Crash Course IT and Information SecurityCrash Course IT and Information Security

Crash Course IT and Information Security

Today's Threats and Measures

Instructor: Steffen Gundel 

Duration: 2 days 

The training deals with theoretical and practical principles of IT and information security based on a presentation, discussion and examples drawn from practical experience. The trainer has been working as a consultant for more than 20 years and can thus bring considerable and current practical experience to the training.

After a brief introduction, terms and principles of IT and information security will be explained in detail, and basic relationships will be outlined. Particularly, the trainer will elaborate on the following topics:

  • Differentiation between IT and information security
  • Clarification of basic concepts, like asset, vulnerability, threat, measure, risk, risk management and information security management system (ISMS)
  • Basic values of IT and information security
  • Differentiation between safety and security
  • Differentiation between data protection and data security

Following this, the participants gain an insight into today's most important potential threats and attacking techniques based on selected examples. After providing an overview of the different threat categories, the instructor will elaborate on the field of deliberate acts:

  • Procedure for intruding into IT systems and applications
  • Cyber kill chain
  • Social engineering
  • Types and functioning of malware
  • Targeted attacks/advanced persistent threats (APTs)
  • Distributed denial of service (DDoS)
  • Leakage of sensitive information
  • Insider Attacks

From the afternoon of the first day until the early afternoon of the second day, a detailed overview of the entire spectrum of measures that are available today in the context of IT and information security will be provided. Among others, the following areas are considered in detail:

  • Protection strategies and objectives
  • Zero Trust
  • Organizational measures/policies
  • Information classification
  • Cyber Threat Intelligence
  • Security of smartphones in enterprises
  • Secure handling of privileged IT access
  • System hardening
  • Authentication and authorization
  • Encryption/public key infrastructure (PKI)
  • Protection against modern malware
  • Vulnerability and patch management
  • Firewalls and DMZs
  • Microsegmentation
  • Local Network access control
  • Secure cloud usage
  • IDS/IPS
  • SIEM
  • Detection through Behavior Analysis
  • Protection against DDoS Attacks
  • Protection against Targeted Attacks (APTs)
  • Secure Development
  • Security Assessments

To conclude the second training day, the instructor will focus in more detail on the field of information security and risk management including the BSI IT baseline protection methodology. The topics include:

  • PDCA cycle
  • Standards for information security and risk management
  • Legal and regulatory conditions (e.g. IT Security Act)
  • Risk management according to ISO 27005
  • Policy management
  • Security incident management
  • Measurements and key figures
  • Function, use and limits of GRC tools
  • Roles in an information security organization
  • Use of the BSI IT baseline protection methodology
  • Differentiation between ISO 27001 and IT baseline protection

After completing the training, the participants are able to put the terms and concepts in IT and information security into the right context. Moreover, they can assess the threat situation for their company and derive appropriate measures.

Target group: Beginners or lateral entrants in the IT and information security field and managers who would like to get a rough overview of threats and measures, and of the management of IT and information security.

Requirement: Basic knowledge of IT

Price: € 1,995

This training will be held in German.

Early booking discount: 
If you register 8 weeks prior to the start of the training, you will receive an early booking discount of 5 %.

You will receive CPE points for participating in the training. In total, the training takes 13 hours. 

You will get a certificate after having completed the training.

Date:
June 5 - June 6, 2024 online
September 25 -26, 2024 in Ludwigsburg
December 3 -4, 2024 in Colgne

The training course will take place in fine, specially selected hotels:

We will gladly reserve a room for you at a special rate in the hotel where the training course takes place.

We may also gladly offer you the course in form of an in-house training.

Online registration

Your trainers

Steffen Gundel