IT-Security Practitioner - Dag

Tijdens deze praktijkgerichte training ga je actief aan de slag met de IT-securitycomponenten binnen je organisatie. Je verdiept je in recente ontwikkelingen in IT-security en nieuwe vormen van cyb...

In 5 Dagen worden theorie en praktijk gecombineerd in een unieke lesopzet. Ervaren en deskundige docenten informeren je over de meest recente ontwikkelingen binnen dit vakgebied. Na afloop van deze interessante training beschik je over direct toepasbare vaardigheden waarmee je je organisatie optimaal beschermt op IT-gebied.

Deze training is zeer geschikt voor functionarissen die technische voorkennis hebben op het gebied van IT en de beveiliging van computersystemen. Vanuit je rol als functionaris krijg je steeds meer te maken met incidentmanagement of de techniek achter de beveiliging van een IT-omgeving. Of je bent werkzaam als junior of medior technisch beheerder of applicatiebeheerder en je wilt je het taalgebruik van technisch beheerders volledig eigen maken.

Introduction to IT Security Candidates are familiar with the most important IT security conceptsCandidates know what components make up an IT infrastructureCandidates know the most common threats associated with those componentsCandidates are able to interpret the most common approaches to securing an IT infrastructureCandidates are able to create an attack treeCandidates are able to place systems/devices in network zones Laws, Regulations, Standards and Best Practices Candidates demonstrate knowledge of the most important (EU and international) laws and regulations that have an impact on IT securityCandidates know about the ISO 27000 series and other standards relevant to IT securityCandidates are able to interpret and apply best practices in terms of securing IT componentsCandidates are able to investigate what laws and regulations apply to an organisationCandidates can develop a (Cyber) Security Framework based on the applicable laws, regulations, standards and best practices Incident Management Candidates are familiar with the incident handling process and are able to reproduce an incident handling workflowCandidates are familiar with the principles of incident detection and incident registrationCandidates are able to reproduce best practices in terms of the detection, investigation, and follow-up of security breachesCandidates are able to perform triageCandidates understand what steps must be taken after triage and before investigationCandidates know the basics of investigating incidents (without going into the field of forensics)Candidates are able to perform incident detection, incident registration and triage Network Security Candidates know the components of a network architectureCandidates are able to make an inventory of applications and systems in the infrastructure and place services and systems in the security architecture by positioning devices (switches, routers, gateways, firewalls, etc.)Candidates are familiar with intrusion detection systems and are able to perform tasks using SnortCandidates are familiar with intrusion prevention systems and are able to construct firewall rules to effectuate a policyCandidates are able to perform Linux and Windows hardening exercisesCandidates know what actions can be taken to avoid certain attacksCandidates are able to perform the analysis of a Snort line System Security Candidates are familiar with system security planning and security planningCandidates demonstrate knowledge of Linux vulnerabilities and hardening, and are able to test the security of a Linux virtual machineCandidates demonstrate knowledge of the Windows security architecture, Windows vulnerabilities, and are able to test Windows security using secpol.msc Application Security Candidates are familiar with the most important aspects of software and software security testingCandidates are able to reproduce techniques to make software more robustCandidates are able to draw up statements that should be included in a patch management policyCandidates are able to differentiate between bugs and design flawsCandidates demonstrate knowledge of buffer overflows and the ways they can be exploitedCandidates are able to interpret organisational, operational and technical measures aimed at safeguarding the secure use of software, and are able to translate these measures to their own environment Encryption Candidates understand when and how to use crypto mechanisms to protect data in situ or in transitCandidates are able to implement the encryption of both filesystems and filesCandidates are able to implement SSL Identity & Access Management Candidates demonstrate knowledge of Identity and Access Management (user identification, user authentication, access control)Candidates are able to design a generic role model for applying role-based Access Control for user (groups)Candidates are able to decide for what purposes they apply such open standards as OAuth, OpenID or SAML Ethical Hacking Candidates gain insight into the principles of (ethical) hackingCandidates know how to use Burp Suite to brute-force loginCandidates understand how to use SQL injection to read local system files and extract data from the databaseCandidates know how to gain a php shell through SQL injectionsCandidates know how to create a reverse shell to gain command-line access to the serverCandidates know how to gain root access to the server Examen(training) ProefexamenAfleggen van het officiële (externe) examen

Na afloop van de training ben je volledig voorbereid om deel te nemen aan het examen IT-Security Practitioner. Dit examen wordt afgenomen door het SECO-Institute en is inbegrepen bij deze training.

De verwachte duur van de cursus is 5 dagen

Voor deze training wordt basiskennis van IT-beveiliging aangeraden. Beschik je niet over relevante basiskennis, dan raden wij je aan om te starten met de training IT-Security Foundation van Computrain. Wanneer je deze training in combinatie met de vooropleiding IT-Security Foundation boekt, ontvang je maar liefst 10% korting op het totaalbedrag.