Pave the way for protection and discover the concept of cyber security

The more you and your company use the internet, the more you need to be aware of the risks involved. Every day, new cyber security incidents endanger the commercial viability and profitability of enterprises of all sizes and the effectiveness of public sector organizations.

The first step towards protection is knowing what you’re dealing with. Discover in 1 day the main concepts of ICT security:

  • What risks exist?
  • How can an IT network be protected?
  • What is a firewall, VPN, IDS, https?

We even illustrate some concepts with essential security awareness demos.

Target audience

This course is recommended for any professional who desires to understand the basics of “IT Security”.  We make our participants aware of the developments, challenges and needs related to security.

Basic user IT and Internet experience is recommended, no other explicit knowledge is required.

Programme

1. About the web, threats and risks

  • The web a risky place
    • An IP based transport network
    • The cloud: (mobile) applications are more and more cloud-based
    • We consult, exchange and share information on a daily basis, a never ending source of information
    • Or a digital jungle: "The web" means easy access, easy to use and to abuse
  • Threats and risks
    • Information theft: espionage, altering, damage to and the destruction of information, identity theft, ...
    • Spoofing
    • Social Engineering
    • Phishing, hoax, chain mails, spam
    • Web banking fraud
    • Virus, Worm, Trojans, Ransomware
    • Replay Attack, Man in the Middle Attack
    • Service degradation and Denial of Service (DoS)

2. We need to take counter-measures

  • Goals: confidentiality, availability, integrity (CIA)
  • Who's responsible
    • Who do you think is responsible for security e.g. in your enterprise, roles and responsibilities
  • What can we do:
    • Complete seal off, or be proactive
    • Security foundation
    • The need of security policies
    • User awareness
    • Apply layered security
  • Make a risk analysis
    • What are your assets, what to protect?
    • Prioritise, then action on each item, one by one /
    • Implement and control
  • Ways to protect
    • Securing by prevention, controlling by detection
    • Protecting where and what
    • Protecting the network or perimeter security
    • Protecting your resources (data, systems, ...)
    • Protecting the end points
    • Password protection, ant malware, personal firewall, user privileges

3. How to achieve ICT security?

  •  Information Security
    • Information and data classification
    • Different levels
    • Data Access control
    • By defining profiles
    • By non-disclosure agreements
  • Encryption simply explained
    • Cryptographic system: a start
    • A common secret key (symmetric algorithms)
    • A personal key (asymmetric algorithms)
    • Hashing
    • What is a "digital signature" and where are they stored? What is the value of an electronic signature? What is PKI (Public Key Infrastructure)?
  • The tools to enforce security in your network:
    • Physical security, protect your assets
    • What is authentication, identity management, identity-based security?
    • Password security: biometrics, tokens, One Time Passoword (OTP)
    • Virus protection and anti-malware protection
    • Install a network gateway: firewalls and next- generation firewalls
    • Use a Virtual Private Network (VPN) for teleworking and interconnecting sites with IPsec, SSL or TLS
    • Detect when under attack: IDS, IPS, honeypot, technology and sanboxing
    • Can we secure our business applications Application security?
    • Is data leaking? Data Leak Prevention (DLP)
    • Bring Your Own Device - (BYOD) MDM
  • A bit more in practice, some examples:
    • Secure web access essentials
    • Wireless security essentials
    • Secure transactions for home banking and more

4. Engaging Security

  • In the Enterprise
    • Who's job is it?
    • Policies, Security standards and guidelines
    • ISO 27001 Information Security Management
    • ISO 17799 Business Continuity Planning
    • Key policies that every organisation needs
    • What is security auditing and pen testing?
  • At Home: some simple guidelines
  • Some Legal issues:
    • Privacy when publishing on the net
      • Copyright
      • Portrait right
    • Cybercrime = crime
      • In Belgium the FCCU

Trainer(s)

d_03761

Stijn Huyghe

Stijn Huyghe is operational with Proximus since 2001 and is a seasoned cyber security trainer providing and developing courses such as “Linux administration”, “Cyber Security Explored”, “Hacking Explained and Intrusion Detection (HEXID)” and others. He is able to translate technical knowledge into easy-to-understand explanations and demo’s towards a diverse audience. Besides that, he has fun maintaining some parts of the Proximus infrastructure and develops demo’s in the HEXID cyber range for internal and external customers.

Practical information

Price: 787 EUR (excl VAT)

Kluwer trainings qualify for several grants. A practical instrument enabling you to pay only part of the registration fee

  • Training subsidised by kmo-portefeuille. Read more information.

In-company: If you have a number of people in your company who need this type of training, Kluwer will be happy to develop an in-house training course for you, customised to suit your particular situation. Our experienced trainers will tailor the course to fulfill the needs and abilities of your staff. Request your in company training.

Partners

Enroll