Oversikt over relevante kurs innen Sikkerhetskurs for IT i Överjärna

Kurset tar for seg de mest sentrale problemstillingene knyttet til sikkerhet rundt bruken av datautstyr som datamaskiner, smarttelefoner og nettbrett.    Kurset vil gi brukeren kunnskap om ulike «feller» man kan gå i samt nyttige og praktiske tips og veiledninger til hvordan man unngår at data kommer på avveie eller ødelegges permanent.   Kurset inneholder 50 opplæringsvideoer. Mens andre  kurs fokuserer på å bruke IT-verktøy effektivt, vil dette kurset gi deg innsikt i å bruke IT trygt og sikkert.   Kurset passer for databrukere i alle typer bedrifter og organisasjoner.   Innhold i kurset • Datamaskinen • Passord • Ute av kontoret • Minnepinner • Sikkerhetskopi • E-post • Internett • Ettertest Krav til forkunnskaper Grunnleggende datakunnskaper Kursbevis Etter endt opplæring vil man kunne ta en ettertest for å måle sin nye kunnskap. Ved bestått test så vil man få tilgang til et kursbevis   Nettbasert  Timetall: 6  Kursstart Info: Når som helst - Hele året !  Klokkeslett: 00:00 - 24:00  Påmeldingsfrist:  Pris: kr 1.175,- inkl. mva.  Nettbasert - Web     Kontaktperson: Frode Ingebrigtsen    Status: Åpent for påmelding Gå til påmelding [-]

COURSE OVERVIEW The Certified Information Systems Security Professional (CISSP) is the most globally recognized certification in the cybersecurity market. CISSP validates a cybersecurity professional’s deep technical and managerial knowledge and experience to effectively design, engineer and manage an organization’s overall security posture. Please note an exam voucher is included as part of this course TARGET AUDIENCE Cybersecurity professionals with at least 5 years in the information security field. Member data has shown that amajority of CISSP holders are in middle management and a much smaller proportion are in senior or junior/entry-level positions. Roles include:• Chief Information Officer• Chief Information Security Officer• Chief Technology Officer• Compliance Manager / Officer• Director of Security• Information Architect• Information Manager / Information RiskManager or Consultant• IT Specialist / Director / Manager• Network / System Administrator• Security Administrator• Security Architect / Security Analyst• Security Consultant• Security Manager• Security Systems Engineer / Security EngineerSectorsCISSP is relevant across all sectors and industries, including:• Aerospace• Automotive• Banking, financial services, insurance (BFSI)• Construction• Cybersecurity• Energy• Engineering• Government• Healthcare, IT products, services, consulting• Manufacturing• Pharma• Retail• Telecom COURSE OBJECTIVESAfter completing this course you should be able to: Understand and apply fundamental concepts and methods related to the fields of information technology and security Align overall organizational operational goals with security functions and implementations. Understand how to protect assets of the organization as they go through their lifecycle. Understand the concepts, principles, structures and standards used to design, implement, monitor and secure operating systems, equipment, networks, applications and those controls used to enforce various levels of confidentiality, integrity and availability. Implement system security through the application of security design principles and application of appropriate security control mitigations for vulnerabilities present in common information system types and architectures. Understand the importance of cryptography and the security services it can provide in today’s digital and information age. Understand the impact of physical security elements on information system security and apply secure design principles to evaluate or recommend appropriate physical security protections. Understand the elements that comprise communication and network security coupled with a thorough description of how the communication and network systems function. List the concepts and architecture that define the associated technology and implementation systems and protocols at Open Systems Interconnection (OSI) model layers 1-7. Identify standard terms for applying physical and logical access controls to environments related to their security practice. Appraise various access control models to meet business security requirements. Name primary methods for designing and validating test and audit strategies that support business requirements. Enhance and optimize an organization’s operational function and capacity by applying and utilizing appropriate security controls and countermeasures. Recognize risks to an organization’s operational endeavours and assess specific threats, vulnerabilities and controls. Understand the System Lifecycle (SLC) and the Software Development Lifecycle (SDLC) and how to apply security to it; identify which security control(s) are appropriate for the development environment; and assess the effectiveness of software security. COURSE CONTENT Domain 1: Security and Risk Management Domain 2: Asset Security Domain 3: Security Architecture and Engineering Domain 4: Communication and Network Security Domain 5: Identity and Access Management (IAM) Domain 6: Security Assessment and Testing Domain 7: Security Operations Domain 8: Software Development Security TEST CERTIFICATION Recommended as preparation for the following exam: (ISC)2 Certified Information Systems Security Professional Gaining this accreditation is not just about passing the exam, there are a number of other criteria that need to be met including 5 years of cumulative, paid work experience in two or more of the eight domains of the (ISC)²® CISSP CBK . Full details can be found at https://www.isc2.org/cissp/default.aspx Those without the required experience can take the exam to become an Associate of (ISC)²  while working towards the experience needed for full certification Please note an exam voucher is included as part of this course   [-]

 In Microsoft 365 security management, you will examine all the common types of threat vectors and data breaches facing organizations today, and you will learn how Microsoft 365’s security solutions address these security threats. Global Knowledge will introduce you to the Microsoft Secure Score, as well as to Azure Active Directory Identity Protection. You will then learn how to manage the Microsoft 365 security services, including Exchange Online Protection, Advanced Threat Protection, Safe Attachments, and Safe Links. Finally, you will be introduced to the various reports that monitor your security health. You will then transition from security services to threat intelligence; specifically, using the Security Dashboard and Advanced Threat Analytics to stay ahead of potential security breaches. TARGET AUDIENCE This course is designed for persons who are aspiring to the Microsoft 365 Enterprise Admin role and have completed one of the Microsoft 365 work load administrator certification paths. COURSE OBJECTIVES By actively participating in this course, you will learn about the following: Microsoft 365 Security Metrics Microsoft 365 Security Services Microsoft 365 Threat Intelligence Data Governance in Microsoft 365 Archiving and Retention in Office 365 Data Governance in Microsoft 365 Intelligence Search and Investigations Device Management Windows 10 Deployment Strategies Mobile Device Management COURSE CONTENT Module 1: Introduction to Microsoft 365 Security Metrics Threat Vectors and Data Breaches Security Solutions in Microsoft 365 Introduction to the Secure Score Introduction to Azure Active Directory Identity Protection Module 2: Managing Your Microsoft 365 Security Services Introduction to Exchange Online Protection Introduction to Advanced Threat Protection Managing Safe Attachments Managing Safe Links Monitoring and Reports Module 3: Lab 1 - Manage Microsoft 365 Security Services Exercise 1 - Set up a Microsoft 365 Trial Tenant Exercise 2 - Implement an ATP Safe Links policy and Safe Attachment policy Module 4: Microsoft 365 Threat Intelligence Overview of Microsoft 365 Threat Intelligence Using the Security Dashboard Configuring Advanced Threat Analytics Implementing Your Cloud Application Security Module 5: Lab 2 - Implement Alert Notifications Using the Security Dashboard Exercise 1 - Prepare for implementing Alert Policies Exercise 2 - Implement Security Alert Notifications Exercise 3 - Implement Group Alerts Exercise 4 - Implement eDiscovery Alerts Module 6: Introduction to Data Governance in Microsoft 365 Introduction to Archiving in Microsoft 365 Introduction to Retention in Microsoft 365 Introduction to Information Rights Management Introduction to Secure Multipurpose Internet Mail Extension Introduction to Office 365 Message Encryption Introduction to Data Loss Prevention Module 7: Archiving and Retention in Office 365 In-Place Records Management in SharePoint Archiving and Retention in Exchange Retention Policies in the SCC Module 8: Lab 3 - Implement Archiving and Retention Exercise 1 - Initialize Compliance in Your Organization Exercise 2 - Configure Retention Tags and Policies Exercise 3 - Implement Retention Policies Module 9: Implementing Data Governance in Microsoft 365 Intelligence Planning Your Security and Complaince Needs Building Ethical Walls in Exchange Online Creating a Simple DLP Policy from a Built-in Template Creating a Custom DLP Policy Creating a DLP Policy to Protect Documents Working with Policy Tips Module 10: Lab 4 - Implement DLP Policies Exercise 1 - Manage DLP Policies Exercise 2 - Test MRM and DLP Policies Module 11: Managing Data Governance in Microsoft 365 Managing Retention in Email Troubleshooting Data Governance Implementing Azure Information Protection Implementing Advanced Features of AIP Implementing Windows Information Protection Module 12: Lab 5 - Implement AIP and WIP Exercise 1 - Implement Azure Information Protection Exercise 2 - Implement Windows Information Protection Module 13: Managing Search and Investigations Searching for Content in the Security and Compliance Center Auditing Log Investigations Managing Advanced eDiscovery Module 14: Lab 6 - Manage Search and Investigations Exercise 1 - Investigate Your Microsoft 365 Data Exercise 2 - Configure and Deploy a Data Subject Request Module 15: Planning for Device Management Introduction to Co-management Preparing Your Windows 10 Devices for Co-management Transitioning from Configuration Manager to Intune Introduction to Microsoft Store for Business Planning for Mobile Application Management Module 16: Lab 7 - Implement the Microsoft Store for Business Exercise 1 - Configure the Microsoft Store for Business Exercise 2 - Manage the Microsoft Store for Business Module 17: Planning Your Windows 10 Deployment Strategy Windows 10 Deployment Scenarios Implementing Windows Autopilot Planning Your Windows 10 Subscription Activation Strategy Resolving Windows 10 Upgrade Errors Introduction to Windows Analytics Module 18: Implementing Mobile Device Management Planning Mobile Device Management Deploying Mobile Device Management Enrolling Devices to MDM Managing Device Compliance Module 19: Lab 8 - Manage Devices with Intune Exercise 1 - Enable Device Management Exercise 2 - Configure Azure AD for Intune Exercise 3 - Create Intune Policies Exercise 4 - Enroll a Windows 10 Device Exercise 5 - Manage and Monitor a Device in Intune TEST CERTIFICATION This course helps you to prepare for exam MS101. [-]

MasterClass: Hacking and Securing Windows Infrastructure with Paula Januszkiewicz [-]

GDPR - Certified Data Protection Officer [-]

httpWeb Security for Developers [-]

Bedriftstilbud! Vi tilbyr nå rabatterte priser for på PECB ISO/IEC Foundation 27001 som bedriftsinternt kurs for grupper (minimum 5 personer).Kurset kan holdes i lokalene til Orange Cyberdefense på Lysaker Torg, eller hos dere. Kontakt oss for et godt tilbud.  Har dere sikkerhetskompetansen dere trenger? Orange Cyberdefense holder sertifiseringskurs innen cyber- og informasjonssikkerhet levert av den anerkjente sertifisering- og kursleverandøren PECB. PECB ISO/IEC 27001 Foundation er et 2 dagers kurs, der man vil lære om de grunnleggende elementene for å implementere og lede et styringssystem for informasjonssikkerhet (ISMS) i samsvar med ISO/IEC 27001. Etter kurset vil kursdeltagerne forstå de ulike delene i et ISMS, inkludert policyer, rutiner, måling, internrevisjon og kontinuerlig forbedring. Kurset er ment for bedriftens ansatte som skal delta i innføringen av et styringssystem for informasjonssikkerhet, eller som trenger å lære mer om informasjonssikkerhet og styring av dette i en virksomhet.  Læringsmål for kurset Kjennskap til ISO/IEC 27001 og kunne se sammenhenger mellom ISO/IEC 27001, ISO/IEC 27002 og andre rammeverk. Forstå ulike tilnærminger, standarder, metoder og teknikker som brukes for å implementere og styre et ISMS. Kunne drifte elementene i et styringssystem for informasjonssikkerhet ISMS.   Bindende påmelding Vi forbeholder oss retten til å utsette kurs ved for få deltakere/ påmeldte. Tilbud om ny kursdato vil bli gitt.  [-]

CISSP Certification Boot Camp [-]

ISO/IEC 27005 Lead Risk Manager [-]

Studieår: 2013-2014   Gjennomføring: Høst og vår Antall studiepoeng: 5.0 Forutsetninger: IFUD1012 Internett og sikkerhet Innleveringer: Øvinger: 3 av 5 må være godkjent. Vurderingsform: Skriftlig eksamen, 3 timer (60 %). Det gjennomføres 3 obligatoriske større øvingsarbeider gruppevis underveis i kurset. Disse får en midlertidig vurdering/tilbakemelding og kan deretter leveres på nytt til en samlet sluttvurdering som teller 40 % på karakteren. Ansvarlig: Ole Christian Eidheim Eksamensdato: 12.12.13 / 26.05.14         Læremål: Etter å ha gjennomført emnet Informasjonssikkerhetsstyring skal studenten ha følgende samlede læringsutbytter: KUNNSKAPER:Kandidaten:- kan gjøre rede for hva informasjonssikkerhet betyr for en bedrifts økonomi og omdømme- kan gjøre rede for hva standardene ISO 27001 og ISO 27002 inneholder og hvordan de benyttes i sikkerhetsarbeidet- kjenner til prinsippene i Demmings sirkel og kunne redegjøre for betydningen av disse for det kontinuerlige sikkerhetsarbeidet- kjenner til en trinnvis plan for innføring av et styringssystem for informasjonssikkerhet (ISMS) og kunne redegjøre for de kritiske suksessfaktorene i hver av fasene- kan redegjøre for forutsetninger og tiltak for å skape en sikkerhetskultur i en bedrift- kan redegjøre for den trinnvise prosessen frem mot sertifisering av et ISMS eller produkt- kan redegjøre for rollen til målinger og evalueringer i sikkerhetsarbeidet FERDIGHETER:Kandidaten kan:- kartlegge trusselbildet for en konkret bedrift- gjennomføre en risikoanalyse for en bedrift på en strukturert og systematisk måte- innføre tiltak for å redusere risikoverdien for kartlagte trusler som har for høy risikoverdi- velge og utarbeide relevante sikkerhetspolicyer for en konkret bedrift- utarbeide forslag til en organisasjonsstruktur for sikkerhetsarbeidet i en konkret bedrift- analysere behovet for sertifisering av ISMS for en konkret bedrift og gi anbefalinger om veien dit GENERELL KOMPETANSE:Kandidaten kan:- kommunisere med og forstå brukernes behov- involvere de ansatte i endringsprosesser i bedriften og vite hvilke ressurser/kompetanse disse kan bidra med- involvere eksterne konsulenter i endringsprosesser i bedriften og vite hvilke ressurser/kompetanse disse kan bidra med Innhold:Trusselbildet, styringssystemer, rammer for sikkerhetsarbeidet, sikkerhetsstandardene ISO27001 og 27002, gap-analyse, risikoanalyse, sikkerhetspolicy, ulike sikringstiltak, sikkerhetskultur, sikkerhet i informasjonssystemer, veien til sertifisering, måling og evaluering, kontinuerlig forbedringLes mer om faget her Påmeldingsfrist: 25.08.13 / 25.01.14         Velg semester:  Høst 2013    Vår 2014     Fag Informasjonssikkerhetsstyring 4980,-         Semesteravgift og eksamenskostnader kommer i tillegg.    [-]

. Students will also learn how to design and architect solutions using zero trust principles and specify security requirements for cloud infrastructure in different service models (SaaS, PaaS, IaaS). TARGET AUDIENCE IT professionals with advanced experience and knowledge in a wide range of security engineering areas, including identity and access, platform protection, security operations, securing data, and securing applications. They should also have experience with hybrid and cloud implementations. COURSE OBJECTIVES Design a Zero Trust strategy and architecture Evaluate Governance Risk Compliance (GRC) technical strategies and security operations strategies Design security for infrastructure Design a strategy for data and applications COURSE CONTENT Module 1: Build an overall security strategy and architecture Learn how to build an overall security strategy and architecture. Lessons M1 Introduction Zero Trust overview Develop Integration points in an architecture Develop security requirements based on business goals Translate security requirements into technical capabilities Design security for a resiliency strategy Design a security strategy for hybrid and multi-tenant environments Design technical and governance strategies for traffic filtering and segmentation Understand security for protocols Exercise: Build an overall security strategy and architecture Knowledge check Summary After completing module 1, students will be able to: Develop Integration points in an architecture Develop security requirements based on business goals Translate security requirements into technical capabilities Design security for a resiliency strategy Design security strategy for hybrid and multi-tenant environments Design technical and governance strategies for traffic filtering and segmentation Module 2: Design a security operations strategy Learn how to design a security operations strategy. Lessons M2 Introduction Understand security operations frameworks, processes, and procedures Design a logging and auditing security strategy Develop security operations for hybrid and multi-cloud environments Design a strategy for Security Information and Event Management (SIEM) and Security Orchestration, Evaluate security workflows Review security strategies for incident management Evaluate security operations strategy for sharing technical threat intelligence Monitor sources for insights on threats and mitigations After completing module 2, students will be able to: Design a logging and auditing security strategy Develop security operations for hybrid and multi-cloud environments. Design a strategy for Security Information and Event Management (SIEM) and Security Orchestration, A Evaluate security workflows. Review security strategies for incident management. Evaluate security operations for technical threat intelligence. Monitor sources for insights on threats and mitigations. Module 3: Design an identity security strategy Learn how to design an identity security strategy. Lessons M3 Introduction Secure access to cloud resources Recommend an identity store for security Recommend secure authentication and security authorization strategies Secure conditional access Design a strategy for role assignment and delegation Define Identity governance for access reviews and entitlement management Design a security strategy for privileged role access to infrastructure Design a security strategy for privileged activities Understand security for protocols After completing module 3, students will be able to: Recommend an identity store for security. Recommend secure authentication and security authorization strategies. Secure conditional access. Design a strategy for role assignment and delegation. Define Identity governance for access reviews and entitlement management. Design a security strategy for privileged role access to infrastructure. Design a security strategy for privileged access. Module 4: Evaluate a regulatory compliance strategy Learn how to evaluate a regulatory compliance strategy. Lessons M4 Introduction Interpret compliance requirements and their technical capabilities Evaluate infrastructure compliance by using Microsoft Defender for Cloud Interpret compliance scores and recommend actions to resolve issues or improve security Design and validate implementation of Azure Policy Design for data residency Requirements Translate privacy requirements into requirements for security solutions After completing module 4, students will be able to: Interpret compliance requirements and their technical capabilities Evaluate infrastructure compliance by using Microsoft Defender for Cloud Interpret compliance scores and recommend actions to resolve issues or improve security Design and validate implementation of Azure Policy Design for data residency requirements Translate privacy requirements into requirements for security solutions Module 5: Evaluate security posture and recommend technical strategies to manage risk Learn how to evaluate security posture and recommend technical strategies to manage risk. Lessons M5 Introduction Evaluate security postures by using benchmarks Evaluate security postures by using Microsoft Defender for Cloud Evaluate security postures by using Secure Scores Evaluate security hygiene of Cloud Workloads Design security for an Azure Landing Zone Interpret technical threat intelligence and recommend risk mitigations Recommend security capabilities or controls to mitigate identified risks After completing module 5, students will be able to: Evaluate security postures by using benchmarks Evaluate security postures by using Microsoft Defender for Cloud Evaluate security postures by using Secure Scores Evaluate security hygiene of Cloud Workloads Design security for an Azure Landing Zone Interpret technical threat intelligence and recommend risk mitigations Recommend security capabilities or controls to mitigate identified risks Module 6: Understand architecture best practices and how they are changing with the Cloud Learn about architecture best practices and how they are changing with the Cloud. Lessons M6 Introduction Plan and implement a security strategy across teams Establish a strategy and process for proactive and continuous evolution of a security strategy Understand network protocols and best practices for network segmentation and traffic filtering After completing module 6, students will be able to: Describe best practices for network segmentation and traffic filtering. Plan and implement a security strategy across teams. Establish a strategy and process for proactive and continuous evaluation of security strategy. Module 7: Design a strategy for securing server and client endpoints Learn how to design a strategy for securing server and client endpoints. Lessons M7 Introduction Specify security baselines for server and client endpoints Specify security requirements for servers Specify security requirements for mobile devices and clients Specify requirements for securing Active Directory Domain Services Design a strategy to manage secrets, keys, and certificates Design a strategy for secure remote access Understand security operations frameworks, processes, and procedures Understand deep forensics procedures by resource type After completing module 7, students will be able to: Specify security baselines for server and client endpoints Specify security requirements for servers Specify security requirements for mobile devices and clients Specify requirements for securing Active Directory Domain Services Design a strategy to manage secrets, keys, and certificates Design a strategy for secure remote access Understand security operations frameworks, processes, and procedures Understand deep forensics procedures by resource type Module 8: Design a strategy for securing PaaS, IaaS, and SaaS services Learn how to design a strategy for securing PaaS, IaaS, and SaaS services. Lessons M8 Introduction Specify security baselines for PaaS services Specify security baselines for IaaS services Specify security baselines for SaaS services Specify security requirements for IoT workloads Specify security requirements for data workloads Specify security requirements for web workloads Specify security requirements for storage workloads Specify security requirements for containers Specify security requirements for container orchestration After completing module 8, students will be able to: Specify security baselines for PaaS, SaaS and IaaS services Specify security requirements for IoT, data, storage, and web workloads Specify security requirements for containers and container orchestration Module 9: Specify security requirements for applications Learn how to specify security requirements for applications. Lessons M9 Introduction Understand application threat modeling Specify priorities for mitigating threats to applications Specify a security standard for onboarding a new application Specify a security strategy for applications and APIs After completing module 9, students will be able to: Specify priorities for mitigating threats to applications Specify a security standard for onboarding a new application Specify a security strategy for applications and APIs Module 10: Design a strategy for securing data Learn how to design a strategy for securing data. Lessons M10 Introduction Prioritize mitigating threats to data Design a strategy to identify and protect sensitive data Specify an encryption standard for data at rest and in motion After completing module 10, students will be able to: Prioritize mitigating threats to data Design a strategy to identify and protect sensitive data Specify an encryption standard for data at rest and in motion [-]

Studieår: 2013-2014   Gjennomføring: Høst og vår Antall studiepoeng: 5.0 Forutsetninger: Ingen. Innleveringer: For å kunne gå opp til eksamen må 8 av 12 øvinger være godkjent. Personlig veileder: ja Vurderingsform: Skriftlig, individuell, 3 timer,  Ansvarlig: Olav Skundberg Eksamensdato: 16.12.13 / 26.05.14         Læremål: KUNNSKAPER:Kandidaten kan:- forklare hvordan en datamaskin utsettes for angrep gjennom skadelig programvare og hvordan man kan beskytte seg mot dette- beskrive ulike typer nettbaserte angrep og hvordan man kan beskytte seg mot dette- beskrive ulike krypteringsmekanismer og forklare hvordan digitale sertifikat brukes for å oppnå sikre tjenester.- referere til aktuelle lover og retningslinjer innen sikkerhet- gjøre greie for en organisasjonsmessig informasjonssikkerhetssikkerhetspolicy FERDIGHETER:Kandidaten kan:- kontrollere egen PC for skadelig programvare- kontrollere at installert programvare er oppdatert- utføre pakkefangst med Wireshark og tolke resultatet GENERELL KOMPETANSE:Kandidaten:- er bevisst på å holde programvare oppdatert og å bruke nettvett Innhold:Skadelig programvare: sikkerhetshull, informasjonskapsler, virus og antivirus Nettverk: Virtuelle private nett (VPN), brannmur, demilitarisert sone (DMZ), tjenestenektangrep Sikre tjenester: Krypteringsmetoder og sjekksum. Digitale sertifikater og Public Key Infrastructure (PKI) Samfunn og virksomhet: ekom-loven og personvernloven. Sikkerhetshåndbok og ISO27001Les mer om faget herDemo: Her er en introduksjonsvideo for faget Påmeldingsfrist: 25.08.13 / 25.01.14         Velg semester:  Høst 2013    Vår 2014     Fag Internett og sikkerhet 4980,-         Semesteravgift og eksamenskostnader kommer i tillegg.  [-]

MS-500: Microsoft 365 Security Administrator [-]

ISO/IEC 27001 Introduction [-]

ISO/IEC 27701 Foundation [-]