Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

4

Share

Download to read offline

Trustwave Cybersecurity Education Catalog

Download to read offline

Use this catalog to browse Trustwave’s security education offerings, including security awareness training for all staff and secure software development courses for technical staff. If you have questions please contact us.

Related Books

Free with a 30 day trial from Scribd

See all

Trustwave Cybersecurity Education Catalog

  1. 1. Cybersecurity Education Catalog
  2. 2. CYBERSECURITY EDUCATION CATALOG Introduction The human factor – what employees do or don’t do – is the biggest threat to an organization’s information security, yet it’s often the most overlooked. Whether they are processing credit cards, handling clients’ personal information, or developing software solutions for your business, your employees are ripe targets for information thieves seeking access to your sensitive data, unless you help them learn how to protect against and respond to security incidents. It’s vital to your business to provide security education to your employees and partners. Trustwave offers two key types of security education: • Security Awareness Education for all staff • Secure Developer Training for technical staff Use this catalog to browse these security education offerings. If you have questions, reach out to your Trustwave account manager or use the Contact Us section of the Trustwave website at www.trustwave.com.
  3. 3. Table of Contents Security Awareness Education (SAE)________________________________2 • SAE Lessons_____________________________________________________3 • Banking Security__________________________________________________6 • Security Awareness Course Builder ________________________________7 • Role-Based Security Awareness Education Courses_______________ 8 • SAE Posters_____________________________________________________10 Secure Development Training (SDT)________________________________11 • SDT Lessons____________________________________________________12 • Secure Development Bundles_____________________________________19
  4. 4. CYBERSECURITY EDUCATION CATALOG 2 SecurityAwareness Education Every Trustwave Security Awareness Education (SAE) program is customized for you, the client. Your options include how your online security education courses will be set up and which additional print-based materials you would like to order to reinforce your program year-round. This section is designed to guide you through the program and help you choose the options that are right for you and your organization. SAE Lessons Use the SAE Lessons list to browse our library of security awareness lessons. Categorized by areas of interest, each lesson’s catalog code, topic, and objectives are listed to help you decide which topics are most appropriate for your target audience(s). Most lessons are available in English, Spanish, Portuguese and French and can be localized in to additional languages. The portal is English by default and may be configured in Spanish, French and Portuguese as well as many other languages. You may also view our lessons in the Trustwave Cybersecurity Education portal. Contact your Trustwave account manager if you would like to receive a free trial. Security Awareness Course Builder The Security Awareness Course Builder page lists the lessons included in each course offering, tailored for common organizational roles requiring security awareness training. If these lesson combinations don’t fit your organization’s needs, or if you’d like to include additional materials such as quizzes or your organization’s own information security policies, use the table at the bottom of the Security Awareness Course Builder page to identify the course content you would like us to build. SAE Posters Often, organizations administer formal security awareness training only once per year. Including SAE posters in your office environment helps keep employees aware of their security responsibilities year-round.
  5. 5. 3 SAE Lessons Each course in your Security Awareness Education program may be comprised of one or more of the following lessons. Use this guide to identify the lessons you would like to include in each course. If you have any questions, or if you would like to receive a free trial, contact your Trustwave account manager. Compliance Lessons These lessons cover the basic principles of various compliance standards mandating training and other information security measures. # Lesson Name Lesson Objectives Supporting Objectives COM-01 PCI Overview Recognize how the Payment Card Industry (PCI) Data Security Standard (DSS) protects cardholder data. • Recognize the key PCI stakeholders, and common merchant acceptance channels and classifications. • Recognize high-level compliance requirements. • Describe the PCI regulatory environment and recognize high level compliance requirements. COM-02 HIPAA Overview Recognize how the U.S. Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH) laws protect the privacy and security of protected health information (PHI). • Recognize key HIPAA and HITECH stakeholders. • Recognize the purpose and scope of HIPAA privacy and security rules. • Recognize high-level compliance requirements. COM-03 PCI for Retail Managers Recognize how the PCI DSS affects managers and their role in enacting PCI compliance strategies. • Recognize credit card features and security elements. • Recognize indicators of credit card fraud or tampering. • Understand how to respond in the case of suspicious or fraudulent payment activity. COM-04 PCI Essentials (abbreviated version of PCI Overview) Recognize how PCI self-regulates to protect cardholder data. • Recognize the cycle of a credit card transaction. • Recognize high-level compliance requirements. Core Concepts These lessons cover basic security awareness concepts that all employees should understand. # Lesson Name Lesson Objectives Supporting Objectives COR-01 Introduction to Security Awareness Demonstrate basic knowledge of security awareness. • Understand the definition of security awareness. • Recognize the importance of protecting information. COR-02 Social Engineering Recognize how common social engineering tactics threaten information security. • Define social engineering, recognize who is at risk of becoming a victim and list the types of information targeted by social engineers. • Understand the definition of security awareness, recognize the most common channels for social engineering, and recognize popular social engineering ploys. • List best practices to avoid becoming a victim of social engineering.
  6. 6. CYBERSECURITY EDUCATION CATALOG 4 SecurityAwareness Topics These lessons cover best practices for common types of tools and activities on the job. Include all those that apply to your employees’ work activities. # Lesson Name Lesson Objectives Supporting Objectives SAT-01 Physical Security Define physical security, recognize common threats and list best practices. • Recognize the importance of physical security and list the information at risk. • Recognize common attacks on physical security. • Recognize physical security vulnerabilities and best practices for securing your workplace. SAT-02 PC Security Define PC security, recognize common threats and list best practices. • Recognize the risks of leaving your computer unprotected. • List and describe common PC attacks, vulnerabilities, and user mistakes that put your information and systems at risk. • List and describe critical PC security measures and best practices. SAT-03 Email Security Define email security, recognize common threats and list best practices. • Recognize the risk to information security if secure email practices are not in place. • Recognize the most common email scams and the measures you can take to avoid becoming a victim. • List best practices for using email securely. SAT-04 Password Security Define password security, recognize common threats and list best practices. • Recognize the importance of keeping passwords protected. • List the ways password protection may be used to keep information secure. • List basic rules for building a strong password and recognize best practices for effective password use. SAT-05 Web Browsing Security Define web browsing security, recognize common threats and list best practices. • Recognize the risks of visiting unknown and unsecure websites. • List the most common web security threats and recognize how you may put your organization’s information at risk. • List and describe best practices for browsing the web securely. SAT-06 Mobile Device Security Define mobile device security, recognize common threats and list best practices. • Recognize the risks of leaving your device unprotected. • Recognize common mobile device attacks and user mistakes that put information at risk. • List and describe common mobile device security measures. Best Practices forJob Roles These lessons target specific job roles within an organization. Each course you create should contain one of these JRT (Job Role Training) lessons, depending on your role and industry. # Lesson Name Lesson Objectives Supporting Objectives JRT-01 Secure Practices for Retail Associates Recognize the security awareness responsibilities of retail associates and the laws, regulations, methods and best practices that help keep information secure in the retail environment. • Recognize the information security responsibilities of retail associates that impact the retail environment. • List and describe information security responsibilities and best practices of retail associates. JRT-02 Secure Practices for Retail Managers Recognize the security awareness responsibilities of retail managers and the laws, regulations, methods and best practices that help keep information secure in the retail environment. • Recognize the security responsibilities of retail managers or owners that impact the retail environment. • List and describe information security responsibilities and best practices of retail managers.
  7. 7. 5 # Lesson Name Lesson Objectives Supporting Objectives JRT-03 Secure Practices for Call Center Employees Recognize the security awareness responsibilities of call center employees and the laws, regulations, methods and best practices that help to keep information secure. • Recognize the information security laws and regulations that impact the call center environment. • Recognize the responsibility of call center employees to protect the information they work with each day. • List and describe the information security responsibilities and best practices of call center employees. JRT-04 Secure Practices for Call Center Managers Recognize the security awareness responsibilities of call center managers and the laws, regulations, methods and best practices that help keep information secure in the call center. • Recognize the information security responsibilities of call center managers and the related laws and regulations that impact the call center environment. • List and describe information security responsibilities and best practices of call center managers. JRT-05 Secure Practices for Office Employees Recognize the security awareness responsibilities of office employees and the laws, regulations, methods and best practices that help keep information secure. • Recognize the security responsibilities of enterprise employees and the information security laws and regulations that impact the enterprise environment. • List and describe information security responsibilities and best practices of office employees. JRT-06 Secure Practices for IT and Engineering Staff Recognize the security awareness responsibilities of IT and engineering staff and the laws, regulations, methods and best practices that help keep information secure. • Recognize the information security-related laws and regulations that impact the IT and application development environment and the responsibilities of personnel to protect the information they work with each day. • List and describe the information security responsibilities of IT and engineering staff. • List best practices for IT and engineering staff to help keep information secure. Advanced SecurityTopics These lessons cover a wide range of advanced topics for managers and technical personnel. # Lesson Name Lesson Objectives Supporting Objectives ADV-01 PCI Forensic Investigations Recognize how the PCI forensic investigation process works and identify how a breach is discovered, investigated and remediated. • Identify common ways breaches are discovered and the high level steps employees should take if a breach is discovered. • Learn about the Trustwave PCI forensic investigation process and a breached organization’s responsibility to report and remediate security deficiencies. • Recognize common security threats and the importance of continuous compliance to protect against them. ADV-02 Exploring Security Trends Recognize key findings of Trustwave’s annual Global Security Report and list ways to improve security this year based on last year’s trends. • Recognize the purpose and contents of Trustwave’s Global Security Report. • Recognize key findings of the current Global Security Report. • List security best practices that help organizations avoid the security pitfalls of last year.
  8. 8. CYBERSECURITY EDUCATION CATALOG 6 Banking Security Online banking has soared in popularity, not only for businesses but for consumers who depend on banks for their everyday financial needs. While you are taking steps to protect their customers from identity theft and financial crimes, customers themselves must also implement security best practices when accessing online banking on their personal or business computers. Providing resources to customers to educate them about best practices for securing their information online demonstrates your commitment to securing your customers’ information, improves security for you and your customers and helps satisfy Federal Financial Institutions Examination Council (FFIEC) requirements for customer education. Banking Security These lessons target the specific security awareness needs of bank customers who use online accounts to manage their finances. # Lesson Name Lesson Objectives Supporting Objectives BAN-01 Online Banking Security Recognize the risks and threats that come with online banking, as well as the technology and security best practices available to help combat such threats. • Recognize ways information is stolen from online accounts. • Recognize the monetary risk of security incidents and the top attack targets used by criminals. • Learn how banks and their customers work together to protect valuable information. BAN-02 Protecting Online Accounts for Businesses Recognize a business’s role in helping to secure its own online systems and accounts, and identify the security best practices businesses can follow to do so. • Recognize a business’s role in keeping their sensitive information secure online. • List best practices for businesses to use to protect their sensitive information. BAN-03 Protecting Online Accounts for Consumers Recognize the individual’s role in helping to secure their own online accounts, and identify the security best practices individuals can follow to do so. • Recognize an individual consumer’s role in keeping their sensitive information secure online. • List best practices consumers can use to protect their sensitive information.
  9. 9. 7 Security Awareness Course Builder The first table below indicates the lessons included in our basic SAE courses. These lessons are targeted to common roles that fit most organizations. Also shown below is the recommended Job Role Training (JRT) lesson for each role. If you prefer to create a custom course, use the Create Your Own table to indicate what lessons you would like to include in which courses. Security Awareness for Retail Associates ● ● ● Security Awareness for Retail Managers ● ● ● ● ● ● ● ● ● Security Awareness for Call Center Employees ● ● ● ● ● ● ● ● Security Awareness for Call Center Managers ● ● ● ● ● ● ● ● Security Awareness for Office Employees ● ● ● ● ● ● ● ● ● Security Awareness for IT and Engineering Staff ● ● ● ● ● ● ● ● ● Security Awareness for Health Care Staff ● ● ● ● ● ● ● ● Security Awareness for PCI Compliance ● ● Security Awareness for PCI Compliance and Risk Reduction ● ● ● ● ● ● ● ● ● ● Create your Own Use this section to mix and match lessons to build up to five courses of your own. Just print this sheet and fill in the necessary information, which you can then share with your Trustwave account manager. COM-01 COM-02 COM-03 COM-04 COR-01 SAT-01 SAT-02 SAT-03 SAT-04 SAT-05 SAT-06 BAN-01 BAN-02 BAN-03 JRT-01 JRT-02 JRT-03 JRT-04 JRT-05 JRT-06 ADV-01 ADV-02 Quiz PolicyDocument COR-02
  10. 10. CYBERSECURITY EDUCATION CATALOG 8 Role-Based Security Awareness Education Courses We designed these courses to fit common job roles. Each is available for you to assign to your employees using the Learning Assignment Tool in the Cybersecurity Education portal. If you prefer to assign your own custom sets of lessons, please contact us at CybersecurityEducationSupport@trustwave.com. Security Awareness for Office Employees (2 hours) This course is designed for general office staff and employees who have access to sensitive information. • COR-01 Introduction to Security Awareness (15 minutes) • COR-02 Social Engineering (20 minutes) • SAT-01 Physical Security (20 minutes) • SAT-02 PC Security (10 minutes) • SAT-03 Email Security (10 minutes) • SAT-04 Password Security (10 minutes) • SAT-05 Web Browsing Security (10 minutes) • SAT-06 Mobile Device Security (10 minutes) • JRT-05 Secure Practices for Office Employes (15 minutes) Security Awareness for Retail Associates (50 minutes) This course is designed for employees who process credit card transactions in person. • COR-01 Introduction to Security Awareness (15 minutes) • COR-02 Social Engineering (20 minutes) • JRT-01 Secure Practices for Retail Associates Security Awareness for Retail Managers (2 hours 5 minutes) This course is designed for managers of retail point of sale environments. • COM-03 PCI for Retail Managers (15 minutes) • COR-01 Introduction to Security Awareness (15 minutes) • COR-02 Social Engineering (20 minutes) • SAT-01 Physical Security (20 minutes) • SAT-02 PC Security (10 minutes) • SAT-03 Email Security (10 minutes) • SAT-04 Password Security (10 minutes) • SAT-05 Web Browsing Security (10 minutes) • JRT-02 Secure Practices for Retail Managers (15 minutes) Security Awareness for Call Center Employees (1 hour 50 minutes) This course is designed for employees who process card-not-present transactions. • COR-01 Introduction to Security Awareness (15 minutes) • COR-02 Social Engineering (20 minutes) • SAT-01 Physical Security (20 minutes) • SAT-02 PC Security (10 minutes) • SAT-03 Email Security (10 minutes) • SAT-04 Password Security (10 minutes) • SAT-05 Web Browsing Security (10 minutes) • JRT-03 Secure Practices for Call Center Employees (15 minutes) Security Awareness for Call Center Managers (1 hour 50 minutes) This course is designed for managers of card-not- present environments. • COR-01 Introduction to Security Awareness (15 minutes) • COR-02 Social Engineering (20 minutes) • SAT-01 Physical Security (20 minutes) • SAT-02 PC Security (10 minutes) • SAT-03 Email Security (10 minutes) • SAT-04 Password Security (10 minutes) • SAT-05 Web Browsing Security (10 minutes) • JRT-04 Secure Practices for Call Center Managers (15 minutes) Security Awareness for IT and Engineering Staff (2 hours) This course is designed for employees who handle systems carrying sensitive data. • COR-01 Introduction to Security Awareness (15 minutes) • COR-02 Social Engineering (20 minutes) • SAT-01 Physical Security (20 minutes) • SAT-02 PC Security (10 minutes) • SAT-03 Email Security (10 minutes) • SAT-04 Password Security (10 minutes) • SAT-05 Web Browsing Security (10 minutes) • SAT-06 Mobile Device Security (10 minutes) • JRT-06 Secure Practices for IT and Engineering Staff (15 minutes)
  11. 11. 9 Security Awareness for PCI Compliance (25 minutes) This course is designed for employees who need to meet PCI-DSS training requirements but have minimal time available for training. • COM-04 PCI Essentials (10 minutes) • COR-01 Introduction to Security Awareness (15 minutes) Security Awareness for PCI Compliance and Risk Reduction (2 hours 15 minutes) This comprehensive course is designed for employees who need to meet PCI-DSS security awareness training requirements and learn how to reduce risk of data exposure. • COM-01 PCI Overview (15 minutes) • COR-01 Introduction to Security Awareness (15 minutes) • COR-02 Social Engineering (20 minutes) • SAT-01 Physical Security (20 minutes) • SAT-02 PC Security (10 minutes) • SAT-03 Email Security (10 minutes) • SAT-04 Password Security (10 minutes) • SAT-05 Web Browsing Security (10 minutes) • SAT-06 Mobile Device Security (10 minutes) • JRT-05 Secure Practices for Office Employees (15 minutes) Security Awareness for Health Care Staff (1 hour 50 minutes) This course is designed for employees who need to meet HIPAA security awareness training requirements and learn how to reduce risk of data exposure. • COM-02 HIPAA Overview (15 minutes) • COR-01 Introduction to Security Awareness (15 minutes) • COR-02 Social Engineering (20 minutes) • SAT-01 Physical Security (20 minutes) • SAT-02 PC Security (10 minutes) • SAT-03 Email Security (10 minutes) • SAT-04 Password Security (10 minutes) • SAT-05 Web Browsing Security (10 minutes)
  12. 12. SECURITY AWARENESS, TRAINING AND EDUCATION CATALOG 10 SAE Posters Augment your security awareness program with posters specific to your target audience. Posters are only available in English, and they are in PDF format. Posters are available for download in the Cybersecurity Education portal and are included with client-hosted content packages.
  13. 13. 11 Secure Development Training (SDT) Trustwave offers a suite of web-based technical lessons that introduce your solution development staff to theory and best practices around planning and writing secure code. You can choose to enroll employees in just one of the lessons that is most relevant to them, or give them access to an SDT lesson bundle. No matter what option you select, this section will help you decide which lessons are right for your staff. Secure Development Lessons Use the SDT Lessons list to browse our library of SDT lessons. Categorized by the stages of the Software Development Life Cycle (SDLC), each lesson’s catalog code, topic, and prerequisites (if any) are listed here to help you decide which topics are most appropriate for your target audience(s). All lessons are available in English and content translation is available. The portal is English by default and may be configured in Spanish, French and Portuguese as well as many other languages. Secure Development Bundles The Secure Development Bundles page shown on page 19 in this document defines the lesson bundles available to customers using SDT. You can use the Secure Development Bundles page to note which courses (consisting of various lessons) you would like to offer to your staff.
  14. 14. CYBERSECURITY EDUCATION CATALOG SecurityAwareness and Process These lessons cover topics related to fundamental security awareness concepts as they relate to software development. # Lesson Name Lesson Objectives Time Suggested Prerequisites AWA 101 Fundamentals of Application Security • Learn about the main drivers for application security, fundamental concepts of application security risk management, the anatomy of an application attack, some common attacks, and the concept of input validation as a primary risk mitigation technique. • Learn key security principles and best practices for developing secure applications. 1 hour Understanding of the Software Development Life Cycle (SDLC) and technologies; basic understanding of software security. Security Engineering These lessons cover topics related to the employment of security awareness strategies as a Software Engineer. # Lesson Name Lesson Objectives Time Suggested Prerequisites ENG 211 How to Create Application Security Design Requirements • Understand, create, and articulate security requirements. • Understand the security engineering process. • Recognize key security engineering activities to integrate into the SDLC. • Understand software security objectives and apply security design guidelines. 1 hour • Fundamentals of Application Security (AWA 101) ENG 301 How to Create an Application Security Threat Model • Learn to identify the goals of threat modeling and the corresponding Software Development Life Cycle (SDLC) requirements. • Identify the roles and responsibilities involved in the threat modeling process. • Recognize when and what to threat model. • Identify the tools that help with threat modeling. • Learn to use the threat modeling process to accurately identify, mitigate, and validate threats. 90 minutes None ENG 311 Attack Surface Analysis and Reduction • Understand the goals and methodologies of attackers. • Identify attack vectors. • Learn how to minimize the attack surface of an application. • Learn how to define the attack surface of an application. • Learn how to reduce the risk to an application by minimizing its attack surfaces. 1 hour • Fundamentals of Secure Development (COD 101) • Architecture Risk Analysis and Remediation (DES 212) ENG 312 How to Perform a Security Code Review • Learn how to best organize a code review. • Learn how to prioritize code segments to review. • Learn best practices for reviewing source code and maximizing security resources. 1 hour • Fundamentals of Secure Development (COD 101) • Architecture Risk Analysis and Remediation (DES 212) ENG 352 How to Create an Automotive Systems Threat Model • Learn about threat modeling in the context of developing automotive systems. • Understand the step-by-step instructions for performing threat modeling that is aligned with the approach proposed in the NHTSA (National Highway Traffic Safety Administration) document entitled “Characterization of Potential Security Threats in Modern Automobiles”. Some supplementary data in this course is taken from that document. • Upon completion of this course, you will be able to perform threat modeling; use threat modeling to identify vulnerabilities; and integrate threat modeling with other security and development activities. 90 minutes None ENG 391 IoT Embedded Systems Security - How to Create an Application Security Threat Model • Learn additional information about creating an Application Security threat model. • Learn how to map content to specific compliance and regulatory requirements. • Learn about key reference resources that support the topics covered in the module. • Assess mastery of key concepts. 30 minutes How to Create an Application Security Threat Model (ENG 301) SDT Lessons
  15. 15. # Lesson Name Lesson Objectives Time Suggested Prerequisites ENG 392 IoT Embedded Systems Security - Attack Surface Analysis and Reduction • Learn additional information about Attack Surface Analysis and Reduction (particularly important to embedded software engineers). • Learn about key reference resources that support topics covered in this module. • Assess mastery of key concepts. 30 minutes Attack Surface Analysis and Reduction (ENG 311) ENG 393 IoT Embedded Systems Security - How to Perform a Security Code Review • Learn additional information about code (particularly important to embedded software engineers). • Learn how to map content to specific compliance and regulatory requirements. • Learn about key reference resources that support the topics covered in the module. • Assess mastery of key concepts. 30 minutes How to Perform a Security Code Review (ENG 312) Secure Design These lessons cover topics related to secure software architecture and design, to help plan security into applications before any code is written. # Lesson Name Lesson Objectives Time Suggested Prerequisites DES 101 Fundamentals of Secure Architecture • Examine the state of the industry from a security perspective. • Learn about the biggest security disasters in software design. • Understand that confidentiality, integrity, and availability are the three main tenets of information security. • Learn how to avoid repeating past information security mistakes. 1 hour • Fundamentals of Application Security (AWA 101) • How to Create Application Security Design Requirements (ENG 211) DES 201 Fundamentals of Cryptography • Learn the basic concepts of cryptography and common ways that it is applied, from the perspective of application development. • Learn the importance of randomness; the roles of encoding, encryption, and hashing; the concepts of symmetric and asymmetric encryption; the purpose of cryptographic keys; and the roles of message authentication codes (MACs) and digital signatures. • Learn about complexity of cryptography. 2 hours • Fundamentals of Application Security (AWA 101) • Fundamentals of Secure Development (COD 101) • OWASP Top Ten Threats and Mitigations (DES 221) DES 212 Architecture Risk Analysis and Remediation • Learn concepts, methods, and techniques for analyzing the architecture and design of a software system for security flaws. 1 hour Fundamentals of Application Security (AWA 101) DES 213 Introduction to Security Tools and Technologies • Review the types of security tools. • Learn how to interpret, prioritize, and act on the tool output. • Learn strategies for selecting and deploying tools. 2 hours Fundamentals of Security Testing (TST 101) DES 221 OWASP Top 10 - Threats and Mitigations • Identify and mitigate the greatest threats that web application developers face. 2 hours None DES 292 IoT Embedded Systems Security - Architecture Risk Analysis Remediation • Learn additional information about Architecture Risk Analysis and Remediation training (of particular importance to embedded software engineers). • Assess mastery of key concepts. 30 minutes Architecture Risk Analysis Remediation (DES 212) DES 311 Creating Secure Application Architecture • Learn how to harden applications and make them more difficult for intruders to breach. • Learn about compartmentalization, centralized input, and data validation as methods to protect applications from malicious input. 2 hours • Fundamentals of Application Security (AWA 101) • Fundamentals of Security Testing (TST 101) DES 352 Creating Secure Over the Air (OTA) Automotive System Updates • Learn about secure design considerations for over-the-air (OTA) updates for automotive systems. • After completing this course, you will be able to identify the benefits and risks of OTA automotive system updates, understand the importance of public key cryptography to the security of these updates, and identify secure design considerations for development, delivery, and installation of OTA automotive system updates. 90 minutes • Fundamentals of Secure Mobile Development (COD 110) • IoT Embedded Systems Security - Fundamentals of Secure Embedded Software Development (COD 160)
  16. 16. CYBERSECURITY EDUCATION CATALOG # Lesson Name Lesson Objectives Time Suggested Prerequisites DES 391 IoT Embedded Systems Security - Creating Secure Application Architecture • Learn additional information about Creating Secure Application Architecture (of particular importance to embedded software engineers). • Assess mastery of key concepts. 30 minutes Creating Secure Application Architecture (DES 311) Secure Coding These lessons cover topics related to the implementation stage of the Software Development Life Cycle (when code is actually written). # Lesson Name Lesson Objectives Time Suggested Prerequisites COD 101 Fundamentals of Secure Development • Learn about the need for secure software development. • Learn about the models, standards, and guidelines you can use to understand security issues and improve the security posture of your applications. • Learn about key application security principles. • Learn how to integrate secure development practices into the SDLC. 80 minutes None COD 110 Fundamentals of Secure Mobile Development • Learn about common risks associated with mobile applications. • Learn mobile application development best practices. • Understand mobile development threats and risks. 2 hours None COD 141 Fundamentals of Secure Database Development • Understand database development best practices. 1 hour 50 minutes Fundamentals of Application Security (AWA 101) COD 153 Fundamentals of Secure AJAX Code • Learn about AJAX technology and its common vulnerabilities and attack vectors. • Identify the differences between regular and AJAX applications, common AJAX vulnerabilities that attackers tend to exploit, and major threats to AJAX applications. 35 minutes None COD 160 IoT Embedded Systems Security - Fundamentals of Secure Embedded Software Development • Learn about security issues inherent to embedded device architecture. • Learn about techniques to identify system security and performance requirements, develop appropriate security architecture, select the correct mitigations, and develop policies that can ensure the secure operation of your system. 90 minutes None COD 170 Identifying Threats to Mainframe COBOL Applications and Data • Learn about common security issues that affect the confidentiality, integrity, and availability of COBOL programs or mainframes. 20 minutes None COD 190 IoT Embedded Systems Security - Fundamentals of Secure Mobile Development • Learn additional information about Secure Mobile Development (of particular importance to embedded software engineers). • Assess mastery of key concepts. 30 minutes Fundamentals of Secure Mobile Development (COD 110) COD 211 Creating Secure Code – Java Foundations • Learn best practices and techniques for secure application development in Java. 2.5 hours • Fundamentals of Application Security (AWA 101) • Fundamentals of Secure Development (COD 101) • OWASP Top 10 - Threats and Mitigations (DES 221) COD 212 Creating Secure Code – C/C++ Foundations • Learn best practices and techniques for secure application development in C/C++. 2 hours • Fundamentals of Application Security (AWA 101) • Fundamentals of Secure Development (COD 101) • OWASP Top 10 - Threats and Mitigations (DES 221) 14
  17. 17. 15 # Lesson Name Lesson Objectives Time Suggested Prerequisites COD 215 Creating Secure Code – .NET Framework Foundations • Learn about .NET 4 security features. • Learn about changes in .NET 4. • Learn secure coding best practices. 2 hours Fundamentals of Secure Development (COD 101) COD 219 Creating Secure Code- SAP ABAP Foundations • Learn best practices and techniques for secure SAP application development using Java and ABAP. • Learn about basic application security principles, input validation in SAP applications, common application security vulnerabilities and mitigations, protecting data using encryption, and conducting security code analysis and code reviews. 90 minutes • Fundamentals of Secure Development (COD 101) • Fundamentals of Application Security (AWA 101) • OWASP Top 10 - Threats and Mitigations (DES 221) COD 222 PCI DSS v3.2 Best Practices for Developers • Learn about PCI DSS best practices and how to use them to address application security issues. 1 hour Fundamentals of Secure Architecture (DES 101) COD 251 Creating Secure AJAX Code - ASP.NET Foundations • Understand how to mitigate common vulnerabilities and protect against common attack vectors. • Identify threats to AJAX applications from cross-site scripting and other attacks. • Learn how to implement countermeasures against attacks. 35 minutes Fundamentals of Secure AJAX Code (COD 153) COD 252 Creating Secure AJAX Code – Java Foundations • Understand how to mitigate common vulnerabilities and protect against common attack vectors. • Identify threats to AJAX applications from cross-site scripting and other attacks. • Learn how to implement countermeasures against attacks. 35 minutes Fundamentals of Secure AJAX Code (COD 153) COD 253 Creating Secure Cloud Code – AWS Foundations • Learn about security vulnerabilities, threats, and mitigations for AWS cloud computing services. • Learn about Elastic Compute Cloud (EC2), Virtual Private Cloud (VPC), and four additional core AWS services: Identity and Access Management (IAM), DynamoDB Flat Database Service, Relational Database Service (RDS), and Simple Storage Service (S3). • Learn about ancillary AWS Services. • After completing this course, you will be able to identify the most common security threats to cloud development and best practices to protect against these threats. You will also be able to identify AWS security features and ways to integrate them into your AWS resources. 1 hour None COD 254 Creating Secure Cloud Code – Azure Foundations • Learn about the risks associated with creating and deploying applications on Microsoft’s Azure cloud platform. • Recognize core security considerations for Azure Virtual Machine (VM) security, authentication and access control, legacy .Net Framework applications, Azure web sites, and the Microsoft WebMatrix3 IDE. 90 minutes None COD 255 Creating Secure Code - Web API Foundations • Learn about common web services that may put your application at risk. • Learn best practices that you should incorporate to mitigate the risk from web services attacks. • Understand various web services threats and the cause and impact of web services attacks. • Learn how to implement secure development best practices to protect web services. 2 hours • Fundamentals of Application Security (AWA 101) • Fundamentals of Secure Development (COD 101) • OWASP Top 10 Threats and Mitigations (DES 221)
  18. 18. CYBERSECURITY EDUCATION CATALOG 16 # Lesson Name Lesson Objectives Time Suggested Prerequisites COD 256 Creating Secure Code - Ruby on Rails Foundations • Learn best practices and techniques for secure application development with Ruby on Rails. • Learn to identify and mitigate injection vulnerabilities, such as SQL injection and cross-site scripting. • Learn how to build strong session management into your Rails applications, and prevent other common vulnerabilities, such as cross-site request forgery and direct object access. 90 minutes Fundamentals of Application Security (AWA 101) COD 257 Creating Secure Python Web Applications • Learn about best practices and techniques for secure application development with Python. • Understand various types of injection vulnerabilities. • Understand how to build strong session management into your Python web application and how to prevent common vulnerabilities. • Recognize file system threats to web applications, including vulnerabilities with path traversal, temporary files, and insecure client redirects. 45 minutes None COD 292 IoT Embedded Systems Security - C/C++ Foundations • Learn additional information about C/C++ Foundations of particular importance to software engineers. • Assess your mastery of key concepts. 30 minutes Creating Secure Code - C/C++ Foundations (COD 212) COD 311 Creating Secure ASP .NET Code • Learn about ASP .NET and WEeb API code security issues that affect MVC and Web API applications. • Learn methods to protect your application from attacks against MVC’s model-binding behavior. • Learn methods to protect your application from cross-site scripting, cross-site request forgery, and malicious URL redirects. • Learn about the Web API pipeline and how to implement authentication and authorization in Web API applications. 2 hours • Fundamentals of Application Security (AWA 101) • Fundamentals of Secure Development (COD 101) • OWASP Top 10 – Threats and Mitigations (DES 221) • Creating Secure Code – .NET Framework Foundations (COD 215) COD 312 Creating Secure C/C++ Code • Learn techniques for securing your C/C++ applications. • Learn about secure memory management in C/C++, protecting and authenticating sensitive data with symmetric and public key cryptography, and secure communications with TLS. 2 hours • Fundamentals of Secure Development (COD 101) • Fundamentals of Application Security (AWA 101) • OWASP Top 10 – Threats and Mitigations (DES 221) • Creating Secure Code – C/C++ Foundations (COD 212) COD 313 Creating Secure Java Code • Identify and use the components of the Java security model. • Identify how to use JAAS to control user authentication and authorization in your Java application. • Learn how to implement cryptography to sign and verify Java jar files. 35 minutes • Fundamentals of Application Security (AWA 101) • Fundamentals of Secure Development (COD 101) • OWASP Top 10 – Threats and Mitigations (DES 221) • Creating Secure Code – Java Foundations (COD 211) COD 314 Creating Secure C# Code • Learn about common security vulnerabilities that can be mitigated by proper input validation, other common security vulnerabilities and their mitigations, secure error handling and logging, and secure communication. • Learn about the unique features of C# and the .NET framework that help protect against security vulnerabilities. 2 hours and 30 minutes • Fundamentals of Application Security (AWA 101) • Fundamentals of Secure Development (COD 101) • OWASP Top 10 – Threats and Mitigations (DES 221)
  19. 19. 17 # Lesson Name Lesson Objectives Time Suggested Prerequisites COD 315 Creating Secure PHP Code • Learn the security principles for building secure PHP applications. • Assess mastery of key concepts. 2 hours • Fundamentals of Application Security (AWA 101) • Fundamentals of Secure Development (COD 101) COD 317 Creating Secure iPhone Code in Objective-C • Recognize common iOS application vulnerabilities and learn secure coding best practices. • Recognize and mitigate threats such as malicious user input, threats to privacy and confidentiality, and more. 90 minutes None COD 318 Creating Secure Android Code in Java • Learn about common Android application vulnerabilities. • Learn secure coding best practices using Java and the Android SDK. • Identify and mitigate a variety of attacks. 90 minutes None COD 351 Creating Secure HTML5 Code • Learn about the development of secure HTML5 code. • Learn about common HTML5 application vulnerabilities and threats, and secure coding best-practices. • Upon completion of this class, participants will be able to identify ways in which the expanded attack surface introduced with HTML 5 might impact your web applications. Participants will also be able to identify new security features available with HTML5, as well as countermeasures and best practices to mitigate the application’s exposure to attack. 80 minutes None COD 352 Creating Secure jQuery Code • Learn about common client-side vulnerabilities and threats to jQuery applications, and techniques for mitigating these vulnerabilities and threats. • Learn about how to implement new HTML5 security features to secure JQuery applications, and best practices to secure local storage and implement transport layer security. • Be able to describe the threats that can impact your jQuery code and describe the countermeasures to address these threats. 90 minutes None COD 392 IoT Embedded Systems Security: Creating Secure C/C++ Code for Embedded Systems • Learn additional information on security topics that may be of particular importance to embedded software engineers. It includes mapping of content to specific compliance and regulatory requirements, links to key reference resources that support the topics covered in the module, and a “Knowledge Check” quiz that assesses mastery of key concepts. • This course module is a supplement to the Security Innovation course COD 812, “Creating Secure Code -- C/C++”. 30 minutes None COD 411 Integer Overflows - Attacks and Countermeasures • Learn security concepts, testing techniques, and best practices to develop robust applications that are secure against integer overflow vulnerabilities. 1 hour Basic understanding of the C, C++, and C# programming languages. COD 412 Buffer Overflows - Attacks and Countermeasures • Learn how to avoid and mitigate the risks posed by buffer overflows. • Learn about the protection provided by the Microsoft compiler and the Windows operating system. • Learn how to avoid buffer overflows during the design, development, and verification phases of the SDLC. 2 hours Basic knowledge of Windows programming and memory management in Windows.
  20. 20. CYBERSECURITY EDUCATION CATALOG 18 SecurityTesting These lessons cover topics related to the testing of software for security flaws and remediating defects before release. # Lesson Name Lesson Objectives Time Suggested Prerequisites TST 101 Fundamentals of Security Testing • Learn security testing concepts and processes. • Learn how to conduct effective security testing. • Identify common security issues during testing, to uncover security vulnerabilities. 2 hours • Fundamentals of Application Security (AWA 101) • How to Create Application Security Design Requirements (ENG 211) TST 191 IoT Embedded Systems Security - Fundamentals of Security Testing • Learn additional information about the Fundamentals of Security Testing training (of particular importance to embedded software engineers). • Assess mastery of key concepts. 30 minutes Fundamentals of Security Testing (TST 101) TST 201 Classes of Security Defects • Learn what is needed to create a robust defense against common security defects. • Learn how and why security defects are introduced into software. • Learn about common classes of attacks. • Learn about techniques and best practices to help identify, eliminate, and mitigate each class of security defects. 3 hours Fundamentals of Application Security (AWA 101) TST 211 How to Test for the OWASP Top 10 • Learn about the top ten OWASP flaws and how to perform testing to identify these flaws in web applications. 1 hour and 30 minutes Fundamentals of Security Testing (TST 101) TST 291 IoT Embedded Systems Security - Classes of Security Defects • Learn additional information about Security Defects Classes (of particular importance to embedded software engineers). • Assess mastery of key concepts. 30 minutes Classes of Security Defects (TST 201) TST 401 Advanced Software Security Testing - Tools and Techniques • Learn about testing for specific security weaknesses. • Learn about the top ten types of attacks and the tools to use to test for these attacks. • Learn how to test software applications for susceptibility to the top ten attacks. 2 hours • Fundamentals of Security Testing (TST 101) • Classes of Security Defects (TST 201) TST 411 Exploiting Buffer Overflows • Understand and mitigate buffer-overflow exploits. • Understand the challenges faced by exploit code and how different exploitation techniques overcome environmental limitations. 2 hours Creating Secure C/C++ Code (COD 312) TST 491 IoT Embedded Systems Security - Classes of Security Defects • Learn additional information about Software Security Testing (of particular importance to embedded software engineers). • Assess mastery of key concepts. 30 minutes Advanced Software Security Testing – Tools Techniques (TST 401)
  21. 21. 19 Secure Development Bundles Use this section to determine which bundles you want to provide for your staff. Descriptions of the lessons in each bundle can be found in the SDT Lessons List. Custom bundles, consisting of up to five lessons, can be set up upon request. Contact your Trustwave account manager if you would like to configure a custom bundle. Contact your Trustwave account manager if you would like to configure a custom course or add advanced training lessons. C/C++ Developer • AWA 101 Fundamentals of Application Security • COD 101 Fundamentals of Secure Development • COD 160 Fundamentals of Secure Embedded Development • DES 201 Fundamentals of Cryptography • COD 212 Creating Secure Code - C/C++ Foundations C/C++ Developer II • COD-312 Creating Secure C/C++ Code • ENG-301 How to Create an Application Security Threat Model • ENG-312 How to Perform a Security Code Review • COD-411 Integer Overflows - Attacks and Countermeasures • COD-412 Buffer Overflows - Attacks and Countermeasures Database Developer • AWA 101 Fundamentals of Application Security • COD 141 Fundamentals of Secure Database Development • DES 201 Fundamentals of Cryptography • ENG-301 How to Create an Application Security Threat Model • ENG-312 How to Perform a Security Code Review Java Developer • AWA 101 Fundamentals of Application Security • COD 101 Fundamentals of Secure Development • COD 211 Creating Secure Code - Java Foundations • COD 252 Creating Secure AJAX Code - Java Foundations • DES 221 OWASP Top 10 - Threats and Mitigations Java Developer II • COD-313 Creating Secure Java Code • COD-352 Creating Secure jQuery Code • ENG-301 How to Create an Application Security Threat Model • ENG-312 How to Perform a Security Code Review • COD-351 Creating Secure HTML5 Code Mobile Developer • AWA 101 Fundamentals of Application Security • COD 110 Fundamentals of Secure Mobile Development • COD 317 Creating Secure iPhone Code in Objective-C • COD 318 Creating Secure Android Code in Java • DES 221 OWASP Top 10 - Threats and Mitigations PCI Developer • AWA 101 Fundamentals of Application Security • COD 222 PCI DSS v 3.2 Best Practices for Developers • DES 221 OWASP Top 10 - Threats and Mitigations • ENG-301 How to Create an Application Security Threat Model • ENG 312 How to Perform a Security Code Review PHP Developer • AWA 101 Fundamentals of Application Security • COD 153 Fundamentals of Secure AJAX Code • COD 256 Creating Secure Code - Ruby on Rails Foundations • COD 257 Creating Secure Code - Python • DES 221 OWASP Top 10 - Threats and Mitigations Project Manager • AWA 101 Fundamentals of Application Security • COD 311 Creating Secure ASP .NET Code • DES 101 Fundamentals of Secure Architecture • ENG 211 How to Create Application Security Design Requirements Software Architect • AWA 101 Fundamentals of Application Security • DES 101 Fundamentals of Secure Architecture • DES 221 OWASP Top 10 - Threats and Mitigations • DES 212 Architecture Risk Analysis and Remediation • DES 213 Introduction to Security Tools and Technologies Test/QA (Embedded QA also available) • TST 101 Fundamentals of Application Security • TST 201 Classes of Security Defects • TST 211 How to Test for the OWASP Top 10 • ENG 312 How to Perform a Security Code Review • TST 401 Advanced Software Security Testing - Tools Techniques .NET Developer • AWA 101 Fundamentals of Application Security • COD 215 Creating Secure Code - .NET Framework Foundations • COD 251 Creating Secure AJAX Code - ASP .NET Foundations • COD 311 Creating Secure ASP .NET Code • DES 221 OWASP Top 10 - Threats and Mitigations
  22. 22. CYBERSECURITY EDUCATION CATALOG 20 Cloud Developer • AWA 101 Fundamentals of Application Security • DES 201 Fundamentals of Cryptography • COD 253 Creating Secure Cloud Code - AWS Foundations • COD 254 Creating Secure Cloud Code - Azure Foundations Embedded Developer • AWA 101 Fundamentals of Application Security • DES 201 Fundamentals of Cryptography • COD 160 Fundamentals of Secure Embedded Development • COD 212 Creating Secure Code - C/C++ Foundations • COD 292 Creating Secure Code - C/C++ Foundations for Embedded Systems Embedded Architect • DES 101 Fundamentals of Secure Architecture • COD 110 Fundamentals of Secure Mobile Development • DES 201 Fundamentals of Cryptography • DES 212 Architecture Risk Analysis and Remediation • DES 292 Architecture Risk Analysis and Remediation for Embedded Systems Embedded QA • TST 101 Fundamentals of Security Testing • TST 191 Fundamentals of Security Testing for Embedded Systems • TST 201 Classes of Security Defects • TST 291 Classes of Security Defects for Embedded Systems • ENG 312 How to Perform a Security Code Review IT Architect • DES 101 Fundamentals of Secure Architecture • DES 212 Architecture Risk Analysis and Remediation • DES 213 Introduction to Security Tools and Technologies • ENG 211 How to Create Application Security Design Requirements • ENG-301 How to Create an Application Security Threat Model Systems Leadership • COD 101 Fundamentals of Secure Development • DES 221 OWASP Top 10 - Threats and Mitigations • DES 311 Creating Secure Application Architecture
  23. 23. Copyright © 2017 Trustwave Holdings, Inc.
  • DavidNkangi

    Mar. 13, 2017
  • hazem_baz

    Nov. 3, 2016
  • davidjustinmiller

    Apr. 12, 2016
  • GusRoumanos

    Mar. 23, 2016

Use this catalog to browse Trustwave’s security education offerings, including security awareness training for all staff and secure software development courses for technical staff. If you have questions please contact us.

Views

Total views

36,735

On Slideshare

0

From embeds

0

Number of embeds

32,073

Actions

Downloads

135

Shares

0

Comments

0

Likes

4

×