Energy Industry

What you will learn:

• Learning the access control basics
• Understanding the access control challenges
• Understanding authentication factors and multi-factor authentication.
• Developing access control policies and procedures
• Learning about access control models
• Learning about principles of access controls and types of access controls

What you will learn:

• Learning the Access Control Models and Concepts
• Understanding the Types and Categories of Access Controls
• Understanding the Testing of Access Controls
• Learning about Access Control Attacks and Countermeasures
• Learning about Multilevel Security Models
• Learning about Authentication and Authentication Methods
• Learning about common Authentication Protocols.

What you will learn:

• What is the importance of a breach notification?
• What is a data breach?
• In what circumstances would notification of a data breach be required and to whom?
• When and how should notification of a data breach be provided?
• Framework for Effective Data Breach Notification Legislation
• Timing of Notification to Affected Individuals
• Post Data Breach Immediate Action Items
• Breach Notification to Authorities

What you will learn:

• Breach Management
• Effective Breach Response
• Data Breach Checklist
• Breach Notification Notice Content
• Notification Timelines
• Lifecycle of a Data Breach
• Public Relations Strategy

What you will learn:

• Disaster
• Business Continuity and Disaster Recovery
• Use Cases
• Risks Covered by DR
• Driving Factors
• Challenges in Developing DR Plan
• Technical Challenges
• Key Factors in DR Plan

What you will learn:

• Business Continuity Plan (BCP) vs Disaster Recovery (DR)
• Disaster Recovery Architecture
• Drivers for DR Architecture
• Architectural Elements
• Disaster Recovery Plan
• Backup Strategy
• Disaster Recovery Emergency Procedures

What you will learn:

• BCP DR Frameworks and Standards
• What is the Framework?
• What are the different BCP frameworks?
• Frameworks Explained
• ISO 22301
• National Fire Protection Association (NFPA) 1600
• FFIEC Business Continuity
• NIST 800-34
• ISO 27301
• BCP
• Good Practice Guidelines (GPG)
• Ready Gov
• COBIT

What you will learn:

• Learn about what is a backup and recovery strategy
• Understand and learn to apply best practices for backup
• Learn eight different backup methods and backup hardware
• Understand what recovery is and learn about methods of recovery
• Learn about the challenges with recovery process and prioritization

What you will learn:

• Cloud Security
• Cloud Basics - Cloud Concepts, Architecture and Design
• Cloud Service Models
• Cloud Risk Landscape
• Cloud Security Domains
• Cloud Data Security
• Cloud and AWS
• Cloud and Azure
• Cloud Application Security Basics

What you will learn:

• Learn about Privacy Imperative
• Understand Strategic and Tactical Drivers
• Learn about Privacy Strategy and Privacy Impact
• Understand the Private Identifiable Information (PII) and Private Health Information
• (PHI) data
• Learn about Privacy Impact Assessments
• Learn about HIPAA and HITECH
• Learn about GDPR and CCPA
• Understand the Breach Notification Requirements

What you will learn:

• Learn about Privacy Imperative
• Understand Strategic and Tactical Drivers
• Learn about Privacy Strategy and Privacy Impact
• Understand the Private Identifiable Information (PII) and Private Health Information
• (PHI) data
• Learn about Privacy Impact Assessments
• Learn about HIPAA and HITECH
• Learn about GDPR and CCPA
• Understand the Breach Notification Requirements

What you will learn:

What you will learn:

• Identify potential risk while working remotely
• Corporate data and information systems security
• Physical access control
• Email Security and practical examples

What you will learn:

• Understand Fraud and Examples of Fraud
• Understand the Different Types of Fraud
• The Scale of the Problem
• Learn about Fraud Triangle Components
• Understand the Fraud Tree
• Learn about Factors Contributing to Fraudulent Behavior or Why People Commit Fraud
• Learn about Who Commits Fraud
• Knowledge of Common Fraud Schemes
• Understand Fraud Response
• Management Preventive Steps

What you will learn:

• Understand Fraud Basics
• Learn Fraud Risk Management Basics
• Understand How to Document Roles and Responsibilities
• Understand the Objectives of Fraud Risk Management Program
• Learn How to Develop a Fraud Risk Management Program
• Understand Fraud Risk Management Framework Basics
• Understand the Importance of Fraud Risk Governance
• Learn How to Plan for Fraud Risk Assessments
• Learn About Effective Fraud Risk Assessment Requirements

What you will learn:

• Learn How to Develop the Fraud Risk Management Program
• Learn How to Plan for Fraud Risk Assessments
• Learn How to Execute Fraud Risk Assessments
• Section I - Fraud Risk Assessment Framework
• Step 1 - Identify Potential Inherent Fraud Risks
• Step 2 - Assess the Likelihood and Impact
• Step 3 - Evaluate Department Likely to Commit Fraud
• Section II - Analysis
• Section III - Reporting the Results
• Understand Fraud Risk Assessment with Practical Examples
• Learn about Prevention, Detection, and Respond Programs for Fraud
• Understand Antifraud Strategy Key Elements
• Learn about Sound Internal Control System Requirements
• Understand Typical Features of the Practical and User-Friendly Hotline and Whistleblower Program
• Learn about Investigations Basics, Enforcement, and Corrective Actions

What you will learn:

• Learn about data Subject Rights
• Learn about Accountability and Governance principle
• Understand Privacy by Design
• Learn about the Data Protection Officer Role
• Study the privacy Codes of Conduct principle
• Understand Data Protection Impact Assessments (DPIA)

What you will learn:

• Learn about the Data Protection Officer’s (DPO) – Appointing DPO, DPO responsibilities, etc.
• Learn how to implement GDPR security principal requirements
• Understand rules related to international transfers
• Learn about exemptions rules
• Learn about GDPR data breach communication requirements
• Understand the penalties for violation of GDPR requirements
• Study the principles applicable to use of data for law enforcement purposes
• Learn how to protect children data and GDPR requirements
• Study the GDPR 10 step compliance checklist

What you will learn:

• Understand the GDPR articles
• Learn the 10 steps compliance checklist
• Study the GDPR implementation approach
• Learn how to prepare for the project and key concepts
• Learn about data mapping
• Study the readiness assessment, gap assessment, and privacy assessment process
• Learn about data protection by design and by default a key concept
• Learn to implement data subject rights
• Understand the Data Protection Impact Assessment (DPIA) Process
• Learn to amend third-party contracts and review third party procedures
• Study the different steps to ensure the security of personal and sensitive data
• Understand how to handle data breaches
• Study the GDPR compliance audit and training requirement

What you will learn:

• Learn about HITECH and HIPAA compliance
• The Security Rule, The Privacy Rule, The Breach Notification Rule, Omnibus
• Rule. Chapter 181, Texas Medical Records Privacy Act
• Understand How Health Care Privacy Laws affect your organization
• Understand HIPAA IT Security Risk Assessment
• Learn about Administrative, Technical and Physical Safeguards
• Learn about Covered Entities
• Learn about Use and Disclosure of PHI
• Understand How HIPAA and HITECH are Related
• Learn about HITECH and Breach Notification

What you will learn:

• Brief about Incident and Incident Management (IM)
• Incident Management Objectives
• What is a Security Incident Management?
• Incident, Problem, and Service Request
• Incident Management Key Concepts
• Incident Management Process and ITIL
• Incident Management Process Workflow Examples
• Incident Management Process
• Incident Management Process Steps Discussed in Detail
  

What you will learn:

• Learn about Incident and Incident Management (IM)
• Understand Critical Success Factors (CSF) 
• Understand Key Performance Indicators (KPI) Specific to Incident Management
• Understand Other Process Interfacing with Incident Management
• Learn about ITIL Framework Based Incident Management Process Workflow
• Implementing Incident Management - Detailed Guidance

What you will learn:

• Understand how to use code of practice ISO 27002
• Learn about ISMS mandatory processes and documentation
• Learn about risk assessment, risk treatment plans, statement of applicability
• Learn about ISO 27001 Annex A controls and requirements
  

What you will learn:

• Learn How to Protect Information
• Understand the Key Security Terms
• Learn about Insider Risk
• Learn about Privately Identifiable Information and Privately Healthcare Information
• Learn about Physical Security, Facility Security and Clean Desk Policies
• Learn about Social Engineering and Phishing
• Learn about Acceptable Personal Use of Corporate Property and Email
• Learn about Malicious Software and Incident Reporting
• Learn about User Id and Password Protection
• Understand Your Responsibility as a User

What you will learn:

• Study the Sarbanes-Oxley Act (SOX)
• Learn about the COSO framework and its relationship with SOX
• Learn about SOX and Corporate Governance requirements
• Study the internal controls
• Understand the relevance of IT controls for SOX compliance
• Understand the fundamentals of ITGC
• Study the types of IT controls
• Study the general IT process controls and controls testing

What you will learn:

• Learn about Information Technology General Controls (ITGCs) basics 
• Study the IT and Risk Control Approach
• Learn to evaluate IT General Controls
• Learn about Auditing Security Administration Controls
• Learn about Auditing Maintenance Controls
• Learn about Auditing Computer Operations Controls
• Learn about Auditing Systems Development Controls
• Learn about Auditing Outsourced Services Controls
• Study the Key Considerations for Effective SOX Testing

What you will learn:

• Understand IT Governance considerations in SOX compliance
• Understand Activity/Process Level Considerations in General Control Issues
• Learn about evaluating security administration controls
• Understand the SOX requirement for:
• Application change controls
• Data Backup and Recovery
• Systems Development Life Cycle (SDLC)
• Outsourcing Financial Applications
• Learn about the Role of Application and Data-Owner Processes
• Understand the application level control considerations
• Understand the process level control considerations

What you will learn:

• How do you get malware?
• What malware is and why it is dangerous
• Become familiar with different types of malware and how users can identify them
• How can you tell if you have a malware infection?
• Understand how most malware requires human action to infect a computer
• How to protect against malware?
• How people can avoid malware and what to do (and not to do) if this ever happens

What you will learn:

• Learn about CSF fundamentals
• Learn how to develop a risk-based cybersecurity framework
• Understand the CSF framework core and design
• In-depth knowledge on how to use functions, categories, and subcategories
• Use of risk management principles, best practices, and methodologies
• Understand the CSF implementation tiers and implementation
• Learn about framework profile implementation
• Learn about improving resilience

What you will learn:

• Learn about CSF fundamentals
• Learn how to establish or improve your cybersecurity program
• Understand the NIST CSF concept and how to implement with the help of case study
• Understand the practical application of CSF framework’s core, design, functions, categories, and subcategories
• Detailed knowledge of functions, categories, and subcategories along with
• informative references from COBIT, ISA, NIST SP 800-53, CIS CSC, ISO 27001, etc.

What you will learn:

• Need for PCI DSS training
• PCI data security
• Relationship between PCI DSS and PA DSS
• PCI DSS scope
• PCI DSS requirement explained with examples
• Control costs and gain tangible, real-world insights on best practices
• Understand PCI compliance before going through an assessment
• Apply PCI DSS security principles across business

What you will learn:

• Privileged Access Management Overview
• Learn about privileges and how are they created, granted, etc.
• Learn about privileged accounts
• Understand the types of privileged accounts
• Study the privileged service accounts
• Learn about privilege related risks and challenges
• Learn about privileged threat vectors – external and internal
• Understand the benefits of privileged access management
• Learn how hackers compromise the privileged accounts.
• Study the privilege access management best practices

What you will learn:

• Learn about privileges and how are they created, granted, etc.
• Learn about the capabilities of PAM software.
• Study the PAM security controls.
• Learn about the PAM solution partner considerations.
• Study about the PAM baseline and ongoing Improvements.
• Study the considerations for selection of PAM.
• Learn hot to protect privileged accounts.

What you will learn:

• PAM as a Directive
• Five Steps Toward a Successful PAM Implementation 
• Governance
• The Four Pillars of PAM
• Pillar No. 1: Track and Secure Every Privileged Account
• Pillar No. 2: Govern and Control Access
• Pillar No. 3: Record and Audit Privileged Activity
• Pillar No. 4: Operationalize Privileged Tasks
• How PAM Is Implemented / Key Solutions

What you will learn:

• Understand incident vs. problems
• Understand quick fix and permanent problem resolution
• Key definitions and basic concepts for problem management
• Decide whether you need to implement problem control
• Key process activities of the problem management process
• Understand workarounds and solutions
• Developing problem management policy
• Learn about problem management process interfaces
• Critical success factors and key performance indicators

What you will learn:

• Understand basic concepts of problem management
• Learn about the roles and responsibilities associated with the problem
• management process
• Understand the input that triggers the problem management process
• Planning for problem management process implementation and training
• Understand the problem management process implementation guide (step by step approach)
• Understand process inputs and outputs
• Learn about problem management reporting
• Understand the problem management checklist
• Understand the activities and documentation

What you will learn:

• Risk Identification – Learn to identify risk
• Risk Assessment - How to assess risk?
• Risk Analysis – How to analyze risk?
• Controls – Learn to develop controls
• Risk Treatment – How to treat risk?
• Risk Management Elements – What are the risk management elements?
• Risk Monitoring – How to monitor risk?
• Risk Management Approach – Learn the process?
• Issue Management Remediation

What you will learn:

• Understand What is a Framework
• Understand What is an Information Security Framework
• Learn about Types of Security Frameworks
• Learn about Compliance Regulations and Frameworks
• Understand Factors Driving Security Frameworks
• Learn about Various Security Frameworks - ISO, COBIT, NIST, ITIL, COSO, NERC, TY
• CYBER, HITRUST, CSF
• Understand the Business Benefits of Security Frameworks

What you will learn:

• Learn about Ten Different Types of Phishing Attacks
• Understand the Characteristics of Phishing Emails
• Understand Common Methods of Phishing Attacks
• Learn about Escalation and Containment
• Learn about Eradication and Rebuilding
• Learn about Recovery and Aftermath

What you will learn:

• Learn about Social Engineering Attacks
• Social engineering attack techniques
• Steps in social engineering attack
• Types of Social Engineering Attacks
• Phishing attacks
• Telltale signs of phishing attacks
• Detection, Identification, and Tips to Keep You From Being Fooled
• Spear Phishing• Detection telltale signs
• Use cases and phihsing attack detection exercises

What you will learn:

• What is vendor/third-party risk management (TPRM)?
• What are third parties?
• What are the common concerns of TPRM?
• Why perform a third-party risk assessment?
• What are the factors driving third-party risk assessment?
• Why do I need a Third-party Risk Management Framework?
• Why do I need a TPRM framework?

What you will learn:

• Why do Organizations need a TPRM framework?
• What are the third-party risk categories and common third-party risks?
• What are the Best Practices for a TPRM Framework?
• What are the TPRM Framework Considerations?
• How to build a TPRM framework?
• How to implement a TPRM framework?