Training
Why Information Security Training?
All the major economies in the World are moving from the Industrial age to the Information age, it's known as k-based or knowledge based economy. The issue for corporate and governments worldwide is to figure out ways to sustain a competitive advantage in this rapidly changing arena.
During recent times information infrastructures and networks are confronted with serious security threats and challenges that have drawn attention worldwide. To take proactive measures and protect a company's information systems is a job which requires understanding of core issues in IT security. It can range from Corporate IS Awareness Training down to Technical Penetration Testing Training such as CPTP.
Secondly, with most of the organizations looking forward to attaining information security certifications such as ISO27001, the requirement of skilled professionals to implement and audit the requirements will increase with a fast pace.
Why NSS?
NSS is a premier information systems security risk management company that provides information risk management programs and technical investigative solutions for government and corporate clients. With a view to cater to the rising demand for Information Security training and certification in the IT industry, NSS has spearheaded information security training and certification. Highly qualified Information Security and Information Risk Management professionals who have provided network security solutions across various platforms around the world will run each of the training courses.
The ever-changing level of threats faced by an organization can only be proactively addressed through constant learning. Inbound or classroom based programs from NSS use an innovative approach to make the best of the unhindered presence of the participants at a common location. The programs will provide opportunities for intense coaching by careful and well-designed use of lectures, exercises, and practice sessions in individual and small group work.
The emphasis of the training methodology is on experiential learning and the right mixes of knowledge, technology and skills inputs, ultimately leading to the International certification.
NSS offers various kinds of training including:
CIW Security Analyst
The CIW Security Analyst Certification
The CIW Security Analyst Certification recognizes the achievements of those who have already attained a level of proficiency in networking administration and now want to prove their competence in security. It provides focused and streamlined validation of further proficiency in areas pertaining to systems security.
Target Audience: Individuals who have already attained a level of proficiency in networking administration and now want to validate and prove their competencies in network security.
Job Responsibilities: Once a certificate is achieved in this area, he or she can implement security policy, identify security threats, and develop countermeasures using firewall systems and attack-recognition technologies. This specialist will also have competency in managing the deployment of e-business transaction and payment security solutions.
Prerequisites: In order to qualify for this certificate, individuals must have attained at least one of the following levels of certification and must submit proof of these certifications to the CIW program.
- Microsoft Certified Systems Engineer (MCSE) 4
- Microsoft Certified Systems Engineer (MCSE) 2000
- Certified Novell Engineer (CNE) 4
- Certified Novell Engineer (CNE) 5
- Cisco Certified Network Professional (CCNP)
- Cisco Certified Internetwork Expert (CCIE)
- Linux Professional Institute (LPI) Level 2
- SAIR Level 2 LCE
Training/Experience: Candidates must hold one of the certifications listed above in order to achieve this certification.
Certificate Awards: To become a CIW Security Analyst, students must:
- Complete the CIW Certification Agreement
- Pass the CIW Security Professional Exam (1D0-470)
- Mail or fax proof of your qualifying certification to CIW Certification Central
CIW Security Professional Certification
CIW Security Professional Certification Course consists of three modules, namely Network Security and Firewalls, Operating System Security and Security Auditing Attacks and Threat Analysis. The course duration is for thirty hours and is a mandatory requirement for CIW Security Analyst Certification.
- Module-1 : Network Security and Firewalls
- Module-2 : Operating System Security
- Module-3 : Security Auditing, Attacks and Threat Analysis
Target Audience: This course is designed for networking professionals, network administrators, support staffs who want to implement security in Networks, Operating systems. Recommended for information security auditors.
Course Certificate: A Certificate of Achievement will be awarded to the participants by NSS. Students who successfully pass the CIW on-line examination will receive Security Professional Certificate from CIW, USA.
Duration: 30 Hrs
Registration: Open
If you wish to find out more you can check our calendar for upcoming events or contact us directly.
IS Awareness Training
NSS offers three kinds of IS Awareness training, please select the one you are interested in below:End-User Awareness
End-User Awareness Training
Employees must recognise that the corporate data on their computers is both valuable and vulnerable. They must understand their legal responsibilities regarding the unauthorised release of sensitive data. Note that sensitive data means data that requires protection due to the risk and magnitude of loss or harm that could result from its unavailability, disclosure, alteration, or destruction. The means of ensuring employee understanding and/or recognition of their responsibilities varies. User/employee security awareness training is one of the most common means available to achieve recognition of responsibility and computing asset worth.
The Security Awareness Program is designed for the everyday user of computers and networks. The program is in easy to understand language without all the techno jargon. Suitable for end users such as executives, admin staff, clerks, sales teams etc.
Duration: 4 hrs
Prerequisite: Working knowledge of computers and internet.
Program Overview
- Basics of Information Security
- Importance of Information Security policies
- Viruses, Worms and Trojan Horses
- Proper use of electronic resources
- Managing information
- Secure usage of email and internet
- Implications of wireless security
- Security resources and information
- Understanding and implementing proper passwords
- Proper response to security threats
- Summary
- Q & A Session
Management Awareness Training
Management Awareness Training
Management has the ultimate responsibility for implementing a data security program based on an assessment of business risk (corporate cost/benefit tradeoff) and an information system (IS) security risk assessment. All levels of management must be involved (and held accountable) to ensure the program is understood and properly implemented. Management must understand that they are legally responsible for the integrity of corporate data assets just as they are with other assets of the corporation.
The Security Awareness Program is designed for management personnel such as CSOs, CEOs, CTOs, COOs, VPs and other managerial positions. These special Information Security Awareness classes for management personnel will inform management of:
- Overall objectives of Information Security
- Information Security policies, standards and guidelines
- Legal and regulatory requirements for Information Security
- Information Security issues and controls
Duration: 4 hrs
Prerequisite: Working knowledge of computers and internet.
Program Overview
- Importance of Information Security
- Process of Information Security implementation
- Impact of security related threats and vulnerabilities
- Terminologies related to Information Security
- Role played by the Management
- Managing information
- Best practices and standards
- Secure usage of email and internet
- Wireless security risks
- Security resources and information
- Need for proper response to security threats
- Summary
- Q & A Session
Technical Staff Awareness
Technical Staff Awareness Training
IS vulnerabilities in general, relate to the weak points of the tangible computing assets in the corporation, and how exposed these assets might be to exploitation. These vulnerabilities can vary greatly depending on the network or stand-alone environment used by the corporation. Obviously, the weakest link in the security chain is also the most vulnerable point. Since the three basic goals of computer security are ensuring secrecy, integrity, and availability of data, vulnerabilities of a computer oriented business can include just about everything related to the business operation. Typical assets are hardware, software, data files, support documentation, people, and outside communication. The in house technical staff is responsible for maintaining the networks and other computing resources in a secure manner.
The Security Awareness Program is designed for technical staff such as Network professionals, Network and IT Managers.
Duration: 8 hrs
Prerequisite: Good understanding of computers and networking aspects, any kind of certification in basic networking and computers will be added advantage
Program Overview
- Importance of Information Security
- Process of Information Security implementation
- Terminologies related to Information Security
- Understanding threats and vulnerabilities
- Understanding and implementing IS policies
- Understanding firewall design and functionality
- Overview of Operating System security
- Wireless security vulnerabilities
- Overview of database and web server security
- Overview of PKI architectures
- Understanding response to IS incidents
- Summary
- Q & A Session
NSS Training Courses
NSS offers various training courses which are developed in house. NSS is equipped with the experience in delivering the courses throughout Asia.
If you are a Training Center or wish to become our partner in delivering any of the courses, please check out the Partner Section, contact us or register online directly.
CNSA
Certified Network Security Administrator
Many business enterprises may not be able to afford the luxury of separate network and security administrators for their networks. More often than not, the network administrator is also looking after the enterprise network security. Are the network administrators qualified and competent to look after the security of their networks?
NSS has addressed this problem by giving you the Certified Network Security Administrator (CNSA) Course. This course is tailor made to address the above mentioned requirements.
Content
- Basic Networking and TCP/IP Refresher
- Internet Vulnerability Hacking Exploits
- Designing and Configuring IDS
- Securing Windows
- Information Security Management System
- Designing and Configuring Firewalls
- Configuring Secure VPN
- Securing UNIX and Linux
Course Objective: The urgent need to enhance the System / Network administrators knowledge base that of Information Security officer. This authoritative, state-of-the-art course is designed to meet the needs of both IT and Business Managers and will provide an outstanding opportunity to assess the true degree of your exposure to your organizations information, and will explain the steps required to secure your organisation's information and networks.
Target Audience: This authoritative, state-of-the-art course is designed to meet the needs of both IT and Business Managers and will provide an outstanding opportunity to assess the true degree of your exposure to your organizations information, and will explain the steps required to secure your organisation's information and networks.
Prerequisites: Graduates in any discipline with basic networking knowledge and background. MCSE, CCNA, or equivalent certifications will be an advantage.
Duration: 96 Hrs
Course Certificate: A Certificate of Achievement will be awarded to the participants by NSS.
If you wish to find out more you can check our calendar for upcoming events or contact us directly.
CPTP
Certified Penetration Testing Professional 
The words like Hackers, Penetration Testing have started grabbing attention in the IT World. What is Hacking? In simple terms, Hacking is nothing but stealing information, gaining illegal access. The IT world is aware that the hackers and crackers have already crossed the barriers. Irrespective of the organization size, it is imperative to secure the network of the organization. Internet is widely used in today's era. The ratio of organizations been attacked is tremendously increasing. There is a tremendous growth in Virus, Worms and Backdoor attacks taking place. The worst part is that there are many automated tools readily available in the market today. Identifying and exploiting a system in a network with these tools is a job of few mouse clicks. So securing the network from attacks to the greatest possible extent is the need of the day. Learning the hackers' perspective so as to countermeasure the attacks is very vital.
NSS has designed CPTP to educate the employees of your organization to counter these attacks. This course not only imparts theoretical knowledge but also gives detailed hands on experience to the student. This experience is unmatched and invaluable in terms of the knowledge gain, which later on translates to securing the network.
Content
- An Introduction to Penetration Testing
- Penetration Testing Techniques I
- Penetration Testing Techniques II
- Attacking Networks Routers, Firewall and IDS
- Malaria & Trojans
- Attacking Windows
- Attacking Linux
- Attacking Database
- Attacking Web Applications
- Attacking Wireless Networks
- CPTP Summary
Course Objectives: This particular course is going to benefit the network administrator, security officers, and other individuals who are concerned about the security and keen to learn the methodologies and techniques of hacking. It will also add to the skills of the individual as how to find the vulnerabilities in the system using the similar technique as that of a hacker but with a difference in intention and motive.
Target Audience: This authoritative, state-of-the-art course is designed to meet the needs of IT Professionals and Network Security Administrators and will provide an outstanding opportunity in securing your organization network from various attacks, and will make you able to learn all the techniques followed by an attacker to perform an attack. This course is designed for professionals willing to seek a carrier in the field of Information Security.
Prerequisites: Security Professionals with sound knowledge of networking and operating systems or professionals with certifications like CNSA, MCSE, SCNP, Security +, CISSP and all those having equivalent knowledge and experience in the filed of Networking.
Duration: 40 hrs
Course Certificate: A Certificate of Achievement will be awarded to the participants by NSS.
If you wish to find out more you can check our calendar for upcoming events or contact us directly.
Integrated Security Training
Integrated Security Training
If you think that the answer to securing your networks is a decent firewall and trustworthy anti-virus software, you are making a fatal mistake. Like a gun, those tools are only as effective as the hands that use them. When it comes to securing an enterprise's information assets, you cannot afford to put that responsibility in the hands of just anyone. You need someone you can trust, someone with the proven skills and a broad understanding of ALL the dangers that can cause catastrophic damage to your company. Just ask the millions of companies crippled by Nimda, Code Red and other viruses. Of the companies who have lost billions in revenues and assets because of hackers, or because of a breakdown of security policy, ask them what they should have done to avoid the disaster. They will all provide the same answer: Be a qualified, Certified Security Professional.
The Ten Domains of Security
- Access Control Systems & Methodology: This domain requires that the candidate understand the concepts, systems and methodologies involved in granting and restricting access to resources.
- Applications & Systems Development: This domain requires that the candidate understand the security controls found in systems and application software, such as the effects of malicious code on distributed application environments and the security controls involved in data warehousing.
- Business Continuity & Disaster Recovery Planning: It involves the preparation, planning and updating of specific actions to protect mission critical services and data.
- Cryptography & PKI: This domain addresses the concepts, means, and methods of encrypting data to ensure authenticity, integrity, and confidentiality.
- Compliance, Law, Investigation & Ethics: This domain addresses computer crime laws, methods for gathering evidence, and related ethical issues.
- Operations Security (Computer): This domain identifies the controls over hardware, media, and the operators of these resources, and issues related to auditing and monitoring.
- Physical Security: This domain involves the threats, vulnerabilities, and countermeasures utilized to physically protect enterprises' resources.
- Security Architecture & Models: This domain involves the design, concepts, standards, and implementation security measures that ensure the availability, integrity, and confidentiality of operating systems, applications, and equipment.
- Security Management: Involves the identification of a company's information assets, and the development, documentation and implementation of security policies.
- Telecommunications & Network Security: This domain involves designing and planning voice and data infrastructure and communications with a security strategy that includes preventative, detective, and corrective measures.
For further information, please contact us, and check our Events for the next session.
ISO 27001 Training
What is ISO 27001?
ISO 27001 was published by the International Organization for Standardization (ISO) on 15 October 2005. Essentially, ISO/IEC 27001 defines an Information Security Management System (ISMS) and complements the ISO/IEC 17799 'code of practice' standard, itself first published as BS 7799-1. ISO 27001 has incorporated varied user feedback and has considered the changes in the information security environment to make the ISMS standard more user-friendly and relevant.
The objective outlined in ISO 27001 provide a model for establishing, implementing, operating, monitoring, reviewing maintaining, and improving an Information Security Management System.
The ISMS is designed to ensure the selection of adequate and proportionate security controls that protects information assets and give confidence to interested parties. This Standard adopts Plan-Do-Check-Act (PDCA) model, which is applied to structure of all ISMS process.
ISO 27001 consists of 11 Security domains, 33 Control Objectives and 133 Security Controls.
What NSS Offers
NSS provides two specialized training offerings for ISO27001:
Both of these courses provide in-depth understanding of all of 11 Security Domains of standard.
The Main differentiator between the two courses is the subject orientation. As in Implementation course, the focus is towards implementation issues of all security controls with respect to standard. This course is ideal for companies or Individuals who require advanced understanding for Implementation vis a vis their organizations, partners, or clients. Lead Auditor course is focused more towards the audit of ISMS after the implementation. This course is ideal for companies and Individuals (Such as Internal Auditors) who seek to audit their own/client's systems for the compliance of the standard.
NSS is an industry leader in ISO 27001 Consulting and if your company or organisation wishes to implement ISMS, contact us.
Why NSS?
With a unique association with various certification bodies, in particular BSI India, NSS marked an excellent record of accomplishment of ISO 27001 / BS7799 trainings. NSS information security consultants have delivered knowledge base and domain expertise in information security consulting and ISO27001 domain expertise to support several certification bodies worldwide.
NSS has successfully conducted over 50 ISO 27001 related certification and awareness programs/workshops around the globe in locations such as Malaysia, India, Sri Lanka, and Pakistan. NSS has also helped organisations in the implementation consulting and delivered a total of 30 companies’ certifications in Asia.
Following are some of the testimonials of the participants who have attended the training organized by NSS.
If you are interested or just wish to find out more, please contact us directly.
ISO 27001 ISMS Implementation Course
ISO 27001 Information Security Management System Implementation Course
Recent high profile information security breaches and the value of information are highlighting the ever-increasing need for organisations to protect their information. An Information Security Management System (ISMS) is a controlled approach to managing sensitive company information so that it remains secure. It encompasses people, processes, and Information Management Security Systems.
The objective of this course is to provide delegates with the necessary skills to implement ISMS that is compliant with the requirements of ISO 17799 and meets the certification requirements of ISO 27001: 2005. The course will provide delegates with a framework for implementation.
Who should attend?
- Staff tasked with the implementation and management of ISO 27001: 2005 Information security management system.
- Information security consultants
- The course is designed for people who have a good understanding of ISO 27001: 2005 and ISO 17799: 2005 Information security management systems, (attendance of Introduction to Information Security or the ISO 27001: 2005 lead auditor course is recommended).
Benefits to Your Business
Both the objective and result of the course will be the construction of effective ISMS under the expert tutelage and guidance of a BSI tutor. Take the knowledge and skills imparted during this exercise and use them to improve and protect your business.
Course Structure
- Background to Information Security
- Determination of scope and Information Security policy
- Identification of information assets
- Determination of the value of information assets
- Determination of risk and impacts
- Identification of control objective and controls
- Definition and implementation of polices.
- Production and implementation of policies, standards and procedures
- Completion of ISMS documentation requirements
- Awareness training.
- Certification process.
- Production of ISMS Project Implementation Plan.
For details of the next course, you can check our calendar or contact us.
ISO 27001 Lead Auditor
ISO 27001 Lead Auditor Training Course
BSI 27001:2005 (BS 7799) Information Security Management System Lead Auditor teaches students the fundamentals of auditing information security management systems to ISO 27001:2005 (BS 7799-2:2002).
This five-day intensive course trains students on how to conduct audits for certification bodies and facilitate the ISO 7001:2005 registration process. The auditing exercises and lectures are based on ISO 19011:2002, Guidelines for Quality and/or Environmental Management Systems Auditing. The course is designed specifically for those people who wish to conduct external assessments or internal audits to ISO 27001:2005, although students will also gain the knowledge and understanding necessary to give practical help and information to other individuals and organizations working toward conformance to the standard. This course is registered by the governing board of the IQA - International Register of Certified Auditors (IRCA) and meets part of the training requirements of those seeking registration as a lead auditor under that scheme.
It also meets the training requirements for IATCA auditor certification.
Learning Objectives
- Review the Requirements of ISO 27001:2005
- Understand the Relationship between ISO 27001:2005 and ISO/IEC 17799:2005
- Learn How to Assess Security Threats and Vulnerabilities
- Understand Security Controls and Countermeasures
- Understand the Roles and Responsibilities of the Auditor
- Learn How to Plan, Execute, Report, and Follow-up on an Information Security Management System Audit
Course Materials
Students receive comprehensive course manuals with reference materials, including:
- Copy of ISO 27001:2005
- Copy of ISO/IEC 17799:2005
Who Should Attend
- IT Security Officers
- IT Managers
- Auditors interested in 27001:2005 or ISO/IEC 17799:2005
- Information Security Consultants
For details of the next course, you can check our calendar or contact us.
Customized Training
NSS has experience in creating and delivering customized information security training for large corporations and governmental organizations.
As a successful technical consultancy, NSS offers a wide range of Information Security Services and as a parallel service; we share our knowledge through training.
We have experience in creating and delivering customized training in the following areas:
- Computer Forensics
- Hardening Windows
- Hardening Linux
- Wireless Security
- Database Security
- IDS and Signature Analysis
- Firewall and Security
- Security Policy
- Risk Assessment
- Attack Techniques
- ISMS
- BCP and DR
- IS Audit
If you are interested, please contact us directly.
SCNA
Security Certified Network Architect
The SCNA Course consists of two courses, namely (ASI) Advanced Security Implementation and (ESS) Enterprise Security Solutions. At the end of each course students are required to take an on-line exam vis SCO-501 and SCO-502 respectively.
Target Audience: This course is designed for network security professionals, network security administrators and information security officers who want to implement security solutions in their Networks and Operating systems using PKI and Biometrics. Students should preferably be certified network professionals with MCSE/CCNA or other equivalent certifications. Students attending the course must be SCNP qualified.
Advanced Security Implementation (ASI)
Course Objectives: ASI is a forty-hour course. The training is a combination of lectures, in-class discussions, and hands-on lab exercises. There are eight domains covered in the course, covering issues such as; Cryptography and Data Security, Digital Signatures/Certificates, Biometrics, Law and Legislation, Computer Forensics, and Strong Authentication.
- Introduction to Trusted Networks
- Cryptography and Data Security
- Computer Forensics
- Law and Legislation
- Biometrics
- Strong Authentication
- Digital Certificates
- Digital Signatures
Enterprise Security Implementation (ESI)
Course Objective: This training is a combination of lectures, in-class discussions, and hands-on lab exercises. There are nine domains covered in the course, covering issues such as; Microsoft and Linux Trusted Networks, Local Resource Security, Building Trusted Solutions, Wireless Security and Secure E-Mail Implementation.
- Trusted Network Implementation
- Plan and Design a Trusted Network
- Microsoft Trusted Networks
- Linux Trusted Networks
- Managing Certificates
- Local Resource Security
- Wireless Security
- Securing Email
- Building Trusted Solutions
Certificate
A Certificate of Achievement will be awarded to the participants by NSS. Students who successfully pass the SCO-501 and SCO-502 on-line examinations will receive Security Certified Network Professional Certificate from SCP Program, USA.
Duration: 80 Hrs
Registration: Open
If you wish to find out more you can check our calendar for upcoming events or contact us directly.
SCNP
Security Certified Network Professional 
The SCNP Program consists of two courses, namely Hardening the Infrastructure (HTI) and Network Defense and Countermeasures (NDC). Students completing the course would need to clear the on line examinations; SCO-411 for HTI and SCO-402 for NDC.
Target Audience: This course is designed for networking professionals, network administrators and information security officers who are required to implement security in their Networks and Operating systems. Students should preferably be certified network professionals with MCSE/MCSA/CNE/CompTIA/CCNA certification.
Hardening the Infrastructure (HTI)
Course Objectives: HTI is a five-day (forty hours) course. The training is a combination of teacher-led lecture, in-class discussions, and hands-on lab exercises.
There are ten domains covered in the course, namely: Contingency Planning, Securing Windows, UNIX, and Linux operating Systems, Advanced TCP/IP, Security Fundamentals, Security Implementation, Router Security, and Attack Methods.
Curriculum:
- Contingency Planning
- Tools and Techniques
- Security on the Internet and the WWW
- Router Security
- TCP/IP Packet Structure and Security
- Operating System Security
Network Defense and Countermeasures (NDC)
Course Objectives: NDC is a five-day (forty hours) course. The training is a combination of teacher-led lecture, in-class discussions, and hands-on lab exercises. The course consists of six domains, such as: Security fundamentals, IP Signature and Analysis, Firewalls, Risk Analysis, Intrusion Detection and Virtual Private Networks.
Curriculum:
- Network Defense
- Designing Firewall Systems
- Configuring Firewalls
- Configuring VPN
- Designing IDS
- Configuring an IDS
- Analyzing Intrusion Signatures
- Performance A Risk Analysis
- Creating A Security policy
Duration: 80 Hrs
Registration: Open
If you wish to find out more you can check our calendar for upcoming events or contact us directly.
Training Calendar
NSS will be organizing series of training on a quarterly basis, join our Mailing List to be in the loop of the upcoming training calendar. Or check us out regularly as we update the calendar. Send us an email at sales@mynetsec.com if you are interested in any of the trainings below.
Mark your calendar now!
|
COURSE
|
FEE’S (MYR)
|
DATE / MONTH
| ||||||||||||
|
INDIVIDUAL |
GROUP OF 3 |
FEB |
MAR |
APR |
MAY |
JUN |
JUL |
AUG |
SEP |
OCT |
NOV |
DEC | ||
|
ISO 27001 Lead Implementer Training (3 Days)
|
RM3,400
|
RM3,060 |
BSI 17th–19th |
2nd–4th
|
|
25th–27th
|
BSI 23rd–25th |
13th–15th
|
BSI 18th–20th |
7th–9th
|
BSI 20th–22nd |
2nd–4th
|
BSI 15th–17th | |
|
ISO 27001 Lead Auditor Training (IRCA) Registered (5 Days)
|
RM5,800
|
RM5,220 |
|
2nd – 6th 16th–20th |
BSI 13th–17th |
BSI 18th–22nd |
1st–5th
|
BSI 20th–24th |
24th–28th
|
BSI 14th–18th |
5th–9th
|
BSI 16th–20th |
7th–11th
| |
|
ISO 20000 ITSMS Lead Auditor Training (5 Days) |
|
RM5,220 |
|
|
|
|
|
|
|
|
|
|
| |
|
Certified Ethical Hacking Training, CEH (5 Days)
|
RM4,200
|
RM3,780 |
|
23rd–27th |
|
4th–8th
|
|
6th–10th
|
|
|
12th–16th
|
|
| |
|
CISSP CBK Review Seminar (5 Days) |
RM4,400 |
|
|
|
6th–10th |
|
|
|
3rd–7th |
|
|
|
| |
|
|
USD599 (Standard) |
|
21st |
|
|
16th |
|
|
|
12th |
|
|
5th | |
|
SSCP CBK Review Seminar (3 Days) |
RM2,508 |
|
|
13th–15th |
|
|
|
|
10th–12th |
|
|
|
| |
|
|
|
|
|
21st |
|
|
16th |
|
|
|
12th |
|
| |
*To be entitled for the early bird promotion, registration and payment must be made 16 days before the exam.
For inquiries, please call us at +603 6203 5303 or email sales@mynetsec.com
Or register online at http://www.mynetsec.com/mailing-list
ISMS Concepts
Information Security Management System Concepts course teaches delegates the fundamentals of auditing/implementing information security management systems to ISO 27001:2005 (BS 7799-2:2002) standard. This 3-day intensive course provides insight on Implementation and Audit methodology for the ISO 27001:2005 certification for an organization. It forms the foundation for delegates to take the internationally recognized courses and certifications to become ISO 27001 Lead Auditors or Lead Implementers – the first step in the increasingly important Information Security Management profession.
What will you learn?
- The component parts of the Standard
- How to manage information security?
- How the individual components of the process fit together?
- How to treat implementation as a project?
- Common pitfalls
- How to define and risk assess “information assets”?
- How to manage risks in a way suitable to your organization?
- The essential requirements for obtaining auditor approval, i.e. certification
Course Outline
THE 27001 STANDARD
- Why do you need certification to ISO 27001?
- What the Information Security Management System (ISMS) is and what it is trying to achieve
CONFIDENTIALITY, INTEGRITY, AVAILABILITY AND AUDIT
- Overview of the stages of the ISMS
- Defining an Information Security Policy
- Defining the scope of the ISMS
IDENTIFYING INFORMATION ASSETS
- What are information assets?
- Creating an asset classification system
UNDERTAKING A RISK ASSESSMENT
- Identifying asset values, threats and vulnerabilities
- Creating a usable and simple risk methodology
- Using risk tools
- Practical exercise – undertaking a risk assessment
- Results and conclusions resulting from an assessment
MANAGING RISK
- Risk measurement
- Risk reduction and acceptance techniques
- Practical exercise - determining control objectives
- Selecting control objectives and controls
- Security in depth
- ISO 27001 control objectives and controls
- The application of countermeasures
- Practical exercise – creating a workable countermeasure
- Additional controls not in ISO 27001
- Preparing a Statement of Applicability
- The need to review and audit the ISMS
AUDITING
- What does auditing achieve?
- How should auditing be conducted?
- Different types of audit
- The phase 1 and 2 ISO 27001 audits
Register online now or Contact Us for more information. Click here to download flyer.
Past Trainings
Forum on Information Security
by University of Brunei Darussalam in collaboration with NSS & Gigabyte, 26th May 2007
The forum was focusing on 2 areas in two separate sections:
Session 1 - The Need For Security Management. Download Presentation
Session 2 - Information Warfare. Download Presentation
Read the related news in Brunei Times