Training Course On Advanced Cyber Security, Systems Audit And Ict Counter Intelligence Solutions

INTRODUCTION

Information and know-how are valuable company assets, and in times of fierce competition, organizations need to protect their information and systems against the threat of corporate espionage. Many organizations are unaware of potential information leaks, and as a result counterintelligence operations are neglected or are simply a series of routine technical measures. However, employees typically represent a major weak spot for organizations – which means that existing processes and structures for information flows need to be challenged. Empirical research indicates that most information losses are traced back to a company’s employees, or the personnel of its suppliers, customers, or partners – all of whom have access to confidential information. The training will look at the different threats organizations might face and ways in which they can protect and secure it against attacks. Participants will also learn how to set up counterintelligence processes that involve collecting information and conducting counterintelligence activities.

Course Objectives

By the end of this course, participants should be able to:

• Know the purpose of a cybersecurity audit
• Define cybersecurity audit controls
• Identify cybersecurity audit frameworks
• Explain proper audit team performance
• Define the benefits of a cybersecurity audit
• Learn how to identify vulnerable points within your organization and how to secure them.
• Run awareness campaigns among your colleagues in order to raise awareness of espionage threats and protect them from attacks.
• Develop in-depth knowledge of the various forms of contemporary espionage threats.
• Master how to identify, monitor, and evaluate information risks.
• Become familiar with ethical and legal counterintelligence activities and techniques.
• Seize the opportunity to share experience and knowledge with competitive/market intelligence experts and peers from a range of industries.

Duration

10 Days

Who should Attend

• Individuals involved in cybersecurity management
• Learning and development professionals
• Internal auditors
• IT professionals and managers working with information systems, who need to understand best practices and standards to ensure security and integrity of these systems
• Individuals seeking to gain knowledge about the main processes of auditing a cybersecurity program
• Individuals interested to pursue a career in cybersecurity audit
• Competitive/Market Intelligence Analysts and Managers
• Knowledge and Information Managers
• Specialists from R&D, Technology and Risk Management
• 
  COURSE CONTENT
• What is a Cybersecurity Audit?
• Introduction
• What is a Cybersecurity Audit?
• When to Perform a Cybersecurity Audit
• Controls and Frameworks
• Cybersecurity Audit Controls
• Cybersecurity Audit Frameworks
• Completing the Audit
• The Audit
• Audit Completion
• Understanding Cyber Threat Intelligence
• Defining Threats
• Understanding Risk
• Cyber Threat Intelligence and Its Role
• Expectation of Organizations and Analysts
• Diamond Model and Activity Groups
• Four Types of Threat Detection
• Process of auditing information systems
• Governance and management of IT
• Information systems’ acquisition, development and implementation
• Protection of information assets
• Information systems’ operation, maintenance and service management
• Threat Intelligence Consumption
• Sliding Scale of Cybersecurity
• Consuming Intelligence for Different Goals
• Enabling Other Teams with Intelligence
• Positioning the Team to Generate Intelligence
• Building an Intelligence Team
• Positioning the Team in the Organization
• Prerequisites for Intelligence Generation
• Planning and Direction (Developing Requirements)
• Intelligence Requirements
• Priority Intelligence Requirements
• Beginning the Intelligence Lifecycle
• Threat Modeling
• Recent cybercrime trends
• Cyberwar attacks leading to the shutdown of production facilities or utilities (e.g. Stuxnet, Emotet).
• Ransomware trojans and smart viruses.
• Recent espionage threats and protection
• Risk audits: Identification, monitoring, and evaluation of risks for information theft.
• Electronic eavesdropping — reality or fiction?
• Audio-visual information gathering.
• Product piracy.
• Information drainage through social engineering
• Threats: Elicitation, back-door recruitment, external personnel, Romeo approaches, social media activities (sockpuppets), and pretext calls.
• Protection: Vulnerability analysis, employee training, and never-talk-to-strangers policies.
• Security of data and communication networks
• Protection against hacking and orchestrated attacks.
• The weak spot — exploiting the human factor.
• Opportunities and limitations for technical counterintelligence solutions.
• Secure communication: Safe data transfer methods, minimization of communication risks, and protection of corporate communication structures.
• Internet: How to securely conduct research, transfer data, and avoid harmful software.
• Illustration of attacks with numerous small case studies.
• Counterintelligence: The role of CI/MI professionals in espionage protection.
• Prevention campaigns.
• Penetration tests for an outside-in perspective.
• Briefing/de-briefing of colleagues with sensitive external contacts.
• 
  GENERAL NOTES
• This course is delivered by our seasoned trainers who have vast experience as expert professionals in the respective fields of practice. The course is taught through a mix of practical activities, theory, group works and case studies.
• Training manuals and additional reference materials are provided to the participants.
• Upon successful completion of this course, participants will be issued with a certificate.
• We can also do this as tailor-made course to meet organization-wide needs. Contact us to find out more: training@skillsforafrica.org
• The training will be conducted at Skills for Africa Training Institute in Nairobi Kenya.
• The training fee covers tuition fees, training materials, lunch and training venue. Accommodation and airport transfer are arranged for our participants upon request.
• Payment should be sent to our bank account before start of training and proof of payment sent to: training@skillsforafrica.org