Who Should Attend?
• Broad Audience: Any employee within any organization, regardless of role.
• Information Handlers: Individuals who access any organizational data or digital assets.
• Security-Conscious: Those concerned about cyber threats and organizational risks.
• Future-Oriented: Employees aiming to enhance their cyber risk management skills.

After completing this course, YOU/Employee will be able to:
• Appreciate the purpose of Information Security in the organization
• Contribute effectively to the objectives of Information Security in the organization
• Support the Objectives of Information Security in the organization
• Capable of instilling, practicing, and enhancing the Security Hygiene
• Appreciate the Cybersecurity Agency’s Cyber-Essential and Cyber-Trustmark standards
• Qualify to appear in the ISO/IEC 27001 Information Security Foundation training
• Qualify to appear in the ISO/IEC 27032 Cybersecurity Foundation training
• Apply the knowledge to prepare for entry-level Professional Certification, CC

Course Outline

• Topic 1: Cybersecurity and Privacy Introduction
– Introduction to Security: Information & Cyber.
– Purpose of Cyber Security and Data Privacy.
– Why is Cyber Security critical?
– How does Cyber Security and Data Privacy differ.
– History of Cyber security and its evolution.
– The Statistics and Status of Cyber Attacks.

• Topic 2: Concepts Terminology
– The Security TRIAD and DAD.
– The key concepts of Security.
– The fundamentals of Security.
– Layered Security principle.
– From Assets to Attacks.

• Topic 3: Security Risk, Policy, and Controls
– Cyber Security Policy, Procedures, Standards, and Guides.
– Cyber Threats. Vulnerabilities, and Risk
– Cyber Audit and Compliance.
– Control Safeguards and Countermeasures.

• Topic 4: Security Principles & Primaries
– The 5 Cyber Security principles: Governance, Protect, Detect, Response, and Recover.
– The 7 Privacy principles: General, Notice and Choice, Disclosure, Security, Retention, Data Integrity, Access Principle.
– The Key Threats, Vulnerabilities, Attacks and Controls
* Threats: Nation States, Terrorists, Criminals, Hackers, Malicious Insiders.
* Vulnerabilities: Zero Day, Poor input validations and Data Sanitisation, Unpatched Software, Unauthorized Access, Misconfiguration, Credential Theft, Vulnerable APIs.
* Attacks: Malware, Denial-of-Service (DoS) Attacks, Phishing , Spoofing, Code Injection, Insider, Identity-Based, IoT-Based, Supply Chain, DNS-based.
* Controls: Patching, MFA, Zero-Trust, restrict administrative privileges, application control, restrict untrusted application, systems hardening and regular backups.

• Topic 5: Security Elements
– 5 key security elements: Network, Information, Application, Operational, and End-user.
– Staying Secure While in the Office
– Staying Secure While out of the Office

• Topic 6: Cryptography
– Basics of Information secrecy and concealment
– Objective of Cryptography
– Common elements and methods: Cryptography, Cipher Algorithm, Key Lifecycle, Hash
– Practical Use of Cryptography
– Public Key Infrastructure (PKI) and its use

• Topic 7: Identity and Access Management
– IAAA Concepts
– Authentication: purpose and multi-Factors of Authentication.
– Authorization: Privilege, Permission and Rights.
– Access Controls: Types- Discretionary, Role based, and Attribute based.

• Topic 8: Incident Response
– Purpose and definition of Security Incidents
– Incident Stages
– Investigation and Forensics
– SOC: Tools and Techniques