Sikkerhetskurs for IT

It not only teaches the features and functionalities of Panorama but also provides guidance on how to design a distributed firewall network that is managed from a central location.  If you are or planning to use Panorama to manage multiple FireWalls in your infrastructure then you should take this course. The Panorama management is very similar to the FireWall but it has a additional concepts like device-groups and templates that are essential to understand. The main focus of this course, besides all the Panorama concepts and initial configuration, is to show how you design and manage an infrastructure with many FireWalls because if the structure isn't setup right from the beginning, then this usually means a lot of extra work and complications at a later stage. If you are using Panorama only for centralised logging and reporting then you might skip this course.   COURSE OBJECTIVES This course will help students to gain in-depth knowledge about how to configure and manage their Palo Alto Networks® PanoramaTM management server. Upon completion of this course, administrators should be familiar with the PanoramaTM management server’s role in managing and securing their overall network. Network professionals will be shown how to use PanoramaTM aggregated reporting to provide them with a holistic view of a network of Palo Alto Networks® next-generation firewalls.   SCOPE Course level: Intermediate Course duration: 2 days Course format: Combines lecture with hands-on labs Language: Undervisningen er på engelsk og dokumentasjonen på engelsk.   KURSINNHOLD Module 1: Panorama™ Overview Module 2: Initial Configuration Module 3: Adding Firewalls to Panorama™ Module 4: Panorama™ High Availability Module 5: Templates Module 6: Device Groups Module 7: Administrative Accounts Module 8: Log Forwarding and Collection Module 9: Aggregated Monitoring and Reporting Module 10: Troubleshooting   The EDU-210 FireWall: Configuration and Management course or equivalent practical experience working with the Palo Alto Networks Next-Generation Firewall is a recommended prerequisite to take this course.   Deltagerne må ta med egen PC til bruk under kurset. Kurset tilbys også som bedriftsinternt kurs, og arrangeres hos dere eller i våre lokaler, alt etter hva som passer best. Ta kontakt med oss og vi kan finne en god løsning sammen. [-]

Studieår: 2013-2014   Gjennomføring: Høst og vår Antall studiepoeng: 5.0 Forutsetninger: Ingen. Innleveringer: For å kunne gå opp til eksamen må 8 av 12 øvinger være godkjent. Personlig veileder: ja Vurderingsform: Skriftlig, individuell, 3 timer,  Ansvarlig: Olav Skundberg Eksamensdato: 16.12.13 / 26.05.14         Læremål: KUNNSKAPER:Kandidaten kan:- forklare hvordan en datamaskin utsettes for angrep gjennom skadelig programvare og hvordan man kan beskytte seg mot dette- beskrive ulike typer nettbaserte angrep og hvordan man kan beskytte seg mot dette- beskrive ulike krypteringsmekanismer og forklare hvordan digitale sertifikat brukes for å oppnå sikre tjenester.- referere til aktuelle lover og retningslinjer innen sikkerhet- gjøre greie for en organisasjonsmessig informasjonssikkerhetssikkerhetspolicy FERDIGHETER:Kandidaten kan:- kontrollere egen PC for skadelig programvare- kontrollere at installert programvare er oppdatert- utføre pakkefangst med Wireshark og tolke resultatet GENERELL KOMPETANSE:Kandidaten:- er bevisst på å holde programvare oppdatert og å bruke nettvett Innhold:Skadelig programvare: sikkerhetshull, informasjonskapsler, virus og antivirus Nettverk: Virtuelle private nett (VPN), brannmur, demilitarisert sone (DMZ), tjenestenektangrep Sikre tjenester: Krypteringsmetoder og sjekksum. Digitale sertifikater og Public Key Infrastructure (PKI) Samfunn og virksomhet: ekom-loven og personvernloven. Sikkerhetshåndbok og ISO27001Les mer om faget herDemo: Her er en introduksjonsvideo for faget Påmeldingsfrist: 25.08.13 / 25.01.14         Velg semester:  Høst 2013    Vår 2014     Fag Internett og sikkerhet 4980,-         Semesteravgift og eksamenskostnader kommer i tillegg.  [-]

Unlike most other pen testing programs that only follow a generic kill chain methodology; the ECSA presents a set of distinguishable comprehensive methodologies that are able to cover different pentesting requirements across different verticals. The ECSA penetration testing course provides you with a real world hands-on penetration testing experience and is a globally accepted hacking and penetration testing class available that covers the testing of modern infrastructures, operating systems and application environments while teaching the students how to document and write a penetration testing report.The ECSA pentest program takes the tools and techniques you learned in the Certified Ethical Hacker course (CEH) and elevates your ability into full exploitation by teaching you how to apply the skills learned in the CEH by utilizing EC-Council’s published penetration testing methodology. It focuses on pentesting methodology with an emphasis on hands-on learning.   Course outline: Security Analysis and Penetration Testing Methodologies TCP IP Packet Analysis Pre-penetration Testing Steps Information Gathering Methodology Vulnerability Analysis External Network Penetration Testing Methodology Internal Network Penetration Testing Methodology Firewall Penetration Testing Methodology IDS Penetration Testing Methodology Web Application Penetration Testing Methodology SQL Penetration Testing Methodology Database Penetration Testing Methodology Wireless Network Penetration Testing Methodology Mobile Devices Penetration Testing Methodology Cloud Penetration Testing Methodology Report Writing and Post Test Actions [-]

Public Key Infrastructure (PKI) is a core service that facilitates authentication, encryption, and digital signing. This 4-day course teaches the skills required to design, operate, and maintain your PKI system. The training begins with an overview of cryptography and the working principals of algorithms. After gaining an understanding of certificates, you will learn about the considerations for designing a highly reliable Certification Authority structure. Practical implementation examples are given in both Windows and Linux environments. Use-cases show how PKI can be used for, among others, securing websites, encrypting storage, validating executable code, and protecting communication.   Course outline:  Cryptography Basics: Introduction to Cryptography: Symmetric Cryptography Asymmetric Cryptography Hash Functions Security Goals Usage Scenarios Encryption Signing Components of PKI Algorithms, Protocols and Standards DES and 3DES RSA Object Identifiers X.500, X.509 PKCS#10, PKCS# Understanding Certificates Structure and Content Extensions Getting Started with CAs: Using External CAs Self-signed Certificates CA Hierarchy Writing Policies Certificate Policy Certification Practice Statement Windows Server Certificate Security Choosing an Architecture Implementing a CA Hierarchy Certificate Templates Issuing Certificates Certificate Renewal OpenSSL on Linux Maintaining a CA Verifying and Monitoring Backup Certificate Revocation Reasons for Revocation Methods of Revocation Checking Practical Applications: SSL for Web Server Internet Information Services (IIS) Apache (optional) Certificate-based Authentication Authentication User Authentication vs Server Authentication Considering Smart Card Logon Virtual Private Networking (optional) Wi-Fi with 802.1x Encrypting File System (EFS) Local EFS Encryption EFS Within a Domain Recovery Securing E-Mail Certificate Requirements Signing in Outlook Encryption in Outlook Code Signing Time Stamping Signing PowerShell Scripts (optional) Signing Visual Studio Files (optional) Signing Office VBScript Code Other PKI-Enable Applications   [-]

EU’s nye personvernregelverk ble innført sommeren 2018. Nye krav medfører stor risiko for virksomheten, og kan i verste fall føre til stor finansiell straff hvis regelverget ikke etterleves.  Hvorfor gå dette kurset? Få oversikten i løpet av én dag Bli trygg på at du har fått med deg det du må om regelverket Unngå kostbare misforståelser Utveksle erfaringer med andre deltakere Etter gjennomført kurs skal du ha kunnskap om: De viktigste kravene i GDPR Hvordan ledelsessystem for kvalitet og arbeidsmiljø tilpasses for å sikre at kravene i GDPR er riktig implementert Risiko i forhold til personopplysninger Revisjon av håndtering av personopplysninger   [-]

Now completely updated for 2019 with the latest material. (ISC)2 Certified Information Systems Security Professional (CISSP) is an independent information security certification governed by the not-for-profit International Information Systems Security Certification. The certification itself is seen as the world’s premier certification for information security professionals. The CISSP Bootcamp includes in-depth & intense coverage of all ten domains plus tips and advice to prepare yourself for the new 2019 (ISC)2 exam. CISSP certification is not only an objective measure of excellence, but a globally recognized standard of achievement.   Learning objectives  Understand and apply the concepts of risk assessment, risk analysis, data classification, and security awareness and Implement risk management and the principles used to support it (Risk avoidance, Risk acceptance, Risk mitigation, Risk transference) Apply a comprehensive and rigorous method for describing a current and/or future structure and behavior for an organization's security processes, information security systems, personnel, and organizational sub-units so that these practices and processes align with the organization's core goals and strategic direction and address the frameworks and policies, concepts, principles, structures, and standards used to establish criteria for the protection of information assets, as well as to assess the effectiveness of that protection and establish the foundation of a comprehensive and proactive security program to ensure the protection of an organization’s information assets. Apply a comprehensive and rigorous method for describing a current and/or future structure and behavior for an organization's security processes, information security systems,  personnel, and organizational sub-units so that these practices and processes align with the organization's core goals and strategic direction and examine the principles, means, and methods of applying mathematical algorithms and data transformations to information to ensure its integrity, confidentiality, and authenticity. Understand the structures, transmission methods, transport formats, and security measures  used to provide confidentiality, integrity, and availability for transmissions over private and   public communications networks and media, and identify risks that can be quantitatively and qualitatively measured to support the building of business cases to drive proactive security in the enterprise. Offer greater visibility into determining who or what may have altered data or system information, potentially affecting the integrity of those assets and match an entity, such as a person or a computer system, with the actions that entity takes against valuable assets, allowing organizations to have a better understanding of the state of their security posture. Plan for technology development, including risk, and evaluate the system design against mission requirements, and identify where competitive prototyping and other evaluation techniques fit in the process. Protect and control information processing assets in centralized and distributed environments and execute the daily tasks required to keep security services operating reliably and efficiently. Understand the Software Development Life Cycle (SDLC) and how to apply security to it, and identify which security control(s) are appropriate for the development environment, and assess the effectiveness of software security.   Course overview The CISSP draws from a comprehensive, up-to-date, global common body of knowledge that ensures security leaders have a deep knowledge and understanding of new threats, technologies, regulations, standards, and practices. The CISSP exam tests one's competence in the 8 domains of the CISSP CBK, which cover: Domain 1: Security and Risk Management (Security, Risk, Compliance, Law, Regulations, Business Continuity) Domain 2: Asset Security (Protecting Security of Assets) Domain 3: Security Engineering (Engineering and Management of Security) Domain 4: Communications and Network Security (Designing and Protecting Network Security) Domain 5: Identity and Access Management (Controlling Access and Managing Identity) Domain 6: Security Assessment and Testing (Designing, Performing, and Analyzing Security Testing) Domain 7: Security Operations (Foundational Concepts, Investigations, Incident Management, Disaster Recovery) Domain 8: Software Development Security (Understanding, Applying, and Enforcing Software Security) Module 9: CISSP Test Review Module 10: EU 2019 GDPR Update Module 11: CISSP Exam Preparation & Review Questions [-]

The Certified Data Protection Officer training course enables you to develop the necessary knowledge, skills and competence to effectively implement, manage and align a privacy framework based on the General Data Protection Regulation requirements. After mastering all the necessary concepts of General Data Protection Regulation (GDPR), you can sit for the exam and apply for a “PECB Certified Data Protection Officer” credential. By holding a PECB Certified Data Protection Officer Certificate, you will demonstrate that you thoroughly understand the gap between the General Data Protection Regulation and the current organizational processes including: privacy policies, procedures, working instructions, consent forms, data protection impact assessments, in order to associate organizations in the adoption process to the new regulation. Learning objectives: Understand the history of personal data protection in Europe Gain a comprehensive understanding of the concepts, approaches, methods and techniques required for the effective alignment with the General Data Protection Regulation Understand the new requirements that the General Data Protection Regulation brings for EU organizations and non-EU organizations and when it is necessary to implement them Acquire the necessary expertise to support an organization in assessing the implementation of these new requirements Learn how to manage a team implementing the GDPR Gain the knowledge and skills required to advise organizations on best practices in the management of personal data Acquire the expertise for analysis and decision making in the context of personal data protection   Course Agenda Day 1: Introduction to GDPR and Privacy Principles Day 2: The role of the Data Protection Officer Day 3: Risk Management and Information Security Day 4: Incident Management, Business Continuity and Data Protection Impact Assessment Day 5: Certification Exam Exam and all necessary course material are included in the course Education approach Lecture sessions are illustrated with examples based on real case scenarios Practical exercises include real case scenarios, examples and discussions Practice tests are similar to the Certification Exam [-]

Alle nåværende arbeidstakere såvel som tidligere ansatte har rettigheter som får betydning i forhold til i hvilken grad, hvordan og hvor lenge en arbeidsgiver kan behandle personlig informasjon. På dette times nettkurset setter vi fokus på regler og problemstillinger som oppstår når arbeidstaker skal slutte.  Personvernerklæring  Informasjon i personalmappen og andre steder Oppbevaringsplikt - hvilke opplysninger er arbeidsgiver pålagt å oppbevare etter utløpet av oppsigelsestiden og hvor lenge skal slike opplysninger oppbevares.  Kan vi oppbevare personopplysninger av historisk interesse? Sletting - hvilke opplysninger skal arbeidsgiver slette Innsyn i epost og filer etter arbeidsforholdet opphør Praktisk informasjon Dette er et nettbasert kurs. En beskrivelse av hvordan oppkobling skjer vil bli sendt i forkant av kurset. Webinaret forutsettes vist på egen PC på din arbeidsplass. Vi anbefaler deg å sitte avskjermet i eget rom, eller sammen med andre som tar samme kurset. Du må logge deg på webinaret lokalt (ikke via terminalserver/Citrix) og ha på lyd. [-]

K-tech er et kompetansesenter på Kongsberg som startet opp i 2008 med Kongsberg Defence & Aerospace, Technip FMC og GKN Aerospace som våre eiere. Vi er en kursleverandør som tilbyr kvalitetssikrede kurs innenfor en rekke sentrale områder som er etterspurt av industrien i Norge. Beskrivelse: GDPR Foundation training enables you to learn the basic elements to implement, manage and align a privacy framework with and based on the General Data Protection Regulation. During this training course, you will be able to understand the fundamental privacy principles and become familiar with the role of the Data Protection Officer. After completing this course, you can sit for the exam and apply for a “PECB GDPR Foundation” credential. A PECB Foundation Certificate shows that you have understood the fundamental methodologies, requirements, framework and management approach. Learning objectives: Understand the General Data Protection Regulation requirements and the fundamental principles of privacy/li> Understand the obligations, roles and responsibilities of the Data Protection Officer Understand the concepts, approaches, methods and techniques to effectively align a privacy framework with the General Data Protection Regulation Innhold: Course Agenda Day 1: Introduction to the General Data Protection Regulation and its concepts Day 2: The General Data Protection Regulation requirements and Certification Exam Exam and all necessary course material are included in the course  Education approach Lecture sessions are illustrated with examples based on real case scenarios Practical exercises include real case scenarios, examples and discussions Practice tests are similar to the Certification Exam [-]

The web is a great software delivery platform, making your software available to users around the world with zero installation and easily deployed updates. Unfortunately, it also exposes you to an army of adversaries - some human, some bot - who have darker goals: to cause loss to your data or reputation, subvert your resources for their own gain or attack your user base. This course helps you to develop a security-oriented mindset. It explores the way the web works, so you have a way to understand how various vulnerabilities arise. Then, with those foundations laid, it covers a range of common and less common vulnerabilities, how an attack based on them would be constructed, and how you can recognize and defend against them.   Day 1Module 1: Developing a security-oriented mindset The economics of security Attack vectors: technical, social, physical Security in depth The issues with security by obscurity Positive vs negative validation Module 2: Analysing HTTP request/response Understanding the HTTP protocol Using a HTTP analyser Request header content Response header content GET vs POST and the implications Assembling and making custom fake requests Tracing an AJAX application's HTTP flow Module 3: Injection vulnerabilities Concept and overall defense strategy SQL injection Path injection HTTP header injection Mail header injection XPATH injection Regex injection Module 4: Attacks from the client side Cross site scripting (XSS) Cross site request forgery (CSRF)   Day 2 Module 5: Authentication and authorization issues Comparing password protection Securing password storage Handling password changes and resets securely Session poisoning and session stealing Direct object reference vulnerabilities Securing static objects Securing AJAX Module 6: Exploiting trust relationships Social engineering basics Phishing Unvalidated re-directs and forwards Weaknesses due to faked referrers Dangers related to shared hosting and shared domains Unicode homograph related issues Module 7: Information leakage The dangers of bad error handling Managing risks in open APIs Timing attacks Module 8: Denial of Service attacks How DoS attacks arise DoS vs DDoS XML poisoning attacks Regex backtracking blow-up attacks   Les mer om Glasspaper as Les mer om kurset: Web Security for Developers [-]

Gratis PCNSA-excam voucher Vi gir nå alle våre EDU-210 studenter gratis PCNSA-excam voucher etter fullendt kurs, som vil gi  deg mulighet for å bli sertifisert etter endt kurs.   Even experienced firewall engineers take a lot out of this course as it includes, besides the architecture and management essentials, topics like Application Identification, Content ID (IPS, Anti-Virus/-Spyware, URL Filtering, File Blocking), SSL Decryption, GlobalProtect Remote Access and User Identification which are all features usually not supported by legacy firewalls. In addition to the official content, we also teach security best practices which will enable students to fully leverage the potential of the Palo Alto Networks Next-Generation Firewall as we not only explain the theory but how to use every feature in real life. Successful completion of this five-day, instructor-led course should enhance the student’s understanding of how to configure and manage Palo Alto Networks® next-generation firewalls. The student will get hands-on experience configuring, managing, and monitoring a firewall in a lab environment. Course datasheet   Deltagerne må ta med egen PC til bruk under kurset. Kurset i mai har norsk instruktør. Kurset tilbys også som bedriftsinternt kurs, og arrangeres hos dere eller i våre lokaler, alt etter hva som passer best. Ta kontakt med oss og vi kan finne en god løsning sammen.   [-]

GDPR Foundation training enables you to learn the basic elements to implement, manage and align a privacy framework with and based on the General Data Protection Regulation. During this training course, you will be able to understand the fundamental privacy principles and become familiar with the role of the Data Protection Officer. After completing this course, you can sit for the exam and apply for a “PECB GDPR Foundation” credential. A PECB Foundation Certificate shows that you have understood the fundamental methodologies, requirements, framework and management approach. Learning objectives: Understand the General Data Protection Regulation requirements and the fundamental principles of privacy/li> Understand the obligations, roles and responsibilities of the Data Protection Officer Understand the concepts, approaches, methods and techniques to effectively align a privacy framework with the General Data Protection Regulation Course Agenda Day 1: Introduction to the General Data Protection Regulation and its concepts Day 2: The General Data Protection Regulation requirements and Certification Exam Exam and all necessary course material are included in the course Education approach Lecture sessions are illustrated with examples based on real case scenarios Practical exercises include real case scenarios, examples and discussions Practice tests are similar to the Certification Exam [-]

Lær deg om de beste metodene for å implementere og administrere et ISMS som spesifisert i ISO 27001: 2013. Kurset gir deg også kunnskap om de beste metodene for implementering av informasjonssikkerhetskontroller fra de 11 domenene i ISO 27002. Dette er et av våre mest populære kurs, så det lønner seg å være raskt ute for å sikre seg plass.  Målet for kurset er å lære deg: - Å forstå implementeringen av et ISMS i henhold til ISO 27001 - Å forstå forholdet mellom et ISMS, herunder risikostyring, kontroll og samsvar med kravene til ulike interessenter i organisasjonen - Å forstå begreper, tilnærminger, standarder, metoder og teknikker som tillater å effektivt håndtere et ISMS- Å tilegne seg nødvendig kunnskap for å bidra til å implementere et ISMS som spesifisert i ISO 27001   Kursinnhold Dag 1: Introduksjon til ISMS begreper som kreves av ISO 27001 Introduksjon til ISO 27000-gruppen av standarder Introduksjon til styringssystemer og prosesstilnærmingen Grunnleggende prinsipper om informasjonssikkerhet Generelle krav: presentasjon av punktene 4 til 8 av ISO 27001 Gjennomføringsfasen av ISO 27001 rammeverk Kontinuerlig forbedring av informasjonssikkerhet Gjennomføre en ISO 27001 sertifiseringsrevisjon Dag 2: Implementering av informasjonssikkerhetskontroller i henhold til ISO 27002 og sertifiseringseksamen Prinsipper og utforming av informasjonssikkerhetskontroller Dokumentasjon av informasjonssikkerhetskontrollmiljøet Overvåking og gjennomgang av informasjonsikkerhetskontroller Eksempler på implementering av informasjonssikkerhetskontroller basert på ISO 27002 beste praksis Sertifisert ISO / IEC 27001 Grunnleggende eksamen [-]

NB! Kursene kjøres:  17.2.-20.2.2020 + 2.3.-5.3.2020 (8 x half-day sessions) 26.5.-29.5.2020 + 9.6.-12.6.2020 (8x half-day sessions) Successful completion of this course will enhance the student’s understanding of how to better configure, manage, and monitor PAN-OS® threat prevention features. The student will get hands-on experience configuring, managing, and monitoring threat prevention features in a lab environment. Best Practices & Real Life Experience All of our instructors are security consultants that design, implement, migrate, manage and support Palo Alto Networks solutions all day, every day. It's this experience which they bring into the classroom to explain not only the theory but how to use the FireWall in real-life. Customers tell us that this is most valuable for them and what differentiates our training from most other training partners.   Video Recordings It's impossible to remember everything in live training, which is why we are recording it and share the video with you. If you like to start studying right away, then we can even share the videos of a previous course.   Dedicated Lab AccessFor 3 month you will have access to your own dedicated lab which you can use not only during the course, but for full three month. Your virtual lab consists of a Windows Client, Palo Alto Networks FireWall and DMZ Linux Server with a lab guide for practical exercises. As a bonus, which is not officially part of the course, your lab features the Expedition Migration Tool and Minemeld.   COURSE OBJECTIVESSuccessful completion of this training will enhance the student’s understanding of how to better configure, manage, and monitor PAN-OS® threat prevention features. The student will get hands-on experience configuring, managing, and monitoring threat prevention features in a lab environment.   SCOPE: Course level: Intermediate Course duration: 4 days Course format: Combines lecture and hands-on labs Platform support: Palo Alto Networks® nextgeneration Language: Undervisningen og dokumentasjon er på engelsk.   KURSINNHOLD: Module 1: The Cyber-Attack Lifecycle Module 2: Blocking Packet- and Protocol-Based Attacks Module 3: Blocking Threats from Known-Bad Sources Module 4: Blocking Threats Using App-ID™ Module 5: Blocking Threats Using Custom Signatures Module 6: Creating Custom Threat Signatures Module 7: Blocking Threats in Encrypted Traffic Module 8: Blocking Threats in Allowed Traffic Module 9: Authenticating Firewall User Accounts Module 10: Blocking Threats from Phishing and Stolen Credentials Module 11: Viewing Threat and Traffic Information     Kurset tilbys også som bedriftsinternt kurs, og arrangeres hos dere eller i våre lokaler, alt etter hva som passer best. Ta kontakt med oss og vi kan finne en god løsning sammen. [-]

This five-day intensive course enables participants to develop the expertise needed to audit an Information Security Management System (ISMS) and to manage a team of auditors by applying widely recognized audit principles, procedures and techniques. During this training, the participant will acquire the skills and knowledge needed to proficiently plan and perform audits compliant with the certification process of the ISO/IEC 27001:2013 standard. Based on practical exercises, the participant will develop the abilities (mastering audit techniques) and skills (managing audit teams and audit program, communicating with customers, conflict resolution, etc.) necessary to the efficient conducting of an audit. Les mer om kurset og agenda [-]