.

The technical skills and practices that ISACA promotes and evaluates within the CRISC certification are the building blocks of success in the field. Possessing the CRISC certification demonstrates your skill within the profession. With a growing demand for professionals holding risk and control expertise, ISACA’s CRISC has positioned itself to be the preferred certification program by individuals and enterprises around the world. The CRISC certification signifies commitment to serving an enterprise and the chosen profession with distinction.

Objectives:

• To help you pass the CRISC examination first time.
• Possessing this certification will signify your commitment to serving an enterprise with distinction.
• The growing demand for professionals with risk and control skills will allow holders of this certification to command better positions and salary.

You will learn:

• To help enterprises accomplish business objectives by designing, implementing, monitoring and maintaining risk-based, efficient and effective IS controls.
• The technical skills and practices that CRISC promotes, which are the building blocks of success in the field.

This instructor-led, live training in Moldova (online or onsite) is aimed at intermediate-level IT professionals who wish to enhance their skills in identifying and managing IT risk and implementing information systems controls, and prepare for the CRISC certification exam.

By the end of this training, participants will be able to:

• Understand the governance and risk management aspects of IT.
• Conduct IT risk assessments and implement risk responses.
• Design and implement information systems controls.
• Prepare effectively for the CRISC certification exam.

This instructor-led, live training in Moldova (online or onsite) is aimed at security engineers who wish to use IBM Qradar SIEM to address pressing security use cases.

By the end of this training, participants will be able to:

• Gain visibility into enterprise data across on-premise and cloud environments.
• Automate security intelligence to hunt threats and to contain risks.
• Detect, identify, and prioritize threats.

This instructor-led, live training in Moldova (online or onsite) is aimed at persons who wish to carry out research on third parties while protecting themselves from the like.

By the end of this training, participants will be able to:

• Install and configure advanced tools for carrying out OSINT.
• Use advanced techniques to collect publicly available data relevant to an investigation.
• Analyze large amounts of data efficiently.
• Generate intelligence reports on findings.
• Leverage AI tools for facial recognition and sentiment analysis.
• Map out a strategy for defining the objective and directing efforts to the most relevant and actionable data.

This Introduction to Open Source Intelligence (OSINT) course will provide delegates with skills to become more efficient and effective at finding those key pieces of intelligence on the Internet and World Wide Web. The course is highly practical allowing delegates the time to explore and understand some of the hundreds of tools and websites available.
The next level with in-depth use of advanced tools that are vital for covert internet investigations and intelligence gathering. The course is highly practical allowing delegates the time to explore and understand the tools and resources covered."    
 

This instructor-led, live training in Moldova (online or onsite) covers the different aspects of enterprise security, from AI to database security. It also includes coverage of the latest tools, processes and mindset needed to protect from attacks. 

Cloud Computing Security Knowledge (CCSK) Preparation Course

The CCSK course is intended to provide understanding of security issues and best practices over a broad range of cloud computing domains. As cloud computing is becoming the dominant IT system, CCSK is applicable to a wide variety of IT and information security jobs in virtually every organization. The CCSK is strongly recommended for IT auditors, system administrators, security professionals with at least 5 years of experience

After completing this course, the student will be able to:

• Validate their competence gained through experience in cloud security
• Prepare for the CCSK exam.
• Demonstrate their technical knowledge, skills, and abilities to effectively develop a holistic cloud security program relative to globally accepted standards
• Differentiate themselves from other candidates for desirable employment in the fast-growing cloud security market
• Gain access to valuable career resources, such as tools, networking and ideas exchange with peers
• Protect against threats with qualified professionals who have the expertise to competently design, build, and maintain a secure cloud business environmen

Format of the Course

• Interactive lecture and discussion.
• Lots of exercises and practice.
• Hands-on implementation in a live-lab environment.

Course Customization Options

• To request a customized training for this course, please contact us to arrange.

Description:

This 2-day CCSK Plus course includes all content from the CCSK Foundation course, and expands on it with extensive hands-on labs in a second day of training. Students will learn to apply their knowledge by performing a series of exercises involving a scenario that brings a fictional organization securely into the cloud. After completing this training, students will be well prepared for the CCSK certification exam, sponsored by Cloud Security Alliance. This second day of training includes additional lecture, although students will spend most of their time assessing, building, and securing a cloud infrastructure during the exercises.

Objectives:

This is a two day class that begins with the CCSK- Basic training, followed by a second day of additional content and hands-on activities

Target Audience:

This class is geared towards security professionals, but is also useful for anyone looking to expand their knowledge of cloud security.

This course will help professionals understand the value and limits of Application Security. While the Application Security Principals provides valuable awareness around some of the major risks in applications today, this course will highlight both the good and not so good.

This course is crucial because of the increasing need for developers to code in a secure manner. It is critical to introduce security as a quality component into the development cycle. This course aims at educating developers about various security vulnerabilities through hands-on practice using our purposely developed insecure web application.

Android is an open platform for mobile devices such as handsets and tablets. It has a large variety of security features to make developing secure software easier; however, it is also missing certain security aspects that are present in other hand-held platforms. The course gives a comprehensive overview of these features, and points out the most critical shortcomings to be aware of related to the underlying Linux, the file system and the environment in general, as well as regarding using permissions and other Android software development components.

Typical security pitfalls and vulnerabilities are described both for native code and Java applications, along with recommendations and best practices to avoid and mitigate them. In many cases discussed issues are supported with real-life examples and case studies. Finally, we give a brief overview on how to use security testing tools to reveal any security relevant programming bugs.

Participants attending this course will 

• Understand basic concepts of security, IT security and secure coding
• Learn the security solutions on Android
• Learn to use various security features of the Android platform
• Get information about some recent vulnerabilities in Java on Android
• Learn about typical coding mistakes and how to avoid them
• Get understanding on native code vulnerabilities on Android
• Realize the severe consequences of unsecure buffer handling in native code
• Understand the architectural protection techniques and their weaknesses
• Get sources and further readings on secure coding practices

Audience

Professionals

A number of programming languages are available today to compile code to .NET and ASP.NET frameworks. The environment provides powerful means for security development, but developers should know how to apply the architecture- and coding-level programming techniques in order to implement the desired security functionality and avoid vulnerabilities or limit their exploitation.

The aim of this course is to teach developers through numerous hands-on exercises how to prevent untrusted code from performing privileged actions, protect resources through strong authentication and authorization, provide remote procedure calls, handle sessions, introduce different implementations for certain functionality, and many more. A special section is devoted to configuration and hardening of the .NET and ASP.NET environment for security.

A brief introduction to the foundations of cryptography provides a common practical baseline for understanding the purpose and the operation of various algorithms, based on which the course presents the cryptographic features that can be used in .NET. This is followed by the introduction of some recent crypto vulnerabilities both related to certain crypto algorithms and cryptographic protocols, as well as side-channel attacks.

Introduction of different vulnerabilities starts with presenting some typical programming problems committed when using .NET, including bug categories of input validation, error handling or race conditions. A special focus is given to XML security, while the topic of ASP.NET-specific vulnerabilities tackles some special issues and attack methods: like attacking the ViewState, or the string termination attacks.

Participants attending this course will

• Understand basic concepts of security, IT security and secure coding
• Learn to use various security features of the .NET development environment
• Have a practical understanding of cryptography
• Understand some recent attacks against cryptosystems
• Get information about some recent vulnerabilities in .NET and ASP.NET
• Learn about typical coding mistakes and how to avoid them
• Get practical knowledge in using security testing tools
• Get sources and further readings on secure coding practices

Audience

Developers