Sikkerhetskurs for IT

httpWeb Security for Developers [-]

ISO/IEC 27701 Lead Implementer [-]

MS-500: Microsoft 365 Security Administrator [-]

 In Microsoft 365 security management, you will examine all the common types of threat vectors and data breaches facing organizations today, and you will learn how Microsoft 365’s security solutions address these security threats. Global Knowledge will introduce you to the Microsoft Secure Score, as well as to Azure Active Directory Identity Protection. You will then learn how to manage the Microsoft 365 security services, including Exchange Online Protection, Advanced Threat Protection, Safe Attachments, and Safe Links. Finally, you will be introduced to the various reports that monitor your security health. You will then transition from security services to threat intelligence; specifically, using the Security Dashboard and Advanced Threat Analytics to stay ahead of potential security breaches. TARGET AUDIENCE This course is designed for persons who are aspiring to the Microsoft 365 Enterprise Admin role and have completed one of the Microsoft 365 work load administrator certification paths. COURSE OBJECTIVES By actively participating in this course, you will learn about the following: Microsoft 365 Security Metrics Microsoft 365 Security Services Microsoft 365 Threat Intelligence Data Governance in Microsoft 365 Archiving and Retention in Office 365 Data Governance in Microsoft 365 Intelligence Search and Investigations Device Management Windows 10 Deployment Strategies Mobile Device Management COURSE CONTENT Module 1: Introduction to Microsoft 365 Security Metrics Threat Vectors and Data Breaches Security Solutions in Microsoft 365 Introduction to the Secure Score Introduction to Azure Active Directory Identity Protection Module 2: Managing Your Microsoft 365 Security Services Introduction to Exchange Online Protection Introduction to Advanced Threat Protection Managing Safe Attachments Managing Safe Links Monitoring and Reports Module 3: Lab 1 - Manage Microsoft 365 Security Services Exercise 1 - Set up a Microsoft 365 Trial Tenant Exercise 2 - Implement an ATP Safe Links policy and Safe Attachment policy Module 4: Microsoft 365 Threat Intelligence Overview of Microsoft 365 Threat Intelligence Using the Security Dashboard Configuring Advanced Threat Analytics Implementing Your Cloud Application Security Module 5: Lab 2 - Implement Alert Notifications Using the Security Dashboard Exercise 1 - Prepare for implementing Alert Policies Exercise 2 - Implement Security Alert Notifications Exercise 3 - Implement Group Alerts Exercise 4 - Implement eDiscovery Alerts Module 6: Introduction to Data Governance in Microsoft 365 Introduction to Archiving in Microsoft 365 Introduction to Retention in Microsoft 365 Introduction to Information Rights Management Introduction to Secure Multipurpose Internet Mail Extension Introduction to Office 365 Message Encryption Introduction to Data Loss Prevention Module 7: Archiving and Retention in Office 365 In-Place Records Management in SharePoint Archiving and Retention in Exchange Retention Policies in the SCC Module 8: Lab 3 - Implement Archiving and Retention Exercise 1 - Initialize Compliance in Your Organization Exercise 2 - Configure Retention Tags and Policies Exercise 3 - Implement Retention Policies Module 9: Implementing Data Governance in Microsoft 365 Intelligence Planning Your Security and Complaince Needs Building Ethical Walls in Exchange Online Creating a Simple DLP Policy from a Built-in Template Creating a Custom DLP Policy Creating a DLP Policy to Protect Documents Working with Policy Tips Module 10: Lab 4 - Implement DLP Policies Exercise 1 - Manage DLP Policies Exercise 2 - Test MRM and DLP Policies Module 11: Managing Data Governance in Microsoft 365 Managing Retention in Email Troubleshooting Data Governance Implementing Azure Information Protection Implementing Advanced Features of AIP Implementing Windows Information Protection Module 12: Lab 5 - Implement AIP and WIP Exercise 1 - Implement Azure Information Protection Exercise 2 - Implement Windows Information Protection Module 13: Managing Search and Investigations Searching for Content in the Security and Compliance Center Auditing Log Investigations Managing Advanced eDiscovery Module 14: Lab 6 - Manage Search and Investigations Exercise 1 - Investigate Your Microsoft 365 Data Exercise 2 - Configure and Deploy a Data Subject Request Module 15: Planning for Device Management Introduction to Co-management Preparing Your Windows 10 Devices for Co-management Transitioning from Configuration Manager to Intune Introduction to Microsoft Store for Business Planning for Mobile Application Management Module 16: Lab 7 - Implement the Microsoft Store for Business Exercise 1 - Configure the Microsoft Store for Business Exercise 2 - Manage the Microsoft Store for Business Module 17: Planning Your Windows 10 Deployment Strategy Windows 10 Deployment Scenarios Implementing Windows Autopilot Planning Your Windows 10 Subscription Activation Strategy Resolving Windows 10 Upgrade Errors Introduction to Windows Analytics Module 18: Implementing Mobile Device Management Planning Mobile Device Management Deploying Mobile Device Management Enrolling Devices to MDM Managing Device Compliance Module 19: Lab 8 - Manage Devices with Intune Exercise 1 - Enable Device Management Exercise 2 - Configure Azure AD for Intune Exercise 3 - Create Intune Policies Exercise 4 - Enroll a Windows 10 Device Exercise 5 - Manage and Monitor a Device in Intune TEST CERTIFICATION This course helps you to prepare for exam MS101. [-]

ISO/IEC 27001 Lead Implementer [-]

MasterClass: Hacking and Securing Windows Infrastructure with Paula Januszkiewicz [-]

COURSE OVERVIEW The Certified Information Systems Security Professional (CISSP) is the most globally recognized certification in the cybersecurity market. CISSP validates a cybersecurity professional’s deep technical and managerial knowledge and experience to effectively design, engineer and manage an organization’s overall security posture. Please note an exam voucher is included as part of this course TARGET AUDIENCE Cybersecurity professionals with at least 5 years in the information security field. Member data has shown that amajority of CISSP holders are in middle management and a much smaller proportion are in senior or junior/entry-level positions. Roles include:• Chief Information Officer• Chief Information Security Officer• Chief Technology Officer• Compliance Manager / Officer• Director of Security• Information Architect• Information Manager / Information RiskManager or Consultant• IT Specialist / Director / Manager• Network / System Administrator• Security Administrator• Security Architect / Security Analyst• Security Consultant• Security Manager• Security Systems Engineer / Security EngineerSectorsCISSP is relevant across all sectors and industries, including:• Aerospace• Automotive• Banking, financial services, insurance (BFSI)• Construction• Cybersecurity• Energy• Engineering• Government• Healthcare, IT products, services, consulting• Manufacturing• Pharma• Retail• Telecom COURSE OBJECTIVESAfter completing this course you should be able to: Understand and apply fundamental concepts and methods related to the fields of information technology and security Align overall organizational operational goals with security functions and implementations. Understand how to protect assets of the organization as they go through their lifecycle. Understand the concepts, principles, structures and standards used to design, implement, monitor and secure operating systems, equipment, networks, applications and those controls used to enforce various levels of confidentiality, integrity and availability. Implement system security through the application of security design principles and application of appropriate security control mitigations for vulnerabilities present in common information system types and architectures. Understand the importance of cryptography and the security services it can provide in today’s digital and information age. Understand the impact of physical security elements on information system security and apply secure design principles to evaluate or recommend appropriate physical security protections. Understand the elements that comprise communication and network security coupled with a thorough description of how the communication and network systems function. List the concepts and architecture that define the associated technology and implementation systems and protocols at Open Systems Interconnection (OSI) model layers 1-7. Identify standard terms for applying physical and logical access controls to environments related to their security practice. Appraise various access control models to meet business security requirements. Name primary methods for designing and validating test and audit strategies that support business requirements. Enhance and optimize an organization’s operational function and capacity by applying and utilizing appropriate security controls and countermeasures. Recognize risks to an organization’s operational endeavours and assess specific threats, vulnerabilities and controls. Understand the System Lifecycle (SLC) and the Software Development Lifecycle (SDLC) and how to apply security to it; identify which security control(s) are appropriate for the development environment; and assess the effectiveness of software security. COURSE CONTENT Domain 1: Security and Risk Management Domain 2: Asset Security Domain 3: Security Architecture and Engineering Domain 4: Communication and Network Security Domain 5: Identity and Access Management (IAM) Domain 6: Security Assessment and Testing Domain 7: Security Operations Domain 8: Software Development Security TEST CERTIFICATION Recommended as preparation for the following exam: (ISC)2 Certified Information Systems Security Professional Gaining this accreditation is not just about passing the exam, there are a number of other criteria that need to be met including 5 years of cumulative, paid work experience in two or more of the eight domains of the (ISC)²® CISSP CBK . Full details can be found at https://www.isc2.org/cissp/default.aspx Those without the required experience can take the exam to become an Associate of (ISC)²  while working towards the experience needed for full certification Please note an exam voucher is included as part of this course   [-]

CCSP: Certified Cloud Security Professional [-]

ISO/IEC 27005 Lead Risk Manager [-]

ISO/IEC 27701 Foundation [-]

GDPR - Certified Data Protection Officer [-]

Personvernforordningen / General Data Protection Regulation (GDPR) Vi går gjennom de deler du må ha kompetanse om, og du får fyldig kursmateriale med deg hjem, slik at du enklere kan mester fagområdet etter kurset. Men på ettdagskurs er det ikke dybdegejnnomgang av områder som DPIA, teknologi og prosess rundt GAP planer. Du får alikevel med deg materiale så du kan lese etterpå. Hva er formålet med forordninga og hvordan forordningen er strukturert. Vi går gjennom  tilsynsmyndighet og hvilke innvirkninger den loven har på Norge, EU og andre land.  Du får kompetanse om hovedpunkter i forordningen med de viktige nøkkelkonsepter, kategorier for personlig informasjon og prinsipper for databeskyttelse. Den registrertes rettigheter og hvordan analyser utfordringer og problemer En viktig kompetanse som mange ikke kjenner godt nok er hvilke roller, forpliktelser og behandlingsaktiviteter som må mestres, så vi ser på personvernombudets betegnelser  Konsekvensanalyse av databeskyttelse og personvernombudet Behandlingsaktiviteter og personvernombudet  Kontrollers ansvar Personvernombudet sitt ansvarRegistrering av behandlingsaktiviteterSamarbeid med tilsynsmyndighetHvordan starte program for å etterleve personvernforordningenHvem må forholde seg til personvernforordningenMetoder og tilnærmingForbered program for personvernforordningenHvordan avdekke mangler  og i dentifiser strategiske målLedelsens ansvar og godkjenning [-]

. Students will also learn how to design and architect solutions using zero trust principles and specify security requirements for cloud infrastructure in different service models (SaaS, PaaS, IaaS). TARGET AUDIENCE IT professionals with advanced experience and knowledge in a wide range of security engineering areas, including identity and access, platform protection, security operations, securing data, and securing applications. They should also have experience with hybrid and cloud implementations. COURSE OBJECTIVES Design a Zero Trust strategy and architecture Evaluate Governance Risk Compliance (GRC) technical strategies and security operations strategies Design security for infrastructure Design a strategy for data and applications COURSE CONTENT Module 1: Build an overall security strategy and architecture Learn how to build an overall security strategy and architecture. Lessons M1 Introduction Zero Trust overview Develop Integration points in an architecture Develop security requirements based on business goals Translate security requirements into technical capabilities Design security for a resiliency strategy Design a security strategy for hybrid and multi-tenant environments Design technical and governance strategies for traffic filtering and segmentation Understand security for protocols Exercise: Build an overall security strategy and architecture Knowledge check Summary After completing module 1, students will be able to: Develop Integration points in an architecture Develop security requirements based on business goals Translate security requirements into technical capabilities Design security for a resiliency strategy Design security strategy for hybrid and multi-tenant environments Design technical and governance strategies for traffic filtering and segmentation Module 2: Design a security operations strategy Learn how to design a security operations strategy. Lessons M2 Introduction Understand security operations frameworks, processes, and procedures Design a logging and auditing security strategy Develop security operations for hybrid and multi-cloud environments Design a strategy for Security Information and Event Management (SIEM) and Security Orchestration, Evaluate security workflows Review security strategies for incident management Evaluate security operations strategy for sharing technical threat intelligence Monitor sources for insights on threats and mitigations After completing module 2, students will be able to: Design a logging and auditing security strategy Develop security operations for hybrid and multi-cloud environments. Design a strategy for Security Information and Event Management (SIEM) and Security Orchestration, A Evaluate security workflows. Review security strategies for incident management. Evaluate security operations for technical threat intelligence. Monitor sources for insights on threats and mitigations. Module 3: Design an identity security strategy Learn how to design an identity security strategy. Lessons M3 Introduction Secure access to cloud resources Recommend an identity store for security Recommend secure authentication and security authorization strategies Secure conditional access Design a strategy for role assignment and delegation Define Identity governance for access reviews and entitlement management Design a security strategy for privileged role access to infrastructure Design a security strategy for privileged activities Understand security for protocols After completing module 3, students will be able to: Recommend an identity store for security. Recommend secure authentication and security authorization strategies. Secure conditional access. Design a strategy for role assignment and delegation. Define Identity governance for access reviews and entitlement management. Design a security strategy for privileged role access to infrastructure. Design a security strategy for privileged access. Module 4: Evaluate a regulatory compliance strategy Learn how to evaluate a regulatory compliance strategy. Lessons M4 Introduction Interpret compliance requirements and their technical capabilities Evaluate infrastructure compliance by using Microsoft Defender for Cloud Interpret compliance scores and recommend actions to resolve issues or improve security Design and validate implementation of Azure Policy Design for data residency Requirements Translate privacy requirements into requirements for security solutions After completing module 4, students will be able to: Interpret compliance requirements and their technical capabilities Evaluate infrastructure compliance by using Microsoft Defender for Cloud Interpret compliance scores and recommend actions to resolve issues or improve security Design and validate implementation of Azure Policy Design for data residency requirements Translate privacy requirements into requirements for security solutions Module 5: Evaluate security posture and recommend technical strategies to manage risk Learn how to evaluate security posture and recommend technical strategies to manage risk. Lessons M5 Introduction Evaluate security postures by using benchmarks Evaluate security postures by using Microsoft Defender for Cloud Evaluate security postures by using Secure Scores Evaluate security hygiene of Cloud Workloads Design security for an Azure Landing Zone Interpret technical threat intelligence and recommend risk mitigations Recommend security capabilities or controls to mitigate identified risks After completing module 5, students will be able to: Evaluate security postures by using benchmarks Evaluate security postures by using Microsoft Defender for Cloud Evaluate security postures by using Secure Scores Evaluate security hygiene of Cloud Workloads Design security for an Azure Landing Zone Interpret technical threat intelligence and recommend risk mitigations Recommend security capabilities or controls to mitigate identified risks Module 6: Understand architecture best practices and how they are changing with the Cloud Learn about architecture best practices and how they are changing with the Cloud. Lessons M6 Introduction Plan and implement a security strategy across teams Establish a strategy and process for proactive and continuous evolution of a security strategy Understand network protocols and best practices for network segmentation and traffic filtering After completing module 6, students will be able to: Describe best practices for network segmentation and traffic filtering. Plan and implement a security strategy across teams. Establish a strategy and process for proactive and continuous evaluation of security strategy. Module 7: Design a strategy for securing server and client endpoints Learn how to design a strategy for securing server and client endpoints. Lessons M7 Introduction Specify security baselines for server and client endpoints Specify security requirements for servers Specify security requirements for mobile devices and clients Specify requirements for securing Active Directory Domain Services Design a strategy to manage secrets, keys, and certificates Design a strategy for secure remote access Understand security operations frameworks, processes, and procedures Understand deep forensics procedures by resource type After completing module 7, students will be able to: Specify security baselines for server and client endpoints Specify security requirements for servers Specify security requirements for mobile devices and clients Specify requirements for securing Active Directory Domain Services Design a strategy to manage secrets, keys, and certificates Design a strategy for secure remote access Understand security operations frameworks, processes, and procedures Understand deep forensics procedures by resource type Module 8: Design a strategy for securing PaaS, IaaS, and SaaS services Learn how to design a strategy for securing PaaS, IaaS, and SaaS services. Lessons M8 Introduction Specify security baselines for PaaS services Specify security baselines for IaaS services Specify security baselines for SaaS services Specify security requirements for IoT workloads Specify security requirements for data workloads Specify security requirements for web workloads Specify security requirements for storage workloads Specify security requirements for containers Specify security requirements for container orchestration After completing module 8, students will be able to: Specify security baselines for PaaS, SaaS and IaaS services Specify security requirements for IoT, data, storage, and web workloads Specify security requirements for containers and container orchestration Module 9: Specify security requirements for applications Learn how to specify security requirements for applications. Lessons M9 Introduction Understand application threat modeling Specify priorities for mitigating threats to applications Specify a security standard for onboarding a new application Specify a security strategy for applications and APIs After completing module 9, students will be able to: Specify priorities for mitigating threats to applications Specify a security standard for onboarding a new application Specify a security strategy for applications and APIs Module 10: Design a strategy for securing data Learn how to design a strategy for securing data. Lessons M10 Introduction Prioritize mitigating threats to data Design a strategy to identify and protect sensitive data Specify an encryption standard for data at rest and in motion After completing module 10, students will be able to: Prioritize mitigating threats to data Design a strategy to identify and protect sensitive data Specify an encryption standard for data at rest and in motion [-]

Studieår: 2013-2014   Gjennomføring: Høst og vår Antall studiepoeng: 5.0 Forutsetninger: IFUD1012 Internett og sikkerhet Innleveringer: Øvinger: 3 av 5 må være godkjent. Vurderingsform: Skriftlig eksamen, 3 timer (60 %). Det gjennomføres 3 obligatoriske større øvingsarbeider gruppevis underveis i kurset. Disse får en midlertidig vurdering/tilbakemelding og kan deretter leveres på nytt til en samlet sluttvurdering som teller 40 % på karakteren. Ansvarlig: Ole Christian Eidheim Eksamensdato: 12.12.13 / 26.05.14         Læremål: Etter å ha gjennomført emnet Informasjonssikkerhetsstyring skal studenten ha følgende samlede læringsutbytter: KUNNSKAPER:Kandidaten:- kan gjøre rede for hva informasjonssikkerhet betyr for en bedrifts økonomi og omdømme- kan gjøre rede for hva standardene ISO 27001 og ISO 27002 inneholder og hvordan de benyttes i sikkerhetsarbeidet- kjenner til prinsippene i Demmings sirkel og kunne redegjøre for betydningen av disse for det kontinuerlige sikkerhetsarbeidet- kjenner til en trinnvis plan for innføring av et styringssystem for informasjonssikkerhet (ISMS) og kunne redegjøre for de kritiske suksessfaktorene i hver av fasene- kan redegjøre for forutsetninger og tiltak for å skape en sikkerhetskultur i en bedrift- kan redegjøre for den trinnvise prosessen frem mot sertifisering av et ISMS eller produkt- kan redegjøre for rollen til målinger og evalueringer i sikkerhetsarbeidet FERDIGHETER:Kandidaten kan:- kartlegge trusselbildet for en konkret bedrift- gjennomføre en risikoanalyse for en bedrift på en strukturert og systematisk måte- innføre tiltak for å redusere risikoverdien for kartlagte trusler som har for høy risikoverdi- velge og utarbeide relevante sikkerhetspolicyer for en konkret bedrift- utarbeide forslag til en organisasjonsstruktur for sikkerhetsarbeidet i en konkret bedrift- analysere behovet for sertifisering av ISMS for en konkret bedrift og gi anbefalinger om veien dit GENERELL KOMPETANSE:Kandidaten kan:- kommunisere med og forstå brukernes behov- involvere de ansatte i endringsprosesser i bedriften og vite hvilke ressurser/kompetanse disse kan bidra med- involvere eksterne konsulenter i endringsprosesser i bedriften og vite hvilke ressurser/kompetanse disse kan bidra med Innhold:Trusselbildet, styringssystemer, rammer for sikkerhetsarbeidet, sikkerhetsstandardene ISO27001 og 27002, gap-analyse, risikoanalyse, sikkerhetspolicy, ulike sikringstiltak, sikkerhetskultur, sikkerhet i informasjonssystemer, veien til sertifisering, måling og evaluering, kontinuerlig forbedringLes mer om faget her Påmeldingsfrist: 25.08.13 / 25.01.14         Velg semester:  Høst 2013    Vår 2014     Fag Informasjonssikkerhetsstyring 4980,-         Semesteravgift og eksamenskostnader kommer i tillegg.    [-]

  Studieår: 2013-2014   Gjennomføring: Høst og vår Antall studiepoeng: 5.0 Forutsetninger: Faget «Datakommunikasjon» eller tilsvarende grunnleggende fag. (TCP/IP forutsettes kjent). Faget «Nettverksteknologi» Innleveringer: Øvinger: 8 av 12 må være godkjent. Øvingene må dekke en bred del av pensum. Vurderingsform: Skriftlig, individuell, 3 timer, Ansvarlig: Helge Hafting Eksamensdato: 04.12.13 / 07.05.14         Læremål: KUNNSKAPER:Kandidaten:- kan forklare en del protokollbaserte farer/angrep i kablede og trådløse nett- kan gjøre rede for mottiltak mot angrepene over- kan gjøre rede for andre farer og mottiltak, som fysiske sikringstiltak og «social engineering»- kan gjøre rede for og planlegge bruk av vanlige sikringstiltak som IDS, IPS, VPN og proxyer FERDIGHETER:Kandidaten kan:- sette i drift et VPN- installere brannmur- Observere nettverkstrafikk med pakkesniffer GENERELL KOMPETANSE:Kandidaten:- kan granske sikkerheten i et nettverk, og velge passende tiltak.Innhold:Generell nettverkssikkerhet. Hvordan planlegge, organisere og sette sikkerhet i små og store nettverk. Brannmurer, VPN, IDS/IPS. Sikkerhet rundt epost, trådløse nett og rutere. En del vanlige angrep, og mottiltak.Les mer om faget her Påmeldingsfrist: 25.08.13 / 25.01.14         Velg semester:  Høst 2013    Vår 2014     Fag Nettverkssikkerhet 4980,-         Semesteravgift og eksamenskostnader kommer i tillegg.    [-]