ISO in the Sun: Courses on Risk, Information Security, Business Continuity and more in Lanzarote

Overview

This five day course introduces the structure of an Integrated Management System (IMS) derived from ISO's normative Annex SL (Harmonized structure for management system standards) as well as specific requirements of relevant ISO Standards implementing Annex SL, eg ISO 9001:2015, ISO 14001:2015, ISO 45001:2018, ISO/IEC 20000-1:2018, ISO 22301:2019 and ISO/IEC 27001:2013, and how to add any further applicable requirements, eg PCI-DSS, SOX, GDPR etc.

At the same time, the course explains processes, methods and skills required to allow an auditor to assess such an IMS all the way through to certification in line with relevant ISO (certification) standards, in particular ISO/IEC 17021-1:2015 and ISO 19011:2018.

The course consists of a mix of presentation, discussion and exercises based on real-world examples.

Outline

Introducing IMS Auditing

• Setting the Scene: ISO Management Systems
• The ISO Management System Audit Approach
• Audit Methods

Assessing Elements of an IMS

• IMS Element 1: Leadership (Annex SL clause 5)
• IMS Element 2: Context of the Organisation (Annex SL clause 4)
• Audit Methods - Part 1: Document Review, Interview
• IMS Element 3: Support (Annex SL clause 7)
• IMS Element 4: Planning (Annex SL clause 6)
• Audit Methods - Part 2: Observation, Sampling
• IMS Element 5: Operation (Annex SL clause 8)
• IMS Element 6: Performance Evaluation (Annex SL clause 9)
• Audit Methods - Part 3: Corroboration
• IMS Element 7: Improvement (Annex SL clause 10)
• IMS Element 8: Management Review (Annex SL clause 9.3)

Auditing an IMS

• Audit Principles
• Overview of the different Types of Audits
• Certification Process per ISO/IEC 17021-1:2015 et al
• Audit Skills

Objectives

Completion of this course will enable students to

• Describe core processes of an Annex SL based IMS
• Identify additional specific requirements based on the chosen IMS scope
• Recognize the range of different audit types, criteria and objectives
• Understand applicable audit methods and develop skills to apply these
• Execute audit aspect of the certification process
• Manage IMS audit teams

Audience

This course is aimed at students tasked with

• Assessing an organisation's processes as part of implementing an IMS
• Performing self-assessments, pre-cert or internal audits of an IMS
• Acting as (lead) auditor on behalf of a certification body

Prerequisites

General understanding of common business processes. Some past exposure to management systems and / or audits helpful, but not required.

Examination and Certification

The course ends with a three hour written essay-style exam on the last day available in multiple languages. Exam and first year certification fees are included in the course fees.

This course has been designed by SoftQualM and partners, who also mark the exam and issue the IMS Lead Auditor certification in accordance with ISO/IEC 17024:2012. Exam and first year certification fees are included in the course fees.

Overview

This five day course introduces the structure of an Integrated Management System (IMS) derived from ISO's normative Annex SL (Harmonized structure for management system standards) as well as specific requirements of relevant ISO Standards implementing Annex SL, eg ISO 9001:2015, ISO 14001:2015, ISO 45001:2018, ISO/IEC 20000-1:2018, ISO 22301:2019 and ISO/IEC 27001:2013, and how to add any further applicable requirements, eg PCI-DSS, SOX, GDPR etc.

At the same time, the course explains processes, methods and skills required to allow an auditor to assess such an IMS all the way through to certification in line with relevant ISO (certification) standards, in particular ISO/IEC 17021-1:2015 and ISO 19011:2018.

The course consists of a mix of presentation, discussion and exercises based on real-world examples.

Outline

Introducing IMS Auditing

• Setting the Scene: ISO Management Systems
• The ISO Management System Audit Approach
• Audit Methods

Assessing Elements of an IMS

• IMS Element 1: Leadership (Annex SL clause 5)
• IMS Element 2: Context of the Organisation (Annex SL clause 4)
• Audit Methods - Part 1: Document Review, Interview
• IMS Element 3: Support (Annex SL clause 7)
• IMS Element 4: Planning (Annex SL clause 6)
• Audit Methods - Part 2: Observation, Sampling
• IMS Element 5: Operation (Annex SL clause 8)
• IMS Element 6: Performance Evaluation (Annex SL clause 9)
• Audit Methods - Part 3: Corroboration
• IMS Element 7: Improvement (Annex SL clause 10)
• IMS Element 8: Management Review (Annex SL clause 9.3)

Auditing an IMS

• Audit Principles
• Overview of the different Types of Audits
• Certification Process per ISO/IEC 17021-1:2015 et al
• Audit Skills

Objectives

Completion of this course will enable students to

• Describe core processes of an Annex SL based IMS
• Identify additional specific requirements based on the chosen IMS scope
• Recognize the range of different audit types, criteria and objectives
• Understand applicable audit methods and develop skills to apply these
• Execute audit aspect of the certification process
• Manage IMS audit teams

Audience

This course is aimed at students tasked with

• Assessing an organisation's processes as part of implementing an IMS
• Performing self-assessments, pre-cert or internal audits of an IMS
• Acting as (lead) auditor on behalf of a certification body

Prerequisites

General understanding of common business processes. Some past exposure to management systems and / or audits helpful, but not required.

Examination and Certification

The course ends with a three hour written essay-style exam on the last day available in multiple languages. Exam and first year certification fees are included in the course fees.

This course has been designed by SoftQualM and partners, who also mark the exam and issue the IMS Lead Auditor certification in accordance with ISO/IEC 17024:2012. Exam and first year certification fees are included in the course fees.

Overview

This three day course enables participants to develop the necessary expertise to support an organisation in implementing risk management processes based on ISO 31000:2018.

The generic character of ISO 31000:2018 makes it applicable across organisations at subject matter as well as enterprise level.

ISO 31000:2018 provides a comprehensive model for any kind of management system, standard, operational or regulatory context requiring a risk-based approach, whether a formal risk management process is required or not.

Examples are ISO 9001:2015, ISO 14001:2015, ISO/IEC 20000-1:2018, ISO 22301:2019, ISO/IEC 27001:2013, ISO 45001:2018, SOX, revenue assurance, program and project management, data protection, GDPR etc.

The course consists of a mix of presentation, discussion and exercises based on real-world examples.

Outline

Introduction to Risk Management per ISO 31000:2018

• Concepts and Definitions relating to Risk Management
• Risk Management Standards, Frameworks and Methodologies
• Implementation of a Risk Management Framework
• Understanding an Organization and its Context

Elements of the Risk Management Framework

• Risk Identification
• Risk Analysis and Risk Evaluation
• Risk Treatment
• Risk Acceptance and Residual Risk Management
• Risk Communication and Consultation
• Risk Monitoring and Review

Examples of Risk Assessment Methodologies

• Overview to IEC 31010:2009
• Brainstorming, DELPH
• Hazard Analysis using HAZOP and HACCP
• Scenario Analysis
• Fault and Failure Analysis using FTA, FMEA and FMECA
• Operations Management of the BCMS
• Cause and Effect Diagram

Objectives

Completion of this course will enable students to

• Understand concepts, approaches, methods, tools and techniques for effective risk management according to ISO 31000:2018
• Understand the relationship between risk management and requirements of interested parties
• Implement, maintain and manage an ongoing risk management program
• Advise organisations on best practices in risk management

Audience

This course is aimed at students with (future) roles like

• Risk managers and Business process owners
• Project managers, consultants and team members implementing and operating management systems
• Regulatory compliance managers
• Auditors requiring more risk management insight

Prerequisites

General understanding of common business processes.

Some past exposure to risk management and / or management systems helpful, but not required.

Examination and Certification

The course includes access to PECB's two hour exam available in multiple languages to be taken online any time after the course (own laptop required). Exam and first year certification fees are included in the course fees.

This course is designed by PECB in Canada, who also mark the exam and issue respective certifications as per their criteria. PECB is a personnel certification body, accredited to ISO/IEC 17024:2012 by IAS. See www.pecb.com for full details.

Overview

This five day course enables participants to develop the necessary knowledge, skills and competence to effectively implement and manage a compliance framework with regards to the protection of personal data.

By mastering all the necessary concepts of EU General Data Protection Regulation (GDPR), participants will gain a thorough understanding of the gap between the GDPR and the current organizational processes including privacy policies, procedures, working instructions, consent forms, data protection impact assessments, in order to assists organisations in the adoption process to the new regulation.

The course consists of a mix of presentation, discussion and exercises based on real-world examples.

Outline

Introduction to GDPR Essentials

• Fundamental Principles of the GDPR
• Initiating the GDPR Implementation
• Understanding the Organization
• Clarifying the Data Protection Objectives
• Analysis of the Existing System

Planning the Implementation of the GDPR

• Leadership and Project Approval
• Data Protection Policy
• Definition of the Organizational Structure
• Data Classification
• Risk Assessment under the GDPR

Deploying the GDPR

• Privacy Impact Assessment (PIA)
• Design of Security Controls and Drafting of Specific Policies
• Implementation of Controls
• Definition of the Document Management Process
• Communication, Training and Awareness Plan

Monitoring and Improving the GDPR compliance

• Operations and Incident Management
• Monitoring, Measurement, Analysis and Evaluation
• Internal Audit
• Data Breaches and Corrective Actions
• Continual Improvement

Objectives

Completion of this course will enable students to

• Gain a comprehensive understanding of the concepts and approaches of the GDPR
• Understand the new requirements that the GDPR brings for EU and non-EU organisations and when it is necessary to implement them
• Manage a team implementing the GDPR
• Gain the knowledge and skills required to advise organisations how to manage personal data

Audience

This course is aimed at students with (future) roles like

• Project managers, consultants, advisors and team members implementing the GDPR
• Data Protection Officers and senior managers responsible for the personal data protection
• Members of information security, incident management and business continuity teams

Prerequisites

General understanding of common business processes.

Some past exposure to data protection helpful, but not required.

Examination and Certification

The course includes access to PECB's three hour exam available in multiple languages to be taken online on the last day or any time after the course (own laptop required). Exam and first year certification fees are included in the course fees.

This course is designed by PECB in Canada, who also mark the exam and issue respective certifications as per their criteria. PECB is a personnel certification body, accredited to ISO/IEC 17024:2012 by IAS. See www.pecb.com for full details.

Overview

This five day course starts with the basics of a Public Key Infrastructure (PKI) and ends with more advanced topics. This intensive technical course is intended for anyone who is interested in implementing, configuring and managing Active Directory Certificate Services.

The course has a balance between the theoretical and practical part and contains exercises with real world examples. Total lab time of the course is more than 50%.

Contents

• Understanding Cryptography
• Designing a Public Key Infrastructure
• Installing and Configuring Active Directory Certificate Services
• Certificate Templates
• Certificate Enrollment
• Key Archival and Recovery
• Backup and Restore Certificate Authority
• Backup and Clean-up Certificate Authority Database
• Network Device Enrollment Service
• Implementing Code Signing
• Implementing an SMTP Exit Module
• Installing and Configuring an Online Certificate Status Protocol
• Use OpenSSL to Generate Certificate Requests
• Use of SSL to Secure RDP Connections
• Implementing IEEE 802.1x for Wired Networks using a Cisco Catalyst Switch
• Implementing IEEE 802.1x for Wireless Networks using Cisco Wireless Access Point
• Implementing Smart Card for Multi-Factor Authentication (Athena)
• Implementing Virtual Smart Cards using Trusted Platform Module
• Deploying Multi-protocol Security Keys for Multi-Factor Authentication (YubiKey4)
• Implementing Key Attestation
• Securing BitLocker USB drives with virtual smart cards
• Implementing Least-Privilege Administrative Models
• Protecting a Certificate Authority Keys using a Hardware Security Module (YubiHSM2)
• Installing and Configuring Certificate Enrollment Policy Web Service

Order and focus of the hands-on labs can be adjusted based on interests of the participants.

Objectives

Completion of this course will enable students to

• Understand the basics of a Public Key Infrastructure (PKI)
• Implement, configure and manage Windows Server 2016 Active Directory Certificate Services
• Gain knowledge and skills required to advise organisations on how to implement Windows Server 2016 Active Directory Certificate Services

Audience

This course is aimed at students with (future) roles like

• Windows System Engineers (MCSA, MCSE)
• Security Engineers, PKI consultants

Prerequisites

Knowledge of Windows 7 or Windows 10, Windows Server 2012 or Windows Server 2016, Active Directory, Network Infrastructure Roles, and Group Policies. Experience on how to create users, groups, group policies, installation of roles and features

An understanding of previous Microsoft Active Directory Certificate Services helpful, but not required.

Participants are required to bring their own computer (min. 16 GB RAM, 60 GB of free disk space) with VMware Professional 14 (licensed or trial version) installed. Virtual machines required will be supplied.

Minimum of three students are required to run this course.

Examination and Certification

The course ends with an assessment on the last day. Exam and first year certification fees are included in the course fees.

This course has been designed by SoftQualM and partners, who also assess and issue the Active Directory Certificate Services Professional certification in accordance with ISO/IEC 17024:2012.

Overview

This three day course enables participants to develop the necessary expertise to support an organisation in implementing risk management processes related to all assets of relevance for information security based on ISO/IEC 27005:2018.

ISO/IEC 27005:2018 builds onto the generic risk management principles set out in ISO 31000:2018, and applies those to the context of an information security management system (ISMS), thus providing a framework for satisfying the risk management requirements of ISO/IEC 27001:2013.

The course consists of a mix of presentation, discussion and exercises based on real-world examples.

Outline

Introduction to Information Security Risk Management per ISO/IEC 27005:2018

• Concepts and Definitions relating to Risk Management
• Risk Management Standards, Frameworks and Methodologies
• Implementation of a Risk Management Framework
• Understanding an Organization and its Context

Elements of the Risk Management Framework

• Risk Identification
• Risk Analysis and Risk Evaluation
• Risk Treatment
• Risk Acceptance and Residual Risk Management
• Risk Communication and Consultation
• Risk Monitoring and Review

Examples of Risk Assessment Methodologies

• Operational Critical Threat, Asset and Vulnerability Evaluation (OCTAVE)
• Harmonised Risk Analysis Method (MEHARI)
• Expression of Needs and Identification of Security Objectives (EBIOS)
• Harmonized Threat and Risk Assessment (TRA)

Objectives

Completion of this course will enable students to

• Understand concepts, approaches, methods, tools and techniques for effective information security risk management according to ISO/IEC 27005:2018
• Understand the relationship between risk management, controls and ISO/IEC 27001:2013
• Implement, maintain and manage an ongoing
information security risk management program
• Advise organisations on best practices in information security risk management

Audience

This course is aimed at students with (future) roles like

• Risk managers and Information security officers
• Project managers, consultants and team members implementing and operating information security management systems
• Auditors requiring more risk management insight

Prerequisites

General understanding of common business processes.

Some past exposure to risk management and / or management systems helpful, but not required.

Examination and Certification

The course includes access to PECB's two hour exam available in multiple languages to be taken online any time after the course (own laptop required). Exam and first year certification fees are included in the course fees.

This course is designed by PECB in Canada, who also mark the exam and issue respective certifications as per their criteria. PECB is a personnel certification body, accredited to ISO/IEC 17024:2012 by IAS. See www.pecb.com for full details.

Overview

This training provides a comprehensive review of information security concepts and industry best practices, covering the 8 domains of CISSP CBK (Common Body of Knowledge).

Several types of activities are used throughout the course to reinforce topics and increase knowledge retention. These activities include open ended questions from the instructor to the students, matching and poll questions, group activities, open/closed questions, and group discussions. the interactive learning technique is based on sound adult learning theories.

This training course will help candidates review and refresh their information security knowledge and help identify areas they need to study for the CISSP exam and features.

The vendor-neutral CISSP certification is the ideal credential for those with proven deep technical and managerial competence, skills, experience, and credibility to design, engineer, implement, and manage their overall information security program to protect organizations from growing sophisticated attacks.

The CISSP certification is recognized worldwide.

Outline

Security and Risk Management

Asset Security

Security Engineering

Communications and Network Security

Identity and Access Management

Security Assessment and Testing

Security Operations

Software Development Security

Objectives

Completion of this course will enable students to

• Understand the 8 domains of knowledge that are covered on the CISSP exam
• Analyse questions on the exam and be able to select the correct answer
• Apply the knowledge and testing skills learned in class to pass the CISSP exam
• Understand and explain all of the concepts covered in the 8 domains of knowledge
• Apply the skills learned across the 8 domains to solve security problems when you return to work

Audience

This course is aimed at students with (future) roles like

• Security consultants, architects and managers, IT directors and managers
• Security analysts, security systems engineers, network architects
• Chief information security officers (CISOs), directors of security etc.
• Security auditors

Prerequisites

Basic knowledge of Information Systems is recommended.

Minimum of four students are required to run this course.

Examination and Certification

This course has been designed and is delivered by Nitroxis and their trainers.

Note: this course does not include the CISSP exam. This has to be taken at the dedicated test facilities as defined by (ISC)2. (ISC)2‘s certification requirements apply.

Overview

This training provides a comprehensive review of information security auditing concepts and industry best practices, covering the 5 major areas of the CISA CBK (Common Body of Knowledge).

This training course will help candidates review and refresh their information security auditing knowledge and help identify areas they need to study for the CISA exam.

The CISA certification is recognized worldwide.

Outline

Information Systems Auditing Process

• Audit Standards and Types, Ethics, Risk-based Approach
• Project Management, Sampling, Evidence Collection
• Audit Methods

Governance and Management of IT

• IT Strategy, Frameworks, Standards, Organisational Structures
• Enterprise Architecture and Risk Management, Maturity Models
• IT Resource and Service Provider Management
• Performance Monitoring and Reporting
• Quality Assurance and Quality Management of IT

Information Systems Acquisition, Development and Implementation

• Project Management, Business Case, Feasibility Analysis
• System Development Methodologies, Controls
• System Migration, Infrastructure Deployment and Data Conversion
• Testing Methodologies, Post-Implementation Review

Information Systems Operation and Resilience

• IT Asset, Performance, Incident and Problem Management
• Change, Configuration, Release and Patch Management
• End-User Computing, Database Management etc.
• Backup, Storage, Restoration and Recovery, Business Continuity

Protection of Information Assets

• Privacy, Data Classification, IAM, Encryption, Physical Controls
• Network, Endpoint, Mobile, Wireless & IoT Security, Virtualization
• Security Awareness, Attacks, Testing and Monitoring
• Incident Response Management, Evidence Collection and Forensics

Objectives

Completion of this course will enable students to

• Know the 5 major areas covered by the CISA® certification
• Understand the concepts of IT audit and IT governance
• Preparing for the CISA Certification Exam, eg by using multiple choices questions from previous CISA sessions (or comparable exams).

Audience

This course is aimed at students with (future) roles like

• Information system directors, CISOs
• Auditors moving into the information security domain
• Staff responsible for business continuity
• People for which the control of information security is fundamental in achieving their goals

Prerequisites

Basic knowledge of Information Systems is recommended.

Minimum of two students are required to run this course.

Examination and Certification

This course has been designed and is delivered by Nitroxis and their trainers.

Note: this course does not include the CISA exam. This has to be taken at the dedicated test facilities as defined by ISACA. ISACA‘s certification requirements apply.

Overview

This training provides a comprehensive review of information security concepts and industry best practices, covering the 4 domains of the CISM CBK (Common Body of Knowledge).

This training course will help candidates review and refresh their information security management knowledge and help identify areas they need to study for the CISM exam.

The CISM certification is recognized worldwide.

Outline

Information Security Governance

• Alignment of policy security information on the business strategy and direction
• Policy security information development
• Commitment of senior management and support for information security across the enterprise
• Roles and responsibilities in the governance of information security

Information Security Risk Management and Compliance

• Development of a systematic and analytical approach and the ongoing process of risk management
• Identification, analysis and risk assessment
• Definition of strategies risk treatment
• Risk management communication

Information Security Program Development and Management

• The security information architecture
• System Development Methodologies, Controls
• Methods to define the required security measures
• Contract management and information security requirements
• Metrics and evaluation of IT security performance

Information Security Incident Management

• Components of a security incident management plan
• Concepts and practices in the management of security incidents
• Method classification
• Notification and escalation process
• Detection techniques and incidents analysis

Objectives

Completion of this course will enable students to

• Know the 4 domains covered by the CISM® certification
• Understand the concepts of information security management
• Preparing for the CISM Certification Exam, eg by using multiple choices questions from previous CISM sessions (or comparable exams).

Audience

This course is aimed at students with (future) roles like

• Information system directors, CISOs
• Staff responsible for business continuity
• People for which the control of information security is fundamental in achieving their goals
• Auditors requiring more information security management insight

Prerequisites

Basic knowledge of Information Systems is recommended.

Minimum of two students are required to run this course.

Examination and Certification

This course has been designed and is delivered by Nitroxis and their trainers.

Note: this course does not include the CISM exam. This has to be taken at the dedicated test facilities as defined by ISACA. ISACA‘s certification requirements apply.

Overview

This training provides a comprehensive review of information security concepts and industry best practices, covering the 4 key areas of the 7th edition of the CRISC CBK (Common Body of Knowledge).

This training course will help candidates review and refresh their IT risk management knowledge and help identify areas they need to study for the CRISC exam.

The CRISC certification is recognized worldwide.

Outline

Governance

• Organizational Structure, Strategy, Goals and Objectives
• Business Process Review, Organization Assets
• Enterprise Risk Management and Risk Management Frameworks
• Three Lines of Defence
• Risk Profile, Appetite, Tolerance and Capacity

IT Risk Assessment

• Threat Modelling and Threat Landscape
• Risk Assessment Concepts, Standards and Frameworks
• Risk Scenario Development
• Risk Analysis Methodologies, Business Impact Analysis
• Inherent, Residual and Current Risk

Risk Response and Reporting

• Risk and Control Ownership, Risk Treatment/Risk Response Options
• Third-party Risk Management
• Control Design, Implementation, Monitoring and Effectiveness
• Risk and Control Monitoring and Reporting Techniques
• Key Performance, Risk and Control Indicators

Information Technology and Security

• Enterprise Architecture, Resiliency, IT Operations and Project Management
• System Development and Data Life Cycle Management
• Emerging Trends in Technology
• Information Security Concepts, Frameworks and Standards
• Data Privacy and Principles of Data Protection

Objectives

Completion of this course will enable students to

• Master the risk management approach according the CRISC
• Apply the best response strategies to the risks weighing on the information systems
• Define information system controls
• Use best risk and control monitoring practices
• Preparing for the CRISC Certification Exam, eg by using multiple choices questions from previous CRISC sessions (or comparable exams).

Audience

This course is aimed at students with (future) roles like

• Governance, information and cyber security consultants, CISOs
• Risk and control professionals
• IT and compliance professionals
• Project managers, business analysts
• Auditors requiring more IT risk management insight

Prerequisites

Basic knowledge of Information Systems is recommended.

Minimum of two students are required to run this course.

Examination and Certification

This course has been designed and is delivered by Nitroxis and their trainers.

Note: this course does not include the CRISC exam. This has to be taken at the dedicated test facilities as defined by ISACA. ISACA‘s certification requirements apply.

Overview

This five day course enables participants to develop the necessary expertise to support an organisation in implementing and managing an Information Security Management System based on ISO/IEC 27001:2013.

Participants will also gain a thorough understanding of best practices used to implement information security controls from all areas of ISO/IEC 27002:2013, recently revised as ISO/IEC 27002:2022.

This training incorporates project management practices as well as further guidance from elsewhere in the ISO/IEC 27000 family of standards, eg ISO/IEC 27003 (Implementation), ISO/IEC 27004 (Measurements), ISO/IEC 27005 (Risk Management) etc.

The course consists of a mix of presentation, discussion and exercises based on real-world examples

Outline

Introduction to ISMS Concepts per ISO/IEC 27001:2013

• Normative, Regulatory and Legal Framework
• Fundamental Principles of Information Security
• Information Security Management System (ISMS)
• Clauses of ISO/IEC 27001:2013

Planning and Initiating the ISMS Implementation

• Gap Analysis, Business Case and Project Plan
• Defining Scope and Objectives of the ISMS
• Development of Information Security Policies
• Risk Management: Approach, Methodology, Identification,Analysis, Evaluation and Treatment of Risk
• Drafting the Statement of Applicability

Implementing the ISMS

• Implementation of a Document Management Framework
• Design of Controls and Writing Procedures
• Implementation of Controls based ISO/IEC 27001:2013 Annex A
• Development of a Communication, Training & Awareness Program
• Incident Management
• Operations Management of the ISMS

Performance Evaluation and Improving the ISMS

• Monitoring the ISMS with Metrics, Performance Indicators etc
• Internal Audit, Management Review and Corrective Actions
• Implementation of a Continual Improvement Program
• Preparing for the Certification Audit

Objectives

Completion of this course will enable students to

• Understand the principles of an ISMS conforming to ISO/IEC 27001:2013, including the relationship between its components, eg risk management, requirements of interested parties
• Apply concepts, approaches, standards, methods and techniques for the effective operation of an ISMS
• Advise organisations on ISMS best practices
• Manage teams implementing ISO/IEC 27001:2013

Audience

This course is aimed at students with (future) roles like

• Project managers, consultants and team members implementing an ISMS
• (IT) Professionals moving into ISMS operation
• CxO and senior managers of an ISMS scope
• Auditors requiring more ISMS implementation insight

Prerequisites

General understanding of common business processes.

Some past exposure to information or IT security, management systems and / or project management helpful, but not required.

Examination and Certification

The course includes access to PECB's three hour exam available in multiple languages to be taken online on the last day or any time after the course (own laptop required). Exam and first year certification fees are included in the course fees.

This course is designed by PECB in Canada, who also mark the exam and issue respective certifications as per their criteria. PECB is a personnel certification body, accredited to ISO/IEC 17024:2012 by IAS. See www.pecb.com for full details.

Overview

This five day course enables participants to develop the necessary expertise to support an organisation in implementing and managing an Privacy Information Management System based on ISO/IEC 27701:2019.

Participants will also gain a thorough understanding of requirements and guidance of ISO/IEC 27701:2019 as well as their relationship ISO/IEC 27001:2013 et al and thus that between a PIMS and an ISMS.

Moreover, participants will gain a comprehensive understanding of best practices of privacy information management and learn how to manage and process data while complying with various data privacy regimes.

The course consists of a mix of presentation, discussion and exercises based on real-world examples.

Outline

Introduction to PIMS Concepts per ISO/IEC 27701:2019

• Normative, Regulatory and Legal Framework
• Fundamental Principles of Information Security and Privacy
• Privacy Information Management System (PIMS)

Planning the PIMS Implementation

• PIMS Scope and Privacy Policy
• Privacy Risk Assessment
• Privacy Impact Assessment
• PIMS Statement of Applicability
• Selection of Controls
• Documentation Management

Implementing the PIMS

• Implementation of a Document Management Framework
• Implementation of Controls
• Implementation of Controls specific to Controllers of Personally Identifiable Information (PII)
• Implementation of Controls specific to PII
• Awareness, Training und Communication

Performance Evaluation and Improving the PIMS

• Monitoring the PIMS with Metrics, Performance Indicators etc
• Internal Audit, Management Review and Corrective Actions
• Implementation of a Continual Improvement Program
• Preparing for the Certification Audit

Objectives

Completion of this course will enable students to

• Understand the principles of a PIMS conforming to ISO/IEC 27701:2019, including the relationship to and ISMS, ISO/IEC 27001:2013, ISO/IEC 27002:2013 etc and regulatory frameworks
• Apply concepts, approaches, standards, methods and techniques for the effective operation of a PIMS
• Advise organisations on PIMS best practices
• Manage teams implementing ISO/IEC 27701:2019

Audience

This course is aimed at students with (future) roles like

• Project managers, consultants and team members implementing privacy and data management
• Data and privacy officers
• CxO and senior managers of a PIMS and ISMS scope
• Auditors requiring more PIMS implementation insight

Prerequisites

General understanding of common business processes.

Some past exposure to information or IT security, management systems and / or project management helpful, but not required.

Examination and Certification

The course includes access to PECB's three hour exam available in multiple languages to be taken online on the last day or any time after the course (own laptop required). Exam and first year certification fees are included in the course fees.

This course is designed by PECB in Canada, who also mark the exam and issue respective certifications as per their criteria. PECB is a personnel certification body, accredited to ISO/IEC 17024:2012 by IAS. See www.pecb.com for full details.

Exam and first year certification fees are included in the course fees.

Overview

This five day course enables participants to develop the necessary expertise to audit an Information Security Management System against ISO/IEC 27001:2013 and to manage a team of auditors by applying widely recognized audit principles, procedures and techniques.

During this training, the participants will acquire the necessary knowledge and skills to proficiently plan and perform internal and external audits in compliance with ISO 19011:2018, as well as understanding the certification process according to ISO/IEC 17021-1:2015 and ISO/IEC 27006:2015.

The course consists of a mix of presentation, discussion and exercises based on real-world examples.

Outline

Introduction to ISMS Concepts per ISO/IEC 27001:2013

• Normative, Regulatory and Legal Framework
• Fundamental Principles of Information Security
• ISO/IEC 27001:2013 Certification Process
• Information Security Management System (ISMS)
• Clauses of ISO/IEC 27001:2013

Planning and Initiating the Audit

• Fundamental Audit Concepts and Principles
• Audit Approach based on Evidence and Risk
• Preparation of an ISO/IEC 27001:2013 Certification Audit
• ISMS Documentation Audit
• Conducting an Opening Meeting

Conducting the Audit

• Communication during the Audit
• Audit procedures: Observation, Document Review, Interview, Sampling, Technical Verification, Corroboration and Evaluation
• Audit Test Plans
• Formulation of Audit Findings
• Documenting Nonconformities

Concluding and Follow-up of the Audit

• Audit Documentation
• Quality Review
• Conducting a Closing Meeting and Conclusion of the Audit
• Evaluation of Corrective Action Plans
• Surveillance and Re-Certification Audits
• Internal Audit Management Program

Objectives

Completion of this course will enable students to

• Understand the principles of an ISMS conforming to
• ISO/IEC 27001:2013
• Perform ISO/IEC 27001:2013 internal audits
• Execute ISO/IEC 27001:2013 certification audits on behalf of a certification body
• Manage ISMS audit teams

Audience

This course is aimed at students with (future) roles like

• Internal auditors
• ISMS certification auditors
• Project managers, consultants and information security team members participating in ISMS audits
• information security practitioners moving into audit roles

Prerequisites

General understanding of common business processes.

Some past exposure to information or IT security, management systems and audits helpful, but not required.

Examination and Certification

The course includes access to PECB's three hour exam available in multiple languages to be taken online on the last day or any time after the course (own laptop required). Exam and first year certification fees are included in the course fees.

This course is designed by PECB in Canada, who also mark the exam and issue respective certifications as per their criteria. PECB is a personnel certification body, accredited to ISO/IEC 17024:2012 by IAS. See www.pecb.com for full details.

Overview

This five day course enables participants to develop the necessary knowledge, skills and competence to effectively implement and manage a compliance framework with regards to the protection of personal data.

By mastering all the necessary concepts of EU General Data Protection Regulation (GDPR), participants will gain a thorough understanding of the gap between the GDPR and the current organizational processes including privacy policies, procedures, working instructions, consent forms, data protection impact assessments, in order to assists organisations in the adoption process to the new regulation.

The course consists of a mix of presentation, discussion and exercises based on real-world examples.

Outline

Introduction to GDPR Essentials

• Fundamental Principles of the GDPR
• Initiating the GDPR Implementation
• Understanding the Organization
• Clarifying the Data Protection Objectives
• Analysis of the Existing System

Planning the Implementation of the GDPR

• Leadership and Project Approval
• Data Protection Policy
• Definition of the Organizational Structure
• Data Classification
• Risk Assessment under the GDPR

Deploying the GDPR

• Privacy Impact Assessment (PIA)
• Design of Security Controls and Drafting of Specific Policies
• Implementation of Controls
• Definition of the Document Management Process
• Communication, Training and Awareness Plan

Monitoring and Improving the GDPR compliance

• Operations and Incident Management
• Monitoring, Measurement, Analysis and Evaluation
• Internal Audit
• Data Breaches and Corrective Actions
• Continual Improvement

Objectives

Completion of this course will enable students to

• Gain a comprehensive understanding of the concepts and approaches of the GDPR
• Understand the new requirements that the GDPR brings for EU and non-EU organisations and when it is necessary to implement them
• Manage a team implementing the GDPR
• Gain the knowledge and skills required to advise organisations how to manage personal data

Audience

This course is aimed at students with (future) roles like

• Project managers, consultants, advisors and team members implementing the GDPR
• Data Protection Officers and senior managers responsible for the personal data protection
• Members of information security, incident management and business continuity teams

Prerequisites

General understanding of common business processes.

Some past exposure to data protection helpful, but not required.

Examination and Certification

The course includes access to PECB's three hour exam available in multiple languages to be taken online on the last day or any time after the course (own laptop required). Exam and first year certification fees are included in the course fees.

This course is designed by PECB in Canada, who also mark the exam and issue respective certifications as per their criteria. PECB is a personnel certification body, accredited to ISO/IEC 17024:2012 by IAS. See www.pecb.com for full details.

Overview

This five day course starts with the basics of a Public Key Infrastructure (PKI) and ends with more advanced topics. This intensive technical course is intended for anyone who is interested in implementing, configuring and managing Active Directory Certificate Services.

The course has a balance between the theoretical and practical part and contains exercises with real world examples. Total lab time of the course is more than 50%.

Contents

• Understanding Cryptography
• Designing a Public Key Infrastructure
• Installing and Configuring Active Directory Certificate Services
• Certificate Templates
• Certificate Enrollment
• Key Archival and Recovery
• Backup and Restore Certificate Authority
• Backup and Clean-up Certificate Authority Database
• Network Device Enrollment Service
• Implementing Code Signing
• Implementing an SMTP Exit Module
• Installing and Configuring an Online Certificate Status Protocol
• Use OpenSSL to Generate Certificate Requests
• Use of SSL to Secure RDP Connections
• Implementing IEEE 802.1x for Wired Networks using a Cisco Catalyst Switch
• Implementing IEEE 802.1x for Wireless Networks using Cisco Wireless Access Point
• Implementing Smart Card for Multi-Factor Authentication (Athena)
• Implementing Virtual Smart Cards using Trusted Platform Module
• Deploying Multi-protocol Security Keys for Multi-Factor Authentication (YubiKey4)
• Implementing Key Attestation
• Securing BitLocker USB drives with virtual smart cards
• Implementing Least-Privilege Administrative Models
• Protecting a Certificate Authority Keys using a Hardware Security Module (YubiHSM2)
• Installing and Configuring Certificate Enrollment Policy Web Service

Order and focus of the hands-on labs can be adjusted based on interests of the participants.

Objectives

Completion of this course will enable students to

• Understand the basics of a Public Key Infrastructure (PKI)
• Implement, configure and manage Windows Server 2016 Active Directory Certificate Services
• Gain knowledge and skills required to advise organisations on how to implement Windows Server 2016 Active Directory Certificate Services

Audience

This course is aimed at students with (future) roles like

• Windows System Engineers (MCSA, MCSE)
• Security Engineers, PKI consultants

Prerequisites

Knowledge of Windows 7 or Windows 10, Windows Server 2012 or Windows Server 2016, Active Directory, Network Infrastructure Roles, and Group Policies. Experience on how to create users, groups, group policies, installation of roles and features

An understanding of previous Microsoft Active Directory Certificate Services helpful, but not required.

Participants are required to bring their own computer (min. 16 GB RAM, 60 GB of free disk space) with VMware Professional 14 (licensed or trial version) installed. Virtual machines required will be supplied.

Minimum of three students are required to run this course.

Examination and Certification

The course ends with an assessment on the last day. Exam and first year certification fees are included in the course fees.

This course has been designed by SoftQualM and partners, who also assess and issue the Active Directory Certificate Services Professional certification in accordance with ISO/IEC 17024:2012.

Overview

This three day course enables participants to develop the necessary expertise to support an organisation in implementing risk management processes based on ISO 31000:2018.

The generic character of ISO 31000:2018 makes it applicable across organisations at subject matter as well as enterprise level.

ISO 31000:2018 provides a comprehensive model for any kind of management system, standard, operational or regulatory context requiring a risk-based approach, whether a formal risk management process is required or not.

Examples are ISO 9001:2015, ISO 14001:2015, ISO/IEC 20000-1:2018, ISO 22301:2019, ISO/IEC 27001:2013, ISO 45001:2018, SOX, revenue assurance, program and project management, data protection, GDPR etc.

The course consists of a mix of presentation, discussion and exercises based on real-world examples.

Outline

Introduction to Risk Management per ISO 31000:2018

• Concepts and Definitions relating to Risk Management
• Risk Management Standards, Frameworks and Methodologies
• Implementation of a Risk Management Framework
• Understanding an Organization and its Context

Elements of the Risk Management Framework

• Risk Identification
• Risk Analysis and Risk Evaluation
• Risk Treatment
• Risk Acceptance and Residual Risk Management
• Risk Communication and Consultation
• Risk Monitoring and Review

Examples of Risk Assessment Methodologies

• Overview to IEC 31010:2009
• Brainstorming, DELPH
• Hazard Analysis using HAZOP and HACCP
• Scenario Analysis
• Fault and Failure Analysis using FTA, FMEA and FMECA
• Operations Management of the BCMS
• Cause and Effect Diagram

Objectives

Completion of this course will enable students to

• Understand concepts, approaches, methods, tools and techniques for effective risk management according to ISO 31000:2018
• Understand the relationship between risk management and requirements of interested parties
• Implement, maintain and manage an ongoing risk management program
• Advise organisations on best practices in risk management

Audience

This course is aimed at students with (future) roles like

• Risk managers and Business process owners
• Project managers, consultants and team members implementing and operating management systems
• Regulatory compliance managers
• Auditors requiring more risk management insight

Prerequisites

General understanding of common business processes.

Some past exposure to risk management and / or management systems helpful, but not required.

Examination and Certification

The course includes access to PECB's two hour exam available in multiple languages to be taken online any time after the course (own laptop required). Exam and first year certification fees are included in the course fees.

This course is designed by PECB in Canada, who also mark the exam and issue respective certifications as per their criteria. PECB is a personnel certification body, accredited to ISO/IEC 17024:2012 by IAS. See www.pecb.com for full details.

Overview

This training provides a comprehensive review of information security auditing concepts and industry best practices, covering the 5 major areas of the CISA CBK (Common Body of Knowledge).

This training course will help candidates review and refresh their information security auditing knowledge and help identify areas they need to study for the CISA exam.

The CISA certification is recognized worldwide.

Outline

Information Systems Auditing Process

• Audit Standards and Types, Ethics, Risk-based Approach
• Project Management, Sampling, Evidence Collection
• Audit Methods

Governance and Management of IT

• IT Strategy, Frameworks, Standards, Organisational Structures
• Enterprise Architecture and Risk Management, Maturity Models
• IT Resource and Service Provider Management
• Performance Monitoring and Reporting
• Quality Assurance and Quality Management of IT

Information Systems Acquisition, Development and Implementation

• Project Management, Business Case, Feasibility Analysis
• System Development Methodologies, Controls
• System Migration, Infrastructure Deployment and Data Conversion
• Testing Methodologies, Post-Implementation Review

Information Systems Operation and Resilience

• IT Asset, Performance, Incident and Problem Management
• Change, Configuration, Release and Patch Management
• End-User Computing, Database Management etc.
• Backup, Storage, Restoration and Recovery, Business Continuity

Protection of Information Assets

• Privacy, Data Classification, IAM, Encryption, Physical Controls
• Network, Endpoint, Mobile, Wireless & IoT Security, Virtualization
• Security Awareness, Attacks, Testing and Monitoring
• Incident Response Management, Evidence Collection and Forensics

Objectives

Completion of this course will enable students to

• Know the 5 major areas covered by the CISA® certification
• Understand the concepts of IT audit and IT governance
• Preparing for the CISA Certification Exam, eg by using multiple choices questions from previous CISA sessions (or comparable exams).

Audience

This course is aimed at students with (future) roles like

• Information system directors, CISOs
• Auditors moving into the information security domain
• Staff responsible for business continuity
• People for which the control of information security is fundamental in achieving their goals

Prerequisites

Basic knowledge of Information Systems is recommended.

Minimum of two students are required to run this course.

Examination and Certification

This course has been designed and is delivered by Nitroxis and their trainers.

Note: this course does not include the CISA exam. This has to be taken at the dedicated test facilities as defined by ISACA. ISACA‘s certification requirements apply.

Overview

This training provides a comprehensive review of information security concepts and industry best practices, covering the 8 domains of CISSP CBK (Common Body of Knowledge).

Several types of activities are used throughout the course to reinforce topics and increase knowledge retention. These activities include open ended questions from the instructor to the students, matching and poll questions, group activities, open/closed questions, and group discussions. the interactive learning technique is based on sound adult learning theories.

This training course will help candidates review and refresh their information security knowledge and help identify areas they need to study for the CISSP exam and features.

The vendor-neutral CISSP certification is the ideal credential for those with proven deep technical and managerial competence, skills, experience, and credibility to design, engineer, implement, and manage their overall information security program to protect organizations from growing sophisticated attacks.

The CISSP certification is recognized worldwide.

Outline

Security and Risk Management

Asset Security

Security Engineering

Communications and Network Security

Identity and Access Management

Security Assessment and Testing

Security Operations

Software Development Security

Objectives

Completion of this course will enable students to

• Understand the 8 domains of knowledge that are covered on the CISSP exam
• Analyse questions on the exam and be able to select the correct answer
• Apply the knowledge and testing skills learned in class to pass the CISSP exam
• Understand and explain all of the concepts covered in the 8 domains of knowledge
• Apply the skills learned across the 8 domains to solve security problems when you return to work

Audience

This course is aimed at students with (future) roles like

• Security consultants, architects and managers, IT directors and managers
• Security analysts, security systems engineers, network architects
• Chief information security officers (CISOs), directors of security etc.
• Security auditors

Prerequisites

Basic knowledge of Information Systems is recommended.

Minimum of four students are required to run this course.

Examination and Certification

This course has been designed and is delivered by Nitroxis and their trainers.

Note: this course does not include the CISSP exam. This has to be taken at the dedicated test facilities as defined by (ISC)2. (ISC)2‘s certification requirements apply.

Overview

This training provides a comprehensive review of information security concepts and industry best practices, covering the 4 domains of the CISM CBK (Common Body of Knowledge).

This training course will help candidates review and refresh their information security management knowledge and help identify areas they need to study for the CISM exam.

The CISM certification is recognized worldwide.

Outline

Information Security Governance

• Alignment of policy security information on the business strategy and direction
• Policy security information development
• Commitment of senior management and support for information security across the enterprise
• Roles and responsibilities in the governance of information security

Information Security Risk Management and Compliance

• Development of a systematic and analytical approach and the ongoing process of risk management
• Identification, analysis and risk assessment
• Definition of strategies risk treatment
• Risk management communication

Information Security Program Development and Management

• The security information architecture
• System Development Methodologies, Controls
• Methods to define the required security measures
• Contract management and information security requirements
• Metrics and evaluation of IT security performance

Information Security Incident Management

• Components of a security incident management plan
• Concepts and practices in the management of security incidents
• Method classification
• Notification and escalation process
• Detection techniques and incidents analysis

Objectives

Completion of this course will enable students to

• Know the 4 domains covered by the CISM® certification
• Understand the concepts of information security management
• Preparing for the CISM Certification Exam, eg by using multiple choices questions from previous CISM sessions (or comparable exams).

Audience

This course is aimed at students with (future) roles like

• Information system directors, CISOs
• Staff responsible for business continuity
• People for which the control of information security is fundamental in achieving their goals
• Auditors requiring more information security management insight

Prerequisites

Basic knowledge of Information Systems is recommended.

Minimum of two students are required to run this course.

Examination and Certification

This course has been designed and is delivered by Nitroxis and their trainers.

Note: this course does not include the CISM exam. This has to be taken at the dedicated test facilities as defined by ISACA. ISACA‘s certification requirements apply.

Overview

This training provides a comprehensive review of information security concepts and industry best practices, covering the 4 key areas of the 7th edition of the CRISC CBK (Common Body of Knowledge).

This training course will help candidates review and refresh their IT risk management knowledge and help identify areas they need to study for the CRISC exam.

The CRISC certification is recognized worldwide.

Outline

Governance

• Organizational Structure, Strategy, Goals and Objectives
• Business Process Review, Organization Assets
• Enterprise Risk Management and Risk Management Frameworks
• Three Lines of Defence
• Risk Profile, Appetite, Tolerance and Capacity

IT Risk Assessment

• Threat Modelling and Threat Landscape
• Risk Assessment Concepts, Standards and Frameworks
• Risk Scenario Development
• Risk Analysis Methodologies, Business Impact Analysis
• Inherent, Residual and Current Risk

Risk Response and Reporting

• Risk and Control Ownership, Risk Treatment/Risk Response Options
• Third-party Risk Management
• Control Design, Implementation, Monitoring and Effectiveness
• Risk and Control Monitoring and Reporting Techniques
• Key Performance, Risk and Control Indicators

Information Technology and Security

• Enterprise Architecture, Resiliency, IT Operations and Project Management
• System Development and Data Life Cycle Management
• Emerging Trends in Technology
• Information Security Concepts, Frameworks and Standards
• Data Privacy and Principles of Data Protection

Objectives

Completion of this course will enable students to

• Master the risk management approach according the CRISC
• Apply the best response strategies to the risks weighing on the information systems
• Define information system controls
• Use best risk and control monitoring practices
• Preparing for the CRISC Certification Exam, eg by using multiple choices questions from previous CRISC sessions (or comparable exams).

Audience

This course is aimed at students with (future) roles like

• Governance, information and cyber security consultants, CISOs
• Risk and control professionals
• IT and compliance professionals
• Project managers, business analysts
• Auditors requiring more IT risk management insight

Prerequisites

Basic knowledge of Information Systems is recommended.

Minimum of two students are required to run this course.

Examination and Certification

This course has been designed and is delivered by Nitroxis and their trainers.

Note: this course does not include the CRISC exam. This has to be taken at the dedicated test facilities as defined by ISACA. ISACA‘s certification requirements apply.

Overview

This three day course enables participants to develop the necessary expertise to support an organisation in implementing risk management processes related to all assets of relevance for information security based on ISO/IEC 27005:2018.

ISO/IEC 27005:2018 builds onto the generic risk management principles set out in ISO 31000:2018, and applies those to the context of an information security management system (ISMS), thus providing a framework for satisfying the risk management requirements of ISO/IEC 27001:2013.

The course consists of a mix of presentation, discussion and exercises based on real-world examples.

Outline

Introduction to Information Security Risk Management per ISO/IEC 27005:2018

• Concepts and Definitions relating to Risk Management
• Risk Management Standards, Frameworks and Methodologies
• Implementation of a Risk Management Framework
• Understanding an Organization and its Context

Elements of the Risk Management Framework

• Risk Identification
• Risk Analysis and Risk Evaluation
• Risk Treatment
• Risk Acceptance and Residual Risk Management
• Risk Communication and Consultation
• Risk Monitoring and Review

Examples of Risk Assessment Methodologies

• Operational Critical Threat, Asset and Vulnerability Evaluation (OCTAVE)
• Harmonised Risk Analysis Method (MEHARI)
• Expression of Needs and Identification of Security Objectives (EBIOS)
• Harmonized Threat and Risk Assessment (TRA)

Objectives

Completion of this course will enable students to

• Understand concepts, approaches, methods, tools and techniques for effective information security risk management according to ISO/IEC 27005:2018
• Understand the relationship between risk management, controls and ISO/IEC 27001:2013
• Implement, maintain and manage an ongoing
information security risk management program
• Advise organisations on best practices in information security risk management

Audience

This course is aimed at students with (future) roles like

• Risk managers and Information security officers
• Project managers, consultants and team members implementing and operating information security management systems
• Auditors requiring more risk management insight

Prerequisites

General understanding of common business processes.

Some past exposure to risk management and / or management systems helpful, but not required.

Examination and Certification

The course includes access to PECB's two hour exam available in multiple languages to be taken online any time after the course (own laptop required). Exam and first year certification fees are included in the course fees.

This course is designed by PECB in Canada, who also mark the exam and issue respective certifications as per their criteria. PECB is a personnel certification body, accredited to ISO/IEC 17024:2012 by IAS. See www.pecb.com for full details.

Overview

This five day course enables participants to develop the necessary expertise to audit a Business Continuity Management System against ISO 22301:2019 and to manage a team of auditors by applying widely recognized audit principles, procedures and techniques

During this training, the participants will acquire the necessary knowledge and skills to proficiently plan and perform internal and external audits in compliance with ISO 19011:2018, as well as understanding the certification process according to ISO/IEC 17021-1:2015.

The course consists of a mix of presentation, discussion and exercises based on real-world examples.

Outline

Introduction to BCMS Concepts per ISO 22301:2012

• Normative, Regulatory and Legal Framework
• ISO 22301:2019 Certification Process
• Business Continuity Management System (BCMS)
• Clauses of ISO 22301:2019

Planning and Initiating the Audit

• Fundamental Audit Concepts and Principles
• Audit Approach based on Evidence and Risk
• Preparation of an ISO 22301:2019 Certification Audit
• BCMS Documentation Audit
• Conducting an Opening Meeting

Conducting the Audit

• Communication during the Audit
• Audit procedures: Observation, Document Review, Interview, Sampling, Technical Verification, Corroboration and Evaluation
• Audit Test Plans
• Formulation of Audit Findings
• Documenting Nonconformity's

Concluding and Follow-up of the Audit

• Audit Documentation
• Quality Review
• Conducting a Closing Meeting and Conclusion of the Audit
• Evaluation of Corrective Action Plans
• Surveillance and Re-Certification Audits
• Internal Audit Management Program

Objectives

Completion of this course will enable students to

• Understand the principles of a BCMS conforming to ISO 22301:2019
• Perform ISO 22301:2019 internal audits
• Execute ISO 22301:2019 certification audits on behalf of a certification body
• Manage BCMS audit teams

Audience

This course is aimed at students with (future) roles like

• Internal auditors
• BCMS certification auditors
• Project managers, consultants and business continuity team members participating in BCMS audits
• Business continuity practitioners moving into audit roles

Prerequisites

General understanding of common business processes.

Some past exposure to business continuity, management systems and audits helpful, but not required.

Examination and Certification

The course includes access to PECB's three hour exam available in multiple languages to be taken online on the last day or any time after the course (own laptop required). Exam and first year certification fees are included in the course fees.

This course is designed by PECB in Canada, who also mark the exam and issue respective certifications as per their criteria. PECB is a personnel certification body, accredited to ISO/IEC 17024:2012 by IAS. See www.pecb.com for full details.

Overview

This five day course enables participants to develop the necessary expertise to support an organisation in implementing and managing a Business Continuity Management System based on ISO 22301:2019.

Participants will also gain a thorough understanding of best practices used to implement business continuity processes from the ISO 22399.

This training incorporates project management practices as well as links to aspects of the predecessor standard BS 25999.

The course consists of a mix of presentation, discussion and exercises based on real-world examples.

Outline

Introduction to BCMS Concepts per ISO 22301:2012

• Normative, Regulatory and Legal Framework
• ISO 22301:2019 Certification Process
• Business Continuity Management System (BCMS)
• Clauses of ISO 22301:2019

Planning and Initiating the BCMS Implementation

• Gap Analysis, Business Case and Project Plan
• Defining Scope and Objectives of the BCMS
• Development of Business Continuity Policies
• Development of Business Continuity Policies

Implementing the BCMS

• Implementation of a Document Management Framework
• Design of Business Continuity Processes and Writing Procedures
• Implementation of Business Continuity Processes
• Development of a Communication, Training & Awareness Program
• Incident and Emergency Management
• Operations Management of the BCMS

Performance Evaluation and Improving the BCMS

• Monitoring the BCMS with Metrics, Performance Indicators etc
• Internal Audit, Management Review and Corrective Actions
• Implementation of a Continual Improvement Program
• Preparing for the Certification Audit

Objectives

Completion of this course will enable students to

• Understand the principles of a BCMS conforming to ISO 22301:2019, including the relationship between its components, eg risk management, requirements of interested parties
• Apply concepts, approaches, standards, methods and techniques for the effective operation of a BCMS
• Advise organisations on BCMS best practices
• Manage teams implementing ISO 22301:2019

Audience

This course is aimed at students with (future) roles like

• Project managers, consultants and team members implementing a BCMS
• (IT) Professionals moving into BCMS operation
• CxO and senior managers of a BCMS scope
• Auditors requiring more BCMS implementation insight

Prerequisites

General understanding of common business processes.

Some past exposure to business continuity, management systems and / or project management helpful, but not required.

Examination and Certification

The course includes access to PECB's three hour exam available in multiple languages to be taken online on the last day or any time after the course (own laptop required). Exam and first year certification fees are included in the course fees.

This course is designed by PECB in Canada, who also mark the exam and issue respective certifications as per their criteria. PECB is a personnel certification body, accredited to ISO/IEC 17024:2012 by IAS. See www.pecb.com for full details.

Overview

This three day course enables participants to develop the necessary expertise to support an organisation in implementing risk management processes based on ISO 31000:2018.

The generic character of ISO 31000:2018 makes it applicable across organisations at subject matter as well as enterprise level.

ISO 31000:2018 provides a comprehensive model for any kind of management system, standard, operational or regulatory context requiring a risk-based approach, whether a formal risk management process is required or not.

Examples are ISO 9001:2015, ISO 14001:2015, ISO/IEC 20000-1:2018, ISO 22301:2019, ISO/IEC 27001:2013, ISO 45001:2018, SOX, revenue assurance, program and project management, data protection, GDPR etc.

The course consists of a mix of presentation, discussion and exercises based on real-world examples.

Outline

Introduction to Risk Management per ISO 31000:2018

• Concepts and Definitions relating to Risk Management
• Risk Management Standards, Frameworks and Methodologies
• Implementation of a Risk Management Framework
• Understanding an Organization and its Context

Elements of the Risk Management Framework

• Risk Identification
• Risk Analysis and Risk Evaluation
• Risk Treatment
• Risk Acceptance and Residual Risk Management
• Risk Communication and Consultation
• Risk Monitoring and Review

Examples of Risk Assessment Methodologies

• Overview to IEC 31010:2009
• Brainstorming, DELPH
• Hazard Analysis using HAZOP and HACCP
• Scenario Analysis
• Fault and Failure Analysis using FTA, FMEA and FMECA
• Operations Management of the BCMS
• Cause and Effect Diagram

Objectives

Completion of this course will enable students to

• Understand concepts, approaches, methods, tools and techniques for effective risk management according to ISO 31000:2018
• Understand the relationship between risk management and requirements of interested parties
• Implement, maintain and manage an ongoing risk management program
• Advise organisations on best practices in risk management

Audience

This course is aimed at students with (future) roles like

• Risk managers and Business process owners
• Project managers, consultants and team members implementing and operating management systems
• Regulatory compliance managers
• Auditors requiring more risk management insight

Prerequisites

General understanding of common business processes.

Some past exposure to risk management and / or management systems helpful, but not required.

Examination and Certification

The course includes access to PECB's two hour exam available in multiple languages to be taken online any time after the course (own laptop required). Exam and first year certification fees are included in the course fees.

This course is designed by PECB in Canada, who also mark the exam and issue respective certifications as per their criteria. PECB is a personnel certification body, accredited to ISO/IEC 17024:2012 by IAS. See www.pecb.com for full details.

Overview

This five day course enables participants to develop the necessary expertise to audit a Service Management System against ISO/IEC 20000-1:2018 and to manage a team of auditors by applying widely recognized audit principles, procedures and techniques.

During this training, the participants will acquire the necessary knowledge and skills to proficiently plan and perform internal and external audits in compliance with ISO 19011:2018, as well as understanding the certification process according to ISO/IEC 17021-1:2015.

The course consists of a mix of presentation, discussion and exercises based on real-world examples.

Outline

Introduction to SMS Concepts per ISO/IEC 20000-1:2018

• Normative, Regulatory and Legal Framework
• Fundamental Principles of Information Security
• ISO/IEC 20000-1:2018 Certification Process
• Service Management System (SMS)
• Clauses of ISO/IEC 20000-1:2018

Planning and Initiating the Audit

• Fundamental Audit Concepts and Principles
• Audit Approach based on Evidence and Risk
• Preparation of an ISO/IEC 20000-1:2018 Certification Audit
• SMS Documentation Audit
• Conducting an Opening Meeting

Conducting the Audit

• Communication during the Audit
• Audit procedures: Observation, Document Review, Interview, Sampling, Technical Verification, Corroboration and Evaluation
• Audit Test Plans
• Formulation of Audit Findings
• Documenting Nonconformities

Concluding and Follow-up of the Audit

• Audit Documentation
• Quality Review
• Conducting a Closing Meeting and Conclusion of the Audit
• Evaluation of Corrective Action Plans
• Surveillance and Re-Certification Audits
• Internal Audit Management Program

Objectives

Completion of this course will enable students to

• Understand the principles of a SMS conforming to ISO/IEC 20000-1:2018
• Perform ISO/IEC 20000-1:2018 internal audits
• Execute ISO/IEC 20000-1:2018 certification audits on behalf of a certification body
• Manage SMS audit teams

Audience

This course is aimed at students with (future) roles like

• Internal auditors
• SMS certification auditors
• Project managers, consultants and service management team members participating in SMS audits
• IT and service management practitioners moving into audit roles

Prerequisites

General understanding of common business processes.

Some past exposure to service management, management systems and / or audits helpful, but not required.

Examination and Certification

The course ends with a three hour

The course includes access to PECB's three hour exam available in multiple languages to be taken online on the last day or any time after the course (own laptop required). Exam and first year certification fees are included in the course fees.

This course is designed by PECB in Canada, who also mark the exam and issue respective certifications as per their criteria. PECB is a personnel certification body, accredited to ISO/IEC 17024:2012 by IAS. See www.pecb.com for full details.

Overview

This five day course enables participants to develop the necessary expertise to support an organisation in implementing and managing a Service Management System based on ISO/IEC 20000-1:2018.

Participants will gain a thorough understanding of best practices used to implement a SMS across a wide range of service sectors, not just IT services as covered by ITIL.

This training incorporates project management practices as well as further guidance from elsewhere in the ISO/IEC 20000 family of standards.

The course consists of a mix of presentation, discussion and exercises based on real-world examples.

Outline

Introduction to SMS Concepts per ISO/IEC 20000-1:2018

• Normative, Regulatory and Legal Framework
• Fundamental Principles of Information Security
• Comparison with ITIL V2 and V3
• ISO/IEC 20000-1:2018 Certification Process
• Service Management System (SMS)
• Clauses of ISO/IEC 20000-1:2018

Planning and Initiating the Audit

• Gap Analysis, Business Case and Project Plan
• Defining Scope and Objectives of the SMS

Implementing the SMS

• Catalogue, Asset, Configuration and Relationship Management
• Budget, Demand and Capacity Management
• Change, Release and Deployment Management
• Incident and Problem Management
• Service Availability and Continuity Management
• Information Security Management
• Operations Management of the SMS

Performance Evaluation and Improving the SMS

• Monitoring the SMS with Metrics, Performance Indicators etc
• Internal Audit, Management Review and Corrective Actions
• Implementation of a Continual Improvement Program
• Preparing for the Certification Audit

Objectives

Completion of this course will enable students to

• Understand the principles of a SMS conforming to ISO/IEC 20000-1:2018, including the relationship between its components, eg risk management, controls, requirements of interested parties
• Apply concepts, approaches, standards, methods and techniques for the effective operation of a SMS
• Advise organisations on SMS best practices
• Manage teams implementing ISO/IEC 20000-1:2018

Audience

This course is aimed at students with (future) roles like

• Project managers, consultants and team members implementing a SMS or extending from ITIL etc
• (IT) Professionals moving into SMS operation
• CxO and senior managers of a SMS scope
• Auditors requiring more SMS implementation insight

Prerequisites

General understanding of common business processes.

Some past exposure to information or IT security, management systems and / or project management helpful, but not required.

Examination and Certification

The course includes access to PECB's three hour exam available in multiple languages to be taken online on the last day or any time after the course (own laptop required). Exam and first year certification fees are included in the course fees.

This course is designed by PECB in Canada, who also mark the exam and issue respective certifications as per their criteria. PECB is a personnel certification body, accredited to ISO/IEC 17024:2012 by IAS. See www.pecb.com for full details.

Overview

This five day course enables participants to develop the necessary expertise to support an organisation in implementing and managing a Service Management System based on ISO/IEC 20000-1:2018.

Participants will gain a thorough understanding of best practices used to implement a SMS across a wide range of service sectors, not just IT services as covered by ITIL.

This training incorporates project management practices as well as further guidance from elsewhere in the ISO/IEC 20000 family of standards.

The course consists of a mix of presentation, discussion and exercises based on real-world examples.

Outline

Introduction to SMS Concepts per ISO/IEC 20000-1:2018

• Normative, Regulatory and Legal Framework
• Fundamental Principles of Information Security
• Comparison with ITIL V2 and V3
• ISO/IEC 20000-1:2018 Certification Process
• Service Management System (SMS)
• Clauses of ISO/IEC 20000-1:2018

Planning and Initiating the Audit

• Gap Analysis, Business Case and Project Plan
• Defining Scope and Objectives of the SMS

Implementing the SMS

• Catalogue, Asset, Configuration and Relationship Management
• Budget, Demand and Capacity Management
• Change, Release and Deployment Management
• Incident and Problem Management
• Service Availability and Continuity Management
• Information Security Management
• Operations Management of the SMS

Performance Evaluation and Improving the SMS

• Monitoring the SMS with Metrics, Performance Indicators etc
• Internal Audit, Management Review and Corrective Actions
• Implementation of a Continual Improvement Program
• Preparing for the Certification Audit

Objectives

Completion of this course will enable students to

• Understand the principles of a SMS conforming to ISO/IEC 20000-1:2018, including the relationship between its components, eg risk management, controls, requirements of interested parties
• Apply concepts, approaches, standards, methods and techniques for the effective operation of a SMS
• Advise organisations on SMS best practices
• Manage teams implementing ISO/IEC 20000-1:2018

Audience

This course is aimed at students with (future) roles like

• Project managers, consultants and team members implementing a SMS or extending from ITIL etc
• (IT) Professionals moving into SMS operation
• CxO and senior managers of a SMS scope
• Auditors requiring more SMS implementation insight

Prerequisites

General understanding of common business processes.

Some past exposure to information or IT security, management systems and / or project management helpful, but not required.

Examination and Certification

The course includes access to PECB's three hour exam available in multiple languages to be taken online on the last day or any time after the course (own laptop required). Exam and first year certification fees are included in the course fees.

This course is designed by PECB in Canada, who also mark the exam and issue respective certifications as per their criteria. PECB is a personnel certification body, accredited to ISO/IEC 17024:2012 by IAS. See www.pecb.com for full details.

Overview

This three day course enables participants to develop the necessary expertise to support an organisation in implementing risk management processes based on ISO 31000:2018.

The generic character of ISO 31000:2018 makes it applicable across organisations at subject matter as well as enterprise level.

ISO 31000:2018 provides a comprehensive model for any kind of management system, standard, operational or regulatory context requiring a risk-based approach, whether a formal risk management process is required or not.

Examples are ISO 9001:2015, ISO 14001:2015, ISO/IEC 20000-1:2018, ISO 22301:2019, ISO/IEC 27001:2013, ISO 45001:2018, SOX, revenue assurance, program and project management, data protection, GDPR etc.

The course consists of a mix of presentation, discussion and exercises based on real-world examples.

Outline

Introduction to Risk Management per ISO 31000:2018

• Concepts and Definitions relating to Risk Management
• Risk Management Standards, Frameworks and Methodologies
• Implementation of a Risk Management Framework
• Understanding an Organization and its Context

Elements of the Risk Management Framework

• Risk Identification
• Risk Analysis and Risk Evaluation
• Risk Treatment
• Risk Acceptance and Residual Risk Management
• Risk Communication and Consultation
• Risk Monitoring and Review

Examples of Risk Assessment Methodologies

• Overview to IEC 31010:2009
• Brainstorming, DELPH
• Hazard Analysis using HAZOP and HACCP
• Scenario Analysis
• Fault and Failure Analysis using FTA, FMEA and FMECA
• Operations Management of the BCMS
• Cause and Effect Diagram

Objectives

Completion of this course will enable students to

• Understand concepts, approaches, methods, tools and techniques for effective risk management according to ISO 31000:2018
• Understand the relationship between risk management and requirements of interested parties
• Implement, maintain and manage an ongoing risk management program
• Advise organisations on best practices in risk management

Audience

This course is aimed at students with (future) roles like

• Risk managers and Business process owners
• Project managers, consultants and team members implementing and operating management systems
• Regulatory compliance managers
• Auditors requiring more risk management insight

Prerequisites

General understanding of common business processes.

Some past exposure to risk management and / or management systems helpful, but not required.

Examination and Certification

The course includes access to PECB's two hour exam available in multiple languages to be taken online any time after the course (own laptop required). Exam and first year certification fees are included in the course fees.

This course is designed by PECB in Canada, who also mark the exam and issue respective certifications as per their criteria. PECB is a personnel certification body, accredited to ISO/IEC 17024:2012 by IAS. See www.pecb.com for full details.

Overview

This five day course enables participants to develop the necessary expertise to audit a Service Management System against ISO/IEC 20000-1:2018 and to manage a team of auditors by applying widely recognized audit principles, procedures and techniques.

During this training, the participants will acquire the necessary knowledge and skills to proficiently plan and perform internal and external audits in compliance with ISO 19011:2018, as well as understanding the certification process according to ISO/IEC 17021-1:2015.

The course consists of a mix of presentation, discussion and exercises based on real-world examples.

Outline

Introduction to SMS Concepts per ISO/IEC 20000-1:2018

• Normative, Regulatory and Legal Framework
• Fundamental Principles of Information Security
• ISO/IEC 20000-1:2018 Certification Process
• Service Management System (SMS)
• Clauses of ISO/IEC 20000-1:2018

Planning and Initiating the Audit

• Fundamental Audit Concepts and Principles
• Audit Approach based on Evidence and Risk
• Preparation of an ISO/IEC 20000-1:2018 Certification Audit
• SMS Documentation Audit
• Conducting an Opening Meeting

Conducting the Audit

• Communication during the Audit
• Audit procedures: Observation, Document Review, Interview, Sampling, Technical Verification, Corroboration and Evaluation
• Audit Test Plans
• Formulation of Audit Findings
• Documenting Nonconformities

Concluding and Follow-up of the Audit

• Audit Documentation
• Quality Review
• Conducting a Closing Meeting and Conclusion of the Audit
• Evaluation of Corrective Action Plans
• Surveillance and Re-Certification Audits
• Internal Audit Management Program

Objectives

Completion of this course will enable students to

• Understand the principles of a SMS conforming to ISO/IEC 20000-1:2018
• Perform ISO/IEC 20000-1:2018 internal audits
• Execute ISO/IEC 20000-1:2018 certification audits on behalf of a certification body
• Manage SMS audit teams

Audience

This course is aimed at students with (future) roles like

• Internal auditors
• SMS certification auditors
• Project managers, consultants and service management team members participating in SMS audits
• IT and service management practitioners moving into audit roles

Prerequisites

General understanding of common business processes.

Some past exposure to service management, management systems and / or audits helpful, but not required.

Examination and Certification

The course ends with a three hour

The course includes access to PECB's three hour exam available in multiple languages to be taken online on the last day or any time after the course (own laptop required). Exam and first year certification fees are included in the course fees.

This course is designed by PECB in Canada, who also mark the exam and issue respective certifications as per their criteria. PECB is a personnel certification body, accredited to ISO/IEC 17024:2012 by IAS. See www.pecb.com for full details.

Overview

This three day course enables participants to develop the necessary expertise to support an organisation in implementing risk management processes related to all assets of relevance for information security based on ISO/IEC 27005:2018.

ISO/IEC 27005:2018 builds onto the generic risk management principles set out in ISO 31000:2018, and applies those to the context of an information security management system (ISMS), thus providing a framework for satisfying the risk management requirements of ISO/IEC 27001:2013.

The course consists of a mix of presentation, discussion and exercises based on real-world examples.

Outline

Introduction to Information Security Risk Management per ISO/IEC 27005:2018

• Concepts and Definitions relating to Risk Management
• Risk Management Standards, Frameworks and Methodologies
• Implementation of a Risk Management Framework
• Understanding an Organization and its Context

Elements of the Risk Management Framework

• Risk Identification
• Risk Analysis and Risk Evaluation
• Risk Treatment
• Risk Acceptance and Residual Risk Management
• Risk Communication and Consultation
• Risk Monitoring and Review

Examples of Risk Assessment Methodologies

• Operational Critical Threat, Asset and Vulnerability Evaluation (OCTAVE)
• Harmonised Risk Analysis Method (MEHARI)
• Expression of Needs and Identification of Security Objectives (EBIOS)
• Harmonized Threat and Risk Assessment (TRA)

Objectives

Completion of this course will enable students to

• Understand concepts, approaches, methods, tools and techniques for effective information security risk management according to ISO/IEC 27005:2018
• Understand the relationship between risk management, controls and ISO/IEC 27001:2013
• Implement, maintain and manage an ongoing
information security risk management program
• Advise organisations on best practices in information security risk management

Audience

This course is aimed at students with (future) roles like

• Risk managers and Information security officers
• Project managers, consultants and team members implementing and operating information security management systems
• Auditors requiring more risk management insight

Prerequisites

General understanding of common business processes.

Some past exposure to risk management and / or management systems helpful, but not required.

Examination and Certification

The course includes access to PECB's two hour exam available in multiple languages to be taken online any time after the course (own laptop required). Exam and first year certification fees are included in the course fees.

This course is designed by PECB in Canada, who also mark the exam and issue respective certifications as per their criteria. PECB is a personnel certification body, accredited to ISO/IEC 17024:2012 by IAS. See www.pecb.com for full details.

Overview

This training provides a comprehensive review of information security concepts and industry best practices, covering the 4 key areas of the 7th edition of the CRISC CBK (Common Body of Knowledge).

This training course will help candidates review and refresh their IT risk management knowledge and help identify areas they need to study for the CRISC exam.

The CRISC certification is recognized worldwide.

Outline

Governance

• Organizational Structure, Strategy, Goals and Objectives
• Business Process Review, Organization Assets
• Enterprise Risk Management and Risk Management Frameworks
• Three Lines of Defence
• Risk Profile, Appetite, Tolerance and Capacity

IT Risk Assessment

• Threat Modelling and Threat Landscape
• Risk Assessment Concepts, Standards and Frameworks
• Risk Scenario Development
• Risk Analysis Methodologies, Business Impact Analysis
• Inherent, Residual and Current Risk

Risk Response and Reporting

• Risk and Control Ownership, Risk Treatment/Risk Response Options
• Third-party Risk Management
• Control Design, Implementation, Monitoring and Effectiveness
• Risk and Control Monitoring and Reporting Techniques
• Key Performance, Risk and Control Indicators

Information Technology and Security

• Enterprise Architecture, Resiliency, IT Operations and Project Management
• System Development and Data Life Cycle Management
• Emerging Trends in Technology
• Information Security Concepts, Frameworks and Standards
• Data Privacy and Principles of Data Protection

Objectives

Completion of this course will enable students to

• Master the risk management approach according the CRISC
• Apply the best response strategies to the risks weighing on the information systems
• Define information system controls
• Use best risk and control monitoring practices
• Preparing for the CRISC Certification Exam, eg by using multiple choices questions from previous CRISC sessions (or comparable exams).

Audience

This course is aimed at students with (future) roles like

• Governance, information and cyber security consultants, CISOs
• Risk and control professionals
• IT and compliance professionals
• Project managers, business analysts
• Auditors requiring more IT risk management insight

Prerequisites

Basic knowledge of Information Systems is recommended.

Minimum of two students are required to run this course.

Examination and Certification

This course has been designed and is delivered by Nitroxis and their trainers.

Note: this course does not include the CRISC exam. This has to be taken at the dedicated test facilities as defined by ISACA. ISACA‘s certification requirements apply.

Overview

This three day course enables participants to develop the necessary expertise to support an organisation in implementing risk management processes based on ISO 31000:2018.

The generic character of ISO 31000:2018 makes it applicable across organisations at subject matter as well as enterprise level.

ISO 31000:2018 provides a comprehensive model for any kind of management system, standard, operational or regulatory context requiring a risk-based approach, whether a formal risk management process is required or not.

Examples are ISO 9001:2015, ISO 14001:2015, ISO/IEC 20000-1:2018, ISO 22301:2019, ISO/IEC 27001:2013, ISO 45001:2018, SOX, revenue assurance, program and project management, data protection, GDPR etc.

The course consists of a mix of presentation, discussion and exercises based on real-world examples.

Outline

Introduction to Risk Management per ISO 31000:2018

• Concepts and Definitions relating to Risk Management
• Risk Management Standards, Frameworks and Methodologies
• Implementation of a Risk Management Framework
• Understanding an Organization and its Context

Elements of the Risk Management Framework

• Risk Identification
• Risk Analysis and Risk Evaluation
• Risk Treatment
• Risk Acceptance and Residual Risk Management
• Risk Communication and Consultation
• Risk Monitoring and Review

Examples of Risk Assessment Methodologies

• Overview to IEC 31010:2009
• Brainstorming, DELPH
• Hazard Analysis using HAZOP and HACCP
• Scenario Analysis
• Fault and Failure Analysis using FTA, FMEA and FMECA
• Operations Management of the BCMS
• Cause and Effect Diagram

Objectives

Completion of this course will enable students to

• Understand concepts, approaches, methods, tools and techniques for effective risk management according to ISO 31000:2018
• Understand the relationship between risk management and requirements of interested parties
• Implement, maintain and manage an ongoing risk management program
• Advise organisations on best practices in risk management

Audience

This course is aimed at students with (future) roles like

• Risk managers and Business process owners
• Project managers, consultants and team members implementing and operating management systems
• Regulatory compliance managers
• Auditors requiring more risk management insight

Prerequisites

General understanding of common business processes.

Some past exposure to risk management and / or management systems helpful, but not required.

Examination and Certification

The course includes access to PECB's two hour exam available in multiple languages to be taken online any time after the course (own laptop required). Exam and first year certification fees are included in the course fees.

This course is designed by PECB in Canada, who also mark the exam and issue respective certifications as per their criteria. PECB is a personnel certification body, accredited to ISO/IEC 17024:2012 by IAS. See www.pecb.com for full details.

Overview

This three day course enables participants to develop the necessary expertise to support an organisation in implementing risk management processes related to all assets of relevance for information security based on ISO/IEC 27005:2018.

ISO/IEC 27005:2018 builds onto the generic risk management principles set out in ISO 31000:2018, and applies those to the context of an information security management system (ISMS), thus providing a framework for satisfying the risk management requirements of ISO/IEC 27001:2013.

The course consists of a mix of presentation, discussion and exercises based on real-world examples.

Outline

Introduction to Information Security Risk Management per ISO/IEC 27005:2018

• Concepts and Definitions relating to Risk Management
• Risk Management Standards, Frameworks and Methodologies
• Implementation of a Risk Management Framework
• Understanding an Organization and its Context

Elements of the Risk Management Framework

• Risk Identification
• Risk Analysis and Risk Evaluation
• Risk Treatment
• Risk Acceptance and Residual Risk Management
• Risk Communication and Consultation
• Risk Monitoring and Review

Examples of Risk Assessment Methodologies

• Operational Critical Threat, Asset and Vulnerability Evaluation (OCTAVE)
• Harmonised Risk Analysis Method (MEHARI)
• Expression of Needs and Identification of Security Objectives (EBIOS)
• Harmonized Threat and Risk Assessment (TRA)

Objectives

Completion of this course will enable students to

• Understand concepts, approaches, methods, tools and techniques for effective information security risk management according to ISO/IEC 27005:2018
• Understand the relationship between risk management, controls and ISO/IEC 27001:2013
• Implement, maintain and manage an ongoing
information security risk management program
• Advise organisations on best practices in information security risk management

Audience

This course is aimed at students with (future) roles like

• Risk managers and Information security officers
• Project managers, consultants and team members implementing and operating information security management systems
• Auditors requiring more risk management insight

Prerequisites

General understanding of common business processes.

Some past exposure to risk management and / or management systems helpful, but not required.

Examination and Certification

The course includes access to PECB's two hour exam available in multiple languages to be taken online any time after the course (own laptop required). Exam and first year certification fees are included in the course fees.

This course is designed by PECB in Canada, who also mark the exam and issue respective certifications as per their criteria. PECB is a personnel certification body, accredited to ISO/IEC 17024:2012 by IAS. See www.pecb.com for full details.

Overview

This three day training enables participants to learn the basics of the PRINCE2 Project Management method. The participant will learn about the PRINCE2 Principles, Themes, Processes and Tailoring.

The course consists of a mix of presentation, discussion and exercises based on real-world examples.

Review exercises as well as a practice test assist the exam preparation.

Outline

Day 1

• Introduction PRINCE2
• PRINCE2 Process Model
• Starting Up a Project
• Organization
• Business Case

Day 2

• Initiating a Project
• Quality
• Plans
• Risk
• Change
• Controlling a Stage
• Managing Product Delivery
• Progress

Day 3

• Managing a Stage Boundary
• Closing a Project
• Tailoring PRINCE2 to the Project Environment
• PRINCE2 foundation Exam

Objectives

Completion of this course will enable students to

• Understand basics of PRINCE2 Project Management
• Know the basic differences between the PRINCE2 Principles, Themes and Processes
• Prepare for the PRINCE2 Foundation exam

Audience

This course is aimed at students with (future) roles like

• Project Managers
• Consultants and team members managing or supporting a project using PRINCE2
• CxO and senior managers sponsoring projects

Prerequisites

Some past exposure to project management helpful, but not required.

Examination and Certification

The course is delivered by Trainers of Polychor, a PRINCE2 Accredited Training Organisation.

The official one hour multiple choice PRINCE2 Foundation exam can be taken at the end of the training course or at a later date

Exam fees are included in the course fees

Overview

This two day training enables participants to learn how to use the PRINCE2 Project Management method in a real-life situation by going through two complete test exams and by analysing the 'Managing Successful Projects with PRINCE2' book in detail to understand how all the PRINCE2 elements work together.

The course consists of a mix of presentation, discussion and exercises based on real-world examples.

Review exercises as well as a practice test assist the exam preparation.

Outline

Day 1

• Summary of the PRINCE2 Method
• Analysis of the 'Managing Successful Project with PRINCE2' Book
• PRINCE2 Test Exam 1

Day 2

• Review and Analysis of PRINCE2 Test Exam 2
• PRINCE2 Practitioner Exam

Objectives

Completion of this course will enable students to

• To understand PRINCE2 Project Management method in enough detail
• Successfully participate in the PRINCE2 Practitioner exam

Audience

This course is aimed at students with (future) roles like

• Project Managers
• Consultants and team members managing or supporting a project using PRINCE2
• CxO and senior managers sponsoring projects

Prerequisites

Must have passed the PRINCE2 Foundation exam

Preferably attend the PRINCE2 Foundation course using Polychor's training materials.

Examination and Certification

The course is delivered by Trainers of Polychor, a PRINCE2 Accredited Training Organisation.

The official two-and-a-half hours objective PRINCE2 Foundation exam can be taken at the end of the training course or at a later date.

Exam fees are included in the course fees

Overview

This three day training enables participants to learn the basics of the PRINCE2 Project Management method. The participant will learn about the PRINCE2 Principles, Themes, Processes and Tailoring.

The course consists of a mix of presentation, discussion and exercises based on real-world examples.

Review exercises as well as a practice test assist the exam preparation.

Outline

Day 1

• Introduction PRINCE2
• PRINCE2 Process Model
• Starting Up a Project
• Organization
• Business Case

Day 2

• Initiating a Project
• Quality
• Plans
• Risk
• Change
• Controlling a Stage
• Managing Product Delivery
• Progress

Day 3

• Managing a Stage Boundary
• Closing a Project
• Tailoring PRINCE2 to the Project Environment
• PRINCE2 foundation Exam

Objectives

Completion of this course will enable students to

• Understand basics of PRINCE2 Project Management
• Know the basic differences between the PRINCE2 Principles, Themes and Processes
• Prepare for the PRINCE2 Foundation exam

Audience

This course is aimed at students with (future) roles like

• Project Managers
• Consultants and team members managing or supporting a project using PRINCE2
• CxO and senior managers sponsoring projects

Prerequisites

Some past exposure to project management helpful, but not required.

Examination and Certification

The course is delivered by Trainers of Polychor, a PRINCE2 Accredited Training Organisation.

The official one hour multiple choice PRINCE2 Foundation exam can be taken at the end of the training course or at a later date

Exam fees are included in the course fees

Overview

This two day training enables participants to learn how to use the PRINCE2 Project Management method in a real-life situation by going through two complete test exams and by analysing the 'Managing Successful Projects with PRINCE2' book in detail to understand how all the PRINCE2 elements work together.

The course consists of a mix of presentation, discussion and exercises based on real-world examples.

Review exercises as well as a practice test assist the exam preparation.

Outline

Day 1

• Summary of the PRINCE2 Method
• Analysis of the 'Managing Successful Project with PRINCE2' Book
• PRINCE2 Test Exam 1

Day 2

• Review and Analysis of PRINCE2 Test Exam 2
• PRINCE2 Practitioner Exam

Objectives

Completion of this course will enable students to

• To understand PRINCE2 Project Management method in enough detail
• Successfully participate in the PRINCE2 Practitioner exam

Audience

This course is aimed at students with (future) roles like

• Project Managers
• Consultants and team members managing or supporting a project using PRINCE2
• CxO and senior managers sponsoring projects

Prerequisites

Must have passed the PRINCE2 Foundation exam

Preferably attend the PRINCE2 Foundation course using Polychor's training materials.

Examination and Certification

The course is delivered by Trainers of Polychor, a PRINCE2 Accredited Training Organisation.

The official two-and-a-half hours objective PRINCE2 Foundation exam can be taken at the end of the training course or at a later date.

Exam fees are included in the course fees

Overview

This five day course starts with the basics of a Public Key Infrastructure (PKI) and ends with more advanced topics. This intensive technical course is intended for anyone who is interested in implementing, configuring and managing Active Directory Certificate Services.

The course has a balance between the theoretical and practical part and contains exercises with real world examples. Total lab time of the course is more than 50%.

Contents

• Understanding Cryptography
• Designing a Public Key Infrastructure
• Installing and Configuring Active Directory Certificate Services
• Certificate Templates
• Certificate Enrollment
• Key Archival and Recovery
• Backup and Restore Certificate Authority
• Backup and Clean-up Certificate Authority Database
• Network Device Enrollment Service
• Implementing Code Signing
• Implementing an SMTP Exit Module
• Installing and Configuring an Online Certificate Status Protocol
• Use OpenSSL to Generate Certificate Requests
• Use of SSL to Secure RDP Connections
• Implementing IEEE 802.1x for Wired Networks using a Cisco Catalyst Switch
• Implementing IEEE 802.1x for Wireless Networks using Cisco Wireless Access Point
• Implementing Smart Card for Multi-Factor Authentication (Athena)
• Implementing Virtual Smart Cards using Trusted Platform Module
• Deploying Multi-protocol Security Keys for Multi-Factor Authentication (YubiKey4)
• Implementing Key Attestation
• Securing BitLocker USB drives with virtual smart cards
• Implementing Least-Privilege Administrative Models
• Protecting a Certificate Authority Keys using a Hardware Security Module (YubiHSM2)
• Installing and Configuring Certificate Enrollment Policy Web Service

Order and focus of the hands-on labs can be adjusted based on interests of the participants.

Objectives

Completion of this course will enable students to

• Understand the basics of a Public Key Infrastructure (PKI)
• Implement, configure and manage Windows Server 2016 Active Directory Certificate Services
• Gain knowledge and skills required to advise organisations on how to implement Windows Server 2016 Active Directory Certificate Services

Audience

This course is aimed at students with (future) roles like

• Windows System Engineers (MCSA, MCSE)
• Security Engineers, PKI consultants

Prerequisites

Knowledge of Windows 7 or Windows 10, Windows Server 2012 or Windows Server 2016, Active Directory, Network Infrastructure Roles, and Group Policies. Experience on how to create users, groups, group policies, installation of roles and features

An understanding of previous Microsoft Active Directory Certificate Services helpful, but not required.

Participants are required to bring their own computer (min. 16 GB RAM, 60 GB of free disk space) with VMware Professional 14 (licensed or trial version) installed. Virtual machines required will be supplied.

Minimum of three students are required to run this course.

Examination and Certification

The course ends with an assessment on the last day. Exam and first year certification fees are included in the course fees.

This course has been designed by SoftQualM and partners, who also assess and issue the Active Directory Certificate Services Professional certification in accordance with ISO/IEC 17024:2012.

Overview

This five day course starts with the basics of a Public Key Infrastructure (PKI) and ends with more advanced topics. This intensive technical course is intended for anyone who is interested in implementing, configuring and managing Active Directory Certificate Services.

The course has a balance between the theoretical and practical part and contains exercises with real world examples. Total lab time of the course is more than 50%.

Contents

• Understanding Cryptography
• Designing a Public Key Infrastructure
• Installing and Configuring Active Directory Certificate Services
• Certificate Templates
• Certificate Enrollment
• Key Archival and Recovery
• Backup and Restore Certificate Authority
• Backup and Clean-up Certificate Authority Database
• Network Device Enrollment Service
• Implementing Code Signing
• Implementing an SMTP Exit Module
• Installing and Configuring an Online Certificate Status Protocol
• Use OpenSSL to Generate Certificate Requests
• Use of SSL to Secure RDP Connections
• Implementing IEEE 802.1x for Wired Networks using a Cisco Catalyst Switch
• Implementing IEEE 802.1x for Wireless Networks using Cisco Wireless Access Point
• Implementing Smart Card for Multi-Factor Authentication (Athena)
• Implementing Virtual Smart Cards using Trusted Platform Module
• Deploying Multi-protocol Security Keys for Multi-Factor Authentication (YubiKey4)
• Implementing Key Attestation
• Securing BitLocker USB drives with virtual smart cards
• Implementing Least-Privilege Administrative Models
• Protecting a Certificate Authority Keys using a Hardware Security Module (YubiHSM2)
• Installing and Configuring Certificate Enrollment Policy Web Service

Order and focus of the hands-on labs can be adjusted based on interests of the participants.

Objectives

Completion of this course will enable students to

• Understand the basics of a Public Key Infrastructure (PKI)
• Implement, configure and manage Windows Server 2016 Active Directory Certificate Services
• Gain knowledge and skills required to advise organisations on how to implement Windows Server 2016 Active Directory Certificate Services

Audience

This course is aimed at students with (future) roles like

• Windows System Engineers (MCSA, MCSE)
• Security Engineers, PKI consultants

Prerequisites

Knowledge of Windows 7 or Windows 10, Windows Server 2012 or Windows Server 2016, Active Directory, Network Infrastructure Roles, and Group Policies. Experience on how to create users, groups, group policies, installation of roles and features

An understanding of previous Microsoft Active Directory Certificate Services helpful, but not required.

Participants are required to bring their own computer (min. 16 GB RAM, 60 GB of free disk space) with VMware Professional 14 (licensed or trial version) installed. Virtual machines required will be supplied.

Minimum of three students are required to run this course.

Examination and Certification

The course ends with an assessment on the last day. Exam and first year certification fees are included in the course fees.

This course has been designed by SoftQualM and partners, who also assess and issue the Active Directory Certificate Services Professional certification in accordance with ISO/IEC 17024:2012.