Cyber Security Fundamentals

Our NCSC-Certified Training in Cyber Security Fundamentals provides an effective introduction to cyber security for those responsible or accountable for the protection of business assets, such as senior IT management or a Chief Information Security Officer (CISO).

This NCSC-Certified Training is available in a 2-day format or alternatively we can work with you to determine the appropriate message and learning outcomes tailored to your audience - and within a suitable duration that fits around participant availability.

This training can be delivered virtually, at our London or Bristol facilities, or at our clients' premises; training is typically for group bookings only.

Certification

NCSC Assured Training at Awareness Level with IISP Core Skills A1, A2, A3, A4, A5, A6, A7, B1, B2, C1, C2, D1, D2, E1, E2, E3, F1, F2, G1, H1, H2.

By the end of this training, you will be better informed of the potential business risks associated with cyber security. You will be able to determine what you are trying to protect, who are you protecting it from, and what measures are available to protect and adequately prepare your organisation. If you don't know where to begin in your strategy, this training will provide you with the knowledge to start it.

Audience

Professionals who may or may not have an information security background, but who have the opportunity to make decisions and determine investment in appropriate security measures. Example roles might include:

• Senior management from public, commercial and corporate sector organisations.
• Small-Medium sized business owners.
• C-level professionals, particularly CISO, CIO, CSO or CRO.
• Head/Director of IT or Security.
• Risk or Compliance Managers.
• Department or Team Leads.

Learning outcomes

• Gain insight to the cyber threat landscape and real-world consequences of ignoring organisational cyber security risk.
• Learn how to explain to executives the importance of cyber security in an organisation.
• Translate how real-world hacking case studies or data breaches relate to an organisation's current cyber security measures and the potential consequences.
• Demystify cyber security industry jargon and associated media hype - including understanding what malware is and what it's capable of.
• Understand why organisational behaviour must adopt proportionate but effective cyber security practices.
• Discover the methodologies an attacker might adopt to breach an organisation's security to expand its access.
• Identify measures to secure your organisation's digital footprint including risks associated with user information sharing via social media.
• Demonstrate an ability to promote the message of the necessary safe and responsible use of information technology and handling of corporate intellectual property.

Prerequisites

• Knowledge of business practices within your organisation, your organisation's risk management processes and any IT user security policies.
• For virtual/remote training a good internet connection/sufficient bandwidth is required, with full audio and video capability.

Syllabus

This training can be tailored to an industry, or for a defined audience with various durations. Example topics include:

• Definitions - Cybersecurity and Information Security

What are you trying to protect?

• Personal Data and Data Protection

Who are we protecting it from?

• Actors and Motivation - Attack Profiling

Why do they attack?

• Proportionality of Attack
• Cyber Threat Methodology
• Open Source Intelligence (OSINT)
• Social Engineering
• Common Attack Techniques
• APTs / Cyber Criminals
• State Threats
• Social Media
• Phone Tracking, Geotags and Location Data
• Data Leakage (Wi-Fi and GPS)
• The Deep Web
• Cryptocurrency
• Supply Chain Threats

How can we protect ourselves?

• Passwords and Passphrases
• Patching and Updating
• Maintaining Awareness
• Privileged Account Management
• Managing your Digital Footprint

How can we be prepared?

• Business Continuity, Disaster Recovery and Incident Response
• Risk Management
• Cyber Leadership