Cybersecurity the SecuRetain Way
Security is everyone’s responsibility. Every large organization with robust cybersecurity awareness programs has to deal with sophisticated hacking. Now it’s time for more than awareness training. Explore roles and responsibility based multi-domain training. Learn to implement Incident Management, Problem Management, Breach Management, NIST CSF, ISO 27001, and more.
Implement company wide cybersecurity training on an ongoing basis to empower employees to learn by doing rather than by simply following a set of rules
The SecuRetain courses deliver the current and future workforce with the knowledge and skills to defend against cybercrime
Reskill and upskill in cybersecurity, and track progress and course completion for yourself or an entire enterprise with SecuRetain Platform
Customize any cybersecurity courses that reflect your organization’s policies, procedures, and cyber domains
Use the SecuRetain platform to distribute your training content along with SecuRetain courses in your own private space
Corporations can save more than 15% by developing in-house skills. The series of courses aim to enhance end to end knowledge.
Preview e-Learning Courses
Comprehensive Cybersecurity Based e-Learning Courses
Beneficial for all organizations, irrespective of their size, industry, and geography. SecuRetain will help employees grow personally and professionally.
Learning Outcomes from SecuRetain’s Cybersecurity e-Learning Courses
Driving your organization’s success in cybersecurity through an immersive, compelling, and expert e-learning experience. Transform your cybersecurity talent pool with e-learning courses: Access Control, Cloud Security, Data Privacy, Security Framework, Malware Ransomware, Incident Management, Problem Management, Breach Management, IT General Controls, NIST, PCI, SOC, Data Privacy, etc. Learn to implement incident management, breach management, problem management processes using our multi-part series of courses.- Access control challenges, policies, procedures, models, types, categories, attacks, multi-level security models, and authentication
- Cloud security, security domains, service models, AWS, AZURE, and application security
- Data privacy, privacy imperative, strategic and tactical drivers, PII, PHI, HIPAA, HITECH, CCPA, GDPR, and GLBA
- Workplace facility, remote working security, physical security, badge, visitors, and devices security
- Incident Management (IM), problem or service request, management key concepts, designing IM workflows, IM process, ITIL framework, CSIRT creation, roles and responsibilities, and more
- Problem Management, incident vs. problems, quick fix vs. permanent solutions, basic concepts, implementing process. key concepts
- Breach Management, effective breach response, notification, regulatory requirements, framework for effective data breach management
- Fraud and Audit Management Series
- Information security and privacy awareness, physical security, facility security, clean desk policies, acceptable use, etc.
- Information Technology General Controls (ITGC), COSO, SOX, governance, auditing security administration, maintenance, operations, controls, SOX requirement for change controls, and DR
- NIST Cybersecurity Framework Fundamentals, in-depth knowledge on implementing functions, categories and subcategories, use of risk management principles, and practical application of framework’s core
- Payment Card Industry Awareness
- System & Organization Controls (SOC)
- Malware Ransomware Security Frameworks, types of malware, identify infection, and protection
- Social engineering and phishing, attack techniques, steps in social engineering attack, types of attacks, phishing attacks, telltale signs of phishing attacks, detection, identification, tips to keep you from being fooled, spear phishing, and detection telltale signs
SecuRetain’s Cybersecurity e-Learning Courses
Browse all Cybersecurity category courses available for you on our SecuRetain platform
To search all courses on our SecuRetain platform. Click here!
Access Control Awareness Part I
CS00201
Access Control Awareness Part I
Objective
Who should access your company’s data? How do you make sure that only authorized and authenticated users access the data? Cybersecurity starts with effective control over access to the information systems. Access control is an important security issue for businesses of all sizes. From the largest corporations employing specialized security controls to the salesperson on a service call opening their smartphone with a thumbprint, everyone encounters access control at some time during their workday. Access control prevents unauthorized access, records authorized access, protects the company from physical loss, and protects employees and customers from outside threats.The experienced and inexperienced information systems user will learn the basics and concepts of access control and its importance. The tools and techniques shared can be implemented in the access management process.
In this course, you will be asked to read through lessons, participate in learning activities, and partake in knowledge checks designed to reinforce learning, followed by the end of the course final assessment.
Course Details
What you will learn?
- Learning the access control basics
- Understanding the access control challenges
- Understanding authentication factors and multi-factor authentication.
- Developing access control policies and procedures
- Learning about access control models
- Learning about principles of access controls and types of access controls
Access Control Awareness Part II
CS00202
Access Control Awareness Part II
Objective
Who should access your company’s data? How do you make sure that only authorized and authenticated users access the data? Cybersecurity starts with effective control over access to the information systems. Access control is an important security issue for businesses of all sizes. From the largest corporations employing specialized security controls to the salesperson on a service call opening their smartphone with a thumbprint, everyone encounters access control at some time during their workday. Access control prevents unauthorized access, records authorized access, protects the company from physical loss, and protects employees and customers from outside threats.
The course will provide employees, security, risk management, compliance, audit, and management personnel with the skills and techniques necessary to embed critical thinking skills in all aspects of access control security. The tools and techniques shared can be implemented in the access management process.
In this course, you will be asked to read through lessons, participate in learning activities, and partake in knowledge checks designed to reinforce learning followed by the end of the course final assessment.
Course Details
What you will learn?
- Learning the Access Control Models and Concepts
- Understanding the Types and Categories of Access Controls
- Understanding the Testing of Access Controls
- Learning about Access Control Attacks and Countermeasures
- Learning about Multilevel Security Models
- Learning about Authentication and Authentication Methods
- Learning about common Authentication Protocols.
Breach Notification Advanced Part II
Objective
Your employees may be the first to identify a potential breach, so they must have adequate knowledge regarding how they should handle such a scenario. Your employees must also understand what steps they should take if they suspect a breach has occurred. The advanced course trains employees on the next steps instead of panicking. The training will educate employees to understand their roles and do’s and don’ts once the breach occurs.
The course also educates employees on the process of breach communication internal to the organization and very importantly communicating with outsiders. The laws require timely notification to Federal and State government authorities about the breach. The course is designed to ensure employees understand the importance of acting quickly, make sure they are aware of the basic notification rule requirements, and
the penalties for failure to comply.
In this course, you will be asked to read through lessons, participate in learning activities, and partake in knowledge checks designed to reinforce learning followed by the end of the course final assessment.
Course Details
What you will learn?
- Breach Management
- Effective Breach Response
- Data Breach Checklist
- Breach Notification Notice Content
- Notification Timelines
- Lifecycle of a Data Breach
- Public Relations Strategy
Breach Notification Awareness Part I
Objective
Your employees must also understand what steps they should take if they suspect a breach has occurred. Not all disclosures will be breaches. So, what is the difference between event, alert, incident, and breach? A (reportable) breach is the unauthorized acquisition, access, use, or disclosure of sensitive/PII/PHI information in a manner not permitted by law or regulation and which compromises the security and privacy. The laws require timely notification to Federal and State government authorities about the breach.
The course is designed to ensure employees understand the importance of acting quickly, make sure they are aware of the basic notification rule requirements, and the penalties for failure to comply.
This interactive training course will ensure professionals and practitioners at all levels understand their roles and responsibilities, new developments, resources, and hallmarks of an effective compliance program. The course includes knowledge questions as users progress through the training and the final assessment test.
Course Details
What you will learn?
- What is the importance of a breach notification?
- What is a data breach?
- In what circumstances would notification of a data breach be required and to whom?
- When and how should notification of a data breach be provided?
- Framework for Effective Data Breach Notification Legislation
- Timing of Notification to Affected Individuals
- Post Data Breach Immediate Action Items
- Breach Notification to Authorities
Cloud Security Awareness
CS00102
Cloud Security Awareness
Objective
Cloud-based services are becoming increasingly more attractive to organizations as they offer cost savings, flexibility, and increased operational efficiency. However, protecting systems, applications, and data in the cloud presents a new set of challenges for organizations to overcome. The training provides a comprehensive review of the knowledge required for understanding cloud computing and its information security risks and mitigation strategies.
In this extremely competing world of cloud and complex offering, one faces unique security challenges on an almost day-to-day basis. The course is designed to pass on the extensive knowledge the cloud computing concepts, cloud reference architecture, cloud computing security concepts, AWS and Azure Cloud security basics, etc.
This interactive training course will ensure professionals and practitioners at all levels understand their roles and responsibilities, new developments, resources, and hallmarks of an effective compliance program. The course includes knowledge questions as users progress through the training and the final assessment test.
Course Details
What you will learn?
- Cloud Security
- Cloud Basics - Cloud Concepts, Architecture and Design
- Cloud Service Models
- Cloud Risk Landscape
- Cloud Security Domains
- Cloud Data Security
- Cloud and AWS
- Cloud and Azure
- Cloud Application Security Basics
Data Privacy and Privacy Regulations Part I
Objective
Corporations should not tie privacy to just legal requirements but practice privacy as a moral and ethical obligation to safeguard individuals. Data protection ensures that your data is safeguarded from unlawful access by unauthorized parties. The data privacy courses intend to provide employees with an understanding of personal data and information, the background and principles of data protection. The data privacy awareness course provides all staff with a comprehensive overview of data privacy rules, policy, and legislation in the United States as well as EU Data protection.
The protection of US residents’ data is regulated by laws enacted on both the national and the state level. The examples of federal laws are GLBA, HIPAA, FTC, DPPA, FCRA, COPPA, TCPA, etc. States have their owns privacy laws, e.g. example, California Consumer Privacy Act (CCPA), Protections for Consumer Data Privacy, Florida Regulation of Trade, Commerce, Investments, and Solicitations, Biometric Information Privacy Act, etc.
This interactive training course will ensure professionals and practitioners at all levels understand their roles and responsibilities, new developments, resources, and hallmarks of an effective compliance program. The course includes knowledge questions as users progress through the training and the final assessment test.
Course Details
What you will learn?
- Learn about Privacy Imperative
- Understand Strategic and Tactical Drivers
- Learn about Privacy Strategy and Privacy Impact
- Understand the Private Identifiable Information (PII) and Private Health Information
- (PHI) data
- Learn about Privacy Impact Assessments
- Learn about HIPAA and HITECH
- Learn about GDPR and CCPA
- Understand the Breach Notification Requirements
Data Privacy and Privacy Regulations Part II
Objective
Corporations should not tie privacy to just legal requirements but practice privacy as a moral and ethical obligation to safeguard individuals. Data protection ensures that your data is safeguarded from unlawful access by unauthorized parties. The data privacy courses intend to provide employees with an understanding of personal data and information, the background and principles of data protection. The data privacy courses provide all staff with a comprehensive overview of data privacy rules, policy, and legislation in the United States as well as EU Data protection.
The protection of US residents’ personal data is regulated by laws enacted on both the national and the state level. The examples of Federal Laws are GLBA, HIPAA, FTC, DPPA, FCRA, COPPA, TCPA, etc. States have their owns privacy laws, for e.g., the California Consumer Privacy Act (CCPA), Protections for Consumer Data Privacy, Florida Regulation of Trade, Commerce, Investments, and Solicitations, Biometric Information Privacy Act, etc.
This interactive training course will ensure professionals and practitioners at all levels understand their roles and responsibilities, new developments, resources, and hallmarks of an effective compliance program. The course includes knowledge questions as users progress through the training and the final assessment test.
Course Details
What you will learn?
- Learn about Privacy Imperative
- Understand Strategic and Tactical Drivers
- Learn about Privacy Strategy and Privacy Impact
- Understand the Private Identifiable Information (PII) and Private Health Information
- (PHI) data
- Learn about Privacy Impact Assessments
- Learn about HIPAA and HITECH
- Learn about GDPR and CCPA
- Understand the Breach Notification Requirements
Facility Workplace Awareness Part I
Objective
Workplace safety and security is the responsibility of every employee. No workplace is immune to the threat of equipment theft, and loss of sensitive/private information, and intellectual property. Employees are often the target of these threats as well as the organization's first line of defense against them. Threats endanger the confidentiality, integrity, availability, and security of the workplace, virtual workplace, and information systems.
This course presents information on how employees can contribute to your organization's security. The effectiveness of the security program depends on communication and periodic training. The course provides a comprehensive review of the knowledge required for understanding workplace security risks and actions that need to be taken by employees.
This interactive training course will ensure professionals and practitioners at all levels understand their roles and responsibilities, new developments, resources, and hallmarks of an effective compliance program. The course includes knowledge test as users progress through the training and the final assessment test.
Course Details
What you will learn?
•Identify potential risks to workplace security
•Measures for improving workplace security
•Actions to take in response to a security situation
•Facility and Physical Security Perimeter
•Badge and Visitors Security
•Do’s and Don’ts
•Securing Devices and Data in Public
•Public Networks and Security
•Device Security
1.Laptop
2.Mobile Device Security
•Clear Desk
Facility Workplace Awareness Part II
Objective
Workplace safety and security is responsibility of every employee. Employees are increasingly working remotely using internet and emails as well as voice messaging are used for day today work. Threats endanger the confidentiality, integrity, availability, and security of workplace, virtual workplace and information systems.
Facility and Workplace Security Awareness Part II presents multiple use cases and practical examples to illustrate the workplace security challenges. The course provides a comprehensive review of the knowledge required for understanding workplace security risks and actions needs to be taken by employees.
This interactive training course will ensure professionals and practitioners at all levels understand their roles and responsibilities, new developments, resources, and hallmarks of an effective compliance program. The course includes knowledge test as users progress through the training and the final assessment test.
Course Details
What you will learn?
- Identify potential risk while working remotely
- Corporate data and information systems security
- Physical access control
- Email Security and practical examples
Incident Management Advanced Part II
Objective
Information is an ASSET which, like other important business assets, has VALUE to an organization and consequently needs to be SUITABLY protected. An ISMS is that part of the overall management system, based on a business risk approach, aims to establish, implement, operate, monitor, review, maintain and improve information security. ISO 27001 is the internationally recognized best practice framework for an Information Security Management System (ISMS). ISO/IEC 27001 is the only auditable international standard which defines the requirements for an Information Security Management System (ISMS).
The training explains how implementing a security program based on the framework can help organizations mitigate the security risk and consider the appropriate level of rigor for their cybersecurity program. It explains employees on how their organization can move from their current state to their target state with the ability to identify gap and prioritize gaps based on risk assessment.
In this course, you will be asked to read through lessons, participate in learning activities, and partake in knowledge checks designed to reinforce learning followed by the end of the course final assessment.
Course Details
What you will learn?
- Understandthe need for ISMS
- Learnabout ISO 27001certification and ISMS Mandatory Process
- Introductionto implementing ISMS
- Learnhow to implement ISO 27001 ISMS 11 Step Program
- Stepby Step Guide on implementing ISMS program
- Learnthe practical examples and study the documentation samples
- Learnabout ISO 27001 Annex A Controls Checklist 14 Domains and 35 Control Objectives
- ISMSPart III includes implementation details for each control objective alongguidance
Incident Management Awareness Part I
Objective
Information is an ASSET that, like other important business assets, has VALUE to an organization and consequently needs to be SUITABLY protected. An ISMS is that part of the overall management system, based on a business risk approach, which aims to establish, implement, operate, monitor, review, maintain, and improve information security. ISO 27001 is the internationally recognized best practice framework for an Information Security Management System (ISMS). ISO/IEC 27001 is the only auditable international standard which defines the requirements for an Information Security Management System (ISMS).
The training explains how implementing a security program based on the framework can help organizations mitigate the security risk and consider the appropriate level of rigor for their cybersecurity program. It explains to employees how their organization can move from their current state to their target state with the ability to identify gaps and prioritize gaps based on risk assessment.
In this course, you will be asked to read through lessons, participate in learning activities, and partake in knowledge checks designed to reinforce learning followed by the end of the course final assessment.
Course Details
What you will learn?
- Brief about Incident and Incident Management (IM)
- Incident Management Objectives
- What is a Security Incident Management?
- Incident, Problem, and Service Request
- Incident Management Key Concepts
- Incident Management Process and ITIL
- Incident Management Process Workflow Examples
- Incident Management Process
- Incident Management Process Steps Discussed in Detail
Incident Management Cyber Security Incident Response Team (CSIRT) Part III
Objective
Incident management (IM) is a key component of any business resiliency program. The primary focus of IM is to restore the normal operations and services as quickly as possible after an unforeseen event. IM is the process of managing the lifecycle of all incidents to ensure smooth business operations with minimal to no downtime. The program is in three parts. IM Part III is for all professionals and practitioners to help them understand their roles and how quickly an incident can escalate to become a major issue if not managed properly. Part III provides advanced knowledge in building a Cybersecurity Incident Response Team (CSIRT). The program is thorough about building a CSIRT, escalation, and adapting the CSIRT for different types of incidents. The training is supported by charts and flow diagrams along with detailed information on roles and responsibilities. This is highly recommended for organizations wanting to improve their incident management processes. The course includes knowledge questions as users progress through the training and the final assessment test. The training is focused on information technology employee growth, retention, and sustainability. In this course, you will be asked to read through lessons, participate in learning activities, and partake in knowledge checks designed to reinforce learning followed by the end of the course final assessment.
Course Details
What you will learn?
- Understand how to use code of practice ISO 27002
- Learn about ISMS mandatory processes and documentation
- Learn about risk assessment, risk treatment plans, statement of applicability
- Learn about ISO 27001 Annex A controls and requirements
Information Security and Privacy Awareness
Objective
Your enterprise's data is at risk. Your own employees may be pawns in the next threat from a highly skilled hacktivist, criminal, or nation-state. A security-aware workforce is a vital component in enterprise protection and is necessary to protect the company and its partners, customers, and employees. Additionally, you want to make sure that security is both a board-level and executive-level priority.
The objective of an effective Cyber Security and Privacy Awareness Training program is to empower employees to be proactive and aware of cybersecurity threats. The process starts with the training of new employees and it is an important opportunity to instill a security mindset into all roles early on. The course includes cybersecurity and privacy knowledge test as users progress through the training. Cyber Security is the body of technologies, processes, and practices designed to protect networks, computers, programs, and data from attack, damage, or unauthorized access. The training is designed to protect and preserve the confidentiality, integrity, and availability of information owned by or in the care of the corporation.
This interactive training course will ensure professionals and practitioners at all levels understand their roles and responsibilities, new developments, resources, and hallmarks of an effective compliance program. The course includes knowledge questions as users progress through the training and the final assessment test.
Course Details
What you will learn?
- Learn How to Protect Information
- Understand the Key Security Terms
- Learn about Insider Risk
- Learn about Privately Identifiable Information and Privately Healthcare Information
- Learn about Physical Security, Facility Security and Clean Desk Policies
- Learn about Social Engineering and Phishing
- Learn about Acceptable Personal Use of Corporate Property and Email
- Learn about Malicious Software and Incident Reporting
- Learn about User Id and Password Protection
- Understand Your Responsibility as a User
Information Technology General Controls (ITGC) COSO Framework Part II
Objective
The employees must understand the Sarbanes-Oxley Act (SOX) passed to protect shareholders and the general public from accounting errors and fraudulent practices in enterprises, and the role of information technology. Under section 302, the companies need to implement systems that protect against data manipulation, provide the ability to track timelines, and can determine who had access to data and when. Under section 409 compliance mandates the timely disclosure of any information and section 802 states the information technology team’s role in SOX compliance to preserve records.
The course ITGC Part II is designed to ensure employees understand the importance of their role in a public company and comply with the regulatory requirements by implementing correct security controls to ensure that financial data is accurate and protected against loss. You will learn about evaluating and auditing IT general controls.
In this course, you will be asked to read through lessons, participate in learning activities, and partake in knowledge checks designed to reinforce learning followed by the end of the course final assessment.
Course Details
What you will learn?
- Learn about Information Technology General Controls (ITGCs) basics
- Study the IT and Risk Control Approach
- Learn to evaluate IT General Controls
- Learn about Auditing Security Administration Controls
- Learn about Auditing Maintenance Controls
- Learn about Auditing Computer Operations Controls
- Learn about Auditing Systems Development Controls
- Learn about Auditing Outsourced Services Controls
- Study the Key Considerations for Effective SOX Testing
Information Technology General Controls (ITGC) Part I SOX
Objective
The employees must understand the Sarbanes-Oxley Act (SOX) passed to protect shareholders and the general public from accounting errors and fraudulent practices in enterprises and the role of information technology. Under section 302, the companies need to put systems that protect against data manipulation, provide the ability to track timelines, and determine who had access to data and when.
The course provides a detailed understanding of the COSO components, objectives, entity-level consideration, financial reporting assertions, use COBIT, ISO 27000, ITIL for SOX compliance, and more. The course content is precise and to the point with a focus on knowledge application and practical considerations. The course ensures employees understand the importance of their role in a public company and comply with the regulatory requirements by implementing proper security controls to ensure that financial data is accurate and protected against loss.
In this course, you will be asked to read through lessons, participate in learning activities, and partake in knowledge checks designed to reinforce learning, followed by the end of the course final assessment.
Course Details
What you will learn?
- Study the Sarbanes-Oxley Act (SOX)
- Learn about the COSO framework and its relationship with SOX
- Learn about SOX and Corporate Governance requirements
- Study the internal controls
- Understand the relevance of IT controls for SOX compliance
- Understand the fundamentals of ITGC
- Study the types of IT controls
- Study the general IT process controls and controls testing
Malware Ransomware Awareness
CS00105
Malware Ransomware Awareness
Objective
The two most common ways that malware accesses your system are the Internet and email. Malware, or “malicious software,” is an umbrella term that describes any malicious program or code that is harmful to systems. There are many forms of malware, including viruses, exploits, adware, Trojan, worms, ransomware, and spyware. Just visiting a malicious website and viewing an infected page and/or banner ad can result in a drive-by malware download. All it takes is for one unsuspecting person to create an opening, and malware can infect an entire network.
The course is designed to educate employees to understand how malware can infect your device, how you can avoid malware, and what action you need to take when you get infected by malware.
In this course, you will be asked to read through lessons, participate in learning activities, and partake in knowledge checks designed to reinforce learning followed by the end of the course final assessment.
Course Details
What you will learn?
- How do you get malware?
- What malware is and why it is dangerous
- Become familiar with different types of malware and how users can identify them
- How can you tell if you have a malware infection?
- Understand how most malware requires human action to infect a computer
- How to protect against malware?
- How people can avoid malware and what to do (and not to do) if this ever happens
National Institute of Standards and Technology Part I
Objective
National Institute of Standards and Technology (NIST) is responsible for measurement science, standards, and technology in a way that promotes safety and collaboration for industry and government alike. In this course, you will learn to apply the principles of the NIST Cyber Security Framework (NIST CSF) to your organization.
A security program must keep pace with the evolving threat landscape. NIST CSF helps build and augment a security program that equips the enterprise to keep pace with evolving threats and technologies. The course outlines how implementing a security program based on the CSF framework can help organizations mitigate these issues. The framework core contains cybersecurity activities and informative references that are organized around particular functions.
In this course, you will be asked to read through lessons, participate in learning activities, and partake in knowledge checks designed to reinforce learning followed by the end of the course final assessment.
Course Details
What you will learn?
- Learn about CSF fundamentals
- Learn how to develop a risk-based cybersecurity framework
- Understand the CSF framework core and design
- In-depth knowledge on how to use functions, categories, and subcategories
- Use of risk management principles, best practices, and methodologies
- Understand the CSF implementation tiers and implementation
- Learn about framework profile implementation
- Learn about improving resiliency
National Institute of Standards and Technology Part II
Objective
National Institute of Standards and Technology (NIST) is responsible for measurement science, standards, and technology in a way that promotes safety and collaboration for industry and government alike. In this course, you will learn to implement the principles of the NIST Cyber Security Framework (NIST CSF) in your organization. You will study informative references associated with functions and categories in greater detail.
A security program must keep pace with the evolving threat landscape. NIST CSF helps build and augment a security program that equips the enterprise to keep pace with evolving threats and technologies. The course outlines how implementing a security program based on the CSF framework can help organizations mitigate these issues. The framework core contains cybersecurity activities and informative references that are organized around particular functions.
In this course, you will be asked to read through lessons, participate in learning activities, and partake in knowledge checks designed to reinforce learning followed by the end of the course final assessment.
Course Details
What you will learn?
- Learn about CSF fundamentals
- Learn how to establish or improve your cybersecurity program
- Understand the NIST CSF concept and how to implement with the help of case study
- Understand the practical application of CSF framework’s core, design, functions, categories, and subcategories
- Detailed knowledge of functions, categories, and subcategories along with
- informative references from COBIT, ISA, NIST SP 800-53, CIS CSC, ISO 27001, etc.
Privileged Access Management (PAM) Part I
Objective
“According to Gartner, by 2022, 90% of organizations will recognize that mitigation of Privileged Access Management (PAM) risk is a fundamental security control, which is an increase from 70% today. Privileged accounts are the keys to the IT kingdom since they can provide the authenticated user with almost limitless privileged access rights across an organization’s most critical systems and data.
Part I of the PAM course provides an overview of the privileges, how are they created, granted, etc. and the benefits of privileged access management. You will learn about privileged accounts, the types of privileged accounts, the privileged service accounts, privilege related risks, and challenges. The course enhances knowledge in the areas of privileged threat vectors (external and internal), how hackers compromise the privileged accounts, and study the privilege access management best practices
In this course, you will be asked to read through lessons, participate in learning activities, and partake in knowledge checks designed to reinforce learning followed by the end of the course final assessment.
Course Details
What you will learn?
- Privileged Access Management Overview
- Learn about privileges and how are they created, granted, etc.
- Learn about privileged accounts
- Understand the types of privileged accounts
- Study the privileged service accounts
- Learn about privilege related risks and challenges
- Learn about privileged threat vectors – external and internal
- Understand the benefits of privileged access management
- Learn how hackers compromise the privileged accounts.
- Study the privilege access management best practices
Privileged Access Management (PAM) Part II
Objective
According to Gartner, by 2022, 90% of organizations will recognize that mitigation of Privileged Access Management (PAM) risk is a fundamental security control, which is an increase from 70% today. Privileged accounts are the keys to the IT kingdom since they can provide the authenticated user with almost limitless privileged access rights across
an organization’s most critical systems and data.
Part II of the PAM course contains thorough knowledge about the privileged account security controls, PAM solution partner considerations, how to baseline the PAM, and how to manage ongoing improvements. The course learnings include critical questions to answer when you start the PAM program, third-party PAM access requirements, insider threat considerations, and more. The course enhances your knowledge in protecting privileged accounts and privilege access management best practices.
In this course, you will be asked to read through lessons, participate in learning activities, and partake in knowledge checks designed to reinforce learning, followed by the end of the course final assessment.
Course Details
What you will learn?
- Learn about privileges and how are they created, granted, etc.
- Learn about the capabilities of PAM software.
- Study the PAM security controls.
- Learn about the PAM solution partner considerations.
- Study about the PAM baseline and ongoing Improvements.
- Study the considerations for selection of PAM.
- Learn hot to protect privileged accounts.
Problem Management Advanced Part II
Objective
The objective of incident management is to restore the service as quickly as possible while problem management deals with solving the underlying root cause of one or more incidents. The Problem Management Advanced course will enable you to design and implement a problem management process in your organization.
The course will train you on establishing problem management process roles and responsibilities, step by step approach in implementing key processes, defining process inputs/outputs, and reporting. You will also learn about drivers/inputs that trigger the problem management process.
In this course, you will be asked to read through lessons, participate in learning activities, and partake in knowledge checks designed to reinforce learning followed by the end of the course final assessment.
Course Details
What you will learn?
- Understand basic concepts of problem management
- Learn about the roles and responsibilities associated with the problem
- management process
- Understand the input that triggers the problem management process
- Planning for problem management process implementation and training
- Understand the problem management process implementation guide (step by step approach)
- Understand process inputs and outputs
- Learn about problem management reporting
- Understand the problem management checklist
- Understand the activities and documentation
Problem Management Awareness Part I
Objective
The objective of incident management is to restore the service as quickly as possible while problem management deals with solving the underlying root cause of one or more incidents.
The Problem Management Awareness course will enable you to gain and apply the skills and techniques to your own organization to establish problem management best practices. You will learn when and how to implement a problem control process, understand the workarounds, develop policy and procedures, and define critical success factors as well as key performance indicators.
In this course, you will be asked to read through lessons, participate in learning activities, and partake in knowledge checks designed to reinforce learning followed by the end of the course final assessment.
Course Details
What you will learn?
- Understand incident vs. problems
- Understand quick fix and permanent problem resolution
- Key definitions and basic concepts for problem management
- Decide whether you need to implement problem control
- Key process activities of the problem management process
- Understand workarounds and solutions
- Developing problem management policy
- Learn about problem management process interfaces
- Critical success factors and key performance indicators
Security Framework Awareness
CS00108
Security Framework Awareness
Objective
A security framework is a set of rules or documented processes that include policies, procedures, etc. implemented to manage information security controls and reduce risks. The framework design is the key for organizations to move from their current state to their target state with the ability to identify gaps and prioritize gaps based on risk assessment. Frameworks, if used wisely, effectively, and efficiently, will enable organizations to achieve their security objectives.
The training explains how implementing a security program based on the framework can help organizations mitigate the security risk and consider the appropriate level of rigor for their cybersecurity program. It explains to employees how their organization can move from their current state to their target state with the ability to identify the gap and prioritize gaps based on risk assessment.
In this course, you will be asked to read through lessons, participate in learning activities, and partake in knowledge checks designed to reinforce learning followed by the end of the course final assessment.
Course Details
What you will learn?
- Understand What is a Framework
- Understand What is an Information Security Framework
- Learn about Types of Security Frameworks
- Learn about Compliance Regulations and Frameworks
- Understand Factors Driving Security Frameworks
- Learn about Various Security Frameworks - ISO, COBIT, NIST, ITIL, COSO, NERC, TY
- CYBER, HITRUST, CSF
- Understand the Business Benefits of Security Frameworks
Social Engineering & Phishing Advanced Part II
Objective
Hackers call data centers and pretend to be customers who have lost their passwords or show up at a site and simply wait for someone to hold a door open for them. Hackers have been known to create phony websites, sweepstakes, or questionnaires that ask users to enter a password. Phishing is a technique used to obtain sensitive information by impersonating oneself as a trustworthy entity in an electronic communication.
In Part II of Phishing Awareness, you will learn about different types of phishing attacks, techniques in discovering attacks, characteristics of phishing emails, etc. providing employees with very deep knowledge in responding to the growing amount of phishing emails. The course is designed for the organizations that need to comply with the regulatory requirements, support phishing awareness campaigns, and educate employees about the impact of social engineering attacks, especially those having exposure to private data, financial data, highly sensitive, and confidential data.
In this course, you will be asked to read through lessons, participate in learning activities, and partake in knowledge checks designed to reinforce learning followed by the end of the course final assessment.
Course Details
What you will learn?
- Learn about Ten Different Types of Phishing Attacks
- Understand the Characteristics of Phishing Emails
- Understand Common Methods of Phishing Attacks
- Learn about Escalation and Containment
- Learn about Eradication and Rebuilding
- Learn about Recovery and Aftermath
Social Engineering & Phishing Awareness Part I
Objective
Hackers call data centers and pretend to be customers who have lost their passwords or show up at a site and simply wait for someone to hold a door open for them. Hackers have been known to create phony web sites, sweepstakes, or questionnaires that ask users to enter a password. Phishing is a technique used to obtain sensitive information by impersonating oneself as a trustworthy entity in an electronic communication.
In Phishing Awareness Part I, you will learn about social engineering attacks, types of attacks, attacks techniques, and telltale signs of phishing attacks providing employees with deep knowledge of social engineering attacks. The course is designed for the organizations that need to comply with the regulatory requirements, support phishing awareness campaigns, and educate employees about the impact of social engineering attacks, especially those having exposure to private data, financial data, highly sensitive, and confidential data.
In this course, you will be asked to read through lessons, participate in learning activities, and partake in knowledge checks designed to reinforce learning followed by the end of the course final assessment.
Course Details
What you will learn?
- Learn about Social Engineering Attacks
- Social engineering attack techniques
- Steps in social engineering attack
- Types of Social Engineering Attacks
- Phishing attacks
- Telltale signs of phishing attacks
- Detection, Identification, and Tips to Keep You From Being Fooled
- Spear Phishing• Detection telltale signs
- Use cases and phihsing attack detection exercises