Private Onsite Security Training

More and more organizations establishing and maintaining formal standards and regulatory-based information security programs (Information security management system) are contracting ISO 27001 Trainers to host private onsite security training. 


Based on your needs we can either provide onsite certification training using our Certified ISO 27001 Lead Implementer and Lead Auditor courses, or develop custom training courses to meet your needs.


In the past we have created single and multi-track courses to meet the needs of a formal training needs analysis.

ISO 27001 Certification Training 

ISO 27001 Trainers have provided onsite Certified ISO 27001 Lead Implementer and Lead Auditor training courses sessions for client Information Security Steering Committee, ISO 27001 Project Implementation Teams including representatives from all lines of business, and other support services stakeholders. This approach is especially valuable for the initiative's executive champion in an organization that is working under a tight timeline, as it mitigates the time associated with bringing team members up to speed individually on what has to be accomplished.

Business and Technology Focused Training

ISO 27001 Trainers team members have developed and delivered customer half, full and multi-day private onsite security training around the globe, where ever your teams need it. These courses can be technology, regulatory or standards specific based on your organization unique needs. Following the lead from your formal security awareness and training needs analysis, we build courses to support the rollout of new organizational policies and standards, i.e., Secure Systems Development, Operations and Maintenance. In one example of such, we have experience developing a multi track course, as follows:

DAY - TRACK

WHO

WHAT

OBJECTIVE

1 -1

Software Development and Support (developers, engineers, data architects, database admins, 1st line support agents), Infrastructure (system admins / system engineers, voice and data admins / engineers), and Enterprise IT Support Services (help desk admins, problem management, data center management, etc.)

Training on all requirements documented in the organization's Security Systems Development, Operations and Maintenance standard under the Information Security Policy (ISO parlance = topic level policy). Presented in a manner that promote the notion of holistically creating a secure IT product, segmenting secure systems and secure code, as weak code or systems could compromise the other.

To provide a warm transfer of knowledge supporting the publication of the organizations new standard on Secure Systems Development, Operations and Maintenance.

1 -1

Business Manager, Internal Audit (IT Auditors and managers), Risk Management (risk analysts and managers), Data Privacy (analysts and managers), 3rd Party Service Providers (contract manager(s), and key delivery managers)

Training on all requirements documented in the organization's Security Systems Development, Operations and Maintenance standard under the Information Security Policy (ISO parlance = topic level policy)

To ensure and key organizational security stakeholders, and business managers who are direct customers of the Information Technology Department's services, and lead or support the definition of business drivers and timeline needs for new systems, have a clear understanding of the information security obligations integrated into Systems Development (including modification to existing systems), their operations and ongoing maintenance, which have to be factored in such timelines.

1 -1

Information Security (security analysts, administrators, engineers and architects)

Training on all requirements documented in the organization's Security Systems Development, Operations and Maintenance standard under the Information Security Policy (ISO parlance = topic level policy)

To ensure information security personnel have a clear understanding of the organization's new standard on Security Systems Development, Operations and Maintenance, to enable them to provide relevant guidance to internal customers on the topic going forward.  

2 - 1

Software Development and Support (developers, engineers, data architects, database admins, 1st line support agents)

Secure coding principles and methods. This includes live demonstrations of relevant web hacking techniques, and examples of securely code that would prevent compromise.

Personnel in software development and support roles understand the need for, and how to apply secure coding practices to avoid application level exploits.

2 - 2

Infrastructure (system admins / system engineers, voice and data admins / engineers)

System hardening principles and methods. This includes live demonstrations of relevant network and system layer hacking techniques, and examples of tools and techniques that would prevent compromise.

Personnel in infrastructure build and support roles understand the need for, and how to apply network and system hardening practices to avoid network and system layer exploits.

2 - 3

Infrastructure (system admins / system engineers, voice and data admins / engineers)

System hardening principles and methods. This includes live demonstrations of relevant network and system layer hacking techniques, and examples of tools and techniques that would prevent compromise.

Personnel in infrastructure build and support roles understand the need for, and how to apply network and system hardening practices to avoid network and system layer exploits.

2 - 4

Business Manager, Internal Audit (IT Auditors and managers), Risk Management (risk analysts and managers), Data Privacy (analysts and managers), 3rd Party Service Providers (contract manager(s), and key delivery managers)

Information Security Incident Response Process

To ensure key security stakeholders are familiar with, and understand their role in supporting the new Information Security Incident Response Process      (Plan) developed to meet the requirements of the new Secure Systems Development, Operations and Maintenance Standard.

2 - 5

Information Security (security analysts, administrators, engineers and architects)

Information Security Incident Response Process

To ensure security specialist master the various information security roles supporting an organizational information security incident / data breach, including security incident response manager, analyst, computer forensic specialist, etc.

3 - 1

Software Development and Support (developers, engineers, data architects, database admins, 1st line support agents), Infrastructure (system admins / system engineers, voice and data admins / engineers), and Enterprise IT Support Services (help desk admins, problem management, data center management, etc.)

Information Security Incident Response Process

To ensure security specialist master the various information security roles supporting an organizational information security incident / data breach, including security incident response manager, analyst, computer forensic specialist, etc.

3 - 2

Information Security (security incident response manager(s), computer forensic specialist)

Information Security Incident Response Process

To master the skills required to lead an organization through a security incident response, and understand evidence collection in accordance with procedures for handling evidence in criminal procedures.