Sikkerhetskurs for IT

ISO/IEC 27005 Risk Manager training enables you to develop the competence to master the risk management process related to all assets of relevance for Information Security using the ISO/IEC 27005 standard as a reference framework. During this training course, you will also gain a thorough understanding of best practices of risk assessment methods such as OCTAVE, EBIOS, MEHARI and harmonized TRA. This training course corresponds with the implementation process of the ISMS framework presented in the ISO/IEC 27001 standard. Course Objectives Acknowledge the correlation between Information Security risk management and security controls Understand the concepts, approaches, methods and techniques that enable an effective risk management process according to ISO/IEC 27005 Learn how to interpret the requirements of ISO/IEC 27001 in Information Security Risk Management Acquire the competence to effectively advise organizations in Information Security Risk Management best practices Content Day 1:  Introduction to Information Security controls as recommended by ISO/IEC 27002 Course objectives and structure Concepts and definitions of risk Standard and regulatory framework Implementing a risk management programme Understanding the organization and its context Day 2:  Implementation of a risk management process based on ISO/IEC 27005 Risk identification Risk analysis and risk evaluation Risk assessment with a quantitative method Risk treatment Risk acceptance and residual risk management Information Security Risk Communication and Consultation Risk monitoring and review Day 3:  Overview of other Information Security risk assessment methods and Certification Exam OCTAVE Method MEHARI Method EBIOS Method Harmonized Threat and Risk Assessment(TRA) Method Certification test [-]

Målet med kurset er å gi dybdeforståelse for risikostyring i henhold til rammeverket ISO 27005 slik at man vil være rustet til å vurdere risiko knyttet til informasjonssikkerhet. I kurset får du oversikt over flere av verktøyene og metodene for risikovurdering. Gjennom praktiske øvelser og case vil du tilegne deg den kunnskapen du trenger for å gjennomføre en risikovurdering av informasjonssikkerhet på en optimal måte. Ved implementering av et styringssystem for informasjonssikkerhet vil du som sertifisert ISO 27005 Risk Manager sikre høy kvalitet i arbeidet. Kurset korresponderer med implementeringsprosessen av ISMS-rammeverket som presenteres i ISO 27001. Hovedemner Introduksjon, program for risikostyring, risikoidentifisering og vurdering iht. ISO 27005 Risikovurdering, behandling, kommunikasjon og overvåking iht. ISO 27005 Implementering, tilpasning, tilnærming og konklusjon Oppstart av risikovurdering med OCTAVE, oversikt over prosessene Vurdering av sårbarheter og risiko iht. OCTAVE Læringsmål Utvikle nødvendig kunnskap for å gjennomføre risikovurdering med OCTAVE-metoden Beherske de enkelte stegene i prosessen for risikovurdering med OCTAVE metoden Tolke kravene i ISO 27001 i forhold til risikostyring Forstå konsepter, fremgangsmåter og metoder for en effektiv risikostyringsprosess iht. ISO 27005 Forstå forholdet mellom risikostyring, kontroller og etterlevelse av standarder Implementere, vedlikeholde og styre et aktivt risikostyringsprogram iht. ISO 27005 Få kunnskapen du trenger for å gi råd iht. beste praksis for risikostyring innen informasjonssikkerhet   [-]

Agenda Day 1: Introduction to the GDPR and initiation of the GDPR Compliance Day 2: Plan the implementation of the GDPR Day 3: Deploying the GDPR Day 4: Monitoring and continuous improvement of GDPR compliance Day 5: Certification Exam [-]

Successful completion of this course will enhance the student’s understanding of how to better configure, manage, and monitor PAN-OS® threat prevention features. The student will get hands-on experience configuring, managing, and monitoring threat prevention features in a lab environment.    Best Practices & Real Life Experience All of our instructors are security consultants that design, implement, migrate, manage and support Palo Alto Networks solutions all day, every day. It's this experience which they bring into the classroom to explain not only the theory but how to use the FireWall in real-life. Customers tell us that this is most valuable for them and what differentiates our training from most other training partners.   Video Recordings It's impossible to remember everything in live training, which is why we are recording it and share the video with you. If you like to start studying right away, then we can even share the videos of a previous course.   Dedicated Lab AccessFor 3 month you will have access to your own dedicated lab which you can use not only during the course, but for full three month. Your virtual lab consists of a Windows Client, Palo Alto Networks FireWall and DMZ Linux Server with a lab guide for practical exercises. As a bonus, which is not officially part of the course, your lab features the Expedition Migration Tool and Minemeld.   COURSE OBJECTIVESSuccessful completion of this training will enhance the student’s understanding of how to better configure, manage, and monitor PAN-OS® threat prevention features. The student will get hands-on experience configuring, managing, and monitoring threat prevention features in a lab environment.   SCOPE: Course level: Intermediate Course duration: 4 days Course format: Combines lecture and hands-on labs Platform support: Palo Alto Networks® nextgeneration Language: Undervisningen og dokumentasjon er på engelsk.   KURSINNHOLD: Module 1: The Cyber-Attack Lifecycle Module 2: Blocking Packet- and Protocol-Based Attacks Module 3: Blocking Threats from Known-Bad Sources Module 4: Blocking Threats Using App-ID™ Module 5: Blocking Threats Using Custom Signatures Module 6: Creating Custom Threat Signatures Module 7: Blocking Threats in Encrypted Traffic Module 8: Blocking Threats in Allowed Traffic Module 9: Authenticating Firewall User Accounts Module 10: Blocking Threats from Phishing and Stolen Credentials Module 11: Viewing Threat and Traffic Information     Kurset tilbys også som bedriftsinternt kurs, og arrangeres hos dere eller i våre lokaler, alt etter hva som passer best. Ta kontakt med oss og vi kan finne en god løsning sammen. [-]

Obtain all the competences and knowledge necessary to lead all the processes for implementing and complying with the requirements of the General Data Protection Regulation (GDPR) in an organization   Course description: The Certified Data Protection Officer training course enables you to develop the necessary knowledge, skills and competence to effectively implement, manage and align a privacy framework based on the General Data Protection Regulation requirements. After mastering all the necessary concepts of General Data Protection Regulation (GDPR), you can sit for the exam and apply for a “PECB Certified Data Protection Officer” credential. By holding a PECB Certified Data Protection Officer Certificate, you will demonstrate that you thoroughly understand the gap between the General Data Protection Regulation and the current organizational processes including: privacy policies, procedures, working instructions, consent forms, data protection impact assessments, in order to associate organizations in the adoption process to the new regulation. Course objectives: Understand the history of personal data protection in Europe Gain a comprehensive understanding of the concepts, approaches, methods and techniques required for the effective alignment with the General Data Protection Regulation Understand the new requirements that the General Data Protection Regulation brings for EU organizations and non-EU organizations and when it is necessary to implement them Acquire the necessary expertise to support an organization in assessing the implementation of these new requirements Learn how to manage a team implementing the GDPR Gain the knowledge and skills required to advise organizations on best practices in the management of personal data Acquire the expertise for analysis and decision making in the context of personal data protection   Course Agenda Day 1: Introduction to the GDPR and initiation of the GDPR Compliance  Course objective and structure General Data Protection Regulation Fundamental Principles of the GDPR Initiating the GDPR Implementation Understanding the Organization and Clarifying the Data Protection Objectives Analysis of the Existing System Day 2: Plan the Implementation of the GDPR Leadership and approval of the GDPR Compliance Project Data Protection Policy Definition of the Organizational Structure of Data Protection Data Classification Risk Assessment under the GDPR Day 3: Deploying the GDPR  Privacy Impact Assessment (PIA) Design of Security Controls and Drafting of Specific Policies & Procedures Implementation of Controls Definition of the Document Management Process Communication Plan Training and Awareness Plan Day 4: Monitoring and continuous improvement of GDPR compliance  Operations Management Incident Management Monitoring, Measurement, Analysis and Evaluation Internal Audit Data breaches and corrective actions Continual Improvement Competence, Evaluation and Closing the Training Day 5: Certification Exam  Preparation for exam Exam Exam and all necessary course material are included in the course Education approach Lecture sessions are illustrated with examples based on real case scenarios Practical exercises include real case scenarios, examples and discussions Practice tests are similar to the Certification Exam [-]

The web is a great software delivery platform, making your software available to users around the world with zero installation and easily deployed updates. Unfortunately, it also exposes you to an army of adversaries - some human, some bot - who have darker goals: to cause loss to your data or reputation, subvert your resources for their own gain or attack your user base. This course helps you to develop a security-oriented mindset. It explores the way the web works, so you have a way to understand how various vulnerabilities arise. Then, with those foundations laid, it covers a range of common and less common vulnerabilities, how an attack based on them would be constructed, and how you can recognize and defend against them.    Course Outline Day 1 Introduction The reality What might an attacker want? Social Engineering  HTTPS Man-in-the-middle attacks Certificates Certificate pinning Securing cookies HTTP Strict Transport Security header  Encoding Character encoding Unicode Encoding  Cross Site Scripting Stored XSS Reflected XSS DOM Based XSS XSS Preventions  Content Security Policy Headers and directives CSP Reporting  Cross site request forgery (CSRF) CSRF Prevention Synchronizer Token Pattern Double Submit Cookies  Injections SQL Injections File path injections  Authentication & Authorisation OAuth OpenID Connect Signed requests Form based authentication Securing the session Day 2 Denial-of-Service (DoS) attacks Network attacks Application level attacks Regular Expression attacks XML DoS attacks Decompression bombs  Password management Secure password storage Hashing Salt and pepper  Information leakage Error handling Source control leaks SQL Timing attacks Login timing attacks Response header leakage Search engine leakage Server leaks  Logging & monitoring Logging Monitoring Knowing when the site is under attack Honey pots  Attacking our site How can we start hacking our self Hacking tools  Penetration testing Hack your self   About the instructor: Tore Nestenius Tore has worked as a consultant since 1997 and is a very knowledgeable system developer and has in the past worked for large companies like Ericsson and Flextronics. Early in his career, Tore Nestenius started Programmers Heaven - a portal with over 750 000 monthly users. He’s behind several other successful projects like CodePedia - a Wiki for developers, the Open Source project TNValidate, and the C# School e-book with over 100 000 downloads.   [-]

Personvernforordningen / General Data Protection Regulation (GDPR) Vi går gjennom de deler du må ha kompetanse om, og du får fyldig kursmateriale med deg hjem, slik at du enklere kan mester fagområdet etter kurset. Men på ettdagskurs er det ikke dybdegejnnomgang av områder som DPIA, teknologi og prosess rundt GAP planer. Du får alikevel med deg materiale så du kan lese etterpå. Hva er formålet med forordninga og hvordan forordningen er strukturert. Vi går gjennom  tilsynsmyndighet og hvilke innvirkninger den loven har på Norge, EU og andre land.  Du får kompetanse om hovedpunkter i forordningen med de viktige nøkkelkonsepter, kategorier for personlig informasjon og prinsipper for databeskyttelse. Den registrertes rettigheter og hvordan analyser utfordringer og problemer En viktig kompetanse som mange ikke kjenner godt nok er hvilke roller, forpliktelser og behandlingsaktiviteter som må mestres, så vi ser på personvernombudets betegnelser  Konsekvensanalyse av databeskyttelse og personvernombudet Behandlingsaktiviteter og personvernombudet  Kontrollers ansvar Personvernombudet sitt ansvarRegistrering av behandlingsaktiviteterSamarbeid med tilsynsmyndighetHvordan starte program for å etterleve personvernforordningenHvem må forholde seg til personvernforordningenMetoder og tilnærmingForbered program for personvernforordningenHvordan avdekke mangler  og i dentifiser strategiske målLedelsens ansvar og godkjenning [-]

The training not only teaches the features and functionalities of Panorama but also provides guidance on how to design a distributed firewall network that is managed from a central location.  If you are or planning to use Panorama to manage multiple FireWalls in your infrastructure then you should take this course. The Panorama management is very similar to the FireWall but it has a additional concepts like device-groups and templates that are essential to understand. The main focus of this course, besides all the Panorama concepts and initial configuration, is to show how you design and manage an infrastructure with many FireWalls because if the structure isn't setup right from the beginning, then this usually means a lot of extra work and complications at a later stage. If you are using Panorama only for centralised logging and reporting then you might skip this course.   COURSE OBJECTIVES This course will help students to gain in-depth knowledge about how to configure and manage their Palo Alto Networks® PanoramaTM management server. Upon completion of this course, administrators should be familiar with the PanoramaTM management server’s role in managing and securing their overall network. Network professionals will be shown how to use PanoramaTM aggregated reporting to provide them with a holistic view of a network of Palo Alto Networks® next-generation firewalls.   SCOPE Course level: Intermediate Course duration: 2 days Course format: Combines lecture with hands-on labs Language: Undervisningen er på engelsk og dokumentasjonen på engelsk.   KURSINNHOLD Module 1: Panorama™ Overview Module 2: Initial Configuration Module 3: Adding Firewalls to Panorama™ Module 4: Panorama™ High Availability Module 5: Templates Module 6: Device Groups Module 7: Administrative Accounts Module 8: Log Forwarding and Collection Module 9: Aggregated Monitoring and Reporting Module 10: Troubleshooting   Kurset tilbys også som bedriftsinternt kurs, og arrangeres hos dere eller i våre lokaler, alt etter hva som passer best. Ta kontakt med oss og vi kan finne en god løsning sammen. [-]

Unlike most other pen testing programs that only follow a generic kill chain methodology; the ECSA presents a set of distinguishable comprehensive methodologies that are able to cover different pentesting requirements across different verticals. The ECSA penetration testing course provides you with a real world hands-on penetration testing experience and is a globally accepted hacking and penetration testing class available that covers the testing of modern infrastructures, operating systems and application environments while teaching the students how to document and write a penetration testing report.The ECSA pentest program takes the tools and techniques you learned in the Certified Ethical Hacker course (CEH) and elevates your ability into full exploitation by teaching you how to apply the skills learned in the CEH by utilizing EC-Council’s published penetration testing methodology. It focuses on pentesting methodology with an emphasis on hands-on learning.   Course outline: Security Analysis and Penetration Testing Methodologies TCP IP Packet Analysis Pre-penetration Testing Steps Information Gathering Methodology Vulnerability Analysis External Network Penetration Testing Methodology Internal Network Penetration Testing Methodology Firewall Penetration Testing Methodology IDS Penetration Testing Methodology Web Application Penetration Testing Methodology SQL Penetration Testing Methodology Database Penetration Testing Methodology Wireless Network Penetration Testing Methodology Mobile Devices Penetration Testing Methodology Cloud Penetration Testing Methodology Report Writing and Post Test Actions [-]

Studieår: 2013-2014   Gjennomføring: Høst og vår Antall studiepoeng: 5.0 Forutsetninger: Ingen. Innleveringer: For å kunne gå opp til eksamen må 8 av 12 øvinger være godkjent. Personlig veileder: ja Vurderingsform: Skriftlig, individuell, 3 timer,  Ansvarlig: Olav Skundberg Eksamensdato: 16.12.13 / 26.05.14         Læremål: KUNNSKAPER:Kandidaten kan:- forklare hvordan en datamaskin utsettes for angrep gjennom skadelig programvare og hvordan man kan beskytte seg mot dette- beskrive ulike typer nettbaserte angrep og hvordan man kan beskytte seg mot dette- beskrive ulike krypteringsmekanismer og forklare hvordan digitale sertifikat brukes for å oppnå sikre tjenester.- referere til aktuelle lover og retningslinjer innen sikkerhet- gjøre greie for en organisasjonsmessig informasjonssikkerhetssikkerhetspolicy FERDIGHETER:Kandidaten kan:- kontrollere egen PC for skadelig programvare- kontrollere at installert programvare er oppdatert- utføre pakkefangst med Wireshark og tolke resultatet GENERELL KOMPETANSE:Kandidaten:- er bevisst på å holde programvare oppdatert og å bruke nettvett Innhold:Skadelig programvare: sikkerhetshull, informasjonskapsler, virus og antivirus Nettverk: Virtuelle private nett (VPN), brannmur, demilitarisert sone (DMZ), tjenestenektangrep Sikre tjenester: Krypteringsmetoder og sjekksum. Digitale sertifikater og Public Key Infrastructure (PKI) Samfunn og virksomhet: ekom-loven og personvernloven. Sikkerhetshåndbok og ISO27001Les mer om faget herDemo: Her er en introduksjonsvideo for faget Påmeldingsfrist: 25.08.13 / 25.01.14         Velg semester:  Høst 2013    Vår 2014     Fag Internett og sikkerhet 4980,-         Semesteravgift og eksamenskostnader kommer i tillegg.  [-]

Uansett om du velger å sertifiserer deg eller ikke, får du unik innsikt i revisjon mot ISO 27001-standarden slik at du kan implementere standarden på et vis som tilfredsstiller revisors krav. ISO 27001 er kanskje den viktigste sikkerhetsstandarden og for mange et kvalitetsstempel for sikkerhet i virksomheten. ISO 27001 krever at revisjonen skal bestå av en intern- og en eksternrevisjon. Kursinnhold Presentasjon og gjennomgang Revisjonsregler, forberedelser og oppstart Revisjonsaktiviteter Konklusjoner og vurderinger, avslutning Avsluttende eksamen på 3 timer og 30 minutter siste dag Kurset er basert på teoretiske presentasjoner etterfulgt av praktiske oppgaver. Det må påregnes en del kveldsarbeid.     [-]

The course is three days of instructor-led training that will help you: Investigate networking issues using firewall tools including the CLI Follow proven troubleshooting methodologies specific to individual features Analyze advanced logs to resolve various real-life scenarios Solve advanced, scenario-based challenges   COURSE OBJECTIVESSuccessful completion of this three-day, instructor-led course will enhance the participant’s understanding of how to troubleshoot the full line of Palo Alto Networks® next-generation firewalls. Participants will receive hands-on opportunities to troubleshoot common problems related to the configuration and operation of the security features of the Palo Alto Networks® PAN-OS® operating system. Completion of this class will help participants develop an in-depth knowledge of how to troubleshoot visibility and control over applications, users, and content.   SCOPE Course level: Advanced Course duration: 3 days Course format: Lecture and hands-on labs Platform support: Palo Alto Networks® next-generation enterprise firewalls running the PAN-OS® operating system Language: Undervisning og dokumentasjon er på engelsk [-]

EU’s personvernregelverk, som ble innført i 2018, fører fremdeles til en del usikkerhet rundt hva kravene betyr i praksis for kvalitetssystemet.  Hvorfor gå dette kurset? Få oversikten i løpet av én dag Bli trygg på at du har fått med deg det du må om regelverket Unngå kostbare misforståelser Utveksle erfaringer med andre deltakere Etter gjennomført kurs skal du ha kunnskap om: De viktigste kravene i GDPR Hvordan ledelsessystem for kvalitet og arbeidsmiljø tilpasses for å sikre at kravene i GDPR er riktig implementert Risiko i forhold til personopplysninger Revisjon av håndtering av personopplysninger   [-]

Course description GDPR Foundation training enables you to learn the basic elements to implement, manage and align a privacy framework with and based on the General Data Protection Regulation. During this training course, you will be able to understand the fundamental privacy principles and become familiar with the role of the Data Protection Officer. After completing this course, you can sit for the exam and apply for a “PECB GDPR Foundation” credential. A PECB Foundation Certificate shows that you have understood the fundamental methodologies, requirements, framework and management approach.  Course Objectives Understand the General Data Protection Regulation requirements and the fundamental principles of privacy. Understand the obligations, roles and responsibilities of the Data Protection Officer Understand the concepts, approaches, methods and techniques to effectively align a privacy framework with the General Data Protection Regulation   Course Content Day 1: Introduction to the General Data Protection Regulation Course objectives and structure General data protection regulation Data protection principles, challenges and issues Rights of the data subject Data controllers, processors and the data protection officer Data protection authorities Day 2: Preparing for GDPR and Certification Exam Data mapping plan Risk assessment under GDPR Data protection impact assessment Privacy impact assessment (PIA) Personal data transfers to third parties Remedies, liabilities and penalties Certification process and closing the training [-]

  Studieår: 2013-2014   Gjennomføring: Høst og vår Antall studiepoeng: 5.0 Forutsetninger: Faget «Datakommunikasjon» eller tilsvarende grunnleggende fag. (TCP/IP forutsettes kjent). Faget «Nettverksteknologi» Innleveringer: Øvinger: 8 av 12 må være godkjent. Øvingene må dekke en bred del av pensum. Vurderingsform: Skriftlig, individuell, 3 timer, Ansvarlig: Helge Hafting Eksamensdato: 04.12.13 / 07.05.14         Læremål: KUNNSKAPER:Kandidaten:- kan forklare en del protokollbaserte farer/angrep i kablede og trådløse nett- kan gjøre rede for mottiltak mot angrepene over- kan gjøre rede for andre farer og mottiltak, som fysiske sikringstiltak og «social engineering»- kan gjøre rede for og planlegge bruk av vanlige sikringstiltak som IDS, IPS, VPN og proxyer FERDIGHETER:Kandidaten kan:- sette i drift et VPN- installere brannmur- Observere nettverkstrafikk med pakkesniffer GENERELL KOMPETANSE:Kandidaten:- kan granske sikkerheten i et nettverk, og velge passende tiltak.Innhold:Generell nettverkssikkerhet. Hvordan planlegge, organisere og sette sikkerhet i små og store nettverk. Brannmurer, VPN, IDS/IPS. Sikkerhet rundt epost, trådløse nett og rutere. En del vanlige angrep, og mottiltak.Les mer om faget her Påmeldingsfrist: 25.08.13 / 25.01.14         Velg semester:  Høst 2013    Vår 2014     Fag Nettverkssikkerhet 4980,-         Semesteravgift og eksamenskostnader kommer i tillegg.    [-]