Use this catalog to browse Trustwave’s security education offerings, including security awareness training for all staff and secure software development courses for technical staff. If you have questions, please contact us.
Use this catalog to browse Trustwave’s security education offerings, including security awareness training for all staff and secure software development courses for technical staff. If you have questions please contact us.
Use this catalog to browse Trustwave’s security education offerings, including security awareness training for all staff and secure software development courses for technical staff. If you have questions please contact us.
Use this catalog to browse Trustwave’s security education offerings, including security awareness training for all staff and secure software development courses for technical staff. If you have questions, please contact us.
This document summarizes a security awareness training presentation that covered topics such as why security training is important, 21st century security threats, PCI compliance, security objectives and challenges, data classification, and security responsibilities. It provided examples of security incidents, the costs of data breaches, PCI DSS requirements, and outlined the company's security framework including defenses, controls, and challenges around excessive data retention, vulnerable infrastructure, lack of documentation and logging.
This is a presentation template if someone is interested in making a case for a web-based security awareness and training program within your company. It is free for all to use and change accordingly.
How To Promote Security Awareness In Your Companydanielblander
The document discusses promoting security awareness at companies. It outlines objectives like making security relevant and easy to understand. It addresses common objections like programs being too expensive or employees not paying attention. The document recommends focusing on cultural change, empowering employees, and using various mediums like training, newsletters and contests to deliver ongoing security awareness messages. The overall goal is for employees to feel security enables and benefits them.
Small Business Administration RecommendationsMeg Weber
This document provides an overview of a training course on cybersecurity for small businesses. The key topics covered in the course include: defining cybersecurity and explaining its importance; identifying common cyber threats like website tampering, data theft, and viruses; determining the level of risk to a business from cyber threats; and best practices for protecting information like establishing security policies and training employees on security procedures. The goal of the course is to help small businesses understand cybersecurity risks and take steps to secure their information and systems.
A section of security breaches are caused by employees, whether accidentally or deliberately. To prevent security breaches of any kind, organizations should strengthen and solidify all their security systems and technologies. Here listed are a few simple ways to make employees understand and feel responsible for security of the Company's assets.
Use this catalog to browse Trustwave’s security education offerings, including security awareness training for all staff and secure software development courses for technical staff. If you have questions please contact us.
Use this catalog to browse Trustwave’s security education offerings, including security awareness training for all staff and secure software development courses for technical staff. If you have questions please contact us.
Use this catalog to browse Trustwave’s security education offerings, including security awareness training for all staff and secure software development courses for technical staff. If you have questions, please contact us.
This document summarizes a security awareness training presentation that covered topics such as why security training is important, 21st century security threats, PCI compliance, security objectives and challenges, data classification, and security responsibilities. It provided examples of security incidents, the costs of data breaches, PCI DSS requirements, and outlined the company's security framework including defenses, controls, and challenges around excessive data retention, vulnerable infrastructure, lack of documentation and logging.
This is a presentation template if someone is interested in making a case for a web-based security awareness and training program within your company. It is free for all to use and change accordingly.
How To Promote Security Awareness In Your Companydanielblander
The document discusses promoting security awareness at companies. It outlines objectives like making security relevant and easy to understand. It addresses common objections like programs being too expensive or employees not paying attention. The document recommends focusing on cultural change, empowering employees, and using various mediums like training, newsletters and contests to deliver ongoing security awareness messages. The overall goal is for employees to feel security enables and benefits them.
Small Business Administration RecommendationsMeg Weber
This document provides an overview of a training course on cybersecurity for small businesses. The key topics covered in the course include: defining cybersecurity and explaining its importance; identifying common cyber threats like website tampering, data theft, and viruses; determining the level of risk to a business from cyber threats; and best practices for protecting information like establishing security policies and training employees on security procedures. The goal of the course is to help small businesses understand cybersecurity risks and take steps to secure their information and systems.
A section of security breaches are caused by employees, whether accidentally or deliberately. To prevent security breaches of any kind, organizations should strengthen and solidify all their security systems and technologies. Here listed are a few simple ways to make employees understand and feel responsible for security of the Company's assets.
Dealing with Information Security, Risk Management & Cyber ResilienceDonald Tabone
The document discusses approaches to information security, risk management, and cyber resilience. It recommends taking a three-pronged approach to information security that includes awareness, technical controls, and periodic reviews. It also suggests adopting a framework for cyber risk management that is appropriate for the organization's needs and risk appetite. Finally, it outlines six key points to achieving cyber resilience: organizational readiness, situational awareness, detection, cyber defense, mitigation and containment, and recovery.
The Offensive Cyber Security Certification will upgrade your skills to become a pentester, exploit developer. You will learn multiple offensive approaches to access infrastructure, environment, and information, performing risk analysis and mitigation, compliance, and much more with this program.
Cybersecurity Career Paths | Skills Required in Cybersecurity Career | Learn ...Edureka!
** CyberSecurity Certification Training: https://www.edureka.co/cybersecurity-certification-training **
Cybersecurity careers are complex and many roles can be found in banks, retailers and government organizations. This PPT will guide you through multiple career paths in cybersecurity. Below are the topics covered in this tutorial:
1. Where to Start?
2. Career Paths in Cybersecurity
3. Cybersecurity Job Salaries
4. Skills for Cybersecurity Careers
5. Tools & Technologies
6. Cybersecurity Careers & Estimated Annual
7. Related Occupations you should know about
Cybersecurity Training Playlist: https://bit.ly/2NqcTQV
Information Assurance & Reliability ArchitectureSrikar Sagi
Information Assurance(IA)
A Systematic & Systemic practice of assurance-modeling that guarantees protection of systems, information & managing information risks such as Confidentiality, Integrity, Availability, Auditing (Authentication /Authorization/Logs etc) & Non-repudiation in relation to the use, processing, storage & transmission of information, restoration of systems/services and the corresponding/inter-related systems, their processes used for protection capabilities(s)
Cyber security refers to the ability to defend against cyber-attacks, protect resources, and prevent cyber-attacks while information assurance is to ensure the confidentiality, possession or control, integrity, authenticity, availability and utility of information and information systems.
Cybersecurity Interview Questions and Answers | CyberSecurity Interview Tips ...Edureka!
** CyberSecurity Certification Training: https://www.edureka.co/cybersecurity-certification-training **
This Edureka tutorial on "Cybersecurity Interview Questions and Answers" consists of 50 questions from multiple cybersecurity domains which will help you in preparation of your interviews.
CHFI Certification course helps you learn more about major investigation situations and helps students get the experience of different types of forensic investigation procedures and tools taken into consideration for the forensic investigation so that the prosecutors can be prevented from any kind of issues.
The document discusses the CompTIA Security+ certification course. It provides an overview of the skills and competencies covered in the course, including deploying applications securely, identifying best encryption protocols, mitigating attacks and vulnerabilities, and adhering to regulations. The certification ensures students have practical skills to solve complex security issues and is applicable for jobs in securing systems, software, hardware, risk assessment, and more. It also addresses the exam details, passing score, recommended experience, costs, and jobs available with the certification.
CISSO Certification| CISSO Training | CISSOSagarNegi10
You will gain practical knowledge regarding a range of aspects in the INFOSEC community as part of the CISSO Certification program. It will teach you how to secure assets, monitor them, and comply with data security policies.
With increased use of technology in all aspects of our
lives, the need to protect our computers, networks, and
data increases as well. In the United States alone, there
are 400,000 unfilled jobs in the field of cyber-security.
You’ll learn what training programs exist and how
major corporations are committing to cyber-security
education. We’ll discuss how Rotarians can work to
connect underserved communities with training and job
opportunities both locally and internationally.
This document discusses foundational concepts in cyber security including cryptography, access control, and the CIA triad of confidentiality, integrity and availability. It provides an overview of common security terms and the roles and responsibilities in organizational security governance. Key topics covered include legislative and regulatory compliance, industry standards, and the importance of documentation for effective security.
The document covers security governance which seeks to mitigate risk and align security with business objectives. It discusses the impact of organizational structure on security and the roles of the CISO in understanding the business, developing security programs, ensuring compliance and reporting on security
Corporate Security Intelligence Just Got Smarter All Courses LinkedinSteve Phelps
The document provides information about intelligence and security training courses offered by Security & Intelligence Solutions Ltd and Sibylline Intelligence Solutions. It describes the companies and backgrounds of the owners/founders. Various training courses are then outlined, including topics covered, target attendees, and philosophy/approach. The courses focus on developing intelligence capabilities for corporate security environments. Intellectual property policies are also provided.
This document discusses various threats to information security and safeguards organizations can implement. The three main sources of threats are human error, malicious human activity, and natural disasters. Some key threats include hacking, viruses, unauthorized data disclosure through actions like phishing. Technical safeguards include identification & authentication like passwords, encryption, firewalls, malware protection. Human safeguards involve policies, training, account management and monitoring. Senior management must establish security policies, assess risks, and ensure all necessary safeguards are in place to protect the organization's information systems and data. The organization should also have an incident response plan to deal with security breaches when they do occur.
Threat modelling identifies potential security threats and vulnerabilities to develop mitigations. It is an essential process for managing cybersecurity risks. Threat response helps detect attacks in real time by monitoring activity and generating alerts. It allows security operators to quickly neutralize threats before they cause disruption. As technology plays a larger role, the need for threat modelling and response consultants has increased to combat cyber threats and protect organizations' data and systems.
This document discusses IBM's security transformation services which help optimize security strategies and programs to address risks. It outlines IBM's approach to assessing security maturity, building advanced security operations centers, establishing robust security testing and incident response programs, modernizing identity and access management, deploying critical data protection, and redefining infrastructure and endpoint security. IBM provides expertise across security strategy, risk management, compliance, intelligence and operations to help drive overall security transformation.
You have more to secure than ever before. A data breach can happen to any organization, and it's a growing concern among companies both large and small. Take a look at these best practices and see if any of these have gotten lost as you consider your 2017 plan.
2008: Web Application Security TutorialNeil Matatall
This document discusses web application security and summarizes key topics from a presentation on the subject. It introduces the Open Web Application Security Project (OWASP) Top 10 list of vulnerabilities, covering Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) in more detail. It also discusses security frameworks like ISO 27001 and the Payment Card Industry Data Security Standard (PCI DSS). The presentation emphasizes the importance of validating all user input to prevent injection attacks.
This document provides an overview of Trustwave's security education offerings, including security awareness training courses for employees and secure software development courses for technical staff. It includes a catalogue of available security awareness and development training lessons organized by topic, as well as options for customizing training programs and additional educational materials like posters and pamphlets. The document aims to help organizations choose the right training content and formats for their needs.
The document provides an overview of designing and developing an effective security awareness and training program. It defines security awareness training, discusses why such programs are important, and outlines best practices for doing it correctly. The presentation agenda includes defining security awareness training, discussing its importance, and presenting Mittal Technologies' security awareness training solution. The document then provides details on developing effective security awareness training, including establishing goals and success criteria, designing the program, developing training content at different levels, and tracking results.
Dealing with Information Security, Risk Management & Cyber ResilienceDonald Tabone
The document discusses approaches to information security, risk management, and cyber resilience. It recommends taking a three-pronged approach to information security that includes awareness, technical controls, and periodic reviews. It also suggests adopting a framework for cyber risk management that is appropriate for the organization's needs and risk appetite. Finally, it outlines six key points to achieving cyber resilience: organizational readiness, situational awareness, detection, cyber defense, mitigation and containment, and recovery.
The Offensive Cyber Security Certification will upgrade your skills to become a pentester, exploit developer. You will learn multiple offensive approaches to access infrastructure, environment, and information, performing risk analysis and mitigation, compliance, and much more with this program.
Cybersecurity Career Paths | Skills Required in Cybersecurity Career | Learn ...Edureka!
** CyberSecurity Certification Training: https://www.edureka.co/cybersecurity-certification-training **
Cybersecurity careers are complex and many roles can be found in banks, retailers and government organizations. This PPT will guide you through multiple career paths in cybersecurity. Below are the topics covered in this tutorial:
1. Where to Start?
2. Career Paths in Cybersecurity
3. Cybersecurity Job Salaries
4. Skills for Cybersecurity Careers
5. Tools & Technologies
6. Cybersecurity Careers & Estimated Annual
7. Related Occupations you should know about
Cybersecurity Training Playlist: https://bit.ly/2NqcTQV
Information Assurance & Reliability ArchitectureSrikar Sagi
Information Assurance(IA)
A Systematic & Systemic practice of assurance-modeling that guarantees protection of systems, information & managing information risks such as Confidentiality, Integrity, Availability, Auditing (Authentication /Authorization/Logs etc) & Non-repudiation in relation to the use, processing, storage & transmission of information, restoration of systems/services and the corresponding/inter-related systems, their processes used for protection capabilities(s)
Cyber security refers to the ability to defend against cyber-attacks, protect resources, and prevent cyber-attacks while information assurance is to ensure the confidentiality, possession or control, integrity, authenticity, availability and utility of information and information systems.
Cybersecurity Interview Questions and Answers | CyberSecurity Interview Tips ...Edureka!
** CyberSecurity Certification Training: https://www.edureka.co/cybersecurity-certification-training **
This Edureka tutorial on "Cybersecurity Interview Questions and Answers" consists of 50 questions from multiple cybersecurity domains which will help you in preparation of your interviews.
CHFI Certification course helps you learn more about major investigation situations and helps students get the experience of different types of forensic investigation procedures and tools taken into consideration for the forensic investigation so that the prosecutors can be prevented from any kind of issues.
The document discusses the CompTIA Security+ certification course. It provides an overview of the skills and competencies covered in the course, including deploying applications securely, identifying best encryption protocols, mitigating attacks and vulnerabilities, and adhering to regulations. The certification ensures students have practical skills to solve complex security issues and is applicable for jobs in securing systems, software, hardware, risk assessment, and more. It also addresses the exam details, passing score, recommended experience, costs, and jobs available with the certification.
CISSO Certification| CISSO Training | CISSOSagarNegi10
You will gain practical knowledge regarding a range of aspects in the INFOSEC community as part of the CISSO Certification program. It will teach you how to secure assets, monitor them, and comply with data security policies.
With increased use of technology in all aspects of our
lives, the need to protect our computers, networks, and
data increases as well. In the United States alone, there
are 400,000 unfilled jobs in the field of cyber-security.
You’ll learn what training programs exist and how
major corporations are committing to cyber-security
education. We’ll discuss how Rotarians can work to
connect underserved communities with training and job
opportunities both locally and internationally.
This document discusses foundational concepts in cyber security including cryptography, access control, and the CIA triad of confidentiality, integrity and availability. It provides an overview of common security terms and the roles and responsibilities in organizational security governance. Key topics covered include legislative and regulatory compliance, industry standards, and the importance of documentation for effective security.
The document covers security governance which seeks to mitigate risk and align security with business objectives. It discusses the impact of organizational structure on security and the roles of the CISO in understanding the business, developing security programs, ensuring compliance and reporting on security
Corporate Security Intelligence Just Got Smarter All Courses LinkedinSteve Phelps
The document provides information about intelligence and security training courses offered by Security & Intelligence Solutions Ltd and Sibylline Intelligence Solutions. It describes the companies and backgrounds of the owners/founders. Various training courses are then outlined, including topics covered, target attendees, and philosophy/approach. The courses focus on developing intelligence capabilities for corporate security environments. Intellectual property policies are also provided.
This document discusses various threats to information security and safeguards organizations can implement. The three main sources of threats are human error, malicious human activity, and natural disasters. Some key threats include hacking, viruses, unauthorized data disclosure through actions like phishing. Technical safeguards include identification & authentication like passwords, encryption, firewalls, malware protection. Human safeguards involve policies, training, account management and monitoring. Senior management must establish security policies, assess risks, and ensure all necessary safeguards are in place to protect the organization's information systems and data. The organization should also have an incident response plan to deal with security breaches when they do occur.
Threat modelling identifies potential security threats and vulnerabilities to develop mitigations. It is an essential process for managing cybersecurity risks. Threat response helps detect attacks in real time by monitoring activity and generating alerts. It allows security operators to quickly neutralize threats before they cause disruption. As technology plays a larger role, the need for threat modelling and response consultants has increased to combat cyber threats and protect organizations' data and systems.
This document discusses IBM's security transformation services which help optimize security strategies and programs to address risks. It outlines IBM's approach to assessing security maturity, building advanced security operations centers, establishing robust security testing and incident response programs, modernizing identity and access management, deploying critical data protection, and redefining infrastructure and endpoint security. IBM provides expertise across security strategy, risk management, compliance, intelligence and operations to help drive overall security transformation.
You have more to secure than ever before. A data breach can happen to any organization, and it's a growing concern among companies both large and small. Take a look at these best practices and see if any of these have gotten lost as you consider your 2017 plan.
2008: Web Application Security TutorialNeil Matatall
This document discusses web application security and summarizes key topics from a presentation on the subject. It introduces the Open Web Application Security Project (OWASP) Top 10 list of vulnerabilities, covering Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) in more detail. It also discusses security frameworks like ISO 27001 and the Payment Card Industry Data Security Standard (PCI DSS). The presentation emphasizes the importance of validating all user input to prevent injection attacks.
This document provides an overview of Trustwave's security education offerings, including security awareness training courses for employees and secure software development courses for technical staff. It includes a catalogue of available security awareness and development training lessons organized by topic, as well as options for customizing training programs and additional educational materials like posters and pamphlets. The document aims to help organizations choose the right training content and formats for their needs.
The document provides an overview of designing and developing an effective security awareness and training program. It defines security awareness training, discusses why such programs are important, and outlines best practices for doing it correctly. The presentation agenda includes defining security awareness training, discussing its importance, and presenting Mittal Technologies' security awareness training solution. The document then provides details on developing effective security awareness training, including establishing goals and success criteria, designing the program, developing training content at different levels, and tracking results.
A to Z of Information Security ManagementMark Conway
The purpose of information security is to protect an organisation’s valuable assets, such as information, Intellectual property, hardware, and software.
Through the selection and application of appropriate safeguards or controls, information security helps an organisation to meet its business objectives by protecting its physical and financial resources, reputation, legal position, employees, and other tangible and intangible assets.
In this A to Z I’d like to outline some of the key focus areas for organisations wishing to pursue compliance to the ISO27001 Information Security standard.
Embark on a journey to exam excellence with our comprehensive guide to SY0-701 Dumps for CompTIA Security+. Dive into the intricacies of the SY0-701 exam with meticulously crafted Security+ Dumps designed to simulate the real exam environment. Elevate your preparation, boost confidence, and ensure success on exam day. Join a community of achievers who have trusted our SY0-701 Dumps for a proven pathway to mastering the CompTIA Security+ certification. Uncover the key insights and strategies essential for acing the SY0-701 exam. Your success begins with the right preparation – explore our Security+ Dumps and pave the way for a successful career in cybersecurity.
Building and implementing a successful information security policyRossMob1
This document provides guidance on building and implementing a successful information security policy. It discusses conducting a risk analysis to identify key assets, managing risks posed to those assets, and creating an effective security awareness program. The security policy should clearly explain acceptable and prohibited uses of company resources. Creating a policy engages employees in securing the network and reduces risks from human errors. The document then gives recommendations for various aspects of the security policy and awareness program, such as addressing physical security, internet threats, security violations, and innovative training methods.
IT Risk Management & Leadership 30 March - 02 April 2014 Dubai UAE360 BSI
Are you effectively securing your organization’s IT systems that store, process, or transmit organizational information?
Is your IT risk management plan tailored to the specific risk profile of your business and being coordinated across all functional and business units?
With the release of IT Governance frameworks, requirements for risk management and new international standards entering the market, the pressure is mounting to ensure that all your IT risks are identified and the necessary action is taken – be this to mitigate them, accept or ignore them. So, how safe is your IT system? What are the risks that your organization is being exposed to?
The solution to this challenge is to establish an effective risk management process that protects the organization, not just its IT assets, and provides it with the ability to perform its mission.
Risk management is the process of identifying and assessing risk and taking preventive measures to reduce it to an acceptable level. It is critical that you develop an effective risk management program that assesses and mitigates risks within your IT systems and better manages these IT-related mission risks.
BENEFITS OF ATTENDING THIS WORKSHOP
Identify common IT project risks
Learn how to assess threats and vulnerabilities to create a risk response strategy
Understand what qualifies as risk with IT projects
Understand the most common IT risk sources
Qualify and quantify IT risks
Learn the difference between negative and positive IT risks
Develop an IT risk management plan
Plan risk response methods for IT risks
Create risk mitigation and contingency plans
Monitor and control project risks
Overcome resistance from stakeholders and team members
WHO SHOULD ATTEND THIS WORKSHOP
IT risk managers
IT security managers
Compliance officers
Program and project managers
IT project managers
IT operation manager
Contact Kris at kris@360bsi.com to register.
The document discusses end user security awareness training. It provides an overview of the training, including introducing security awareness challenges, developing awareness initiatives, and best practices. It also discusses using security awareness materials and resources to educate end users on topics like malware, passwords, and data protection. The goal is to change user behaviors and encourage a security-minded culture.
Top 10 Measure to Mitigate Insider Security Threats.pptxinfosec train
Attackers are continually targeting companies, but what if the attacks originate from within? Insider security threats are posing a greater threat to businesses than at any other time in history.
https://www.infosectrain.com/
Get training in cyber security & place yourself in good companies through...CCI Training Center
Get Cyber Security Training Program Information, Why Should You Learn?, What Will You Learn? Cyber Security Courses & Place Yourself in Good Companies Through This Courses. https://medium.com/@ccitrainingc/get-training-in-cyber-security-place-yourself-in-good-companies-through-this-course-7bd8aa675a65
Empowering Employees for Cyber Resilience: A Guide to Strengthening Your Orga...Richard Lawson
This comprehensive guide focuses on empowering employees to contribute to their organization's cybersecurity posture. It outlines the importance of investing in cybersecurity skills and training, implementing strong security controls, understanding incident response plans, monitoring the work environment for threats, and continuously educating employees about cybersecurity best practices. By fostering a security-conscious workforce and encouraging active participation in cybersecurity efforts, organizations can significantly reduce the risk of cyberattacks and build a more robust and resilient defense against potential breaches.
Information Security Analyst Resume. When seekingDanielle Bowers
This document discusses the importance of prioritizing information security to protect personal and professional lives in today's digital world. It explains that information security involves implementing measures like encryption and authentication to safeguard data from threats. While cyber threats are constantly evolving, taking proactive security measures is crucial. Information security protects personal privacy, secures business assets, and ensures national security. When seeking resume help, customers can trust BestResumeHelp.com to handle personal information with utmost confidentiality and security.
4MANUAL OVERVIEW
5SECTION 1:Introduction: Welcome to CyberLeet
51.1 Introduction
51.2 Your Role at CyberLeet
61.3 Purpose of This Manual
7SECTION 2:CORE TENETS OF CYBERSECURITY
72.1 Confidentiality
72.2 Integrity
82.3 Availability
9SECTION 3:CYBERSECURITY POLICIES
93.1 Password Policies
93.2 Acceptable Use Policies
103.3 User Training Policies
103.4 Basic User Policies
11SECTION 4:THREAT MITIGATION SCENARIOS
114.1 Theft
114.2 Malware
124.3 Your Choice
13SECTION 5: REFERENCES
MANUAL OVERVIEW
You are the training manager at CyberLeet Technologies, a midsized firm that provides cybersecurity services to other businesses. CyberLeet’s core customer base is sole proprietorships and other mom-and-pop shops that are too small to have their own IT departments and budgets. Generally speaking, your clients have a reasonably high risk tolerance, and put a premium on the functionality of their IT systems over stringent security measures. However, you also have clients that must protect highly sensitive information in order to continue operating successfully. For example, CyberLeet supports a few small public-accounting firms that need to maintain important tax-related information, as well as several day-care businesses that must keep children’s health records private while allowing necessary access for certain caregivers. In the past year, CyberLeet has experienced rapid growth, which means you can no longer personally provide one-on-one training to every new information security analyst as they are hired. Therefore, you have decided to create a training manual that will explain to the current and future cohorts of new hires the essential principles and practices that they must understand in order to be successful in their role as information security analysts at CyberLeet.
Manual Layout
There are four sections in the manual, which cover all the components of a new employee training manual. As the training manager, you must complete each section using information you learned in this course. Refer to the background information on CyberLeet and apply the appropriate information that best matches based on the size of the company, the value of cybersecurity, and its core tenets. Apply best practices of cybersecurity principles for addressing the common threat scenarios of a sole proprietary business. The main sections of the manual you are responsible for completing are the following:
· Introduction
· Core tenets of cybersecurity
· Developing cybersecurity policies
· Threat mitigation scenarios
In Section One, describe the organization. Provide a short history of the company, define the way it operates, and describe its place within the industry and the community it serves. Follow the prompts to complete each section. All prompts should be deleted prior to submitting this section. SECTION 1:
Introduction: Welcome to CyberLeet1.1 Introduction
Prompt: Explain the value of CyberLeet Technologiesas a provider of cybersecurity services to its .
Cyber security practices involve preventing malicious attacks on computers, servers, mobile devices, electronic systems, networks, and data. It is also called information technology security or electronic information security.
https://www.infosectrain.com/courses/ceh-v11-certification-training/
This document is an IT security assessment proposal from Cybersense that outlines the need for IT security assessments. It discusses why assessments are important for protecting organizations from cyber threats. The proposal describes Cybersense's approach, deliverables including a detailed report, and costs varying by project scope. Cybersense is presented as an information security consulting firm that can help organizations strengthen their security and risk management.
The document describes the Certified Security Management Professional (CSMP) certification program. It is a 12-month distance learning program divided into 12 modules that cover key areas of security management knowledge. Upon completing all modules and assignments, students earn the CSMP certification. The cost is £750 plus VAT. The certification is accredited by Industry Qualifications and Skills for Security in the UK. It is intended for security managers and professionals to enhance their skills and credentials. The program has hundreds of graduates from over 85 countries.
Cyber-attacks are an alarming threat to all types of businesses & organizations.The risk of a cyber-attack is not just a risk to your company but also to your privacy.Hence, cybersecurity is crucial for every business. Cybersecurity protects critical data from cyber attackers. This includes sensitive data, governmental and industry information, personal information, personally identifiable information (PII), intellectual property, and protected health information (PHI). If you are looking for tools to fight against cyber threats, then Techwave’s tools & technologies with adequate controls will help your organization stay protected.
The document discusses cybersecurity and Techwave's approach. It notes that cyber attacks are a threat to businesses and their privacy. Techwave provides cybersecurity tools and technologies to help organizations stay protected. Their solutions include a defense-in-depth strategy with multiple security layers, digital certificates for authentication, and comprehensive security assessments and plans. Techwave aims to maintain data security, manage risks, avoid breaches, and ensure compliance.
Similar to Trustwave Cybersecurity Education Catalog 2019 (20)
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...DanBrown980551
This LF Energy webinar took place June 20, 2024. It featured:
-Alex Thornton, LF Energy
-Hallie Cramer, Google
-Daniel Roesler, UtilityAPI
-Henry Richardson, WattTime
In response to the urgency and scale required to effectively address climate change, open source solutions offer significant potential for driving innovation and progress. Currently, there is a growing demand for standardization and interoperability in energy data and modeling. Open source standards and specifications within the energy sector can also alleviate challenges associated with data fragmentation, transparency, and accessibility. At the same time, it is crucial to consider privacy and security concerns throughout the development of open source platforms.
This webinar will delve into the motivations behind establishing LF Energy’s Carbon Data Specification Consortium. It will provide an overview of the draft specifications and the ongoing progress made by the respective working groups.
Three primary specifications will be discussed:
-Discovery and client registration, emphasizing transparent processes and secure and private access
-Customer data, centering around customer tariffs, bills, energy usage, and full consumption disclosure
-Power systems data, focusing on grid data, inclusive of transmission and distribution networks, generation, intergrid power flows, and market settlement data
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/temporal-event-neural-networks-a-more-efficient-alternative-to-the-transformer-a-presentation-from-brainchip/
Chris Jones, Director of Product Management at BrainChip , presents the “Temporal Event Neural Networks: A More Efficient Alternative to the Transformer” tutorial at the May 2024 Embedded Vision Summit.
The expansion of AI services necessitates enhanced computational capabilities on edge devices. Temporal Event Neural Networks (TENNs), developed by BrainChip, represent a novel and highly efficient state-space network. TENNs demonstrate exceptional proficiency in handling multi-dimensional streaming data, facilitating advancements in object detection, action recognition, speech enhancement and language model/sequence generation. Through the utilization of polynomial-based continuous convolutions, TENNs streamline models, expedite training processes and significantly diminish memory requirements, achieving notable reductions of up to 50x in parameters and 5,000x in energy consumption compared to prevailing methodologies like transformers.
Integration with BrainChip’s Akida neuromorphic hardware IP further enhances TENNs’ capabilities, enabling the realization of highly capable, portable and passively cooled edge devices. This presentation delves into the technical innovations underlying TENNs, presents real-world benchmarks, and elucidates how this cutting-edge approach is positioned to revolutionize edge AI across diverse applications.
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...Jason Yip
The typical problem in product engineering is not bad strategy, so much as “no strategy”. This leads to confusion, lack of motivation, and incoherent action. The next time you look for a strategy and find an empty space, instead of waiting for it to be filled, I will show you how to fill it in yourself. If you’re wrong, it forces a correction. If you’re right, it helps create focus. I’ll share how I’ve approached this in the past, both what works and lessons for what didn’t work so well.
Northern Engraving | Nameplate Manufacturing Process - 2024Northern Engraving
Manufacturing custom quality metal nameplates and badges involves several standard operations. Processes include sheet prep, lithography, screening, coating, punch press and inspection. All decoration is completed in the flat sheet with adhesive and tooling operations following. The possibilities for creating unique durable nameplates are endless. How will you create your brand identity? We can help!
In the realm of cybersecurity, offensive security practices act as a critical shield. By simulating real-world attacks in a controlled environment, these techniques expose vulnerabilities before malicious actors can exploit them. This proactive approach allows manufacturers to identify and fix weaknesses, significantly enhancing system security.
This presentation delves into the development of a system designed to mimic Galileo's Open Service signal using software-defined radio (SDR) technology. We'll begin with a foundational overview of both Global Navigation Satellite Systems (GNSS) and the intricacies of digital signal processing.
The presentation culminates in a live demonstration. We'll showcase the manipulation of Galileo's Open Service pilot signal, simulating an attack on various software and hardware systems. This practical demonstration serves to highlight the potential consequences of unaddressed vulnerabilities, emphasizing the importance of offensive security practices in safeguarding critical infrastructure.
"$10 thousand per minute of downtime: architecture, queues, streaming and fin...Fwdays
Direct losses from downtime in 1 minute = $5-$10 thousand dollars. Reputation is priceless.
As part of the talk, we will consider the architectural strategies necessary for the development of highly loaded fintech solutions. We will focus on using queues and streaming to efficiently work and manage large amounts of data in real-time and to minimize latency.
We will focus special attention on the architectural patterns used in the design of the fintech system, microservices and event-driven architecture, which ensure scalability, fault tolerance, and consistency of the entire system.
Main news related to the CCS TSI 2023 (2023/1695)Jakub Marek
An English 🇬🇧 translation of a presentation to the speech I gave about the main changes brought by CCS TSI 2023 at the biggest Czech conference on Communications and signalling systems on Railways, which was held in Clarion Hotel Olomouc from 7th to 9th November 2023 (konferenceszt.cz). Attended by around 500 participants and 200 on-line followers.
The original Czech 🇨🇿 version of the presentation can be found here: https://www.slideshare.net/slideshow/hlavni-novinky-souvisejici-s-ccs-tsi-2023-2023-1695/269688092 .
The videorecording (in Czech) from the presentation is available here: https://youtu.be/WzjJWm4IyPk?si=SImb06tuXGb30BEH .
Your One-Stop Shop for Python Success: Top 10 US Python Development Providersakankshawande
Simplify your search for a reliable Python development partner! This list presents the top 10 trusted US providers offering comprehensive Python development services, ensuring your project's success from conception to completion.
Monitoring and Managing Anomaly Detection on OpenShift.pdfTosin Akinosho
Monitoring and Managing Anomaly Detection on OpenShift
Overview
Dive into the world of anomaly detection on edge devices with our comprehensive hands-on tutorial. This SlideShare presentation will guide you through the entire process, from data collection and model training to edge deployment and real-time monitoring. Perfect for those looking to implement robust anomaly detection systems on resource-constrained IoT/edge devices.
Key Topics Covered
1. Introduction to Anomaly Detection
- Understand the fundamentals of anomaly detection and its importance in identifying unusual behavior or failures in systems.
2. Understanding Edge (IoT)
- Learn about edge computing and IoT, and how they enable real-time data processing and decision-making at the source.
3. What is ArgoCD?
- Discover ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes, and its role in deploying applications on edge devices.
4. Deployment Using ArgoCD for Edge Devices
- Step-by-step guide on deploying anomaly detection models on edge devices using ArgoCD.
5. Introduction to Apache Kafka and S3
- Explore Apache Kafka for real-time data streaming and Amazon S3 for scalable storage solutions.
6. Viewing Kafka Messages in the Data Lake
- Learn how to view and analyze Kafka messages stored in a data lake for better insights.
7. What is Prometheus?
- Get to know Prometheus, an open-source monitoring and alerting toolkit, and its application in monitoring edge devices.
8. Monitoring Application Metrics with Prometheus
- Detailed instructions on setting up Prometheus to monitor the performance and health of your anomaly detection system.
9. What is Camel K?
- Introduction to Camel K, a lightweight integration framework built on Apache Camel, designed for Kubernetes.
10. Configuring Camel K Integrations for Data Pipelines
- Learn how to configure Camel K for seamless data pipeline integrations in your anomaly detection workflow.
11. What is a Jupyter Notebook?
- Overview of Jupyter Notebooks, an open-source web application for creating and sharing documents with live code, equations, visualizations, and narrative text.
12. Jupyter Notebooks with Code Examples
- Hands-on examples and code snippets in Jupyter Notebooks to help you implement and test anomaly detection models.
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-EfficiencyScyllaDB
Freshworks creates AI-boosted business software that helps employees work more efficiently and effectively. Managing data across multiple RDBMS and NoSQL databases was already a challenge at their current scale. To prepare for 10X growth, they knew it was time to rethink their database strategy. Learn how they architected a solution that would simplify scaling while keeping costs under control.
The Microsoft 365 Migration Tutorial For Beginner.pptxoperationspcvita
This presentation will help you understand the power of Microsoft 365. However, we have mentioned every productivity app included in Office 365. Additionally, we have suggested the migration situation related to Office 365 and how we can help you.
You can also read: https://www.systoolsgroup.com/updates/office-365-tenant-to-tenant-migration-step-by-step-complete-guide/
This talk will cover ScyllaDB Architecture from the cluster-level view and zoom in on data distribution and internal node architecture. In the process, we will learn the secret sauce used to get ScyllaDB's high availability and superior performance. We will also touch on the upcoming changes to ScyllaDB architecture, moving to strongly consistent metadata and tablets.
Fueling AI with Great Data with Airbyte WebinarZilliz
This talk will focus on how to collect data from a variety of sources, leveraging this data for RAG and other GenAI use cases, and finally charting your course to productionalization.
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfChart Kalyan
A Mix Chart displays historical data of numbers in a graphical or tabular form. The Kalyan Rajdhani Mix Chart specifically shows the results of a sequence of numbers over different periods.
Introduction of Cybersecurity with OSS at Code Europe 2024Hiroshi SHIBATA
I develop the Ruby programming language, RubyGems, and Bundler, which are package managers for Ruby. Today, I will introduce how to enhance the security of your application using open-source software (OSS) examples from Ruby and RubyGems.
The first topic is CVE (Common Vulnerabilities and Exposures). I have published CVEs many times. But what exactly is a CVE? I'll provide a basic understanding of CVEs and explain how to detect and handle vulnerabilities in OSS.
Next, let's discuss package managers. Package managers play a critical role in the OSS ecosystem. I'll explain how to manage library dependencies in your application.
I'll share insights into how the Ruby and RubyGems core team works to keep our ecosystem safe. By the end of this talk, you'll have a better understanding of how to safeguard your code.
Have you ever been confused by the myriad of choices offered by AWS for hosting a website or an API?
Lambda, Elastic Beanstalk, Lightsail, Amplify, S3 (and more!) can each host websites + APIs. But which one should we choose?
Which one is cheapest? Which one is fastest? Which one will scale to meet our needs?
Join me in this session as we dive into each AWS hosting service to determine which one is best for your scenario and explain why!
2. CYBERSECURITY EDUCATION CATALOG
Introduction
The human factor – what employees do or don’t do – is the biggest
vulnerability to an organization’s information security, yet it’s often the most
overlooked. Whether they are processing credit cards, handling clients’
personal information, or developing software solutions for your business,
your employees are ripe targets for information thieves seeking access to
your sensitive data, unless you help them learn how to protect against and
respond to security incidents. It’s vital to your business to provide security
education to your employees and partners.
Trustwave offers two key types of Cybersecurity Education:
• Security Awareness Education for all staff
• Secure Developer Training for technical staff
Use this catalog to browse the Cybersecurity Education offerings. If you have
questions, reach out to your Trustwave account manager or use the Contact
Us section of the Trustwave website at www.trustwave.com.
4. CYBERSECURITY EDUCATION CATALOG
2
Security Awareness Education
Every Trustwave Security Awareness Education (SAE) program is customized for
you, the client. Your options include how your online security education courses
will be set up and which additional video and print-based materials you would
like to order to reinforce your program year-round. This section is designed to
guide you through the program and help you choose the options that are right
for you and your organization.
SAE Courses
Use the SAE Courses list to browse our library of security awareness courses. Categorized by areas of interest, each
course’s catalog code, topic, and objectives are listed to help you decide which topics are most appropriate for
your target audience(s). All courses are available in English. Most courses are available in German and Spanish, and
all courses can be localized into additional languages. The portal is English by default and may be configured in
Spanish, French and Portuguese as well as many other languages. You may also view our courses in the Trustwave
Cybersecurity Education portal. Contact your Trustwave account manager if you would like to receive a free trial.
Security Awareness Curriculum Builder
The Security Awareness Curriculum Builder page lists the courses included in each available curriculum, tailored for
common organizational roles requiring security awareness training. If these combinations don’t fit your organization’s
needs, or if you’d like to include additional materials such as quizzes or your organization’s own information security
policies, use the table at the bottom of the Security Awareness Curriculum Builder page to identify the curriculum
you would like us to build.
Supplemental Material to Support Security Awareness
Often organizations administer formal security awareness training only once per year. Hanging posters in your office
environment and featuring the two-minute security videos in public areas and meetings can help keep employees
aware of their security responsibilities year-round.
5. 3
SAE Courses
Each curriculum in your Security Awareness Education program may be comprised of one or more of the following courses. Use this guide to identify the courses
you would like to include in each curriculum. If you have any questions, or if you would like to receive a free trial, contact your Trustwave account manager.
Compliance Topics These courses present the basic principles of various compliance standards and information security measures.
# Course Name Course Objectives Supporting Objectives
AWA 001
Introduction to the
PCI DSS Compliance
Standard
Recognize how the Payment Card Industry
Data Security Standard (PCI DSS) protects
cardholder data.
• Identify elements of cardholder data that must be protected.
• Recognize appropriate protection mechanisms for cardholder data.
• Describe the continuous process to maintain PCI compliance.
AWA 002
PCI for Business
as Usual (BAU)
Compliance
Understand best practices to implement PCI
DSS controls and make compliance business as
usual.
• Understand the “big picture” purpose of the PCI DSS to protect the business and serve customers.
• Acknowledge the importance of data security measures to achieve compliance and maintain security.
AWA 015
PCI Compliance
Understand the importance of the Payment Card
Industry Data Security Standard (PCI DSS).
• Recognize appropriate protection mechanisms for cardholder data.
• Recognize how the PCI DSS helps minimize risk to cardholder data.
Security Awareness Topics These courses present basic security awareness concepts that all employees should understand.
# Course Name Course Objectives Supporting Objectives
AWA 004
Introduction to Security
Awareness
Create awareness of best practices for
protecting sensitive information, how to handle
information securely and the risks of mishandling
information.
• State how actions can impact the security of your organization and identify what criminals are after.
• Provide examples of sensitive information in the workplace and how to categorize it.
• Define PII, identify examples of it and state how to protect your information.
• Be aware of how information is protected, including data integrity.
• Describe benefits of security awareness and apply what you have learned to avoid becoming a victim.
AWA 007
Information Privacy and
Security Awareness for
Executives
Provide decision-makers and managers with a
concise summary of essential information privacy
and security awareness requirements.
• Learn how to identify, help prevent and defend against the most common privacy and security
threats.
AWA 008
Information Privacy -
Classifying Data
Recognize the importance of understanding
what constitutes private data.
• Recognize the importance of meeting internal and external security compliance requirements.
• Understand how to classify data based on sensitivity level and risk.
• Learn best practices for protecting sensitive data.
AWA 009
Information Privacy -
Protecting Data
Recognize the importance of understanding
what constitutes private data and how to behave
in a proactive manner to protect this information
in everyday work.
• Understand physical controls, technical controls and administrative policies and and practices in
support of data privacy.
A video related to this course topic is available.
6. CYBERSECURITY EDUCATION CATALOG
4
A video related to this course topic is available.
Security Awareness Topics These courses cover basic security awareness concepts that all employees should understand.
AWA 010
Email Security
Recognize malicious email before it can become
a threat.
• Learn how to properly handle email.
• Learn best practices around how and when to use email to send specific types of information.
• Understand what Personally Identifiable Information (PII) is.
• Understand the impact of sending sensitive information over an insecure medium.
• Identify information that should not be sent via email.
AWA 012 Malware Awareness
Learn how to identify and define types of
malware.
• Recognize evidence of active infection and understand what the proper actions are to prevent such
attacks.
AWA 013
Mobile Security List the characteristics of mobile device platforms. • Identify the role device ownership plays as a basis for understanding application risk.
AWA 014
Password Security
Learn how to create and remember strong
passwords, therefore eliminating the need to use
insecure practices.
• Recognize the risks surrounding password security.
• Identify safeguards used to protect passwords.
• Summarize techniques used by attackers to obtain passwords.
AWA 016 Phishing Awareness
Recognize malicious email before it can become
a threat.
• Understand the various ways in which attackers try to trick and entice users to trigger malicious
events through email.
• Learn best practices to properly handle and avoid phishing attacks.
AWA 017
Physical Security
Learn accepted practices for minimizing breaches
and identifying different types of data that may
be exposed via hardware theft.
• Understand what physical security is and why it is everyone’s responsibility.
• Identify common physical security attacks.
• Identify physical security best practices.
AWA 018
Social Engineering
Awareness
Identify the many forms of social engineering
and its potential impacts.
• Identify techniques used by social engineers.
• Understand how to establish validity of requests in order to perform daily business functions in light
of potential threats.
AWA 019 Travel Security
Recognize the risks associated with transporting
sensitive data.
• Recognize threats that may be present while traveling.
• Identify the risks certain locations may harbor.
• Understand the defenses that you may employ while traveling.
7. 5
Best Practices for Job Roles These courses target specific job roles within an organization. Each course you create should contain one of these JRT (Job Role Training) lessons, depending on your role
and industry.
# Course Name Course Objectives Supporting Objectives
JRT 001
Secure Practices for Retail
Associates
Recognize the security awareness responsibilities
of retail associates and the laws, regulations,
methods and best practices that help keep
information secure in the retail environment.
• Recognize the information security responsibilities of retail associates that impact the retail
environment.
• List and describe information security responsibilities and best practices of retail associates.
JRT 002
Secure Practices for Retail
Managers
Recognize the security awareness responsibilities
of retail managers and the laws, regulations,
methods and best practices that help keep
information secure in the retail environment.
• Recognize the security responsibilities of retail managers or owners that impact the retail environment.
• List and describe information security responsibilities and best practices of retail managers.
JRT 003
Secure Practices for Call
Center Associates
Recognize the security awareness responsibilities
of call center employees and the laws,
regulations, methods and best practices that help
to keep information secure.
• Recognize the information security laws and regulations that impact the call center environment.
• Recognize the responsibility of call center employees to protect the information they work with each day.
• List and describe the information security responsibilities and best practices of call center employees.
JRT 004
Secure Practices for Call
Center Managers
Recognize the security awareness responsibilities
of call center managers and the laws, regulations,
methods and best practices that help keep
information secure in the call center.
• Recognize the information security responsibilities of call center managers and the related laws and
regulations that impact the call center environment.
• List and describe information security responsibilities and best practices of call center managers.
Advanced Security Topics These courses cover a wide range of advanced topics for managers and technical personnel.
# Course Name Course Objectives Supporting Objectives
ADV 002
Exploring Security
Trends
Learn about the Global Security Report (GSR),
recognize the sources of information reported,
and review the findings of Trustwave’s team of
security experts. You will also be introduced to
key themes and recommendations based on
security trends.
• Describe what the Global Security Report is and recognize its benefits.
• Identify what criminals are targeting the most and list the type of data targeted by cybercriminals.
• Discuss what industries cybercriminals were targeting and which one was hit the hardest.
• Discuss compromises by environment and what you can do to prevent compromises.
• Reflect upon the global conclusion and 10 year summary and how this information impacts your
business and personal information.
8. CYBERSECURITY EDUCATION CATALOG
6
Security Awareness Education Curriculum Builder
The first table below is a list of curriculum recommendations for common job roles that fit most organizations. It shows the courses included for each
recommended curriculum. If you prefer to create a custom curriculum, use the Create Your Own table to indicate what courses you would like to include.
The video list on the next page indicates which two-minute videos are associated with which curriculum.
Security and Privacy Awareness for
Executives
●
Security and Privacy Awareness for
General Staff
● ● ● ● ● ● ● ● ● ● ● ●
Security and Privacy Awareness for
Retail Associates
● ● ● ● ● ● ●
Security and Privacy Awareness for
Retail Managers
● ● ● ● ● ● ●
Security and Privacy Awareness for Call
Center Associates
● ● ● ● ● ● ● ● ● ● ●
Security and Privacy Awareness for Call
Center Managers
● ● ● ● ● ● ● ● ● ● ●
Security and Privacy Awareness for
Compliance Managers
● ● ● ● ● ● ● ● ● ● ● ● ●
PCI Fundamentals
● ● ● ●
General Data Protection Regulaton
(GDPR)
● ●
Advanced Topics
●
Create your Own Use this section to mix and match lessons to build up to three courses of your own. Just print this sheet and fill in the necessary information, which
you can then share with your Trustwave account manager.
AWA
001
AWA
002
AWA
007
AWA
008
AWA
009
AWA
012
AWA
013
AWA
014
AWA
015
AWA
016
AWA
017
AWA
018
AWA
019
JRT001
JRT002
JRT003
JRT004
ADV002
AWA
010
AWA
004
9. 7
Security and Privacy Awareness for General
Staff
● ● ● ● ● ● ● ● ● ● ● ● ●
Security and Privacy Awareness for
Retail Associates
● ● ● ●
Security and Privacy Awareness for
Retail Managers
● ● ● ●
Security and Privacy Awareness for Call Center
Associates
● ● ● ● ● ● ● ● ●
Security and Privacy Awareness for Call
Center Managers
● ● ● ● ● ● ● ● ●
Security and Privacy Awareness for
Compliance Managers
● ● ● ● ● ● ● ● ● ● ● ●
PCI Fundamentals ● ●
General Data Privacy Regulation (GDPR) ● ●
VID
002
VID
003
VID
004
VID
005
VID
006
VID
008
VID
009
VID
010
VID
011
VID
012
VID
013
VID
014
VID
007
Security Awareness Education Curriculum Videos
See the list below to determine which two-minute videos are included in which curriculum. You can add any videos to any curriculum you want.
VID
001
10. CYBERSECURITY EDUCATION CATALOG
8
Role-Based Security Awareness Education
Here is a list of curriculum recommendations for common job roles. Each curriculum is available for you to assign to your employees using the Learning Assignment
Tool in the Cybersecurity Education portal. If you prefer to create your own curriculum with a custom set of courses, please contact your Trustwave account manager.
Security and Privacy Awareness for Executives
(55 minutes)
Course Code: SAE EXEC
This course is designed for executives who want an
overview of information privacy and security awareness.
• AWA 007 Information Privacy and Security Awareness for
Executives (45 minutes)
• Information Privacy and Security Awareness for Executives
Exam (10 minutes)
Security and Privacy Awareness for General
Staff (3 hours 1 minute)
Course Code: SAE GEN
This course is designed for general office staff and
employees who have access to sensitive information.
• VID 001 Data Privacy in 2 Minutes
• AWA 004 Introduction to Security Awareness (15 minutes)
• AWA 008 Information Privacy - Classifying Data (15 minutes)
• AWA 009 Information Privacy - Protecting Data (15 minutes)
• VID 012 Social Engineering in 2 Minutes
• AWA 018 Social Engineering Awareness (15 minutes)
• VID 013 Strong Passwords in 2 Minutes
• AWA 014 Password Security (10 minutes)
• VID 007 Password Security in 2 Minutes
• VID 002 Email Privacy in 2 Minutes
• AWA 010 Email Security (10 minutes)
• VID 009 Phishing in 2 Minutes
• AWA 016 Phishing Awareness (10 minutes)
• VID 005 Malware Prevention in 2 Minutes
• AWA 012 Malware Awareness (10 minutes)
• VID 010 Physical Security in 2 Minutes
• AWA 017 Physical Security (10 minutes)
• VID 006 Mobile Security in 2 Minutes
• AWA 013 Mobile Security (15 minutes)
• VID 004 IoT in 2 Minutes
• VID 011 Ransomware in 2 Minutes
• VID 014 Travel Security in 2 Minutes
• AWA 019 Travel Security (15 minutes)
• VID 008 PCI Compliance in 2 Minutes
• AWA 015 PCI Compliance (15 minutes)
Security and Privacy Awareness for Retail
Managers (1 hour 48 minutes)
Course Code: SAE RM
This course is designed for general office staff and
employees who have access to sensitive information.
• VID 001 Data Privacy in 2 Minutes
• AWA 004 Introduction to Security Awareness (15 minutes)
• AWA 008 Information Privacy - Classifying Data (15 minutes)
• AWA 009 Information Privacy - Protecting Data (15 minutes)
• VID 012 Social Engineering in 2 Minutes
• AWA 018 Social Engineering Awareness (15 minutes)
• VID 010 Physical Security in 2 Minutes
• AWA 017 Physical Security (10 minutes)
• VID 008 PCI Compliance in 2 Minutes
• AWA 015 PCI Compliance (15 minutes)
• JRT 002 SP for Retail Managers (15 minutes)
Security and Privacy Awareness for Retail
Associates (1 hour 48 minutes)
Course Code: SAE GA
This course is designed for employees who process
credit card transactions in person.
• VID 001 Data Privacy in 2 Minutes
• AWA 004 Introduction to Security Awareness (15 minutes)
• AWA 008 Information Privacy - Classifying Data (15 minutes)
• AWA 009 Information Privacy - Protecting Data (15 minutes)
• VID 012 Social Engineering in 2 Minutes
• AWA 018 Social Engineering Awareness (15 minutes)
• VID 010 Physical Security in 2 Minutes
• AWA 017 Physical Security (10 minutes)
• VID 008 PCI Compliance in 2 Minutes
• AWA 015 PCI Compliance (15 minutes)
• JRT 001 SP for Retail Associates (15 minutes)
Security and Privacy Awareness for Call Center
Managers (2 hours 35 minutes)
Course Code: SAE CCM
This course is designed for managers of card-not-
present environments.
• VID 001 Data Privacy in 2 Minutes
• AWA 004 Introduction to Security Awareness (15 minutes)
• AWA 008 Information Privacy - Classifying Data (15 minutes)
• AWA 009 Information Privacy - Protecting Data (15 minutes)
• VID 012 Social Engineering in 2 Minutes
• AWA 018 Social Engineering Awareness (15 minutes)
• VID 013 Strong Passwords in 2 Minutes
• AWA 014 Password Security (10 minutes)
• VID 007 Password Security in 2 Minutes
• VID 002 Email Privacy in 2 Minutes
• AWA 010 Email Security (10 minutes)
• VID 009 Phishing in 2 Minutes
• AWA 016 Phishing Awareness (10 minutes)
• VID 005 Malware Prevention in 2 Minutes
• AWA 012 Malware Awareness (10 minutes)
• VID 010 Physical Security in 2 Minutes
• AWA 017 Physical Security (10 minutes)
• JRT 004 SP for Call Center Managers (10 minutes)
• VID 011 Ransomware in 2 Minutes
• VID 008 PCI Compliance in 2 Minutes
• AWA 015 PCI Compliance (15 minutes)
11. 9
Security and Privacy Awareness for Call Center
Associates (2 hours 40 minutes)
Course Code: SAE CCA
This course is designed for employees who process
card-not-present transactions.
• VID 001 Data Privacy in 2 Minutes
• AWA 004 Introduction to Security Awareness (15 minutes)
• AWA 008 Information Privacy - Classifying Data (15 minutes)
• AWA 009 Information Privacy - Protecting Data (15 minutes)
• VID 012 Social Engineering in 2 Minutes
• AWA 018 Social Engineering Awareness (15 minutes)
• VID 013 Strong Passwords in 2 Minutes
• AWA 014 Password Security (10 minutes)
• VID 007 Password Security in 2 Minutes
• VID 002 Email Privacy in 2 Minutes
• AWA 010 Email Security (10 minutes)
• VID 009 Phishing in 2 Minutes
• AWA 016 Phishing Awareness (10 minutes)
• VID 005 Malware Prevention in 2 Minutes
• AWA 012 Malware Awareness (10 minutes)
• VID 010 Physical Security in 2 Minutes
• AWA 017 Physical Security (10 minutes)
• JRT 003 SP for Call Center Associates (15 minutes)
• VID 011 Ransomware in 2 Minutes
• VID 008 PCI Compliance in 2 Minutes
• AWA 015 PCI Compliance (15 minutes)
Security and Privacy Awareness for Compliance
Managers (3 hours 4 minutes)
Course Code: SAE PCIP
This course is designed for general or management staff
tasked with compliance or risk program management
responsibilities.
• VID 001 Data Privacy in 2 Minutes
• AWA 004 Introduction to Security Awareness (15 minutes)
• AWA 008 Information Privacy - Classifying Data (15 minutes)
• AWA 009 Information Privacy - Protecting Data (15 minutes)
• VID 012 Social Engineering in 2 Minutes
• AWA 018 Social Engineering Awareness (15 minutes)
• VID 013 Strong Passwords in 2 Minutes
• AWA 014 Password Security (10 minutes)
• VID 007 Password Security in 2 Minutes
• VID 002 Email Privacy in 2 Minutes
• AWA 010 Email Security (10 minutes)
• VID 009 Phishing in 2 Minutes
• AWA 016 Phishing Awareness (10 minutes)
• VID 005 Malware Prevention in 2 Minutes
• AWA 012 Malware Awareness (10 minutes)
• VID 010 Physical Security in 2 Minutes
• AWA 017 Physical Security (10 minutes)
• VID 006 Mobile Security in 2 Minutes
• AWA 013 Mobile Security (15 minutes)
• VID 008 PCI Compliance in 2 Minutes
• AWA 015 PCI Compliance (15 minutes)
• AWA 002 PCI Business As Usual Compliance (10 minutes)
• VID 011 Ransomware in 2 Minutes
• VID 014 Travel Security in 2 Minutes
• AWA 019 Travel Security (10 minutes)
PCI Fundamentals (1 hour 4 minutes)
Course Code: SAE PCIFUND
This course is designed for general or management staff
tasked with compliance or risk program management
responsibilities.
• VID 001 Data Privacy in 2 Minutes
• AWA 004 Introduction to Security Awareness (15 minutes)
• AWA 008 Information Privacy - Classifying Data (15 minutes)
• AWA 009 Information Privacy - Protecting Data (15 minutes)
• VID 008 PCI Compliance in 2 Minutes
• AWA 015 PCI Compliance (15 minutes)
General Data Protection Regulation (GDPR)
(34 minutes)
Course Code: SAE GDPR
This course is designed for general staff who require a
general knowledge of GDPR.
• VID 001 Data Privacy in 2 Minutes
• VID 003 GDPR in 2 Minutes
• AWA 008 Information Privacy - Classifying Data (15 minutes)
• AWA 009 Information Privacy - Protecting Data (15 minutes)
12. SECURITY AWARENESS, TRAINING AND EDUCATION CATALOG
10
SAE Supplemental Training
Strengthen your security awareness program with videos and posters. Two-minute videos provide introductory or refresher training on privacy and security awareness topics
aligned with lesson topics. Posters are available in English, and they are in PDF format. Posters are available for download in the Cybersecurity Education portal and are
included with client-hosted content packages.
• VID 001 Data Privacy in 2 Minutes
• VID 002 Email Privacy in 2 Minutes
• VID 003 GDPR in 2 Minutes
• VID 004 IoT in 2 Minutes
• VID 005 Malware Prevention in 2 Minutes
• VID 006 Mobile Security in 2 Minutes
• VID 007 Password Security in 2 Minutes
• VID 008 PCI Compliance in 2 Minutes
• VID 009 Phishing in 2 Minutes
• VID 010 Physical Security in 2 Minutes
• VID 011 Ransomware in 2 Minutes
• VID 012 Social Engineering in 2 Minutes
• VID 013 Strong Passwords in 2 Minutes
• VID 014 Travel Security in 2 Minutes
• VID 015 W-2 Phishing in 2 Minutes
13. 11
Secure Development Training (SDT)
Trustwave offers a suite of web-based technical courses that introduce your
solution development staff to theory and best practices around planning and
writing secure code. You can choose to enroll employees in just one of the courses
that is most relevant to them, or give them access to an SDT course bundle. No
matter what option you select, this section will help you decide which courses are
right for your staff.
Secure Development Courses
Use the SDT Courses list to browse our library of SDT courses. Categorized by the stages of the Software Development
Life Cycle (SDLC), each course’s catalog code, topic, and prerequisites (if any) are listed here to help you decide which
topics are most appropriate for your target audience(s). All courses are available in English and content translation is
available. The portal is English by default and may be configured in Spanish, French and Portuguese as well as many
other languages.
Secure Development Bundles
The Secure Development Bundles shown on page 20 in this document are available to customers using SDT. You can use
the Secure Development Bundles page to note which bundles (consisting of various courses) you would like to offer to
your staff.
14. CYBERSECURITY EDUCATION CATALOG
12
Security Awareness and Process These courses cover topics related to fundamental security awareness concepts as they relate to software development.
# Course Name Course Objectives Time Suggested Prerequisites
AWA 101
Fundamentals of
Application Security
• Learn about the main drivers for application security, fundamental concepts of
application security risk management, the anatomy of an application attack, some
common attacks, and the concept of input validation as a primary risk mitigation
technique.
• Learn key security principles and best practices for developing secure applications.
1 hour
Understanding of the Software Development Life
Cycle (SDLC) and technologies; basic understanding
of software security.
Security Engineering These courses cover topics related to the employment of security awareness strategies as a Software Engineer.
# Course Name Course Objectives Time Suggested Prerequisites
ENG 105
How to Integrate the
Microsoft MS SDL into
your SDLC
• Learn the fundamentals of the Microsoft Security Development Lifecycle (SDL) process.
• Learn about the security requirements for each phase of your SDLC, including
Requirements, Design, Implementation, Verification, and Release.
• Learn about the Agile SDL variation, the Security Development Lifecycle for Line-of-
Business Applications (SDL-LOB), and the Microsoft SDL Threat Modeling Tool.
1 hour None
ENG 205
Fundamentals of Threat
Modeling
• Learn a question-driven approach to threat modeling that can help you identify security
design problems early in the application design process
1 hour None
ENG 211
How to Create
Application Security
Design Requirements
• Understand, create, and articulate security requirements.
• Understand the security engineering process.
• Recognize key security engineering activities to integrate into the SDLC.
• Understand software security objectives and apply security design guidelines.
1 hour • Fundamentals of Application Security (AWA 101)
ENG 301
How to Create an
Application Security
Threat Model
• Learn to identify the goals of threat modeling and the corresponding Software
Development Life Cycle (SDLC) requirements.
• Identify the roles and responsibilities involved in the threat modeling process.
• Recognize when and what to threat model.
• Identify the tools that help with threat modeling.
• Learn to use the threat modeling process to accurately identify, mitigate
and validate threats.
90 minutes None
ENG 311
Attack Surface Analysis
and Reduction
• Understand the goals and methodologies of attackers.
• Identify attack vectors.
• Learn how to minimize the attack surface of an application.
• Learn how to define the attack surface of an application.
• Learn how to reduce the risk to an application by minimizing its attack surfaces.
1 hour
• Fundamentals of Secure Development
(COD 101)
• Architecture Risk Analysis and Remediation
(DES 212)
ENG 312
How to Perform a
Security Code Review
• Learn how to organize and prioritize code reviews into segments.
• Learn how to perform code reviews for the OWASP Top 10 vulnerabilities.
1 hour
• Fundamentals of Secure Development (COD 101)
• Architecture Risk Analysis and Remediation
(DES 212)
ENG 391
Create an Application
Security Threat Model
for IoT Embedded
Systems
• Learn additional information about creating an Application Security threat model.
• Learn how to map content to specific compliance and regulatory requirements.
• Learn about key reference resources that support the topics covered in the module.
• Assess mastery of key concepts.
30 minutes
How to Create an Application Security Threat
Model (ENG 301)
SDT Courses
15. 13
# Course Name Course Objectives Time Suggested Prerequisites
ENG 392
Attack Surface Analysis
and Reduction for IoT
Embedded Systems
• Learn additional information about Attack Surface Analysis and Reduction (particularly
important to embedded software engineers).
• Learn about key reference resources that support topics covered in this module.
• Assess mastery of key concepts.
30 minutes Attack Surface Analysis and Reduction (ENG 311)
Secure Design These courses cover topics related to secure software architecture and design, to help plan security into applications before any code is written.
# Course Name Course Objectives Time Suggested Prerequisites
DES 101
Fundamentals of Secure
Architecture
• Examine the state of the industry from a security perspective.
• Learn about the biggest security disasters in software design.
• Understand that confidentiality, integrity and availability are the three main tenets of
information security.
• Learn how to avoid repeating past information security mistakes.
1 hour
• Fundamentals of Application Security (AWA
101)
• How to Create Application Security Design
Requirements (ENG 211)
DES 201
Fundamentals of
Cryptography
• Learn the basic concepts of cryptography and common ways that it is applied, from the
perspective of application development.
• Learn the importance of randomness; the roles of encoding, encryption and hashing;
the concepts of symmetric and asymmetric encryption; the purpose of cryptographic
keys; and the roles of message authentication codes (MACs) and digital signatures.
• Learn about complexity of cryptography.
2 hours
• Fundamentals of Application Security (AWA
101)
• Fundamentals of Secure Development
(COD 101)
• OWASP Top Ten Threats and Mitigations
(DES 221)
DES 212
Architecture Risk Analysis
and Remediation
• Learn concepts, methods and techniques for analyzing the architecture and design of a
software system for security flaws.
1 hour Fundamentals of Application Security (AWA 101)
DES 214 Securing Network Access • Learn about how Network Access Control can be used to secure systems on a network. 30 minutes
This course is part of the Secure Enterprise
Infrastructure Series
DES 215
Securing Operating
Systems
• Learn about common operating system threats and how to best mitigate those threats. 30 minutes
This course is part of the Secure Enterprise
Infrastructure Series
DES 216 Securing Cloud Instances
• Learn about the top threats to Cloud resources and how to mitigate them using
application security best practices.
30 minutes
This course is part of the Secure Enterprise
Infrastructure Series
DES 217
Application, Technical
and Physical Access
Controls
• Learn about the risks associated with data breaches and how to implement strong
access controls and security policies that protect applications, systems and
sensitive data.
30 minutes
This course is part of the Secure Enterprise
Infrastructure Series
DES 222 Mitigating Injection • Learn how to mitigate the risks associated with injection. 12 minutes This course is part of the OWASP 2017 Series
DES 223
Mitigating Broken
Authentication
• Learn how to mitigate the risks associated with broken authentication. 12 minutes This course is part of the OWASP 2017 Series
DES 224
Mitigating Sensitive Data
Exposure
• Learn how to mitigate the risks associated with sensitive data exposure. 12 minutes This course is part of the OWASP 2017 Series
DES 225
Mitigating XML External
Entities (XXE)
• Learn how to mitigate the risks associated with XML External Entities (XXE). 12 minutes This course is part of the OWASP 2017 Series
DES 226
Mitigating Broken Access
Control (12)
• Learn how to mitigate the risks associated with broken access control. 12 minutes This course is part of the OWASP 2017 Series
DES 227
Mitigating Security
Misconfiguration
• Learn how to mitigate the risks associated with security misconfiguration. 12 minutes This course is part of the OWASP 2017 Series
16. CYBERSECURITY EDUCATION CATALOG
# Course Name Course Objectives Time Suggested Prerequisites
DES 228
Mitigating Cross Site
Scripting (XSS)
• Learn how to mitigate the risks associated with Cross-Site Scripting (XSS). 12 minutes This course is part of the OWASP 2017 Series
DES 229
Mitigating Insecure
Deserialization
• Learn how to mitigate the risks associated with insecure deserialization. 12 minutes This course is part of the OWASP 2017 Series
DES 230
Mitigating Use of
Components with Known
Vulnerabilities
• Learn how to mitigate the risks associated with using components with known
vulnerabilities.
12 minutes This course is part of the OWASP 2017 Series
DES 231
Mitigating Insufficient
Logging Monitoring
Vulnerabilities
• Learn how to mitigate the risks associated with insufficient logging and monitoring. 12 minutes This course is part of the OWASP 2017 Series
DES 292
Architecture Risk
Analysis and
Remediation for IoT
Embedded Systems
• Learn additional information about Architecture Risk Analysis and Remediation training
(of particular importance to embedded software engineers).
• Assess mastery of key concepts.
30 minutes Architecture Risk Analysis Remediation (DES 212)
DES 311
Creating Secure
Application Architecture
• Learn how to harden applications and make them more difficult for intruders to breach.
• Learn about compartmentalization, centralized input, and data validation as methods
to protect applications from malicious input.
2 hours
• Fundamentals of Application Security (AWA
101)
• Fundamentals of Security Testing (TST 101)
DES 352
Creating Secure
Over the Air (OTA)
Automotive System
Updates
• Learn about secure design considerations for over-the-air (OTA) updates for automotive
systems.
• After completing this course, you will be able to identify the benefits and risks of OTA
automotive system updates, understand the importance of public key cryptography
to the security of these updates, and identify secure design considerations for
development, delivery, and installation of OTA automotive system updates.
90 minutes
• Fundamentals of Secure Mobile Development
(COD 110)
• IoT Embedded Systems Security - Fundamentals
of Secure Embedded Software Development
(COD 160)
DES 391
Creating Secure
Application Architecture
for IoT Embedded
Systems
• Learn additional information about Creating Secure Application Architecture (of
particular importance to embedded software engineers).
• Assess mastery of key concepts.
30 minutes Creating Secure Application Architecture (DES 311)
Secure Coding These courses cover topics related to the implementation stage of the Software Development Life Cycle (when code is actually written).
# Course Name Course Objectives Time Suggested Prerequisites
COD 101
Fundamentals of Secure
Development
• Learn about the need for secure software development.
• Learn about the models, standards, and guidelines you can use to understand security
issues and improve the security posture of your applications.
• Learn about key application security principles.
• Learn how to integrate secure development practices into the SDLC.
80 minutes None
COD 110
Fundamentals of Secure
Mobile Development
• Learn about common risks associated with mobile applications.
• Learn mobile application development best practices.
• Understand mobile development threats and risks.
2 hours None
COD 141
Fundamentals of Secure
Database Development
• Understand database development best practices.
1 hour 50
minutes
Fundamentals of Application Security (AWA 101)
14
17. 15
# Course Name Course Objectives Time Suggested Prerequisites
COD 152
Fundamentals of Secure
Cloud Development
• Recognize the common risks associated with Cloud applications, including the security
features of the different series models (IaaS, PaaS and SaaS).
• Learn how to identify and mitigate the most common vulnerabilities and the unique
security challenges of “Big Data”.
• Learn how to apply the Microsoft SDL to cloud applications.
30 minutes None
COD 153
Fundamentals of Secure
AJAX Code
• Learn about AJAX technology and its common vulnerabilities and attack vectors.
• Identify the differences between regular and AJAX applications, common AJAX
vulnerabilities that attackers tend to exploit, and major threats to AJAX applications.
35 minutes None
COD 160
Fundamentals of Secure
Embedded Software
Development
• Learn about security issues inherent to embedded device architecture.
• Learn about techniques to identify system security and performance requirements,
develop appropriate security architecture, select the correct mitigations, and develop
policies that can ensure the secure operation of your system.
90 minutes None
COD 170
Identifying Threats to
Mainframe COBOL
Applications and Data
• Learn about common security issues that affect the confidentiality, integrity and
availability of COBOL programs or mainframes.
20 minutes None
COD 190
IoT Embedded Systems
Security - Fundamentals
of Secure Mobile
Development
• Learn additional information about Secure Mobile Development (of particular
importance to embedded software engineers).
• Assess mastery of key concepts.
30 minutes
Fundamentals of Secure Mobile Development
(COD 110)
COD 211
Creating Secure Code –
Java Foundations
• Learn best practices and techniques for secure application development in Java. 2.5 hours
• Fundamentals of Application Security (AWA 101)
• Fundamentals of Secure Development (COD 101)
• OWASP Top 10 - Threats and Mitigations
(DES 221)
COD 212
Creating Secure Code –
C/C++ Foundations
• Learn best practices and techniques for secure application development in C/C++. 2 hours
• Fundamentals of Application Security (AWA
101)
• Fundamentals of Secure Development (COD
101)
• OWASP Top 10 - Threats and Mitigations
(DES 221)
COD 215
Creating Secure Code –
.NET Framework
Foundations
• Learn about .NET 4 security features.
• Learn about changes in .NET 4.
• Learn secure coding best practices.
2 hours
Fundamentals of Secure Development
(COD 101)
COD 219
Creating Secure Code-
SAP ABAP Foundations
• Learn best practices and techniques for secure SAP application development using
Java and ABAP.
• Learn about basic application security principles, input validation in SAP applications,
common application security vulnerabilities and mitigations, protecting data using
encryption, and conducting security code analysis and code reviews.
90 minutes
• Fundamentals of Secure Development (COD
101)
• Fundamentals of Application Security (AWA 101)
• OWASP Top 10 - Threats and Mitigations (DES
221)
COD 222
PCI DSS v3.2 Best
Practices for Developers
• Learn about PCI DSS best practices and how to use them to address application
security issues.
1 hour Fundamentals of Secure Architecture (DES 101)
COD 225
Insecure IoT Web
Interface
• Learn how to identify common threats to IoT web interfaces and apply best practices to
mitigate these threats.
10 minutes This course is part of the IoT Specialization Series
18. CYBERSECURITY EDUCATION CATALOG
16
# Course Name Course Objectives Time Suggested Prerequisites
COD 226
Insufficient IoT
Authentication/
Authorization
• Learn how to implement secure authentication and authorization for IoT devices. 10 minutes This course is part of the IoT Specialization Series
COD 227
Insecure IoT Network
Devices
• Learn about the vulnerabilities of insecure network devices within the context of IoT
devices and best practices to protect network services on IoT devices.
10 minutes This course is part of the IoT Specialization Series
COD 228
Insecure IoT
Communications
• Learn about the risks of insecure communications. 10 minutes This course is part of the IoT Specialization Series
COD 229
Insecure IoT Mobile
Interface
• Learn about best practices for protecting mobile applications used for IoT solutions. 10 minutes This course is part of the IoT Specialization Series
COD 230
Insecure Software/
Firmware
• Learn how to securely distribute updates that fix known vulnerabilities in software or
firmware for your IoT devices.
10 minutes This course is part of the IoT Specialization Series
COD 234
Mobile Threats and
Mitigations
• Learn about best practices for identifying and mitigating the most common threats to
mobile applications and their data.
20 minutes This course is part of the OWASP Mobile Series
COD 235
Defending Mobile Data
with Cryptography
• Learn about best practices for implementing strong cryptography to protect mobile
applications and their data.
20 minutes This course is part of the OWASP Mobile Series
COD 236
Mobile App
Authentication and
Authorization
• Learn how to integrate secure authentication and authorization into your mobile
application.
20 minutes This course is part of the OWASP Mobile Series
COD 237
Defending Mobile
App Code
• Learn how to integrate secure authentication and authorization into your mobile
application.
20 minutes This course is part of the OWASP Mobile Series
COD 242
Creating Secure SQL
Applications
• Learn how to protect sensitive data while ensuring the integrity of applications running
on the Microsoft SQL Server Engine and Azure SQL Database.
40 minutes n Series
COD 251
Creating Secure AJAX
Code - ASP.NET
Foundations
• Understand how to mitigate common vulnerabilities and protect against common
attack vectors.
• Identify threats to AJAX applications from cross-site scripting and other attacks.
• Learn how to implement countermeasures against attacks.
35 minutes Fundamentals of Secure AJAX Code (COD 153)
COD 252
Creating Secure AJAX
Code – Java Foundations
• Understand how to mitigate common vulnerabilities and protect against common
attack vectors.
• Identify threats to AJAX applications from cross-site scripting and other attacks.
• Learn how to implement countermeasures against attacks.
35 minutes Fundamentals of Secure AJAX Code (COD 153)
COD 253
Creating Secure AWS
Cloud Applications
• Learn about security vulnerabilities, threats and mitigations for Amazon Web Services
(AWS) cloud computing services.
• Learn about Elastic Compute Cloud (EC2), Virtual Private Cloud (VPC), and four
additional core AWS: Identity and Access Management (IAM), DynamoDB Flat
Database Service, Relational Database Service (RDS), and Simple Storage Service (S3).
• Learn about ancillary AWS.
• After completing this course, you will be able to identify the most common security
threats to cloud development and best practices to protect against these threats. You
will also be able to identify AWS security features and ways to integrate them into your
AWS resources.
1 hour None
19. 17
# Course Name Course Objectives Time Suggested Prerequisites
COD 254
Creating Secure Azure
Applications
• Learn about the risks associated with creating and deploying applications on
Microsoft’s Azure cloud platform.
• Recognize core security considerations for Azure Virtual Machine (VM) security,
authentication and access control, legacy .Net Framework applications, Azure web
sites and the Microsoft WebMatrix3 IDE.
90 minutes None
COD 255
Creating Secure Code -
Web API Foundations
• Learn about common web services that may put your application at risk.
• Learn best practices that you should incorporate to mitigate the risk from web
services attacks.
• Understand various web services threats and the cause and impact of web
services attacks.
• Learn how to implement secure development best practices to protect web services.
2 hours
• Fundamentals of Application Security (AWA
101)
• Fundamentals of Secure Development (COD
101)
• OWASP Top 10 Threats and Mitigations
(DES 221)
COD 256
Creating Secure
Code - Ruby on Rails
Foundations
• Learn best practices and techniques for secure application development with Ruby
on Rails.
• Learn to identify and mitigate injection vulnerabilities, such as SQL injection and
cross-site scripting.
• Learn how to build strong session management into your Rails applications and prevent
other common vulnerabilities, such as cross-site request forgery and direct object access.
90 minutes Fundamentals of Application Security (AWA 101)
COD 257
Creating Secure Python
Web Applications
• Learn about best practices and techniques for secure application development with
Python.
• Understand various types of injection vulnerabilities.
• Understand how to build strong session management into your Python web application
and how to prevent common vulnerabilities.
• Recognize file system threats to web applications, including vulnerabilities with path
traversal, temporary files, and insecure client redirects.
45 minutes None
COD 261 Threats to Scripts
• Learn about the impact of incorrect script development or lax security measures.
• Learn about the most common scripting vulnerabilities, including cached secrets, a
variety of injection vulnerabilities, weaknesses related to permissions and privileges,
and the threat of resource exhaustion.
30 minutes This course is part of the Secure Scripting Series
COD 262
Fundamentals of Secure
Scripting
• Learn how shell scripting languages compare with more modern interpreted languages;
several information security principles including least privilege and defense in depth;
the importance of data validation; and operating system portability issues.
30 minutes This course is part of the Secure Scripting Series
COD 263
Secure Scripting with
Perl, Python, Bash and
Ruby
• Learn about the importance of error and exception handling in shell scripts and
interpreted languages, common syntax pitfalls, and how to prevent or mitigate several
common vulnerabilities.
30 minutes This course is part of the Secure Scripting Series
COD 264
Protecting Sensitive Data
while Scripting
• Learn how to use filesystem operations safely to protect files; system hardening;
cryptography basics; and the importance of up-to-date communication security
techniques.
30 minutes This course is part of the Secure Scripting Series
COD 270
Creating Secure
COBOL and Mainframe
Applications
• Learn about countermeasures for security vulnerabilities on the mainframe, such as
input validation, parameterized APIs, strong cryptography, and being aware of memory
management issues.
25 minutes None
20. CYBERSECURITY EDUCATION CATALOG
18
# Course Name Course Objectives Time Suggested Prerequisites
COD 311
Creating Secure
Code ASP.NET MVC
Applications
• Learn about ASP .NET and Web API code security issues that affect MVC and Web API
applications.
• Learn methods to protect your application from attacks against MVC’s model-binding
behavior.
• Learn methods to protect your application from cross-site scripting, cross-site request
forgery and malicious URL redirects.
• Learn about the Web API pipeline and how to implement authentication and
authorization in Web API applications.
2 hours
• Fundamentals of Application Security (AWA 101)
• Fundamentals of Secure Development (COD 101)
• OWASP Top 10 – Threats and Mitigations
(DES 221)
• Creating Secure Code – .NET Framework
Foundations (COD 215)
COD 312
Creating Secure C/C++
Code
• Learn techniques for securing your C/C++ applications.
• Learn about secure memory management in C/C++, protecting and authenticating
sensitive data with symmetric and public key cryptography, and secure communications
with TLS.
2 hours
• Fundamentals of Secure Development (COD 101)
• Fundamentals of Application Security (AWA 101)
• OWASP Top 10 – Threats and Mitigations
(DES 221)
• Creating Secure Code – C/C++ Foundations
(COD 212)
COD 313
Creating Secure Java
Code
• Identify and use the components of the Java security model.
• Identify how to use JAAS to control user authentication and authorization in your Java
application.
• Learn how to implement cryptography to sign and verify Java jar files.
35 minutes
• Fundamentals of Application Security (AWA 101)
• Fundamentals of Secure Development
(COD 101)
• OWASP Top 10 – Threats and Mitigations
(DES 221)
• Creating Secure Code – Java Foundations
(COD 211)
COD 314
Creating Secure C#
Code
• Learn about common security vulnerabilities that can be mitigated by proper input
validation, other common security vulnerabilities and their mitigations, secure error
handling and logging, and secure communication.
• Learn about the unique features of C# and the .NET framework that help protect
against security vulnerabilities.
2 hours
and
30 minutes
• Fundamentals of Application Security (AWA 101)
• Fundamentals of Secure Development (COD 101)
• OWASP Top 10 – Threats and Mitigations
(DES 221)
COD 315
Creating Secure
PHP Code
• Learn the security principles for building secure PHP applications.
• Assess mastery of key concepts.
2 hours
• Fundamentals of Application Security (AWA 101)
• Fundamentals of Secure Development (COD 101)
COD 317
Creating Secure iOS
Code in Swift
• Recognize common iOS application vulnerabilities and learn secure coding best
practices.
• Recognize and mitigate threats by leveraging iOS and Swift security services while also
implementing secure coding best practices.
90 minutes None
COD 318
Creating Secure Android
Code in Java
• Learn about common Android application vulnerabilities.
• Learn secure coding best practices using Java and the Android Software Development
Kit (SDK).
• Identify and mitigate a variety of attacks.
90 minutes None
COD 351
Creating Secure HTML5
Code
• Learn about the development of secure HTML5 code.
• Learn about common HTML5 application vulnerabilities and threats, and secure coding
best practices.
• Upon completion of this class, participants will be able to identify ways in which the
expanded attack surface introduced with HTML 5 might impact your web applications.
Participants will also be able to identify new security features available with HTML5, as well
as countermeasures and best practices to mitigate the application’s exposure to attack.
80 minutes None
21. 19
# Course Name Course Objectives Time Suggested Prerequisites
COD 352
Creating Secure jQuery
Code
• Learn about common client-side vulnerabilities and threats to jQuery applications, and
techniques for mitigating these vulnerabilities and threats.
• Learn about how to implement new HTML5 security features to secure JQuery
applications, and best practices to secure local storage and implement transport
layer security.
• Be able to describe the threats that can impact your jQuery code and describe the
countermeasures to address these threats.
90 minutes None
Security Testing These courses cover topics related to the testing of software for security flaws and remediating defects before release.
# Course Name Course Objectives Time Suggested Prerequisites
TST 101
Fundamentals of Security
Testing
• Learn security testing concepts and processes.
• Learn how to conduct effective security testing.
• Identify common security issues during testing to uncover security vulnerabilities.
2 hours
• Fundamentals of Application Security (AWA 101)
• How to Create Application Security Design
Requirements (ENG 211)
TST 191
Fundamentals of
Security Testing for IoT
Embedded Systems
• Learn additional information about the Fundamentals of Security Testing training
(of particular importance to embedded software engineers).
• Assess mastery of key concepts.
30 minutes Fundamentals of Security Testing (TST 101)
TST 201
Testing for CWE SANS
Top 25 Software Errorss
• Identify and mitigate each of the CWE’s 25 most dangerous software errors.
• Learn techniques for spotting common security issues through code review and testing.
• Identify common security defects and their potential impact to your application.
• Identify specific types of security vulnerabilities associated with different technologies.
3 hours Fundamentals of Application Security (AWA 101)
TST 211
How to Test for the
OWASP Top 10
• Learn about the top ten OWASP flaws and how to perform testing to identify these
flaws in web applications.
1 hour and
30 minutes
Fundamentals of Security Testing (TST 101)
TST 291
Classes of Security
Defects - IoT Embedded
Systems
• Learn additional information about Security Defects Classes (of particular importance to
embedded software engineers).
• Assess mastery of key concepts.
30 minutes Classes of Security Defects (TST 201)
TST 401
Advanced Software
Security Testing - Tools
and Techniques
• Learn about testing for specific security weaknesses.
• Learn about the top ten types of attacks and the tools to use to test for these attacks.
• Learn how to test software applications for susceptibility to the top ten attacks.
2 hours
• Fundamentals of Security Testing (TST 101)
• Classes of Security Defects (TST 201)
TST 411
Exploiting Buffer
Overflows
• Understand and mitigate buffer-overflow exploits.
• Understand the challenges faced by exploit code and how different exploitation
techniques overcome environmental limitations.
2 hours Creating Secure C/C++ Code (COD 312)
TST 491
IoT Advanced
Embedded Software
Security Testing
• Learn additional information about Software Security Testing (of particular importance
to embedded software engineers).
• Assess mastery of key concepts.
30 minutes
Advanced Software Security Testing – Tools
Techniques (TST 401)
22. CYBERSECURITY EDUCATION CATALOG
20
Secure Development Training Bundles
Use this section to determine which bundles you want to provide for your staff. Descriptions of the courses in each bundle can be found in the SDT Courses List.
Custom bundles, consisting of up to five courses, can be set up by request.
Contact your Trustwave account manager if you would like to configure a custom bundle or add advanced training courses.
C/C++ Developer
• AWA 101 Fundamentals of Application Security
• COD 101 Fundamentals of Secure Development
• COD 160 Fundamentals of Secure Embedded Development
• DES 201 Fundamentals of Cryptography
• COD 212 Creating Secure Code - C/C++ Foundations
C/C++ Developer II
• COD 312 Creating Secure C/C++ Code
• ENG 301 How to Create an Application Security Threat Model
• ENG 312 How to Perform a Security Code Review
Database Developer
• AWA 101 Fundamentals of Application Security
• COD 141 Fundamentals of Secure Database Development
• DES 201 Fundamentals of Cryptography
• ENG 301 How to Create an Application Security Threat Model
• ENG 312 How to Perform a Security Code Review
Java Developer
• AWA 101 Fundamentals of Application Security
• COD 101 Fundamentals of Secure Development
• COD 211 Creating Secure Code - Java Foundations
• COD 252 Creating Secure AJAX Code - Java Foundations
Java Developer II
• COD 313 Creating Secure Java Code
• COD 352 Creating Secure jQuery Code
• ENG 301 How to Create an Application Security Threat Model
• ENG 312 How to Perform a Security Code Review
• COD 351 Creating Secure HTML5 Code
Mobile Developer
• AWA 101 Fundamentals of Application Security
• COD 110 Fundamentals of Secure Mobile Development
• COD 317 Creating Secure iOS Code in Swift
• COD 318 Creating Secure Android Code in Java
PCI Developer
• AWA 101 Fundamentals of Application Security
• COD 222 PCI DSS v 3.2 Best Practices for Developers
• DES 221 OWASP Top 10 - Threats and Mitigations
• ENG 301 How to Create an Application Security Threat Model
• ENG 312 How to Perform a Security Code Review
PHP Developer
• AWA 101 Fundamentals of Application Security
• COD 153 Fundamentals of Secure AJAX Code
• COD 315 Creating Secure PHP Code
Project Manager
• AWA 101 Fundamentals of Application Security
• COD 311 Creating Secure Code ASP.NET MVC Applications
• DES 101 Fundamentals of Secure Architecture
• ENG 211 How to Create Application Security Design
Requirements
Software Architect
• AWA 101 Fundamentals of Application Security
• DES 101 Fundamentals of Secure Architecture
• DES 212 Architecture Risk Analysis and Remediation
Test/QA (Embedded QA also available)
• TST 101 Fundamentals of Security Testing
• TST 201 Testing for CWE SANS Top 25 Software Errors
• TST 211 How to Test for the OWASP Top 10
• ENG 312 How to Perform a Security Code Review
• TST 401 Advanced Software Security Testing - Tools
Techniques
.NET Developer
• AWA 101 Fundamentals of Application Security
• COD 215 Creating Secure Code - .NET Framework Foundations
• COD 251 Creating Secure AJAX Code - ASP .NET Foundations
• COD 311 Creating Secure Code ASP.NET MVC Applications
Cloud Developer
• AWA 101 Fundamentals of Application Security
• DES 201 Fundamentals of Cryptography
• COD 253 Creating Secure AWS Cloud Applications
• COD 254 Creating Secure Azure Applications
Embedded Developer
• AWA 101 Fundamentals of Application Security
• DES 201 Fundamentals of Cryptography
• COD 160 Fundamentals of Secure Embedded Software
Development
• COD 212 Creating Secure Code - C/C++ Foundations
23. 21
Embedded Architect
• DES 101 Fundamentals of Secure Architecture
• COD 110 Fundamentals of Secure Mobile Development
• DES 201 Fundamentals of Cryptography
• DES 212 Architecture Risk Analysis and Remediation
• DES 292 Architecture Risk Analysis and Remediation for
Embedded Systems
Embedded QA
• TST 101 Fundamentals of Security Testing
• TST 191 Fundamentals of Security Testing for IoT Embedded
Systems
• TST 201 Testing for CWE SANS Top 25 Software Errors
• TST 291 Classes of Security Defects - IoT Embedded Systems
• ENG 312 How to Perform a Security Code Review
IT Architect
• DES 101 Fundamentals of Secure Architecture
• DES 212 Architecture Risk Analysis and Remediation
• ENG 211 How to Create Application Security Design
Requirements
• ENG 301 How to Create an Application Security Threat Model
Systems Leadership
• COD 101 Fundamentals of Secure Development
• DES 311 Creating Secure Application Architecture
Internet of Things (IoT) Developer
• COD 225 Insecure IoT Web Interfaces
• COD 226 Insecure IoT Authentication and Authorization
• COD 227 Insecure IoT Network Services
• COD 228 Insecure IoT Communications
• COD 229 Insecure IoT Mobile Interface