Opleidingen

Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Aenean commodo ligula eget dolor. Aenean massa. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Donec quam felis, ultricies nec, pellentesque eu, pretium quis, sem. Nulla consequat massa quis enim. Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Aenean commodo ligula eget dolor. Aenean massa. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Donec quam felis, ultricies nec, pellentesque eu, pretium quis, sem. Nulla consequat massa quis enim. Donec pede justo, fringilla vel, aliquet nec, vulputate eget, arcu. In enim justo, rhoncus ut, imperdiet a, venenatis vitae, justo. Nullam dictum felis eu pede mollis pretium. Integer tincidunt. Cras dapibus. Vivamus elementum semper nisi. Aenean vulputate eleifend tellus. Aenean leo ligula, porttitor eu, consequat vitae, eleifend ac, enim. Aliquam lorem ante, dapibus in, viverra quis, feugiat a, tellus. Phasellus viverra nulla ut metus varius laoreet. Quisque rutrum. Aenean imperdiet. Etiam ultricies nisi vel augue. Curabitur ullamcorper ultricies nisi. Nam eget dui. Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Aenean commodo ligula eget dolor. Aenean massa. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Donec quam felis, ultricies nec, pellentesque eu, pretium quis, sem. Nulla consequat massa quis enim. Donec pede justo, fringilla vel, aliquet nec, vulputate eget, arcu. In enim justo, rhoncus ut, imperdiet a, venenatis vitae, justo. Nullam dictum felis eu pede mollis pretium. Integer tincidunt. Cras dapibus. Vivamus elementum semper nisi. Aenean vulputate eleifend tellus. Aenean leo ligula, porttitor eu, consequat vitae, eleifend ac, enim. Aliquam lorem ante, dapibus in, viverra quis, feugiat a, tellus. Phasellus viverra nulla ut metus varius laoreet. Quisque rutrum. Aenean imperdiet. Etiam ultricies nisi vel augue. Curabitur ullamcorper ultricies nisi. Nam eget dui. Sprekers Hetty Benninga Projectbegeleider Kerckebosch Uitgeverij Studiecentrum Bestemd voor

Leer in 3 uur hoe je je digitale balans vindt tussen online en offline werken voor meer focus, productiviteit en een gezondere werkstijl. Ontdek de technieken om digitale afleiding de baas te worden! Laat jij je makkelijk digitaal afleiden? In 3 uur leer je een gezonde balans te vinden tussen online en offline werken voor meer focus en productiviteit. Werk je vaak achter een beeldscherm, heb je je smartphone altijd bij de hand, draag je een smartwatch? Wil je leren hoe je zonder afleiding kunt werken, met meer rust en focus? In deze interactieve workshop Digitale afleiding de baas | Meer focus, productiviteit en vitaliteit leer je technieken om de onrust te verminderen die ontstaat door constante meldingen en afleidingen op je beeldscherm, smartwatch of smartphone. Je ontdekt hoe de technologie om je heen werkt en hoe je brein daarop reageert. Je maakt ook kennis met handige breinoefeningen om je focus te maximaliseren. Alle inzichten geven je meer rust en helpen je om efficiënter te werken en je beter te voelen. Je gaat naar huis met een plan om je digitale balans blijvend te verbeteren. Wil je je hele team helpen met het creëren van een gezonde digitale balans voor meer focus en productiviteit? Neem dan contact op voor een leeroplossing op maat. Je bent vaak achter je beeldscherm bezig en je hebt je smartphone altijd bij de hand. Werk en privé lopen vaak door elkaar, wat soms een gevoel van onrust geeft. Hierdoor kun je moeilijk met één ding bezig zijn of echt even ‘uitschakelen’. Je merkt dat je soms in iets anders verzeild raakt dan je eigenlijk wilde doen. Wil je meer regie en rust ervaren in het gebruik van digitale media en optimaal profiteren van digitale mogelijkheden zonder afleiding of verslaving? Dan is deze workshop wat voor jou! Na afloop van deze training: * ben je je bewust van de kracht van aandacht; * heb je handvatten om die aandacht beter te benutten waardoor je efficiënter én relaxter werkt; * begrijp je de dynamiek tussen jou en de technologie; * heb je meer inzicht in de werking van je brein; * ken je minimaal drie oefeningen die je direct kunt inzetten om je focus te maximaliseren; * ben je je bewust van je balans in offline/online zijn; * weet je wat er nodig is om een gezonde digitale balans te ontwikkelen; * heb je een concreet plan om jouw digitale balans te verbeteren. Zin en onzin van bereikbaar zijn Ons (on)vermogen tot multitasken De werking van het brein en de interactie met digitale technologie Het nut van cognitieve fitnessoefeningen De rol van notificaties Technische hulpmiddelen die je echt helpen Goede gewoontes opbouwen en behouden De kracht van de groep Oefenen! Je zelfzorgplan Actieve klassikale workshop In deze vitaliteitstraining Digitale afleiding de baas van train2work is er ruimte voor theorie en technologie, waarbij we ons steeds richten op praktische, alledaagse ervaringen. Gesprekken, oefeningen en inzichten wisselen elkaar op een dynamische en inspirerende manier af. Naslagwerk en actieplan Je ontvangt een actueel boek over slimmer leven. Je hebt na afloop ook een persoonlijk zelfzorgplan waarmee je na de workshop actief aan de slag kunt blijven. Groepsgrootte en jouw leerwensen De groep bestaat uit maximaal 10 deelnemers. Dit biedt de ruimte voor persoonlijke vragen en jouw ervaringen. Heb je vóór de training al een belangrijke vraag waarmee je aan de slag wilt? Stel die dan gerust al vooraf aan de trainster. Je kunt je direct inschrijven op deze training. Je ontvangt een bevestiging per e-mail. 10 dagen voor de training ontvang je onze uitnodiging met meer informatie over je deelname. Je bent van harte welkom op onze locatie Lange Kleiweg 14 in Rijswijk, 2 minuten lopen vanaf het station. Wil je een teamtraining die aansluit bij jullie wensen, incompany of op maat? Neem dan contact op voor een leeroplossing op maat.

Threat Intelligence Essentials (T|IE) De cursus Threat Intelligence Essentials biedt cursisten een sterke technische basiskennis van concepten en tools voor bedreigingsinformatie. De cursus biedt essentiële kennis over onderwerpen als het landschap van cyberbedreigingen, soorten bedreigingen en meer, waarmee u wordt voorbereid op een carrière als threat intelligence-analist. Test uw kennis met CTF-gebaseerde Capstone-projecten en valideer u nieuw verworven vaardigheden in gesurveilleerde examens. Verder biedt de cursus meer dan 18 uur aan eersteklas zelfstudievideotraining in 10 modules met 5 labs om studenten voor te bereiden op problemen in de echte wereld. Cursusinhoud Module 01: Introduction to Threat Intelligence Threat Intelligence and Essential Terminology          o What is Threat Intelligence?          o Core Threat Intelligence Terminology Key Differences Between Intelligence, Information, and Data          o Threat Intelligence vs. Threat Data The Importance of Threat Intelligence Integrating Threat Intelligence in Cyber Operations          o Modern Threat Intelligence vs. Traditional Cybersecurity Threat Intelligence Lifecycles and Maturity Models          o Threat Intelligence Lifecycle and Processes          o Threat Intelligence Maturity Model Threat Intelligence Roles, Responsibilities, and Use Cases          o Threat Intelligence Team Roles & Responsibilities          o Threat Intelligence Use Cases          o Ethical and Legal Considerations Using Threat Intelligence Standards or Frameworks to Measure Effectiveness          o Frameworks and Standards          o KPI’s for Measuring Effectiveness Establishing SPLUNK Attack Range for Hands-on Experience          o Module 1 Lab: SPLUNK Attack Range 3.0 Overview          o Attack Range Setup Module 02: Types of Threat Intelligence Understanding the Different Types of Threat Intelligence          o General Sources of Threat Intelligence          o The Threat Intelligence Array Preview Use Cases for Different Types of Threat Intelligence          o Navigating Different Uses of Intelligence          o Specific Uses of Threat Intelligence by Type Overview of the Threat Intelligence Generation Process          o The Threat Intelligence Generation Process          o Sources of Generated Threat Intelligence Learn How Threat Intelligence Informs Regulatory Compliance          o How Regulation Influences Threat Intelligence Processes          o Other Regulatory Factors to Consider Augmenting Vulnerability Management with Threat Intelligence          o Threat Intelligence and Vulnerability Management          o Additional Best Practices to Consider Explore Geopolitical or Industry Related Threat Intelligence          o Geopolitical and Industry Focused Threat Intelligence          o How Cybersecurity Can Leverage These Sources Integrating Threat Intelligence with Risk Management          o Threat Intelligence in Risk Management Module 03: Cyber Threat Landscape Overview of Cyber Threats Including Trends and Challenges          o Defining the Cyber Threat Challenge Emerging Threats, Threat Actors, and Attack Vectors          o Threat Actor Types and Their Motivations          o Trends and Challenges Impacting Threat Intelligence Deep Dive on Advanced Persistent Threats          o Getting to Know Your Advanced Persistent Threat          o High Profile Threat Actors in Modern Times The Cyber Kill Chain Methodology          o What’s the Cyber Kill Chain Methodology?          o Exploring Other Cyber Kill Chains Vulnerabilities, Threat Actors, and Indicators of Compromise (IoC)          o Indicators of Compromise (IoCs) Explained          o Key Vulnerability Management Control Considerations Geopolitical and Economic Impacts Related to Cyber Threats          o Impact of Geopolitics and Economics on Cyber Threats How Emerging Technology is Impacting the Threat Landscape MITRE ATT&CK & SPLUNK Attack Range IOC Labs          o Module 3 Lab Part 1: MITRE ATT&CK Navigator          o Module 3 Lab Part 2: Reviewing Indicators of Compromise (IoC) in Attack Range Module 04: Data Collection and Sources of Threat Intelligence Making Use of Threat Intelligence Feeds, Sources, & Evaluation Criteria          o Maximizing Use of Threat Data Feeds          o Popular Sources of Threat Data          o Evaluating Threat Data Credibility & Effectiveness Overview of Threat Intelligence Data Collection Methods & Techniques          o Overview of Threat Data Collection Methods          o Dissemination Channels for Threat Data Compare & Contrast Popular Data Collection Methods          o Active vs Passive Threat Data Collection          o Effective Uses for Active & Passive Data Collection          o Other Intelligence Gathering Techniques Bulk Data Collection Methods & Considerations          o Bulk Data Collection Types          o Bulk Data Collection Considerations Normalizing, Enriching, & Extracting Useful Intelligence from Threat Data          o Normalizing Threat Data Before Enrichment          o The Data Enrichment Process          o Additional Tips for Extracting Actionable Intelligence from Threat Data Legal & Ethical Considerations for Threat Data Collection Processes          o Ethical and Legal Risks Data Collection Must Account For Threat Data Feed Subscription and OSINT Labs          o Module 4 Lab Part 1: Subscribing to and Ingesting FREE Threat Data from APIs Module 05: Threat Intelligence Platforms Introduction Threat Intelligence Platforms (TIPs), Roles, & Features          o Primary Features of a Threat Intelligence Platform          o Notable TIP Providers & Solutions Aggregation, Analysis, & Dissemination within TIPs          o From Threat Data Aggregation to TIP Dissemination          o Risks of TIP Mismanagement          o Driving TIP Effectiveness & Accuracy Automation & Orchestration of Threat Intelligence in TIPs          o The Importance of Automation & Orchestration within TIPs          o Desired Automation Outcomes          o Orchestration Benefits Within a TIP Evaluating & Integrating TIPs into Existing Cybersecurity Infrastructure          o TIP Evaluation Criteria: The Tangible vs Intangible          o Elements to Consider During Trials          o Integration Consideration for TIPs Collaboration, Sharing, and Threat Hunting Features of TIPs          o Macro Vs Micro Collaboration Goals of TIPs          o Ways That Threat Intelligence Platforms Share Data          o Threat Hunting on TIPs Customizing TIPs for Organizational Needs          o The Customization Solution          o Ideal TIP Customization Features and Criteria Using TIPs for Visualization, Reporting, & Decision Making          o How TIP Reporting and Visualizations Drive Key Business Decisions          o Driving Effective Practices in TIP Reporting and Visualization AlienVault OTX and MISP TIP Platform Labs          o Module 5 Lab 1 Overview: AlienVault OTX and Pulses          o Module 5 Lab 2: Exploring MISP Module 06: Threat Intelligence Analysis Introduction to Data Analysis and Techniques          o Data Analysis Defined          o Using Data Analysis for Threat Intelligence          o Other Uses & Analysis Considerations Applying Statistical Data Analysis, Including Analysis of Competing Hypothesis          o A Deeper Look into Statistical Analysis for Threat Intelligence: Malware Inspection          o Analysis of Competing Hypothesis Identifying and Analyzing Threat Actor Artifacts          o Applying Analysis Techniques to IoC Data          o Applying Analytical Techniques to TTP Data          o Driving Excellence in Data Analysis Practices Threat Prioritization, Threat Actor Profiling & Attribution Concepts          o How Data Analysis Assists Threat Prioritization          o Intro to Threat Actor Profiling          o Understanding and Improving Threat Attribution Leveraging Predictive and Proactive Threat Intelligence          o Predictive vs Proactive Threat Intelligence          o Maximizing the Use of Predictive Threat Intelligence          o Rewinding on Proactive Threat Intelligence Reporting, Communicating, and Visualizing Intelligence Findings          o Tips for Highly Effective Threat Reporting          o Using MISP for Threat Intelligence Reporting & Visualization          o Using Jupyter Notebooks to Visualize Data Threat Actor Profile Labs & MISP Report Generation Labs          o Module 6 Lab 1 – Cyber Threat Actor Profile Exercise          o Module 6 – Lab 2: Generating MISP Threat Reports and Connecting MISP To Jupyter Notebooks Module 07: Threat Hunting and Detection Operational Overview of Threat Hunting & Its Importance          o What Is Threat Hunting?          o General Threat Hunting Approach          o Characteristics of Successful Threat Hunters Dissecting the Threat Hunting Process          o Considerations Before Conducting Threat Hunts          o Deep Diving the Threat Hunting Process          o Key Metrics to Guide Effective Threat Hunting Threat Hunting Methodologies & Frameworks          o What are Threat Hunting Frameworks and Why Use Them?          o Hunting Framework Concepts: The Pyramid of Pain          o Using the PEAK Methodology for Threat Hunting Explore Proactive Threat Hunting          o The Need for Proactive Threat Hunting          o Key Differences Between Proactive & Unstructured Threat Hunting          o When Proactive Threat Hunts Shine Using Threat Hunting for Detection & Response          o The Role of Threat Hunting in Incident Detect & Response          o Common Ground Between Incident Response & Threat Hunting Threat Hunting Tool Selection & Useful Techniques          o Types of Threat Hunting Tools          o Popular Threat Hunting Tools & Techniques          o Best Practices for Tool Selection Forming Threat Hunting Hypotheses & Conducting Hunts          o The Value of Threat Hunting Hypotheses          o Hunting Tactics, Techniques & Procedures (TTP)          o Overview of MITRE’s TTP Hunting Methodology Threat Hunting Lab in SPLUNK ATT&CK Range          o Overview of Threat Hunting Lab Module 08: Threat Intelligence Sharing and Collaboration Importance of Information Sharing Initiatives in Threat Intelligence          o The Importance of Information Sharing Initiatives          o Types of Information Sharing Arrangements          o Threat Information Sharing Frameworks Overview of Additional Threat Intelligence Sharing Platforms          o Threat Information Sharing Platforms          o Desirable Features of Sharing Platforms          o Potential Platform Pitfalls Building Trust Within Intelligence Communities          o Primary Trust Builders          o How Trust in Small Private Circles or Larger Public Communities is Achieved Sharing Information Across Industries and Sectors          o Benefitting from Cross-Industry Threat Sharing          o Sector Specific Threat Sharing          o Cross-Sector Collaboration Communities Building Private and Public Threat Intelligence Sharing Channels          o Approaches for Establishing Private Threat Intel Channels          o Approaches for Establishing Public Threat Intel Channels Challenges and Best Practices for Threat Intelligence Sharing          o Best Practices for Sharing Threat Intel          o Threat Intelligence Sharing Challenges          o Modern Examples of Overcoming Sharing Challenges Legal and Privacy Implications of Sharing Threat Intelligence          o Legal and Compliance Impacts          o Privacy Implications of Careless Intel Sharing Sharing Threat Intelligence Using MISP and Installing Anomali STAXX          o Module 8 Lab: MISP to MISP Intel Sharing and Setting Up & Navigating Anomali STAXX Module 09: Threat Intelligence in Incident Response Integrating Threat Intelligence into Incident Response Processes          o Overview of the Security Incident Response Lifecycle          o Threat Intelligence Integration Examples          o Potential Threat Intelligence Integration Drawbacks Role of Threat Intelligence in Incident Prevention Using Workflows & Playbooks          o Threat Intelligence’s Role in Incident Prevention          o Malicious Process Real-Time Response (RTR) Workflow Example          o Ransomware Playbook Example Using Threat Intelligence for Incident Triage and Forensic Analysis          o How Threat Intelligence Aids Incident Triage          o The Role of Threat Intelligence During Forensic Analysis Adapting Incident Response Plans Using New Intelligence          o Threat Intel as an Incident Response Adaptation Pathway          o Best Practice Considerations          o Adaptation Pitfalls to Avoid Coordinating Response With External Partners          o Applying Threat Intelligence to Different Incidents          o How Threat Intelligence Assists External Partner Collaboration Threat Intelligent Incident Handling and Recovery Approaches          o Applying Threat Intelligence to Different Incident Types          o Using Threat Intelligence During Incident Recovery Post Incident Analysis and Lessons Learned Considerations          o Post-Incident Analysis and Areas of Emphasis          o Merging Threat Intelligence Into Lessons Learned Activities Measurement and Continuous Improvement for Intelligence Driven Incident Response          o Approaches for Achieving Continuous Improvement          o KPIs to Measure Threat Intelligence’s Influence on Incident Response Module 10: Future Trends and Continuous Learning Emerging Threat Intelligence Approaches & Optimizing Their Use          o Complimentary Approaches to Threat Intelligence          o Applying Threat Intelligence to Emerging Technologies          o Optimizing Use of Emergent Technology for Threat Intelligence Operations Convergence of Threat Intelligence & Risk Management          o Getting Started with Converging Threat Intelligent Risk Management          o A More Methodological Approach Continuous Learning Approaches for Threat Intelligence          o Contemporary vs Evolving Learning Models          o Striking an Effective Balance Adapting Professional Skillsets for Future in Threat Intelligence          o Adapting Existing Career Paths to Threat Intelligence          o Skills to Future Proof A Threat Intelligence Career Anticipating Future Challenges & Opportunities in Threat Intelligence          o Potential Challenges Down the Road          o The Upside Opportunities of Threat Intelligence Engaging in the Threat Intelligence Community & Keeping a Pulse on the Threat Landscape          o Engaging in Threat Intelligence Communities          o Keeping a Pulse on the Cyber Threat Landscape The Role of Threat Intelligence in National Security & Defense          o Threat Intelligence For National Defense Use Cases          o Providers of National Defense Quality Threat Intelligence Potential Influence of Threat Intelligence on Future Cybersecurity Regulations          o Historical Examples & Benefits of Threat Intelligence’s Influence on Regulation          o The Potential Downsides of Shaping Policy With Threat Intelligence

SOC Essentials (S|CE) De SOC Essentials (S|CE) is ontworpen voor aankomende beveiligingsprofessionals, nieuwkomers en carrièreswitchers om inzicht te geven in raamwerken voor beveiligingsoperaties en gerelateerde technologieën. Met 8 modules die robuuste onderwerpen behandelen, van computernetwerk- en beveiligingsfundamenten tot SOC-componenten en architectuur, bereidt S|CE je voor op het identificeren van verschillende aspecten van cyberbedreigingen en het beveiligen van digitale omgevingen. Test je kennis met CTF-gebaseerde Capstone-projecten en valideer je nieuw verworven vaardigheden in gesurveilleerde examens. Verder biedt het meer dan 10 uur aan eersteklas video training in zelfstudie met 6 hands-on labs om praktijkscenario's te simuleren. Cursusinhoud Module 01: Computer Network and Security Fundamentals Computer Network TCP/IP Model OSI Model Types of Networks Network Model           • Types of a Network                   o Types of a Network (PAN)                   o Types of a Network (LAN)                   o Types of a Network (WLAN)                   o Types of a Network (MAN)                   o Types of a Network (WAN)                   o Types of a Network (SAN) Network Topologies           • Network Hardware Components TCP/IP Protocol Suite Network Security Controls          • Key Network Security Controls Network Security Devices Windows Security Unix/Linux Security Web Application Fundamentals Information Security Standards, Laws and Acts Module 02: Fundamentals of Cyber Threats Cyber Threats          • Classification of Cyber Threats          • Impact of Cyber Threats          • Vulnerability in Cybersecurity          • Cybersecurity Best Practices          • Emerging Threats and Future challenges          • Ransomware          • Impact of Ransomware Intent-Motive-Goal          • Cybercrime Performed          • Email compromise Attack Tactics-Techniques-Procedures (TTPs)          • Example -Data Exfiltration          • Practical Example – Data Exfiltration          • Key Steps for Lateral Movement          • APT - Example Opportunity-Vulnerability-Weakness          • Opportunity          • Vulnerability          • Weakness          • Practical Example- E-Commerce Website          • Practical Example- Online Banking System Vulnerability          • Type of vulnerabilities          • Source of Vulnerabilities          • Lifecycle of Vulnerabilities          • Practical Example - Vulnerability Threats & Attack          • Types of Threat & Attack          • Cyber Threat          • Mitigation strategies for Cyber Threats Example of Attacks          • Example of Attack – Blended Cyber Attack          • Example of Attack -Man-in-the-Middle Attack for Credentials Harvesting Network-based attacks Application-based          • Cross-site Scripting          • Types of Cross-site Scripting          • Attack Process          • Application Based Attack Host Based Attacks          • Host Based Attack - Impact Insider Attacks          • Types of Insider Attacks          • Prevention and Mitigation          • Examples Malware (viruses, worms, ransomware, etc.)          • Types of Malware          • Distribution Method          • Prevention And Mitigations Phishing and social engineering          • Common Characteristics          • Examples          • Prevention          • Social Engineering Common Characteristics          • Example          • Prevention          • Key Difference Module 03: Introduction to Security Operations Center (SOC) What is a Security Operations Center (SOC)? Importance of SOC          • Importance of SOC in Cybersecurity SOC Team Roles & Responsibilities SOC KPI SOC Metrics SOC Maturity Models          • Typical Stages in the SOC Maturity Model          • Benefits of the SOC Maturity Model SOC Workflow and Processes Challenges in Operating a SOC Module 04: SOC Components and Architecture Key Components of a SOC          • Security Operation Center          • Breakdown of the Key Components of the SOC People in SOC Processes in SOC          • Key Processes in SOC          • Example of Processes in SOC Technologies in SOC          • Key Technology in SOC SOC Architecture and Infrastructure          • Key Components of SOC Architecture and Infrastructure Different Types of SOC and Their Purpose Introduction to SIEM          • Key components of SIEM          • Benefits of SIEM          • Challenges of SIEM          • Use Cases of SIEM SIEM Architecture          • Key Components of SIEM Architecture          • SIEM Architecture SIEM Deployment Model Data Sources in SIEM SIEM Logs          • Overview of Logs in SIEM Environment Networking in SIEM Endpoint Data in SIEM Module 05: Introduction to Log Management Incident          • Example of Cybersecurity Incidents Event          • Example of Cybersecurity Events Log          • Key points of Logs          • Example of Log Types Typical Log Sources          • Typical Log Sources with Example Need of Log Typical Log Format Local Log management          • Benefits of Local Log Management Centralized Log Management          • Key Components of Centralized Log Management Logging Best Practices Logging/Log Management Tools Module 06: Incident Detection and Analysis SIEM Use Cases Development Security Monitoring and analysis          • Basic Concept of Security Monitoring          • Basic Concept of Security Analysis          • Security Monitoring and Analysis Process          • Practical Example – Malware Detection and Analysis          • Practical Example – Abnormal or non-typical user Behavior Detection          • Practical Example – Phishing Attack Detection and Response Correlation Rules          • Overview of Correlation Rules          • Use cases: Detection of a Distributed Denial of Service (DDoS) Attack Dashboards          • Overview of Dashboards Reports          • Key Components of Reports          • Types of Reports          • Benefits of Reports Alerting          • Purpose of Alerting          • Key components of Alerting          • Type of Alerts          • Alerting Workflow          • Benefits of Alert Triaging alerts          • Purpose of Triaging alerts          • Key components of Triaging alerts          • Triage Process          • Benefits of Triaging alerts Dealing with False Positive Alerts          • Mitigation strategies          • Final step in Dealing with False positive Alerts Incident Escalation          • Purpose of Incident Escalation          • Key Components of Incident Escalation          • Escalation Process          • Benefits of Incident Escalation Communication Paths          • Common Communication paths in cybersecurity Ticketing Systems          • Example of Ticketing Systems Module 07: Threat Intelligence and Hunting Introduction to Threat Intelligence          • Breakdown of Threat Intelligence Threat Intelligence Sources Threat Intelligence Types Threat Intelligence Lifecycle Role of Threat Intelligence in SOC operations Threat Intelligence Feeds          • Types of Threat Intelligence Feeds          • Content and Format          • Integration and consumption          • Evaluation and Selection Threat Intelligence Sharing and Collaboration          • Types of Threat Intelligence Sharing          • Benefits of Threat Intelligence sharing          • Challenges and Considerations Threat Intelligence Tools/Platforms          • Malware Analysis Platform          • Open-Source Intelligence Tools          • Vulnerability Management Tools          • Threat Intelligence Feeds and APIs          • Dark Web Monitoring Tools          • Adversary Emulation Platforms Introduction to threat Hunting Threat Hunting Techniques          • Common Threat threat-hunting techniques Threat Hunting Methodologies          • Common Threat Hunting Methodologies Role of Threat Hunting In SOC Operations Leveraging Threat Intelligence for Hunting Threat Hunting Tools Module 08: Incident Response and Handling Incident Handling Process          • Steps in the Incident Handling Process Incident classification and prioritization          • Breakdown of Incident Classification Incident response lifecycle          • Preparation          • Detection & Analysis          • Containment, Eradication & Recovery          • Post-Incident Analysis          • Continuous Improvement Preparation Identification Containment Eradication Recovery Post-Incident Analysis and Reporting

DevSecOps Essentials (D|SE) De DevSecOps Essentials (D|SE) behandelt fundamentele vaardigheden in DevSecOps en biedt belangrijke inzichten in het identificeren van risico's bij applicatieontwikkeling en het beveiligen en testen van applicaties binnen on-premises, cloud providers en infrastructuren. Test je kennis met CTF-gebaseerde Capstone-projecten en valideer je nieuw verworven vaardigheden in gesurveilleerde examens. Met 7 praktische labs, meer dan 7 uur zelfstudievideo's en 12 modules zorgt de cursus ervoor dat studenten erkenning krijgen en betere kansen krijgen voor de volgende logische stap na D|SE. Cursusinhoud Module 01: Application Development Concepts History of Application Development          • What is Application Development          • Programming          • Web and Mobile Development Evolution of Applica on Development Methodologies          • Evolution of Applica on Development          • Traditional Waterfall development model          • Agile development methodology          • Methodology Comparison          • DevOps methodology          • Choosing a Methodology Introduction to Application Architectures          • Application Architectures          • Types of Application Architectures          • Monolithic Architecture          • Microservices Architecture          • Microservices Challenges          • Serverless Architecture          • Limitations to Serverless Architecture          • Choosing an Application Architecture          • Working with Applications in Production          • Applications in Production          • Application Production Environments          • Designing the Production Environment          • Deployment Strategies          • Deployment Tools for Applications          • Monitoring and Troubleshooting          • Monitoring Tools in Production          • Continuous Monitoring and Management of Applications Introduction to the Application Development Lifecycle          • Application Development Lifecycle          • Steps 1 through 3 in the ADLC          • Steps 4 through 6 in the ADLC Application Testing and Quality Assurance          • Testing and Quality Assurance          • Types of Application Tests          • Best Practices for Applica on QA          • Application Performance Management          • Why is APM important?          • Using Tools for APM          • Popular APM Tools Application Monitoring, Maintenance and Support          • Application Integration          • What is Application Integration          • Types of Application integration          • Best Practices for Application Integration          • Application Maintenance and Support          • Best Practices for Maintenance and Support          • Continuous Monitoring          • Why is Continuous Monitoring Important?          • What Tools assist with Monitoring          • Configuration and Change Management          • Role of Configura on and Change Management Module 02: Application Security Fundamentals What is Secure Application Development          • Secure Application Development          • Secure App Dev Principles          • Secure App Dev Practices Need for Application Security          • Application Security is a Need          • Why is Application Security Important?          • Cloud Computing          • Artificial Intelligence and Machine Learning Common Application Security Risks and Threats          • Consequences of Security Breaches          • Common Atacks to Applications OWASP Top 10          • What is the OWASP Top 10          • List of OWASP Top 10 App Security Risks          • Injection Atacks          • Broken Authentication and Session Management          • Cross-Site Scripting (XSS)          • Insecure Direct Object References          • Security Misconfiguration          • Sensitive Data Exposure          • Broken Access Control          • Insufficient Logging and Monitoring          • Insecure Cryptographic Storage          • Insecure Communication Application Security Techniques          • Security Techniques          • Input Validation          • Output Encoding          • Encryption and Hashing Secure Design Principles          • Security Requirements          • Secure Design Principles          • Least Privilege          • Defense in Depth          • Fail Securely          • Secure by Default          • Separation of Du es          • Zero Trust Threat Modeling          • Introduction to Threat Modeling          • Benefits of Threat Modeling          • Types of Threat Modeling          • STRIDE Threat Modeling          • Trike Threat Modeling          • PASTA Threat Modeling          • VAST Threat Modeling          • Threat Modeling Best Practices          • Evaluating Risk Secure Coding          • Secure Coding Practices          • Secure Coding in Action Secure Code Review          • Secure Code Review          • Secure Code Review in Action SAST and DAST Testing          • Testing Methods in Action          • Static Application Security Testing (SAST)          • Dynamic Application Security Testing (DAST) Secure Configurations          • Secure Configurations          • Secure Configurations in Ac on Educating Developers          • Educating Developers on Security          • Ensuring Application Security Role of Risk Management in Secure Development          • Security and Compliance Standards          • Role of Risk Management in Developing Secure Applications          • What is Risk Management          • Four Steps of Risk Management          • Risk Management in App Development          • Best Practices for Mitigating Risk Project Management Role in Secure Application Development          • Project Management for Protecting the Scope of Security in Development          • What is Project Management?          • PM use in App Development          • Role of the Project Manager          • PM Best Practices for Secure App Development Module 03: Introduction to DevOps Introduction to DevOps          • Evolution of DevOps          • Agile Development Methodology          • Benefits of DevOps          • Improved Quality          • Cost Savings DevOps Principles          • DevOps Principles          • Automation in DevOps          • Infrastructure as Code (IaC) DevOps Pipelines          • Principles of DevOps          • Continuous Integra on in DevOps          • Continuous Delivery in DevOps          • Continuous Deployment in DevOps DevOps and Project Management          • Project Management and DevOps          • Waterfall and DevOps          • Agile and DevOps          • Lean and DevOps Module 04: Introduction to DevSecOps Understanding DevSecOps          • What is DevSecOps?          • Goals of DevSecOps DevOps vs. DevSecOps          • DevOps vs. DevSecOps          • Emphasizing DevSecOps DevSecOps Principles          • DevSecOps Principles          • DevSecOps Collaboration          • DevSecOps Automation          • DevSecOps Security Testing DevSecOps Culture          • Developing a DevSecOps Strategy          • Challenges in Building a DevSecOps Culture          • Best Practices for Building a DevSecOps Culture Shit-Left Security          • What is Shit-Left Security?          • Benefits of Shit-Left Security          • Implementing Shit-Left Security          • Getting Started with DevSecOps DevSecOps Pipelines          • DevSecOps Pipeline Overview          • Secure Code Review          • Container Security          • DevSecOps Pipelines          • DevSecOps Pipeline Steps Pillars of DevSecOps          • Three Pillars of DevSecOps          • The Importance of People in DevSecOps          • The Importance of Process in DevSecOps          • The Importance of Technology in DevSecOps DevSecOps Benefits and Challenges          • Benefits of DevSecOps          • Challenges of DevSecOps Module 05: Introduction to DevSecOps Management Tools Project Management Tools         • Jira Project Management Software         • Confluence Collaboration Software         • Slack Team Communication Software         • Microsoft Teams Collaboration Software Integrated Development Environment (IDE) Tools         • Integrated Development Environments (IDEs)         • Eclipse         • Visual Studio Source-code Management Tools         • Source-Code Management with GitHub         • Source-Code Management with GitLab         • Source-Code Management with Azure DevOps Build Tools         • Introduction to Build Software         • Types of Build Software         • Maven Continuous Testing Tools         • Introduction to Continuous Testing Software         • Selenium         • TestComplete         • Katalon Studio         • Gradle         • Conclusion Module 06: Introduction to DevSecOps Code and CI/CD Tools Continuous Integration Tools         • Continuous Integration Overview         • Jenkins         • Bamboo         • Other CI Tools Infrastructure as Code Tools         • Introduction to Infrastructure as Code (IaC)         • Terraform         • Ansible         • CloudForma on         • Pulumi Configuration Management Tools         • Configuration Management         • Chef for Configuration Management         • Puppet and Chef for Configuration Management         • Containers Overview         • Docker Overview         • Kubernetes Overview         • AWS Container Services         • Container Management in Azure         • Container Management in GCP Continuous Monitoring Tools        • Why Continuous Monitoring is Critical in DevSecOps        • Splunk for DevSecOps Monitoring        • Nagios for DevSecOps Monitoring        • ELK for DevSecOps Monitoring        • AWS Config for DevSecOps Monitoring        • Microsoft Defender for Cloud Developer Security        • DevSecOps Management and Monitoring soware tools – Conclusion Module 07: Introduction to DevSecOps Pipelines Role of DevSecOps in the CI/CD Pipeline          • DevSecOps in CI/CD Pipeline          • DevSecOps in Development Lifecycle          • Ensuring Secure Deployments in DevSecOps DevSecOps Tools          • DevSecOps Tools          • Code Analysis Tools          • Vulnerability Scanning Tools          • Security Testing Tools          • Continuous Monitoring Tools Embracing the DevSecOps Lifecycle          • DevSecOps Lifecycle DevSecOps Ecosystem          • Key Elements of DevSecOps Ecosystem          • Key Elements of DevSecOps Pipeline and Ecosystem Key Elements of the DevSecOps Pipeline          • Keys to a Successful DevSecOps Pipeline Integrating Security into the DevOps Pipeline          • Integrating Security in DevOps Pipeline          • Importance of Security in CI/CD Pipeline          • Secure Coding Practices          • Access Control          • Continuous Monitoring and Incident Response Module 08: Introduction to DevSecOps CI/CD Testing and Assessments Implementing Security into the CI/CD Pipeline and Security Controls          • Why We Need Continuous Security in DevOps          • The Benefits of Continuous Security in DevOps          • Implementing Continuous Security in DevOps          • Security Controls to Protect the CI/CD Pipeline Continuous Security in DevSecOps with Security as Code          • Why Continuous Application Security Testing is Important for Your Business          • The Benefits of Continuous Application Security Testing          • Implementing Continuous Security in DevOps Continuous Application Testing for CI/CD Pipeline Security          • Continuous Testing for CI/CD Pipeline Security          • Types of Continuous Testing          • Different Types of Testing          • Continuous Testing Best Practices          • Best Practices for Implementing Security as Code          • Implementing Security as Code Application Assessments and Penetration Testing          • Types of Application Assessments          • Types of Assessments to integrate into CI/CD Pipeline          • Features of different types of assessments in CI/CD Pipeline          • Automated Vulnerability Scanning Tools          • Vulnerability Scanning          • Vulnerability Scanning in CI/CD Pipeline          • Integrating Vulnerability Scanning into CI/CD Pipeline          • Best Practices for Implementing Vulnerability Scanning in CI/CD Pipeline          • Penetration Testing          • Penetration Testing in the CI/CD Pipeline Module 09: Implementing DevSecOps Testing & Threat Modeling Integrating Security Threat Modeling in Plan Stage          • Introduction to Security Threat Modeling          • Integrating Security Threat Modeling in the Planning Stage of Application Development          • Importance of logging and monitoring of applications          • Importance of configuration management Integrating Secure Coding in Code Stage          • Importance of code testing          • Secure Application Development Lifecycle          • Build Stage Security Tools and Techniques          • Test Stage Security Tools and Techniques          • Release Stage Security Tools and Techniques          • Deploy Stage Security Tools and Techniques          • Secure Coding Practices in the Application Coding Stage          • Best Practices for Secure Coding Integrating SAST, DAST and IAST in Build and Test Stage          • Integrating SAST, DAST, and IAST in the Build Stage          • Benefits of Integrating SAST, DAST, and IAST in the DevSecOps Pipeline Integrating RASP and VAPT in Release and Deploy Stage          • RASP and VAPT Integration in Release and Deploy Stage          • Benefits of RASP and VAPT Integration in Release and Deploy Stage          • Conclusion Module 10: Implementing DevSecOps Monitoring and Feedback Integrating Infrastructure as Code (IaC)          • What is Infrastructure as Code?          • Why Integrate IaC into DevSecOps?          • Tools for IaC Integration in DevSecOps          • Challenges in IaC Integration into DevSecOps          • Best Practices for IaC Integration into DevSecOps Integrating Configuration Orchestration          • What is Configuration Orchestration?          • How Does Configuration Orchestration Increase Security Posture?          • Tools for Configuration Orchestration Integrating Security in Operate and Monitor Stage          • Securing Operations and Monitoring          • Importance of Security in Operate and Monitor Stage          • Benefits of Automated Security Practices Integrating Compliance as Code (CaC)          • What is Compliance as Code?          • Benefits of Compliance as Code Integrating Logging, Monitoring, and Alerting          • Integrated Logging, Monitoring, and Alerting During Application Development          • Integrated Logging, Monitoring, and Alerting When an application is in Production          • Tools for Securing Opera ons and Monitoring Integrating Continuous Feedback Loop          • Continuous Feedback Loop          • Creating a Continuous Feedback Loop          • Integrating Continuous Feedback Loop into Application Development Lifecycle          • Conclusion

IoT Security Essentials (I|TE) De IoT Security Essentials (I|TE) is een uitgebreide gids voor het beveiligen van het Internet of Things (IoT)-systemen. Het behandelt essentiële onderwerpen van IoT-fundamenten tot geavanceerde beveiligingsbedreigingen en beveiligingstechniek, en biedt de kennis en vaardigheden om veilige IoT-oplossingen te ontwerpen, in te zetten en te onderhouden. Test uw kennis met CTF-gebaseerde Capstone-projecten en valideer uw nieuw verworven vaardigheden in gesurveilleerde examens. Kandidaten worden toegerust om beveiligingsrisico's in IoT-omgevingen te identificeren, te beoordelen en te beperken, biedt de cursus 5 labs, meer dan 8 uur eersteklas video training en 11 modules met branche-expertise. Cursusinhoud Module 01: IoT Fundamentals Definitions IoT IoT Beginnings The IoT Paradigm IoT Characteristics What's Smart? Smart Technology IoT in Power Grids and Home          o Smart Homes          o Smart Grid          o Smart Grid Case Study          o Smart Grid – Why?          o Smart Grid – Smart City          o Smart Agriculture Internet of Military Things          o IoT Architecture          o IoT Application Areas and Devices          o IoT Technologies and Protocols          o IoT Communication Models Industrial IoT basics SCADA NIST 800-82 – SCADA DCS Smart City          o Smart City Framework Health IoT          o Remote Patient Monitoring          o Medical IoT wearable devices          o Medical IoT internal devices          o Medical IoT Under Skin Devices IoT Platforms          o IoT Platforms – Xively          o IoT Platforms – AWS IoT          o IoT Platforms - GE Predix          o IoT Platforms - Google Cloud IoT          o IoT Platforms - Microsoft Azure IoT          o IoT - Technical Basics Nodes and Applications in Wireless Sensor Networks          o Types of Nodes          o Types of Applications The Future of IoT Module 02: IoT Networking and Communication Basic Concepts – MAC Address EUI-64 Network Concepts– IP Addresses (IPV4) Private Vs. Public Private IP Address OSI Model - Open Systems Interconnect TCP Model IP Addresses and Subnet Masks IPv4 Subnetting Techniques Custom IP Addresses CIDR          o CIDR Address IP Address Services APIPA IPv6 Network Concepts - Wi-Fi Narrowband, Broadband, and Spread Spectrum Signals Frequency Hopping Vs. Direct Sequence Spread Spectrum Details 802.11 Broadcast Methods 802.11 Channels IoT Protocols Bluetooth          o 802.15          o Bluetooth Protocols          o Simplified Bluetooth Stack ANT+ IPv6 Over Low Power Wireless Personal Area Networks (6LowPAN) 6LowPAN NFC RFID ZigBee IEEE 802.15.4 Physical Layer Operating Frequency Bands PHY Frame Structure IEEE 802.15.4 MAC Layer IEEE ZigBee Network Topologies MAC Layer          o ZigBee Network Topologies          o ZigBee and Bluetooth Comparison Z Wave LoRa RuBee WirelessHART MiWi MQTT TR-069 OMA-DM XMPP DDS Constrained Application Protocol (CoAP) Cellular Networks 5G Windows IoT Power System Communication Technologies Power Line Carrier Communication (PLCC)          o Coupling Types in PLCC System          o PLCC---Uses          o PLCC---Fiber Optic Tele-Control Protocols IEC–60870–5-101 ICCP Protocol IEEE Standards Distributed Network Protocol 3 (DNP3) IEEE IoT Standards List Building Information Model Module 03: IoT Processors and Operating Systems PCB NAND UART JTAG CPU Internal Structure Interrupts Operating Systems Features of the OS in Embedded Systems Operating System Kernel Kernel Types Firmware Real-Time Operating System (RTOS) Type of Real-Time Systems Performance Evaluation Four Main Tasks of an OS RTOS – VxWorks What is VxWorks? Differences Between Traditional UNIX and VxWorks VxWorks Architecture VXWorks Networking Support RTPS QNX RTOS – LINUX Contiki The Contiki OS Contiki Protothreads and Dynamic Linking RIOT TinyOS          o TinyOS Design          o TinyOS Tools          o TinyOS Scheduler MagnetOS FreeRTOS Apache Mynewt BeRTOS Zephyr Linux & Android          o History of Linux          o Linux          o Linux Shells          o Basic Shell Command Summary          o Run Levels          o Android Linux Kernel          o Android OS          o Android App Priority and Processes          o Linux Kernel and Storage Management          o Android Architecture          o Android Versions          o Android Automotive          o Android TV          o Android Things Module 04: Cloud and IoT What is Cloud Computing? NIST Cloud Characteristics Types of Cloud Computing Services Cloud Deployment Basic Cloud Concepts Cloud Computing Cloud Types Multi-cloud HPC Cloud Virtualization Virtual Systems IaaS PaaS SaaS          o Example SaaS: Google Docs Variations Characteristics of Virtualization Virtual Components Distributed Systems Issues Terms Uses of Cloud Computing IoT Cloud Commercial Solutions AWS IoT AWS IoT Components Oracle Cloud Grid Computing Fog Computing Future Trends Module 05: IoT Advanced Topics IoT Software Web Applications Hybrid Model Embedded Device Web App Web Communications Mobile Applications Hybrid Native Applications IoT Identity Management IoT Protocols What is Machine Learning? IoT and Machine Learning Types of Learning Supervised vs. Unsupervised Learning Classification Neural Networks Terminology Hebb’s Rule ANNs – The Basics Topologies of Neural Networks Multi-Layers Recurrent Networks Elman Nets Neural Network Function K-Nearest Neighbor Echo State Network Naive Bayes Block Chain IoT What is a Block? What is a Transaction? Block Chain IoT How to Achieve Convergence? Structure of a Block Chain Consensus Algorithms Module 06: IoT Threats List of Common IoT Attacks IoT Vulnerable How Bad is the Problem? Mirai BrikerBot Other Notable IoT Attacks Definition of Sybil Attack Sybil Attack Sinkhole Attack TinyOS Beaconing Geographical Attacks and Attackers Spoofed, Altered, or Replayed Routing Info Wormhole Attack Blackhole Attack Rushing Attacks HELLO Flood Attack Smart Heating Shutdown Access Internal State Modify Internal State Clone TAP IoT Expands Security Needs OWASP IoT Top 10 Dark Reading Top 8 Attacks IoT Attack Surface IoT Goat          o Example DOS – Syn Flood          o Example DOS – Smurf          o Example DOS – Fraggle DHCP Starvation Amplification Other DoS Attacks Bluetooth Attacks Wireless Attacks IoT Hacking IoT Attacks IoT Privacy Issues Malware Virus Types Hiding Techniques Ransomware Smart Thermostat Ransomware Other New Attacks Hacking Medical Devices Hacking Cars Hacking Homes IoT Hacking Metasploit and IoT SCADA - Poor Authentication and Authorization SCADA Unpatched Systems E-passport Threats Security Threats of RFID-Enabled Supply Chain Module 07: Basic Security The CIA Triangle Other Security Concepts/Terms Best Practices for Protecting Embedded OSs WLAN Security Goals Basic WLAN Security Mechanisms Open System Authentication Shared Key Authentication WEP WPA WPA2 WPA3 MAC Address Filtering Disabling SSID Broadcast Changing the Default Login Bluetooth Security Modes Authentication Summary Zigbee Security RuBee Security IoT Checklist IoT Security Measures IoT Security Tools Firmware Security Testing Methodology ByteSweep Stanford Secure IoT project System Hardening Symmetric Block Cipher Algorithms Symmetric Encryption DES & AES Blowfish Asymmetric Encryption How Does Public/Private Key Encryption Work? RSA & Diffie-Helman Digital Signature Basics Hashes What is a Collision? History of SSL TLS v 1.3 Remote Access Security - TLS SSL/TLS Handshake Certificate Store Basics of Defending SCADA/ICS SCADA Security Basics SCADA Security Standards RTU Security - Serial Port Current Grid Environment Threats to the Grid NISTIR 7628 Medical Device Standards EMC Terminology IoT Privacy IoT Security Compliance Framework 1.1 Industrial IoT Security Framework IETF NIST NISTIR 8228 IEEE Standards Security in the SDLC Legal, Regulatory, and Rights Issues Aircrack Wireless tools Other Wifi tools Bluetooth tools Security Protocols For Wireless Sensor Networks SNEP: Sensor Network Encryption Protocol TINYSEC MINISisEC LEAP: Localized Encryption And Authentication Protocol ZigBee Security ZigBee Security Trust Center ZIGBEE Module 08: Cloud Security State of Cloud Security Cloud Threats On the Rise Cloud Vulnerabilities Issues Critical Security Areas in Cloud Computing (CSA) Top 10 Customer Issues Eroding Cloud Confidence (from CSA) Privileged Access Data Segregation Cloud Security Alliance - Guidance CloudAudit & the A6 Deliverable ISO 27017 ISO 27018 NSA Guidance Cloud Computing Attacks Man in the Cloud Cloudbleed Secure Cloud Computing Infrastructure Security Compliance Cloud Computing Also Relies on the Security of Virtualization Sample Hypervisor Security Issues Security Issues Virtualization Security Guidance Cloud Provider Employees Mobile Cloud IRM Privacy & Personal Information U.S. Privacy Law GDPR Cloud Security Policies Procedures, Standards, and Guidelines Policy Types          o NIST 800-14          o NIST 800-14 - Principles          o NIST 800-14 – Practice Areas Investigative Support Forensic Issues Module 09: Threat Intelligence National Vulnerability Database US Cert Shodan IoT Sploit Alien Vault Threat Crowd Phishtank STRIDE DREAD PASTA CVSS Common Vulnerability Exposure (CVE) Risk Determinations Risk Assessment Standards Addressing Risk Residual Risk Find Web Cams Web Cams Default passwords NIST 800-115 NIST 800-53 A National Security Agency (NSA) Information Assessment Methodology (IAM) NSA-IAM Overview IAM PCI Penetration Testing standard PCI Highlights PTES Cyber Kill Chain CEH Lifecycle Vulnerability TCPdump FLAGS Packet Flags Nmap          o Nmap (ZenMap the GUI Version) NMAP Flags Module 10: IoT Incident Response Standards Processes Procedures Impact IoT and the Cloud Indicators of Compromise Tools Forensic Tools Module 11: IoT Security Engineering Methodologies 12 Practices Threat Modeling Dread Stride

Cloud Security Essentials (C|SE) Cloud Security is een basiscursus over cloud computing en beveiligingsfundamentals, gegevensbescherming en encryptie in de cloud en meer. Deze cursus bereidt je voor op het beveiligen van identiteiten, gegevens en toepassingen binnen cloudproviders en hybride infrastructuren. Test je kennis met CTF-gebaseerde Capstone-projecten en valideer je nieuw verworven vaardigheden in gesurveilleerde examens. Met 6 hands-on labs en meer dan 10 uur eersteklas training voorziet de C|SE cursisten van praktische vaardigheden om cloudoplossingen te beveiligen. Cursusinhoud Module 01: Cloud Computing & Security Fundamentals Cloud Compuing and Security Fundamentals What Is Cloud Compuing? Cloud Compuing Types and Service Models          • Different Types of Cloud Deployment Models          • Different Types of Cloud Deployment Models: Private          • Different Types of Cloud Deployment Models: Public          • Different Types of Cloud Deployment Models: Hybrid          • Different Types of Cloud Service Models          • Different Types of Cloud Service Models: Infrastructure as a Service (IaaS)          • Different Types of Cloud Service Models: Platform as a Service (PaaS)          • Different Types of Cloud Service Models: So ware as a Service (SaaS) Cloud Security Challenges and Concerns          • Cloud Security Challenges and Concerns Cloud and Security Responsibilities          • Cloud Shared Responsibilities          • Shared Responsibility Model for Cloud and Security Evaluating Cloud Service Providers          • Cloud Service Providers (CSP)          • Comparing The Top 3 Cloud Service Providers (CSPs)          • Comparing The Top 3 Cloud Service Providers (CSPs): Microsoft          • Comparing The Top 3 Cloud Service Providers (CSPs): AWS          • Comparing The Top 3 Cloud Service Providers (CSPs): GCP Cloud Security Benefits          • Cloud Characteristics          • Cloud Security Benefits Threats and Atacks in Cloud Environments          • Threats And Atacks in Cloud Environments          • OWASP Cloud-Native Application Security Top 10          • Phishing          • Spear Phishing          • Denial-Of-Service Atack          • Brute Force Atacks          • Web Atacks          • SQL Atacks Cloud Security Design Principles          • C-I-A Triad          • Defense In Depth          • Zero Trust Methodology          • Google Cloud Adoptoon Framework Cloud Security Architecture          • Cloud Transformation and Security Architecture          • Secure Landing Zones          • AWS Architecture Example          • GCP Architecture Example          • AZURE Architecture Example          • Google Cloud Adoption Framework Module 02: Identity And Access Management (IAM) in the Cloud IAM Fundamentals          • IAM Fundamentals          • Key IAM Terms          • Defining IAM          • Legacy vs. Modern IAM          • Active Directory Authentication          • Cloud Identity Provider          • Cloud Identity Governance Principal and Roles of IAM in the Cloud          • Cloud Identity Governance          • Role Permissions Role-based Access Control (RBAC)          • Role-based Access Control (RBAC) Identity Federation          • Identity Federation          • Hybrid Identity Federation          • Multi cloud Identity Federation          • Cloud and External Provider Federation Single Sign-on (SSO) and Self-Service Password Reset (SSPR)          • Single Sign-on (SSO)          • Self-Service Password Reset (SSPR) Multifactor Authentication (MFA)          • Multifactor Authentication (MFA) Principle of Least Privilege          • Principle of Least Privilege          • Conditional and Behavior Based Access IAM Auditing and Monitoring          • IAM Auditing and Monitoring Module 03: Data Protection and Encryption in the Cloud Data Classification and Lifecycle          • Governing And Securing Your Data          • Data Classification          • Protect Your Data          • Project Overview          • Data Retention          • Governing And Securing Your Data Encryption Techniques (at Rest, in Transit)          • Encryption Types          • Governing And Securing Your Data          • Encryption In Transit Customer vs. Cloud Provider Managed Keys          • Customer Vs. Cloud Provider Managed Keys          • Key Management in the Cloud          • Azure Key Vault          • AWS Key Management Service          • Google Cloud Platform Encryption Data Loss Prevention (DLP)          • Data Loss Prevention          • Cloud Provider Data Loss Prevention (DLP) Solutions Backup and Disaster Recovery Strategies          • Backup Vs. Replication          • Cloud-Based Site Recovery          • Cloud Backup Module 04: Network Security in Cloud Cloud Network Fundamentals          • Cloud Networks Virtual Private Clouds (VPC)          • AWS VPC Architecture          • Azure Virtual Network (VNET) Network Isolation and Segmentation          • Network Segmentation          • AWS Elastic Load Balancers          • Azure Front Door and Application Gateway          • DDoS Protection Network Access Control Lists (NACLs) and Network Security Groups (NSG)          • AWS NACL and Security Groups          • Azure Network Security Groups (NSG) Remote Access and Connections          • VPC Endpoint Connections          • AWS Remote Connections with Transit Gateway          • Azure Private Links          • Remote Management – Azure Bastion          • Just in Time VM Access          • AWS NAT Instances Vs. NAT Gateways          • NAT Instance Vs. Bastion host Firewalls and Intrusion Detec on          • Azure Firewall          • Web Application Firewall          • AWS Web Application Firewall (WAF)          • Intrusion Detection Vs. Intrusion Prevention Module 05: Application Security in Cloud Secure Software Development Lifecycle (SDLC) in the Cloud           • Secure Software Design           • Cloud Security Controls within Security Objective           • Secure Software Development Lifecycle Web Application Firewall (WAF) in Cloud Environments           • Why use a WAF?           • Web Application Firewall in Azure           • AWS Web Application Firewall (WAF) Web Application Security and OWASP Top Ten           • Common Atacks           • Ransomware Atack Security by Design Principles for Cloud Applications           • Secure Application Design           • Traceability of Data           • Data Integrity           • Key Secure Software Design Concepts           • DevSecOps Secure Coding Practices           • Secure Code Testing           • Runtime Application Self-Protection (RASP) API Security and Integration Best Practices           • API Security Design and Development           • AWS Config           • Secure Azure API Management Serverless Security Considera ons           • Serverless Security Practices           • Azure Functions Security           • Web Application Firewall Container Security (Docker, Kubernetes)           • AWS Config           • Container Security Practices Module 06: Cloud Security Monitoring and Incident Response Cloud Logging          • Importance of Logging          • Cloud Logging Cloud Security Monitoring          • Cloud Native Tools          • Azure Monitor          • Azure Network Watcher          • Log Analytics          • Azure Arc          • AWS CloudTrail          • AWS CloudWatch SIEM and SOAR          • Information and Event Management          • SIEM AND SOAR Cloud-native Monitoring Solutions          • Security Posture Management          • Microsoft Defender for Cloud - CSPM          • Amazon Security Hub Continuous Cloud Security Monitoring          • Cloud Native Application Protection Platform (CNAPP)          • Microsoft Defender for Cloud - CNAPP          • CNAPP capabilities within AWS using CloudGuard          • Google Cloud Armor CNAPP Incident Response and Investigation in the Cloud          • Timeline of A Breach          • Incident Response Module 07: Cloud Security Risk Assessment and Management Identifying Cloud Security Risks          • Cloud Risk Assessment Checklist          • Common Cloud Security Risks          • Top Cloud Vulnerabilities          • Risk Categories Risk Assessment Frameworks for Cloud Environments          • Risk Management Tiers          • Risk Management Strategy          • NIST Risk Management Framework SP 800-37 REV. 2 Cloud Security Controls and Countermeasures          • Defense In Depth          • Security Controls and Countermeasures          • Business Continuity Plans          • Disaster Recovery Plan          • BCP and DRP Working Together Threat Modeling and Vulnerability Assessment in Cloud Environments          • Cloud Threat Modeling          • Cloud Threat Modeling Resources          • Vulnerability Assessments          • Vulnerability Scanning Quanlitative vs. Qualita ve Risk Assessment Approaches          • Risk Analysis          • Qualitative Risk Analysis          • Qualitative Risk Analysis          • Risk Analysis Decision Matrix Cloud Risk Treatment, Response, and Mitigation          • Residual Risk          • Risk Response          • Responses To Risk Module 08: Cloud Compliance and Governance Regulatory and Industry Compliance          • Regulatory Compliance          • General Data Protection Regulation (GDPR)          • Federal Information Security Management Act (FISMA)          • Family Educational Rights and Privacy Act (FERPA)          • International Standards Organization (ISO)          • National Institute of Standards & Technology (NIST)          • NIST SP 800-53          • FedRAMP          • Industry Compliance Standards          • PCI-DSS          • 2023 UPDATES to PCI-DSS          • Sarbanes-Oxley Act (SOX)          • GLBA          • HIPAA          • HIPAA Security Rule          • HITRUST Common Security Framework          • HITRUST Certification Cloud Security Standards          • Cloud Security Standards          • NIST Cybersecurity Framework          • ISO 27001          • Center for Internet Security (CIS)          • Cloud Security Alliance (CSA          • CSA Cloud Control Matrix          • CSA Cloud Control Matrix List of Controls Cloud Security Governance and Risk Management          • Keys To Maintaining Compliance          • Cloud Security Governance          • Cloud Security Assessments and Auditing          • Cloud Security Assessments Methodology          • Cloud Security Assessments Challenges          • Cloud Monitoring and Management          • Risk Management Process          • Responses To Risk Auditing and Monitoring Cloud Resources          • Cloud-Native Audi ng          • Azure Policy          • Microsoft Defender For Cloud          • AWS Config Manager          • AWS Inspector          • Google Cloud Compliance Reports Manager Cloud Security Assessment and Penetration Testing          • Cloud Security Assessments          • Cloud Security Assessment          • Cloud Security Assessment          • Ethical Penetration Testing          • Cloud Penetration Testing and Limitations

Met deze examencode kunt u een (her)examen behorend bij een van onderstaande opleidingen boeken bij verschillende toetscentra in Nederland. Het betreft het examen over het zelfstudiepakket behorende bij de volgende opleidingen: Leergang Compliance Officer Leergang Compliance Professional Het examen bestaat uit 30 meerkeuzevragen. Deze toetst is noodzakelijk als u deelneemt aan de volgende modules van bovenstaande leergangen. U kunt de module-1-toets maken bij één van de  toetscentra van Eureka. U heeft de keuze om deze toets te maken op het moment en op de locatie die u het beste schikt. U kunt zich direct na ontvangst van de code Om u in te schrijven voor het examen heeft u een persoonlijke boekingscode nodig.  Op alle examenonderdelen is het examenreglement van het Nederlands Compliance Instituut van toepassing, deze kunt u vinden op de website van het Nederlands Compliance Instituut.

Actuarieel professionals die hun kennis willen verbreden en verdiepen en zich willen voorbereiden op mogelijke veranderingen in de taken werkzaamheden en verantwoordelijkheden binnen hun organisatie. Environmental, Social en Governance. Drie woorden die centraal staan in de manier waarop het bedrijfsleven zich heruitvindt, gedreven door maatschappelijke en natuurlijke ontwikkelingen. Wat kunnen of moeten verzekeraars en pensioenfondsen hiermee? En welke rol is hierbij weggelegd voor de actuarieel professional? Je krijgt inzicht in ESG-principes en wordt voorbereid op mogelijke veranderingen in jouw (dagelijkse) werkzaamheden en verantwoordelijkheden binnen de eigen organisatie. Tijdens deze bijeenkomst wordt verkend waarom het thema ESG maatschappelijk zo belangrijk geworden is, hoe verzekeraars en pensioenfondsen zich kunnen positioneren in de verduurzaming van de sector en de maatschappij en wat de rol van de actuarieel professional. Het thema wordt daarmee in een breed maatschappelijk perspectief gezet en in de context van de verzekerings- en pensioensector, met als doel om ESG tastbaar te maken voor de actuarieel professionals in hun dagelijkse werkzaamheden. Sprekers Dr. Ted van der Aalst AAG en Michiel Evers MSc

Over de 100% Online Opleiding Wft Zorg Voor een grondige voorbereiding op het Wft Zorg examen, biedt onze volledig digitale opleiding Wft Zorg een uitgebreide leerervaring. De cursus omvat de E-learning Wft Zorg, verrijkt met zes representatieve oefenexamens en ondersteund door Videoleren. Met behulp van onze Slim Leren tool kan je onbeperkt oefenen met vragen uit de cursus om je kennis en vaardigheden te versterken. De Extra Oefenexamens Wft Zorg Als aanvulling op je studie bieden wij Extra Oefenexamens Wft Zorg aan. Deze set van drie aanvullende oefenexamens is zorgvuldig samengesteld om aan te sluiten bij de meest recente exameneisen en om te focussen op veelgemaakte fouten. Deze extra examens zijn ontworpen om je een diepgaand inzicht te geven en je optimaal voor te bereiden op het Wft Zorg examen. Het Examen Wft Zorg: Het Wft Zorg examen toetst je bekwaamheid in het adviseren over zorgverzekeringen. Het bestaat uit 33 vragen verdeeld over drie categorieën: Kennis en Begrip (14 vragen), Vaardigheden en Competenties (18 vragen) en Professioneel gedrag (1 vraag). Voor het voltooien van dit examen heb je 90 minuten de tijd.