Course NT-CSFISMS Fundamentals of cyber security. Creation of ISMS and audit according to ISO 27001 | nt.ua

(044) 390 73 35 (050) 352 68 64

EN RU UA

Course NT-CSFISMS Fundamentals of cyber security. Creation of ISMS and audit according to ISO 27001

Main course for cybersecurity professionals, which includes topics such as cybersecurity, the basic concepts of risks and principles of architectural security, planning and conducting ISMS (information security management system) audit in accordance with ISO 27001.

This training will useful for information security specialists, project manager and other employees responsible for protecting information in the organization, and professionals who will plan and conduct an ISMS audit in accordance with ISO 27001.

The course will provide participants with the necessary knowledge and skills that will help you understand the basic challenges and threats with which face organizations, teach to create and audit an ISMS in accordance with ISO 27001 and develop strategies improvements information security in the organization. 

In general, this training will help participants to take a comprehensive approach to cybersecurity in the organization, will provide qualitative outlook and understanding frameworks and knowledge bases are available for development.

After completing this course, students will be able to:

  • define the key concepts of cybersecurity;
  • define terms, concepts and fundamentals of risk management;
  • identify common types and vectors of attacks;
  • define the framework and guidelines for policy and procedure;
  • define cybersecurity control practices;
  • define different architectural patterns and frameworks cybersecurity;
  • understand penetration testing strategies;
  • identify key aspects and related risks for the protection of data, programs, operating systems;
  • understand aspects of network security, features of virtualization platforms and clouds;
  • determine the methodology for responding to accidents, the development of DRP plans, incident response plans;
  • define the basic concepts, practices of processing digital forensic data;
  • understand the complexity, the impact of changes and new technologies on the state of security;
  • form a strategy for creating, improving and auditing an ISMS in accordance with ISO 27001;
  • use additional knowledge bases and frameworks (NIST, MITER, SAAM, etc.) to improve cybersecurity.

Audience Profile

Information security professionals, solution architects, project managers, integration engineers, enterprise architects, developers who want to understand the key aspects of cybersecurity, and specialists who will plan and conduct an ISMS audit in accordance with ISO 27001.

Before attending this course, students must have:

  • It is desirable to have experience in the field of IT technologies and management.
  • Technical experience will be a plus, for example, 5 years of system or network administration.
  • Experience in the field of information security will be a plus.
  1. Challenges for organizations in the context of digital and agile transformation and increased external risks
  2. Transformation of the activities of specialists, requirements for knowledge and skills.
  3. Basic terms: information security, cybersecurity, subject, object, risks, attack, intruder, vulnerability.
  4. Confidentiality, integrity, and availability.
  5. Threat classification models.
  6. Security Topics in Different Frameworks: NIST, C 2 M 2, ISO 27001, CIS Controls, COBIT, ITIL, DevOps, Scrum,
  7. Frameworks vendors: Cisco SecureX Architecture, IBM Security Framework and IBM Security Blueprint, Microsoft SDL.
  8. Modelsattacks: Lockheed Martin Cyber Kill Chain, Cyber Kill Chain Expanded (CKC-X), MITER PRE-ATT&CK, Diamond Model.
  9. Security security-programs that developed: frameworks OWASP, OWASP SAMM.
  10. Architectural patterns are related to security. Security features for microservice architecture.
  11. Network security: from switch, firewall, IPS to Enterprise Service Bus and API Gateways.
  12. Operating system security. Features Linux / Unix, Windows, macOS.
  13. Mobile device security. Overview of MDM/MAM/UEM/EMM class systems.
  14. Continuity Management Plans (BCM). DRP, RPO and RTO.
  15. Security features for virtual infrastructure, containers, cloud solutions.
  16. SIEM platforms. Events, incident response. Positioning on the example of IBM Qradar, Splunk, Elastic.
  17. User education strategies.
  18. Convenience of creating and deploying Information Security Management Systems (ISMS) in an organization.
  19. Basic audit principles and ISO 27001 certification process.
  20. Conformity assessment and procedures to ensure the consistency of the ISMS over time.
  21. ISO 27002 (Code of Practice for Information Security Controls).
  22. ISO 15408 (Common Criteria for Information Technology Security Evaluation).
  23. ISO/IEC 27701:2019 – Privacy information management system.
  24. Positioning GDPR.
  25. ISO 27001 Control Workshop:
    • Selection of the top 20 highest priority controls in the ISMS
    • Development of a strategic plan for improving information security 
    • Development of an internal audit strategy
    • ISO 27001 controls:
      • Information Security Industry Coordination
      • Allocation of responsibilities related to information security
      • Consultations of specialists in information security
      • Cooperation between organizations
      • Independent assessment of information security
      • Classification and control of resources
      • Responsibility for resources
      • Classification of information regarding the level of confidentiality
      • Personnel safety issues
      • Security in the formulation of tasks and recruitment
      • User training
      • Incident and outage response
      • Systems development and maintenance
      • System security requirements
      • Security in applied systems.
      • System file security
      • Security during development and support
      • Physical security and territory protection
      • Protected areas and equipment safety
      • User access control
      • User Responsibilities
      • Network access control
      • Operating system access control
      • Program access control
      • Access monitoring and system usage
      • Mobile computers and remote work tools
      • Assessment and audit
      • Compliance with the requirements
      • Legal Compliance
      • Security Policy Review and Technical Compliance
      • Systems audit recommendations
      • Ensuring business continuity. Business Continuity Considerations
      • Ensuring safety during operation
      • Work rules and responsibilities
      • System development and acceptance planning
      • Malicious software protection
      • Service procedures
      • Computer network management
      • Media handling and safety
      • Exchange of information and software
      • Planning Results Reports
      • Reports on the results of the implementation of the necessary measures
      • Reports on the results of assessments and audits
      • Reports on specific events, incidents

Sign up for the closest date

Course Code

NT-CSFISMS

Length, days (hours)

4 (32)

Closest dates

Price, UAH

Class schedule

Date

Time

03.12.24
09:30 - 17:00
04.12.24
09:30 - 17:00
05.12.24
09:30 - 17:00
06.12.24
09:30 - 17:00