SEC126 Developing Software For GDPR Compliance

SEC 126 Developing Software For GDPR Compliance

About The Developing Software For GDPR Compliance Course

GDPR for developers is a training program that will helps software developers and system engineers to implement GDPR compliance into their software development Lifecyle. When creating software, data protection and privacy by default should be part of the software development Lifecyle. This training is intended to provide software developers an overview of GDPR from the software and database development perspective.

Key Features of the Training:

Every developer is also expected to understand and implement the following GDPR concepts:

  • Conduct a Data Flow Mapping.
  • Data classification.
  • How to apply the 7 Principles of Privacy by Design.
  • Managing code repo and deployment practices.
  • Secure your data at rest and in transit.
  • Ensure that you have appropriate access controls for Personal Information.
  • Enforcement of the organization Data Retention Policy.
  • Anonymize and Pseudonymise data.
  • Review third third-party processors.
  • Review how employees access and process personal information using BYOD.
  • Ensure your data hosting arrangements meets to GDPR compliance level.
  • Understand automated decision-making and profiling.
  • Understand and assess the basis of processing personal information.

Course Description

GDPR Data protection Principles

Data protection by design

  • The use of pseudonymisation (replacing personally identifiable material with artificial identifiers).
  • Encryption (encoding messages so only those authorised can read them).

Data protection by default

  • Ensure user profile settings is in the most privacy-friendly setting.
  • How to assure the users’ profile isn’t accessible by default to an indefinite number of persons.

Data loss Protection

Detects potential data breaches/data loss and prevents them by monitoring, detecting and blocking sensitive data while in-use, in-motion, and at-rest.

Choosing the right authentication scheme.

  • What should I consider when implementing a password system?
  • How should we store passwords?
  • How should our users enter their passwords?
  • What requirements should be set for user passwords?
  • What should we do about password expirations and resets?
  • What defenses can be put in place against attacks?

Building encryption into your application

  • Encryption and data storage
  • Encryption and data transfer
  • What types of encryption are there?
  • How should we implement encryption?

Ensure data integrity and confidentiality

Authentication scheme for GDPR compliance

To comply with GDPR the organization must comply with the security principles of ‘integrity and confidentiality’ The security principle requires you to take appropriate technical and organizational measures to prevent unauthorized processing of personal data you hold. To uphold these tenants’ security have to be build into your technological design.

 

Building the GDPR User Rights into systems

  • Consent – A clear and affirmative action from users is required to possess and process their personal data.
  • Right to Access – An individual has the right to know what personal data you have and what you are doing with it.
  • Right to Erasure – An individual has the right to require the deletion of their personal data if the continued processing is not justified.
  • Data Portability – Individuals have the right to require companies transmit their personal data to another company.
  • Breach Notification – Individuals must be notified with 72 hours of a data breach involving their personal data.
  • Privacy by Design – Data protection must be incorporated into the design of systems from the beginning, not just added later. And companies can only hold and process the data absolutely necessary to complete its duties (data minimalization) and limit the access to that data.

Implementing Right to Limited Processing

  • Restriction of Processing:Users have the right to “restrict” processing, which means their data cannot be used or leveraged further without the user’s explicit consent.
  • Erasure:All users must have the option to be forgotten or deleted from the system.
    Data Portability: All collected data and information must be portable so users can export contents and view or read it in a proper format.
  • Rectification:The option or ability to fix personal data that is inaccurate or incomplete.
  • View Data:Every user has the right to be informed about data collection and use, including information outside of standard terms and conditions.
  • Access:Any data collected, processed, or stored should be visible to the relevant user at all times.

Target Audience

This training course is intended for professionals who are involved in any form with software development and needs to design software to meet the GDPR requirements. The training is ideal for those working in positions such as, but not limited to:

  • System Developers
  • Software developers
  • Database developers
  • Web Developers
  • Data Engineers

Certified Cloud Security Professional (CCSP)

About the CCSP Course

Certified Cloud Security Professional (CCSP) is one of the industry’s premier cloud security certifications offered for individuals and enterprise teams to manage cloud assets securely. This 4-day Certified Cloud Security Professional (CCSP) certification is governed by the not-for-profit International Information Systems Security Certification Consortium (ISC)2. Check out the dates below and enroll today for the CCSP certification course.

Key Features of this CISSP Training:

  • Instructor-led Certified Cloud Security Professional (CCSP) Certification Training
  • Get access to a free course preview to begin your preparation
  • Expert CCSP instructors across the globe
  • Accredited CCSP course material prepared by SMEs
  • Get key resources from ISC2
  • CCSP Sample papers provided
  • Industry-recognized Course Completion certificate provided
  • Take advantage of 1-to-1 Training and Fly me a Trainer option
  • Training provided across 100+ locations globally

You Will Learn How To:

  • Strategically focus your preparation for CCSP Certification
  • Plan a secure environment aligned with organizational objectives, compliance requirements, and industry-standard architectures
  • Develop operational security and continuity through preventive and recovery mechanisms

Course Description

Domain 1: Architectural Concepts & Design Requirements

Cloud computing concepts & definitions based on the ISO/IEC 17788 standard; security concepts and principles relevant to secure cloud computing.

  • Understand Cloud Computing Concepts
  • Describe Cloud Reference Architecture
  • Understand Security Concepts Relevant to Cloud Computing
  • Understand Design Principles of Secure Cloud Computing
  • Identify Trusted Cloud Service

Domain 2: Cloud Data Security

  • Concepts, principles, structures, and standards used to design, implement,monitor, and secure, operating systems, equipment, networks, applications, and those controls used to enforce various levels of confidentiality, integrity, and availability in cloud environments.
  • Understand Cloud Data Lifecycle
  • Design and Implement Cloud Data Storage Architectures
  • Design and Apply Data Security Strategies
  • Understand and Implement Data Discovery and Classification Technologies
  • Design and Implement Relevant Jurisdictional Data Protections for Personally Identifiable Information (PII)
  • Design and Implement Data Rights Management
  • Plan and Implement Data Retention, Deletion, and Archiving Policies
  • Design and Implement Auditability, Traceability and Accountability of Data Eve

Domain 3: Cloud Platform & Infrastructure Security

Knowledge of the cloud infrastructure components,both the physical and virtual, existing threats, and mitigating and developing plans to deal with those threats.

  • Comprehend Cloud Infrastructure Components
  • Analyze Risks Associated to Cloud Infrastructure
  • Design and Plan Security Controls
  • Plan Disaster Recovery and Business Continuity Managemen

Domain 4: Cloud Application Security

Processes involved with cloud software assurance and validation; and these of verified secure software.

  • Recognize the need for Training and Awareness in Application Security
  • Understand Cloud Software Assurance and Validation
  • Use Verified Secure Software
  • Comprehend the Software Development LifeCycle (SDLC) Process
  • Apply the Secure Software Development LifeCycle
  • Comprehend the Specifics of Cloud Application Architecture
  • Design Appropriate Identity and Access Management (IAM) Solutio

Domain 5: Operations

Identifying critical information and the execution of selected measures that eliminate or reduce adversary exploitation of it; requirements of cloud architecture to running and managing that infrastructure; definition of controls over hardware, media, and the operators with access privileges as well as the auditing and monitoring are the mechanisms, tools and facilities.

  • Support the Planning Process for the Data Center Design
  • Implement and Build Physical Infrastructure for Cloud Environment
  • Run Physical Infrastructure for Cloud Environment
  • Manage Physical Infrastructure for Cloud Environment
  • Build Logical Infrastructure for Cloud Environment
  • Run Logical Infrastructure for Cloud Environment
  • Manage Logical Infrastructure for Cloud Environment
  • Ensure Compliance with Regulations and Controls (e.g., ITIL, ISO/IEC 200001)
  • Conduct Risk Assessment to Logical and Physical Infrastructure
  • Understand the Collection, Acquisition and Preservation of Digital Evidence
  • Manage Communication with Relevant Parties

Domain 6: Legal & Compliance

Addresses ethical behavior and compliance with regulatory frameworks. Includes investigative measures and techniques, gathering evidence (e.g., Legal Controls, eDiscovery, and Forensics); privacy issues and audit process and methodologies; implications of cloud environments in relation to enterprise risk management.

  • Understand Legal Requirements and Unique Risks within the Cloud Environment
  • Understand Privacy Issues, Including Jurisdictional Variation
  • Understand Audit Process, Methodologies, and Required Adaption’s for a Cloud Environment
  • Understand Implications of Cloud to Enterprise Risk Management
  • Understand Outsourcing and Cloud Contract Design
  • Execute Vendor Management

The Online Classroom includes:

  • Access to recordings and course content for 360 days.
  • Interactive flash cards to reinforce learning
  • Independent reading and learning activities
  • Case studies and real-world scenarios
  • Knowledge checks after each domain
  • Post-course assessment questions to gauge exam readiness

Target Audience

This training course is intended for professionals who have at least 2 years of recent full-time professional work experience in 2 or more of the 8 domains of the CISSP CBK and are pursuing CISSP training and certification to acquire the credibility and mobility to advance within their current information security careers. The training is ideal for those working in positions such as, but not limited to:

  • Security Consultant
  • Security Manager
  • IT Director/Manager
  • Security Auditor
  • Security Architect
  • Security Analyst
  • Security Systems Engineer
  • Chief Information Security Officer
  • Director of Security
  • Network Architect

Understanding Data Loss Prevention (DLP)

Understanding Data Loss Prevention (DLP)

SEC105 Understanding Data Loss Prevention (DLP)

About the Data Loss Prevention (DLP) Course

Data Loss is one of the biggest security challenges faced by companies today. This pose significant risks to the organization in terms of compliance to regulations, financial and reputational risk that can result from a breach of confidential data. Organization needs to find ways to protect their data and keep the customer’s data secure through. Data Loss Prevention (DLP) systems is one of the method used for this. It helps organizations to identify, monitor, and protect data in use and in transit.

The workshop will focus on the following topics:

  • Overview of data prevention.
  • The need for data loss prevention.
  • The risk of Data Loss to the organization.
  • A look at leading data loss prevention systems.
  • Understand and learn to implement Data Loss Prevention Solutions to meet the data protection needs.
  • Implement DLP systems with Security Information and Events Management (SIEM) systems.

The Online Classroom includes:

  • Access to recordings and course content for 360 days.
  • Interactive flash cards to reinforce learning
  • Independent reading and learning activities
  • Case studies and real-world scenarios
  • Knowledge checks after each domain
  • Post-course assessment questions to gauge exam readiness

Target Audience

This training course is intended for professionals who would like to keep up to date with the new technology and apply them in real life environment.

  • CISO’s
  • Security Risk Managers
  • Security Engineers
  • Information Security Managers.
  • Information Security Directors.
  • All other security professionals who want to be kept up to date.

 

Understanding Data Loss Prevention (DLP)

ISO 27001 Lead Auditor

ISO 27001

Lead Auditor

[dvmd_table_maker tbl_row_header_count=”0″ tbl_column_max_width=”1.5fr” tbl_column_min_width=”76px” tbl_frame_gap_row=”0px” tbl_stripes_active=”on” tbl_chead_cell_align_horz=”center” _builder_version=”4.9.2″ _module_preset=”default” tbl_tcell_text_font_size=”18px” tbl_chead_text_level=”h4″ tbl_chead_text_font=”|700|||||||” tbl_chead_text_font_size=”16px” background_color=”#ffffff” use_background_color_gradient=”on” background_color_gradient_start=”#ffffff” background_color_gradient_end=”rgba(22,6,99,0)” custom_margin=”||2px|||” hover_enabled=”0″ sticky_enabled=”0″][dvmd_table_maker_item col_label=”Training Schedule” col_content=”TRAINING SCHEDULE ISO 27001 Lead Auditor 4 Days” _builder_version=”4.9.2″ _module_preset=”default” hover_enabled=”0″ sticky_enabled=”0″][/dvmd_table_maker_item][dvmd_table_maker_item col_label=”Date” col_content=”DATE 20-23 April 2021″ col_tcell_cell_align_horz=”center” col_tcell_cell_align_vert=”center” _builder_version=”4.9.2″ _module_preset=”default” hover_enabled=”0″ sticky_enabled=”0″][/dvmd_table_maker_item][dvmd_table_maker_item col_label=”Training Type” col_content=”TRAINING TYPE Virtual ” col_tcell_cell_align_horz=”center” col_tcell_cell_align_vert=”center” _builder_version=”4.9.2″ _module_preset=”default” hover_enabled=”0″ sticky_enabled=”0″][/dvmd_table_maker_item][dvmd_table_maker_item col_content=”ENROLL BELOW Enroll” col_tcell_cell_align_horz=”center” col_tcell_cell_align_vert=”center” _builder_version=”4.9.2″ _module_preset=”default” hover_enabled=”0″ sticky_enabled=”0″][/dvmd_table_maker_item][/dvmd_table_maker]

All training runs from 9:00 to 16:30 every day.

About the ISO 27001 Lead Auditor Course

This certification covers the international standard published by the International Standardization Organization (ISO), that describes how to manage information security in a company. ISO 27001 can be implemented in any kind of organization, profit or non-profit, private, small or large government owned. It also enables companies to become certified, which means that an independent certification body has confirmed that an organization has implemented information security compliant with ISO 27001.

During this training course, you will acquire the knowledge and skills to plan and carry out internal and external audits in compliance with ISO 19011 and ISO/IEC 17021-1 certification process. Based on practical exercises, you will be able to master audit techniques and become competent to manage an audit program, audit team, communication with customers, and conflict resolution.

After acquiring the necessary expertise to perform this audit, you can sit for the exam and apply for a “PECB Certified ISO/IEC 27001 Lead Auditor” credential. By holding a PECB Lead Auditor Certificate, you will demonstrate that you have the capabilities and competencies to audit organizations based on best practices. This training is based on both theory and best practices used in ISMS audits. Lecture sessions are illustrated with examples based on case studies. Practical exercises are based on a case study which includes role-playing and discussions. Practice tests are similar to the Certification Exam.

Course Description


  • Understand the operations of an Information Security Management System based on ISO/IEC 27001
  • Acknowledge the correlation between ISO/IEC 27001, ISO/IEC 27002 and other standards and regulatory frameworks
  • Understand an auditor’s role to: plan, lead and follow-up on a management system audit in accordance with ISO 19011
  • Learn how to lead an audit and audit team
  • Learn how to interpret the requirements of ISO/IEC 27001 in the context of an ISMS audit
  • Acquire the competencies of an auditor to: plan an audit, lead an audit, draft reports, and follow-up on an audit in compliance with ISO 19011
Introduction to Information Security Management Systems (ISMS) and ISO/IEC 27001
  • Course objectives and structure
  • Standards and regulatory frameworks
  • Certification process
  • Fundamental principles of Information Security Management Systems
  • Information Security Management Systems (ISMS)
Audit principles, preparation and launching of an audit
  • Fundamental audit concepts and principles
  • Evidence based audit approach
  • Initiating the audit
  • Stage 1 audit
  • Preparing the stage 2 audit (on-site audit)
  • Stage 2 audit (Part 1)
On-site audit activities
  • Stage 2 audit (Part 2)
  • Communication during the audit
  • Audit procedures
  • Creating audit test plans
  • Drafting audit findings and non-conformity reports
Closing the audit
  • Documentation of the audit and the audit quality review
  • Closing the audit
  • Evaluating action plans by the auditor
  • Benefits of the initial audit
  • Managing an internal audit program
  • Competence and evaluation of auditors
  • Closing the training

The Online Classroom includes:

  • Access to recordings and course content for 360 days.
  • Interactive flash cards to reinforce learning
  • Independent reading and learning activities
  • Case studies and real-world scenarios
  • Knowledge checks after each domain
  • Post-course assessment questions to gauge exam readiness

Target Audience

This training course is intended for professionals who are working in the field of information security and would like to use ISO/IEC 27001 International Standard to assess an organization’s ability to meet their own information security requirements.

  • Internal auditors
  • Auditors wanting to perform and lead Information Security Management System (ISMS) certification audits
  • Project managers or consultants wanting to master the Information Security Management System audit process
  • CxO and Senior Managers responsible for the IT governance of an enterprise and the management of its risks
  • Members of an information security team
  • Expert advisors in information technology
  • Technical experts wanting to prepare for an Information security audit function

 

ISO 27001 Information Security Management Lead Implementer

ISO 27001 Information Security Management Lead Implementer

ISO 27001 Information Security Management Lead Implementer

[dvmd_table_maker tbl_row_header_count=”0″ tbl_column_max_width=”1.5fr” tbl_column_min_width=”76px” tbl_frame_gap_row=”0px” tbl_stripes_active=”on” _builder_version=”4.9.1″ _module_preset=”default” tbl_tcell_text_font_size=”18px” tbl_chead_text_level=”h4″ tbl_chead_text_font=”|700|||||||” background_color=”#ffffff” use_background_color_gradient=”on” background_color_gradient_start=”#ffffff” background_color_gradient_end=”rgba(22,6,99,0)”][dvmd_table_maker_item col_label=”Training Schedule” col_content=”TRAINING SCHEDULE ISO 27001 Information Security Management Lead Implementer 5 Days ISO 27001 Information Security Management Lead Implementer (1 day a Week X 5 weeks)” _builder_version=”4.7.4″ _module_preset=”default”][/dvmd_table_maker_item][dvmd_table_maker_item col_label=”Date” col_content=”DATE TBD TBD” col_tcell_cell_align_horz=”center” col_tcell_cell_align_vert=”center” _builder_version=”4.7.4″ _module_preset=”default”][/dvmd_table_maker_item][dvmd_table_maker_item col_label=”Training Type” col_content=”Training Type Virtual Virtual” col_tcell_cell_align_horz=”center” col_tcell_cell_align_vert=”center” _builder_version=”4.7.4″ _module_preset=”default”][/dvmd_table_maker_item][dvmd_table_maker_item col_content=”Enroll” col_tcell_cell_align_horz=”center” col_tcell_cell_align_vert=”center” _builder_version=”4.9.1″ _module_preset=”default”][/dvmd_table_maker_item][/dvmd_table_maker]

All training runs from 9:00 to 16:30 every day.

About the ISO 27001 Lead Implementer Course

ISO/IEC 27001 Lead Implementer five-day intensive course enables the participants to develop an expertise to support an organization in implementing and managing an Information Security Management System (ISMS) as specified in ISO/IEC 27001. Participants will also master the best practices for implementing information security controls from eleven areas of ISO/IEC 27002:2005.

The Online Classroom includes:

  • Access to recordings and course content for 360 days.
  • Interactive flash cards to reinforce learning
  • Independent reading and learning activities
  • Case studies and real-world scenarios
  • Knowledge checks after each domain
  • Post-course assessment questions to gauge exam readiness

Course Description

Key Features of the ISO 27001 Lead Implementer Training:

  • Understanding the application of an Information Security Management System in the ISO/IEC 27001 context
  • Mastering the concepts, approaches, standards, methods and techniques allowing an effective management of an Information Security Management System
  • Understand the relationship between an Information Security Management System, including risk management and controls, and compliance with the requirements of different stakeholders of the organization
  • Acquiring expertise to support an organization in implementing, managing and maintaining an ISMS as specified in ISO/IEC 27001
  • Acquiring the expertise necessary to manage a team in implementing the ISO/IEC 27001:2005 standard
  • Develop personal skills and knowledge required to advise organizations on best practices in management of information security
  • Improve the capacity for analysis and decision-making in a context of information security management
Introduction to Information Security Management System (ISMS) concepts as required by ISO 27001; initiating an ISMS
  • Introduction to the management systems and the process approach
  • Presentation of the ISO 27000 family standards and regulatory framework
  • Fundamental principles of Information Security
  • Preliminary analysis and determining the level of maturity based on ISO 21827
  • Writing a business case and a project plan for the implementation of an ISMS
Planning the implementation of an ISMS based on ISO 27001
  • Defining the scope of an ISMS
  • Drafting an ISMS and Information Security policies
  • Selection of the approach and methodology for risk assessment
  • Risk management: identification, analysis and treatment of risk (based on ISO 27005)
  • Drafting the statement of applicability
Implementing an ISMS based on ISO 27001
  • Implementation of a document management framework
  • Design of and implementation of controls
  • Information Security training, awareness and communication program
  • Incident management (drawing on guidance from ISO 27035)
  • Operations management of an ISMS
Control, monitor and measure an ISMS and the certification audit of the ISMS in accordance with ISO 27001
  • Monitoring the ISMS controls
  • Development of metrics, performance indicators and dashboards in accordance with ISO 27004
  • ISO 27001 internal audit
  • Management review of an ISMS
  • Implementation of a continual improvement program
  • Preparing for an ISO 27001 certification audit

Domain 1: Fundamental principles and concepts in information security

Main Objective: To ensure that the ISO 27001 Lead Implementer candidate can understand, interpret and illustrate the main Information Security concepts related to an Information Security Management System (ISMS)

Domain 2: Information Security Control Best Practice based on ISO 27002

Main Objective: Main Objective: To ensure that the ISO 27001 Lead Implementer candidate can understand, interpret and provide guidance on how to implement and manage Information Security controls best practices based on ISO 27002

Domain 3: Planning an ISMS based on ISO 27001

Main Objective: Main Objective: To ensure that the ISO 27001 Lead Implementer candidate can plan the implementation of an ISMS in preparation for an ISO 27001 certification

Domain 4: Implementing an ISMS based on ISO 27001

Main Objective: To ensure that the ISO 27001 Lead Implementer candidate can implement the processes and security controls of an ISMS required for an ISO 27001 certification

Domain 5: Performance evaluation, monitoring and measurement of an ISMS based on ISO 27001

Main Objective: To ensure that the ISO 27001 Lead Implementer candidate can evaluate, monitor and measure the performance of an ISMS in the context of an ISO 27001 certification

Domain 6: Continuous improvement of an ISMS based on ISO 27001

Main Objective: To ensure that the ISO 27001 Lead Implementer candidate can provide guidance on the continuous improvement of an ISMS in the context of ISO 27001

Domain 7: Preparation for an ISMS certification audit

Main Objective: To ensure that the ISO 27001 Lead Implementer candidate can prepare and assist an organization for the certification of an ISMS against the ISO 27001 standard

Target Audience

This training course is intended for professionals who are working in the field of information security and would like to use ISO/IEC 27001 International Standard to assess an organization’s ability to meet their own information security requirements.

  • Internal auditors
  • Auditors wanting to perform and lead Information Security Management System (ISMS) certification audits
  • Project managers or consultants wanting to master the Information Security Management System audit process
  • CxO and Senior Managers responsible for the IT governance of an enterprise and the management of its risks
  • Members of an information security team
  • Expert advisors in information technology
  • Technical experts wanting to prepare for an Information security audit function

 

CISO: The first 90 days

CISO: The first 90 days

SEC104

CISO: The First 90 days

and Beyond

CISO: The First 90 Days and Beyond

The function of the Chief Information Security Officer (CISO) is becoming a requirement for many organizations. This important security position is important in every organization to help create, manage and align the security programs with organizational goals and objectives. This training will learn about the challenges of the new CISO and how to resolve them. The three days CISO Masterclass program is a very hands-on training program for those starting out with the role of the CISO or those who are already in the role and would like to understand more and get practical help on how to fulfill the role effectively.

 At the end of this workshop participants will understand the full scope of the CISO job description, where it is positioned in the organization. What is expected from a CISO and how to get started being a CISO and implementing security programs within the organization. Based on the real-world scenario and case studies you will see practical examples of how a CISO implements the content learned from the Master class. It provides you CISO specific tools such as the NICE Framework you need to start making progress beyond the first 90 days. It provides the knowledge, roadmap, and tools to accomplish the following:

 

 

 

You Will Learn How To:

  • Strategically focus your preparation to become a CISO
  • Learn to set up security programs for your organisation.
  • Plan a secure environment aligned with organizational objectives, compliance requirements, and industry-standard architectures
  • Learn to start with what you have already.

The Online Classroom includes:

  • Access to recordings and course content for 365 days.
  • Case studies and real-world scenarios
  • Knowledge checks after each domain

Target Audience

This training is designed for people who are aspiring or have just been appointed as the CISO in their organisation and would like to have a head start to know how to take charge of the new position.