Information Security

ISO/IEC 27001 Information Security

ISO/IEC 27001 provides requirements for organizations seeking to establish, implement, maintain and continually improve an information security management system. This framework serves as a guideline towards continually reviewing the safety of your information, which will exemplify reliability and add value to services of your organization.

ISO/IEC 27002 Information Security management practices

This standard is a generic document used as a reference for selecting controls within the process of Information Security Management System implementation. ISO/IEC 27002 is intended to be used by all types of organizations, including public and private sectors, commercial and non-profit and any other organization which faces information security risks.

ISO/IEC 27032 Cyber Security Trainings

The international standard ISO/IEC 27032 is intended to emphasize the role of different securities in the Cyberspace, regarding information security, network and internet security, and critical information infrastructure protection (CIIP). ISO/IEC 27032 as an international standard provides a policy framework to address the establishment of trustworthiness, collaboration, exchange of information, and technical guidance for system integration between stakeholders in the cyberspace.

ISO/IEC 27005 Information Security Risk Management Training

ISO/IEC 27005 provides guidelines for the establishment of a systematic approach to Information Security risk management which is necessary to identify organizational needs regarding information security requirements and to create an effective information security management system. Moreover, this international standard supports ISO/IEC 27001 concepts and is designed to assist an efficient implementation of information security based on a risk management approach.

ISO 27035 Incident Management Training

In today’s business world, information security incidents are considered to be uncertain risks which can seriously damage a business. Thus, organizations must take actions to promptly identify, evaluate and effectively manage the incidents. The ISO/IEC 27035 Information Security Incident Management is an international standard that provides best practices and guidelines for conducting a strategic incident management plan and preparing for an incident response.

Risk Assessment Methods Trainings

Understanding how to effectively assess risk may be a challenge for many industries. The risk assessment methods: OCTAVE, EBIOS, and MEHARI, will provide you with the sufficient knowledge on how to successfully identify and assess risk in your organization.To learn the concepts, methods, and practices allowing an effective risk management based on ISO 27005

SCADA Security Manager Trainings

Supervisory Control and Data Acquisition is an industrial system framework that includes both hardware and software architecture to control, monitor and analyze an industrial process. SCADA is an application software that enables managers, engineers, and industry operators, to supervise and communicate effectively with the working environment.

Penetration Testing Professional Trainings

A penetration test is a practice of assessing the security of an IT infrastructure by securely trying to exploit vulnerabilities that may exist in operating systems, inappropriate configurations, application errors, or end-user behaviour. The penetration testing is an attempt to test the efficiency of security measures and discover any potential exploits or backdoors that may be present in computer systems; which hackers and cyber criminals can gain unauthorized access or conduct malicious activities. In addition, penetration testing is an advanced tool to detect, analyze and set protective constraints to the IT infrastructure, in order to reduce remediation of financial losses against malicious activities.

ISO 27799 Information Security Management in the Healthcare Industry Trainings

The international standard ISO/IEC 27032 is intended to emphasize the role of different securities in the Cyberspace, regarding information security, network and internet security, and critical information infrastructure protection (CIIP). ISO/IEC 27032 as an international standard provides a policy framework to address the establishment of trustworthiness, collaboration, exchange of information, and technical guidance for system integration between stakeholders in the cyberspace.

Computer Forensics Trainings

Computer Forensics, also known as Cyber Forensics refers to the analysis of information in the computer systems, with the objective of finding any digital evidence that can be used for legal proceedings, but also to discover the cause of an incident. Computer forensics is the process of extracting data and information from computer systems to function as digital evidence for civic purposes, or in most cases to prove and legally impeach cybercrime.

Cybersecurity Audit Trainings

The digital evolution has brought immense benefits in innovation and growth, but the great dependence that many business models have on the Internet Cybersecurity audit is the attempt to test the efficiency of security measures and disclose any potential vulnerability that an organization may be exposed to. Cybersecurity audit probes the effectiveness and safety of the systems and their security components. Audit plays a very important role in assessing the opportunities for making the organization more secure.

Secure Application Developer Trainings

Secure Application Development (SAD) is the process of writing secure code without errors and vulnerabilities that expose an application to cyber threats and attacks. Developing securely is a preventive measure that will help organizations avoid and/or mitigate attacks related to the applications that it develops. Since, software bugs and flaws in the rationale of a program are the constant cause for software vulnerabilities, secure application development is a very important part of an organization’s cybersecurity.

Communications Security Trainings

Communications Security as a discipline, addresses the prevention of unauthorized access to telecommunications traffic or any information that is either transferred or transmitted in by electrical means. Communications Security serves as a protective shield for electronic emissions associated with sensitive information: a process involving the usage of specialized technical, operational and physical security measures. Hence, effective and secure communication can deliberately lead to creating trust for both internal and external parties within the organizational reach.

Digitalization and Electronic Archiving

Any document management project, whether for a public or private archive, needs to incorporate digitalization as an essential instrument to achieve an effective and secure electronic file management system. Digitalization and Electronic Archiving as a discipline, addresses the issues and trends in document and records keeping in the digital age. This involves digital curation, web archiving, personal information management and managing records in digital repositories. Hence, it covers the essential elements to know to tackle a project of digitalization and archiving of digital data, in particular, security techniques, the risks and the legal and regulatory issues of such a project, without forgetting the contractual and insurance aspects.

Human Resources Security

The Human Resource Security discipline is designed to examine key controls applied before, during, and after the hiring of human resources. These controls include but are not limited to the definitions of roles and responsibilities, recruitment, contracting terms and conditions, awareness, education and training, disciplinary processes, termination of activities.
Additionally, the controls address the return of assets and management of access rights, in accordance with the guidelines established in the section of Human Resources Security of the ISO/IEC 27002 standard.

Cybersecurity

Cybersecurity or the Cyberspace Security refers to the protection of systems, programs, networks and devices from cyber-attacks in order to preserve the confidentiality, integrity and availability of data within the Cyberspace. These cyber-attacks try to access, destroy or modify sensitive data, leading to the disruption of operations, money loss, reputation damage or loss of customers’ trust. Cybersecurity highlights the role of information security, network and internet security, physical security and critical information infrastructure protection (CIIP) in the Cyberspace.

Ethical Hacking

Ethical Hacking refers to the act of penetrating computer systems, networks or applications with the intention to exploit vulnerabilities that may lead to potential threats and risks. The main aim of Ethical Hacking is the improvement of the overall security of organizations by fixing the gaps and vulnerabilities found during penetration tests. Ethical hackers are allowed to use the same hacking techniques as malicious hackers with the permission of the organization which is to be tested.

ISO/IEC 27701 Privacy Information Management System

ISO/IEC 27701 standard is published in August 2019, and it is the first international standard that deals with privacy information management. The standard will assist organizations to establish, maintain and continually improve a Privacy Information Management System (PIMS) by enhancing the existing ISMS, based on the requirements of the ISO/IEC 27001 and guidance of ISO/IEC 27002. It can be used by all types of organizations irrespective of their size, complexity or the country they operate.