Main › EC-Council Certified Incident Handler V2

EC-Council Certified Incident Handler V2

Course description:

This latest iteration of EC-Council’s Certified Incident Handler (E|CIH) program has been designed and developed in collaboration with cybersecurity and incident handling and response practitioners across the globe.

It is a comprehensive specialist-level program that imparts knowledge and skills that organizations need to effectively handle post breach consequences by reducing the impact of the incident, from both a financial and a reputational perspective.

Following a rigorous development which included a careful Job Task Analysis (JTA) related to incident handling and incident first responder jobs, EC-Council developed a highly interactive, comprehensive, standards-based, intensive 3-day training program and certification that provides a structured approach to learning real-world incident handling and response requirements.

Purpose of the course:

To enable individuals and organizations with the ability to handle and respond to different types of cybersecurity incidents in a systematic way.
To ensure that organization can identify, contain, and recover from an attack.
To reinstate regular operations of the organization as early as possible and mitigate the negative impact on the business operations.
To be able to draft security policies with efficacy and ensure that the quality of services is maintained at the agreed levels.
To minimize the loss and after-effects breach of the incident.
For individuals: To enhance skills on incident handling and boost their employability.

Course objectives:

Understand the key issues plaguing the information security world
Learn to combat different types of cybersecurity threats, attack vectors, threat actors and their motives
Learn the fundamentals of incident management including the signs and costs of an incident
Understand the fundamentals of vulnerability management, threat assessment, risk management, and incident response automation and orchestration
Master all incident handling and response best practices, standards, cybersecurity frameworks, laws, acts, and regulations
Decode the various steps involved in planning an incident handling and response program
Gain an understanding of the fundamentals of computer forensics and forensic readiness
Comprehend the importance of the first response procedure including evidence collection, packaging, transportation, storing, data acquisition, volatile and static evidence collection, and evidence analysis
Understand anti-forensics techniques used by attackers to find cybersecurity incident cover-ups
Apply the right techniques to different types of cybersecurity incidents in a systematic manner including malware incidents, email security incidents, network security incidents, web application security incidents, cloud security incidents, and insider threat-related incidents

For whom this course is suitable:

Penetration Testers
Vulnerability Assessment Auditors
Risk Assessment Administrators
Network Administrators
Application Security Engineers
Cyber Forensic Investigators/ Analyst and SOC Analyst
System Administrators/Engineers
Firewall Administrators and Network Managers/IT Managers

Course Outline:

Module 01: Introduction to Incident Handling and Response
Module 02: Incident Handling and Response Process
Module 03: Forensic Readiness and First Response
Module 04: Handling and Responding to Malware Incidents
Module 05: Handling and Responding to Email Security Incidents
Module 06: Handling and Responding to Network Security Incidents
Module 07: Handling and Responding to Web Application Security Incidents
Module 08: Handling and Responding to Cloud Security Incidents
Module 09: Handling and Responding to Insider Threats

What you will get as part of the course:

– authorized educational literature

– access to practical laboratory work

– a trainer certified by the EC-Council company

– a certificate of completion of official training on the course

Full course description https://www.eccouncil.org/ECIH-v2

*the E|CIH exam can be taken after completing the official E|CIH course

Main › CompTIA Network +

CompTIA Network +

COURSE DESCRIPTION

This course provides a definition and in-depth description of the main modern technologies of computer networks. The main methods of administration, management and troubleshooting of modern networks will also be considered.

THE PURPOSE OF THE COURSE

Teach basic skills in working with network equipment and information security equipment. As a result of this course, students will gain basic practical knowledge on setting up network protocols and security policies

AUDIENCE

engineers partners, customers

COURSE CONTENT

The following topics will be covered in this course:

Basic definitions of OSI and TCP / IP network models
Characteristics of network traffic
Deploy and configure LAN
Configuring IP networks
Deploy and configure routing networks. Basic LAN and WAN routing technologies will be considered
Configuration and monitoring of major ports and protocols
Description of the main network attacks and methods of their elimination and early detection
Deployment and configuration of information security equipment and software
Description of basic methods of authentication and access control
Using remote access methods
Implementation of security policies

DETAILED CONTENT OF THE COURSE

Lesson 1: Explanation of the OSI model and TCP / IP models

Lesson 2: Explain the properties of network traffic

Lesson 3: Installing and configuring dial-up networks

Lesson 4: Configuring IP Networks

Lesson 5: Installing and configuring routed networks

Lesson 6: Configuring and monitoring ports and protocols

Lesson 7: Explaining network applications and storage services

Lesson 8: Monitoring and troubleshooting networks

Lesson 9: Explain network attacks and mitigations

Lesson 10: Installing and Configuring Security Devices

Lesson 11: Explaining authentication and access control

Lesson 12: Deploying and troubleshooting cable solutions

Lesson 13: Implementing and troubleshooting wireless technologies

Lesson 14: Comparing and contrasting WAN technologies

Lesson 15: Using Remote Access Methods

Lesson 16: Defining site policy and best practices

Price: $ 320

Venue: ERC Training Center st. Mark Vovchka, 18-A

Main › C)ISSA – CERTIFIED INFORMATION SYSTEMS SECURITY AUDITOR (C)ISSA-SP1)

C)ISSA – CERTIFIED INFORMATION SYSTEMS SECURITY AUDITOR (C)ISSA-SP1)

BRIEF DESCRIPTION

Many organizations require them to identify critical issues and propose effective audit solutions. And this will require in-depth knowledge of system auditors (System Auditor’s). The set of knowledge and skills included in the curriculum of vendors-independent course “Certified Information Systems Security Auditor – C) ISSA” will not only help prepare for the relevant ISACA® exam, but also provide another important certification in information systems auditing. Thus, the Certified Information Systems Security Auditor course provides the knowledge and skills to identify vulnerabilities, compatibility reports, and implement controls for all types of organizations.

Duration 4 days / 32 hours

PRELIMINARY LEVEL OF TRAINING
At least a year of working with information systems.
course objectives

AFTER COMPLETING THE COURSE YOU WILL BE ABLE TO:
Use in their work advanced knowledge and practical skills of auditing.
Obtain an international auditor’s certificate if you pass the exam

WHO ARE WE INVITE

IS Security Officers
IS Managers
Risk Managers
Auditors
Information Systems Owners
IS Control Assessors
System Managers
Government

COURSE PROGRAM

The Process of Auditing Information Systems
Risk Based Auditing
Audit Planning and Performance
Reporting on Audit
IT Governance and Management
Strategic Planning and Models
Resource Management
Business Continuity Planning
Systems Acquisition, Development and Implementation
Systems Development Models
Types of Specialized Business Applications
Application Controls
Information Systems Operations, Maintenance and Support
System and Communications
Hardware

Related to the certification course:

Mile2 C) ISSA – Certified Information Systems Security Auditor
CISACA® CISA are the objectives of this exam

Main › CompTIA Security +

CompTIA Security +

Course description
CompTIA Security + (SY0-501 exam) is a basic course you will need to take if your job responsibilities include providing network services, devices, and traffic to your organization. You can also take this course to prepare for the CompTIA Security + certification exam. In this course, you will build on your knowledge and expertise in the basics of security, networking, and organizational security, gaining the specific skills needed to implement basic security services in any type of computer network.

This course can benefit you in two ways.
If you intend to take the CompTIA Security + certification exam (SY0-501 exam), this course can be an important part of your preparation. But certification is not the only key to professional success in computer security. Today’s job market requires people to demonstrate skills, and the information and activities in this course can help you build a set of computer security skills so that you can confidently perform your duties in any security-related role.

Target audience
This course is aimed at an information technology (IT) professional with network and administrative skills in Windows-based Transmission Control / Internet Protocol (TCP / IP) networks; familiarity with other operating systems, such as mac OS, Unix or Linux; and who wants to pursue a career in IT by gaining fundamental knowledge of security; preparation for the CompTIA Security + certification exam; or use Security + as a basis for advanced security certificates or career roles.

Knowledge that you will gain during the course:
• basics of authentication and authorization;
• types of attacks and malicious code;
• how to ensure security when working with remote access;
• security of e-mail and web applications;
• wireless network security;
• design of security systems;
• security control and intrusion detection;
• physical security;
• security expertise.

What is included in the course:
• 5 online lectures from 10:00 to 18:00
• practical work
• laboratory work

Promotional price: UAH 12,000 without VAT (old price UAH 24,000)

* if desired, each participant of the course will be able to buy a voucher for certification separately.

Main › CISSP| CERTIFIED INFORMATION SYSTEM SECURITY PROFESSIONAL

CISSP| CERTIFIED INFORMATION SYSTEM SECURITY PROFESSIONAL

Domain 1:Security and Risk Management

1.1 Understand and apply concepts of confidentiality, integrity and availability

1.2 Apply security governance principles through:

1.3 Compliance:

– Legislative and regulatory compliance

– Privacy requirements compliance

1.4 Understand legal and regulatory issues that pertain to information security in a global context

1.5 Understand professional ethics

– Exercise (ISC)² Code of Professional Ethics

– Support organization’s code of ethics

1.6 Develop and implement documented security policy, standards, procedures, and guidelines

1.7 Understand business continuity requirements

– Develop and document project scope and plan

– Conduct business impact analysis

– Alignment of security function to strategy, goals, mission, and objectives (e.g., business case, budget and resources)

– Organizational processes (e.g., acquisitions,divestitures, governance committees)

– Security roles and responsibilities

– Control frameworks

– Due care

– Due diligence

– Computer crimes

– Licensing and intellectual property (e.g., copyright, trademark, digital-rights management)

– Import/export controls

– Trans-border data flow

– Privacy

– Data breaches

1.8 Contribute to personnel security policies

1.9 Understand and apply risk management concepts

1.10 Understand and apply threat modeling

1.11 Integrate security risk considerations into acquisition strategy and practice

1.12 Establish and manage information security education, training, and awareness

– Appropriate levels of awareness, training, and education required within organization

– Periodic reviews for content relevancy

– Employment candidate screening (e.g., reference checks, education verification)

– Employment agreements and policies

– Employment termination processes

– Vendor, consultant, and contractor controls

– Compliance

– Privacy

– Identify threats and vulnerabilities

– Risk assessment/analysis (qualitative, quantitative,hybrid)

– Risk assignment/acceptance (e.g., system authorization)

– Countermeasure selection

– Implementation

– Types of controls (preventive, detective, corrective, etc.)

– Control assessment

– Monitoring and measurement

– Asset valuation

– Reporting

– Continuous improvement

– Risk frameworks

– Identifying threats (e.g., adversaries, contractors, employees, trusted partners)

– Determining and diagramming potential attacks (e.g., social engineering, spoofing)

– Performing reduction analysis

– Technologies and processes to remediate threats (e.g., software architecture and operations)

– Hardware, software, and services

– Third-party assessment and monitoring (e.g., onsite assessment, document exchange and review, process/policy review)

– Minimum security requirements

– Service-level requirements

Domain 2:Asset Security

2.1 Classify information and supporting assets (e.g., sensitivity, criticality)

2.2 Determine and maintain ownership (e.g., data owners, system owners, business/mission owners)

2.3 Protect privacy

2.4 Ensure appropriate retention (e.g., media, hardware, personnel)

2.5 Determine data security controls (e.g., data at rest, data in transit)

2.6 Establish handling requirements (markings, labels, storage, destruction of sensitive information)

– Data owners

– Data processers

– Data remanence

– Collection limitation

– Baselines

– Scoping and tailoring

– Standards selection

– Cryptography

Domain 3:Security Engineering

3.1 Implement and manage engineering processes using secure design principles

3.2 Understand the fundamental concepts of security models (e.g., Confidentiality, Integrity, and Multi-level Models)

3.3 Select controls and countermeasures based upon systems security evaluation models 3.4 Understand security capabilities of information systems (e.g., memory protection, virtualization, trusted platform module, interfaces, fault tolerance)

3.5 Assess and mitigate the vulnerabilities of security architectures, designs, and solution elements

3.6 Assess and mitigate vulnerabilities in web-based systems (e.g., XML, OWASP)

3.7 Assess and mitigate vulnerabilities in mobile systems

3.8 Assess and mitigate vulnerabilities in embedded devices and cyber-physical systems (e.g., network-enabled devices, Internet of things (loT))

3.9 Apply cryptography

– Client-based (e.g., applets, local caches)

– Server-based (e.g., data flow control)

– Database security (e.g., inference, aggregation, data mining, data analytics, warehousing)

– Large-scale parallel data systems

– Distributed systems (e.g., cloud computing, grid computing, peer to peer)

– Cryptographic systems

– Industrial control systems (e.g., SCADA)

– Cryptographic life cycle (e.g., cryptographic limitations, algorithm/protocol governance)

– Cryptographic types (e.g., symmetric, asymmetric, elliptic curves)

– Public Key Infrastructure (PKI)

– Key management practices

– Digital signatures

– Digital rights management

– Non-repudiation

– Integrity (hashing and salting)

– Methods of cryptanalytic attacks (e.g., brute force, cipher-text only, known plaintext)

3.10 Apply secure principles to site and facility design

3.11 Design and implement physical security

– Wiring closets

– Server rooms

– Media storage facilities

– Evidence storage

– Restricted and work area security (e.g., operations centers)

– Data center security

– Utilities and HVAC considerations

– Water issues (e.g., leakage, flooding)

– Fire prevention, detection and suppression

Domain 4:Communications and Network Security

4.1 Apply secure design principles to network architecture (e.g., IP & non-IP protocols, segmentation)

4.2 Secure network components

4.3 Design and establish secure communication channels

4.4 Prevent or mitigate network attacks

– OSI and TCP/IP models

– IP networking

– Implications of multilayer protocols (e.g., DNP3)

– Converged protocols (e.g., FCoE, MPLS, VoIP, iSCSI)

– Software-defined networks

– Wireless networks

– Cryptography used to maintain communication security

– Operation of hardware (e.g., modems, switches, routers, wireless access points, mobile devices)

– Transmission media (e.g., wired, wireless, fiber)

– Network access control devices (e.g., firewalls, proxies)

– Endpoint security

– Content-distribution networks

– Physical devices

– Voice

– Multimedia collaboration (e.g., remote meeting technology, instant messaging)

– Remote access (e.g., VPN, screen scraper, virtual application/desktop, telecommuting)

– Data communications (e.g., VLAN, TLS/SSL)

– Virtualized networks (e.g., SDN, virtual SAN, guest operating systems, port isolation)

Domain 5:Identity and Access Management

5.1 Control physical and logical access to assets

– Information

– Systems

– Devices

– Facilities

5.2 Manage identification and authentication of people and devices

5.3 Integrate identity as a service (e.g., cloud identity)

5.4 Integrate third-party identity services (e.g., on-premise)

5.5 Implement and manage authorization mechanisms

– Role-Based Access Control (RBAC) methods

– Rule-based access control methods

– Mandatory Access Control (MAC)

– Discretionary Access Control (DAC)

5.6 Prevent or mitigate access control attacks

5.7 Manage the identity and access provisioning lifecycle (e.g., provisioning, review)

– Identity management implementation (e.g., SSO, LDAP)

– Single/multi-factor authentication (e.g., factors, strength, errors)

– Accountability

– Session management (e.g., timeouts, screensavers)

– Registration and proofing of identity

– Federated identity management (e.g., SAML)

– Credential management systems

Domain 6:Security Assessment and Testing

6.1 Design and validate assessment and test strategies

6.2 Conduct security control testing

6.3 Collect security process data (e.g., management and operational controls)

6.4 Analyze and report test outputs (e.g., automated, manual)

6.5 Conduct or facilitate internal and third party audits

– Vulnerability assessment

– Penetration testing

– Log reviews

– Synthetic transactions

– Code review and testing (e.g., manual, dynamic, static, fuzz)

– Misuse case testing

– Test coverage analysis

– Interface testing (e.g., API, UI, physical)

– Account management (e.g., escalation, revocation)

– Management review

– Key performance and risk indicators

– Backup verification data

– Training and awareness

– Disaster recovery and business continuity

Domain 7:Security Operations

7.1 Understand and support investigations

7.2 Understand requirements for investigation types

7.3 Conduct logging and monitoring activities

7.4 Secure the provisioning of resources

7.5 Understand and apply foundational security operations concepts

7.6 Employ resource protection techniques

– Media management

– Hardware and software asset management

– Evidence collection and handling (e.g., chain of custody, interviewing)

– Reporting and documenting

– Investigative techniques (e.g., root-cause analysis, incident handling)

– Digital forensics (e.g., media, network, software, and embedded devices)

– Intrusion detection and prevention

– Security information and event management

– Continuous monitoring

– Egress monitoring (e.g., data loss prevention, steganography, watermarking)

– Asset inventory (e.g., hardware, software)

– Configuration management

– Physical assets

– Virtual assets (e.g., software-defined network, virtual SAN, guest operating systems)

– Cloud assets (e.g., services, VMs, storage, networks)

– Applications (e.g., workloads or private clouds, web services, software as a service)

– Need-to-know/least privilege (e.g., entitlement, aggregation, transitive trust)

– Separation of duties and responsibilities

– Monitor special privileges (e.g., operators, administrators)

– Job rotation

– Information lifecycle

– Service-level agreements

– Operational

– Criminal

– Civil

– Regulatory

– Electronic discovery (eDiscovery)

7.7 Conduct incident management

7.8 Operate and maintain preventative measures

7.9 Implement and support patch and vulnerability management

7.10 Participate in and understand change management processes (e.g., versioning, baselining, security impact analysis)

7.11 Implement recovery strategies

7.12 Implement disaster recovery processes

7.13 Test disaster recovery plans

7.14 Participate in business continuity planning and exercises

7.15 Implement and manage physical security

– Perimeter (e.g., access control and monitoring)

– Internal security (e.g., escort requirements/visitor control, keys and locks)

7.16 Participate in addressing personnel safety concerns (e.g., duress, travel, monitoring)

– Detection

– Response

– Mitigation

– Reporting

– Recovery

– Remediation

– Lessons learned

– Firewalls

– Intrusion detection and prevention systems

– Whitelisting/Blacklisting

– Third-party security services

– Sandboxing

– Honeypots/Honeynets

– Anti-malware

– Backup storage strategies (e.g., offsite storage, electronic vaulting, tape rotation)

– Recovery site strategies

– Multiple processing sites (e.g., operationally redundant systems)

– System resilience, high availability, quality of service, and fault tolerance

– Response

– Personnel

– Communications

– Assessment

– Restoration

– Training and awareness

– Read-through

– Walkthrough

– Simulation

– Parallel

– Full interruption

Domain 8:Software Development Security

8.1 Understand and apply security in the software development lifecycle

8.2 Enforce security controls in development environments

8.3 Assess the effectiveness of software security

– Auditing and logging of changes

– Risk analysis and mitigation

– Acceptance testing

8.4 Assess security impact of acquired software

Main › CISRM) Certified Information System Risk Management

CISRM) Certified Information System Risk Management

Prerequisites:

A minimum of 1 year of Information Systems

Student Materials:

Student Workbook
Student Reference Manual
Key Security Concepts & Definitions Book

Certification Exam:

Mile2 C)ISRM
Covers ISACA CRISC®

CPEs: 24

According to this course, you’ll have:

Certified by Mile2 Trainer, International Cyber Security Professional and practitioner
Authorized training materials
Friendly Placement Classroom
High Quality Classroom Equipment
The Best Catering
EXAM Voucher

WHO SHOULD ATTEND?

Information System Security Officers
Risk Managers
Information Systems Owners
Info Security Control Assessors
System Managers
State & Local Government Risk Managers

COURSE CONTENT

The Big Picture
Domain 1 Risk Identification Assessment and Evaluation
Domain 2 – Risk Response
Domain 3 – Risk Monitoring
Domain 4 – IS Control Design and Implementation

DETAILED MODULE DESCRIPTION

C)ISRM Part 1: The Big Picture

About the C)ISRM Exam
Exam Relevance
About the C)ISRM Exam
Section Overview
Part 1 Learning Objectives
Section Topics
Overview of Risk Management
Risk
Risk and Opportunity Management
Responsibility vs. Accountability
Risk Management
Roles and Responsibilities
Relevance of Risk Management Frameworks, Standards and Practices
Frameworks
Standards
Practices
Relevance of Risk Governance
Overview of Risk Governance
Objectives of Risk Governance
Foundation of Risk Governance
Risk Appetite and Risk Tolerance
Risk Awareness and Communication
Key Concepts of
Risk Governance
Risk Culture
Case Study
Practice Question 1
Practice Question 2
Practice Question 3
Practice Question 4
Practice Question 5
Acronym Review
Definition Review

C)ISRM Part II – Domain 1 Risk Identification Assessment and Evaluation

Section Overview
Exam Relevance
Domain 1 Learning Objectives
Task Statements
Knowledge Statements
The Process
Describing the Business Impact of IT Risk
IT Risk in the Risk Hierarchy
IT Risk Categories
High Level Process Phases
Risk Scenarios
Definition of Risk Scenario
Purpose of Risk Scenarios
Event Types
Risk Scenario Development
Risk Registry & Risk Profile
Risk Scenario Development
Risk Scenario Components
Risk Scenario Development
Risk Scenario Development Enablers
Systemic, Contagious or Obscure Risk
Generic IT Risk Scenarios
Definition of Risk Factor
Examples of Risk Factors
Risk Factors— External Environment
Risk Factors— Risk Management Capability
Risk Factors— IT Capability
Risk Factors— IT Related Business Capabilities
Methods for Analyzing IT Risk
Likelihood and Impact
Risk Analysis Output
Risk Analysis Methods
Risk Analysis Methods—Quantitative
Risk Analysis Methods—Qualitative
Risk Analysis Methods—for HIGH impact risk types
Risk Analysis Methods
Risk Analysis Methods—Business Impact Analysis (BIA)
Methods for Assessing IT Risk
Identifying and Assessing IT Risk
Definitions
Adverse Impact of Risk Event
Business Impacts From IT Risk
Business Related IT Risk Types
IT Project-Related Risk
Risk Components—Inherent Risk
Risk Components—Residual Risk
Risk Components—Control Risk
Risk Components—Detection Risk
Business Risk and Threats
Addressed By IT Resources
Identifying and Assessing IT Risk
Methods For Describing
IT Risk In Business Terms
Case Study
Acronym Review
Definition Review
Domain 1 – Exercises

C)ISRM Part II Domain 2 – Risk Response

Section Overview
Exam Relevance
Domain 2 Learning Objectives
Task Statements
Knowledge Statements
Risk Response Objectives
The Risk Response Process
Risk Response Options
Risk Response Parameters
Risk Tolerance and Risk Response Options
Risk Response Prioritization Options
Risk Mitigation Control Types
Risk Response Prioritization Factors
Risk Response Tracking, Integration and Implementation
Process Phases
Phase 1—Articulate Risk
Phase 2—Manage Risk
Phase 3—React To Risk Events
Sample Case Study
Domain 2 – Exercise 1

C)ISRM Part II – Domain 3 – Risk Monitoring

Course Agenda
Exam Relevance
Learning Objectives
Task Statements
Knowledge Statements
Essentials
Risk Indicators
Risk Indicator Selection Criteria
Key Risk Indicators
Risk Monitoring
Risk Indicator Types and Parameters
Risk Indicator Considerations
Criteria for KRI Selection
Benefits of Selecting Right KRIs
Disadvantages of Wrong KRIs
Changing KRIs
Gathering KRI Data
Steps to Data Gathering
Gathering Requirements
Data Access
Data Preparation
Data Validating Considerations
Data Analysis
Reporting and Corrective Actions
Optimizing KRIs
Use of Maturity Level Assessment
Assessing Risk Maturity Levels
Risk Management Capability Maturity Levels
Changing Threat Levels
Monitoring Changes in Threat Levels
Measuring Changes in Threat Levels
Responding to Changes in Threat Levels
Threat Level Review
Changes in Asset Value
Maintain Asset Inventory
Risk Reporting
Reporting Content
Effective Reports
Report Recommendations
Possible Risk Report Recipients
Periodic Reporting
Reporting Topics
Risk Reporting Techniques
Sample Case Study
Practice Question 1
Practice Question 2
Practice Question 3
Practice Question 4
Acronym Review
Definition Review
Domain 3 – Exercises

C)ISRM Part II Domain 4 – IS Control Design and Implementation

Section Overview
Exam Relevance
Domain 4 Learning Objectives
Task Statements
Knowledge Statements
C)ISRM Involvement
Control Definition
Control Categories
Control Types and Effects
Control Methods
Control Design Considerations
Control Strength
Control Strength
Control Costs and Benefits
Potential Loss Measures
Total Cost of Ownership For Controls
Role of the C)ISRM in SDLC
The SDLC Process
The Systems
Development Life Cycle (SDLC)
‘Meets and Continues to Meet’
SDLC
SDLC Phases
Addressing Risk Within the SDLC
Business Risk versus Project Risk
Understanding Project Risk
Addressing Business Risk
Understanding Business
and Risk Requirements
Understand Business Risk
High Level SDLC Phases
Project Initiation
Phase 1 – Project Initiation
Phase 1 Tasks
Task 1—Feasibility Study
Feasibility Study Components
Determining Feasibility
Outcomes of the Feasibility Study
Task 1—Define Requirement
Requirement Progression
Business Information Requirements (COBIT)
Requirements Success Factors
Task 3—Acquire Software “Options”
Software Selection Criteria
Software Acquisition
Software Acquisition Process
Leading Principles for Design and Implementation
C)ISRM Responsibilities
Key System Design Activities:
Steps to Perform Phase 2
Phase 2 – Project Design and Development
System Testing
Test Plans
Project Testing
Types of Tests
UAT Requirements
Certification and Accreditation
Project Status Reports
Phase 3 – Project Testing
Testing Techniques
Verification and Validation
Phase 4 – Project Implementation
Project Implementation
Implementation Phases
Phase 4 – Project Implementation
End User Training Plans & Techniques
Training Strategy
Data Migration/Conversion Considerations
Risks During Data Migration
Data Conversion Steps
Implementation Rollback
Data Conversion Project Key Considerations
Changeover Techniques
Post-Implementation Review
Performing Post-Implementation Review
Measurements of Critical Success Factors
Closing a Project
Project Management and Controlling
Project Management Tools and Techniques
Project Management Elements
Project Management Practices
PERT chart and critical path
PERT Attribute
Sample Case Study
Practice Question 1
Practice Question 2
Practice Question 3
Practice Question 4
Practice Question 5

Main › ITIL® Service Operation (SO)

ITIL® Service Operation (SO)

SPECIAL NOTES

A 90-minute multiple-choice exam is included with the cost of the course.

For RAIL (live online instructor-led) sessions: The course will be in session on all three days (8:30am- approximately 5:00pm Central Time). After completing the course, you will take the exam through CSME at your convenience via an exam voucher. (Note: Exam Vouchers expire within 30 days of completion of the course). Upon registering, you will receive specific instructions on how to arrange for your exam. HP strongly recommends you take the exam within a few days of completing the course.

COURSE OVERVIEW

This 3-day course is designed for those involved in event management and monitoring, problem management and root cause analysis, and access management. The course also covers communication and stakeholder management, service desk organization, technical management, and application management. The course prepares attendees for the ITIL® Intermediate Qualification: Service Operation Certificate, one of the modules that leads to the ITIL® Expert Certificate in IT Service Management.

PREREQUISITES

Hold the ITIL® Foundation Certificate in IT Service Management (or other appropriate earlier ITIL® and bridge qualifications)
A basic IT literacy and around 2 years IT experience are highly desirable
At least 21 contact hours (hours of instruction, excluding breaks, with an Accredited Training Organization (ATO) or an accredited e-learning solution), as part of a formal, approved training course/scheme
Complete at least 21 hours of personal study by reviewing the syllabus and the ITIL® Service Operation publication in preparation for the examination

AUDIENCE

Chief information officers (CIOs), Chief technology officers (CTOs), Managers, Supervisory staff, Team leaders, Service designers
IT architects, IT planners, IT consultants, IT audit managers, IT security managers
ITSM trainers involved in the ongoing management, co-ordination and integration of operation activities within the service lifecycle
Individuals who require a detailed understanding of the ITIL® service operation stage of the ITIL® service lifecycle and how it may be implemented to enhance the quality of IT service provision within an organization
IT professionals working within or about to enter a service operation environment and requiring an understanding of the concepts, processes, functions and activities involved
Individuals who have attained the ITIL® Foundation Certificate in IT Service Management and wish to advance to higher level ITIL® certifications
Individuals seeking the ITIL® Expert Certification in IT Service Management for which this qualification can be one of the prerequisite modules
Individuals seeking progress toward the ITIL® Master Certificate in IT Service Management for which the ITIL® Expert is a prerequisite

COURSE OBJECTIVES

Candidates can expect to gain competencies in the following upon successful completion of the education and examination components related to this certification:

Introduction to service operation
Service operation principles
Service operation processes
Common service operation activities
Organizing for service operation: functions
Technology considerations
Implementation of service operation
Challenges, critical success factors and risks

NEXT STEPS

Courses from the Lifecycle or Capability streams leading to the ITIL® Expert qualification

BENEFITS TO YOU

Identify the ITIL® lifecycle and the fundamental processes involved in Service Operation and how to integrate them into your business’ IT service model
Understand how IT and the Business can collaborate to improve overall productivity and efficiency
Learn how to move from a reactive relationship to a proactive relationship between IT and users

COURSE OUTLINE

Introduction to Service Operation

The purpose, objectives and scope of service operation
The value to the business
The context of service operation in the ITIL® service lifecycle
The fundamental aspects of service operation and the ability to define them

Service Operation Principles

How an understanding of the basic conflict between maintaining the status quo and adapting to changes in business needs can lead to better service operation
Other service operation principles including: involvement in other lifecycle stages; understanding operational health; the need for good documentation and communication including a communication strategy
Service operation inputs and outputs

Service Operation Processes

The use, interaction and value of each of the service operation processes: event management, incident management, request fulfilment, problem management, and access management

Common Service Operation Activities

How the common activities of service operation are co-ordinated for the ongoing management of the technology that is used to deliver and support the services
How monitoring, reporting and control of the services contributes to the ongoing management of the services and the technology that is used to deliver and support the services
How the operational activities of processes covered in other lifecycle stages contribute to service operation
How IT operations staff should look for opportunities to improve the operational activities

Organizing for Service Operation

The role, objectives and activities of each of the four functions of service operation: service desk, technical management, IT operations management, and application management
Service operation roles and responsibilities, where and how they are used as well as how a service operation organization would be structured to use these roles

Technology Considerations

The generic requirements of technologies that support service management across all lifecycle stages
The specific technology required to support the service operation processes and functions

Implementation of Service Operation

Specific issues relevant to implementing service operation including: managing change in service operation; assessing and managing risk in service operation; operations staff involvement in service design and service transition
Planning and implementing service management technologies within a company

Challenges, critical success factors and risks

The challenges (e.g. engagement with staff outside service operation, justifying funding), critical success factors (e.g. management and business support, staff retention) and risks (e.g. loss of service) related to service operation

For more information about HP training programs in Ukraine visit the web site at http://www8.hp.com/ua/ru/training/index.html

Main › ITIL® Service Design (SD)

ITIL® Service Design (SD)

SPECIAL NOTES

A 90-minute multiple-choice exam is included with the cost of the course.

COURSE OVERVIEW

This 3-day course teaches the students how to plan, implement and optimize service design processes consistent with ITIL^® best practices. By applying ITIL^® Service Design best practices IT departments ensure that new services meet commitments related to the service quality and availability, customer satisfaction and cost-effectiveness. The course prepares attendees for the ITIL^® Intermediate Qualification: Service Design Certificate, one of the modules that leads to the ITIL^® Expert Certificate in IT Service Management

PREREQUISITES

Hold the ITIL^® Foundation Certificate in IT Service Management (or other appropriate earlier ITIL^® and bridge qualifications)
A basic IT literacy and around 2 years IT experience are highly desirable
At least 21 contact hours (hours of instruction, excluding breaks, with an Accredited Training Organization (ATO) or an accredited e-learning solution), as part of a formal, approved training course/scheme
Complete at least 21 hours of personal study by reviewing the syllabus and the ITIL^® Service Design publication in preparation for the examination

AUDIENCE

Chief information officers (CIOs), Chief technology officers (CTOs), Managers, Supervisory staff, Team leaders, Service designers
IT architects, IT planners, IT consultants, IT audit managers, IT security managers
ITSM trainers involved in the ongoing management, coordination and integration of design activities within the service lifecycle
Individuals who require a detailed understanding of the ITIL^® service design stage of the ITIL^® service lifecycle and how it may be implemented to enhance the quality of IT service provision within an organization
IT professionals working within, or about to enter, a service design environment and requiring an understanding of the concepts, processes, functions and activities involved
Individuals who have attained the ITIL^® Foundation Certificate in IT Service Management and wish to advance to higher level ITIL^®certifications
Individuals seeking the ITIL^® Expert Certificate in IT Service Management for which this qualification can be one of the prerequisite modules
Individuals seeking progress toward the ITIL^® Master Certificate in IT Service Management for which the ITIL^® Expert is a prerequisite

COURSE OBJECTIVES

Candidates can expect to gain competencies in the following upon successful completion of the education and examination components related to this certification:

Introduction to service design
Service design principles
Service design processes
Service design technology-related activities
Organizing for service design
Technology considerations
Implementation and improvement of service design
Challenges, critical success factors and risks

BENEFITS TO YOU

Identify the ITIL^® Lifecycle and the fundamental processes involved in Service Design and how to integrate them into your business’ IT service model
Understand how IT and the Business can collaborate to improve overall productivity and efficiency
Learn to move the reactive relationship between IT and users to a proactive relationship

NEXT STEPS

Courses from the Lifecycle or Capability streams leading to the ITIL^® Expert qualification

COURSE OUTLINE

Introduction to Service Design

The purpose, goals and objectives of service design
The scope of service design
The business value of service design activities
The context of service design in the ITIL^® service lifecycle
Service design inputs and outputs and the contents and use of the service design package and service acceptance criteria

Service Design Principles

Design service solutions related to a customer’s needs
Design and utilize the service portfolio to enhance business value
The measurement systems and metrics
Service design models to accommodate different service solutions

Service Operation Processes

The interaction of service design processes: Design Coordination, Service Catalogue Management, Service Level Management, Supplier Management, Capacity Management, Availability Management, IT Service Continuity Management, Information Security Management
The flow of service design as it relates to the business and customer
The design aspects and how they are incorporated into the service design process

Service design technology-related activities

Requirements engineering in the design process and utilizing the types of requirements as identified for any system: functional, management/operations and usability
The design of technical architectures for data and information management, and application management

Organizing Service Design

How to design, implement and populate a RACI diagram for any process that is within the scope of IT service management
The service design roles and responsibilities, where and how they are used and how a service design organization would be structured to use these roles

Technology Considerations

Service design related service management tools, where and how they would be used
The benefits and types of tools that support service design

Implementation and improvement of service design

The six-stage implementation / improvement cycle and how the activities in each stage of the cycle are applied
How business impact analysis, service level requirements and risk assessment can affect service design solutions

Challenges, critical success factors and risks

Be able to provide insight and guidance for design challenges, risks and critical success factors

For more information about HP training programs in Ukraine visit the web site at http://www8.hp.com/ua/ru/training/index.html

Main › Information Security Risk Management and Business Continuity Planning (HL947S)

Information Security Risk Management and Business Continuity Planning (HL947S)

COURSE OVERVIEW

As we’ve learned, Information Security is ultimately about protecting the assets most crucial to your business through preserving the Confidentiality, Integrity and Availability of your information. In this 3-day course, IT professionals and security officers learn to assess and manage risk in their organization and plan for the unexpected.

COURSE DESCRIPTION

Risk management includes recognizing the assets key to your business success, documenting known threats and their likelihood, calculating the impact of a potential breach and implementing specific controls to avoid breaches or minimize the impact if any occur. Further, for those assets, you identify processes to recover from a breach, and explicitly recognize the remaining risk that you choose to accept.

Business continuity and disaster recovery planning extends this by responding when the unexpected happens and preparing to continue conducting business as usual, and as quickly as possible with as little impact on day to day operations. When disaster strikes, how much will it affect your company? Your reputation? Your customers?

In this course, you learn to identify and evaluate risk to your highest priority assets, and also how to design, implement and maintain effective, risk treatment controls. This course is also helpful for those working toward industry certifications like CRISC, ABCP, CFCP, CBCI, Security+ or others.

PREREQUISITES

HP Enterprise Security Essentials (HL945S) or equivalent knowledge

AUDIENCE

New System or Network Administrators who want to understand how to determine and manage risk, including an appropriate business continuity strategy
IT Professionals who need an overview of risk management and BCP/DR concepts and techniques
Individuals working towards (or considering) an information security or risk management-focused certification
Professionals who want to know more about risk management because it’s important for their job as a security practitioner
Professionals who want to know more about business continuity strategies because everybody needs to be ready for the unexpected!

COURSE OBJECTIVES

Students attending this course will:

Describe generalized risk management lifecycle as starting point in organizational discussions and how processes fit together

Identify models/frameworks related to Risk Management and Business Continuity Planning/Disaster Recovery Planning
Paraphrase the process for business impact analysis interviews and calculating values
Paraphrase the process for assessing and analyzing risk scenarios quantitatively and qualitatively
Outline the contents expected in in a Risk Treatment Plan and BCP/DRP documents
Participate in risk management implementation audit

Describe the role of governance in managing risk and compliance

Describe management support and identify team responsibilities
Scope the current situation in terms of documents to gather and questions to ask

Describe the management requirements to implement risk and resiliency strategy

Recognize the scope of potential risk response and BCP/DRP strategies appropriate to level of risk
Categorize investment requirements

Discuss requirements and proposals with security professional

Begin to prepare for various security-related certification exams or a security lead position

NEXT STEPS

CSA Certificate of Cloud Security Knowledge Foundation (H1L09S)

COURSE OUTLINE

Module 1: Mapping Risk Management and Continuity Planning to Your Business

Describe risk management
Discuss the relationship between security, business continuity management and risk management
Define risk terms
Describe the risk equation
Define the key words relating to BCP/DRP
Position resiliency in your management strategy
Describe the types of response strategies
Describe the role of governance in managing risk and compliance

Module 2: Making the Case for Risk Management and Business Continuity Planning

Discuss the importance of risk management and the need for BCP/DRP in any environment
List business considerations and drivers for risk management and business continuity planning
Determine which drivers apply to your environment

Module 3: Managing Risk as a Process

Describe the purpose of frameworks, reference models, standards
List possible risk management models or frameworks as your guide
Compare BCP/DRP frameworks for your environment
Describe the lifecycle of risk management
Distinguish between risk assessment, risk analysis, and business impact analysis
Promote the ongoing need for training and plan updates
Define the activities involved in managing risk
List responsibilities and potential members for a risk management team
Define the activities involved in developing and maintaining a BCP/DRP
List responsibilities and potential members for a BCP team
Describe elements of a proposal for board approval
Identify stakeholders and their concerns

Module 4: Analyzing Business Impact: Where to Focus

List detailed steps to conduct a business impact analysis project
Describe steps to conduct interviews to gather data
Describe how to increase success with BIA interviewing
Define analytical terms for business impact and recovery requirements
Explain the process to calculate and document recovery requirements for your critical business functions

Module 5: Assessing Risk: What Threats and Vulnerabilities Exist

List the requirements of a risk assessment team
Describe how to select assessment targets based on BIA
Outline the steps in a risk assessment project
Define the scope of an assessment
Identify what goes into a plan for examination activities (interviews and vulnerability scanning)
Compare data gathering methods
Compare risk assessment methods and tools
List expectations for documenting assessment results
List steps to mitigate risks of being a risk assessor

Module 6: Analyzing Risks: How Much It’s Worth

Compare quantitative and qualitative risk analysis
Describe methods to calculate quantitative risk
Define probability classes

Module 7: Documenting Risk Treatment Plans: How to Protect Assets

Define risk management strategies
Describe how to select risk treatment plans (physical, technical, social) appropriate to analysis results
Describe the importance of documenting a policy to review risk management needs

Module 8: Planning for Resiliency: How to Continue Your Business

List the sections of a Business Continuity Plan document
Describe the BCP’s underlying plans
List other BC-related plans and their contents
Position the Disaster Recovery Plan with respect to the BCP
List key elements for a Disaster Recovery plan
Compare Disaster Recovery strategies for your company
Compare levels of redundancy and retention
Identify roles and responsibilities for recovery teams
Optimize distribution and utility of documents

Module 9: Implement Risk Treatment Plan

Integrate the project requirements across risk, BCP, and DRP plans
Follow project management best practices to implement plans for risk treatment across the organization
Describe the steps to take during a security incident
List the elements of a security incident report
Identify what constitutes an incident
Describe the process to collect evidence related to an incident

Module 10: Failing Back

Discuss what happens when you’re ready to go back
Evaluate the opportunity to upgrade business effectiveness and/or resiliency
Describe the steps

Module 11: Auditing Risk Management Implementation and Testing BCP Procedures

Differentiate between an audit and an assessment
Define the characteristics of an audit
Describe when an audit may be applicable
Predict evidence requested during an audit process
Compare risk management audit, compliance audit, and BCP testing
Describe the levels of testing for BCP/DRP plans

Module 12: Summary and Case Study

Test your knowledge
Given sufficient detail, design an appropriate risk strategy

Module 13: Business Continuity Planning – Next Steps

Ask the right questions to determine where your company currently stands
Champion the need for Business Continuity Planning with your management
Determine how much help you need and get it

Appendix

Appendix A: Vulnerability Scanning Tools
Appendix B: Selecting Technical Controls

For more information about HP training programs in Ukraine visit the web site at http://www8.hp.com/ua/ru/training/index.html