Use this catalog to browse Trustwave’s security education offerings, including security awareness training for all staff and secure software development courses for technical staff. If you have questions please contact us.
Use this catalog to browse Trustwave’s security education offerings, including security awareness training for all staff and secure software development courses for technical staff. If you have questions, please contact us.
Use this catalog to browse Trustwave’s security education offerings, including security awareness training for all staff and secure software development courses for technical staff. If you have questions please contact us.
Use this catalog to browse Trustwave’s security education offerings, including security awareness training for all staff and secure software development courses for technical staff. If you have questions, please contact us.
This is a presentation template if someone is interested in making a case for a web-based security awareness and training program within your company. It is free for all to use and change accordingly.
Use this catalog to browse Trustwave’s security education offerings, including security awareness training for all staff and secure software development courses for technical staff. If you have questions, please contact us.
Use this catalog to browse Trustwave’s security education offerings, including security awareness training for all staff and secure software development courses for technical staff. If you have questions please contact us.
Use this catalog to browse Trustwave’s security education offerings, including security awareness training for all staff and secure software development courses for technical staff. If you have questions, please contact us.
This is a presentation template if someone is interested in making a case for a web-based security awareness and training program within your company. It is free for all to use and change accordingly.
A section of security breaches are caused by employees, whether accidentally or deliberately. To prevent security breaches of any kind, organizations should strengthen and solidify all their security systems and technologies. Here listed are a few simple ways to make employees understand and feel responsible for security of the Company's assets.
Information Security Management Education Program - Concept Document Dinesh O Bareja
Information security training is incomplete which ever way one sees it - the techie lacks a lot of stuff and so does the non-techie. This is a concept to make changes and build an education program which will actually create professionals having good skills.
The Offensive Cyber Security Certification will upgrade your skills to become a pentester, exploit developer. You will learn multiple offensive approaches to access infrastructure, environment, and information, performing risk analysis and mitigation, compliance, and much more with this program.
Information Assurance & Reliability ArchitectureSrikar Sagi
Information Assurance(IA)
A Systematic & Systemic practice of assurance-modeling that guarantees protection of systems, information & managing information risks such as Confidentiality, Integrity, Availability, Auditing (Authentication /Authorization/Logs etc) & Non-repudiation in relation to the use, processing, storage & transmission of information, restoration of systems/services and the corresponding/inter-related systems, their processes used for protection capabilities(s)
Cybersecurity Career Paths | Skills Required in Cybersecurity Career | Learn ...Edureka!
** CyberSecurity Certification Training: https://www.edureka.co/cybersecurity-certification-training **
Cybersecurity careers are complex and many roles can be found in banks, retailers and government organizations. This PPT will guide you through multiple career paths in cybersecurity. Below are the topics covered in this tutorial:
1. Where to Start?
2. Career Paths in Cybersecurity
3. Cybersecurity Job Salaries
4. Skills for Cybersecurity Careers
5. Tools & Technologies
6. Cybersecurity Careers & Estimated Annual
7. Related Occupations you should know about
Cybersecurity Training Playlist: https://bit.ly/2NqcTQV
Cyber security refers to the ability to defend against cyber-attacks, protect resources, and prevent cyber-attacks while information assurance is to ensure the confidentiality, possession or control, integrity, authenticity, availability and utility of information and information systems.
Cybersecurity Interview Questions and Answers | CyberSecurity Interview Tips ...Edureka!
** CyberSecurity Certification Training: https://www.edureka.co/cybersecurity-certification-training **
This Edureka tutorial on "Cybersecurity Interview Questions and Answers" consists of 50 questions from multiple cybersecurity domains which will help you in preparation of your interviews.
Corporate security is the the best choice to mitigate the risks and maximize the investment. The goal is ensure the survival of the company and add value.
ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.IGN MANTRA
ISO 27001:2013 Awareness, Seminar & Workshop Indonesia Honeynet Project IHP, Badan Siber dan Sandi Negara BSSN, Universitas Syiah Kuala Unsyiah, 23-24 Oktober 2018
What is Social Engineering? What risk does it pose to your organisation and how can you protect the service desk from being attacked? Craig Clark explains.
A section of security breaches are caused by employees, whether accidentally or deliberately. To prevent security breaches of any kind, organizations should strengthen and solidify all their security systems and technologies. Here listed are a few simple ways to make employees understand and feel responsible for security of the Company's assets.
Information Security Management Education Program - Concept Document Dinesh O Bareja
Information security training is incomplete which ever way one sees it - the techie lacks a lot of stuff and so does the non-techie. This is a concept to make changes and build an education program which will actually create professionals having good skills.
The Offensive Cyber Security Certification will upgrade your skills to become a pentester, exploit developer. You will learn multiple offensive approaches to access infrastructure, environment, and information, performing risk analysis and mitigation, compliance, and much more with this program.
Information Assurance & Reliability ArchitectureSrikar Sagi
Information Assurance(IA)
A Systematic & Systemic practice of assurance-modeling that guarantees protection of systems, information & managing information risks such as Confidentiality, Integrity, Availability, Auditing (Authentication /Authorization/Logs etc) & Non-repudiation in relation to the use, processing, storage & transmission of information, restoration of systems/services and the corresponding/inter-related systems, their processes used for protection capabilities(s)
Cybersecurity Career Paths | Skills Required in Cybersecurity Career | Learn ...Edureka!
** CyberSecurity Certification Training: https://www.edureka.co/cybersecurity-certification-training **
Cybersecurity careers are complex and many roles can be found in banks, retailers and government organizations. This PPT will guide you through multiple career paths in cybersecurity. Below are the topics covered in this tutorial:
1. Where to Start?
2. Career Paths in Cybersecurity
3. Cybersecurity Job Salaries
4. Skills for Cybersecurity Careers
5. Tools & Technologies
6. Cybersecurity Careers & Estimated Annual
7. Related Occupations you should know about
Cybersecurity Training Playlist: https://bit.ly/2NqcTQV
Cyber security refers to the ability to defend against cyber-attacks, protect resources, and prevent cyber-attacks while information assurance is to ensure the confidentiality, possession or control, integrity, authenticity, availability and utility of information and information systems.
Cybersecurity Interview Questions and Answers | CyberSecurity Interview Tips ...Edureka!
** CyberSecurity Certification Training: https://www.edureka.co/cybersecurity-certification-training **
This Edureka tutorial on "Cybersecurity Interview Questions and Answers" consists of 50 questions from multiple cybersecurity domains which will help you in preparation of your interviews.
Corporate security is the the best choice to mitigate the risks and maximize the investment. The goal is ensure the survival of the company and add value.
ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.IGN MANTRA
ISO 27001:2013 Awareness, Seminar & Workshop Indonesia Honeynet Project IHP, Badan Siber dan Sandi Negara BSSN, Universitas Syiah Kuala Unsyiah, 23-24 Oktober 2018
What is Social Engineering? What risk does it pose to your organisation and how can you protect the service desk from being attacked? Craig Clark explains.
Empowering Employees for Cyber Resilience: A Guide to Strengthening Your Orga...Richard Lawson
This comprehensive guide focuses on empowering employees to contribute to their organization's cybersecurity posture. It outlines the importance of investing in cybersecurity skills and training, implementing strong security controls, understanding incident response plans, monitoring the work environment for threats, and continuously educating employees about cybersecurity best practices. By fostering a security-conscious workforce and encouraging active participation in cybersecurity efforts, organizations can significantly reduce the risk of cyberattacks and build a more robust and resilient defense against potential breaches.
A to Z of Information Security ManagementMark Conway
The purpose of information security is to protect an organisation’s valuable assets, such as information, Intellectual property, hardware, and software.
Through the selection and application of appropriate safeguards or controls, information security helps an organisation to meet its business objectives by protecting its physical and financial resources, reputation, legal position, employees, and other tangible and intangible assets.
In this A to Z I’d like to outline some of the key focus areas for organisations wishing to pursue compliance to the ISO27001 Information Security standard.
IT Risk Management & Leadership 30 March - 02 April 2014 Dubai UAE360 BSI
Are you effectively securing your organization’s IT systems that store, process, or transmit organizational information?
Is your IT risk management plan tailored to the specific risk profile of your business and being coordinated across all functional and business units?
With the release of IT Governance frameworks, requirements for risk management and new international standards entering the market, the pressure is mounting to ensure that all your IT risks are identified and the necessary action is taken – be this to mitigate them, accept or ignore them. So, how safe is your IT system? What are the risks that your organization is being exposed to?
The solution to this challenge is to establish an effective risk management process that protects the organization, not just its IT assets, and provides it with the ability to perform its mission.
Risk management is the process of identifying and assessing risk and taking preventive measures to reduce it to an acceptable level. It is critical that you develop an effective risk management program that assesses and mitigates risks within your IT systems and better manages these IT-related mission risks.
BENEFITS OF ATTENDING THIS WORKSHOP
Identify common IT project risks
Learn how to assess threats and vulnerabilities to create a risk response strategy
Understand what qualifies as risk with IT projects
Understand the most common IT risk sources
Qualify and quantify IT risks
Learn the difference between negative and positive IT risks
Develop an IT risk management plan
Plan risk response methods for IT risks
Create risk mitigation and contingency plans
Monitor and control project risks
Overcome resistance from stakeholders and team members
WHO SHOULD ATTEND THIS WORKSHOP
IT risk managers
IT security managers
Compliance officers
Program and project managers
IT project managers
IT operation manager
Contact Kris at kris@360bsi.com to register.
4MANUAL OVERVIEW
5SECTION 1:Introduction: Welcome to CyberLeet
51.1 Introduction
51.2 Your Role at CyberLeet
61.3 Purpose of This Manual
7SECTION 2:CORE TENETS OF CYBERSECURITY
72.1 Confidentiality
72.2 Integrity
82.3 Availability
9SECTION 3:CYBERSECURITY POLICIES
93.1 Password Policies
93.2 Acceptable Use Policies
103.3 User Training Policies
103.4 Basic User Policies
11SECTION 4:THREAT MITIGATION SCENARIOS
114.1 Theft
114.2 Malware
124.3 Your Choice
13SECTION 5: REFERENCES
MANUAL OVERVIEW
You are the training manager at CyberLeet Technologies, a midsized firm that provides cybersecurity services to other businesses. CyberLeet’s core customer base is sole proprietorships and other mom-and-pop shops that are too small to have their own IT departments and budgets. Generally speaking, your clients have a reasonably high risk tolerance, and put a premium on the functionality of their IT systems over stringent security measures. However, you also have clients that must protect highly sensitive information in order to continue operating successfully. For example, CyberLeet supports a few small public-accounting firms that need to maintain important tax-related information, as well as several day-care businesses that must keep children’s health records private while allowing necessary access for certain caregivers. In the past year, CyberLeet has experienced rapid growth, which means you can no longer personally provide one-on-one training to every new information security analyst as they are hired. Therefore, you have decided to create a training manual that will explain to the current and future cohorts of new hires the essential principles and practices that they must understand in order to be successful in their role as information security analysts at CyberLeet.
Manual Layout
There are four sections in the manual, which cover all the components of a new employee training manual. As the training manager, you must complete each section using information you learned in this course. Refer to the background information on CyberLeet and apply the appropriate information that best matches based on the size of the company, the value of cybersecurity, and its core tenets. Apply best practices of cybersecurity principles for addressing the common threat scenarios of a sole proprietary business. The main sections of the manual you are responsible for completing are the following:
· Introduction
· Core tenets of cybersecurity
· Developing cybersecurity policies
· Threat mitigation scenarios
In Section One, describe the organization. Provide a short history of the company, define the way it operates, and describe its place within the industry and the community it serves. Follow the prompts to complete each section. All prompts should be deleted prior to submitting this section. SECTION 1:
Introduction: Welcome to CyberLeet1.1 Introduction
Prompt: Explain the value of CyberLeet Technologiesas a provider of cybersecurity services to its .
IT Risk Management & Leadership 23 - 26 June 2013 Dubai360 BSI
WHY IS THIS IT RISK ASSESSMENT WORKSHOP IMPORTANT?
Are you effectively securing your organization’s IT systems that store, process, or transmit organizational information?
Is your IT risk management plan tailored to the specific risk profile of your business and being coordinated across all functional and business units?
With the release of IT Governance frameworks, requirements for risk management and new international standards entering the market, the pressure is mounting to ensure that all your IT risks are identified and the necessary action is taken – be this to mitigate them, accept or ignore them. So, how safe is your IT system? What are the risks that your organization is being exposed to?
The solution to this challenge is to establish an effective risk management process that protects the organization, not just its IT assets, and provides it with the ability to perform its mission.
Risk management is the process of identifying and assessing risk and taking preventive measures to reduce it to an acceptable level. It is critical that you develop an effective risk management program that assesses and mitigates risks within your IT systems and better manages these IT-related mission risks.
BENEFITS OF ATTENDING THIS WORKSHOP
Identify common IT project risks
Learn how to assess threats and vulnerabilities to create a risk response strategy
Understand what qualifies as risk with IT projects
Understand the most common IT risk sources
Qualify and quantify IT risks
Learn the difference between negative and positive IT risks
Develop an IT risk management plan
Plan risk response methods for IT risks
Create risk mitigation and contingency plans
Monitor and control project risks
Overcome resistance from stakeholders and team members
WHO SHOULD ATTEND THIS WORKSHOP
IT risk managers
IT security managers
Compliance officers
Program and project managers
IT project managers
IT operation manager
Contact Kris at kris@360bsi.com to register.
Cyber-attacks are an alarming threat to all types of businesses & organizations.The risk of a cyber-attack is not just a risk to your company but also to your privacy.Hence, cybersecurity is crucial for every business. Cybersecurity protects critical data from cyber attackers. This includes sensitive data, governmental and industry information, personal information, personally identifiable information (PII), intellectual property, and protected health information (PHI). If you are looking for tools to fight against cyber threats, then Techwave’s tools & technologies with adequate controls will help your organization stay protected.
Cyber-attacks are an alarming threat to all types of businesses & organizations.The risk of a cyber-attack is not just a risk to your company but also to your privacy.Hence, cybersecurity is crucial for every business. Cybersecurity protects critical data from cyber attackers. This includes sensitive data, governmental and industry information, personal information, personally identifiable information (PII), intellectual property, and protected health information (PHI). If you are looking for tools to fight against cyber threats, then Techwave’s tools & technologies with adequate controls will help your organization stay protected.
Advisory from Professionals Preparing Information .docxkatherncarlyle
Advisory from Professionals
Preparing Information Systems (IS) Graduates to Meet the
Challenges of Global IT Security: Some Suggestions
Jeff Sauls
IT Operations Professional
Austin, TX, USA
Naveen Gudigantala
Operations and Technology Management
University of Portland
Portland, OR 97203, USA
[email protected]
ABSTRACT
Managing IT security and assurance is a top priority for organizations. Aware of the costs associated with a security or privacy
breach, organizations are constantly vigilant about protecting their data and IT systems. In addition, organizations are
investing heavily in IT resources to keep up with the challenges of managing their IT security and assurance. Therefore, the IT
industry relies greatly on the U.S. higher education system to produce a qualified and competent workforce to manage security
challenges. This advisory discusses some security challenges faced by global companies and provides input into the design
and delivery of IS curriculum to effectively meet such challenges.
Keywords: Information assurance and security, Curriculum design and development, Computer security
1. INTRODUCTION
Information security and assurance management is vital for
the success of organizations. It is particularly relevant for
global companies whose customers demand a high level of
security for their products. Meeting such high expectations
requires companies to study security best practices,
continually invest in technical and human resources, and
implement a secure corporate environment. The goal of this
paper is to discuss some security challenges faced by global
organizations and to provide suggestions to IS academics
concerning security curriculum to effectively educate the
next generation IT workforce to meet these challenges.
2. SECURITY CHALLENGES FACED BY GLOBAL
COMPANIES
This advisory focuses on security challenges faced by global
companies. For instance, security challenges faced by a
multinational company operating manufacturing plants in
several countries are likely to be much different than those of
a company with a manufacturing plant in a single location.
The goal of this section is to present some security
challenges faced by global companies.
What many companies do in terms of security is driven
by the needs of their customers. For instance, consider the
case of a global manufacturing company that makes
hardware for a smart card. Smart cards include embedded
integrated circuits and customers generally provide the
manufacturer with a detailed list of functional and assurance
requirements for security. The manufacturer of the hardware
is expected to comply with the specifications of the
customer. If the company decides to manufacture in two
plants in Europe and the U.S., it becomes important for the
manufacturer to have uniform security standards in both
plants. These security standards may include many aspects
.
Advisory from Professionals Preparing Information .docxdaniahendric
Advisory from Professionals
Preparing Information Systems (IS) Graduates to Meet the
Challenges of Global IT Security: Some Suggestions
Jeff Sauls
IT Operations Professional
Austin, TX, USA
Naveen Gudigantala
Operations and Technology Management
University of Portland
Portland, OR 97203, USA
[email protected]
ABSTRACT
Managing IT security and assurance is a top priority for organizations. Aware of the costs associated with a security or privacy
breach, organizations are constantly vigilant about protecting their data and IT systems. In addition, organizations are
investing heavily in IT resources to keep up with the challenges of managing their IT security and assurance. Therefore, the IT
industry relies greatly on the U.S. higher education system to produce a qualified and competent workforce to manage security
challenges. This advisory discusses some security challenges faced by global companies and provides input into the design
and delivery of IS curriculum to effectively meet such challenges.
Keywords: Information assurance and security, Curriculum design and development, Computer security
1. INTRODUCTION
Information security and assurance management is vital for
the success of organizations. It is particularly relevant for
global companies whose customers demand a high level of
security for their products. Meeting such high expectations
requires companies to study security best practices,
continually invest in technical and human resources, and
implement a secure corporate environment. The goal of this
paper is to discuss some security challenges faced by global
organizations and to provide suggestions to IS academics
concerning security curriculum to effectively educate the
next generation IT workforce to meet these challenges.
2. SECURITY CHALLENGES FACED BY GLOBAL
COMPANIES
This advisory focuses on security challenges faced by global
companies. For instance, security challenges faced by a
multinational company operating manufacturing plants in
several countries are likely to be much different than those of
a company with a manufacturing plant in a single location.
The goal of this section is to present some security
challenges faced by global companies.
What many companies do in terms of security is driven
by the needs of their customers. For instance, consider the
case of a global manufacturing company that makes
hardware for a smart card. Smart cards include embedded
integrated circuits and customers generally provide the
manufacturer with a detailed list of functional and assurance
requirements for security. The manufacturer of the hardware
is expected to comply with the specifications of the
customer. If the company decides to manufacture in two
plants in Europe and the U.S., it becomes important for the
manufacturer to have uniform security standards in both
plants. These security standards may include many aspects
...
Embark on a journey to exam excellence with our comprehensive guide to SY0-701 Dumps for CompTIA Security+. Dive into the intricacies of the SY0-701 exam with meticulously crafted Security+ Dumps designed to simulate the real exam environment. Elevate your preparation, boost confidence, and ensure success on exam day. Join a community of achievers who have trusted our SY0-701 Dumps for a proven pathway to mastering the CompTIA Security+ certification. Uncover the key insights and strategies essential for acing the SY0-701 exam. Your success begins with the right preparation – explore our Security+ Dumps and pave the way for a successful career in cybersecurity.
Information Security Analyst- Infosec trainInfosecTrain
The information has more exceptional value in today's highly competitive world. It helps organizations in many ways. From making accurate decisions to set up strategies to achieve their business goals, organizations rely extensively on the information system.
Cyber security practices involve preventing malicious attacks on computers, servers, mobile devices, electronic systems, networks, and data. It is also called information technology security or electronic information security.
https://www.infosectrain.com/courses/ceh-v11-certification-training/
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
2. CYBERSECURITY EDUCATION CATALOG
Introduction
The human factor – what employees do or don’t do – is the biggest
vulnerability to an organization’s information security, yet it’s often the
most overlooked. Whether they are processing credit cards, handling
clients’ personal information, or developing software solutions for your
business, your employees are ripe targets for information thieves seeking
access to your sensitive data, unless you help them learn how to protect
against and respond to security incidents. It’s vital to your business to
provide security education to your employees and partners.
Trustwave offers two key types of Cybersecurity Education:
• Security Awareness Education for all staff
• Secure Developer Training for technical staff
Use this catalog to browse the Cybersecurity Education offerings. If you
have questions, reach out to your Trustwave account manager or use the
Contact Us section of the Trustwave website at www.trustwave.com.
4. CYBERSECURITY EDUCATION CATALOG
2
SecurityAwareness Education
Every Trustwave Security Awareness Education (SAE) program is customized for
you, the client. Your options include how your online security education courses
will be set up and which additional video and print-based materials you would like
to order to reinforce your program year-round. This section is designed to guide
you through the program and help you choose the options that are right for you
and your organization.
SAE Courses
Use the SAE Courses list to browse our library of security awareness courses. Categorized by areas of interest,
each course’s catalog code, topic, and objectives are listed to help you decide which topics are most appropriate
for your target audience(s). All courses are available in English. Most courses are available in German and Spanish,
and all courses can be localized into additional languages. The portal is English by default and may be configured in
Spanish, French and Portuguese as well as many other languages. You may also view our courses in the Trustwave
Cybersecurity Education portal. Contact your Trustwave account manager if you would like to receive a free trial.
Security Awareness Curriculum Builder
The Security Awareness Curriculum Builder page lists the courses included in each available curriculum, tailored for
common organizational roles requiring security awareness training. If these combinations don’t fit your organization’s
needs, or if you’d like to include additional materials such as quizzes or your organization’s own information security
policies, use the table at the bottom of the Security Awareness Curriculum Builder page to identify the curriculum you
would like us to build.
Supplemental Material to Support Security Awareness
Often organizations administer formal security awareness training only once per year. Hanging posters in your office
environment and featuring the two-minute security videos in public areas and meetings can help keep employees
aware of their security responsibilities year-round.
5. 3
SAE Courses
Each curriculum in your Security Awareness Education program may be comprised of one or more of the following courses. Use this guide to
identify the courses you would like to include in each curriculum. If you have any questions, or if you would like to receive a free trial, contact your
Trustwave account manager.
Compliance Topics These courses cover the basic principles of various compliance standards and information security measures.
# Course Name Course Objectives Supporting Objectives
AWA 001 PCI Overview
Recognize how the Payment Card Industry
Data Security Standard (PCI DSS) protects
cardholder data.
• Identify elements of cardholder data that must be protected.
• Recognize appropriate protection mechanisms for cardholder data.
• Describe the continuous process to maintain PCI compliance.
AWA 002
PCI for Business
as Usual (BAU)
Compliance
Understand best practices to implement PCI
DSS controls and make compliance business as
usual.
• Understand the “big picture” purpose of the PCI DSS to protect the business and serve customers.
• Acknowledge the importance of data security measures to achieve compliance and maintain security.
AWA 015
PCI Compliance
Understand the importance of the Payment Card
Industry Data Security Standard (PCI DSS).
• Recognize appropriate protection mechanisms for cardholder data.
• Recognize how the PCI DSS helps minimize risk to cardholder data.
SecurityAwareness Topics These courses cover basic security awareness concepts that all employees should understand.
# Course Name Course Objectives Supporting Objectives
AWA 007
Information Privacy and
Security Awareness for
Executives
Provide decision-makers and managers with
a concise summary of essential information
privacy and security awareness requirements.
• Learn how to identify, help prevent and defend against the most common privacy and security threats.
AWA 008
Information Privacy -
Classifying Data
Recognize the importance of understanding
what constitutes private data.
• Recognize the importance of meeting internal and external security compliance requirements.
• Understand how to classify data based on sensitivity level and risk.
• Learn best practices for protecting sensitive data.
AWA 009
Information Privacy -
Protecting Data
Recognize the importance of understanding
what constitutes private data and how to behave
in a proactive manner to protect this information
in everyday work.
• Understand physical controls, technical controls and administrative policies and and practices in
support of data privacy.
AWA 010
Email Security Recognize malicious email before it can become a threat.
• Learn how to properly handle email.
• Learn best practices around how and when to use email to send specific types of information.
• Understand what Personally Identifiable Information (PII) is.
• Understand the impact of sending sensitive information over an insecure medium.
• Identify information that should not be sent via email.
AWA 012 Malware Awareness Learn how to identify and define types of malware. • Recognize evidence of active infection and understand what the proper actions are to prevent such attacks.
AWA 013
Mobile Security List the characteristics of mobile device platforms. • Identify the role device ownership plays as a basis for understanding application risk.
A video related to this course topic is available.
6. CYBERSECURITY EDUCATION CATALOG
4
SecurityAwareness Topics These courses cover basic security awareness concepts that all employees should understand.
# Course Name Course Objectives Supporting Objectives
AWA 014
Password Security
Learn how to create and remember strong passwords,
therefore eliminating the need to use insecure practices.
• Recognize the risks surrounding password security.
• Identify safeguards used to protect passwords.
• Summarize techniques used by attackers to obtain passwords.
AWA 016 Phishing Awareness
Recognize malicious email before it can become
a threat.
• Understand the various ways in which attackers try to trick and entice users to trigger malicious
events through email.
• Learn best practices to properly handle and avoid phishing attacks.
AWA 017
Physical Security
Learn accepted practices for minimizing breaches and
identifying different types of data that may be exposed
via hardware theft.
• Understand what physical security is and why it is everyone’s responsibility.
• Identify common physical security attacks.
• Identify physical security best practices.
AWA 018
Social Engineering
Awareness
Identify the many forms of social engineering and
its potential impacts.
• Identify techniques used by social engineers.
• Understand how to establish validity of requests in order to perform daily business functions in light of
potential threats.
AWA 019 Travel Security
Recognize the risks associated with transporting
sensitive data.
• Recognize threats that may be present while traveling.
• Identify the risks certain locations may harbor.
• Understand the defenses that you may employ while traveling.
Best Practices forJob Roles These courses target specific job roles within an organization. Each course you create should contain one of these JRT (Job Role Training) lessons, depending on your
role and industry.
# Course Name Course Objectives Supporting Objectives
JRT 001
Secure Practices for Retail
Associates
Recognize the security awareness responsibilities of retail
associates and the laws, regulations, methods and best
practices that help keep information secure in the retail
environment.
• Recognize the information security responsibilities of retail associates that impact the retail environment.
• List and describe information security responsibilities and best practices of retail associates.
JRT 002
Secure Practices for Retail
Managers
Recognize the security awareness responsibilities of retail
managers and the laws, regulations, methods and best
practices that help keep information secure in the retail
environment.
• Recognize the security responsibilities of retail managers or owners that impact the retail environment.
• List and describe information security responsibilities and best practices of retail managers.
A video related to this course topic is available.
7. 5
# Course Name Course Objectives Supporting Objectives
JRT 003
Secure Practices for Call
Center Associates
Recognize the security awareness responsibilities of call
center employees and the laws, regulations, methods
and best practices that help to keep information secure.
• Recognize the information security laws and regulations that impact the call center environment.
• Recognize the responsibility of call center employees to protect the information they work with each day.
• List and describe the information security responsibilities and best practices of call center employees.
JRT 004
Secure Practices for Call
Center Managers
Recognize the security awareness responsibilities of call
center managers and the laws, regulations, methods and
best practices that help keep information secure in the
call center.
• Recognize the information security responsibilities of call center managers and the related laws and regulations that
impact the call center environment.
• List and describe information security responsibilities and best practices of call center managers.
Advanced SecurityTopics These courses cover a wide range of advanced topics for managers and technical personnel.
# Course Name Course Objectives Supporting Objectives
ADV 002
Exploring Security
Trends
Recognize key findings of Trustwave’s annual
Global Security Report and list ways to improve
security this year based on last year’s trends.
• Recognize the purpose and contents of Trustwave’s Global Security Report.
• Recognize key findings of the current Global Security Report.
• List security best practices that help organizations avoid the security pitfalls of last year.
8. CYBERSECURITY EDUCATION CATALOG
6
Security Awareness Education Curriculum Builder
The first table below is a list of curriculum recommendations for common job roles that fit most organizations. It shows the courses included for
each recommended curriculum. If you prefer to create a custom curriculum, use the Create Your Own table to indicate what courses you would like
to include.
The video list on the next page indicates which two-minute videos are associated with which curriculum.
Security and Privacy
Awareness for Executives
●
Security and Privacy
Awareness for General Staff
● ● ● ● ● ● ● ● ● ● ●
Security and Privacy
Awareness for Retail
Associates
● ● ● ● ● ●
Security and Privacy
Awareness for Retail
Managers
● ● ● ● ● ●
Security and Privacy
Awareness for Call Center
Associates
● ● ● ● ● ● ● ● ● ●
Security and Privacy Awareness
for Call Center Managers
● ● ● ● ● ● ● ● ● ●
Security and Privacy
Awareness for Compliance
Managers
● ● ● ● ● ● ● ● ● ● ● ●
PCI Fundamentals
● ● ●
Advanced Topics
●
Create your Own Use this section to mix and match lessons to build up to five courses of your own. Just print this sheet and fill in the necessary
information, which you can then share with your Trustwave account manager.
AWA001
AWA002
AWA007
AWA008
AWA009
AWA012
AWA013
AWA014
AWA015
AWA016
AWA017
AWA018
AWA019
JRT001
JRT002
JRT003
JRT004
ADV002
AWA010
9. 7
Security and Privacy Awareness for
General Staff
● ● ● ● ● ● ● ● ● ● ● ● ●
Security and Privacy Awareness for
Retail Associates
● ● ● ●
Security and Privacy Awareness for
Retail Managers
● ● ● ●
Security and Privacy Awareness for Call
Center Associates
● ● ● ● ● ● ● ● ●
Security and Privacy Awareness for Call
Center Managers
● ● ● ● ● ● ● ● ●
Security and Privacy Awareness for
Compliance Managers
● ● ● ● ● ● ● ● ● ● ● ●
PCI Fundamentals ● ●
VID
001
VID
002
VID
004
VID
005
VID
006
VID
008
VID
009
VID
010
VID
011
VID
012
VID
013
VID
014
VID
007
Security Awareness Education Curriculum Videos
See the list below to determine which two-minute videos are included in which curriculum. You can add any videos to any curriculum you want.
10. CYBERSECURITY EDUCATION CATALOG
8
Role-Based Security Awareness Education
Here is a list of curriculum recommendations for common job roles. Each curriculum is available for you to assign to your
employees using the Learning Assignment Tool in the Cybersecurity Education portal. If you prefer to create your own
curriculum with a custom set of courses, please contact your Trustwave account manager.
Security and Privacy Awareness for Executives
(55 minutes)
Course Code: SAE EXEC
This course is designed for executives who want an
overview of information privacy and security awareness.
• AWA 007 Information Privacy and Security Awareness for
Executives (45 minutes)
• Information Privacy and Security Awareness for Executives
Exam (10 minutes)
Security and Privacy Awareness for General Staff
(2 hours 46 minutes)
Course Code: SAE GEN
This course is designed for general office staff and
employees who have access to sensitive information.
• VID 001 Data Privacy in 2 Minutes
• AWA 008 Information Privacy - Classifying Data (15 minutes)
• AWA 009 Information Privacy - Protecting Data (15 minutes)
• VID 012 Social Engineering in 2 Minutes
• AWA 018 Social Engineering Awareness (15 minutes)
• VID 013 Strong Passwords in 2 Minutes
• AWA 014 Password Security (10 minutes)
• VID 007 Password Security in 2 Minutes
• VID 002 Email Privacy in 2 Minutes
• AWA 010 Email Security (10 minutes)
• VID 009 Phishing in 2 Minutes
• AWA 016 Phishing Awareness (10 minutes)
• VID 005 Malware Prevention in 2 Minutes
• AWA 012 Malware Awareness (10 minutes)
• VID 010 Physical Security in 2 Minutes
• AWA 017 Physical Security (10 minutes)
• VID 006 Mobile Security in 2 Minutes
• AWA 013 Mobile Security (15 minutes)
• VID 004 IoT in 2 Minutes
• VID 011 Ransomware in 2 Minutes
• VID 014 Travel Security in 2 Minutes
• AWA 019 Travel Security (15 minutes)
• VID 008 PCI Compliance in 2 Minutes
• AWA 015 PCI Compliance (15 minutes)
Security and Privacy Awareness for Retail
Managers (1 hour 33 minutes)
Course Code: SAE RM
This course is designed for general office staff and
employees who have access to sensitive information.
• VID 001 Data Privacy in 2 Minutes
• AWA 008 Information Privacy - Classifying Data (15 minutes)
• AWA 009 Information Privacy - Protecting Data (15 minutes)
• VID 012 Social Engineering in 2 Minutes
• AWA 018 Social Engineering Awareness (15 minutes)
• VID 010 Physical Security in 2 Minutes
• AWA 017 Physical Security (10 minutes)
• VID 008 PCI Compliance in 2 Minutes
• AWA 015 PCI Compliance (15 minutes)
• JRT 002 SP for Retail Managers (15 minutes)
Security and Privacy Awareness for Retail
Associates (1 hour 33 minutes)
Course Code: SAE GA
This course is designed for employees who process
credit card transactions in person.
• VID 001 Data Privacy in 2 Minutes
• AWA 008 Information Privacy - Classifying Data (15 minutes)
• AWA 009 Information Privacy - Protecting Data (15 minutes)
• VID 012 Social Engineering in 2 Minutes
• AWA 018 Social Engineering Awareness (15 minutes)
• VID 010 Physical Security in 2 Minutes
• AWA 017 Physical Security (10 minutes)
• VID 008 PCI Compliance in 2 Minutes
• AWA 015 PCI Compliance (15 minutes)
• JRT 001 SP for Retail Associates (15 minutes)
Security and Privacy Awareness for Call Center
Managers (2 hours 20 minutes)
Course Code: SAE CCM
This course is designed for managers of card-not-
present environments.
• VID 001 Data Privacy in 2 Minutes
• AWA 008 Information Privacy - Classifying Data (15 minutes)
• AWA 009 Information Privacy - Protecting Data (15 minutes)
• VID 012 Social Engineering in 2 Minutes
• AWA 018 Social Engineering Awareness (15 minutes)
• VID 013 Strong Passwords in 2 Minutes
11. 9
• AWA 014 Password Security (10 minutes)
• VID 007 Password Security in 2 Minutes
• VID 002 Email Privacy in 2 Minutes
• AWA 010 Email Security (10 minutes)
• VID 009 Phishing in 2 Minutes
• AWA 016 Phishing Awareness (10 minutes)
• VID 005 Malware Prevention in 2 Minutes
• AWA 012 Malware Awareness (10 minutes)
• VID 010 Physical Security in 2 Minutes
• AWA 017 Physical Security (10 minutes)
• JRT 004 SP for Call Center Managers (10 minutes)
• VID 011 Ransomware in 2 Minutes
• VID 008 PCI Compliance in 2 Minutes
• AWA 015 PCI Compliance (15 minutes)
Security and Privacy Awareness for Call Center
Associates (2 hours 25 minutes)
Course Code: SAE CCA
This course is designed for employees who process
card-not-present transactions.
• VID 001 Data Privacy in 2 Minutes
• AWA 008 Information Privacy - Classifying Data (15 minutes)
• AWA 009 Information Privacy - Protecting Data (15 minutes)
• VID 012 Social Engineering in 2 Minutes
• AWA 018 Social Engineering Awareness (15 minutes)
• VID 013 Strong Passwords in 2 Minutes
• AWA 014 Password Security (10 minutes)
• VID 007 Password Security in 2 Minutes
• VID 002 Email Privacy in 2 Minutes
• AWA 010 Email Security (10 minutes)
• VID 009 Phishing in 2 Minutes
• AWA 016 Phishing Awareness (10 minutes)
• VID 005 Malware Prevention in 2 Minutes
• AWA 012 Malware Awareness (10 minutes)
• VID 010 Physical Security in 2 Minutes
• AWA 017 Physical Security (10 minutes)
• JRT 003 SP for Call Center Associates (15 minutes)
• VID 011 Ransomware in 2 Minutes
• VID 008 PCI Compliance in 2 Minutes
• AWA 015 PCI Compliance (15 minutes)
Security and Privacy Awareness for Compliance
Managers (2 hours 49 minutes)
Course Code: SAE PCIP
This course is designed for general or management staff
tasked with compliance or risk program management
responsibilities.
• VID 001 Data Privacy in 2 Minutes
• AWA 008 Information Privacy - Classifying Data (15 minutes)
• AWA 009 Information Privacy - Protecting Data (15 minutes)
• VID 012 Social Engineering in 2 Minutes
• AWA 018 Social Engineering Awareness (15 minutes)
• VID 013 Strong Passwords in 2 Minutes
• AWA 014 Password Security (10 minutes)
• VID 007 Password Security in 2 Minutes
• VID 002 Email Privacy in 2 Minutes
• AWA 010 Email Security (10 minutes)
• VID 009 Phishing in 2 Minutes
• AWA 016 Phishing Awareness (10 minutes)
• VID 005 Malware Prevention in 2 Minutes
• AWA 012 Malware Awareness (10 minutes)
• VID 010 Physical Security in 2 Minutes
• AWA 017 Physical Security (10 minutes)
• VID 006 Mobile Security in 2 Minutes
• AWA 013 Mobile Security (15 minutes)
• VID 008 PCI Compliance in 2 Minutes
• AWA 015 PCI Compliance (15 minutes)
• AWA 002 PCI Business As Usual Compliance (10 minutes)
• VID 011 Ransomware in 2 Minutes
• VID 014 Travel Security in 2 Minutes
• AWA 019 Travel Security (10 minutes)
PCI Fundamentals (49 minutes)
Course Code: SAE PCIFUND
This course is designed for general or management staff
tasked with compliance or risk program management
responsibilities.
• VID 001 Data Privacy in 2 Minutes
• AWA 008 Information Privacy - Classifying Data (15 minutes)
• AWA 009 Information Privacy - Protecting Data (15 minutes)
• VID 008 PCI Compliance in 2 Minutes
• AWA 015 PCI Compliance (15 minutes)
12. SECURITY AWARENESS, TRAINING AND EDUCATION CATALOG
10
SAE Supplemental Training
Strengthen your security awareness program with videos and posters. Two-minute videos provide introductory
or refresher training on privacy and security awareness topics aligned with lesson topics. Posters are available in
English, and they are in PDF format. Posters are available for download in the Cybersecurity Education portal and are
included with client-hosted content packages.
• VID 001 Data Privacy in 2 Minutes
• VID 002 Email Privacy in 2 Minutes
• VID 003 GDPR in 2 Minutes
• VID 004 IoT in 2 Minutes
• VID 005 Malware Prevention in 2 Minutes
• VID 006 Mobile Security in 2 Minutes
• VID 007 Password Security in 2 Minutes
• VID 008 PCI Compliance in 2 Minutes
• VID 009 Phishing in 2 Minutes
• VID 010 Physical Security in 2 Minutes
• VID 011 Ransomware in 2 Minutes
• VID 012 Social Engineering in 2 Minutes
• VID 013 Strong Passwords in 2 Minutes
• VID 014 Travel Security in 2 Minutes
• VID 015 W-2 Phishing in 2 Minutes
13. 11
Secure Development Training (SDT)
Trustwave offers a suite of web-based technical courses that introduce your
solution development staff to theory and best practices around planning and
writing secure code. You can choose to enroll employees in just one of the
courses that is most relevant to them, or give them access to an SDT course
bundle. No matter what option you select, this section will help you decide
which courses are right for your staff.
Secure Development Courses
Use the SDT Courses list to browse our library of SDT courses. Categorized by the stages of the Software Development
Life Cycle (SDLC), each course’s catalog code, topic, and prerequisites (if any) are listed here to help you decide which
topics are most appropriate for your target audience(s). All courses are available in English and content translation is
available. The portal is English by default and may be configured in Spanish, French and Portuguese as well as many
other languages.
Secure Development Bundles
The Secure Development Bundles shown on page 20 in this document are available to customers using SDT. You can use
the Secure Development Bundles page to note which bundles (consisting of various courses) you would like to offer to
your staff.
14. CYBERSECURITY EDUCATION CATALOG
12
SecurityAwareness and Process These courses cover topics related to fundamental security awareness concepts as they relate to software development.
# Course Name Course Objectives Time Suggested Prerequisites
AWA 101
Fundamentals of
Application Security
• Learn about the main drivers for application security, fundamental concepts of
application security risk management, the anatomy of an application attack, some
common attacks, and the concept of input validation as a primary risk mitigation
technique.
• Learn key security principles and best practices for developing secure applications.
1 hour
Understanding of the Software Development
Life Cycle (SDLC) and technologies; basic
understanding of software security.
Security Engineering These courses cover topics related to the employment of security awareness strategies as a Software Engineer.
# Course Name Course Objectives Time Suggested Prerequisites
ENG 105
How to Integrate the
Microsoft MS SDL into
your SDLC
• Learn the fundamentals of the Microsoft Security Development Lifecycle (SDL) process.
• Learn about the security requirements for each phase of your SDLC, including
Requirements, Design, Implementation, Verification, and Release.
• Learn about the Agile SDL variation, the Security Development Lifecycle for Line-of-
Business Applications (SDL-LOB), and the Microsoft SDL Threat Modeling Tool.
1 hour None
ENG 205
Fundamentals of Threat
Modeling
• Learn a question-driven approach to threat modeling that can help you identify security
design problems early in the application design process
1 hour None
ENG 211
How to Create
Application Security
Design Requirements
• Understand, create, and articulate security requirements.
• Understand the security engineering process.
• Recognize key security engineering activities to integrate into the SDLC.
• Understand software security objectives and apply security design guidelines.
1 hour • Fundamentals of Application Security (AWA 101)
ENG 301
How to Create an
Application Security
Threat Model
• Learn to identify the goals of threat modeling and the corresponding Software
Development Life Cycle (SDLC) requirements.
• Identify the roles and responsibilities involved in the threat modeling process.
• Recognize when and what to threat model.
• Identify the tools that help with threat modeling.
• Learn to use the threat modeling process to accurately identify, mitigate
and validate threats.
90 minutes None
ENG 311
Attack Surface Analysis
and Reduction
• Understand the goals and methodologies of attackers.
• Identify attack vectors.
• Learn how to minimize the attack surface of an application.
• Learn how to define the attack surface of an application.
• Learn how to reduce the risk to an application by minimizing its attack surfaces.
1 hour
• Fundamentals of Secure Development
(COD 101)
• Architecture Risk Analysis and Remediation
(DES 212)
ENG 312
How to Perform a
Security Code Review
• Learn how to organize and prioritize code reviews into segments.
• Learn how to perform code reviews for the OWASP Top 10 vulnerabilities.
1 hour
• Fundamentals of Secure Development
(COD 101)
• Architecture Risk Analysis and Remediation
(DES 212)
ENG 391
Create an Application
Security Threat Model for
IoT Embedded Systems
• Learn additional information about creating an Application Security threat model.
• Learn how to map content to specific compliance and regulatory requirements.
• Learn about key reference resources that support the topics covered in the module.
• Assess mastery of key concepts.
30 minutes
How to Create an Application Security Threat Model
(ENG 301)
SDT Courses
15. 13
# Course Name Course Objectives Time Suggested Prerequisites
ENG 392
Attack Surface Analysis
and Reduction for IoT
Embedded Systems
• Learn additional information about Attack Surface Analysis and Reduction (particularly
important to embedded software engineers).
• Learn about key reference resources that support topics covered in this module.
• Assess mastery of key concepts.
30 minutes Attack Surface Analysis and Reduction (ENG 311)
Secure Design These courses cover topics related to secure software architecture and design, to help plan security into applications before any code is written.
# Course Name Course Objectives Time Suggested Prerequisites
DES 101
Fundamentals of Secure
Architecture
• Examine the state of the industry from a security perspective.
• Learn about the biggest security disasters in software design.
• Understand that confidentiality, integrity and availability are the three main tenets of
information security.
• Learn how to avoid repeating past information security mistakes.
1 hour
• Fundamentals of Application Security (AWA 101)
• How to Create Application Security Design
Requirements (ENG 211)
DES 201
Fundamentals of
Cryptography
• Learn the basic concepts of cryptography and common ways that it is applied, from the
perspective of application development.
• Learn the importance of randomness; the roles of encoding, encryption and hashing;
the concepts of symmetric and asymmetric encryption; the purpose of cryptographic
keys; and the roles of message authentication codes (MACs) and digital signatures.
• Learn about complexity of cryptography.
2 hours
• Fundamentals of Application Security (AWA 101)
• Fundamentals of Secure Development
(COD 101)
• OWASP Top Ten Threats and Mitigations
(DES 221)
DES 212
Architecture Risk Analysis
and Remediation
• Learn concepts, methods and techniques for analyzing the architecture and design of a
software system for security flaws.
1 hour Fundamentals of Application Security (AWA 101)
DES 214 Securing Network Access • Learn about how Network Access Control can be used to secure systems on a network. 30 minutes
This course is part of the Secure Enterprise
Infrastructure Series
DES 215
Securing Operating
Systems
• Learn about common operating system threats and how to best mitigate those threats. 30 minutes
This course is part of the Secure Enterprise
Infrastructure Series
DES 216 Securing Cloud Instances
• Learn about the top threats to Cloud resources and how to mitigate them using
application security best practices.
30 minutes
This course is part of the Secure Enterprise
Infrastructure Series
DES 217
Application, Technical
and Physical Access
Controls
• Learn about the risks associated with data breaches and how to implement strong
access controls and security policies that protect applications, systems and
sensitive data.
30 minutes
This course is part of the Secure Enterprise
Infrastructure Series
DES 222 Mitigating Injection • Learn how to mitigate the risks associated with injection. 12 minutes This course is part of the OWASP 2017 Series
DES 223
Mitigating Broken
Authentication
• Learn how to mitigate the risks associated with broken authentication. 12 minutes This course is part of the OWASP 2017 Series
DES 224
Mitigating Sensitive Data
Exposure
• Learn how to mitigate the risks associated with sensitive data exposure. 12 minutes This course is part of the OWASP 2017 Series
DES 225
Mitigating XML External
Entities (XXE)
• Learn how to mitigate the risks associated with XML External Entities (XXE). 12 minutes This course is part of the OWASP 2017 Series
DES 226
Mitigating Broken Access
Control (12)
• Learn how to mitigate the risks associated with broken access control. 12 minutes This course is part of the OWASP 2017 Series
DES 227
Mitigating Security
Misconfiguration
• Learn how to mitigate the risks associated with security misconfiguration. 12 minutes This course is part of the OWASP 2017 Series
16. CYBERSECURITY EDUCATION CATALOG
# Course Name Course Objectives Time Suggested Prerequisites
DES 228
Mitigating Cross Site
Scripting (XSS)
• Learn how to mitigate the risks associated with Cross-Site Scripting (XSS). 12 minutes This course is part of the OWASP 2017 Series
DES 229
Mitigating Insecure
Deserialization
• Learn how to mitigate the risks associated with insecure deserialization. 12 minutes This course is part of the OWASP 2017 Series
DES 230
Mitigating Use of
Components with Known
Vulnerabilities
• Learn how to mitigate the risks associated with using components with known
vulnerabilities.
12 minutes This course is part of the OWASP 2017 Series
DES 231
Mitigating Insufficient
Logging Monitoring
Vulnerabilities
• Learn how to mitigate the risks associated with insufficient logging and monitoring. 12 minutes This course is part of the OWASP 2017 Series
DES 292
Architecture Risk
Analysis and
Remediation for IoT
Embedded Systems
• Learn additional information about Architecture Risk Analysis and Remediation training
(of particular importance to embedded software engineers).
• Assess mastery of key concepts.
30 minutes Architecture Risk Analysis Remediation (DES 212)
DES 311
Creating Secure
Application Architecture
• Learn how to harden applications and make them more difficult for intruders to breach.
• Learn about compartmentalization, centralized input, and data validation as methods to
protect applications from malicious input.
2 hours
• Fundamentals of Application Security (AWA 101)
• Fundamentals of Security Testing (TST 101)
DES 352
Creating Secure Over
the Air (OTA) Automotive
System Updates
• Learn about secure design considerations for over-the-air (OTA) updates for automotive
systems.
• After completing this course, you will be able to identify the benefits and risks of OTA
automotive system updates, understand the importance of public key cryptography
to the security of these updates, and identify secure design considerations for
development, delivery, and installation of OTA automotive system updates.
90 minutes
• Fundamentals of Secure Mobile Development
(COD 110)
• IoT Embedded Systems Security - Fundamentals
of Secure Embedded Software Development
(COD 160)
DES 391
Creating Secure
Application Architecture
for IoT Embedded
Systems
• Learn additional information about Creating Secure Application Architecture (of
particular importance to embedded software engineers).
• Assess mastery of key concepts.
30 minutes Creating Secure Application Architecture (DES 311)
Secure Coding These courses cover topics related to the implementation stage of the Software Development Life Cycle (when code is actually written).
# Course Name Course Objectives Time Suggested Prerequisites
COD 101
Fundamentals of Secure
Development
• Learn about the need for secure software development.
• Learn about the models, standards, and guidelines you can use to understand security
issues and improve the security posture of your applications.
• Learn about key application security principles.
• Learn how to integrate secure development practices into the SDLC.
80 minutes None
COD 110
Fundamentals of Secure
Mobile Development
• Learn about common risks associated with mobile applications.
• Learn mobile application development best practices.
• Understand mobile development threats and risks.
2 hours None
COD 141
Fundamentals of Secure
Database Development
• Understand database development best practices.
1 hour 50
minutes
Fundamentals of Application Security (AWA 101)
14
17. 15
# Course Name Course Objectives Time Suggested Prerequisites
COD 152
Fundamentals of Secure
Cloud Development
• Recognize the common risks associated with Cloud applications, including the security
features of the different series models (IaaS, PaaS and SaaS).
• Learn how to identify and mitigate the most common vulnerabilities and the unique
security challenges of “Big Data”.
• Learn how to apply the Microsoft SDL to cloud applications.
30 minutes None
COD 153
Fundamentals of Secure
AJAX Code
• Learn about AJAX technology and its common vulnerabilities and attack vectors.
• Identify the differences between regular and AJAX applications, common AJAX
vulnerabilities that attackers tend to exploit, and major threats to AJAX applications.
35 minutes None
COD 160
Fundamentals of Secure
Embedded Software
Development
• Learn about security issues inherent to embedded device architecture.
• Learn about techniques to identify system security and performance requirements,
develop appropriate security architecture, select the correct mitigations, and develop
policies that can ensure the secure operation of your system.
90 minutes None
COD 170
Identifying Threats to
Mainframe COBOL
Applications and Data
• Learn about common security issues that affect the confidentiality, integrity and
availability of COBOL programs or mainframes.
20 minutes None
COD 190
IoT Embedded Systems
Security - Fundamentals
of Secure Mobile
Development
• Learn additional information about Secure Mobile Development (of particular
importance to embedded software engineers).
• Assess mastery of key concepts.
30 minutes
Fundamentals of Secure Mobile Development
(COD 110)
COD 211
Creating Secure Code –
Java Foundations
• Learn best practices and techniques for secure application development in Java. 2.5 hours
• Fundamentals of Application Security (AWA 101)
• Fundamentals of Secure Development (COD 101)
• OWASP Top 10 - Threats and Mitigations
(DES 221)
COD 212
Creating Secure Code –
C/C++ Foundations
• Learn best practices and techniques for secure application development in C/C++. 2 hours
• Fundamentals of Application Security (AWA 101)
• Fundamentals of Secure Development (COD 101)
• OWASP Top 10 - Threats and Mitigations
(DES 221)
COD 215
Creating Secure Code –
.NET Framework
Foundations
• Learn about .NET 4 security features.
• Learn about changes in .NET 4.
• Learn secure coding best practices.
2 hours
Fundamentals of Secure Development
(COD 101)
COD 219
Creating Secure Code-
SAP ABAP Foundations
• Learn best practices and techniques for secure SAP application development using
Java and ABAP.
• Learn about basic application security principles, input validation in SAP applications,
common application security vulnerabilities and mitigations, protecting data using
encryption, and conducting security code analysis and code reviews.
90 minutes
• Fundamentals of Secure Development (COD 101)
• Fundamentals of Application Security (AWA 101)
• OWASP Top 10 - Threats and Mitigations (DES
221)
COD 222
PCI DSS v3.2 Best
Practices for Developers
• Learn about PCI DSS best practices and how to use them to address application
security issues.
1 hour Fundamentals of Secure Architecture (DES 101)
COD 225 Insecure Web Interface
• Learn how to identify common threats to IoT web interfaces and apply best practices to
mitigate these threats.
10 minutes This course is part of the IoT Specialization Series
18. CYBERSECURITY EDUCATION CATALOG
16
# Course Name Course Objectives Time Suggested Prerequisites
COD 226
Insufficient IoT
Authentication/
Authorization
• Learn how to implement secure authentication and authorization for IoT devices. 10 minutes This course is part of the IoT Specialization Series
COD 227
Insecure Network
Devices
• Learn about the vulnerabilities of insecure network devices within the context of IoT
devices and best practices to protect network services on IoT devices.
10 minutes This course is part of the IoT Specialization Series
COD 228
Insecure
Communications
• Learn about the risks of insecure communications. 10 minutes This course is part of the IoT Specialization Series
COD 229 Insecure Mobile Interface • Learn about best practices for protecting mobile applications used for IoT solutions. 10 minutes This course is part of the IoT Specialization Series
COD 230
Insecure Software/
Firmware
• Learn how to securely distribute updates that fix known vulnerabilities in software or
firmware for your IoT devices.
10 minutes This course is part of the IoT Specialization Series
COD 234
Mobile Threats and
Mitigations
• Learn about best practices for identifying and mitigating the most common threats to
mobile applications and their data.
20 minutes This course is part of the OWASP Mobile Series
COD 235
Defending Mobile Data
with Cryptography
• Learn about best practices for implementing strong cryptography to protect mobile
applications and their data.
20 minutes This course is part of the OWASP Mobile Series
COD 236
Mobile App
Authentication and
Authorization
• Learn how to integrate secure authentication and authorization into your mobile
application.
20 minutes This course is part of the OWASP Mobile Series
COD 237
Defending Mobile
App Code
• Learn how to integrate secure authentication and authorization into your mobile
application.
20 minutes This course is part of the OWASP Mobile Series
COD 242
Creating Secure SQL
Applications
• Learn how to protect sensitive data while ensuring the integrity of applications running
on the Microsoft SQL Server Engine and Azure SQL Database.
40 minutes n Series
COD 251
Creating Secure AJAX
Code - ASP.NET
Foundations
• Understand how to mitigate common vulnerabilities and protect against common
attack vectors.
• Identify threats to AJAX applications from cross-site scripting and other attacks.
• Learn how to implement countermeasures against attacks.
35 minutes Fundamentals of Secure AJAX Code (COD 153)
COD 252
Creating Secure
AJAX Code – Java
Foundations
• Understand how to mitigate common vulnerabilities and protect against common
attack vectors.
• Identify threats to AJAX applications from cross-site scripting and other attacks.
• Learn how to implement countermeasures against attacks.
35 minutes Fundamentals of Secure AJAX Code (COD 153)
COD 253
Creating Secure AWS
Cloud Applications
• Learn about security vulnerabilities, threats and mitigations for Amazon Web Services
(AWS) cloud computing services.
• Learn about Elastic Compute Cloud (EC2), Virtual Private Cloud (VPC), and four
additional core AWS: Identity and Access Management (IAM), DynamoDB Flat
Database Service, Relational Database Service (RDS), and Simple Storage Service (S3).
• Learn about ancillary AWS.
• After completing this course, you will be able to identify the most common security
threats to cloud development and best practices to protect against these threats. You
will also be able to identify AWS security features and ways to integrate them into your
AWS resources.
1 hour None
19. 17
# Course Name Course Objectives Time Suggested Prerequisites
COD 254
Creating Secure Azure
Applications
• Learn about the risks associated with creating and deploying applications on
Microsoft’s Azure cloud platform.
• Recognize core security considerations for Azure Virtual Machine (VM) security,
authentication and access control, legacy .Net Framework applications, Azure web
sites and the Microsoft WebMatrix3 IDE.
90 minutes None
COD 255
Creating Secure Code -
Web API Foundations
• Learn about common web services that may put your application at risk.
• Learn best practices that you should incorporate to mitigate the risk from web
services attacks.
• Understand various web services threats and the cause and impact of web
services attacks.
• Learn how to implement secure development best practices to protect web services.
2 hours
• Fundamentals of Application Security (AWA 101)
• Fundamentals of Secure Development (COD 101)
• OWASP Top 10 Threats and Mitigations
(DES 221)
COD 256
Creating Secure
Code - Ruby on Rails
Foundations
• Learn best practices and techniques for secure application development with Ruby
on Rails.
• Learn to identify and mitigate injection vulnerabilities, such as SQL injection and
cross-site scripting.
• Learn how to build strong session management into your Rails applications and prevent
other common vulnerabilities, such as cross-site request forgery and direct object access.
90 minutes Fundamentals of Application Security (AWA 101)
COD 257
Creating Secure Python
Web Applications
• Learn about best practices and techniques for secure application development with
Python.
• Understand various types of injection vulnerabilities.
• Understand how to build strong session management into your Python web application
and how to prevent common vulnerabilities.
• Recognize file system threats to web applications, including vulnerabilities with path
traversal, temporary files, and insecure client redirects.
45 minutes None
COD 261 Threats to Scripts
• Learn about the impact of incorrect script development or lax security measures.
• Learn about the most common scripting vulnerabilities, including cached secrets, a
variety of injection vulnerabilities, weaknesses related to permissions and privileges,
and the threat of resource exhaustion.
30 minutes This course is part of the Secure Scripting Series
COD 262
Fundamentals of Secure
Scripting
• Learn how shell scripting languages compare with more modern interpreted languages;
several information security principles including least privilege and defense in depth; the
importance of data validation; and operating system portability issues.
30 minutes This course is part of the Secure Scripting Series
COD 263
Secure Scripting with
Perl, Python, Bash and
Ruby
• Learn about the importance of error and exception handling in shell scripts and
interpreted languages, common syntax pitfalls, and how to prevent or mitigate several
common vulnerabilities.
30 minutes This course is part of the Secure Scripting Series
COD 264
Protecting Sensitive Data
while Scripting
• Learn how to use filesystem operations safely to protect files; system hardening;
cryptography basics; and the importance of up-to-date communication security
techniques.
30 minutes This course is part of the Secure Scripting Series
COD 270
Creating Secure
COBOL and Mainframe
Applications
• Learn about countermeasures for security vulnerabilities on the mainframe, such as
input validation, parameterized APIs, strong cryptography, and being aware of memory
management issues.
25 minutes None
20. CYBERSECURITY EDUCATION CATALOG
18
# Course Name Course Objectives Time Suggested Prerequisites
COD 311
Creating Secure
Code ASP.NET MVC
Applications
• Learn about ASP .NET and Web API code security issues that affect MVC and Web API
applications.
• Learn methods to protect your application from attacks against MVC’s model-binding
behavior.
• Learn methods to protect your application from cross-site scripting, cross-site request
forgery and malicious URL redirects.
• Learn about the Web API pipeline and how to implement authentication and
authorization in Web API applications.
2 hours
• Fundamentals of Application Security (AWA 101)
• Fundamentals of Secure Development (COD 101)
• OWASP Top 10 – Threats and Mitigations
(DES 221)
• Creating Secure Code – .NET Framework
Foundations (COD 215)
COD 312
Creating Secure C/C++
Code
• Learn techniques for securing your C/C++ applications.
• Learn about secure memory management in C/C++, protecting and authenticating
sensitive data with symmetric and public key cryptography, and secure communications
with TLS.
2 hours
• Fundamentals of Secure Development (COD 101)
• Fundamentals of Application Security (AWA 101)
• OWASP Top 10 – Threats and Mitigations
(DES 221)
• Creating Secure Code – C/C++ Foundations
(COD 212)
COD 313
Creating Secure Java
Code
• Identify and use the components of the Java security model.
• Identify how to use JAAS to control user authentication and authorization in your Java
application.
• Learn how to implement cryptography to sign and verify Java jar files.
35 minutes
• Fundamentals of Application Security (AWA 101)
• Fundamentals of Secure Development
(COD 101)
• OWASP Top 10 – Threats and Mitigations
(DES 221)
• Creating Secure Code – Java Foundations
(COD 211)
COD 314
Creating Secure C#
Code
• Learn about common security vulnerabilities that can be mitigated by proper input
validation, other common security vulnerabilities and their mitigations, secure error
handling and logging, and secure communication.
• Learn about the unique features of C# and the .NET framework that help protect against
security vulnerabilities.
2 hours
and
30 minutes
• Fundamentals of Application Security (AWA 101)
• Fundamentals of Secure Development (COD 101)
• OWASP Top 10 – Threats and Mitigations
(DES 221)
COD 315
Creating Secure
PHP Code
• Learn the security principles for building secure PHP applications.
• Assess mastery of key concepts.
2 hours
• Fundamentals of Application Security (AWA 101)
• Fundamentals of Secure Development (COD 101)
COD 317
Creating Secure iOS
Code in Swift
• Recognize common iOS application vulnerabilities and learn secure coding best
practices.
• Recognize and mitigate threats by leveraging iOS and Swift security services while also
implementing secure coding best practices.
90 minutes None
COD 318
Creating Secure Android
Code in Java
• Learn about common Android application vulnerabilities.
• Learn secure coding best practices using Java and the Android Software Development
Kit (SDK).
• Identify and mitigate a variety of attacks.
90 minutes None
21. 19
# Course Name Course Objectives Time Suggested Prerequisites
COD 351
Creating Secure HTML5
Code
• Learn about the development of secure HTML5 code.
• Learn about common HTML5 application vulnerabilities and threats, and secure coding
best practices.
• Upon completion of this class, participants will be able to identify ways in which the
expanded attack surface introduced with HTML 5 might impact your web applications.
Participants will also be able to identify new security features available with HTML5, as well
as countermeasures and best practices to mitigate the application’s exposure to attack.
80 minutes None
COD 352
Creating Secure jQuery
Code
• Learn about common client-side vulnerabilities and threats to jQuery applications, and
techniques for mitigating these vulnerabilities and threats.
• Learn about how to implement new HTML5 security features to secure JQuery
applications, and best practices to secure local storage and implement transport
layer security.
• Be able to describe the threats that can impact your jQuery code and describe the
countermeasures to address these threats.
90 minutes None
SecurityTesting These courses cover topics related to the testing of software for security flaws and remediating defects before release.
# Course Name Course Objectives Time Suggested Prerequisites
TST 101
Fundamentals of
Security Testing
• Learn security testing concepts and processes.
• Learn how to conduct effective security testing.
• Identify common security issues during testing to uncover security vulnerabilities.
2 hours
• Fundamentals of Application Security (AWA 101)
• How to Create Application Security Design
Requirements (ENG 211)
TST 191
Fundamentals of
Security Testing for IoT
Embedded Systems
• Learn additional information about the Fundamentals of Security Testing training
(of particular importance to embedded software engineers).
• Assess mastery of key concepts.
30 minutes Fundamentals of Security Testing (TST 101)
TST 201
Testing for CWE SANS
Top 25 Software Errorss
• Identify and mitigate each of the CWE’s 25 most dangerous software errors.
• Learn techniques for spotting common security issues through code review and testing.
• Identify common security defects and their potential impact to your application.
• Identify specific types of security vulnerabilities associated with different technologies.
3 hours Fundamentals of Application Security (AWA 101)
TST 211
How to Test for the
OWASP Top 10
• Learn about the top ten OWASP flaws and how to perform testing to identify these
flaws in web applications.
1 hour and
30 minutes
Fundamentals of Security Testing (TST 101)
TST 291
Classes of Security
Defects - IoT Embedded
Systems
• Learn additional information about Security Defects Classes (of particular importance to
embedded software engineers).
• Assess mastery of key concepts.
30 minutes Classes of Security Defects (TST 201)
TST 401
Advanced Software
Security Testing - Tools
and Techniques
• Learn about testing for specific security weaknesses.
• Learn about the top ten types of attacks and the tools to use to test for these attacks.
• Learn how to test software applications for susceptibility to the top ten attacks.
2 hours
• Fundamentals of Security Testing (TST 101)
• Classes of Security Defects (TST 201)
TST 411
Exploiting Buffer
Overflows
• Understand and mitigate buffer-overflow exploits.
• Understand the challenges faced by exploit code and how different exploitation
techniques overcome environmental limitations.
2 hours Creating Secure C/C++ Code (COD 312)
TST 491
IoT Advanced
Embedded Software
Security Testing
• Learn additional information about Software Security Testing (of particular importance
to embedded software engineers).
• Assess mastery of key concepts.
30 minutes
Advanced Software Security Testing – Tools
Techniques (TST 401)
22. CYBERSECURITY EDUCATION CATALOG
20
Secure Development Training Bundles
Use this section to determine which bundles you want to provide for your staff. Descriptions of the courses in each bundle
can be found in the SDT Courses List. Custom bundles, consisting of up to five courses, can be set up by request.
Contact your Trustwave account manager if you would like to configure a custom bundle or add advanced training courses.
C/C++ Developer
• AWA 101 Fundamentals of Application Security
• COD 101 Fundamentals of Secure Development
• COD 160 Fundamentals of Secure Embedded Development
• DES 201 Fundamentals of Cryptography
• COD 212 Creating Secure Code - C/C++ Foundations
C/C++ Developer II
• COD 312 Creating Secure C/C++ Code
• ENG 301 How to Create an Application Security Threat Model
• ENG 312 How to Perform a Security Code Review
Database Developer
• AWA 101 Fundamentals of Application Security
• COD 141 Fundamentals of Secure Database Development
• DES 201 Fundamentals of Cryptography
• ENG 301 How to Create an Application Security Threat Model
• ENG 312 How to Perform a Security Code Review
Java Developer
• AWA 101 Fundamentals of Application Security
• COD 101 Fundamentals of Secure Development
• COD 211 Creating Secure Code - Java Foundations
• COD 252 Creating Secure AJAX Code - Java Foundations
Java Developer II
• COD 313 Creating Secure Java Code
• COD 352 Creating Secure jQuery Code
• ENG 301 How to Create an Application Security Threat Model
• ENG 312 How to Perform a Security Code Review
• COD 351 Creating Secure HTML5 Code
Mobile Developer
• AWA 101 Fundamentals of Application Security
• COD 110 Fundamentals of Secure Mobile Development
• COD 317 Creating Secure iOS Code in Swift
• COD 318 Creating Secure Android Code in Java
PCI Developer
• AWA 101 Fundamentals of Application Security
• COD 222 PCI DSS v 3.2 Best Practices for Developers
• DES 221 OWASP Top 10 - Threats and Mitigations
• ENG 301 How to Create an Application Security Threat Model
• ENG 312 How to Perform a Security Code Review
PHP Developer
• AWA 101 Fundamentals of Application Security
• COD 153 Fundamentals of Secure AJAX Code
• COD 315 Creating Secure PHP Code
Project Manager
• AWA 101 Fundamentals of Application Security
• COD 311 Creating Secure Code ASP.NET MVC Applications
• DES 101 Fundamentals of Secure Architecture
• ENG 211 How to Create Application Security Design
Requirements
Software Architect
• AWA 101 Fundamentals of Application Security
• DES 101 Fundamentals of Secure Architecture
• DES 212 Architecture Risk Analysis and Remediation
Test/QA (Embedded QA also available)
• TST 101 Fundamentals of Security Testing
• TST 201 Testing for CWE SANS Top 25 Software Errors
• TST 211 How to Test for the OWASP Top 10
• ENG 312 How to Perform a Security Code Review
• TST 401 Advanced Software Security Testing - Tools
Techniques
.NET Developer
• AWA 101 Fundamentals of Application Security
• COD 215 Creating Secure Code - .NET Framework Foundations
• COD 251 Creating Secure AJAX Code - ASP .NET Foundations
• COD 311 Creating Secure Code ASP.NET MVC Applications
23. 21
Cloud Developer
• AWA 101 Fundamentals of Application Security
• DES 201 Fundamentals of Cryptography
• COD 253 Creating Secure AWS Cloud Applications
• COD 254 Creating Secure Azure Applications
Embedded Developer
• AWA 101 Fundamentals of Application Security
• DES 201 Fundamentals of Cryptography
• COD 160 Fundamentals of Secure Embedded Software
Development
• COD 212 Creating Secure Code - C/C++ Foundations
Embedded Architect
• DES 101 Fundamentals of Secure Architecture
• COD 110 Fundamentals of Secure Mobile Development
• DES 201 Fundamentals of Cryptography
• DES 212 Architecture Risk Analysis and Remediation
• DES 292 Architecture Risk Analysis and Remediation for
Embedded Systems
Embedded QA
• TST 101 Fundamentals of Security Testing
• TST 191 Fundamentals of Security Testing for IoT Embedded
Systems
• TST 201 Testing for CWE SANS Top 25 Software Errors
• TST 291 Classes of Security Defects - IoT Embedded Systems
• ENG 312 How to Perform a Security Code Review
IT Architect
• DES 101 Fundamentals of Secure Architecture
• DES 212 Architecture Risk Analysis and Remediation
• ENG 211 How to Create Application Security Design
Requirements
• ENG 301 How to Create an Application Security Threat Model
Systems Leadership
• COD 101 Fundamentals of Secure Development
• DES 311 Creating Secure Application Architecture