Opleidingen
53.777
resultaten
Studiedag Controle Test
Locatie centraal in het land
di 28 jul. 2026
Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Aenean commodo ligula eget dolor. Aenean massa. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Donec quam felis, ultricies nec, pellentesque eu, pretium quis, sem. Nulla consequat massa quis enim.
Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Aenean commodo ligula eget dolor. Aenean massa. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Donec quam felis, ultricies nec, pellentesque eu, pretium quis, sem. Nulla consequat massa quis enim. Donec pede justo, fringilla vel, aliquet nec, vulputate eget, arcu. In enim justo, rhoncus ut, imperdiet a, venenatis vitae, justo. Nullam dictum felis eu pede mollis pretium. Integer tincidunt. Cras dapibus. Vivamus elementum semper nisi. Aenean vulputate eleifend tellus. Aenean leo ligula, porttitor eu, consequat vitae, eleifend ac, enim. Aliquam lorem ante, dapibus in, viverra quis, feugiat a, tellus. Phasellus viverra nulla ut metus varius laoreet. Quisque rutrum. Aenean imperdiet. Etiam ultricies nisi vel augue. Curabitur ullamcorper ultricies nisi. Nam eget dui.
Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Aenean commodo ligula eget dolor. Aenean massa. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Donec quam felis, ultricies nec, pellentesque eu, pretium quis, sem. Nulla consequat massa quis enim. Donec pede justo, fringilla vel, aliquet nec, vulputate eget, arcu. In enim justo, rhoncus ut, imperdiet a, venenatis vitae, justo. Nullam dictum felis eu pede mollis pretium. Integer tincidunt. Cras dapibus. Vivamus elementum semper nisi. Aenean vulputate eleifend tellus. Aenean leo ligula, porttitor eu, consequat vitae, eleifend ac, enim. Aliquam lorem ante, dapibus in, viverra quis, feugiat a, tellus. Phasellus viverra nulla ut metus varius laoreet. Quisque rutrum. Aenean imperdiet. Etiam ultricies nisi vel augue. Curabitur ullamcorper ultricies nisi. Nam eget dui.
Sprekers
Hetty Benninga
Projectbegeleider
Kerckebosch Uitgeverij Studiecentrum
Bestemd voor
€395
Klassikaal
max 100
Digitale afleiding de baas | Meer focus, productiviteit en vitaliteit
Rijswijk
ma 25 nov. 2024
Leer in 3 uur hoe je je digitale balans vindt tussen online en offline werken voor meer focus, productiviteit en een gezondere werkstijl. Ontdek de technieken om digitale afleiding de baas te worden!
Laat jij je makkelijk digitaal afleiden? In 3 uur leer je een gezonde balans te vinden tussen online en offline werken voor meer focus en productiviteit.
Werk je vaak achter een beeldscherm, heb je je smartphone altijd bij de hand, draag je een smartwatch? Wil je leren hoe je zonder afleiding kunt werken, met meer rust en focus? In deze interactieve workshop Digitale afleiding de baas | Meer focus, productiviteit en vitaliteit leer je technieken om de onrust te verminderen die ontstaat door constante meldingen en afleidingen op je beeldscherm, smartwatch of smartphone.
Je ontdekt hoe de technologie om je heen werkt en hoe je brein daarop reageert. Je maakt ook kennis met handige breinoefeningen om je focus te maximaliseren. Alle inzichten geven je meer rust en helpen je om efficiënter te werken en je beter te voelen. Je gaat naar huis met een plan om je digitale balans blijvend te verbeteren.
Wil je je hele team helpen met het creëren van een gezonde digitale balans voor meer focus en productiviteit? Neem dan contact op voor een leeroplossing op maat.
Je bent vaak achter je beeldscherm bezig en je hebt je smartphone altijd bij de hand. Werk en privé lopen vaak door elkaar, wat soms een gevoel van onrust geeft. Hierdoor kun je moeilijk met één ding bezig zijn of echt even ‘uitschakelen’. Je merkt dat je soms in iets anders verzeild raakt dan je eigenlijk wilde doen.
Wil je meer regie en rust ervaren in het gebruik van digitale media en optimaal profiteren van digitale mogelijkheden zonder afleiding of verslaving? Dan is deze workshop wat voor jou!
Na afloop van deze training:
* ben je je bewust van de kracht van aandacht;
* heb je handvatten om die aandacht beter te benutten waardoor je efficiënter én relaxter werkt;
* begrijp je de dynamiek tussen jou en de technologie;
* heb je meer inzicht in de werking van je brein;
* ken je minimaal drie oefeningen die je direct kunt inzetten om je focus te maximaliseren;
* ben je je bewust van je balans in offline/online zijn;
* weet je wat er nodig is om een gezonde digitale balans te ontwikkelen;
* heb je een concreet plan om jouw digitale balans te verbeteren.
Zin en onzin van bereikbaar zijn
Ons (on)vermogen tot multitasken
De werking van het brein en de interactie met digitale technologie
Het nut van cognitieve fitnessoefeningen
De rol van notificaties
Technische hulpmiddelen die je echt helpen
Goede gewoontes opbouwen en behouden
De kracht van de groep
Oefenen!
Je zelfzorgplan
Actieve klassikale workshop
In deze vitaliteitstraining Digitale afleiding de baas van train2work is er ruimte voor theorie en technologie, waarbij we ons steeds richten op praktische, alledaagse ervaringen. Gesprekken, oefeningen en inzichten wisselen elkaar op een dynamische en inspirerende manier af.
Naslagwerk en actieplan
Je ontvangt een actueel boek over slimmer leven. Je hebt na afloop ook een persoonlijk zelfzorgplan waarmee je na de workshop actief aan de slag kunt blijven.
Groepsgrootte en jouw leerwensen
De groep bestaat uit maximaal 10 deelnemers. Dit biedt de ruimte voor persoonlijke vragen en jouw ervaringen. Heb je vóór de training al een belangrijke vraag waarmee je aan de slag wilt? Stel die dan gerust al vooraf aan de trainster.
Je kunt je direct inschrijven op deze training. Je ontvangt een bevestiging per e-mail. 10 dagen voor de training ontvang je onze uitnodiging met meer informatie over je deelname. Je bent van harte welkom op onze locatie Lange Kleiweg 14 in Rijswijk, 2 minuten lopen vanaf het station.
Wil je een teamtraining die aansluit bij jullie wensen, incompany of op maat? Neem dan contact op voor een leeroplossing op maat.
€280
Klassikaal
max 8
3 uren
Threat Intelligence Essentials (T|IE)
Threat Intelligence Essentials (T|IE)
De cursus Threat Intelligence Essentials biedt cursisten een sterke technische basiskennis van concepten en tools voor bedreigingsinformatie. De cursus biedt essentiële kennis over onderwerpen als het landschap van cyberbedreigingen, soorten bedreigingen en meer, waarmee u wordt voorbereid op een carrière als threat intelligence-analist. Test uw kennis met CTF-gebaseerde Capstone-projecten en valideer u nieuw verworven vaardigheden in gesurveilleerde examens. Verder biedt de cursus meer dan 18 uur aan eersteklas zelfstudievideotraining in 10 modules met 5 labs om studenten voor te bereiden op problemen in de echte wereld.
Cursusinhoud
Module 01: Introduction to Threat Intelligence
Threat Intelligence and Essential Terminology
o What is Threat Intelligence?
o Core Threat Intelligence Terminology
Key Differences Between Intelligence, Information, and Data
o Threat Intelligence vs. Threat Data
The Importance of Threat Intelligence
Integrating Threat Intelligence in Cyber Operations
o Modern Threat Intelligence vs. Traditional Cybersecurity
Threat Intelligence Lifecycles and Maturity Models
o Threat Intelligence Lifecycle and Processes
o Threat Intelligence Maturity Model
Threat Intelligence Roles, Responsibilities, and Use Cases
o Threat Intelligence Team Roles & Responsibilities
o Threat Intelligence Use Cases
o Ethical and Legal Considerations
Using Threat Intelligence Standards or Frameworks to Measure Effectiveness
o Frameworks and Standards
o KPI’s for Measuring Effectiveness
Establishing SPLUNK Attack Range for Hands-on Experience
o Module 1 Lab: SPLUNK Attack Range 3.0 Overview
o Attack Range Setup
Module 02: Types of Threat Intelligence
Understanding the Different Types of Threat Intelligence
o General Sources of Threat Intelligence
o The Threat Intelligence Array
Preview Use Cases for Different Types of Threat Intelligence
o Navigating Different Uses of Intelligence
o Specific Uses of Threat Intelligence by Type
Overview of the Threat Intelligence Generation Process
o The Threat Intelligence Generation Process
o Sources of Generated Threat Intelligence
Learn How Threat Intelligence Informs Regulatory Compliance
o How Regulation Influences Threat Intelligence Processes
o Other Regulatory Factors to Consider
Augmenting Vulnerability Management with Threat Intelligence
o Threat Intelligence and Vulnerability Management
o Additional Best Practices to Consider
Explore Geopolitical or Industry Related Threat Intelligence
o Geopolitical and Industry Focused Threat Intelligence
o How Cybersecurity Can Leverage These Sources
Integrating Threat Intelligence with Risk Management
o Threat Intelligence in Risk Management
Module 03: Cyber Threat Landscape
Overview of Cyber Threats Including Trends and Challenges
o Defining the Cyber Threat Challenge
Emerging Threats, Threat Actors, and Attack Vectors
o Threat Actor Types and Their Motivations
o Trends and Challenges Impacting Threat Intelligence
Deep Dive on Advanced Persistent Threats
o Getting to Know Your Advanced Persistent Threat
o High Profile Threat Actors in Modern Times
The Cyber Kill Chain Methodology
o What’s the Cyber Kill Chain Methodology?
o Exploring Other Cyber Kill Chains
Vulnerabilities, Threat Actors, and Indicators of Compromise (IoC)
o Indicators of Compromise (IoCs) Explained
o Key Vulnerability Management Control Considerations
Geopolitical and Economic Impacts Related to Cyber Threats
o Impact of Geopolitics and Economics on Cyber Threats
How Emerging Technology is Impacting the Threat Landscape
MITRE ATT&CK & SPLUNK Attack Range IOC Labs
o Module 3 Lab Part 1: MITRE ATT&CK Navigator
o Module 3 Lab Part 2: Reviewing Indicators of Compromise (IoC) in Attack Range
Module 04: Data Collection and Sources of Threat Intelligence
Making Use of Threat Intelligence Feeds, Sources, & Evaluation Criteria
o Maximizing Use of Threat Data Feeds
o Popular Sources of Threat Data
o Evaluating Threat Data Credibility & Effectiveness
Overview of Threat Intelligence Data Collection Methods & Techniques
o Overview of Threat Data Collection Methods
o Dissemination Channels for Threat Data
Compare & Contrast Popular Data Collection Methods
o Active vs Passive Threat Data Collection
o Effective Uses for Active & Passive Data Collection
o Other Intelligence Gathering Techniques
Bulk Data Collection Methods & Considerations
o Bulk Data Collection Types
o Bulk Data Collection Considerations
Normalizing, Enriching, & Extracting Useful Intelligence from Threat Data
o Normalizing Threat Data Before Enrichment
o The Data Enrichment Process
o Additional Tips for Extracting Actionable Intelligence from Threat Data
Legal & Ethical Considerations for Threat Data Collection Processes
o Ethical and Legal Risks Data Collection Must Account For
Threat Data Feed Subscription and OSINT Labs
o Module 4 Lab Part 1: Subscribing to and Ingesting FREE Threat Data from APIs
Module 05: Threat Intelligence Platforms
Introduction Threat Intelligence Platforms (TIPs), Roles, & Features
o Primary Features of a Threat Intelligence Platform
o Notable TIP Providers & Solutions
Aggregation, Analysis, & Dissemination within TIPs
o From Threat Data Aggregation to TIP Dissemination
o Risks of TIP Mismanagement
o Driving TIP Effectiveness & Accuracy
Automation & Orchestration of Threat Intelligence in TIPs
o The Importance of Automation & Orchestration within TIPs
o Desired Automation Outcomes
o Orchestration Benefits Within a TIP
Evaluating & Integrating TIPs into Existing Cybersecurity Infrastructure
o TIP Evaluation Criteria: The Tangible vs Intangible
o Elements to Consider During Trials
o Integration Consideration for TIPs
Collaboration, Sharing, and Threat Hunting Features of TIPs
o Macro Vs Micro Collaboration Goals of TIPs
o Ways That Threat Intelligence Platforms Share Data
o Threat Hunting on TIPs
Customizing TIPs for Organizational Needs
o The Customization Solution
o Ideal TIP Customization Features and Criteria
Using TIPs for Visualization, Reporting, & Decision Making
o How TIP Reporting and Visualizations Drive Key Business Decisions
o Driving Effective Practices in TIP Reporting and Visualization
AlienVault OTX and MISP TIP Platform Labs
o Module 5 Lab 1 Overview: AlienVault OTX and Pulses
o Module 5 Lab 2: Exploring MISP
Module 06: Threat Intelligence Analysis
Introduction to Data Analysis and Techniques
o Data Analysis Defined
o Using Data Analysis for Threat Intelligence
o Other Uses & Analysis Considerations
Applying Statistical Data Analysis, Including Analysis of Competing Hypothesis
o A Deeper Look into Statistical Analysis for Threat Intelligence: Malware Inspection
o Analysis of Competing Hypothesis
Identifying and Analyzing Threat Actor Artifacts
o Applying Analysis Techniques to IoC Data
o Applying Analytical Techniques to TTP Data
o Driving Excellence in Data Analysis Practices
Threat Prioritization, Threat Actor Profiling & Attribution Concepts
o How Data Analysis Assists Threat Prioritization
o Intro to Threat Actor Profiling
o Understanding and Improving Threat Attribution
Leveraging Predictive and Proactive Threat Intelligence
o Predictive vs Proactive Threat Intelligence
o Maximizing the Use of Predictive Threat Intelligence
o Rewinding on Proactive Threat Intelligence
Reporting, Communicating, and Visualizing Intelligence Findings
o Tips for Highly Effective Threat Reporting
o Using MISP for Threat Intelligence Reporting & Visualization
o Using Jupyter Notebooks to Visualize Data
Threat Actor Profile Labs & MISP Report Generation Labs
o Module 6 Lab 1 – Cyber Threat Actor Profile Exercise
o Module 6 – Lab 2: Generating MISP Threat Reports and Connecting MISP To Jupyter
Notebooks
Module 07: Threat Hunting and Detection
Operational Overview of Threat Hunting & Its Importance
o What Is Threat Hunting?
o General Threat Hunting Approach
o Characteristics of Successful Threat Hunters
Dissecting the Threat Hunting Process
o Considerations Before Conducting Threat Hunts
o Deep Diving the Threat Hunting Process
o Key Metrics to Guide Effective Threat Hunting
Threat Hunting Methodologies & Frameworks
o What are Threat Hunting Frameworks and Why Use Them?
o Hunting Framework Concepts: The Pyramid of Pain
o Using the PEAK Methodology for Threat Hunting
Explore Proactive Threat Hunting
o The Need for Proactive Threat Hunting
o Key Differences Between Proactive & Unstructured Threat Hunting
o When Proactive Threat Hunts Shine
Using Threat Hunting for Detection & Response
o The Role of Threat Hunting in Incident Detect & Response
o Common Ground Between Incident Response & Threat Hunting
Threat Hunting Tool Selection & Useful Techniques
o Types of Threat Hunting Tools
o Popular Threat Hunting Tools & Techniques
o Best Practices for Tool Selection
Forming Threat Hunting Hypotheses & Conducting Hunts
o The Value of Threat Hunting Hypotheses
o Hunting Tactics, Techniques & Procedures (TTP)
o Overview of MITRE’s TTP Hunting Methodology
Threat Hunting Lab in SPLUNK ATT&CK Range
o Overview of Threat Hunting Lab
Module 08: Threat Intelligence Sharing and Collaboration
Importance of Information Sharing Initiatives in Threat Intelligence
o The Importance of Information Sharing Initiatives
o Types of Information Sharing Arrangements
o Threat Information Sharing Frameworks
Overview of Additional Threat Intelligence Sharing Platforms
o Threat Information Sharing Platforms
o Desirable Features of Sharing Platforms
o Potential Platform Pitfalls
Building Trust Within Intelligence Communities
o Primary Trust Builders
o How Trust in Small Private Circles or Larger Public Communities is Achieved
Sharing Information Across Industries and Sectors
o Benefitting from Cross-Industry Threat Sharing
o Sector Specific Threat Sharing
o Cross-Sector Collaboration Communities
Building Private and Public Threat Intelligence Sharing Channels
o Approaches for Establishing Private Threat Intel Channels
o Approaches for Establishing Public Threat Intel Channels
Challenges and Best Practices for Threat Intelligence Sharing
o Best Practices for Sharing Threat Intel
o Threat Intelligence Sharing Challenges
o Modern Examples of Overcoming Sharing Challenges
Legal and Privacy Implications of Sharing Threat Intelligence
o Legal and Compliance Impacts
o Privacy Implications of Careless Intel Sharing
Sharing Threat Intelligence Using MISP and Installing Anomali STAXX
o Module 8 Lab: MISP to MISP Intel Sharing and Setting Up & Navigating Anomali STAXX
Module 09: Threat Intelligence in Incident Response
Integrating Threat Intelligence into Incident Response Processes
o Overview of the Security Incident Response Lifecycle
o Threat Intelligence Integration Examples
o Potential Threat Intelligence Integration Drawbacks
Role of Threat Intelligence in Incident Prevention Using Workflows & Playbooks
o Threat Intelligence’s Role in Incident Prevention
o Malicious Process Real-Time Response (RTR) Workflow Example
o Ransomware Playbook Example
Using Threat Intelligence for Incident Triage and Forensic Analysis
o How Threat Intelligence Aids Incident Triage
o The Role of Threat Intelligence During Forensic Analysis
Adapting Incident Response Plans Using New Intelligence
o Threat Intel as an Incident Response Adaptation Pathway
o Best Practice Considerations
o Adaptation Pitfalls to Avoid
Coordinating Response With External Partners
o Applying Threat Intelligence to Different Incidents
o How Threat Intelligence Assists External Partner Collaboration
Threat Intelligent Incident Handling and Recovery Approaches
o Applying Threat Intelligence to Different Incident Types
o Using Threat Intelligence During Incident Recovery
Post Incident Analysis and Lessons Learned Considerations
o Post-Incident Analysis and Areas of Emphasis
o Merging Threat Intelligence Into Lessons Learned Activities
Measurement and Continuous Improvement for Intelligence Driven Incident Response
o Approaches for Achieving Continuous Improvement
o KPIs to Measure Threat Intelligence’s Influence on Incident Response
Module 10: Future Trends and Continuous Learning
Emerging Threat Intelligence Approaches & Optimizing Their Use
o Complimentary Approaches to Threat Intelligence
o Applying Threat Intelligence to Emerging Technologies
o Optimizing Use of Emergent Technology for Threat Intelligence Operations
Convergence of Threat Intelligence & Risk Management
o Getting Started with Converging Threat Intelligent Risk Management
o A More Methodological Approach
Continuous Learning Approaches for Threat Intelligence
o Contemporary vs Evolving Learning Models
o Striking an Effective Balance
Adapting Professional Skillsets for Future in Threat Intelligence
o Adapting Existing Career Paths to Threat Intelligence
o Skills to Future Proof A Threat Intelligence Career
Anticipating Future Challenges & Opportunities in Threat Intelligence
o Potential Challenges Down the Road
o The Upside Opportunities of Threat Intelligence
Engaging in the Threat Intelligence Community & Keeping a Pulse on the Threat Landscape
o Engaging in Threat Intelligence Communities
o Keeping a Pulse on the Cyber Threat Landscape
The Role of Threat Intelligence in National Security & Defense
o Threat Intelligence For National Defense Use Cases
o Providers of National Defense Quality Threat Intelligence
Potential Influence of Threat Intelligence on Future Cybersecurity Regulations
o Historical Examples & Benefits of Threat Intelligence’s Influence on Regulation
o The Potential Downsides of Shaping Policy With Threat Intelligence
€299
E-Learning
Variabel
SOC Essentials (S|CE)
SOC Essentials (S|CE)
De SOC Essentials (S|CE) is ontworpen voor aankomende beveiligingsprofessionals, nieuwkomers en carrièreswitchers om inzicht te geven in raamwerken voor beveiligingsoperaties en gerelateerde technologieën. Met 8 modules die robuuste onderwerpen behandelen, van computernetwerk- en beveiligingsfundamenten tot SOC-componenten en architectuur, bereidt S|CE je voor op het identificeren van verschillende aspecten van cyberbedreigingen en het beveiligen van digitale omgevingen. Test je kennis met CTF-gebaseerde Capstone-projecten en valideer je nieuw verworven vaardigheden in gesurveilleerde examens. Verder biedt het meer dan 10 uur aan eersteklas video training in zelfstudie met 6 hands-on labs om praktijkscenario's te simuleren.
Cursusinhoud
Module 01: Computer Network and Security Fundamentals
Computer Network
TCP/IP Model
OSI Model
Types of Networks
Network Model
• Types of a Network
o Types of a Network (PAN)
o Types of a Network (LAN)
o Types of a Network (WLAN)
o Types of a Network (MAN)
o Types of a Network (WAN)
o Types of a Network (SAN)
Network Topologies
• Network Hardware Components
TCP/IP Protocol Suite
Network Security Controls
• Key Network Security Controls
Network Security Devices
Windows Security
Unix/Linux Security
Web Application Fundamentals
Information Security Standards, Laws and Acts
Module 02: Fundamentals of Cyber Threats
Cyber Threats
• Classification of Cyber Threats
• Impact of Cyber Threats
• Vulnerability in Cybersecurity
• Cybersecurity Best Practices
• Emerging Threats and Future challenges
• Ransomware
• Impact of Ransomware
Intent-Motive-Goal
• Cybercrime Performed
• Email compromise Attack
Tactics-Techniques-Procedures (TTPs)
• Example -Data Exfiltration
• Practical Example – Data Exfiltration
• Key Steps for Lateral Movement
• APT - Example
Opportunity-Vulnerability-Weakness
• Opportunity
• Vulnerability
• Weakness
• Practical Example- E-Commerce Website
• Practical Example- Online Banking System
Vulnerability
• Type of vulnerabilities
• Source of Vulnerabilities
• Lifecycle of Vulnerabilities
• Practical Example - Vulnerability
Threats & Attack
• Types of Threat & Attack
• Cyber Threat
• Mitigation strategies for Cyber Threats
Example of Attacks
• Example of Attack – Blended Cyber Attack
• Example of Attack -Man-in-the-Middle Attack for Credentials Harvesting
Network-based attacks
Application-based
• Cross-site Scripting
• Types of Cross-site Scripting
• Attack Process
• Application Based Attack
Host Based Attacks
• Host Based Attack - Impact
Insider Attacks
• Types of Insider Attacks
• Prevention and Mitigation
• Examples
Malware (viruses, worms, ransomware, etc.)
• Types of Malware
• Distribution Method
• Prevention And Mitigations
Phishing and social engineering
• Common Characteristics
• Examples
• Prevention
• Social Engineering Common Characteristics
• Example
• Prevention
• Key Difference
Module 03: Introduction to Security Operations Center (SOC)
What is a Security Operations Center (SOC)?
Importance of SOC
• Importance of SOC in Cybersecurity
SOC Team Roles & Responsibilities
SOC KPI
SOC Metrics
SOC Maturity Models
• Typical Stages in the SOC Maturity Model
• Benefits of the SOC Maturity Model
SOC Workflow and Processes
Challenges in Operating a SOC
Module 04: SOC Components and Architecture
Key Components of a SOC
• Security Operation Center
• Breakdown of the Key Components of the SOC
People in SOC
Processes in SOC
• Key Processes in SOC
• Example of Processes in SOC
Technologies in SOC
• Key Technology in SOC
SOC Architecture and Infrastructure
• Key Components of SOC Architecture and Infrastructure
Different Types of SOC and Their Purpose
Introduction to SIEM
• Key components of SIEM
• Benefits of SIEM
• Challenges of SIEM
• Use Cases of SIEM
SIEM Architecture
• Key Components of SIEM Architecture
• SIEM Architecture
SIEM Deployment Model
Data Sources in SIEM
SIEM Logs
• Overview of Logs in SIEM Environment
Networking in SIEM
Endpoint Data in SIEM
Module 05: Introduction to Log Management
Incident
• Example of Cybersecurity Incidents
Event
• Example of Cybersecurity Events
Log
• Key points of Logs
• Example of Log Types
Typical Log Sources
• Typical Log Sources with Example
Need of Log
Typical Log Format
Local Log management
• Benefits of Local Log Management
Centralized Log Management
• Key Components of Centralized Log Management
Logging Best Practices
Logging/Log Management Tools
Module 06: Incident Detection and Analysis
SIEM Use Cases Development
Security Monitoring and analysis
• Basic Concept of Security Monitoring
• Basic Concept of Security Analysis
• Security Monitoring and Analysis Process
• Practical Example – Malware Detection and Analysis
• Practical Example – Abnormal or non-typical user Behavior Detection
• Practical Example – Phishing Attack Detection and Response
Correlation Rules
• Overview of Correlation Rules
• Use cases: Detection of a Distributed Denial of Service (DDoS) Attack
Dashboards
• Overview of Dashboards
Reports
• Key Components of Reports
• Types of Reports
• Benefits of Reports
Alerting
• Purpose of Alerting
• Key components of Alerting
• Type of Alerts
• Alerting Workflow
• Benefits of Alert
Triaging alerts
• Purpose of Triaging alerts
• Key components of Triaging alerts
• Triage Process
• Benefits of Triaging alerts
Dealing with False Positive Alerts
• Mitigation strategies
• Final step in Dealing with False positive Alerts
Incident Escalation
• Purpose of Incident Escalation
• Key Components of Incident Escalation
• Escalation Process
• Benefits of Incident Escalation
Communication Paths
• Common Communication paths in cybersecurity
Ticketing Systems
• Example of Ticketing Systems
Module 07: Threat Intelligence and Hunting
Introduction to Threat Intelligence
• Breakdown of Threat Intelligence
Threat Intelligence Sources
Threat Intelligence Types
Threat Intelligence Lifecycle
Role of Threat Intelligence in SOC operations
Threat Intelligence Feeds
• Types of Threat Intelligence Feeds
• Content and Format
• Integration and consumption
• Evaluation and Selection
Threat Intelligence Sharing and Collaboration
• Types of Threat Intelligence Sharing
• Benefits of Threat Intelligence sharing
• Challenges and Considerations
Threat Intelligence Tools/Platforms
• Malware Analysis Platform
• Open-Source Intelligence Tools
• Vulnerability Management Tools
• Threat Intelligence Feeds and APIs
• Dark Web Monitoring Tools
• Adversary Emulation Platforms
Introduction to threat Hunting
Threat Hunting Techniques
• Common Threat threat-hunting techniques
Threat Hunting Methodologies
• Common Threat Hunting Methodologies
Role of Threat Hunting In SOC Operations
Leveraging Threat Intelligence for Hunting
Threat Hunting Tools
Module 08: Incident Response and Handling
Incident Handling Process
• Steps in the Incident Handling Process
Incident classification and prioritization
• Breakdown of Incident Classification
Incident response lifecycle
• Preparation
• Detection & Analysis
• Containment, Eradication & Recovery
• Post-Incident Analysis
• Continuous Improvement
Preparation
Identification
Containment
Eradication
Recovery
Post-Incident Analysis and Reporting
€299
E-Learning
Variabel
DevSecOps Essentials (D|SE)
DevSecOps Essentials (D|SE)
De DevSecOps Essentials (D|SE) behandelt fundamentele vaardigheden in DevSecOps en biedt belangrijke inzichten in het identificeren van risico's bij applicatieontwikkeling en het beveiligen en testen van applicaties binnen on-premises, cloud providers en infrastructuren. Test je kennis met CTF-gebaseerde Capstone-projecten en valideer je nieuw verworven vaardigheden in gesurveilleerde examens. Met 7 praktische labs, meer dan 7 uur zelfstudievideo's en 12 modules zorgt de cursus ervoor dat studenten erkenning krijgen en betere kansen krijgen voor de volgende logische stap na D|SE.
Cursusinhoud
Module 01: Application Development Concepts
History of Application Development
• What is Application Development
• Programming
• Web and Mobile Development
Evolution of Applica on Development Methodologies
• Evolution of Applica on Development
• Traditional Waterfall development model
• Agile development methodology
• Methodology Comparison
• DevOps methodology
• Choosing a Methodology
Introduction to Application Architectures
• Application Architectures
• Types of Application Architectures
• Monolithic Architecture
• Microservices Architecture
• Microservices Challenges
• Serverless Architecture
• Limitations to Serverless Architecture
• Choosing an Application Architecture
• Working with Applications in Production
• Applications in Production
• Application Production Environments
• Designing the Production Environment
• Deployment Strategies
• Deployment Tools for Applications
• Monitoring and Troubleshooting
• Monitoring Tools in Production
• Continuous Monitoring and Management of Applications
Introduction to the Application Development Lifecycle
• Application Development Lifecycle
• Steps 1 through 3 in the ADLC
• Steps 4 through 6 in the ADLC
Application Testing and Quality Assurance
• Testing and Quality Assurance
• Types of Application Tests
• Best Practices for Applica on QA
• Application Performance Management
• Why is APM important?
• Using Tools for APM
• Popular APM Tools
Application Monitoring, Maintenance and Support
• Application Integration
• What is Application Integration
• Types of Application integration
• Best Practices for Application Integration
• Application Maintenance and Support
• Best Practices for Maintenance and Support
• Continuous Monitoring
• Why is Continuous Monitoring Important?
• What Tools assist with Monitoring
• Configuration and Change Management
• Role of Configura on and Change Management
Module 02: Application Security Fundamentals
What is Secure Application Development
• Secure Application Development
• Secure App Dev Principles
• Secure App Dev Practices
Need for Application Security
• Application Security is a Need
• Why is Application Security Important?
• Cloud Computing
• Artificial Intelligence and Machine Learning
Common Application Security Risks and Threats
• Consequences of Security Breaches
• Common Atacks to Applications
OWASP Top 10
• What is the OWASP Top 10
• List of OWASP Top 10 App Security Risks
• Injection Atacks
• Broken Authentication and Session Management
• Cross-Site Scripting (XSS)
• Insecure Direct Object References
• Security Misconfiguration
• Sensitive Data Exposure
• Broken Access Control
• Insufficient Logging and Monitoring
• Insecure Cryptographic Storage
• Insecure Communication
Application Security Techniques
• Security Techniques
• Input Validation
• Output Encoding
• Encryption and Hashing
Secure Design Principles
• Security Requirements
• Secure Design Principles
• Least Privilege
• Defense in Depth
• Fail Securely
• Secure by Default
• Separation of Du es
• Zero Trust
Threat Modeling
• Introduction to Threat Modeling
• Benefits of Threat Modeling
• Types of Threat Modeling
• STRIDE Threat Modeling
• Trike Threat Modeling
• PASTA Threat Modeling
• VAST Threat Modeling
• Threat Modeling Best Practices
• Evaluating Risk
Secure Coding
• Secure Coding Practices
• Secure Coding in Action
Secure Code Review
• Secure Code Review
• Secure Code Review in Action
SAST and DAST Testing
• Testing Methods in Action
• Static Application Security Testing (SAST)
• Dynamic Application Security Testing (DAST)
Secure Configurations
• Secure Configurations
• Secure Configurations in Ac on
Educating Developers
• Educating Developers on Security
• Ensuring Application Security
Role of Risk Management in Secure Development
• Security and Compliance Standards
• Role of Risk Management in Developing Secure Applications
• What is Risk Management
• Four Steps of Risk Management
• Risk Management in App Development
• Best Practices for Mitigating Risk
Project Management Role in Secure Application Development
• Project Management for Protecting the Scope of Security in Development
• What is Project Management?
• PM use in App Development
• Role of the Project Manager
• PM Best Practices for Secure App Development
Module 03: Introduction to DevOps
Introduction to DevOps
• Evolution of DevOps
• Agile Development Methodology
• Benefits of DevOps
• Improved Quality
• Cost Savings
DevOps Principles
• DevOps Principles
• Automation in DevOps
• Infrastructure as Code (IaC)
DevOps Pipelines
• Principles of DevOps
• Continuous Integra on in DevOps
• Continuous Delivery in DevOps
• Continuous Deployment in DevOps
DevOps and Project Management
• Project Management and DevOps
• Waterfall and DevOps
• Agile and DevOps
• Lean and DevOps
Module 04: Introduction to DevSecOps
Understanding DevSecOps
• What is DevSecOps?
• Goals of DevSecOps
DevOps vs. DevSecOps
• DevOps vs. DevSecOps
• Emphasizing DevSecOps
DevSecOps Principles
• DevSecOps Principles
• DevSecOps Collaboration
• DevSecOps Automation
• DevSecOps Security Testing
DevSecOps Culture
• Developing a DevSecOps Strategy
• Challenges in Building a DevSecOps Culture
• Best Practices for Building a DevSecOps Culture
Shit-Left Security
• What is Shit-Left Security?
• Benefits of Shit-Left Security
• Implementing Shit-Left Security
• Getting Started with DevSecOps
DevSecOps Pipelines
• DevSecOps Pipeline Overview
• Secure Code Review
• Container Security
• DevSecOps Pipelines
• DevSecOps Pipeline Steps
Pillars of DevSecOps
• Three Pillars of DevSecOps
• The Importance of People in DevSecOps
• The Importance of Process in DevSecOps
• The Importance of Technology in DevSecOps
DevSecOps Benefits and Challenges
• Benefits of DevSecOps
• Challenges of DevSecOps
Module 05: Introduction to DevSecOps Management Tools
Project Management Tools
• Jira Project Management Software
• Confluence Collaboration Software
• Slack Team Communication Software
• Microsoft Teams Collaboration Software
Integrated Development Environment (IDE) Tools
• Integrated Development Environments (IDEs)
• Eclipse
• Visual Studio
Source-code Management Tools
• Source-Code Management with GitHub
• Source-Code Management with GitLab
• Source-Code Management with Azure DevOps
Build Tools
• Introduction to Build Software
• Types of Build Software
• Maven
Continuous Testing Tools
• Introduction to Continuous Testing Software
• Selenium
• TestComplete
• Katalon Studio
• Gradle
• Conclusion
Module 06: Introduction to DevSecOps Code and CI/CD Tools
Continuous Integration Tools
• Continuous Integration Overview
• Jenkins
• Bamboo
• Other CI Tools
Infrastructure as Code Tools
• Introduction to Infrastructure as Code (IaC)
• Terraform
• Ansible
• CloudForma on
• Pulumi
Configuration Management Tools
• Configuration Management
• Chef for Configuration Management
• Puppet and Chef for Configuration Management
• Containers Overview
• Docker Overview
• Kubernetes Overview
• AWS Container Services
• Container Management in Azure
• Container Management in GCP
Continuous Monitoring Tools
• Why Continuous Monitoring is Critical in DevSecOps
• Splunk for DevSecOps Monitoring
• Nagios for DevSecOps Monitoring
• ELK for DevSecOps Monitoring
• AWS Config for DevSecOps Monitoring
• Microsoft Defender for Cloud Developer Security
• DevSecOps Management and Monitoring soware tools – Conclusion
Module 07: Introduction to DevSecOps Pipelines
Role of DevSecOps in the CI/CD Pipeline
• DevSecOps in CI/CD Pipeline
• DevSecOps in Development Lifecycle
• Ensuring Secure Deployments in DevSecOps
DevSecOps Tools
• DevSecOps Tools
• Code Analysis Tools
• Vulnerability Scanning Tools
• Security Testing Tools
• Continuous Monitoring Tools
Embracing the DevSecOps Lifecycle
• DevSecOps Lifecycle
DevSecOps Ecosystem
• Key Elements of DevSecOps Ecosystem
• Key Elements of DevSecOps Pipeline and Ecosystem
Key Elements of the DevSecOps Pipeline
• Keys to a Successful DevSecOps Pipeline
Integrating Security into the DevOps Pipeline
• Integrating Security in DevOps Pipeline
• Importance of Security in CI/CD Pipeline
• Secure Coding Practices
• Access Control
• Continuous Monitoring and Incident Response
Module 08: Introduction to DevSecOps CI/CD Testing and Assessments
Implementing Security into the CI/CD Pipeline and Security Controls
• Why We Need Continuous Security in DevOps
• The Benefits of Continuous Security in DevOps
• Implementing Continuous Security in DevOps
• Security Controls to Protect the CI/CD Pipeline
Continuous Security in DevSecOps with Security as Code
• Why Continuous Application Security Testing is Important for Your Business
• The Benefits of Continuous Application Security Testing
• Implementing Continuous Security in DevOps
Continuous Application Testing for CI/CD Pipeline Security
• Continuous Testing for CI/CD Pipeline Security
• Types of Continuous Testing
• Different Types of Testing
• Continuous Testing Best Practices
• Best Practices for Implementing Security as Code
• Implementing Security as Code
Application Assessments and Penetration Testing
• Types of Application Assessments
• Types of Assessments to integrate into CI/CD Pipeline
• Features of different types of assessments in CI/CD Pipeline
• Automated Vulnerability Scanning Tools
• Vulnerability Scanning
• Vulnerability Scanning in CI/CD Pipeline
• Integrating Vulnerability Scanning into CI/CD Pipeline
• Best Practices for Implementing Vulnerability Scanning in CI/CD Pipeline
• Penetration Testing
• Penetration Testing in the CI/CD Pipeline
Module 09: Implementing DevSecOps Testing & Threat Modeling
Integrating Security Threat Modeling in Plan Stage
• Introduction to Security Threat Modeling
• Integrating Security Threat Modeling in the Planning Stage of Application Development
• Importance of logging and monitoring of applications
• Importance of configuration management
Integrating Secure Coding in Code Stage
• Importance of code testing
• Secure Application Development Lifecycle
• Build Stage Security Tools and Techniques
• Test Stage Security Tools and Techniques
• Release Stage Security Tools and Techniques
• Deploy Stage Security Tools and Techniques
• Secure Coding Practices in the Application Coding Stage
• Best Practices for Secure Coding
Integrating SAST, DAST and IAST in Build and Test Stage
• Integrating SAST, DAST, and IAST in the Build Stage
• Benefits of Integrating SAST, DAST, and IAST in the DevSecOps Pipeline
Integrating RASP and VAPT in Release and Deploy Stage
• RASP and VAPT Integration in Release and Deploy Stage
• Benefits of RASP and VAPT Integration in Release and Deploy Stage
• Conclusion
Module 10: Implementing DevSecOps Monitoring and Feedback
Integrating Infrastructure as Code (IaC)
• What is Infrastructure as Code?
• Why Integrate IaC into DevSecOps?
• Tools for IaC Integration in DevSecOps
• Challenges in IaC Integration into DevSecOps
• Best Practices for IaC Integration into DevSecOps
Integrating Configuration Orchestration
• What is Configuration Orchestration?
• How Does Configuration Orchestration Increase Security Posture?
• Tools for Configuration Orchestration
Integrating Security in Operate and Monitor Stage
• Securing Operations and Monitoring
• Importance of Security in Operate and Monitor Stage
• Benefits of Automated Security Practices
Integrating Compliance as Code (CaC)
• What is Compliance as Code?
• Benefits of Compliance as Code
Integrating Logging, Monitoring, and Alerting
• Integrated Logging, Monitoring, and Alerting During Application Development
• Integrated Logging, Monitoring, and Alerting When an application is in Production
• Tools for Securing Opera ons and Monitoring
Integrating Continuous Feedback Loop
• Continuous Feedback Loop
• Creating a Continuous Feedback Loop
• Integrating Continuous Feedback Loop into Application Development Lifecycle
• Conclusion
€299
E-Learning
Variabel
IoT Security Essentials (I|TE)
IoT Security Essentials (I|TE)
De IoT Security Essentials (I|TE) is een uitgebreide gids voor het beveiligen van het Internet of Things (IoT)-systemen. Het behandelt essentiële onderwerpen van IoT-fundamenten tot geavanceerde beveiligingsbedreigingen en beveiligingstechniek, en biedt de kennis en vaardigheden om veilige IoT-oplossingen te ontwerpen, in te zetten en te onderhouden. Test uw kennis met CTF-gebaseerde
Capstone-projecten en valideer uw nieuw verworven vaardigheden in gesurveilleerde examens. Kandidaten worden toegerust om beveiligingsrisico's in IoT-omgevingen te identificeren, te beoordelen en te beperken, biedt de cursus 5 labs, meer dan 8 uur eersteklas video training en 11 modules met branche-expertise.
Cursusinhoud
Module 01: IoT Fundamentals
Definitions
IoT
IoT Beginnings
The IoT Paradigm
IoT Characteristics
What's Smart?
Smart Technology
IoT in Power Grids and Home
o Smart Homes
o Smart Grid
o Smart Grid Case Study
o Smart Grid – Why?
o Smart Grid – Smart City
o Smart Agriculture
Internet of Military Things
o IoT Architecture
o IoT Application Areas and Devices
o IoT Technologies and Protocols
o IoT Communication Models
Industrial IoT basics
SCADA
NIST 800-82 – SCADA
DCS
Smart City
o Smart City Framework
Health IoT
o Remote Patient Monitoring
o Medical IoT wearable devices
o Medical IoT internal devices
o Medical IoT Under Skin Devices
IoT Platforms
o IoT Platforms – Xively
o IoT Platforms – AWS IoT
o IoT Platforms - GE Predix
o IoT Platforms - Google Cloud IoT
o IoT Platforms - Microsoft Azure IoT
o IoT - Technical Basics
Nodes and Applications in Wireless Sensor Networks
o Types of Nodes
o Types of Applications
The Future of IoT
Module 02: IoT Networking and Communication
Basic Concepts – MAC Address
EUI-64
Network Concepts– IP Addresses (IPV4)
Private Vs. Public
Private IP Address
OSI Model - Open Systems Interconnect
TCP Model
IP Addresses and Subnet Masks
IPv4 Subnetting Techniques
Custom IP Addresses
CIDR
o CIDR Address
IP Address Services
APIPA
IPv6
Network Concepts - Wi-Fi
Narrowband, Broadband, and Spread Spectrum Signals
Frequency Hopping Vs. Direct Sequence
Spread Spectrum Details
802.11 Broadcast Methods
802.11 Channels
IoT Protocols
Bluetooth
o 802.15
o Bluetooth Protocols
o Simplified Bluetooth Stack
ANT+
IPv6 Over Low Power Wireless Personal Area Networks (6LowPAN)
6LowPAN
NFC
RFID
ZigBee
IEEE 802.15.4 Physical Layer
Operating Frequency Bands
PHY Frame Structure
IEEE 802.15.4 MAC Layer
IEEE ZigBee Network Topologies MAC Layer
o ZigBee Network Topologies
o ZigBee and Bluetooth Comparison
Z Wave
LoRa
RuBee
WirelessHART
MiWi
MQTT
TR-069
OMA-DM
XMPP
DDS
Constrained Application Protocol (CoAP)
Cellular Networks
5G
Windows IoT
Power System Communication Technologies
Power Line Carrier Communication (PLCC)
o Coupling Types in PLCC System
o PLCC---Uses
o PLCC---Fiber Optic
Tele-Control Protocols
IEC–60870–5-101
ICCP Protocol
IEEE Standards
Distributed Network Protocol 3 (DNP3)
IEEE IoT Standards List
Building Information Model
Module 03: IoT Processors and Operating Systems
PCB
NAND
UART
JTAG
CPU Internal Structure
Interrupts
Operating Systems
Features of the OS in Embedded Systems
Operating System Kernel
Kernel Types
Firmware
Real-Time Operating System (RTOS)
Type of Real-Time Systems
Performance Evaluation
Four Main Tasks of an OS
RTOS – VxWorks
What is VxWorks?
Differences Between Traditional UNIX and VxWorks
VxWorks Architecture
VXWorks Networking Support
RTPS QNX
RTOS – LINUX
Contiki
The Contiki OS
Contiki Protothreads and Dynamic Linking
RIOT
TinyOS
o TinyOS Design
o TinyOS Tools
o TinyOS Scheduler
MagnetOS
FreeRTOS
Apache Mynewt
BeRTOS
Zephyr
Linux & Android
o History of Linux
o Linux
o Linux Shells
o Basic Shell Command Summary
o Run Levels
o Android Linux Kernel
o Android OS
o Android App Priority and Processes
o Linux Kernel and Storage Management
o Android Architecture
o Android Versions
o Android Automotive
o Android TV
o Android Things
Module 04: Cloud and IoT
What is Cloud Computing?
NIST
Cloud Characteristics
Types of Cloud Computing Services
Cloud Deployment
Basic Cloud Concepts
Cloud Computing
Cloud Types
Multi-cloud
HPC Cloud
Virtualization
Virtual Systems
IaaS
PaaS
SaaS
o Example SaaS: Google Docs
Variations
Characteristics of Virtualization
Virtual Components
Distributed Systems Issues
Terms
Uses of Cloud Computing
IoT Cloud Commercial Solutions
AWS IoT
AWS IoT Components
Oracle Cloud
Grid Computing
Fog Computing
Future Trends
Module 05: IoT Advanced Topics
IoT Software
Web Applications
Hybrid Model
Embedded Device Web App
Web Communications
Mobile Applications
Hybrid
Native Applications
IoT Identity Management
IoT Protocols
What is Machine Learning?
IoT and Machine Learning
Types of Learning
Supervised vs. Unsupervised Learning
Classification
Neural Networks
Terminology
Hebb’s Rule
ANNs – The Basics
Topologies of Neural Networks
Multi-Layers
Recurrent Networks
Elman Nets
Neural Network Function
K-Nearest Neighbor
Echo State Network
Naive Bayes
Block Chain IoT
What is a Block?
What is a Transaction?
Block Chain IoT
How to Achieve Convergence?
Structure of a Block Chain
Consensus Algorithms
Module 06: IoT Threats
List of Common IoT Attacks
IoT Vulnerable
How Bad is the Problem?
Mirai
BrikerBot
Other Notable IoT Attacks
Definition of Sybil Attack
Sybil Attack
Sinkhole Attack
TinyOS Beaconing
Geographical Attacks and Attackers
Spoofed, Altered, or Replayed Routing Info
Wormhole Attack
Blackhole Attack
Rushing Attacks
HELLO Flood Attack
Smart Heating Shutdown
Access Internal State
Modify Internal State
Clone TAP
IoT Expands Security Needs
OWASP IoT Top 10
Dark Reading Top 8 Attacks
IoT Attack Surface
IoT Goat
o Example DOS – Syn Flood
o Example DOS – Smurf
o Example DOS – Fraggle
DHCP Starvation
Amplification
Other DoS Attacks
Bluetooth Attacks
Wireless Attacks
IoT Hacking
IoT Attacks
IoT Privacy Issues
Malware
Virus Types
Hiding Techniques
Ransomware
Smart Thermostat Ransomware
Other New Attacks
Hacking Medical Devices
Hacking Cars
Hacking Homes
IoT Hacking
Metasploit and IoT
SCADA - Poor Authentication and Authorization
SCADA Unpatched Systems
E-passport Threats
Security Threats of RFID-Enabled Supply Chain
Module 07: Basic Security
The CIA Triangle
Other Security Concepts/Terms
Best Practices for Protecting Embedded OSs
WLAN Security Goals
Basic WLAN Security Mechanisms
Open System Authentication
Shared Key Authentication
WEP
WPA
WPA2
WPA3
MAC Address Filtering
Disabling SSID Broadcast
Changing the Default Login
Bluetooth Security Modes
Authentication Summary
Zigbee Security
RuBee Security
IoT Checklist
IoT Security Measures
IoT Security Tools
Firmware Security Testing Methodology
ByteSweep
Stanford Secure IoT project
System Hardening
Symmetric Block Cipher Algorithms
Symmetric Encryption
DES & AES
Blowfish
Asymmetric Encryption
How Does Public/Private Key Encryption Work?
RSA & Diffie-Helman
Digital Signature Basics
Hashes
What is a Collision?
History of SSL
TLS v 1.3
Remote Access Security - TLS
SSL/TLS Handshake
Certificate Store
Basics of Defending SCADA/ICS
SCADA Security Basics
SCADA Security Standards
RTU Security - Serial Port
Current Grid Environment
Threats to the Grid
NISTIR 7628
Medical Device Standards
EMC Terminology
IoT Privacy
IoT Security Compliance Framework 1.1
Industrial IoT Security Framework
IETF
NIST
NISTIR 8228
IEEE Standards
Security in the SDLC
Legal, Regulatory, and Rights Issues
Aircrack
Wireless tools
Other Wifi tools
Bluetooth tools
Security Protocols For Wireless Sensor Networks
SNEP: Sensor Network Encryption Protocol
TINYSEC
MINISisEC
LEAP: Localized Encryption And Authentication Protocol
ZigBee Security
ZigBee Security Trust Center
ZIGBEE
Module 08: Cloud Security
State of Cloud Security
Cloud Threats On the Rise
Cloud Vulnerabilities
Issues
Critical Security Areas in Cloud Computing (CSA)
Top 10 Customer Issues Eroding Cloud Confidence (from CSA)
Privileged Access
Data Segregation
Cloud Security Alliance - Guidance
CloudAudit & the A6 Deliverable
ISO 27017
ISO 27018
NSA Guidance
Cloud Computing Attacks
Man in the Cloud
Cloudbleed
Secure Cloud Computing
Infrastructure Security
Compliance
Cloud Computing Also Relies on the Security of Virtualization
Sample Hypervisor Security Issues
Security Issues
Virtualization Security Guidance
Cloud Provider Employees
Mobile Cloud
IRM
Privacy & Personal Information
U.S. Privacy Law
GDPR
Cloud Security Policies
Procedures, Standards, and Guidelines
Policy Types
o NIST 800-14
o NIST 800-14 - Principles
o NIST 800-14 – Practice Areas
Investigative Support
Forensic Issues
Module 09: Threat Intelligence
National Vulnerability Database
US Cert
Shodan
IoT Sploit
Alien Vault
Threat Crowd
Phishtank
STRIDE
DREAD
PASTA
CVSS
Common Vulnerability Exposure (CVE)
Risk Determinations
Risk Assessment Standards
Addressing Risk
Residual Risk
Find Web Cams
Web Cams Default passwords
NIST 800-115
NIST 800-53 A
National Security Agency (NSA) Information Assessment Methodology (IAM)
NSA-IAM Overview
IAM
PCI Penetration Testing standard
PCI Highlights
PTES
Cyber Kill Chain
CEH Lifecycle
Vulnerability
TCPdump
FLAGS
Packet Flags
Nmap
o Nmap (ZenMap the GUI Version)
NMAP Flags
Module 10: IoT Incident Response
Standards
Processes
Procedures
Impact
IoT and the Cloud
Indicators of Compromise
Tools
Forensic Tools
Module 11: IoT Security Engineering
Methodologies
12 Practices
Threat Modeling
Dread
Stride
€299
E-Learning
Variabel
Cloud Security Essentials (C|SE)
Cloud Security Essentials (C|SE)
Cloud Security is een basiscursus over cloud computing en beveiligingsfundamentals, gegevensbescherming en encryptie in de cloud en meer. Deze cursus bereidt je voor op het beveiligen van identiteiten, gegevens en toepassingen binnen cloudproviders en hybride infrastructuren. Test je kennis met CTF-gebaseerde Capstone-projecten en valideer je nieuw verworven vaardigheden in gesurveilleerde examens. Met 6 hands-on labs en meer dan 10 uur eersteklas training voorziet de C|SE cursisten van praktische vaardigheden om cloudoplossingen te beveiligen.
Cursusinhoud
Module 01: Cloud Computing & Security Fundamentals
Cloud Compuing and Security Fundamentals
What Is Cloud Compuing?
Cloud Compuing Types and Service Models
• Different Types of Cloud Deployment Models
• Different Types of Cloud Deployment Models: Private
• Different Types of Cloud Deployment Models: Public
• Different Types of Cloud Deployment Models: Hybrid
• Different Types of Cloud Service Models
• Different Types of Cloud Service Models: Infrastructure as a Service (IaaS)
• Different Types of Cloud Service Models: Platform as a Service (PaaS)
• Different Types of Cloud Service Models: So ware as a Service (SaaS)
Cloud Security Challenges and Concerns
• Cloud Security Challenges and Concerns
Cloud and Security Responsibilities
• Cloud Shared Responsibilities
• Shared Responsibility Model for Cloud and Security
Evaluating Cloud Service Providers
• Cloud Service Providers (CSP)
• Comparing The Top 3 Cloud Service Providers (CSPs)
• Comparing The Top 3 Cloud Service Providers (CSPs): Microsoft
• Comparing The Top 3 Cloud Service Providers (CSPs): AWS
• Comparing The Top 3 Cloud Service Providers (CSPs): GCP
Cloud Security Benefits
• Cloud Characteristics
• Cloud Security Benefits
Threats and Atacks in Cloud Environments
• Threats And Atacks in Cloud Environments
• OWASP Cloud-Native Application Security Top 10
• Phishing
• Spear Phishing
• Denial-Of-Service Atack
• Brute Force Atacks
• Web Atacks
• SQL Atacks
Cloud Security Design Principles
• C-I-A Triad
• Defense In Depth
• Zero Trust Methodology
• Google Cloud Adoptoon Framework
Cloud Security Architecture
• Cloud Transformation and Security Architecture
• Secure Landing Zones
• AWS Architecture Example
• GCP Architecture Example
• AZURE Architecture Example
• Google Cloud Adoption Framework
Module 02: Identity And Access Management (IAM) in the Cloud
IAM Fundamentals
• IAM Fundamentals
• Key IAM Terms
• Defining IAM
• Legacy vs. Modern IAM
• Active Directory Authentication
• Cloud Identity Provider
• Cloud Identity Governance
Principal and Roles of IAM in the Cloud
• Cloud Identity Governance
• Role Permissions
Role-based Access Control (RBAC)
• Role-based Access Control (RBAC)
Identity Federation
• Identity Federation
• Hybrid Identity Federation
• Multi cloud Identity Federation
• Cloud and External Provider Federation
Single Sign-on (SSO) and Self-Service Password Reset (SSPR)
• Single Sign-on (SSO)
• Self-Service Password Reset (SSPR)
Multifactor Authentication (MFA)
• Multifactor Authentication (MFA)
Principle of Least Privilege
• Principle of Least Privilege
• Conditional and Behavior Based Access
IAM Auditing and Monitoring
• IAM Auditing and Monitoring
Module 03: Data Protection and Encryption in the Cloud
Data Classification and Lifecycle
• Governing And Securing Your Data
• Data Classification
• Protect Your Data
• Project Overview
• Data Retention
• Governing And Securing Your Data
Encryption Techniques (at Rest, in Transit)
• Encryption Types
• Governing And Securing Your Data
• Encryption In Transit
Customer vs. Cloud Provider Managed Keys
• Customer Vs. Cloud Provider Managed Keys
• Key Management in the Cloud
• Azure Key Vault
• AWS Key Management Service
• Google Cloud Platform Encryption
Data Loss Prevention (DLP)
• Data Loss Prevention
• Cloud Provider Data Loss Prevention (DLP) Solutions
Backup and Disaster Recovery Strategies
• Backup Vs. Replication
• Cloud-Based Site Recovery
• Cloud Backup
Module 04: Network Security in Cloud
Cloud Network Fundamentals
• Cloud Networks
Virtual Private Clouds (VPC)
• AWS VPC Architecture
• Azure Virtual Network (VNET)
Network Isolation and Segmentation
• Network Segmentation
• AWS Elastic Load Balancers
• Azure Front Door and Application Gateway
• DDoS Protection
Network Access Control Lists (NACLs) and Network Security Groups (NSG)
• AWS NACL and Security Groups
• Azure Network Security Groups (NSG)
Remote Access and Connections
• VPC Endpoint Connections
• AWS Remote Connections with Transit Gateway
• Azure Private Links
• Remote Management – Azure Bastion
• Just in Time VM Access
• AWS NAT Instances Vs. NAT Gateways
• NAT Instance Vs. Bastion host
Firewalls and Intrusion Detec on
• Azure Firewall
• Web Application Firewall
• AWS Web Application Firewall (WAF)
• Intrusion Detection Vs. Intrusion Prevention
Module 05: Application Security in Cloud
Secure Software Development Lifecycle (SDLC) in the Cloud
• Secure Software Design
• Cloud Security Controls within Security Objective
• Secure Software Development Lifecycle
Web Application Firewall (WAF) in Cloud Environments
• Why use a WAF?
• Web Application Firewall in Azure
• AWS Web Application Firewall (WAF)
Web Application Security and OWASP Top Ten
• Common Atacks
• Ransomware Atack
Security by Design Principles for Cloud Applications
• Secure Application Design
• Traceability of Data
• Data Integrity
• Key Secure Software Design Concepts
• DevSecOps
Secure Coding Practices
• Secure Code Testing
• Runtime Application Self-Protection (RASP)
API Security and Integration Best Practices
• API Security Design and Development
• AWS Config
• Secure Azure API Management
Serverless Security Considera ons
• Serverless Security Practices
• Azure Functions Security
• Web Application Firewall
Container Security (Docker, Kubernetes)
• AWS Config
• Container Security Practices
Module 06: Cloud Security Monitoring and Incident Response
Cloud Logging
• Importance of Logging
• Cloud Logging
Cloud Security Monitoring
• Cloud Native Tools
• Azure Monitor
• Azure Network Watcher
• Log Analytics
• Azure Arc
• AWS CloudTrail
• AWS CloudWatch
SIEM and SOAR
• Information and Event Management
• SIEM AND SOAR
Cloud-native Monitoring Solutions
• Security Posture Management
• Microsoft Defender for Cloud - CSPM
• Amazon Security Hub
Continuous Cloud Security Monitoring
• Cloud Native Application Protection Platform (CNAPP)
• Microsoft Defender for Cloud - CNAPP
• CNAPP capabilities within AWS using CloudGuard
• Google Cloud Armor CNAPP
Incident Response and Investigation in the Cloud
• Timeline of A Breach
• Incident Response
Module 07: Cloud Security Risk Assessment and Management
Identifying Cloud Security Risks
• Cloud Risk Assessment Checklist
• Common Cloud Security Risks
• Top Cloud Vulnerabilities
• Risk Categories
Risk Assessment Frameworks for Cloud Environments
• Risk Management Tiers
• Risk Management Strategy
• NIST Risk Management Framework SP 800-37 REV. 2
Cloud Security Controls and Countermeasures
• Defense In Depth
• Security Controls and Countermeasures
• Business Continuity Plans
• Disaster Recovery Plan
• BCP and DRP Working Together
Threat Modeling and Vulnerability Assessment in Cloud Environments
• Cloud Threat Modeling
• Cloud Threat Modeling Resources
• Vulnerability Assessments
• Vulnerability Scanning
Quanlitative vs. Qualita ve Risk Assessment Approaches
• Risk Analysis
• Qualitative Risk Analysis
• Qualitative Risk Analysis
• Risk Analysis Decision Matrix
Cloud Risk Treatment, Response, and Mitigation
• Residual Risk
• Risk Response
• Responses To Risk
Module 08: Cloud Compliance and Governance
Regulatory and Industry Compliance
• Regulatory Compliance
• General Data Protection Regulation (GDPR)
• Federal Information Security Management Act (FISMA)
• Family Educational Rights and Privacy Act (FERPA)
• International Standards Organization (ISO)
• National Institute of Standards & Technology (NIST)
• NIST SP 800-53
• FedRAMP
• Industry Compliance Standards
• PCI-DSS
• 2023 UPDATES to PCI-DSS
• Sarbanes-Oxley Act (SOX)
• GLBA
• HIPAA
• HIPAA Security Rule
• HITRUST Common Security Framework
• HITRUST Certification
Cloud Security Standards
• Cloud Security Standards
• NIST Cybersecurity Framework
• ISO 27001
• Center for Internet Security (CIS)
• Cloud Security Alliance (CSA
• CSA Cloud Control Matrix
• CSA Cloud Control Matrix List of Controls
Cloud Security Governance and Risk Management
• Keys To Maintaining Compliance
• Cloud Security Governance
• Cloud Security Assessments and Auditing
• Cloud Security Assessments Methodology
• Cloud Security Assessments Challenges
• Cloud Monitoring and Management
• Risk Management Process
• Responses To Risk
Auditing and Monitoring Cloud Resources
• Cloud-Native Audi ng
• Azure Policy
• Microsoft Defender For Cloud
• AWS Config Manager
• AWS Inspector
• Google Cloud Compliance Reports Manager
Cloud Security Assessment and Penetration Testing
• Cloud Security Assessments
• Cloud Security Assessment
• Cloud Security Assessment
• Ethical Penetration Testing
• Cloud Penetration Testing and Limitations
€299
E-Learning
Variabel
Examencodes Zelfstudiepakket Leergang Compliance Officer/ Leergang Compliance Professional
Met deze examencode kunt u een (her)examen behorend bij een van onderstaande opleidingen boeken bij verschillende toetscentra in Nederland.
Het betreft het examen over het zelfstudiepakket behorende bij de volgende opleidingen:
Leergang Compliance Officer
Leergang Compliance Professional
Het examen bestaat uit 30 meerkeuzevragen. Deze toetst is noodzakelijk als u deelneemt aan de volgende modules van bovenstaande leergangen. U kunt de module-1-toets maken bij één van de toetscentra van Eureka. U heeft de keuze om deze toets te maken op het moment en op de locatie die u het beste schikt. U kunt zich direct na ontvangst van de code Om u in te schrijven voor het examen heeft u een persoonlijke boekingscode nodig.
Op alle examenonderdelen is het examenreglement van het Nederlands Compliance Instituut van toepassing, deze kunt u vinden op de website van het Nederlands Compliance Instituut.
€150
Klassikaal
max 5
HBO
ESG voor de actuarieel professional: theorie en praktijk
Utrecht
ma 18 nov. 2024
Actuarieel professionals die hun kennis willen verbreden en verdiepen en zich willen voorbereiden op mogelijke veranderingen in de taken werkzaamheden en verantwoordelijkheden binnen hun organisatie.
Environmental, Social en Governance. Drie woorden die centraal staan in de manier waarop het bedrijfsleven zich heruitvindt, gedreven door maatschappelijke en natuurlijke ontwikkelingen. Wat kunnen of moeten verzekeraars en pensioenfondsen hiermee? En welke rol is hierbij weggelegd voor de actuarieel professional?
Je krijgt inzicht in ESG-principes en wordt voorbereid op mogelijke veranderingen in jouw (dagelijkse) werkzaamheden en verantwoordelijkheden binnen de eigen organisatie.
Tijdens deze bijeenkomst wordt verkend waarom het thema ESG maatschappelijk zo belangrijk geworden is, hoe verzekeraars en pensioenfondsen zich kunnen positioneren in de verduurzaming van de sector en de maatschappij en wat de rol van de actuarieel professional. Het thema wordt daarmee in een breed maatschappelijk perspectief gezet en in de context van de verzekerings- en pensioensector, met als doel om ESG tastbaar te maken voor de actuarieel professionals in hun dagelijkse werkzaamheden.
Sprekers
Dr. Ted van der Aalst AAG en Michiel Evers MSc
€695
Klassikaal
6 uren
100% Online Opleiding Wft Zorg + Extra Oefenexamens + Geprint Studieboek
Over de 100% Online Opleiding Wft Zorg
Voor een grondige voorbereiding op het Wft Zorg examen, biedt onze volledig digitale opleiding Wft Zorg een uitgebreide leerervaring. De cursus omvat de E-learning Wft Zorg, verrijkt met zes representatieve oefenexamens en ondersteund door Videoleren. Met behulp van onze Slim Leren tool kan je onbeperkt oefenen met vragen uit de cursus om je kennis en vaardigheden te versterken.
De Extra Oefenexamens Wft Zorg
Als aanvulling op je studie bieden wij Extra Oefenexamens Wft Zorg aan. Deze set van drie aanvullende oefenexamens is zorgvuldig samengesteld om aan te sluiten bij de meest recente exameneisen en om te focussen op veelgemaakte fouten. Deze extra examens zijn ontworpen om je een diepgaand inzicht te geven en je optimaal voor te bereiden op het Wft Zorg examen.
Het Examen Wft Zorg:
Het Wft Zorg examen toetst je bekwaamheid in het adviseren over zorgverzekeringen. Het bestaat uit 33 vragen verdeeld over drie categorieën: Kennis en Begrip (14 vragen), Vaardigheden en Competenties (18 vragen) en Professioneel gedrag (1 vraag). Voor het voltooien van dit examen heb je 90 minuten de tijd.
€398
E-Learning
max 100