In today’s digital landscape, the demand for executive-level cybersecurity proficiency is not just necessary—it’s imperative. This workshop is designed specifically for lower to mid-level managers aiming to refine their cybersecurity capabilities and leadership in the increasingly complex cyber environment.

What You Will Gain
• Applying the Security Principles, Risk & Governance
• Applying Data Security & Privacy
• Applying Access Controls Concepts (Physical & Logical)
• Applying Network Security
• Applying Cloud Security
• Applying Security Operations

This Three-days’ workshop covers the six key elements of cyber security. The course emphasizes on the building the application skills of cybersecurity principles, concepts, theories, and models. The key focus is on establishing the practices on: GRC, data privacy, and security operation. Establishing the access and security controls. Enables the organization to inculcate practices regarding network and cloud security.
It prepares candidates to become a part of a dynamic and rewarding workforce in Cybersecurity. Enables them to demonstrate the relevant technical knowledge, abilities, and skills.

Who Should Attend?
• IT Professionals/Managers: Those looking to enhance their cybersecurity skills and take on leadership roles.
• Career Transitions: Ideal for professionals transitioning into the cybersecurity field.

Participants will emerge with the ability to:

• Possess the skills in various roles required in Information Security
• Gain competitive advantage in career progression to stay employable
• Implement and Operate the Cyber-Essential and Cyber-Trustmark standards
• Apply the knowledge to prepare for Professional Certification, CISSP
• Qualify to appear in the ISO 27001 Lead Implementer training
• Qualify to appear in the ISO 27001 Lead Auditor training
• Gather experience to progress to the next level of Security Management

Course Outline

• Topic 1: Security Principles

– Understand the security concepts of information assurance. CIA & DAD
o Authentication (methods of authentication, multi-factor authentication (MFA))
o Non-repudiation
o Defence in depth

– Understand the risk management process
o Risk management (risk priorities, risk tolerance)
o Risk identification, assessment and treatment

— Understand security controls
o Technical controls
o Administrative controls
o Physical controls

– Understand governance
o Policies (Security, Password, AUP)
o Procedures
o Standards
o Regulations and laws

– Security Architecture and Frameworks
o Architecture (SABSA , TOGAF)
o Frameworks (ISO, NIST, COBIT)

• Topic 2: Understanding Data Security & Privacy

– Understand data security
o Encryption (e.g., symmetric, asymmetric, hashing)
o Data handling (lifecycle, destruction, retention, classification, labeling)
o Logging and monitoring security events

– Understand Data Privacy
o Purpose
o Importance
o Components
o GDPR

• Topic 3: Access Controls Concepts

– Understand physical access controls
o Physical security controls (badge systems, gate entry, environmental design)
o Monitoring (security guards, closed-circuit television (CCTV), alarm systems, logs)
o Authorized versus unauthorized personnel

– Understand logical access controls
o Principle of least privilege
o Segregation of duties
o Discretionary access control (DAC)
o Role-based access control (RBAC)
o Attribute-based access control (ABAC)

• Topic 4: Network Security

– Understand computer networking
o Networks (OSI model, TCP/IP model, IPv4, IPv6, WiFi)
o Ports
o Applications

– Understand network threats and attacks
o Types of threats (DDoS, virus, worm, Trojan, MITM, side-channel)
o Identification (IDS, HIDS, NIDS)
o Prevention (antivirus, scans, Firewalls, IPS)

– Understand network security infrastructure
o Network segmentation (segregation, isolation)
o VLAN
o VPN
o NAC

– Understand network Attacks and Mitigations
o Phishing (Social Engineering)
o Distributed Denial-of-Service (DDoS)
o Malware
o Brute-force attacks
o Injection attacks
o Man-in-the-middle (MITM)
o DNS attacks
o Insider Threats

• Topic 5: Cloud Security

– Understand the concept and models
o Definition, features
o Service Models (IaaS, PaaS, SaaS, XaaS, FaaS)
o Delivery Models (Public, Private, Community, Hybrid)

– Understand Virtualization
o Hypervisor (type 1, type 2)
o Virtualization (BareMetal, Network, Application/OS)

– Securing the Cloud
o Infrastructure (SDN, SDDC, IaC, immutable)
o Data (Segmentation, Encryption)
o Application (Container, Docker, Kubernetes)
o Security as a Service (SecaaS)

– Threat, Risk, Compliance
o Cloud Threats (Lock-In, Lock-Out, Guest-escape)
o Cloud Risk Management
o Cloud Compliance (Audit and Governance)

– Operation and Service Management
o Cloud Service Provider (CSP)
o Cloud Incident
o Shared Responsibility Model

• Topic 6: Security Operations

– Understand Incident Response
o Steps of IR
o Change & Configuration management
o Investigation and Forensics

– Understand BC & DR
o Purpose
o Importance
o Components

– Understand 3rd Party Security
o Contract
o SLA
o MOU/ MOA

– Understand security awareness training
o Purpose
o Importance
o Components