Today's Threats and Measures
Instructor: Steffen Gundel
Duration: 2 days
The training deals with theoretical and practical principles of IT and information security based on a presentation, discussion and examples drawn from practical experience. The trainer has been working as a consultant for more than 20 years and can thus bring considerable and current practical experience to the training.
After a brief introduction, terms and principles of IT and information security will be explained in detail, and basic relationships will be outlined. Particularly, the trainer will elaborate on the following topics:
- Differentiation between IT and information security
- Clarification of basic concepts, like asset, vulnerability, threat, measure, risk, risk management and information security management system (ISMS)
- Basic values of IT and information security
- Differentiation between safety and security
- Differentiation between data protection and data security
Following this, the participants gain an insight into today's most important potential threats and attacking techniques based on selected examples. After providing an overview of the different threat categories, the instructor will elaborate on the field of deliberate acts:
- Procedure for intruding into IT systems and applications
- Cyber kill chain
- Social engineering
- Types and functioning of malware
- Targeted attacks/advanced persistent threats (APTs)
- Distributed denial of service (DDoS)
- Leakage of sensitive information
- Insider Attacks
From the afternoon of the first day until the early afternoon of the second day, a detailed overview of the entire spectrum of measures that are available today in the context of IT and information security will be provided. Among others, the following areas are considered in detail:
- Protection strategies and objectives
- Organizational measures/policies
- Information classification
- Cyber Threat Intelligence
- Security of smartphones in enterprises
- Secure handling of privileged IT access
- System hardening
- Authentication and authorization
- Encryption/public key infrastructure (PKI)
- Protection against modern malware
- Vulnerability and patch management
- Firewalls and DMZs
- Network access control
- Secure cloud usage
- Detection through Behavior Analysis
- Protection against DDoS Attacks
- Protection against Targeted Attacks (APTs)
- Secure Development
- Security Assessments
To conclude the second training day, the instructor will focus in more detail on the field of information security and risk management including the BSI IT baseline protection methodology. The topics include:
- PDCA cycle
- Standards for information security and risk management
- Legal and regulatory conditions (e.g. IT Security Act)
- Risk management according to ISO 27005
- Policy management
- Security incident management
- Measurements and key figures
- Function, use and limits of GRC tools
- Roles in an information security organization
- Use of the BSI IT baseline protection methodology
- Differentiation between ISO 27001 and IT baseline protection
After completing the training, the participants are able to put the terms and concepts in IT and information security into the right context. Moreover, they can assess the threat situation for their company and derive appropriate measures.
Target group: Beginners or lateral entrants in the IT and information security field and managers who would like to get a rough overview of threats and measures, and of the management of IT and information security.
Requirement: Basic knowledge of IT
Price: € 1,995
Early booking discount:
If you register 8 weeks prior to the start of the training, you will receive an early booking discount of 5 %.
You will receive CPE points for participating in the training. In total, the training takes 12 hours.
You will get a certificate after having completed the training.
November 5 - November 6, 2019 Munich
The trainings will take place in fine, selected hotels.
Ludwigsburg: nestor Hotel Ludwigsburg
Munich: Steigenberger Hotel München
We will gladly reserve a room for you at a special rate in the hotel where the training course takes place.
We may also gladly offer you the course in form of an in-house training.