Cyber Security Operations Specialist®
Cyber Security Operations Specialist®
3 Days, 2 Professional Certifications
This course is well suited to professionals with varied disciplines and positions. Application and Business Security stakeholders, such as cybersecurity architects, engineers, designers, planners, operators and managers as well as professionals project management, sales, finance and compliance, attend CSOS®. This course gives you a holistic view of the cyber security landscape, ongoing threats and the effective approach to keeping the entire enterprise safe and running beyond the network perimeter, third party risk, compliance to industry and regulatory requirements and having in place an effective incident response mechanism, to deal with the ever present cyber threats. The CSOS® provides a strong operational support to operationalizing the latest trends and best practices that support the Application Security and the security of the Application Ecosystem (AE)® and addressing the typical cybersecurity operation.
Upcoming CSOS® Events
Sorry no post found.
Course Description
This course is well suited to professionals with varied disciplines and positions. Application and Business Security stakeholders, such as cybersecurity architects, engineers, designers, planners, operators and managers as well as professionals project management, sales, finance and compliance, attend CSOS®. This course gives you a holistic view of the cyber security landscape, ongoing threats and the effective approach to keeping the entire enterprise safe and running beyond the network perimeter, third party risk, compliance to industry and regulatory requirements and having in place an effective incident response mechanism, to deal with the ever present cyber threats. The CSOS® provides a strong operational support to operationalizing the latest trends and best practices that support the Application Security and the security of the Application Ecosystem (AE)® and addressing the typical cybersecurity operation.
Who should take this course?
Cyber Security Professionals including but not limited to, Security Analyst, Security Engineer, Security Architect, Security Administrator, Security Software Developer, Cryptographer, Cryptanalyst, Security Consultant and also Application Developers, Finance Professionals, Data Center Designers/Engineers, Data Center Planners, Project Managers, Legal & Compliance Professionals, College Students & Graduates and Business Continuity Experts.
what you study
You will learn how to focus on and actively protecting the organization from cybersecurity threats and managing the risk to support the successful accomplishment of the organization’s mission by having a depth of understanding of: Cybersecurity Governance, Risk Management, Physical IT-Related Asset management: Acquisition, Development & Maintenance, Vulnerability Identification and Management: Treating Cybersecurity Risks, Cybersecurity Incident and Crisis Management, Business Continuity Management, Organizational Structure, Human Factors and Culture, Cybersecurity Competencies and the CISO, Human Resources Cybersecurity, Application Security, Cybersecurity Considerations for the 7-Layers of the Application Ecosystem, Controls Management, Change Management, Application Ecosystem Management: Cybersecurity Day-to-Day Operations, Access Control, External Context & Supply Chain, Maintaining Situational Awareness: Monitoring & Reviewing Key Risk Indicators (KRI) and Security Service Level Agreements
Learning Outcomes
Learn systems approach to planning for cyber attacks, Learn how to situate Cybersecurity in tandem with the organization’s operational resilience policies and objectives, Learn how to maintain Cybersecurity infrastructure, Learn about the Application Ecosystem’s Cybersecurity and how to actively keep the Application secured, Understand cyber security policies and procedures, Learn effective cybersecurity operation, Learn day-to-day cyber security operational management, Cyber Security human resource management, Learn how to form and manage 3rd party dependencies, Learn how to manage cybersecurity assets, Learn how to understand Cybersecurity environments and the correct response, Learn about Cybersecurity Incident and how to respond to an incident
Prerequisites
- Cyber Security Infrastructure Specialist®.
Recommendations
It is recommended for this course to be taken back-to-back with CSIS in a 5-day program. This will optimize learning and cost saving.
Course Features
Day 1
Cybersecurity Overview
Cybersecurity Complexity
Malware & Types of Attacks
Governance
Governance Objectives
Governance for Cybersecurity
Effective Cybersecurity Programme Governance
Cybersecurity Governance: Meaningful Vs Meaningless
Cybersecurity Governance Pillars
Cybersecurity Organizational Structure
Risk Management
Cybersecurity Risk oversight of the Board
Cybersecurity Risk management Principles
Cybersecurity Risk Policies & Procedures
Cybersecurity Risk Strategic Performance Management
Cybersecurity Standards & Frameworks
Cybersecurity Risks: Identify, Analyze and Evaluate
How to treat Cybersecurity Risk
Using Process Capabilities to Treat Cybersecurity Risks
Using Insurance and Finance to Treat Cybersecurity Risks
Physical IT-Related Asset management
Build, Buy or Update: Embedding Cybersecurity Requirements and Establishing Best Practices
Governance & Planning
Development & Implementation
End of Useful Life and Disposal
Specific Considerations
Commercial Off-the-Shelf Applications
Cloud/SaaS Applications
Physical Security
Commit To a Plan
Physical Security Risk Landscape View and the Impact on Cybersecurity
Manage/Review the Cybersecurity Organization
Design/Review Integrated Security Measures
Data Center Scenario Reworked
Understanding Objectives for Security Measures
Understanding Controls for the Data Center Scenario
Calculate/Review Exposure to Adversarial Attacks
Simulating the Path of an Adversary
Calculate the Probability of Interrupting & Disrupting the Adversary
Optimize Return on Security Investment
Vulnerability Identification and Management: Treating Cybersecurity Risks
Introduction
Identity & Access Management
Policy
Establish Identities
Create Identities
User ID Revocation
Enterprise IT Governance
Reduced Security Costs
Penetration Testing
Day 2
Threat Identification & Handling Management: Identify, Analyze & Evaluate
The Risk Landscape
The People Factor
Assessing & Managing Risk: A structured Approach
Cybersecurity Culture
Regulatory Compliance
Maturity Compliance
Protection Prioritised
Cybersecurity Incident and Crisis Management
Cybersecurity Incident Management Overview
Cybersecurity Incident Response Overview
Cybersecurity Incident Response Plan & Processes
Cybersecurity Incident Response Team (CSIRT)
Technical Response Capabilities Development
Build and Maintain Capabilities
Incident Timelines
Integrating Cybersecurity & Business Continuity Management
What is Business Continuity
ISO 22301 Overview
BCM Lifecycle
Understand/Analyze the organization and Integrate with Cybersecurity
Determine BCM Strategy & Integrate with Cybersecurity
Developing and Implementing BCM Responses, Integrate with Cybersecurity
Exercising/Validating BCM and integrate with Cybersecurity
BCM Policy & Programme Management
Embedding BCM in the organizational culture
Organizational Structure
Having the Right People
Establishing the Team
What are the Established Performance Standards?
Human Factors and Culture
Technology Investment vs Investing in People
Business Email Compromise (BEC)
Organizations as Social Systems
Cybersecurity More Than a Technology Problem
Organizational Culture
Cybersecurity and Human Factors
Insider Threats
Social Engineering Threats
Cybersecurity Training & Awareness
Measures Against Business Email Compromise
Human Factors & Technology Trends
Metrics
The Application Ecosystem
Day 3
Application Security
Application Security Terminology
Risk Calculation Models
Calculation of Application Security Risk
Application Security Best Practices
Application Ecosystem Management: Cybersecurity Day-to-Day Operations
Controls Management
Security Controls
Asset Management
Change Management
The Importance of Managing Change
When should Changes be Made?
What are the Impact Changes bring?
The safeguard Effect of Internal Control in Change Management
Organizational Change Management
Access Control
Access Control & A New Perspective
Organizations requirements for Access Control
User Access Management
User Registration and Deregistration
Access Provisioning for Users
Privileged Access Rights Management
Users Secret Authentication Information Management
User Access Under Review
User Rights: Removal & Adjustments
Responsibility of Users
Application & System Access Control
Access Restriction to Information
Procedures for Secure-Logins
Password Management System
Privileged Utility Programs Usage
Program Source Code & Controlled Access
External Context & Supply Chain
Overview
Supply Chain Support Strategy
Planning How to Create Supply Relationships
How to Identify Competent External Suppliers
Relationship Management
Maintaining Situational Awareness
Overview
Situational Awareness Plan
Situational Awareness Process
Cybersecurity Service Level Agreement
Overview
Purpose
Attributes
General Parts of SLA
SLA Service Performance
SLA Constraints & Service Management
SLAs Dos & Don’ts