Вы находитесь на странице: 1из 9

ITU-IMPACT

Training and Skills Development


Course Catalogue

Management Track Technical Track

Incident Digital Network Application Law


Course Area Security Management
Response Forensics Security Security Enforcement

Foundation Security Management Essentials

Intermediate Developing Security Policies Developing and Introduction to Securing Networks Web Cybercrime
and Procedures Implementing Digital Forensics Application Inves igation for
Computer Vulnerability Security Law Enforcement
Incident Response Network Forensics Assessment /
ISO 27001 Information
Team (CIRT) and Investigations Penetration Testing
Security Management
System (ISMS) Concepts and Incident Handling Security Audit NetFlow Analysis
Awareness and Response
Mac and Mobile
Advanced Incident Forensics
ISO 27001 Information
Handling and
Security Management Response Cloud Forensics
System (ISMS)
Implementation Malware Analysis

Advanced (ISC)2 CISSP CBK Review Seminar

Target CIO, CISO, Incident Managers, Forensics Analysts, Network Administrator, Web Application Law Enforcement
Audience
IT Security Managers, Responders and Forensics Investigators, Network Support, Developers, Officers,
IT Security Executives, Analysts, Incident Handlers, Incident Handlers, Webmasters, Legal Officers,
Compliance Managers, Network and System and Malware Analysts. Network Managers, and Application and Lawyers.
Dept. Heads, Managers and Administrators, and IT Support, Support Executives.
Executives. Malware Researchers IT Administrators,
and Investigators. and CIRT Analysts.
TECHNICAL Developing and Implementing

ITU-IMPACT Security
Computer Incident
TRACK Response Team (CIRT)

Management and
Incident Handling and Response
Incident
Response
Advanced Incident Handling and Response

Specialised Tracks Malware Analysis

- The Roadmap Introduction to Digital Forensics

Advanced Network Forensics

Digital Security Audit


Forensics
Mac and Mobile Forensics

Cloud Forensics

Securing Networks

Vulnerability Assessment /
Network Penetration Testing
Security
NetFlow Analysis

MANAGEMENT
TRACK
Application
Security Web Application Security

Security Management Essentials

Developing Security Policies and Procedures Law


Security Cybercrime Investigations
Management Enforcement
for Law Enforcement
ISO 27001 Information Security Management
System (ISMS) Concepts and Awareness

ISO 27001 Information Security Management


System (ISMS) and Implementation
1. Management Track
This track addresses managements concerns on the overall information Key success factors are areas such as security or corporate governance taking
security management for businesses and organisations which has evolved into account the adoption of security frameworks, information security
from a technical perspective to business. standards, security policies, best practices, guidelines, and risk management.

1.1 Security Management

Organisations today are exposed to more complexities and uncertainties Organisation-centric approaches to security management taking into
with the increasing use of technology and the pace at which the risk consideration the impact of risks on the organisation determines the best
environment is changing. As every business assets and processes are security activities and practices most suitable for the organisations
exposed to both internal and external threats, organisations must cybersecurity resilience.
implement internationally accepted information security standards, best
practices and controls to identify, manage and mitigate these threats.

1.1.1 Security Management Essentials

Security Management is a comprehensive course which provides IT Course Objective


professionals and practitioners with the most up-to-date developments in
cybersecurity. This course covers the key concepts, definitions, principles This course sets the core foundation of IT security knowledge. It is suitable for
and goals of information security taking into consideration both any member of the IT community from the newest of the team to the most
management and technological aspects. experienced professional. It descr bes the core fundamentals of information
security in an interesting and relevant manner, covers the close alignment of
information security with the changing business requirements, enabling
Key topics include firewalls, intrusion detection and prevention systems,
participants to effectively understand information security concepts in business
risk management models including ISO 27001, standards, security
processes and designs.
policies, tools and techniques used in cyber threats, security risks to
networks, defending against attacks through the implementation of proper Target Audience
security mechanisms, encryption, authentication and authorisation
technologies. Participants will also see live demonstrations of the tools IT Managers/Executives, IT Systems Administrators, Security Administrators,
and techniques used by malicious individuals to attack vulnerable Database Administrators, Access Control Administrators, Systems Analysts
applications and systems. and Designers, Application Developers, Business Analysts, and user
representatives.
Security Awareness is included as part of the course targeting all
Course Duration
audiences specifically managers and IT Administrators. This is a value
added offering to ensure participants are well informed of most current
This course can be customised according to participants requirement.
security threats and issues related to their roles and respons bilities.
Security Awareness for Managers is targeted at those with responsibility Delivery Mode
for staff and protection of assets, while Security Awareness for IT
Administrators is targeted at those with IT and Network Systems Lecture with presentation slides, course materials, learning activities, case
administration, developmental, and supporting responsibilities. studies, and review questions.

1.1.2 Developing Security Policies and Procedures

Course Objective

As business needs as well as the environment change, new risks are Target Audience: Security Managers, CISOs, CSOs and anyone responsible
always on the horizon and critical systems are continually exposed to new for developing security policies.
vulnerabilities. Policy development and assessment are a continual
Course Duration: 3 days
process. This is a hands-on intensive course on writing, implementing and
assessing security policies. This intensive course is suitable for IT and Delivery Mode: Lecture with presentation slides, course materials, learning
non-IT professionals carrying out cybersecurity duties including creating activities, case studies, and review questions.
and maintaining of policy and procedures. It provides hands on training on
writting, implementing and assessing security policies. Participants will be
assigned to write policy template.
1.1.3 ISO 27001 Information Security Management System (ISMS) Concepts and Awareness

Course Objective

ISMS is a risk management approach to maintaining the confidentiality, Target Audience: This is a non technical security course concerning information
integrity and availability of the organisations information. This course is security management. It is suitable for executives and managers from a wide
designed to promote awareness of the objectives and benefits of range of disciplines, and should be attended by a broad range of IT security
information security, as well as the requirements of professionals.

1. ISO 27001 for ISMS establishment, implementation, operation, Course Duration: 3 days
monitoring, review, maintenance and improvement, and
2. ISO 27002 on information security controls. Delivery Mode: Lecture with presentation slides, course materials, learning
activities, case studies, and review questions.
It also provides an insight into the emerging ISO 27000 series of
standards.

1.1.4 ISO 27001 Information Security Management (ISMS) Implementation

Course Objective

Recent high-profile information security breaches and increased Target Audience: This is a non-technical IT information security management
awareness of the value of information are highlighting the ever-increasing course suitable for managers from a wide range of disciplines.
need for organisations to protect their information assets. An information
security management system (ISMS) is a risk management approach to Course Duration: 4 days
maintaining the confidentiality, integrity and availability of the
organisations information. This course leads participants through a series Delivery Mode: Lecture with presentation slides, course materials, learning
of exercises following the requirements of ISO 27001:2005 for ISMS activities, case studies, and review questions.
implementation.
Pre-requisite: Participants should have a basic knowledge of business
Implementation exercises are supplemented with case studies on risk information systems and competency productivity tools i.e. word processors,
management techniques using relevant tools and solutions. spreadsheets and presentation software.

2. Technical Track
This highly specialised track focuses on designing, developing, The courses offered in this track are centred around proactive and reactive
configuring, implementing, and managing technical security solutions for solutions required for practitioners to effectively perform their duties in
organisation and constituents. Participants will be able to enhance their managing and mitigating cyber threats against their organisations security
knowledge and skills using the current industry practices, and have access infrastructures and information systems.
to the latest technology, methodologies, and best practices.

2.1 Incident Response


Incident response is a structured approach in addressing and managing
the aftermath of an incident. The goal is to handle the situation in a way
that limits damage and reduces recovery time and costs. If not managed
properly, an incident can escalate into an emergency, a crisis, or even a
disaster, decreasing the organisations resilience ability.

2.1.1 Developing and Implementing a Computer Incident Response Team (CIRT)

Course Objective

This course will provide participants who have imited knowledge, Target Audience: CIRT Manager, CIRT Analyst, Incident Handler, Security
experience, or background required to formulate the policies, processes, Analyst
management structure, equipment, and other requirements necessary to
respond to network incidents. It provides information on refining the Course Duration: 4 days
current structure and capabilities for a Computer Incident Response Team
(CIRT) or a team with similar capabilities. Delivery Mode: Lecture with presentation slides, course materials, learning
activities, case studies, and review questions.
2.1.2 Incident Handling and Response
Course Objective

The course is designed to provide insight into the work an incident handler Target Audience: CIRT Manager, Analyst and any technical staff; Incident
may perform. It will provide an overview of the incident handling arena, Responders; and Network Administrators. Those with little or no incident
including CIRT services, intruder threats, and the nature of incident handling experience are encouraged to attend.
response activities.
Course Duration: 5 days
Participants will:
Delivery Mode: Lecture with presentation slides, course materials, learning
1. Learn how to gather the information required to handle an incident; activities, case studies, and review questions.
2. Realize the importance of having and following pre-defined CIRT
policies and procedures;
3. Understand the technical issues relating to commonly reported attack
types;
4. Perform analysis and response tasks for various sample incidents;
5. Apply critical thinking skills in responding to incidents, and
6. Identify potential problems to avoid while taking part in CIRT work.

The course incorporates interactive instructions, practical exercises, and


role playing. Participants will have hands-on exercises on sample
incidents taken from real life scenarios.

2.1.3 Advanced Incident Handling and Response


Course Objective

This course is designed to further enhance the knowledge and skills of Target Audience: Incident Managers, Responders and Analyst, Network and
incident handlers and responders involved in solving compromises and System Administrators, Malware Researchers and Investigators.
breaches by analysing events and formulating effective remedial actions
and strategies. Participants will work as a team on several incident
scenarios, artefacts and exercises applying industry best practices, Course Duration: 4 days
effective methodologies and tools. They will be taken through a series of
work plans and processes to identify, analyse, and then present the Delivery Mode: Lectures with presentation slides, extensive hands-on group
findings and response strategies to interested parties. This course will also exercises, and case studies.
include modules on artefact analysis, vulnerability handling and producing
security advisories.

2.1.4 Malware Analysis


Course Objective

Determining the functionality of malware is critical both during the incident Target Audience: Incident Responders, Network and System Administrators,
response process and to identify where threats originate from. The course CIRT Personnel, Malware Researchers, Malware Investigators, Antivirus
examines malware in both static and runtime environments. It will take into Analysts
account the viewpoint of an incident responder attempting to determine
what malicious activities the malware has conducted in order to mitigate Course Duration: 5 days
further malicious activity and remove the malware from an infected
system. The course will also consider the perspective of a Computer Delivery Mode: Lecture with presentation slides, course materials, learning
Incident Response Team (CIRT) or security team involved in investigating, activities, case studies, and review questions.
analysing and reporting on malware related incidents. Both static and
runtime malware analysis techniques and reverse engineering tools such
as IDA Pro and Ollydbg will be covered.

2.2 Digital Forensics

The ability to preserve and to analyse data found on digital storage media, They are also required to know the legal aspects associated with forensics
computer systems and networks is essential for understanding and investigation particularly for representation in a court of law. The use of
mitigating cyber attack against IT infrastructures. Forensics professional s real-world scenarios would enable participants not only to learn the
must be highly competent in collecting, examining, analysing and reporting required skills, but also gain experience in their practical application.
on digital evidence in order to preserve critical information.

2.2.1 Introduction to Digital Forensics


Course Objective

Investigating what happened on a computer system after a suspected Target Audience: Incident Responders, Network Administrators, System
intrusion is critical to quantifying losses from a security breach. This course Administrators, and CIRT Personnel.
will teach network and system administrators on identifying the particular
consequences of an intrusion. It helps administrators to identify what data Course Duration: 5 days
has been compromised by applying host forensics techniques and
conducting log analysis. The focus will be on the discovery of data hiding Delivery Mode: Lecture with presentation slides, course materials, learning
techniques, rootkits, malware functionality and time-based analytics. activities, case studies, and review questions.
Analysis of the FAT, NTFS and EXT2 file systems will also be covered. This
course serves as a good foundation for further instruction on commercial
tools or to use open source forensics tools more effectively.
2.2.2 Network Forensics and Investigations

Course Objective

Participants will gain real world knowledge and skills to analyse network Target Audience: IT Security Practitioner, Forensic Analyst, Incident Handlers,
traffic, improve network security and reliability, and protect networks from Network Administrators, Law Enforcement Officers and Support Staff.
malicious and criminal attacks. In addition, they will learn the techniques to
identify suspicious traffic patterns, a breached host, and signs of Bots Course Duration: 5 days
running in a network, as well as the techniques to deal with and manage
compromised machines. Delivery Mode: Instructor-led, group-paced, classroom-delivery learning model

2.2.3 Security Audit


Course Objective

This is a comprehensive course designed to equip security practitioners Target Audience: Network and System Administrators, CIRT Analyst,
with the technical knowledge and skills to investigate and better Cybercrime and Forensic Investigators.
understand their IT environment including computers, applications,
network systems, and services. This course covers topics such as Course Duration: 5 days
technical concepts, data analysis on devices, file systems, operating
systems, common threats, security best practices and the tools used to Delivery Mode: Lectures with presentation slides, case studies and extensive
identify, analyse and mitigate cyber threats faced by users, devices and hands-on exercises.
organisations.

2.2.4 Mac and Mobile Forensics

Course Objective

The course emphasises solid forensic practices in mobile phone Target Audience: Experienced Digital Forensics Analysts, Media Exploitation
investigation as well as reporting. Stepping through the logical and Analysts, Incident Response Team Members, Information Security
physical acquisition of memory with such a variety of devices is Practitioners, technical team members, and those with national responsibilities
challenging to say the least. The class addresses the strengths and in cybersecurity issues.
weaknesses for many of the mobile forensic tools being utilised in the field.
Course Duration: 5 days
The Mac forensics training aims to form a well-rounded investigator by
introducing Mac forensics into a Windows-based forensics world. The Delivery Mode: Lectures with presentation slides, case studies and group
programme focuses on topics such as the HFS+ file system, Mac specific exercises and hands-on forensic analysis.
data files, tracking user activity, system configuration, analysis and
correlation of Mac logs, Mac applications, and Mac exclusive technologies.

2.2.5 Cloud Forensics


Course Objective

This course provides a clear statement of the knowledge and skills Target Audience: CEO, CIO, CISO, policy makers, security architects, ethical
hackers, forensic practitioners, law enforcement, legal professionals and
required by a professional dealing with cloud forensics. The objectives of
advisors, researchers and academics.
this course are:
1. To enhance knowledge and skills required by a professional dealing with Course Duration: 4 days
cloud forensics,
Delivery Mode: Lectures with presentation slides and extensive hands-on
2. To share with participants risk assessment and mitigation strategies for exercises.
cloud adoption to be reflected adequately in cloud services contracts
3. Consideration of various legal implications of cloud investigations, and
4. Demonstrate technical competence in handling investigative cases in
cloud computing environments.
2.3. Network Security

Network Security courses are designed to equip IT professionals and These weaknesses are often exploited by remote users using publicly and
practitioners with the knowledge and skills required for implementing, commercially available software tools and through manual techniques.
designing, configuring, maintaining and reviewing a secure network Web-based applications need to be audited to ensure that vulnerabilities are
system to prevent and manage network vulnerabilities. Participants will discovered, where risks mitigated promptly and effectively. Policies, processes,
learn the skills needed to identify and to analyse common internal and management structures, equipment, and other requirements are also
external security threats against a network so proactive security and audit necessary to respond to any unforeseen network incidents.
strategies can be implemented to protect the organisation's information
assets and systems from weaknesses.

2.3.1 Securing Networks


Course Objective

In today's network dependent business environment, organisations link Target Audience: Network Administrators, Network Support, System Support,
their systems enterprise wide and virtual private networks, as well as Incident Handlers, Network Managers, IT Support.
connect remote users. In this course, participants learn to analyse risks to
networks and steps needed to select and deploy appropriate Course Duration: 3 days
countermeasures to reduce the exposure to these threats.
Delivery Mode: Lecture with presentation slides, course materials, learning
activities, case studies, and review questions.

2.3.2 Vulnerability Analysis / Penetration Testing

Course Objective

Breach of network security is a growing problem faced by many Target Audience: Incident Responders, Network and System Administrators,
organisations worldwide and it is becoming complex as intruders resort to CIRT/CSIRT Personnel, IT/ Security Auditors
highly advanced methods to gain access. This course exposes
Course Duration: 5 days
participants to network vulnerabilities, the methods used by intruders to
gain access into a network system and tools used to ward off such attacks. Delivery Mode: Lectures with presentation slides, case studies and extensive
hands-on exercises.
The course revolves around a series of hands-on exercises based on
techniques for penetrating into a network and defending against attacks. It Pre-requisite: Basic knowledge and skills in network architectures and
operating systems.
focuses on attack techniques, exploit techniques, vulnerability assessment
and penetrating testing techniques. Participants will gain skills to perform
penetration testing and countermeasures for the organisations.

2.3.3 NetFlow Analysis

Course Objective
This course focuses on network analysis and hunting of malicious activity Target Audience: Incident Responders, Network and System Administrators,
from a security operations centres perspective. It provides an CIRT/CSIRT Personnel, IT/ Security Auditors, Network Administrator, System
understanding of NetFlow data format, common netflow collection, Administrators.
analysis, and visualization tools. It would cover NetFlow strengths,
operational limitations of NetFlow, strategic sensor placement, NetFlow Course Duration: 3 days
tools, visualization of network data, analytic trade craft for network
situational awareness, and networking hunting scenarios. Delivery Mode: Lectures with presentation slides, case studies, and extensive
hands-on exercises.
2.4 Application Security

Business applications and processes increasingly moving towards the credit card data, proprietary data or classified information. Participants will
web services and adopting the software-as-a-service (SaaS) model, many gain skills on how to assess applications from a hackers perspective,
organisations today are exposing data and critical business services to understand application security vulnerabilities, and learn how to mitigate
untested or insecure web-based applications. These applications with these security holes so they are never exploited by a hacker.
inadequate or non-existent security offer opportunity for malicious hackers
to access your critical database containing customer information,

2.4.1 Web Application Security

Course Objective

Understanding web application attack vectors is critical for web application Target Audience: Web Application Developers, Penetration Testers, Web
developers responsible for maintaining and securing a web-based system. Application Testers.
Web application vulnerabilities have been the cause of computer security
breaches for organisations. Businesses and customer-related information Course Duration: 5 days
are the target of web application attacks. This course covers common
methods for attacking web applications, such as SQL Injection, Cross-Site Delivery Mode: Lecture with presentation slides, course materials, learning
Scripting, command injection, data leakage attacks, session hijacking and activities, case studies, and review questions.
PHP/Javascript/ASP vulnerabilities. Basic vulnerability discovery in web
applications will also be covered, as well as secure coding techniques and Pre-requisite: Some understanding of programming is required, preferably
the OWASP. PHP, Javascript, or ASP.

2.5. Law Enforcement


Cyber criminals today are targeting organisations with the intent of stealing When these cyber criminal falls in the hand of law enforcement, the officer must
confidential and financial information to commit crime. Using the internet be well versed in conducting investigation, analysis and reporting using
platform, this criminal activity is highly possible due to unsecured relevant tools and techniques to assist and bring in the culprits to justice.
application, systems, and networks.

2.5.1 Cyber crime investigation for Law Enforcement


Course Objective

This network investigations course is tailored specifically to the needs of Target Audience: Law Enforcement Officers and support staff.
law enforcement officers who are investigating cyber crimes. The course
will begin by reviewing the common types of cyber crimes, how criminal Course Duration: 4 days
activities are conducted on the Internet, the tools and motivations driving
the Internet as a medium for criminal activity. It investigates how Internet Delivery Mode: Lecture with presentation slides, course materials, learning
crime is commited using tools such as Botnets, DDoS attacks, illicit file activities, case studies, and review questions.
hosting, underground economy marketplaces, spam, phishing, extortion,
and more. The course demonstrates common hacking activities through
web application exploits, remote operating system, application exploits,
social engineering and web drive-by attacks. The objective of the course is
to give law enforcement officers a full set of tools and knowledge for
conducting effective network investigations.
Scholarship
As a global, non-profit organisation, ITU-IMPACT has received generous exceptional high quality courses and certifications recognised throughout the
donations from leading information security training providers. These information security community. These funds enable ITU-IMPACT to offer
organisations are widely acknowledged as the top information security highly sought-after training courses to qualified security professionals from any
certification bodies in the world and are renowned for providing one of our partner countries.

EC-Council Information Security Training Sponsorship Programme (ISTP)

ISTP is co-sponsored by EC-Council and is part of The EC-Council programmes identified under the ISTSP are Network Security
ITU-IMPACTs global agenda to combat cyber Administrator (E|NSA), Certified Ethical Hacker (C|EH), Computer Hacking
threats. The courses are awarded to selected Forensics Investigators (C|HFI), Certified Security Analyst (E|CSA), Licensed
recipients from ITU-IMPACT partner countries. Penetration Tester (L|PT) and Certified Disaster Recovery Professional
ITU-IMPACT is seeking suitable candidates with (E|DRP).
technical background in cybersecurity, good
communication and presentation skills, and have
keen interest in becoming a cybersecurity trainer in
support of the scholarship programme.

About ITU-IMPACT Centre for Training and Skills Development


The centre provides world-class training in cybersecurity. All training courses, specialised seminars and workshops are conducted in collaboration with the
leading ICT companies and institutions that include ITU, EC-Council, (ISC)2 and Honeynet Project. Our specialised courses bring together global expertise in
a broad range of specialisations, allowing ITU-IMPACT to work with governments and individual organisations to build internal capabilities in order to secure vital
infrastructure, mitigate threats and respond to unauthorised or unlawful activities. We carefully examine the needs and desires of our partner countries with an
eye toward continual improvement and development. As future requirements are identified, ITU-IMPACT will strive to develop and deploy effective training
courses to meet specific needs of information security practitioners and professionals.

For more information or enquiries, please contact:


International Multilateral Partnership Against Cyber Threats (IMPACT)
Jalan IMPACT
63000 Cyberjaya
Malaysia

T: +60 (3) 8313 2020


F: +60 (3) 8319 2020
E: training@impact-alliance.org
W: www.impact-alliance.org