Solutions & Demo

Cybersecurity Category Courses

Browse all Cybersecurity category courses available for you on our SecuRetain platform.

Access Control Awareness Part I

Objective

Who should access your company’s data? How do you make sure that only authorized and authenticated users access the data? Cybersecurity starts with effective control over access to the information systems. Access control is an important security issue for businesses of all sizes. From the largest corporations employing specialized security controls to the salesperson on a service call opening their smartphone with a thumbprint, everyone encounters access control at some time during their workday. Access control prevents unauthorized access, records authorized access, protects the company from physical loss, and protects employees and customers from outside threats.

The experienced and inexperienced information systems user will learn the basics and concepts of access control and its importance. The tools and techniques shared can be implemented in the access management process.

In this course, you will be asked to read through lessons, participate in learning activities, and partake in knowledge checks designed to reinforce learning, followed by the end of the course final assessment.
  • Course ID: CS00201
  • Duration: 60 mins
  • CPE: 1 HR
  • Course Type: e-Learning
  • Price: $31.98
Course Details

What you will learn:

  • Learning the access control basics
  • Understanding the access control challenges
  • Understanding authentication factors and multi-factor authentication.
  • Developing access control policies and procedures
  • Learning about access control models
  • Learning about principles of access controls and types of access controls

Access Control Awareness Part II

Objective

Who should access your company’s data? How do you make sure that only authorized and authenticated users access the data? Cybersecurity starts with effective control over access to the information systems. Access control is an important security issue for businesses of all sizes. From the largest corporations employing specialized security controls to the salesperson on a service call opening their smartphone with a thumbprint, everyone encounters access control at some time during their workday. Access control prevents unauthorized access, records authorized access, protects the company from physical loss, and protects employees and customers from outside threats. 

The course will provide employees, security, risk management, compliance, audit, and management personnel with the skills and techniques necessary to embed critical thinking skills in all aspects of access control security. The tools and techniques shared can be implemented in the access management process. 

In this course, you will be asked to read through lessons, participate in learning activities, and partake in knowledge checks designed to reinforce learning followed by the end of the course final assessment.
  • Course ID: CS00202
  • Duration: 60 mins
  • CPE: 1 HR
  • Course Type: e-Learning
  • Price: $31.98
Course Details

What you will learn:

  • Learning the Access Control Models and Concepts
  • Understanding the Types and Categories of Access Controls
  • Understanding the Testing of Access Controls
  • Learning about Access Control Attacks and Countermeasures
  • Learning about Multilevel Security Models
  • Learning about Authentication and Authentication Methods
  • Learning about common Authentication Protocols.

Breach Notification Part I - Awareness

Objective

Your employees must also understand what steps they should take if they suspect a breach has occurred. Not all disclosures will be breaches. So, what is the difference between event, alert, incident, and breach? A (reportable) breach is the unauthorized acquisition, access, use, or disclosure of sensitive/PII/PHI information in a manner not permitted by law or regulation and which compromises the security and privacy. The laws require timely notification to Federal and State government authorities about the breach.

The course is designed to ensure employees understand the importance of acting quickly, make sure they are aware of the basic notification rule requirements, and the penalties for failure to comply. 

This interactive training course will ensure professionals and practitioners at all levels understand their roles and responsibilities, new developments, resources, and hallmarks of an effective compliance program. The course includes knowledge questions as users progress through the training and the final assessment test.

  • Course ID: CS00301
  • Duration: 60 mins
  • CPE: 1 HR
  • Course Type: e-Learning
  • Price: $31.98
Course Details

What you will learn:

  • What is the importance of a breach notification?
  • What is a data breach?
  • In what circumstances would notification of a data breach be required and to whom?
  • When and how should notification of a data breach be provided?
  • Framework for Effective Data Breach Notification Legislation
  • Timing of Notification to Affected Individuals
  • Post Data Breach Immediate Action Items
  • Breach Notification to Authorities

Breach Notification Part II - Advanced

Objective

Your employees may be the first to identify a potential breach, so they must have adequate knowledge regarding how they should handle such a scenario. Your employees must also understand what steps they should take if they suspect a breach has occurred. The advanced course trains employees on the next steps instead of panicking. The training will educate employees to understand their roles and do’s and don’ts once the breach occurs. 

The course also educates employees on the process of breach communication internal to the organization and very importantly communicating with outsiders. The laws require timely notification to Federal and State government authorities about the breach. The course is designed to ensure employees understand the importance of acting quickly, make sure they are aware of the basic notification rule requirements, and
the penalties for failure to comply. 

In this course, you will be asked to read through lessons, participate in learning activities, and partake in knowledge checks designed to reinforce learning followed by the end of the course final assessment.
  • Course ID: CS00302
  • Duration: 60 mins
  • CPE: 1 HR
  • Course Type: e-Learning
  • Price: $31.98
Course Details

What you will learn:

  • Breach Management
  • Effective Breach Response
  • Data Breach Checklist
  • Breach Notification Notice Content
  • Notification Timelines
  • Lifecycle of a Data Breach
  • Public Relations Strategy

Cloud Security Awareness

Objective

Cloud-based services are becoming increasingly more attractive to organizations as they offer cost savings, flexibility, and increased operational efficiency. However, protecting systems, applications, and data in the cloud presents a new set of challenges for organizations to overcome. The cloud security training provides a comprehensive review of the knowledge required for understanding cloud computing and its information security risks and mitigation strategies.      

In this extremely competing world of cloud and complex offering, one faces unique security challenges on an almost day-to-day basis. The course is designed to pass on the extensive knowledge of the cloud computing concepts, cloud reference architecture, cloud computing security concepts, AWS and Azure Cloud security basics, etc. 

This interactive cloud security training will ensure professionals and practitioners at all levels understand their roles and responsibilities, new developments, resources, and hallmarks of an effective compliance program. The course includes knowledge questions as users progress through the training and the final assessment test.
  • Course ID: CS00102
  • Duration: 60 mins
  • CPE: 1 HR
  • Course Type: e-Learning
  • Price: $31.98
Course Details

What you will learn:

  • Cloud Security
  • Cloud Basics - Cloud Concepts, Architecture and Design
  • Cloud Service Models
  • Cloud Risk Landscape
  • Cloud Security Domains
  • Cloud Data Security
  • Cloud and AWS
  • Cloud and Azure
  • Cloud Application Security Basics

Cybersecurity Maturity Model Certification (CMMC) - Part I

Objective

The Defense Industrial Base (DIB) sector consists of companies that contribute to research, engineering, production, delivery, operations, installation, and support services. 

The cyber actors continue to target the DIB sector and the Department of Defense (DoD) supply chain for intellectual property and unclassified information. The DoD has released the Cybersecurity Maturity Model Certification (CMMC) to ensure appropriate cybersecurity controls and processes to protect Controlled Unclassified Information (CUI) on DoD contractor systems.

 

Part I of the six-part series begins with knowing third-party cyber weaknesses and driving factors for Cybersecurity Maturity Model Certification. The course learnings include knowledge about NIST SP 800-171 Controls, Federal Acquisition Regulation (FAR) Clause 52.204.21 for protecting Federal Contract Information (FCI), Defense Federal Acquisition Regulation Supplement (DFARS) Clause 252.204-7012 for safeguarding Controlled Unclassified Information (CUI) and NIST SP 800-171 Protecting Controlled Unclassified Information in Non-Federal Systems and Organizations.

 

This interactive training course will ensure professionals and practitioners at all levels understand their roles and responsibilities, new developments, resources, and hallmarks of an effective compliance program. In this course, you will be asked to read through lessons, participate in learning activities, and partake in knowledge checks designed to reinforce learning, followed by the end of the course final assessment.


  • Course ID: CS00801
  • Duration: 60 mins
  • CPE: 1 HR
  • Course Type: e-Learning
  • Price: $31.98
Course Details

What you will learn:

  • Understand the need for Cybersecurity Maturity Model Certification 

  • Why the third-party contractors are the weakest cyber link?

  • Interpret the NIST SP 800-171 Controls 

  • Understand Federal Acquisition Regulation (FAR) Clause 52.204.21 for protecting Federal Contract Information (FCI)

  • Understand Defense Federal Acquisition Regulation Supplement (DFARS) Clause 252.204-7012 for protecting Controlled Unclassified Information (CUI)

  • Understand NIST SP 800-171 Protecting Controlled Unclassified Information in Non-Federal Systems and Organizations

  • Learn about the essential differences between CMMC vs. NIST 800-171

  • Learn how CMMC Model Works: Domains, Capabilities, Practices, and Processes

Cybersecurity Maturity Model Certification (CMMC) - Part II

Objective

The Defense Industrial Base (DIB) sector consists of companies that contribute to research, engineering, production, delivery, operations, installation, and support services. The cyber actors continue to target the DIB sector and the Department of Defense (DoD) supply chain for intellectual property and unclassified information. The DoD has released the Cybersecurity Maturity Model Certification (CMMC) to ensure appropriate levels of cybersecurity controls, and processes are adequate and in place to protect Controlled Unclassified Information (CUI) on DoD contractor systems.

 

The course starts with the details about the CMMC model structure (domains, capabilities, practices, and processes), how the model works, five process maturity levels, and five technical practices. The course learnings include knowledge about the CMMC capabilities, CMMC level 2 and level 3 practices beyond NIST 800-171, CMMC implementation, and scoring methodology.

 

This interactive training course will ensure professionals and practitioners at all levels understand their roles and responsibilities, new developments, resources, and hallmarks of an effective compliance program. In this course, you will be asked to read through lessons, participate in learning activities, and partake in knowledge checks designed to reinforce learning, followed by the end of the course final assessment.


  • Course ID: CS00802
  • Duration: 60 mins
  • CPE: 1 HR
  • Course Type: e-Learning
  • Price: $31.98
Course Details

What you will learn:

  • Learn how CMMC Model Works: Domains, Capabilities, Practices, and Processes

  • Understand the CMMC five Process Maturity levels and five Technical Practices levels

  • Understand Federal Acquisition Regulation (FAR) Clause 52.204.21 for protecting Federal Contract Information (FCI)

  • Learn about the control compliance and certification requirements for level 1 to level 5

  • Learn about the CMMC capabilities

  • Understand the 14 points of NIST 800-171 and create security protocols for 14 key areas. 

  • Learn about the CMMC Levels 2 and 3 Practices Beyond NIST 800-171

  • Learn about the implementation challenges

  • Learn about becoming a CMMC Certified Supplier

  • Understand the CMMC Scoring methodology

  • Knowledge Check

Cybersecurity Maturity Model Certification (CMMC) - Part III

Objective

The Defense Industrial Base (DIB) sector consists of companies thatcontribute to research, engineering, production, delivery, operations,installation, and support services. The cyber actors continue to target the DIBsector and the Department of Defense (DoD) supply chain for intellectualproperty and unclassified information. The DoD has released the CybersecurityMaturity Model Certification (CMMC) to ensure appropriate levels ofcybersecurity controls, and processes are adequate and in place to protectControlled Unclassified Information (CUI) on DoD contractor systems.

The course starts with the details about the CMMC model structure(domains, capabilities, practices, and processes), how the model works, fiveprocess maturity levels, and five technical practices. The course details howthe CMMC - Domains, Capabilities, Practices, and Processes - model works. Thecourse learnings include preparing for CMMC assessment and understanding ofCMMC specific controls over and above NIST 800-171controls. You will study CMMClevel 4 and 5 requirements.

This interactive training course will ensure professionals andpractitioners at all levels understand their roles and responsibilities, newdevelopments, resources, and hallmarks of an effective compliance program. Inthis course, you will be asked to read through lessons, participate in learningactivities, and partake in knowledge checks designed to reinforce learning, followedby the end of the course final assessment.

  • Course ID: CS00803
  • Duration: 60 mins
  • CPE: 1 HR
  • Course Type: e-Learning
  • Price: $31.98
Course Details

What you will learn:

·      Learn how CMMC Model Works: Domains, Capabilities, Practices, andProcesses

·      Learn how to Prepare CMMC for Assessment

·      Understand the 20 non-NIST 800-171 Controls to complied at level3

·      Understand CMMC Level 4 requirements

·      Understand CMMC Level 5 requirements

·      Learn about the CMMC Certification process

·      Knowledge Check 

Cybersecurity Maturity Model Certification (CMMC) - Part IV

Objective

The Defense Industrial Base(DIB) sector consists of companies that contribute to research, engineering,production, delivery, operations, installation, and support services. The cyberactors continue to target the DIB sector and the Department of Defense (DoD)supply chain for intellectual property and unclassified information. The DoDhas released the Cybersecurity Maturity Model Certification (CMMC) to ensureappropriate levels of cybersecurity controls, and processes are adequate and inplace to protect Controlled Unclassified Information (CUI) on DoD contractorsystems.


The course starts with thedetails about the CMMC model structure (domains, capabilities, practices, andprocesses), how the model works, five process maturity levels, and fivetechnical practices. You will learn to interpret the NIST SP 800-171 controls andapply the control guidance in gap analysis and remediation. The course includesdeep dive to learn about Access Control, Awareness, and Training.
?This interactive trainingcourse will ensure professionals and practitioners at all levels understandtheir roles and responsibilities, new developments, resources, and hallmarks ofan effective compliance program. In this course, you will be asked to readthrough lessons, participate in learning activities, and partake in knowledgechecks designed to reinforce learning, followed by the end of the course finalassessment

  • Course ID: CS00804
  • Duration: 60 mins
  • CPE: 1 HR
  • Course Type: e-Learning
  • Price: $31.98
Course Details

What you will learn:

·       The CMMC model and controls

·       Interpret the NIST SP 800-171 Controls and apply the controlguidance in gap analysis, remediation and implementing controls

·       Access Control

o   Establish system access requirements

o   Control internal systems access

o   Control remote systems access

o   Limit data access to authorized users and processes

·       Awareness and Training

o   Conduct security awareness activities

o  Conduct training

Cybersecurity Maturity Model Certification (CMMC) - Part V

Objective

The Defense Industrial Base(DIB) sector consists of companies that contribute to research, engineering,production, delivery, operations, installation, and support services. The cyberactors continue to target the DIB sector and the Department of Defense (DoD)supply chain for intellectual property and unclassified information. The DoDhas released the Cybersecurity Maturity Model Certification (CMMC) to ensureappropriate levels of cybersecurity controls, and processes are adequate and inplace to protect Controlled Unclassified Information (CUI) on DoD contractorsystems.

The course starts with thedetails about the CMMC model structure (domains, capabilities, practices, andprocesses), how the model works, five process maturity levels, and fivetechnical practices. The course includes deep dive to learn about the Audit andAccounting Controls, Configuration Management controls, Identification &Authentication controls, Maintenance controls, and Media Protection Controls.

This interactive trainingcourse will ensure professionals and practitioners at all levels understandtheir roles and responsibilities, new developments, resources, and hallmarks ofan effective compliance program. In this course, you will be asked to readthrough lessons, participate in learning activities, and partake in knowledgechecks designed to reinforce learning, followed by the end of the course finalassessment.

  • Course ID: CS00805
  • Duration: 60 mins
  • CPE: 1 HR
  • Course Type: e-Learning
  • Price: $31.98
Course Details

What you will learn:

 Understand the CMMC Model and controls

  Interpret the NIST SP 800-171Controls and apply the control guidance in gap analysis, remediation, and implementing controls

  Understand the specific domains:

  Audit & Accounting - Define audit requirements, perform auditing, Identify and protect audit information, Review and manage audit logs

  Configuration Management -Establish configuration baselines, Perform configuration and change management

  Identification and Authentication - Grant access to authenticated entities, Incident Response -Plan incident response, Detect and report events, Develop and implement a response to a declared incident, Perform post-incident reviews, Test incident response

  Maintenance - Manage maintenance

  Media Protection - Identify and mark media, Protect and control media, Sanitize media, Protect media during transport

Cybersecurity Maturity Model Certification (CMMC) - Part VI

Objective

The Defense Industrial Base (DIB) sector consists of companiesthat contribute to research, engineering, production, delivery, operations,installation, and support services. The cyber actors continue to target the DIBsector and the Department of Defense (DoD) supply chain for intellectualproperty and unclassified information. The DoD has released the CybersecurityMaturity Model Certification (CMMC) to ensure appropriate levels ofcybersecurity controls, and processes are adequate and in place to protectControlled Unclassified Information (CUI) on DoD contractor systems.

 

The course starts with the details about the CMMC modelstructure (domains, capabilities, practices, and processes), how the modelworks, five process maturity levels, and five technical practices. The courseincludes deep dive to learn about the Personnel Security, Physical Protection, RiskManagement, Security Assessment, System & Communications Protection and System& Information Integrity controls.

 

This interactive training course will ensure professionals andpractitioners at all levels understand their roles and responsibilities, newdevelopments, resources, and hallmarks of an effective compliance program. Inthis course, you will be asked to read through lessons, participate in learningactivities, and partake in knowledge checks designed to reinforce learning,followed by the end of the course final assessment.

  • Course ID: CS00806
  • Duration: 60 mins
  • CPE: 1 HR
  • Course Type: e-Learning
  • Price: $31.98
Course Details

What you will learn:

·       Understand the CMMC Model and controls

·       Interpret the NIST SP800-171 Controls and apply the control guidance in gap analysis, remediation and implementing controls

·        Understand the specific domains:

o   Personnel Security -Screen personnel, Protect CUI during personnel actions

o   Physical Protection - Limit physical access

o   Risk Management -Identify and evaluate risk, manage risk, Manage supply chain risk

o   Security Assessment -Develop and manage a system security plan, Define and manage controls, Perform code reviews

o   System &Communications Protection - Define security requirements for systems and communications, Control communication at system boundaries

o   System &Information Integrity - Identify and manage information system flaws, identify malicious content, perform network and system monitoring, Implement advanced email protections

Data Privacy and Privacy Regulations (GDPR / CCPA) Part I

Objective

Corporations should not tie privacy to just legal requirements but practice privacy as a moral and ethical obligation to safeguard individuals. Data protection ensures that your data is safeguarded from unlawful access by unauthorized parties. The data privacy certification courses intend to provide employees with an understanding of personal data and information, the background and principles of data protection. The data privacy awareness course provides all staff with a comprehensive overview of data privacy rules, policy, and legislation in the United States as well as EU Data protection.  

The protection of US residents’ data is regulated by laws enacted on both the national and the state level. The examples of federal laws are GLBA, HIPAA, FTC, DPPA, FCRA, COPPA, TCPA, etc. States have their own privacy laws, e.g. example, California Consumer Privacy Act (CCPA), Protections for Consumer Data Privacy, Florida Regulation of Trade, Commerce, Investments, and Solicitations, Biometric Information Privacy Act, etc.

This interactive data privacy certification training course will ensure professionals and practitioners at all levels understand their roles and responsibilities, new developments, resources, and hallmarks of an effective compliance program. The course includes knowledge questions as users progress through the training and the final assessment test.
  • Course ID: CS00106
  • Duration: 60 mins
  • CPE: 1 HR
  • Course Type: e-Learning
  • Price: $31.98
Course Details

What you will learn:

  • Learn about Privacy Imperative
  • Understand Strategic and Tactical Drivers
  • Learn about Privacy Strategy and Privacy Impact
  • Understand the Private Identifiable Information (PII) and Private Health Information
  • (PHI) data
  • Learn about Privacy Impact Assessments
  • Learn about HIPAA and HITECH
  • Learn about GDPR and CCPA
  • Understand the Breach Notification Requirements

Data Privacy and Privacy Regulations (GDPR / CCPA) Part II

Objective

Corporations should not tie privacy to just legal requirements but practice privacy as a moral and ethical obligation to safeguard individuals. Data protection ensures that your data is safeguarded from unlawful access by unauthorized parties. The data privacy courses intend to provide employees with an understanding of personal data and information, the background and principles of data protection. The data privacy courses provide all staff with a comprehensive overview of data privacy rules, policy, and legislation in the United States as well as EU Data protection.  

The protection of US residents’ personal data is regulated by laws enacted on both the national and the state level. The examples of Federal Laws are GLBA, HIPAA, FTC, DPPA, FCRA, COPPA, TCPA, etc. States have their own privacy laws, for e.g., the California Consumer Privacy Act (CCPA), Protections for Consumer Data Privacy, Florida Regulation of Trade, Commerce, Investments, and Solicitations, Biometric Information Privacy Act, etc.

This interactive CCPA training course will ensure professionals and practitioners at all levels understand their roles and responsibilities, new developments, resources, and hallmarks of an effective compliance program. The course includes knowledge questions as users progress through the CCPA training and the final assessment test.
  • Course ID: CS00107
  • Duration: 60 mins
  • CPE: 1 HR
  • Course Type: e-Learning
  • Price: $31.98
Course Details

What you will learn:

  • Learn about Privacy Imperative
  • Understand Strategic and Tactical Drivers
  • Learn about Privacy Strategy and Privacy Impact
  • Understand the Private Identifiable Information (PII) and Private Health Information
  • (PHI) data
  • Learn about Privacy Impact Assessments
  • Learn about HIPAA and HITECH
  • Learn about GDPR and CCPA
  • Understand the Breach Notification Requirements

Facility Workplace Awareness Part I

Objective

Workplace safety and security is the responsibility of every employee. No workplace is immune to the threat of equipment theft, and loss of sensitive/private information, and intellectual property. Employees are often the target of these threats as well as the organization's first line of defense against them. Threats endanger the confidentiality, integrity, availability, and security of the workplace, virtual workplace, and information systems.

This course presents information on how employees can contribute to your organization's security. The effectiveness of the security program depends on communication and periodic training. The course provides a comprehensive review of the knowledge required for understanding workplace security risks and actions that need to be taken by employees. 

This interactive training course will ensure professionals and practitioners at all levels understand their roles and responsibilities, new developments, resources, and hallmarks of an effective compliance program. The course includes knowledge test as users progress through the training and the final assessment test. 
  • Course ID: CS00109
  • Duration: 60 mins
  • CPE: 1 HR
  • Course Type: e-Learning
  • Price: $31.98
Course Details

What you will learn:

Identify potential risks to workplace security
Measures for improving workplace security
Actions to take in response to a security situation
Facility and Physical Security Perimeter
Badge and Visitors Security
Do’s and Don’ts
Securing Devices and Data in Public
Public Networks and Security
Device Security
1.Laptop
2.Mobile Device Security
Clear Desk



Facility Workplace Awareness Part II

Objective

Workplace safety and security is responsibility of every employee. Employees are increasingly working remotely using internet and emails as well as voice messaging are used for day today work. Threats endanger the confidentiality, integrity, availability, and security of workplace, virtual workplace and information systems.

Facility and Workplace Security Awareness Part II presents multiple use cases and practical examples to illustrate the workplace security challenges. The course provides a comprehensive review of the knowledge required for understanding workplace security risks and actions needs to be taken by employees. 

This interactive training course will ensure professionals and practitioners at all levels understand their roles and responsibilities, new developments, resources, and hallmarks of an effective compliance program. The course includes knowledge test as users progress through the training and the final assessment test. 
  • Course ID: CS00110
  • Duration: 60 mins
  • CPE: 1 HR
  • Course Type: e-Learning
  • Price: $31.98
Course Details

What you will learn:

  • Identify potential risk while working remotely
  • Corporate data and information systems security
  • Physical access control
  • Email Security and practical examples

Foreign Corrupt Practices Act (FCPA) Part III

Objective

The U.S. Congress enacted the Foreign Corrupt Practices Act (FCPA) in 1977 in response to findings that companies had been making hundreds of millions of dollars of questionable payments to foreign government officials, politicians, and political parties. The purposes of this act are to halt the bribery of foreign officials and restore public confidence in the integrity of the American business system. The head of the DOJ's Criminal Division recently described the agency's focus on FCPA enforcement and warned executives and employees of personal accountability for FCPA violations.

 

This FCPA training series Part I to III explains the major principles of U.S. anti-corruption laws, persons subject to FCPA, implications, consequences, etc. This interactive FCPA training course will ensure professionals and practitioners at all levels understand their roles and responsibilities, new developments, FCPA resources, and hallmarks of an effective compliance program. 

 

In this course, you will be asked to read through lessons, participate in learning activities, and partake in knowledge checks designed to reinforce learning followed by the end of the course final assessment.


  • Course ID: CO00303
  • Duration: 60 mins
  • CPE: 1 HR
  • Course Type: e-Learning
  • Price: $31.98
Course Details

What you will learn:

  • Study the FCPA recent cases and takeaways

  • Learn about the effective FCPA compliance program

  • Study the FCPA program best practices

    • Third Parties

    • Review Transactions

    • Gifts, Meals, Travel and Entertainment 

    • Training

    • Due Diligence

    • Reporting

    • Risk Areas 

  • Learn about the FCPA enforcement actions and monitory resolutions

Incident Management Part I - Awareness

Objective

Incident management (IM) is a key component of any business resiliency program. The primary focus of IM is to restore the normal operations and services as quickly as possible after an unforeseen event. IM is the process of managing the lifecycle of all incidents with the objective to ensure smooth business operations with minimal to no downtime.

The IM programs are designed to train the employees and professionals to develop a better understanding of incidents and how they impact businesses. The program is in three parts. IM Part I is for all employees to help them understand their roles and how quickly an incident can escalate to become a major issue if not managed properly. The employees will learn key concepts, understand different terminologies, etc. The course is designed to ensure employees understand the importance of acting quickly and to make sure they are aware of the basic requirements.

In this course, you will be asked to read through lessons, participate in learning activities, and partake in knowledge checks designed to reinforce learning followed by the end of the course final assessment.

  • Course ID: CS00401
  • Duration: 60 mins
  • CPE: 1 HR
  • Course Type: e-Learning
  • Price: $31.98
Course Details

What you will learn:

  • Brief about Incident and Incident Management (IM)
  • Incident Management Objectives
  • What is a Security Incident Management?
  • Incident, Problem, and Service Request
  • Incident Management Key Concepts
  • Incident Management Process and ITIL
  • Incident Management Process Workflow Examples
  • Incident Management Process
  • Incident Management Process Steps Discussed in Detail

Incident Management Part II - Advanced

Objective

Incident Management (IM) is a key component of any business resiliency program. The primary focus of IM is to restore the normal operations and services as quickly as possible after an unforeseen event. IM is the process of managing the lifecycle of all incidents to ensure smooth business operations with minimal to no downtime. 

Part II of the course will enhance your understanding of the incident management process. It starts with identifying incidents, critical success factors, and key performance indicators specific to IM. You will also learn about the ITIL framework based IM Process Workflow.

The course is designed to ensure practitioners understand the importance of acting quickly and to make sure they are aware of the basic requirements. The course includes knowledge tests as users progress through the training.
  • Course ID: CS00402
  • Duration: 60 mins
  • CPE: 1 HR
  • Course Type: e-Learning
  • Price: $31.98
Course Details

What you will learn:

  • Learn about Incident and Incident Management (IM)
  • Understand Critical Success Factors (CSF) 
  • Understand Key Performance Indicators (KPI) Specific to Incident Management
  • Understand Other Process Interfacing with Incident Management
  • Learn about ITIL Framework Based Incident Management Process Workflow
  • Implementing Incident Management - Detailed Guidance

Incident Management Part III - Cyber Security Incident Response Team (CSIRT)

Objective

Incident management (IM) is a key component of any business resiliency program. The primary focus of IM is to restore the normal operations and services as quickly as possible after an unforeseen event. IM is the process of managing the lifecycle of all incidents to ensure smooth business operations with minimal to no downtime. The program is in three parts.

IM Part III is for all professionals and practitioners to help them understand their roles and how quickly an incident can escalate to become a major issue if not managed properly. Part III provides advanced knowledge in building a Cybersecurity Incident Response Team (CSIRT). The program is thorough about building a CSIRT, escalation, and adapting the CSIRT for different types of incidents. The training is supported by charts and flow diagrams along with detailed information on roles and responsibilities. This is highly recommended for organizations wanting to improve their incident management processes. The course includes knowledge questions as users progress through the training and the final assessment test.

The training is focused on information technology employee growth, retention, and sustainability. In this course, you will be asked to read through lessons, participate in learning activities, and partake in knowledge checks designed to reinforce learning followed by the end of the course final assessment.

  • Course ID: CS00403
  • Duration: 60 mins
  • CPE: 1 HR
  • Course Type: e-Learning
  • Price: $31.98
Course Details

What you will learn:

  • Understand how to use code of practice ISO 27002
  • Learn about ISMS mandatory processes and documentation
  • Learn about risk assessment, risk treatment plans, statement of applicability
  • Learn about ISO 27001 Annex A controls and requirements

Information Security and Privacy Awareness

Objective

Your enterprise's data is at risk. Your own employees may be pawns in the next threat from a highly skilled hacktivist, criminal, or nation-state. A security-aware workforce is a vital component in enterprise protection and is necessary to protect the company and its partners, customers, and employees. Additionally, you want to make sure that security is both a board-level and executive-level priority. 

The objective of an effective Cyber Security and Privacy Awareness Training program is to empower employees to be proactive and aware of cybersecurity threats. The process starts with the training of new employees and it is an important opportunity to instill a security mindset into all roles early on. The course includes cybersecurity and privacy knowledge test as users progress through the training. Cyber Security is the body of technologies, processes, and practices designed to protect networks, computers, programs, and data from attack, damage, or unauthorized access. The training is designed to protect and preserve the confidentiality, integrity, and availability of information owned by or in the care of the corporation.

This interactive training course will ensure professionals and practitioners at all levels understand their roles and responsibilities, new developments, resources, and hallmarks of an effective compliance program. The course includes knowledge questions as users progress through the training and the final assessment test.
  • Course ID: CS00101
  • Duration: 60 mins
  • CPE: 1 HR
  • Course Type: e-Learning
  • Price: $31.98
Course Details

What you will learn:

  • Learn How to Protect Information
  • Understand the Key Security Terms
  • Learn about Insider Risk
  • Learn about Privately Identifiable Information and Privately Healthcare Information
  • Learn about Physical Security, Facility Security and Clean Desk Policies
  • Learn about Social Engineering and Phishing
  • Learn about Acceptable Personal Use of Corporate Property and Email
  • Learn about Malicious Software and Incident Reporting
  • Learn about User Id and Password Protection
  • Understand Your Responsibility as a User

Information Technology General Controls (ITGC) Part I

Objective

The employees must understand the Sarbanes-Oxley Act (SOX) passed to protect shareholders and the general public from accounting errors and fraudulent practices in enterprises and the role of information technology. Under section 302, the companies need to put systems that protect against data manipulation, provide the ability to track timelines, and determine who had access to data and when.

The course provides a detailed understanding of the COSO components, objectives, entity-level consideration, financial reporting assertions, use COBIT, ISO 27000, ITIL for SOX compliance, and more. The course content is precise and to the point with a focus on knowledge application and practical considerations. The course ensures employees understand the importance of their role in a public company and comply with the regulatory requirements by implementing proper security controls to ensure that financial data is accurate and protected against loss.

In this course, you will be asked to read through lessons, participate in learning activities, and partake in knowledge checks designed to reinforce learning, followed by the end of the course final assessment.


  • Course ID: CS00701
  • Duration: 60 mins
  • CPE: 1 HR
  • Course Type: e-Learning
  • Price: $31.98
Course Details

What you will learn:

  • Study the Sarbanes-Oxley Act (SOX)
  • Learn about the COSO framework and its relationship with SOX
  • Learn about SOX and Corporate Governance requirements
  • Study the internal controls
  • Understand the relevance of IT controls for SOX compliance
  • Understand the fundamentals of ITGC
  • Study the types of IT controls
  • Study the general IT process controls and controls testing

Information Technology General Controls (ITGC) Part II - COSO Framework

Objective

The employees must understand the Sarbanes-Oxley Act (SOX) passed to protect shareholders and the general public from accounting errors and fraudulent practices in enterprises, and the role of information technology. Under section 302, the companies need to implement systems that protect against data manipulation, provide the ability to track timelines, and can determine who had access to data and when. Under section 409 compliance mandates the timely disclosure of any information and section 802 states the information technology team’s role in SOX compliance to preserve records. 

The course ITGC Part II is designed to ensure employees understand the importance of their role in a public company and comply with the regulatory requirements by implementing correct security controls to ensure that financial data is accurate and protected against loss. You will learn about evaluating and auditing IT general controls.

In this course, you will be asked to read through lessons, participate in learning activities, and partake in knowledge checks designed to reinforce learning followed by the end of the course final assessment.

  • Course ID: CS00702
  • Duration: 60 mins
  • CPE: 1 HR
  • Course Type: e-Learning
  • Price: $31.98
Course Details

What you will learn:

  • Learn about Information Technology General Controls (ITGCs) basics 
  • Study the IT and Risk Control Approach
  • Learn to evaluate IT General Controls
  • Learn about Auditing Security Administration Controls
  • Learn about Auditing Maintenance Controls
  • Learn about Auditing Computer Operations Controls
  • Learn about Auditing Systems Development Controls
  • Learn about Auditing Outsourced Services Controls
  • Study the Key Considerations for Effective SOX Testing

Information Technology General Controls (ITGC) Part III

Objective

The employees must understand the Sarbanes-Oxley Act (SOX) passed to protect shareholders and the general public from accounting errors and fraudulent practices in enterprises, and the role of information technology. Under section 302, the companies need to implement systems that protect against data manipulation, provide the ability to track timelines, and can determine who had access to data and when. Under section 409 compliance mandates the timely disclosure of any information and section 802 states the information technology team’s role in SOX compliance to preserve records. 

In ITGC Part III of the course you will learn about the Information Technology Governance considerations in SOX compliance and SOX requirements for application change controls, data backup and recovery, systems development life cycle, and outsourcing financial applications.

This interactive training course will ensure professionals and practitioners at all levels understand their roles and responsibilities, new developments, resources, and hallmarks of an effective compliance program. The course includes knowledge questions as users progress through the training and the final assessment test.
  • Course ID: CS00703
  • Duration: 60 mins
  • CPE: 1 HR
  • Course Type: e-Learning
  • Price: $31.98
Course Details

What you will learn:

  • Understand IT Governance considerations in SOX compliance
  • Understand Activity/Process Level Considerations in General Control Issues
  • Learn about evaluating security administration controls
  • Understand the SOX requirement for:
  • Application change controls
  • Data Backup and Recovery
  • Systems Development Life Cycle (SDLC)
  • Outsourcing Financial Applications
  • Learn about the Role of Application and Data-Owner Processes
  • Understand the application level control considerations
  • Understand the process level control considerations

Malware Ransomware Awareness

Objective

The two most common ways that malware accesses your system are the Internet and email. Malware, or “malicious software,” is an umbrella term that describes any malicious program or code that is harmful to systems. There are many forms of malware, including viruses, exploits, adware, Trojan, worms, ransomware, and spyware. Just visiting a malicious website and viewing an infected page and/or banner ad can result in a drive-by malware download. All it takes is for one unsuspecting person to create an opening, and malware can infect an entire network.

The course is designed to educate employees to understand how malware can infect your device, how you can avoid malware, and what action you need to take when you get infected by malware.

In this course, you will be asked to read through lessons, participate in learning activities, and partake in knowledge checks designed to reinforce learning followed by the end of the course final assessment.
  • Course ID: CS00105
  • Duration: 60 mins
  • CPE: 1 HR
  • Course Type: e-Learning
  • Price: $31.98
Course Details

What you will learn:

  • How do you get malware?
  • What malware is and why it is dangerous
  • Become familiar with different types of malware and how users can identify them
  • How can you tell if you have a malware infection?
  • Understand how most malware requires human action to infect a computer
  • How to protect against malware?
  • How people can avoid malware and what to do (and not to do) if this ever happens

National Institute of Standards and Technology (NIST) Part I

Objective

National Institute of Standards and Technology (NIST) is responsible for measurement science, standards, and technology in a way that promotes safety and collaboration for industry and government alike. In this course, you will learn to apply the principles of the NIST Cybersecurity Framework (NIST CSF) to your organization.

A security program must keep pace with the evolving threat landscape. NIST CSF helps build and augment a security program that equips the enterprise to keep pace with evolving threats and technologies. The NIST training outlines how implementing a security program based on the CSF framework can help organizations mitigate these issues. The framework core contains cybersecurity activities and informative references that are organized around particular functions.

In this NIST training, you will be asked to read through lessons, participate in learning activities, and partake in knowledge checks designed to reinforce learning followed by the end of the course final assessment.

National Institute of Standards and Technology (NIST) Part II
  • Course ID: CS00501
  • Duration: 60 mins
  • CPE: 1 HR
  • Course Type: e-Learning
  • Price: $31.98
Course Details

What you will learn:

  • Learn about CSF fundamentals
  • Learn how to develop a risk-based cybersecurity framework
  • Understand the CSF framework core and design
  • In-depth knowledge on how to use functions, categories, and subcategories
  • Use of risk management principles, best practices, and methodologies
  • Understand the CSF implementation tiers and implementation
  • Learn about framework profile implementation
  • Learn about improving resilience

National Institute of Standards and Technology (NIST) Part II

Objective

National Institute of Standards and Technology (NIST) is responsible for measurement science, standards, and technology in a way that promotes safety and collaboration for industry and government alike. In this course, you will learn to implement the principles of the NIST Cyber Security Framework (NIST CSF) in your organization. You will study informative references associated with functions and categories in greater detail.

A security program must keep pace with the evolving threat landscape. NIST CSF helps build and augment a security program that equips the enterprise to keep pace with evolving threats and technologies. The course outlines how implementing a security program based on the CSF framework can help organizations mitigate these issues. The framework core contains cybersecurity activities and informative references that are organized around particular functions.

In this course, you will be asked to read through lessons, participate in learning activities, and partake in knowledge checks designed to reinforce learning followed by the end of the course final assessment.
  • Course ID: CS00502
  • Duration: 60 mins
  • CPE: 1 HR
  • Course Type: e-Learning
  • Price: $31.98
Course Details

What you will learn:

  • Learn about CSF fundamentals
  • Learn how to establish or improve your cybersecurity program
  • Understand the NIST CSF concept and how to implement with the help of case study
  • Understand the practical application of CSF framework’s core, design, functions, categories, and subcategories
  • Detailed knowledge of functions, categories, and subcategories along with
  • informative references from COBIT, ISA, NIST SP 800-53, CIS CSC, ISO 27001, etc.

Privileged Access Management (PAM) Part I

Objective

“According to Gartner, by 2022, 90% of organizations will recognize that mitigation of Privileged Access Management (PAM) risk is a fundamental security control, which is an increase from 70% today. Privileged accounts are the keys to the IT kingdom since they can provide the authenticated user with almost limitless privileged access rights across an organization’s most critical systems and data. 

Part I of the PAM course provides an overview of the privileges, how are they created, granted, etc. and the benefits of privileged access management. You will learn about privileged accounts, the types of privileged accounts,  the privileged service accounts,  privilege related risks, and challenges. The course enhances knowledge in the areas of  privileged threat vectors (external and internal),  how hackers compromise the privileged accounts, and study the privilege access management best practices

In this course, you will be asked to read through lessons, participate in learning activities, and partake in knowledge checks designed to reinforce learning followed by the end of the course final assessment.
  • Course ID: PA1
  • Duration: 60 mins
  • CPE: 1 HR
  • Course Type: e-Learning
  • Price: $31.98
Course Details

What you will learn:

  • Privileged Access Management Overview
  • Learn about privileges and how are they created, granted, etc.
  • Learn about privileged accounts
  • Understand the types of privileged accounts
  • Study the privileged service accounts
  • Learn about privilege related risks and challenges
  • Learn about privileged threat vectors – external and internal
  • Understand the benefits of privileged access management
  • Learn how hackers compromise the privileged accounts.
  • Study the privilege access management best practices

Privileged Access Management (PAM) Part II

Objective

According to Gartner, by 2022, 90% of organizations will recognize that mitigation of Privileged Access Management (PAM) risk is a fundamental security control, which is an increase from 70% today. Privileged accounts are the keys to the IT kingdom since they can provide the authenticated user with almost limitless privileged access rights across

an organization’s most critical systems and data. 

 

Part II of the PAM course contains thorough knowledge about the privileged account security controls, PAM solution partner considerations, how to baseline the PAM, and how to manage ongoing improvements. The course learnings include critical questions to answer when you start the PAM program, third-party PAM access requirements, insider threat considerations, and more. The course enhances your knowledge in protecting privileged accounts and privilege access management best practices.

 

In this course, you will be asked to read through lessons, participate in learning activities, and partake in knowledge checks designed to reinforce learning, followed by the end of the course final assessment.


  • Course ID: PA2
  • Duration: 0 mins
  • CPE: 1 HR
  • Course Type: e-Learning
  • Price: $31.98
Course Details

What you will learn:

  • Learn about privileges and how are they created, granted, etc.
  • Learn about the capabilities of PAM software.
  • Study the PAM security controls.
  • Learn about the PAM solution partner considerations.
  • Study about the PAM baseline and ongoing Improvements.
  • Study the considerations for selection of PAM.
  • Learn hot to protect privileged accounts.

Privileged Access Management (PAM) Part III

Objective

“According to Gartner, by 2022, 90% of organizations will recognize thatmitigation of Privileged Access Management (PAM) risk is a fundamental securitycontrol, which is an increase from 70% today. Privileged accounts are the keysto the IT kingdom since they can provide the authenticated user with almostlimitless privileged access rights across an organization’s most criticalsystems and data.

Part II of the PAM course contains thorough knowledge about the bestpractices for PAM management and PAM Implementation. You will study the conceptof PAM as an implementation goal with a long-term view of security. The courseenhances your PAM implementation knowledge along with education about the fourpillars of successful PAM.

In this course, you will be asked to read through lessons, participatein learning activities, and partake in knowledge checks designed to reinforcelearning, followed by the end of the course final assessment.

  • Course ID: PA3
  • Duration: 60 mins
  • CPE: 1 HR
  • Course Type: e-Learning
  • Price: $31.98
Course Details

What you will learn:

  • PAM as a Directive
  • Five Steps Toward a Successful PAM Implementation 
  • Governance
  • The Four Pillars of PAM
  • Pillar No. 1: Track and Secure Every Privileged Account
  • Pillar No. 2: Govern and Control Access
  • Pillar No. 3: Record and Audit Privileged Activity
  • Pillar No. 4: Operationalize Privileged Tasks
  • How PAM Is Implemented / Key Solutions

Problem Management Part I - Awareness

Objective

The objective of incident management is to restore the service as quickly as possible while problem management deals with solving the underlying root cause of one or more incidents. 

The Problem Management Awareness course will enable you to gain and apply the skills and techniques to your own organization to establish problem management best practices. You will learn when and how to implement a problem control process, understand the workarounds, develop policy and procedures, and define critical success factors as well as key performance indicators. 

In this course, you will be asked to read through lessons, participate in learning activities, and partake in knowledge checks designed to reinforce learning followed by the end of the course final assessment.
  • Course ID: CS00601
  • Duration: 60 mins
  • CPE: 1 HR
  • Course Type: e-Learning
  • Price: $31.98
Course Details

What you will learn:

  • Understand incident vs. problems
  • Understand quick fix and permanent problem resolution
  • Key definitions and basic concepts for problem management
  • Decide whether you need to implement problem control
  • Key process activities of the problem management process
  • Understand workarounds and solutions
  • Developing problem management policy
  • Learn about problem management process interfaces
  • Critical success factors and key performance indicators

Problem Management Part II - Advanced

Objective

The objective of incident management is to restore the service as quickly as possible while problem management deals with solving the underlying root cause of one or more incidents. The Problem Management Advanced course will enable you to design and implement a problem management process in your organization. 

The course will train you on establishing problem management process roles and responsibilities, step by step approach in implementing key processes, defining process inputs/outputs, and reporting. You will also learn about drivers/inputs that trigger the problem management process. 

In this course, you will be asked to read through lessons, participate in learning activities, and partake in knowledge checks designed to reinforce learning followed by the end of the course final assessment.
  • Course ID: CS00602
  • Duration: 60 mins
  • CPE: 1 HR
  • Course Type: e-Learning
  • Price: $31.98
Course Details

What you will learn:

  • Understand basic concepts of problem management
  • Learn about the roles and responsibilities associated with the problem
  • management process
  • Understand the input that triggers the problem management process
  • Planning for problem management process implementation and training
  • Understand the problem management process implementation guide (step by step approach)
  • Understand process inputs and outputs
  • Learn about problem management reporting
  • Understand the problem management checklist
  • Understand the activities and documentation

Security Framework Awareness

Objective

A security framework is a set of rules or documented processes that include policies, procedures, etc. implemented to manage information security controls and reduce risks. The framework design is the key for organizations to move from their current state to their target state with the ability to identify gaps and prioritize gaps based on risk assessment. Frameworks, if used wisely, effectively, and efficiently, will enable organizations to achieve their security objectives.

The training explains how implementing a security program based on the framework can help organizations mitigate the security risk and consider the appropriate level of rigor for their cybersecurity program. It explains to employees how their organization can move from their current state to their target state with the ability to identify the gap and prioritize gaps based on risk assessment. 

In this course, you will be asked to read through lessons, participate in learning activities, and partake in knowledge checks designed to reinforce learning followed by the end of the course final assessment.
  • Course ID: CS00108
  • Duration: 60 mins
  • CPE: 1 HR
  • Course Type: e-Learning
  • Price: $31.98
Course Details

What you will learn:

  • Understand What is a Framework
  • Understand What is an Information Security Framework
  • Learn about Types of Security Frameworks
  • Learn about Compliance Regulations and Frameworks
  • Understand Factors Driving Security Frameworks
  • Learn about Various Security Frameworks - ISO, COBIT, NIST, ITIL, COSO, NERC, TY
  • CYBER, HITRUST, CSF
  • Understand the Business Benefits of Security Frameworks

Social Engineering & Phishing Part II - Advanced

Objective

Hackers call data centers and pretend to be customers who have lost their passwords or show up at a site and simply wait for someone to hold a door open for them. Hackers have been known to create phony websites, sweepstakes, or questionnaires that ask users to enter a password. Phishing is a technique used to obtain sensitive information by impersonating oneself as a trustworthy entity in an electronic communication. 

In Part II of Phishing Awareness, you will learn about different types of phishing attacks, techniques in discovering attacks, characteristics of phishing emails, etc. providing employees with very deep knowledge in responding to the growing amount of phishing emails. The course is designed for the organizations that need to comply with the regulatory requirements, support phishing awareness campaigns, and educate employees about the impact of social engineering attacks, especially those having exposure to private data, financial data, highly sensitive, and confidential data. 

In this course, you will be asked to read through lessons, participate in learning activities, and partake in knowledge checks designed to reinforce learning followed by the end of the course final assessment.
  • Course ID: CS00104
  • Duration: 60 mins
  • CPE: 1 HR
  • Course Type: e-Learning
  • Price: $31.98
Course Details

What you will learn:

  • Learn about Ten Different Types of Phishing Attacks
  • Understand the Characteristics of Phishing Emails
  • Understand Common Methods of Phishing Attacks
  • Learn about Escalation and Containment
  • Learn about Eradication and Rebuilding
  • Learn about Recovery and Aftermath

Social Engineering & Phishing Part I - Awareness

Objective

Hackers call data centers and pretend to be customers who have lost their passwords or show up at a site and simply wait for someone to hold a door open for them. Hackers have been known to create phony web sites, sweepstakes, or questionnaires that ask users to enter a password. Phishing is a technique used to obtain sensitive information by impersonating oneself as a trustworthy entity in an electronic communication. 

In Phishing Awareness Part I, you will learn about social engineering attacks, types of attacks, attacks techniques, and telltale signs of phishing attacks providing employees with deep knowledge of social engineering attacks. The course is designed for the organizations that need to comply with the regulatory requirements, support phishing awareness campaigns, and educate employees about the impact of social engineering attacks, especially those having exposure to private data, financial data, highly sensitive, and confidential data. 

In this course, you will be asked to read through lessons, participate in learning activities, and partake in knowledge checks designed to reinforce learning followed by the end of the course final assessment.
  • Course ID: CS00103
  • Duration: 60 mins
  • CPE: 1 HR
  • Course Type: e-Learning
  • Price: $31.98
Course Details

What you will learn:

  • Learn about Social Engineering Attacks
  • Social engineering attack techniques
  • Steps in social engineering attack
  • Types of Social Engineering Attacks
  • Phishing attacks
  • Telltale signs of phishing attacks
  • Detection, Identification, and Tips to Keep You From Being Fooled
  • Spear Phishing• Detection telltale signs
  • Use cases and phihsing attack detection exercises

System & Organization Controls (SOC) Part I

Objective

SOC stands for “System and Organization Controls” and is the agreed upon control procedures set by the American Institute of Certified Public Accountants (AICPA). 
These defined set of controls are a series of standards or benchmarks designed to help measure how well a given service organization conducts and regulates its information. The training is focused on the "Do it yourself" ("DIY") concept.  The  SOC cybersecurity DIY training series is designed to educate learners in implementing SOC. 

The training will help organizations to have in-house skill and end to end knowledge in deciding the type of certification, type of documentation, type of skills and type of controls required to certify. Part I is about basic understanding of SOC1, SOC2 and SOC3; SOC2 driving factors; difference between Type I and Type II SOC cybersecurity; factors driving the audit scope; foundation of SOC report; and trust service principles. 

In this course, you will be asked to read through lessons, participate in learning activities, and partake in knowledge checks designed to reinforce learning followed by the end of the course final assessment.

SOC for Cybersecurity Part II

SOC for Cybersecurity Part III

SOC for Cybersecurity Part IV

SOC for Cybersecurity Part V

SOC for Cybersecurity Part VI

SOC for Cybersecurity Part VII
  • Course ID: CO00501
  • Duration: 60 mins
  • CPE: 1 HR
  • Course Type: e-Learning
  • Price: $31.98
Course Details

What you will learn:

  • Learn about the System and Organization Controls (SOC) cybersecurity - SOC 1, SOC 2 and SOC3
  • Understand the businesses that should think about SOC 2
  • Learn about the driving factors for SOC compliance
  • Learn how SOC 2 is different from SOC 1 and other compliance frameworks
  • Understand the difference between a Type I and Type II audit
  • Learn to decide the type of SOC report the organizations needs to have
  • Learn about the factors driving the audit scope
  • Understand the foundation of SOC 1®, SOC 2®, and SOC 3® Reports
  • Learn about the SOC 2® and SOC 3® Trust Services Principles

System & Organization Controls (SOC) Part II

Objective

SOC stands for “System and Organization Controls” and is the agreed-upon control procedures set by the American Institute of Certified Public Accountants (AICPA). These defined set of controls are a series of standards or benchmarks designed to help measure how well a given service organization conducts and regulates its information. The training is focused on the "Do it yourself" ("DIY") concept.  The  SOC DIY training series is designed to educate learners in implementing SOC.   Part II explains the SOC2 audit requirements, who can perform the audit, and applying relevant SSAE 18 standards.

The training will help organizations to have the in-house skill and end-to-end knowledge in deciding the type of certification, type of documentation, type of skills, and type of controls required to certify. You will learn about SOC 1, SOC 2, SOC 3, SOC 2 +, SOC for Cyber Security, SOC for Supply Chain, and SOC 2 + Additional Subject Matter Reports as well as the scope and use of these reports. The study contains case studies for SOC for Cyber Security and SOC for the supply chain. You will learn about mapping Trust Service Criteria to other standards and frameworks.

In this course, you will be asked to read through lessons, participate in learning activities, and partake in knowledge checks designed to reinforce learning followed by the end of the course final assessment.

SOC for Cybersecurity Part I

SOC for Cybersecurity Part III

SOC for Cybersecurity Part IV

SOC for Cybersecurity Part V

SOC for Cybersecurity Part VI

SOC for Cybersecurity Part VII
  • Course ID: CO00502
  • Duration: 60 mins
  • CPE: 1 HR
  • Course Type: e-Learning
  • Price: $31.98
Course Details

What you will learn:

  • SOC evolution
  • Learn about SOC 2 audit and who can perform the audit
  • Learn how to apply relevant SSAE 18 AICPA Standards
  • SOC 1, SOC 2, SOC 3, SOC 2 +, SOC for Cyber Security and SOC for Supply Chain Reports
  • Understand scope and use 
  • Learn about the purpose and relevant standards 
  • Learn about the subject matter and components of the report 
  • Understand the use case for SOC for Cyber Security and SOC for Supply Chain
  • Learn about SOC 2 + Additional Subject Matter Reports
  • Learn the about TSC Mapping to Standards and Frameworks

System & Organization Controls (SOC) Part III

Objective

SOC stands for “System and Organization Controls” and is the agreed upon control procedures set by the American Institute of Certified Public Accountants (AICPA). 
These defined set of controls are a series of standards or benchmarks designed to help measure how well a given service organization conducts and regulates its information. The training is focused on "Do it yourself" ("DIY") concept.  T

he  SOC DIY training series is designed to educate learner in implementing SOC. The training will help organizations to have in-house skill and end to end knowledge in deciding the type of certification, type of documentation, type of skills and type of controls required to certify. The Part III provides in-depth knowledge of Trust Service, Criteria, Common Criteria and Supplemental criteria. You will learn to select the Trust Service Criteria for your organization, understand the underlying expectations under each Trust Service Criteria and  the importance of Security criteria and why it is mandatory.

In this course, you will be asked to read through lessons, participate in learning activities, and partake in knowledge checks designed to reinforce learning followed by the end of the course final assessment.


SOC for Cybersecurity Part I

SOC for Cybersecurity Part II

SOC for Cybersecurity Part IV

SOC for Cybersecurity Part V

SOC for Cybersecurity Part VI

SOC for Cybersecurity Part VII
  • Course ID: CO00503
  • Duration: 60 mins
  • CPE: 1 HR
  • Course Type: e-Learning
  • Price: $31.98
Course Details

What you will learn:

  • SOC evolution
  • Learn about SOC Report Options
  • In-depth knowledge of:
  • Trust Service Criteria
  • Common Criteria
  • Supplemental Criteria
  • Point of Focus
  • Learn to select the Trust Service Criteria for your organization
  • Understand the underlying expectations under each Trust Service Criteria
  • Understand the importance of Security criteria and why it is mandatory

System & Organization Controls (SOC) Part IV

Objective

SOC stands for “System and Organization Controls” and is the agreed-upon control procedures set by the American Institute of Certified Public Accountants (AICPA).  These defined set of controls are a series of standards or benchmarks designed to help measure how well a given service organization conducts and regulates its information. The training is focused on the "Do it yourself" ("DIY") concept.  The  SOC DIY training series is designed to educate learners in implementing SOC. 

The training will help organizations to have the in-house skill and end-to-end knowledge in deciding the type of certification, type of documentation, type of skills, and type of controls required to certify. Part IV provides practical implementation knowledge of Common Criteria and Supplemental Criteria. You will learn about Generally Accepted Privacy Principles (GAPP),  what’s included in the SOC report,  what’s included in Management Assertions, and Description of the System. You will also learn about the latest AICPA  guidelines -  Description Criteria 200 (DC 200).

In this course, you will be asked to read through lessons, participate in learning activities, and partake in knowledge checks designed to reinforce learning followed by the end of the course final assessment.
  • Course ID: CO00504
  • Duration: 60 mins
  • CPE: 1 HR
  • Course Type: e-Learning
  • Price: $31.98
Course Details

What you will learn:

  • Understand SOC evolution
  • Practical implementation knowledge of:
  • Common Criteria
  • Supplemental Criteria
  • Learn about Generally Accepted Privacy Principles (GAPP)
  • Understand what’s included in SOC report
  • Understand what’s included in Management Assertions and Description of the System
  • Understand the AICPA new guidelines - Description Criteria 200 (DC 200)

System & Organization Controls (SOC) Part V

Objective

SOC stands for “System and Organization Controls” and is the agreed-upon control procedures set by the American Institute of Certified Public Accountants (AICPA).  These defined set of controls are a series of standards or benchmarks designed to help measure how well a given service organization conducts and regulates its information. The training is focused on the "Do it yourself" ("DIY") concept.  The  SOC DIY training series is designed to educate learners in implementing SOC. 

The training will help organizations to have the in-house skill and end to end knowledge in deciding the type of certification, type of documentation, type of skills, and type of controls required to certify. Part V will further enhance your skills in key areas of writing system description which includes system overview, infrastructure details, relevant aspects of controls, and complementary user-entity controls. You will learn to describe the control environment, risk assessment process, information communication systems, and control monitoring process. 

In this course, you will be asked to read through lessons, participate in learning activities, and partake in knowledge checks designed to reinforce learning followed by the end of the course final assessment.
  • Course ID: CO00505
  • Duration: 60 mins
  • CPE: 1 HR
  • Course Type: e-Learning
  • Price: $31.98
Course Details

What you will learn:

  • Understand what a system description is
  • Understand the driving factors
  • Learn to write system description essentials
  • Learn to write:o System overview
  • Infrastructure details
  • Relevant Aspects of Controls
  • Complementary User-Entity Controls
  • Learn to describe the control environment, risk assessment process, information communication systems, and control monitoring process
  • Learn the step by step approach to the writing system description

System & Organization Controls (SOC) Part VI

Objective

SOC stands for “System and Organization Controls” and is the agreed-upon control procedures set by the American Institute of Certified Public Accountants (AICPA). These defined set of controls are a series of standards or benchmarks designed to help measure how well a given service organization conducts and regulates its information. The training is focused on the "Do it yourself" ("DIY") concept.  The  SOC DIY training series is designed to educate learners in implementing SOC. The training will help organizations to have the in-house skill and end-to-end knowledge in deciding the type of certification, type of documentation, type of skills, and type of controls required to certify. 


Part VI educates the user about vendor due to deligence and use of SOC2 reports. You will learn how user organizations can adopt the SOC report, identify the relevant report user organization will need from a vendor, understand the report content and different types of SOC reports. You will learn to interpret and evaluate  the SOC report content (explained with the report examples):

 - Independent Service Auditor Report

 - Management Assertions

 - Overview of Operations

 - Relevant Aspects of the Control Environment

 - Description of the System

 - Description of Control Objectives, Control, and Results of Testing

 - Complementary User Entity Controls

 - Other Information Provided by Management


In this course, you will be asked to read through lessons, participate in learning activities, and partake in knowledge checks designed to reinforce learning followed by the end of the course final assessment. 

  • Course ID: CO00506
  • Duration: 60 mins
  • CPE: 1 HR
  • Course Type: e-Learning
  • Price: $31.98
Course Details

What you will learn:

  • Learn how user organization can adopt SOC report
  • Learn to identify the relevant report user organization will need from a vendor
  • Vendor management, due diligence, and SOC report
  • Understand the report content 
  • Understand different types of SOC reports
  • Report fundamentals and report content
  • Trust service criteria
  • What’s included in the SOC report (explained with the report examples):
  • Independent Service Auditor Report
  • Management Assertions
  • Overview of Operations
  • Relevant Aspects of the Control Environment
  • Description of the System
  • Description of Control Objectives, Control, and Results of Testing
  • Complementary User Entity Controls
  • Other Information Provided by Management
  • Learn to identify the type of report vendor shared
  • Understand how to evaluate the report content

System & Organization Controls (SOC) Part VII

Objective

SOC stands for “System and Organization Controls” and is the agreed-upon control procedures set by the American Institute of Certified Public Accountants (AICPA). These defined set of controls are a series of standards or benchmarks designed to help measure how well a given service organization conducts and regulates its information. The training is focused on the "Do it yourself" ("DIY") concept.  The  SOC DIY training series is designed to educate learners in implementing SOC. The training will help organizations to have the in-house skill and end-to-end knowledge in deciding the type of certification, type of documentation, type of skills, and type of controls required to certify. 

Part VII trains the learner on how to prepare SOC Trust Service Criteria Control Documentation and  how to write corporate SOC controls using suggested controls for each service criteria and category:  
Criteria: Security, Availability, Processing Integrity, Confidentiality, Privacy 
Category: Control Environment, Communication, and Information, Risk Assessment, Monitoring Activities, Control Activities, Logical and Physical Access Controls, System Operations, Change Management, Risk Mitigation, Additional Criteria for Availability, Additional Criteria for Confidentiality, Additional Criteria for Processing Integrity, Additional Criteria for Privacy
You will learn the real-life example of how to write the controls. 

In this course, you will be asked to read through lessons, participate in learning activities, and partake in knowledge checks designed to reinforce learning followed by the end of the course final assessment.
  • Course ID: CO00507
  • Duration: 60 mins
  • CPE: 1 HR
  • Course Type: e-Learning
  • Price: $31.98
Course Details

What you will learn:

  • Learn about trust service criteria and SOC reports
  • Learn how trust service criteria is organized
  • Learn how to prepare SOC Trust Service Criteria Control Documentation 
  • Detailed understanding of requirements
  • Learn how to write controls using suggested controls for each service criteria and category
  • Security, Availability, Processing Integrity, Confidentiality, Privacy 
  • Control Environment, Communication and Information, Risk Assessment, Monitoring Activities, Control Activities, Logical and Physical Access Controls, System Operations, Change Management, Risk Mitigation, Additional Criteria for Availability, Additional Criteria for Confidentiality, Additional Criteria for Processing Integrity, Additional Criteria for Privacy
  • Study the real-life example on how to write controls