Security Operations

About this course

How do you combine information security and IT operations practices to improve collaboration and reduce risks?

In this training you will learn how to practically set up and improve your organization security operations. You will learn how to identify and manage your most important assets (including data).

One of the key components of modern security architecture is Identity and Access management (IAM). Indeed, controlling users and their access to the right resource is a challenging activity. Learn all about modern cloud and non-cloud authentication techniques (including Oauth, OpenID,…), Identity Governance and Administration platforms, PKI, and privileged identity and access management, In this context we will also explore the management of encryption and key management.

Besides users, also physical assets must be managed. How do you make sure only authorized hardware and applications are used? Laptops, tablets, smartphones, owned and managed by your organization. And what about BYOD, BYOK, CYOD, …? During this module you will learn how a CISO can manage assets such as devices and applications. How do you ensure assets are secure and still supported by the vendor? Do you have a good idea about which cloud based applications are used by the employees? We will teach you the related practical ins and outs.

A critical element of security operations is the management of your company network. This network is no longer the border of your infrastructure. Our trainers will teach you how to secure access to wired, wireless and cloud networks. We will also cover physical security components, such as badge readers, camera systems, burglary alarms, etc.

Running secure operations can be expensive. Certain aspects of these types of operations may be a candidate for outsourcing to lower costs, to avoid attracting a specialized workforce or to simplify the work. What are the most common security operations to outsource, and which aspects deserve your attention? What kind of KPI’s and SLAs should be put in place?

If your task is running and improving organization security operations, then this training is for you!

Why take this course?

• Get control over your most important assets
• Better manage your organization’s identities and access
• Understand how to protect your organization’s devices
• Apply best practices to physical security
• Outsource your security operations without losing control

Target group

This module targets information and cybersecurity officers, managers and other security professionals tasked with running and improving your security operations. Those working in risk management and/or conducting security-related audits could also benefit from this course.

Learning goals

What you’ll learn in a nutshell:

• Creating and maintaining an asset inventory
• Governing your assets with classification and ownership
• Managing your organization’s identities and access
• Managing your organization’s devices
• Securing your networks (wired, wireless and cloud)
• Manage your organization application security
• Understanding physical security and its components
• Applying best practices to physical security
• Outsourcing security operations without losing control

The educational approach of this course

When it comes to establishing and running proper Security Operations, there are a variety of approaches. A one-size-fits-all formula doesn’t apply.

And it’s for that reason that this course has a two-fold objective. It aims to introduce you to the best practices available currently and to supply you with the practical skills required to apply them correctly within your organization.

To accomplish this, we’ve lined up highly skilled professionals who have been in the trenches for years. They share practical advice and workarounds and teach you the core of what you need to know. The course itself blends theoretical models, frameworks, and standards to give you an overview of what’s out there, combined with practical exercises for applying what you’ve learnt in real-life situations.

• Theory: Operational best practices and standards.
• Case Study: Tackle the challenges of a company with uncontrolled BYOD usage and excessive admin rights in the cloud.
• Practical Assignment: Develop an Asset Classification scheme or an Identity Access Matrix for the case.
• Feedback: Review of operational plans during the online session.

End Product

You’ll be awarded a certificate of completion at the end of the course.

Your bonus training package includes:

• Training material (printed and PDF format): handouts of the presentations with notes
• Extra online training materials
• A list of useful links with additional information on standards and frameworks discussed during class
• The exercises and their solutions (where applicable)

How to prepare yourself

This is a classroom-based, non-technical course. Bring something along (e.g., a laptop, notebook, tablet) to take additional notes.

Course prerequisites:

• A basic understanding of IT
• Some experience in a corporate environment as a manager could be beneficial but is not essential.

Between the two in-person training days and the online follow up session, you will have homework:

• Complete the online knowledge assessment
• Prepare an assignment for discussion during the online session.