Sustainability Training the SecuRetain Way
Human vulnerability is still the top cause of cybersecurity breaches. Recent developments portend a more holistic approach to sustainable training. It is considered a long-term strategy to educate employees to upgrade their knowledge and train them for coping with ever-challenging demands.
Create a sustainable cybersecurity culture by designing a tailored cybersecurity program for people with different knowledge levels

By keeping resources from being depleted, organizations can continue to expand businesses responsibly

Track progress and course completion for yourself or an entire enterprise with the SecuRetain platform

Customize your sustainability strategy through selecting specialized courses reflecting your core strategies and policies

Use the SecuRetain platform to distribute your training content along with SecuRetain courses in your own private space
Corporations can save more than 15% by developing in-house skills. The series of courses aim to enhance end to end knowledge.
Preview e-Learning Courses
Comprehensive Sustainability based
e-Learning Courses
Key benefits include flourishing employees through knowledge sharing, effective communication, and developing a cybersecurity culture.
Learning Outcomes from Sustainability e-Learning Courses
Build a sustainable cybersecurity culture. There’s no silver bullet solution with cybersecurity; a layered defense is the only viable defense.
- Access Control
- Privileged Access Management
- Cloud Security
- Data Privacy
- Facility Workplace
- Social Engineering
- Phishing
- Risk Management
- Vendor Risk Management
- Fraud and Audit Management Series
- ISO
- FCPA
- HIPAA
- HITRUST
- SSAE 18 SOC
- FFIEC
- GDPR
- NIST
- FedRAMP
- Security Frameworks
- Incident Management
- Problem Management
- Breach Management
- Information Technology General Controls (ITGC)
- NIST Cybersecurity Framework Fundamentals
- Payment Card Industry Awareness
- Malware Ransomware Security Frameworks
- Fraud Risk Management
- Business Continuity and Disaster Recovery
SecuRetain’s Sustainability e-Learning Courses
Browse all Sustainability e-learning courses available for you on the SecuRetain platformAccess Control Awareness Part I
CS00201
Access Control Awareness Part I
What you will learn:
- Learning the access control basics
- Understanding the access control challenges
- Understanding authentication factors and multi-factor authentication.
- Developing access control policies and procedures
- Learning about access control models
- Learning about principles of access controls and types of access controls
Access Control Awareness Part II
CS00202
Access Control Awareness Part II
What you will learn:
- Learning the Access Control Models and Concepts
- Understanding the Types and Categories of Access Controls
- Understanding the Testing of Access Controls
- Learning about Access Control Attacks and Countermeasures
- Learning about Multilevel Security Models
- Learning about Authentication and Authentication Methods
- Learning about common Authentication Protocols.
Anti Money Laundering (AML) Awareness
What you will learn:
- What it is and how does it work?
- Why people and organizations launder money?
- How money laundering works: basic process
- Legal consequences for money laundering, including state and federal (U.S.) penalties
- Applicable laws and regulation
- Insider trading
Breach Notification Part I - Awareness
What you will learn:
- What is the importance of a breach notification?
- What is a data breach?
- In what circumstances would notification of a data breach be required and to whom?
- When and how should notification of a data breach be provided?
- Framework for Effective Data Breach Notification Legislation
- Timing of Notification to Affected Individuals
- Post Data Breach Immediate Action Items
- Breach Notification to Authorities
Breach Notification Part II - Advanced
What you will learn:
- Breach Management
- Effective Breach Response
- Data Breach Checklist
- Breach Notification Notice Content
- Notification Timelines
- Lifecycle of a Data Breach
- Public Relations Strategy
Business Continuity & Disaster Recovery (BCP / DR) Part I - Awareness
What you will learn:
- Disaster
- Business Continuity and Disaster Recovery
- Use Cases
- Risks Covered by DR
- Driving Factors
- Challenges in Developing DR Plan
- Technical Challenges
- Key Factors in DR Plan
Business Continuity & Disaster Recovery (BCP / DR) Part II - Awareness
What you will learn:
- Business Continuity Plan (BCP) vs Disaster Recovery (DR)
- Disaster Recovery Architecture
- Drivers for DR Architecture
- Architectural Elements
- Disaster Recovery Plan
- Backup Strategy
- Disaster Recovery Emergency Procedures
Business Continuity & Disaster Recovery (BCP / DR) Part III
What you will learn:
- BCP DR Frameworks and Standards
- What is the Framework?
- What are the different BCP frameworks?
- Frameworks Explained
- ISO 22301
- National Fire Protection Association (NFPA) 1600
- FFIEC Business Continuity
- NIST 800-34
- ISO 27301
- BCP
- Good Practice Guidelines (GPG)
- Ready Gov
- COBIT
Business Continuity & Disaster Recovery (BCP / DR) Part IV
What you will learn:
- Learn about what is a backup and recovery strategy
- Understand and learn to apply best practices for backup
- Learn eight different backup methods and backup hardware
- Understand what recovery is and learn about methods of recovery
- Learn about the challenges with recovery process and prioritization
Cloud Security Awareness
CS00102
Cloud Security Awareness
What you will learn:
- Cloud Security
- Cloud Basics - Cloud Concepts, Architecture and Design
- Cloud Service Models
- Cloud Risk Landscape
- Cloud Security Domains
- Cloud Data Security
- Cloud and AWS
- Cloud and Azure
- Cloud Application Security Basics
Data Privacy and Privacy Regulations (GDPR / CCPA) Part I
What you will learn:
- Learn about Privacy Imperative
- Understand Strategic and Tactical Drivers
- Learn about Privacy Strategy and Privacy Impact
- Understand the Private Identifiable Information (PII) and Private Health Information
- (PHI) data
- Learn about Privacy Impact Assessments
- Learn about HIPAA and HITECH
- Learn about GDPR and CCPA
- Understand the Breach Notification Requirements
Data Privacy and Privacy Regulations (GDPR / CCPA) Part II
What you will learn:
- Learn about Privacy Imperative
- Understand Strategic and Tactical Drivers
- Learn about Privacy Strategy and Privacy Impact
- Understand the Private Identifiable Information (PII) and Private Health Information
- (PHI) data
- Learn about Privacy Impact Assessments
- Learn about HIPAA and HITECH
- Learn about GDPR and CCPA
- Understand the Breach Notification Requirements
Facility Workplace Awareness Part I
What you will learn:
Facility Workplace Awareness Part II
What you will learn:
- Identify potential risk while working remotely
- Corporate data and information systems security
- Physical access control
- Email Security and practical examples
FedRAMP Fundamentals Part I
CO00801
FedRAMP Fundamentals Part I
What you will learn:
- Understand FedRAMP
- Learn about the importance of FedRAMP
- Learn the FedRAMP Strategy and Plan
- Understand FedRAMP Preparations
- Understand cloud security opportunities and FedRAMP Benefits
- Study about FedRAMP certification process
- Learn the program steps to become FedRAMP compliant
- Study the Independent Verification and Validation Requirement
- Learn about certification authorities, governance and stakeholders
FedRAMP Fundamentals Part II
CO00802
FedRAMP Fundamentals Part II
What you will learn:
- Overview of FedRAMP process
- Study about FedRAMP certification process
- Understand the FedRAMP from an agency’s perspective
- Understand the FedRAMP Standard Operating Procedures
- Learn about the initial review SOP/checklists
- Learn about the detailed review checklists
- Understand the review and approve procedure
- Understand the authorization process
FedRAMP Fundamentals Part III
CO00803
FedRAMP Fundamentals Part III
What you will learn:
- Understand the FedRAMP
- Study the FedRAMP Security Assessment Framework
- Categorize
- Select
- Implement
- Assess
- Authorize
- Monitor
- Learn about NIST Special Publications history
- Understand NIST 800-53, 800-18, 800-30, 800-37, 800-70, 800-60
- Learn about implementing NIST 800-53 Special Publications
Foreign Corrupt Practices Act (FCPA) and UK Bribery Act 2010 Part II
What you will learn:
- Overview of the FCPA
- Study the implications of the FCPA
- Learn about the enforcement and penalties
- Study the U.S. Sentencing guidelines
- Understand the SEC and DOJ FCPA guidance
- Study the DOJ and SEC hallmarks of an effective compliance program
- Learn about the DOJ’s evaluation of compliance programs
- Learn about UK Bribery Act 2010
- Study the UK Bribery Act 2010 provisions
- Study the consequences of non-compliance with the Bribery Act 2020 – Case Study
Foreign Corrupt Practices Act (FCPA) Part I - Awareness
What you will learn:
- Foreign Corrupt Practices Act (FCPA) Global Perspective
- Overview of the FCPA and UK Bribery Act
- FCPA Key Concepts
- Anything of Value
- Foreign Officials
- Persons Subject to the FCPA
- Implications of the FCPA
- Consequences of Non-Compliance
- Enforcement and Penalties
- Effective Compliance Program & amp; Red Flags
- DOJ’s Evaluation of Compliance Programs
Fraud Management Part I
FR00101
Fraud Management Part I
What you will learn:
- Understand Fraud and Examples of Fraud
- Understand the Different Types of Fraud
- The Scale of the Problem
- Learn about Fraud Triangle Components
- Understand the Fraud Tree
- Learn about Factors Contributing to Fraudulent Behavior or Why People Commit Fraud
- Learn about Who Commits Fraud
- Knowledge of Common Fraud Schemes
- Understand Fraud Response
- Management Preventive Steps
Fraud Management Part II
FR00102
Fraud Management Part II
What you will learn:
- Understand Fraud Basics
- Learn Fraud Risk Management Basics
- Understand How to Document Roles and Responsibilities
- Understand the Objectives of Fraud Risk Management Program
- Learn How to Develop a Fraud Risk Management Program
- Understand Fraud Risk Management Framework Basics
- Understand the Importance of Fraud Risk Governance
- Learn How to Plan for Fraud Risk Assessments
- Learn About Effective Fraud Risk Assessment Requirements
Fraud Management Part III
FR00103
Fraud Management Part III
What you will learn:
- Learn How to Develop the Fraud Risk Management Program
- Learn How to Plan for Fraud Risk Assessments
- Learn How to Execute Fraud Risk Assessments
- Section I - Fraud Risk Assessment Framework
- Step 1 - Identify Potential Inherent Fraud Risks
- Step 2 - Assess the Likelihood and Impact
- Step 3 - Evaluate Department Likely to Commit Fraud
- Section II - Analysis
- Section III - Reporting the Results
- Understand Fraud Risk Assessment with Practical Examples
- Learn about Prevention, Detection, and Respond Programs for Fraud
- Understand Antifraud Strategy Key Elements
- Learn about Sound Internal Control System Requirements
- Understand Typical Features of the Practical and User-Friendly Hotline and Whistleblower Program
- Learn about Investigations Basics, Enforcement, and Corrective Actions
Fraud Management Part IV
FR00104
Fraud Management Part IV
What you will learn:
Understandingthe importance of:
- Culture
- Toneat the top
- Codeof ethics
- Learnabout different fraud case laws associated with culture, tone at the top, andcode of ethics
- Learnabout global regulations and fraud
- Understandthe regulatory requirements
Fraud Management Part V
FR00105
Fraud Management Part V
What you will learn:
- Understand the fraud triangle, fraud diamond, and 10-80-10 rule
- Gain knowledge of fraud tree, occupational fraud, and abuse categories
- Learn about corruption, asset misappropriations, and fraudulent financial reporting schemes
- Detailed knowledge of fraud classification categories, subcategories, fraud schemes, and methods used by perpetrators
- Study check fraud, electronic payment tampering, credit card schemes, and financial institution fraud
- To enhance the knowledge of how to catch the perpetrators study section Fraud Management Part VI. The Part VI explains the fraud tree with case law associated with each classification, category, subcategory, and fraud schemes.
Fraud Management Part VI A
FR00106
Fraud Management Part VI A
What you will learn:
- Fraud tree schemes explained step by step with the help of case studies and case laws associated with each classification, category, subcategory, and fraud schemes
- Learn about fraud prevention programs for each classification
- Understand fraud tree, occupational fraud, and abuse categories
- Learn about corruption and financial statement fraud financial reporting schemes
- Understand fraud classification categories, subcategories, fraud schemes, and methods used by perpetrators
Fraud Management Part VI B
FR00107
Fraud Management Part VI B
What you will learn:
- Fraud tree schemes explained step by step with the help of case studies and case laws associated with each classification, category, subcategory, and fraud schemes
- Learn about fraud prevention programs for each classification
- Understand fraud tree, occupational fraud, and abuse categories
- Study the asset misappropriations caselaws, schemes and prevention guidance
- Understand fraud classification categories, subcategories, fraud schemes, and methods used by perpetrators
Fraud Management Part VII
FR00108
Fraud Management Part VII
What you will learn:
- Understand the fraud perpetrator characteristics
- Understand how to identify fraud in an organization
- Understand what are the red flags and how to identify them
- Learn to categorize the red flags
- Learn to rank red flags per fraud triangle components and fraud tree
- Learn how to identify corruption red flags and detect corruption fraud
- Learn how to identify financial statement fraud red flags and detect financial statement fraud
Fraud Management Part VIII
FR00109
Fraud Management Part VIII
What you will learn:
- Asset Misappropriation -->Cash -->Theft of Cash on Hand
- Asset Misappropriation -->Cash -->Theft of Cash Receipts
- Asset Misappropriation -->Cash -->Fraudulent and Disbursement -->Billing Schemes
- Asset Misappropriation -->Cash -->Fraudulent and Disbursement -->Payroll Schemes
- Asset Misappropriation -->Cash -->Fraudulent and Disbursement -->Expense Reimbursement Schemes
- Asset Misappropriation -->Cash -->Fraudulent and Disbursement -->Check Tampering
- Asset Misappropriation -->Cash -->Fraudulent and Disbursement -->Register Disbursements
- Asset Misappropriation -->Inventory and All Other Assets -->Misuse
- Asset Misappropriation -->Inventory and All Other Assets -->Larceny
General Data Protection Regulation (GDPR) Part II
What you will learn:
- Learn about data Subject Rights
- Learn about Accountability and Governance principle
- Understand Privacy by Design
- Learn about the Data Protection Officer Role
- Study the privacy Codes of Conduct principle
- Understand Data Protection Impact Assessments (DPIA)
General Data Protection Regulation (GDPR) Part III
What you will learn:
- Learn about the Data Protection Officer’s (DPO) – Appointing DPO, DPO responsibilities, etc.
- Learn how to implement GDPR security principal requirements
- Understand rules related to international transfers
- Learn about exemptions rules
- Learn about GDPR data breach communication requirements
- Understand the penalties for violation of GDPR requirements
- Study the principles applicable to use of data for law enforcement purposes
- Learn how to protect children data and GDPR requirements
- Study the GDPR 10 step compliance checklist
General Data Protection Regulation (GDPR) Part IV
What you will learn:
- Understand the GDPR articles
- Learn the 10 steps compliance checklist
- Study the GDPR implementation approach
- Learn how to prepare for the project and key concepts
- Learn about data mapping
- Study the readiness assessment, gap assessment, and privacy assessment process
- Learn about data protection by design and by default a key concept
- Learn to implement data subject rights
- Understand the Data Protection Impact Assessment (DPIA) Process
- Learn to amend third-party contracts and review third party procedures
- Study the different steps to ensure the security of personal and sensitive data
- Understand how to handle data breaches
- Study the GDPR compliance audit and training requirement
Health Insurance Portability and Accountability Act (HIPAA) Awareness
What you will learn:
- Learn about HITECH and HIPAA compliance
- The Security Rule, The Privacy Rule, The Breach Notification Rule, Omnibus
- Rule. Chapter 181, Texas Medical Records Privacy Act
- Understand How Health Care Privacy Laws affect your organization
- Understand HIPAA IT Security Risk Assessment
- Learn about Administrative, Technical and Physical Safeguards
- Learn about Covered Entities
- Learn about Use and Disclosure of PHI
- Understand How HIPAA and HITECH are Related
- Learn about HITECH and Breach Notification
HITRUST Part I - Foundation
CO00601
HITRUST Part I - Foundation
What you will learn:
- Understand HITRUST basics
- Learn about HITRUST framework
- Understand the HITRUST driving factors
- Study the HITRUST maturity model
- Understand the HITRUST certification scoring model
- Learn about the implementation and certification process
- Study how to certify
- Understand the criteria for HITRUST certification
HITRUST Part II - Implementation
CO00602
HITRUST Part II - Implementation
What you will learn:
- Understand what is HITRUST
- Learn about the HITRUST CSF components
- Learn how to calculate HITRUST scores
- Understand the steps in certification plan and plan considerations
- Understand HITRUST Implementation Planning use case and learn to implement
- Learn to calculate risk rating as per HITRUST
- Understand the corrective action plan (CAP) and documentation
- Learn how to calculate the CAP risk rating and prioritization
Incident Management Part I - Awareness
What you will learn:
- Brief about Incident and Incident Management (IM)
- Incident Management Objectives
- What is a Security Incident Management?
- Incident, Problem, and Service Request
- Incident Management Key Concepts
- Incident Management Process and ITIL
- Incident Management Process Workflow Examples
- Incident Management Process
- Incident Management Process Steps Discussed in Detail
Incident Management Part II - Advanced
What you will learn:
- Learn about Incident and Incident Management (IM)
- Understand Critical Success Factors (CSF)
- Understand Key Performance Indicators (KPI) Specific to Incident Management
- Understand Other Process Interfacing with Incident Management
- Learn about ITIL Framework Based Incident Management Process Workflow
- Implementing Incident Management - Detailed Guidance
Incident Management Part III - Cyber Security Incident Response Team (CSIRT)
What you will learn:
- Understand how to use code of practice ISO 27002
- Learn about ISMS mandatory processes and documentation
- Learn about risk assessment, risk treatment plans, statement of applicability
- Learn about ISO 27001 Annex A controls and requirements
Information Security and Privacy Awareness
What you will learn:
- Learn How to Protect Information
- Understand the Key Security Terms
- Learn about Insider Risk
- Learn about Privately Identifiable Information and Privately Healthcare Information
- Learn about Physical Security, Facility Security and Clean Desk Policies
- Learn about Social Engineering and Phishing
- Learn about Acceptable Personal Use of Corporate Property and Email
- Learn about Malicious Software and Incident Reporting
- Learn about User Id and Password Protection
- Understand Your Responsibility as a User
Information Security Management System (ISMS / ISO 27001) Part I
What you will learn:
Understand what information and information security is
Understand how to secure information
Know about ISO 27000 compliance family
Learn about ISO 27001and ISO 27002 and benefits of compliance
Learn about ISO 27001 certification and standard
Introduction to implementing ISMS and ISO 27001
Learn about ISMS mandatory processes and documentation
Introduction to ISO 27001 certification Annex A controls Checklist
Information Security Management System (ISMS / ISO 27001) Part II
What you will learn:
- Understand the need for ISMS
- Learn about ISO 27001certification and ISMS Mandatory Process
- Introduction to implementing ISMS
- Learn how to implement ISO 27001 ISMS 11 Step Program
- Step by Step Guide on implementing ISMS program
- Learn the practical examples and study the documentation samples
- Learn about ISO 27001 Annex A Controls Checklist 14 Domains and 35 Control Objectives
- ISMS Part III includes implementation details for each control objective along guidance
Information Technology General Controls (ITGC) Part I
What you will learn:
- Study the Sarbanes-Oxley Act (SOX)
- Learn about the COSO framework and its relationship with SOX
- Learn about SOX and Corporate Governance requirements
- Study the internal controls
- Understand the relevance of IT controls for SOX compliance
- Understand the fundamentals of ITGC
- Study the types of IT controls
- Study the general IT process controls and controls testing
Information Technology General Controls (ITGC) Part II - COSO Framework
What you will learn:
- Learn about Information Technology General Controls (ITGCs) basics
- Study the IT and Risk Control Approach
- Learn to evaluate IT General Controls
- Learn about Auditing Security Administration Controls
- Learn about Auditing Maintenance Controls
- Learn about Auditing Computer Operations Controls
- Learn about Auditing Systems Development Controls
- Learn about Auditing Outsourced Services Controls
- Study the Key Considerations for Effective SOX Testing
Information Technology General Controls (ITGC) Part III
What you will learn:
- Understand IT Governance considerations in SOX compliance
- Understand Activity/Process Level Considerations in General Control Issues
- Learn about evaluating security administration controls
- Understand the SOX requirement for:
- Application change controls
- Data Backup and Recovery
- Systems Development Life Cycle (SDLC)
- Outsourcing Financial Applications
- Learn about the Role of Application and Data-Owner Processes
- Understand the application level control considerations
- Understand the process level control considerations
Malware Ransomware Awareness
CS00105
Malware Ransomware Awareness
What you will learn:
- How do you get malware?
- What malware is and why it is dangerous
- Become familiar with different types of malware and how users can identify them
- How can you tell if you have a malware infection?
- Understand how most malware requires human action to infect a computer
- How to protect against malware?
- How people can avoid malware and what to do (and not to do) if this ever happens
National Institute of Standards and Technology (NIST) Part I
What you will learn:
- Learn about CSF fundamentals
- Learn how to develop a risk-based cybersecurity framework
- Understand the CSF framework core and design
- In-depth knowledge on how to use functions, categories, and subcategories
- Use of risk management principles, best practices, and methodologies
- Understand the CSF implementation tiers and implementation
- Learn about framework profile implementation
- Learn about improving resilience
National Institute of Standards and Technology (NIST) Part II
What you will learn:
- Learn about CSF fundamentals
- Learn how to establish or improve your cybersecurity program
- Understand the NIST CSF concept and how to implement with the help of case study
- Understand the practical application of CSF framework’s core, design, functions, categories, and subcategories
- Detailed knowledge of functions, categories, and subcategories along with
- informative references from COBIT, ISA, NIST SP 800-53, CIS CSC, ISO 27001, etc.
Payment Card Industry (PCI) Awareness
What you will learn:
- Need for PCI DSS training
- PCI data security
- Relationship between PCI DSS and PA DSS
- PCI DSS scope
- PCI DSS requirement explained with examples
- Control costs and gain tangible, real-world insights on best practices
- Understand PCI compliance before going through an assessment
- Apply PCI DSS security principles across business
Privileged Access Management (PAM) Part I
What you will learn:
- Privileged Access Management Overview
- Learn about privileges and how are they created, granted, etc.
- Learn about privileged accounts
- Understand the types of privileged accounts
- Study the privileged service accounts
- Learn about privilege related risks and challenges
- Learn about privileged threat vectors – external and internal
- Understand the benefits of privileged access management
- Learn how hackers compromise the privileged accounts.
- Study the privilege access management best practices
Privileged Access Management (PAM) Part II
What you will learn:
- Learn about privileges and how are they created, granted, etc.
- Learn about the capabilities of PAM software.
- Study the PAM security controls.
- Learn about the PAM solution partner considerations.
- Study about the PAM baseline and ongoing Improvements.
- Study the considerations for selection of PAM.
- Learn hot to protect privileged accounts.
Privileged Access Management (PAM) Part III
What you will learn:
- PAM as a Directive
- Five Steps Toward a Successful PAM Implementation
- Governance
- The Four Pillars of PAM
- Pillar No. 1: Track and Secure Every Privileged Account
- Pillar No. 2: Govern and Control Access
- Pillar No. 3: Record and Audit Privileged Activity
- Pillar No. 4: Operationalize Privileged Tasks
- How PAM Is Implemented / Key Solutions
Problem Management Part I - Awareness
What you will learn:
- Understand incident vs. problems
- Understand quick fix and permanent problem resolution
- Key definitions and basic concepts for problem management
- Decide whether you need to implement problem control
- Key process activities of the problem management process
- Understand workarounds and solutions
- Developing problem management policy
- Learn about problem management process interfaces
- Critical success factors and key performance indicators
Problem Management Part II - Advanced
What you will learn:
- Understand basic concepts of problem management
- Learn about the roles and responsibilities associated with the problem
- management process
- Understand the input that triggers the problem management process
- Planning for problem management process implementation and training
- Understand the problem management process implementation guide (step by step approach)
- Understand process inputs and outputs
- Learn about problem management reporting
- Understand the problem management checklist
- Understand the activities and documentation
Risk Assessment Awareness Part I
RM00103
Risk Assessment Awareness Part I
What you will learn:
- Risk Identification – Learn to identify risk
- Risk Assessment - How to assess risk?
- Risk Analysis – How to analyze risk?
- Controls – Learn to develop controls
- Risk Treatment – How to treat risk?
- Risk Management Elements – What are the risk management elements?
- Risk Monitoring – How to monitor risk?
- Risk Management Approach – Learn the process?
- Issue Management Remediation
Security Framework Awareness
CS00108
Security Framework Awareness
What you will learn:
- Understand What is a Framework
- Understand What is an Information Security Framework
- Learn about Types of Security Frameworks
- Learn about Compliance Regulations and Frameworks
- Understand Factors Driving Security Frameworks
- Learn about Various Security Frameworks - ISO, COBIT, NIST, ITIL, COSO, NERC, TY
- CYBER, HITRUST, CSF
- Understand the Business Benefits of Security Frameworks
Social Engineering & Phishing Part II - Advanced
What you will learn:
- Learn about Ten Different Types of Phishing Attacks
- Understand the Characteristics of Phishing Emails
- Understand Common Methods of Phishing Attacks
- Learn about Escalation and Containment
- Learn about Eradication and Rebuilding
- Learn about Recovery and Aftermath
Social Engineering & Phishing Part I - Awareness
What you will learn:
- Learn about Social Engineering Attacks
- Social engineering attack techniques
- Steps in social engineering attack
- Types of Social Engineering Attacks
- Phishing attacks
- Telltale signs of phishing attacks
- Detection, Identification, and Tips to Keep You From Being Fooled
- Spear Phishing• Detection telltale signs
- Use cases and phihsing attack detection exercises
System & Organization Controls (SOC) Part I
What you will learn:
- Learn about the System and Organization Controls (SOC) cybersecurity - SOC 1, SOC 2 and SOC3
- Understand the businesses that should think about SOC 2
- Learn about the driving factors for SOC compliance
- Learn how SOC 2 is different from SOC 1 and other compliance frameworks
- Understand the difference between a Type I and Type II audit
- Learn to decide the type of SOC report the organizations needs to have
- Learn about the factors driving the audit scope
- Understand the foundation of SOC 1®, SOC 2®, and SOC 3® Reports
- Learn about the SOC 2® and SOC 3® Trust Services Principles
System & Organization Controls (SOC) Part II
What you will learn:
- SOC evolution
- Learn about SOC 2 audit and who can perform the audit
- Learn how to apply relevant SSAE 18 AICPA Standards
- SOC 1, SOC 2, SOC 3, SOC 2 +, SOC for Cyber Security and SOC for Supply Chain Reports
- Understand scope and use
- Learn about the purpose and relevant standards
- Learn about the subject matter and components of the report
- Understand the use case for SOC for Cyber Security and SOC for Supply Chain
- Learn about SOC 2 + Additional Subject Matter Reports
- Learn the about TSC Mapping to Standards and Frameworks
System & Organization Controls (SOC) Part III
What you will learn:
- SOC evolution
- Learn about SOC Report Options
- In-depth knowledge of:
- Trust Service Criteria
- Common Criteria
- Supplemental Criteria
- Point of Focus
- Learn to select the Trust Service Criteria for your organization
- Understand the underlying expectations under each Trust Service Criteria
- Understand the importance of Security criteria and why it is mandatory
System & Organization Controls (SOC) Part IV
What you will learn:
- Understand SOC evolution
- Practical implementation knowledge of:
- Common Criteria
- Supplemental Criteria
- Learn about Generally Accepted Privacy Principles (GAPP)
- Understand what’s included in SOC report
- Understand what’s included in Management Assertions and Description of the System
- Understand the AICPA new guidelines - Description Criteria 200 (DC 200)
System & Organization Controls (SOC) Part V
What you will learn:
- Understand what a system description is
- Understand the driving factors
- Learn to write system description essentials
- Learn to write:o System overview
- Infrastructure details
- Relevant Aspects of Controls
- Complementary User-Entity Controls
- Learn to describe the control environment, risk assessment process, information communication systems, and control monitoring process
- Learn the step by step approach to the writing system description
System & Organization Controls (SOC) Part VI
What you will learn:
- Learn how user organization can adopt SOC report
- Learn to identify the relevant report user organization will need from a vendor
- Vendor management, due diligence, and SOC report
- Understand the report content
- Understand different types of SOC reports
- Report fundamentals and report content
- Trust service criteria
- What’s included in the SOC report (explained with the report examples):
- Independent Service Auditor Report
- Management Assertions
- Overview of Operations
- Relevant Aspects of the Control Environment
- Description of the System
- Description of Control Objectives, Control, and Results of Testing
- Complementary User Entity Controls
- Other Information Provided by Management
- Learn to identify the type of report vendor shared
- Understand how to evaluate the report content
System & Organization Controls (SOC) Part VII
What you will learn:
- Learn about trust service criteria and SOC reports
- Learn how trust service criteria is organized
- Learn how to prepare SOC Trust Service Criteria Control Documentation
- Detailed understanding of requirements
- Learn how to write controls using suggested controls for each service criteria and category
- Security, Availability, Processing Integrity, Confidentiality, Privacy
- Control Environment, Communication and Information, Risk Assessment, Monitoring Activities, Control Activities, Logical and Physical Access Controls, System Operations, Change Management, Risk Mitigation, Additional Criteria for Availability, Additional Criteria for Confidentiality, Additional Criteria for Processing Integrity, Additional Criteria for Privacy
- Study the real-life example on how to write controls
The Federal Financial Institutions Examination Council (FFIEC) Part I - Awareness
What you will learn:
- What is FFIEC?
- Learn about FFIEC Cybersecurity Priorities
- Understand FFFIEC CAT Inherent Risk Profile Assessment Categories
- Understand FFIEC Risk Levels• Learn about Inherent Risk Categories and Ratings
- Understand in detail the FFIEC CAT Maturity Assessment Categories
- Domain 1: Cyber Risk Management and Oversight
- Domain 2: Threat Intelligence and Collaboration
- Domain 3: Cybersecurity Controls
- Domain 4: External Dependency Management
- Domain 5: Cyber Incident Management and Resilience Domains, Assessment
- Factors, Components, and Declaration
The Federal Financial Institutions Examination Council (FFIEC) Part II
What you will learn:
- Role of internal audit in FFIEC risk and maturity
- Understand FFIEC maturity levels
- Learn on how to interpret and analyze assessment results
- Complete case study to provide in-depth understanding and application of principles
- How to calculate risk for technology and connection type
- How to create rating summary
- Learn how to create an inherent risk profile
- Understand cybersecurity maturity level calculation
- Learn to document maturity results based on the maturity input
- Learn to prepare target maturity and maturity result charts
- Learn to prepare a chart of components
- Learn to develop roles and responsibilities of the internal audit function
- Learn to evaluate the cybersecurity maturity assessment
Vendor (Third Party) Risk Management Part I - Awareness
What you will learn:
- What is vendor/third-party risk management (TPRM)?
- What are third parties?
- What are the common concerns of TPRM?
- Why perform a third-party risk assessment?
- What are the factors driving third-party risk assessment?
- Why do I need a Third-party Risk Management Framework?
- Why do I need a TPRM framework?
Vendor (Third Party) Risk Management Part II - Framework Development
What you will learn:
- Why do Organizations need a TPRM framework?
- What are the third-party risk categories and common third-party risks?
- What are the Best Practices for a TPRM Framework?
- What are the TPRM Framework Considerations?
- How to build a TPRM framework?
- How to implement a TPRM framework?