Cybersecurity Basics
The training course introduces the topic of cybersecurity. It is aimed at IT employees who have not yet dealt with the issue, and managers who want to understand the basics of cyber security. By better assessing threats and the state of your own security, you can make better business decisions.
Internal Auditors and Systems Auditors often choose this topic.
We can provide the course as an in-house, tailored to the needs of companies, in three languages: Polish, English and German.
The course is addressed to:
- IT professionals
- IT directors and managers
- IT employees
- Employees of new technologies departments
- Employees of risk management departments
- Internal auditors
- Systems auditors
Objectives:
- The main goal of the course is to understand the topic of cybersecurity to make better business decisions. Participants will acquire the skills to assess threats and their security
- The aim is also to enter the topic of cybersecurity. These are the absolute basics, without which it is impossible to deal with this topic
Benefits:
- The greatest benefit for participants is the general understanding of the topic, which is becoming more and more important these days. Companies in Poland and around the world lose billions annually due to cybercrime, which is why it is essential to understand the subject to be able to protect themselves not only against cybercrime but also, for example, economic espionage
1. Understanding basic safety principles
- Confidentiality; integrity; availability; the impact of thread and risk; the principle of least privilege; Social engineering; analysis of the attack surface
2. Understanding cybersecurity structure, processes and audits in a company or organization
- Cybersecurity specialty areas; security team roles; cybersecurity audits; internal and external resources and audits
3. Understanding physical security
- Security of the facility; computer security; removable devices; access control; security of mobile devices; Keyloggers
4. Understanding web security
- Browser security settings; Secure websites
5. Understanding wireless security
- Advantages and disadvantages of specific types of security; Keys; SSID; MAC filters
6. Understanding computer security
- Understanding user authentication
- Multi-factor authentication; physical and virtual smart cards; Remote User Authentication Service (RADIUS); biometrics; use the “Run as” option to perform administrative tasks
7. Understanding permissions
- File system permissions; sharing permissions; enable or disable inheritance; behavior when moving or copying files to the same drive or to another drive. Multiple groups with different permissions Basic and advanced permissions; acquisition of ownership; delegation; inheritance; the role of Registry and Active Directory
8. Understanding password policies
- Password complexity; password length; password history; account lockout; the time between password changes; Group Policy enforcement; common methods of attack; password reset procedures; Password protection for domain user accounts
9. Understanding auditing principles
- Types of auditing; what may be audited; enabling auditing; what to audit for specific purposes; where to record audit information; How to secure audit information
10. Understanding encryption
- Encrypting File System (EFS); Impact of encrypted folders by EFS for moving/copying files; BitLocker (To Go); TPM; software-based encryption; Email encryption and signatures; Virtual Private Network (VPN) public key / private key; encryption algorithms; certificate properties; certification services; PKI infrastructure / certification services; hardware tokens, restricting devices to run only trusted applications
11. Understanding malware
- Buffer overflow; viruses, polymorphic viruses; Worms; Trojans; spyware; ransomware; adware; rootkits; backdoor; zero days
12. Understanding dedicated firewalls
- Types of hardware firewalls and their characteristics; When to use a hardware firewall instead of a software-based firewall; stateful firewalls
13. Understanding network isolation
- Routing; Honeypot; perimeter networks; network address translation (NAT); VPN; IPsec; Isolation of servers and domains
14. Understanding Protocol Security
- Protocol spoofing; IPsec; Tunneling; DNSsec; network sniffing; DoS attacks; Common methods of attack
15. Understanding Client Protection
- Antivirus; Protection against unwanted installations; User Account Control (UAC); updating client operating system and client software; encrypting offline folders; software restriction policies; The principle of least privilege
16. Understanding email protection
- Antispam, anti-virus software; spoofing; phishing and pharming; client protection vs. server protection; Sender Policy Framework (SPF) records; PTR records
17. Understanding Server Protection
- Separation of services; hardening; server updates; Secure updating dynamic Domain Name System (DNS); deactivate insecure authentication protocols; Read-only domain controllers (RODCs)