Sikkerhetskurs for IT

The cloud is here. Are you ready to meet the security challenge? This CCSP: Certified Cloud Security Professional Boot Camp is the most comprehensive review of cloud security concepts and industry best practices covering all six domains of the (ISC)2 Common Body of Knowledge (CBK®)! During this Boot Camp you will:  gain knowledge in identifying the types of controls necessary to administer various levels of confidentiality, integrity, and availability, with regard to securing data in the cloud. identify the virtual and physical components of the cloud infrastructure with regard to risk management analysis, including tools and techniques necessary for maintaining a secure cloud infrastructure. gain an understanding in cloud software assurance and validation, utilizing secure software, and the controls necessary for developing secure cloud environments. identify privacy issues and audit processes utilized within a cloud environment, including auditing controls, assurance issues, and the specific reporting attributes. Course Format Lecture based, Self-Study & Classroom Discussions.   Learning Objectives In-depth coverage of the six domains required to pass the CCSP exam: Architectural concepts and design requirements Cloud data security Cloud platform and infrastructure security Cloud application security Operations Legal and compliance Course content The CCSP draws from a comprehensive, up-to-date, global common body of knowledge that ensures security leaders have a deep knowledge and understanding of new threats, technologies, regulations, standards, and practices relating to the security & protection of the cloud. The CCSP exam tests ones competence in the 6 domains of the CCSP CBK, which cover:  Domain 1: Architecture Concepts and Design Requirements Cloud Computing ConceptsCloud Reference ArchitectureSecurity Concepts Relevant to Cloud ComputingDesign Principles of Secure Cloud ComputingTrusted Cloud Services Domain 2: Cloud Data Security Cloud Data LifecycleDesign and Implement Cloud Data Storage ArchitecturesDesign and Apply Data Security Strategiesand Implement Data Discovery and Classification TechnologiesDesign and Implement Data Rights ManagementDesign and Implement Relevant Jurisdictional Data Protections for Personally Identifiable Information (PIN)Plan and Implement Data Retention, Deletion, and Archiving PoliciesDesign and Implement Auditability, Traceability, and Accountability of Data Events Domain 3: Cloud Platform and Infrastructure Security Cloud Infrastructure ComponentsRisks Associated to Cloud InfrastructureDesign and Plan Security ControlsPlan Disaster Recovery and Business Continuity Management Domain 4: Cloud Application Security Need for Training and Awareness in Application SecurityCloud Software Assurance and ValidationUse Verified Secure SoftwareSoftware Development Life-Cycle (SDLC) ProcessApply the Software Development Life-CycleSpecifics of Cloud Application ArchitectureDesign Appropriate Identity and Access Management (IAM) Solutions Domain 5: Operations Support the Planning Process for the Data Center DesignImplement and Build Physical Infrastructure for Cloud EnvironmentRun Physical Infrastructure for Cloud EnvironmentManage Physical Infrastructure for Cloud EnvironmentBuild Logical Infrastructure for Cloud EnvironmentRun Logical Infrastructure for Cloud EnvironmentManage Logical Infrastructure for Cloud EnvironmentEnsure Compliance with Regulations and Controls (ITIL, ISO/IEC 20000-I)Conduct Risk Assessment to Logical and Physical InfrastructureCollection, Acquisition, and Preservation of Digital EvidenceManage Communication with Relevant Parties Domain 6. Legal and Compliance Legal Requirements and Unique Risks within the Cloud EnvironmentPrivacy Issues, Including Jurisdictional VariationAudit Process, Methodologies, and Required Adaptions for a Cloud EnvironmentImplications of Cloud to Enterprise Risk ManagementOutsourcing and Cloud Contract DesignExecute Vendor ManagementLegal and compliance [-]

CCSP sertifiseringskurs ledes av en (ISC)² autorisert instruktør. Dette kurset gir en omfattende gjennomgang av sikkerhetskonsepter for skyløsninger og beste praksis innenfor de 6 domenene av CCSP CBK: - Arkitektkonsepter og design krav- Sikkerhet i skyløsninger- plattformer og infrastruktur- Sikkerhet i skyapplikasjoner- IT drift- Juridisk & Compliance   Dette kurset vil gi deltakerne en omfattende gjennomgang av skysikkerhet i forkant av CCSP eksamen. Globalt anerkjent sertifisering i skysikkerhet CCSP er en global sertifisering utformet av de to industriledende forvalterne av informasjonssystemer og cloud computing security, (ISC)² og CSA. CCSP sertifiseringen er relevant for skysikkerhet i et globalt miljø. Dette er spesielt viktig gitt de juridiske regulativene og etterlevelse av disse som følger av multijurisdiksjon ved oppbevaring av personopplysninger (PII).Flere typer aktiviteter blir tatt i bruk under kurset for å oppnå optimal læring. Aktivitetene inkluderer spørsmål fra instruktør til kursdeltaker, meningsutvekslinger og gruppediskusjoner.For mer informasjon om CCSP: https://www.isc2.org/ccsp-training/default.aspx »  Kurset inkluderer: - Offisielt (ISC)² kursmateriale - Ledet av en sertifisert (ISC)² instruktør - Studiehåndbok og samarbeid med andre kursdeltakere - Virkelighetsnære læringsaktiviteter og scenarier   [-]

This course enables participants to learn about the best practices for implementing and managing an Information Security Management System (ISMS) as specified in ISO/IEC 27001:2013, as well as the best practices for implementing the information security controls of the eleven domains of the ISO 27002. This training also helps to understand how ISO 27001 and ISO 27002 relate with ISO 27003 (Guidelines for the implementation of an ISMS), ISO 27004 (Measurement of information security) and ISO 27005 (Risk Management in Information Security). At the end of this course, participants will gain competencies in: Understanding the implementation of an Information Security Management System in accordance with ISO27001 Understanding the relationship between an Information Security Management System, including risk management, controls and compliance with the requirements of different stakeholders of the organization Knowing the concepts, approaches, standards, methods and techniques allowing to effectively manage an Information Security Management System Acquiring the necessary Knowledge to contribute in implementing an Information Security Management System (ISMS) as specified in ISO 27001 Course Agenda: Day 1: Introduction to Information Security Management System (ISMS) concepts as required by ISO 27001  Introduction to the ISO 27000 family of standards Introduction to management systems and the process approach Fundamental principles information security General requirements: Presentation of the clauses 4 to 8 of ISO 27001 Implementation phases of ISO 27001 framework Continual improvement of Information Security Conducting an ISO 27001 certification audit Day 2: Implementing controls in information security according to ISO 27002 and Certification Exam  Principles and design of information security controls Documentation of an information security control environment Monitoring and reviewing the information security controls Examples of implementation of information security controls based on ISO 27002 best practices Certified ISO/IEC 27001 Foundation exam [-]

Studieår: 2013-2014   Gjennomføring: Høst og vår Antall studiepoeng: 5.0 Forutsetninger: Ingen. Innleveringer: For å kunne gå opp til eksamen må 8 av 12 øvinger være godkjent. Personlig veileder: ja Vurderingsform: Skriftlig, individuell, 3 timer,  Ansvarlig: Olav Skundberg Eksamensdato: 16.12.13 / 26.05.14         Læremål: KUNNSKAPER:Kandidaten kan:- forklare hvordan en datamaskin utsettes for angrep gjennom skadelig programvare og hvordan man kan beskytte seg mot dette- beskrive ulike typer nettbaserte angrep og hvordan man kan beskytte seg mot dette- beskrive ulike krypteringsmekanismer og forklare hvordan digitale sertifikat brukes for å oppnå sikre tjenester.- referere til aktuelle lover og retningslinjer innen sikkerhet- gjøre greie for en organisasjonsmessig informasjonssikkerhetssikkerhetspolicy FERDIGHETER:Kandidaten kan:- kontrollere egen PC for skadelig programvare- kontrollere at installert programvare er oppdatert- utføre pakkefangst med Wireshark og tolke resultatet GENERELL KOMPETANSE:Kandidaten:- er bevisst på å holde programvare oppdatert og å bruke nettvett Innhold:Skadelig programvare: sikkerhetshull, informasjonskapsler, virus og antivirus Nettverk: Virtuelle private nett (VPN), brannmur, demilitarisert sone (DMZ), tjenestenektangrep Sikre tjenester: Krypteringsmetoder og sjekksum. Digitale sertifikater og Public Key Infrastructure (PKI) Samfunn og virksomhet: ekom-loven og personvernloven. Sikkerhetshåndbok og ISO27001Les mer om faget herDemo: Her er en introduksjonsvideo for faget Påmeldingsfrist: 25.08.13 / 25.01.14         Velg semester:  Høst 2013    Vår 2014     Fag Internett og sikkerhet 4980,-         Semesteravgift og eksamenskostnader kommer i tillegg.  [-]

K-tech er et kompetansesenter på Kongsberg som startet opp i 2008 med Kongsberg Defence & Aerospace, Technip FMC og GKN Aerospace som våre eiere. Vi er en kursleverandør som tilbyr kvalitetssikrede kurs innenfor en rekke sentrale områder som er etterspurt av industrien i Norge. Beskrivelse: GDPR Foundation training enables you to learn the basic elements to implement, manage and align a privacy framework with and based on the General Data Protection Regulation. During this training course, you will be able to understand the fundamental privacy principles and become familiar with the role of the Data Protection Officer. After completing this course, you can sit for the exam and apply for a “PECB GDPR Foundation” credential. A PECB Foundation Certificate shows that you have understood the fundamental methodologies, requirements, framework and management approach. Learning objectives: Understand the General Data Protection Regulation requirements and the fundamental principles of privacy/li> Understand the obligations, roles and responsibilities of the Data Protection Officer Understand the concepts, approaches, methods and techniques to effectively align a privacy framework with the General Data Protection Regulation Innhold: Course Agenda Day 1: Introduction to the General Data Protection Regulation and its concepts Day 2: The General Data Protection Regulation requirements and Certification Exam Exam and all necessary course material are included in the course  Education approach Lecture sessions are illustrated with examples based on real case scenarios Practical exercises include real case scenarios, examples and discussions Practice tests are similar to the Certification Exam [-]

Public Key Infrastructure (PKI) is a core service that facilitates authentication, encryption, and digital signing. This 4-day course teaches the skills required to design, operate, and maintain your PKI system. The training begins with an overview of cryptography and the working principals of algorithms. After gaining an understanding of certificates, you will learn about the considerations for designing a highly reliable Certification Authority structure. Practical implementation examples are given in both Windows and Linux environments. Use-cases show how PKI can be used for, among others, securing websites, encrypting storage, validating executable code, and protecting communication.   Course outline:  Cryptography Basics: Introduction to Cryptography: Symmetric Cryptography Asymmetric Cryptography Hash Functions Security Goals Usage Scenarios Encryption Signing Components of PKI Algorithms, Protocols and Standards DES and 3DES RSA Object Identifiers X.500, X.509 PKCS#10, PKCS# Understanding Certificates Structure and Content Extensions Getting Started with CAs: Using External CAs Self-signed Certificates CA Hierarchy Writing Policies Certificate Policy Certification Practice Statement Windows Server Certificate Security Choosing an Architecture Implementing a CA Hierarchy Certificate Templates Issuing Certificates Certificate Renewal OpenSSL on Linux Maintaining a CA Verifying and Monitoring Backup Certificate Revocation Reasons for Revocation Methods of Revocation Checking Practical Applications: SSL for Web Server Internet Information Services (IIS) Apache (optional) Certificate-based Authentication Authentication User Authentication vs Server Authentication Considering Smart Card Logon Virtual Private Networking (optional) Wi-Fi with 802.1x Encrypting File System (EFS) Local EFS Encryption EFS Within a Domain Recovery Securing E-Mail Certificate Requirements Signing in Outlook Encryption in Outlook Code Signing Time Stamping Signing PowerShell Scripts (optional) Signing Visual Studio Files (optional) Signing Office VBScript Code Other PKI-Enable Applications   [-]

Dag 1: Information Security Governance Information Risk Management and Compliance (del 1) Spørsmål og praktiske øvelser relater til tema Dag 2: Information Risk Management and Compliance (del 2) Information Security Program Development and Management Spørsmål og praktiske øvelser relater til tema Dag 3: Information Security Incident Management. Spørsmål og praktiske øvelser relater til tema Prøveeksamen Læringsmålene for kurset er: - Å forstå Info Sec Styring - Å tilegne seg kunnskaper om Risk Management og Compliance - Å lære om utvikling og styring av Info Sec program - Å lære om Information Security Incident Management - Å lære hvordan man tolker eksamenspørsmål og få andre eksamenstips - Å trene på eksamensspørsmål og oppgave  Kursmateriell inneholder informasjon og praktiske eksempler, og vil bli distribuert til deltakerne. CISM review manual 2015 er nødvendig for eksamen. Denne er ikke inkludert i prisen. Denne kan kjøpes her: http://www.isaca.org/Certification/CISM-Certified-Information-Security-Manager/Prepare-for-the-Exam/Study-Materials/Pages/default.aspx [-]

Unlike most other pen testing programs that only follow a generic kill chain methodology; the ECSA presents a set of distinguishable comprehensive methodologies that are able to cover different pentesting requirements across different verticals. The ECSA penetration testing course provides you with a real world hands-on penetration testing experience and is a globally accepted hacking and penetration testing class available that covers the testing of modern infrastructures, operating systems and application environments while teaching the students how to document and write a penetration testing report.The ECSA pentest program takes the tools and techniques you learned in the Certified Ethical Hacker course (CEH) and elevates your ability into full exploitation by teaching you how to apply the skills learned in the CEH by utilizing EC-Council’s published penetration testing methodology. It focuses on pentesting methodology with an emphasis on hands-on learning.   Course outline: Security Analysis and Penetration Testing Methodologies TCP IP Packet Analysis Pre-penetration Testing Steps Information Gathering Methodology Vulnerability Analysis External Network Penetration Testing Methodology Internal Network Penetration Testing Methodology Firewall Penetration Testing Methodology IDS Penetration Testing Methodology Web Application Penetration Testing Methodology SQL Penetration Testing Methodology Database Penetration Testing Methodology Wireless Network Penetration Testing Methodology Mobile Devices Penetration Testing Methodology Cloud Penetration Testing Methodology Report Writing and Post Test Actions [-]

Now completely updated for 2019 with the latest material. (ISC)2 Certified Information Systems Security Professional (CISSP) is an independent information security certification governed by the not-for-profit International Information Systems Security Certification. The certification itself is seen as the world’s premier certification for information security professionals. The CISSP Bootcamp includes in-depth & intense coverage of all ten domains plus tips and advice to prepare yourself for the new 2019 (ISC)2 exam. CISSP certification is not only an objective measure of excellence, but a globally recognized standard of achievement.   Learning objectives  Understand and apply the concepts of risk assessment, risk analysis, data classification, and security awareness and Implement risk management and the principles used to support it (Risk avoidance, Risk acceptance, Risk mitigation, Risk transference) Apply a comprehensive and rigorous method for describing a current and/or future structure and behavior for an organization's security processes, information security systems, personnel, and organizational sub-units so that these practices and processes align with the organization's core goals and strategic direction and address the frameworks and policies, concepts, principles, structures, and standards used to establish criteria for the protection of information assets, as well as to assess the effectiveness of that protection and establish the foundation of a comprehensive and proactive security program to ensure the protection of an organization’s information assets. Apply a comprehensive and rigorous method for describing a current and/or future structure and behavior for an organization's security processes, information security systems,  personnel, and organizational sub-units so that these practices and processes align with the organization's core goals and strategic direction and examine the principles, means, and methods of applying mathematical algorithms and data transformations to information to ensure its integrity, confidentiality, and authenticity. Understand the structures, transmission methods, transport formats, and security measures  used to provide confidentiality, integrity, and availability for transmissions over private and   public communications networks and media, and identify risks that can be quantitatively and qualitatively measured to support the building of business cases to drive proactive security in the enterprise. Offer greater visibility into determining who or what may have altered data or system information, potentially affecting the integrity of those assets and match an entity, such as a person or a computer system, with the actions that entity takes against valuable assets, allowing organizations to have a better understanding of the state of their security posture. Plan for technology development, including risk, and evaluate the system design against mission requirements, and identify where competitive prototyping and other evaluation techniques fit in the process. Protect and control information processing assets in centralized and distributed environments and execute the daily tasks required to keep security services operating reliably and efficiently. Understand the Software Development Life Cycle (SDLC) and how to apply security to it, and identify which security control(s) are appropriate for the development environment, and assess the effectiveness of software security.   Course overview The CISSP draws from a comprehensive, up-to-date, global common body of knowledge that ensures security leaders have a deep knowledge and understanding of new threats, technologies, regulations, standards, and practices. The CISSP exam tests one's competence in the 8 domains of the CISSP CBK, which cover: Domain 1: Security and Risk Management (Security, Risk, Compliance, Law, Regulations, Business Continuity) Domain 2: Asset Security (Protecting Security of Assets) Domain 3: Security Engineering (Engineering and Management of Security) Domain 4: Communications and Network Security (Designing and Protecting Network Security) Domain 5: Identity and Access Management (Controlling Access and Managing Identity) Domain 6: Security Assessment and Testing (Designing, Performing, and Analyzing Security Testing) Domain 7: Security Operations (Foundational Concepts, Investigations, Incident Management, Disaster Recovery) Domain 8: Software Development Security (Understanding, Applying, and Enforcing Software Security) Module 9: CISSP Test Review Module 10: EU 2019 GDPR Update Module 11: CISSP Exam Preparation & Review Questions [-]

Watchcom tilbyr introduksjonskurs for den nye personvernforordningen GDPR. Gjennom kurset vil du få en kort sammenfattet introduksjon av de viktigste punktene din virksomhet må tenke på i forhold til det nye lovverket.     Kursinnhold Dag 1 gir deg en kort sammenfattet introduksjon av GDPR og det nye lovverkets vedtak og anvendelighet for virksomheter. Dette inkluderer blant annet: Innføring i GDPR, herunder struktur, viktige begreper, roller og prinsipper Innsamling og bruk av personopplysninger Registrertes rettigheter Personvernombud og ombudets rolle Samhandling med tredjeparter Dag 2 vil gi en mer praktisk innføring i tiltak som virksomheter bør iverksette som en del av sitt compliance-arbeid opp mot GDPR. Dette inkluderer blant annet: Styringssystem for informasjonssikkerhet Risikostyring Personvernkonsekvensutredning / Privacy Impact Assessment (PIA) Praktiske eksempler på problemstillinger som kan oppstå med forordningen   [-]

This course is intended for people in the fields of public cloud security and cybersecurity, or for anyone who wants to learn how to secure remote networks and mobile users. Successful completion of this two-day, instructor-led course will help enhance your understanding of how to better protect your applications, remote networks, and mobile users using a SASE implementation. You will get detailed instruction on configuring, managing, and troubleshooting Prisma Access in a production environment.   Target Audience Security Engineers, Security Administrators, Security Operations Specialists, Security Analysts, and Network Engineers    Course Modules 1 - Prisma Access Overview 2 - Planning and Design 3 - Activate and Configure 4 - Security Processing Nodes 5 - Panorama Operations for Prisma Access 6 - Remote Networks 7 - Mobile Users 8 - Tune, Monitor, and Troubleshoot 9 - Manage Multiple Tenants 10 - Next Steps [-]

This five-day intensive course enables the participants to develop the expertise to support an organization in implementing and managing an Information Security Management System (ISMS) as specified in ISO/IEC 27001:2013. Participants will also master the best practices for implementing information security controls from the eleven areas of ISO/IEC 27002:2013. This training is consistent with the good practices of project management established by the Project Management Institute (PMI) and ISO 10006:2003 (Quality Management Systems - Guidelines for Quality Management in Projects). This training is fully compatible with ISO/IEC 27003:2009 (Guidelines for the Implementation of an ISMS), ISO/IEC 27004:2009 (Measurement of Information Security) and ISO/IEC 27005:2008 (Risk Management in Information Security). Les mer om kurset og agenda [-]

Watchcom har i samarbeid en av verdens fremste sertifiseringsmyndigheter etablert et tilbud omformell ISO 27001-opplæring i Nord-Europa. Etter gjennomført kurs og bestått eksamen, kan du avhengig av erfaring søke om å bli sertifisert som ISO 27001 Lead Auditor. Uansett om du sertifiserer seg eller ikke etter kurset, får du unik innsikt i hvordan man skal revidere mot ISO 27001 standarden. Således kan du implementere standarden på et vis som tilfredsstiller revisors krav.   Kursinnhold Presentasjon og gjennomgang Revisjonsregler, forberedelser og oppstart Revisjonsaktiviteter Konklusjoner og vurderinger, avslutning Avsluttende eksamen Kurset er basert på teoretiske presentasjoner etterfulgt av praktiske oppgaver. Det må påregnes en del kveldsarbeid.     [-]

The Certified Data Protection Officer training course enables you to develop the necessary knowledge, skills and competence to effectively implement, manage and align a privacy framework based on the General Data Protection Regulation requirements. After mastering all the necessary concepts of General Data Protection Regulation (GDPR), you can sit for the exam and apply for a “PECB Certified Data Protection Officer” credential. By holding a PECB Certified Data Protection Officer Certificate, you will demonstrate that you thoroughly understand the gap between the General Data Protection Regulation and the current organizational processes including: privacy policies, procedures, working instructions, consent forms, data protection impact assessments, in order to associate organizations in the adoption process to the new regulation. Learning objectives: Understand the history of personal data protection in Europe Gain a comprehensive understanding of the concepts, approaches, methods and techniques required for the effective alignment with the General Data Protection Regulation Understand the new requirements that the General Data Protection Regulation brings for EU organizations and non-EU organizations and when it is necessary to implement them Acquire the necessary expertise to support an organization in assessing the implementation of these new requirements Learn how to manage a team implementing the GDPR Gain the knowledge and skills required to advise organizations on best practices in the management of personal data Acquire the expertise for analysis and decision making in the context of personal data protection   Course Agenda Day 1: Introduction to GDPR and Privacy Principles Day 2: The role of the Data Protection Officer Day 3: Risk Management and Information Security Day 4: Incident Management, Business Continuity and Data Protection Impact Assessment Day 5: Certification Exam Exam and all necessary course material are included in the course Education approach Lecture sessions are illustrated with examples based on real case scenarios Practical exercises include real case scenarios, examples and discussions Practice tests are similar to the Certification Exam [-]

GDPR Foundation training enables you to learn the basic elements to implement, manage and align a privacy framework with and based on the General Data Protection Regulation. During this training course, you will be able to understand the fundamental privacy principles and become familiar with the role of the Data Protection Officer. After completing this course, you can sit for the exam and apply for a “PECB GDPR Foundation” credential. A PECB Foundation Certificate shows that you have understood the fundamental methodologies, requirements, framework and management approach. Learning objectives: Understand the General Data Protection Regulation requirements and the fundamental principles of privacy/li> Understand the obligations, roles and responsibilities of the Data Protection Officer Understand the concepts, approaches, methods and techniques to effectively align a privacy framework with the General Data Protection Regulation Course Agenda Day 1: Introduction to the General Data Protection Regulation and its concepts Day 2: The General Data Protection Regulation requirements and Certification Exam Exam and all necessary course material are included in the course Education approach Lecture sessions are illustrated with examples based on real case scenarios Practical exercises include real case scenarios, examples and discussions Practice tests are similar to the Certification Exam [-]