PECB Training Courses

About the Program

ISO/IEC 27001 provides requirements for organizations seeking to establish, implement, maintain and continually improve an information security management system. This framework serves as a guideline towards continually reviewing the safety of your information, which will exemplify reliability and add value to services of your organization.

Who Is It For?

• - Individuals interested in Information Security Management
• - Individuals seeking to gain knowledge about the main processes of Information Security Management Systems

Learning objectives

- Understand the concepts, approaches, methods, and techniques used to implement an Information Security Management System (ISMS)

- Understand the basic elements of an Information Security Management System

Brochure

About the Program

The term ISO/IEC 27032 refers to ‘Cybersecurity’ or ‘Cyberspace security,’ which is defined as the protection of privacy, integrity, and accessibility of data information in the Cyberspace. Therefore, Cyberspace is acknowledged as an interaction of persons, software and worldwide technological services.

The international standard ISO/IEC 27032 is intended to emphasize the role of different securities in the Cyberspace, regarding information security, network and internet security, and critical information infrastructure protection (CIIP). ISO/IEC 27032 as an international standard provides a policy framework to address the establishment of trustworthiness, collaboration, exchange of information, and technical guidance for system integration between stakeholders in the cyberspace.

Why should you attend?

ISO/IEC 27032 Lead Cybersecurity Manager training enables you to acquire the expertise and competence needed to support an organization in implementing and managing a Cybersecurity program based on ISO/IEC 27032 and NIST Cybersecurity framework. During this training course, you will gain a comprehensive knowledge of Cybersecurity, the relationship between Cybersecurity and other types of IT security, and stakeholders’ role in Cybersecurity.

After mastering all the necessary concepts of Cybersecurity, you can sit for the exam and apply for a “PECB Certified ISO/IEC 27032 Lead Cybersecurity Manager” credential. By holding a PECB Lead Cybersecurity Manager Certificate, you will be able to demonstrate that you have the practical knowledge and professional capabilities to support and lead a team in managing Cybersecurity.

Who Is It For?

• - Cybersecurity professionals
• - Information Security experts
• - Professionals seeking to manage a Cybersecurity program
• - Individuals responsible to develop a Cybersecurity program
• - IT specialists
• - Information Technology expert advisors
• - IT professionals looking to enhance their technical skills and knowledge

Learning objectives

Acquire comprehensive knowledge on the elements and operations of a Cybersecurity Program in conformance with ISO/IEC 27032 and NIST Cybersecurity framework

Acknowledge the correlation between ISO 27032, NIST Cybersecurity framework and other standards and operating frameworks

Master the concepts, approaches, standards, methods and techniques used to effectively set up, implement, and manage a Cybersecurity program within an organization

Learn how to interpret the guidelines of ISO/IEC 27032 in the specific context of an organization

Master the necessary expertise to plan, implement, manage, control and maintain a Cybersecurity Program as specified in ISO/IEC 27032 and NIST Cybersecurity framework

Acquire the necessary expertise to advise an organization on the best practices for managing Cybersecurity

Brochure

About the Program

ISO/IEC 27002 is an international standard that gives guidelines for the best Information Security management practices. These management practices will help your organizations to build confidence in their inter-organizational activities and implement a suitable set of controls, including policies, processes, organizational structures and software and hardware functions.

This standard is a generic document used as a reference for selecting controls within the process of Information Security Management System implementation. ISO/IEC 27002 is intended to be used by all types of organizations, including public and private sectors, commercial and non-profit and any other organization which faces information security risks.

Why should you attend?

ISO/IEC 27002 Introduction training course enables you to comprehend the Information Security Management Systems and Information Security Controls as specified in ISO/IEC 27002.

By attending the ISO/IEC 27002 Introduction training course, you will understand the importance of ISMS and Information Security Controls and the benefits that businesses, society and governments can obtain.

Who Is It For?

• - Individuals interested in Information Security Management and Information Security Controls
• - Individuals seeking to gain knowledge about the main processes of Information Security Management Systems and Information Security Controls

Learning objectives

Understand the Information Security standards and Information Security Management practices used to implement and manage Information Security Controls

Understand the controls necessary to manage Information Security risks

Brochure

About the Program

ISO/IEC 27005 provides guidelines for the establishment of a systematic approach to Information Security risk management which is necessary to identify organizational needs regarding information security requirements and to create an effective information security management system. Moreover, this international standard supports ISO/IEC 27001 concepts and is designed to assist an efficient implementation of information security based on a risk management approach.

Why should you attend?

ISO/IEC 27005 training course enables you to comprehend the basic concepts of Information Security Risk Management by using the standard ISO/IEC 27005 as a reference framework.

By attending the ISO/IEC 27005 Introduction training course, you will understand the importance of Information Security Risk Management and the benefits that businesses, society and governments can obtain.

Who Is It For?

• - Individuals interested in Information Security Risk Management
• - Individuals seeking to gain knowledge about the main processes of Information Security Risk Management

Learning objectives

Understand the concepts, approaches, methods and techniques used to manage risks related to Information Security

Understand the importance of Information Security Risk Management

Brochure

About the Program

In today’s business world, information security incidents are considered to be uncertain risks which can seriously damage a business. Thus, organizations must take actions to promptly identify, evaluate and effectively manage the incidents. The ISO/IEC 27035 Information Security Incident Management is an international standard that provides best practices and guidelines for conducting a strategic incident management plan and preparing for an incident response.

The ISO/IEC 27035 Information Security Incident Management delivers the prime principles of security to prevent and respond effectively to information security incidents. In addition, the ISO/IEC 27035 incorporates specific processes for managing information security incidents, events, and potential vulnerabilities.

Why should you attend?

ISO/IEC 27035 Introduction training course enables you to comprehend the basic concepts of managing Information Security Incidents.

By attending the ISO/IEC 27035 Introduction course, you will understand the importance of an Information Security Incident Management and the benefits that businesses, society and governments can obtain.

Who Is It For?

• - Individuals interested in Information Security Incident Management
• - Individuals seeking to gain knowledge about the main processes of Information Security Incident Management

Learning objectives

Understand the concepts, approaches, methods, and techniques used to manage Information Security Incidents

Understand the Information Security Incident Management practices

Brochure

About the Program

Understanding how to effectively assess risk may be a challenge for many industries. The risk assessment methods: OCTAVE, EBIOS, and MEHARI, will provide you with the sufficient knowledge on how to successfully identify and assess risk in your organization.

OCTAVE – Operationally Critical Threat, Asset, and Vulnerability Evaluation were developed by the Computer Emergency Response Team (CERT), and it was funded by the US Department of Defense. This risk assessment tool is used to help prepare organizations for security strategic assessments and planning for their information.

EBIOS - Expression des Besoins et Identification des Objectifs de Sécurité, was developed by the French Central Information Systems Security Division. The goal of this risk assessment tool is to assess and treat risks with an IS, which would result in assisting the management decision-making, and guide stakeholders to find a mutual set of discussions.

MEHARI - Methode Harmonisee d’Analyse de Risques, was developed by CLUSIF, a non-profit Information Security organization. The goal of this risk assessment tool is to mostly to provide guidelines for ISO/IEC 27005 Implementation and analyze scenario-based risks landscapes for short-long term security management.

Why should you attend?

Our risk assessment methods training courses including the OCTAVE, EBIOS, and MEHARI methods, will provide you with the sufficient knowledge on how to successfully identify and assess risk in your organization. Risk Assessment Methods play a key role when it comes to protecting the business and its valuable assets. These methods will provide you with crucial guidelines on focusing on the risks that are more dangerous and that can have a huge financial and reputational damage for our business.

Who Is It For?

• - Individuals participating in risk assessment activities using the OCTAVE method
• - Individuals participating in risk assessment activities using the EBIOS method
• - Individuals seeking to gain a thorough understanding of MEHARI risk analysis method and MEHARI risk model
• - Managers seeking to acquire the necessary skills to perform qualitative risk evaluation
• - Managers seeking to develop the necessary skills for identification of assets, vulnerabilities and threats to those assets
• - Individuals seeking to support organizations to determine and evaluate potential consequences of threats

Learning objectives

Understand the basic concepts of Information Security risk management

Understand the main steps of the OCTAVE Allegro risk assessment method

Gain the ability to perform a risk assessment based on the OCTAVE Allegro method

Understand the activities of the EBIOS method in order to follow the completion of studies (pilot, control, reframe) as a work master

Develop the necessary skills to analyze and communicate the results of an EBIOS study

Understand the concepts and general principles associated with MEHARI risk analysis method

Gain a thorough understanding of the four phases of the MEHARI approach

To learn the concepts, methods, and practices allowing an effective risk management based on ISO 27005

Brochure

About the Program

SCADA – Supervisory Control and Data Acquisition is an industrial system framework that includes both hardware and software architecture to control, monitor and analyze an industrial process. SCADA is an application software that enables managers, engineers, and industry operators, to supervise and communicate effectively with the working environment.

As an application software, SCADA is designed to assist industry experts in maintaining and improving industrial processes. Hence, the objective of SCADA is to collect real-time data, and store, process and generate reports for the complex industrial processes.

SCADA is an essential tool that provides networking systems, communication and security technologies, and standards which are necessary to facilitate the maintenance of industrial processes. The application of technology is important for individuals to innovate and develop processes that will assist industries in the near future.

MThe aim of SCADA is to provide individuals with techniques to choose, plan and design technologies for improving the business processes and other utilities. In addition, SCADA will assist individuals to learn the required skills that are essential to plan, direct, operate and manage a project system in a working environment. The importance of SCADA is the automation system which allows the organization and individuals to anticipate risk uncertainties, lower investment, maintenance costs and study optimal responses to the continuity of industrial processes.

Why should you attend?

Lead SCADA Security Manager training enables you to develop the necessary expertise to plan, design, and implement an effective program to protect SCADA systems. In addition, you will be able to understand common Industrial Control System (ICS) threats, vulnerabilities, risks related to the Industrial Control Systems (ICS) and techniques used to manage these risks. This training focuses on several aspects of security management and skills related to SCADA/ICS security.

Lead SCADA Security Manager training course is designed by industry experts with in-depth experience in SCADA and Industrial Control Systems Security. Unlike other trainings, this training course concentrates specifically on the knowledge and skills needed by a professional seeking to advice on, or manage risks related to SCADA environments and systems. Given the high profile nature and the significant impacts associated with such environments, a holistic professional approach to security is needed and that is exactly what this course is designed to provide.

In addition, to acquire the theoretical knowledge needed by a SCADA Security Manager, a comprehensive methodology for the implementation of a SCADA Security program is presented. Thus, at the end of this course, you will gain knowledge on how to effectively implement a security program for SCADA/ICS systems.

After mastering all the necessary concepts of SCADA Security, you can sit for the exam and apply for a “PECB Certified Lead SCADA Security Manager” credential. By holding a PECB Lead SCADA Security Manager Certificate, you will be able to demonstrate that you have the practical knowledge and professional capabilities to support and lead a team in managing SCADA Security.

Who Is It For?

• - Security professionals interested in acquiring SCADA security professional skills
• - IT professionals looking to enhance their technical skills and knowledge
• - IT and Risk Managers seeking a more detailed understanding of ICS and SCADA systems
• - SCADA system developers
• - SCADA engineers and operators
• - SCADA IT professionals

Learning objectives

- Understand and explain the purpose and risks to SCADA systems, Distributed Control Systems and Programmable Logic Controllers

- Understand the risks faced by these environments and the appropriate approaches to manage such risks

- Develop the expertise to support a pro-active SCADA Security program, including policies and vulnerability management

- Define and design network architecture incorporating defense in advanced security controls for SCADA

- Explain the relationship between management, operational and technical controls in a SCADA Security program

- Improve the ability to design resilient and high availability SCADA systems

- Learn how to manage a program of effective security testing activities

Brochure

About the Program

A penetration test is a practice of assessing the security of an IT infrastructure by securely trying to exploit vulnerabilities that may exist in operating systems, inappropriate configurations, application errors, or end-user behavior. The penetration testing is an attempt to test the efficiency of security measures and discover any potential exploits or backdoors that may be present in computer systems; which hackers and cyber criminals can gain unauthorized access or conduct malicious activities. In addition, penetration testing is an advanced tool to detect, analyze and set protective constraints to the IT infrastructure, in order to reduce remediation of financial losses against malicious activities.

In the rapidly changing industry of technology, organizations constantly face cybersecurity risks which may lead to intrusion of business operational processes. A penetration testing provides an excellent assessment of the cybersecurity measures in an organization.

Pen testing professionals are able to uncover different aspects of cybersecurity frameworks in the computer systems and provide detailed solutions to the cybersecurity risks. The goal of a Lead Pen Testinging Professional is to master a repeatable, and documentable penetration testing methodology that can be used in an ethical penetration testing.

Why should you attend?

Lead Pen Test Professional training enables you to develop the necessary expertise to lead a professional penetration test by using a mix of practical techniques and management skills.

This course is designed by industry experts with in-depth experience in the Penetration Testing field. Unlike other trainings, this training course is focused specifically on the knowledge and skills needed by professionals looking to lead or take part in a penetration test. It drills down into the latest technical knowledge, tools and techniques in key areas including infrastructure, Web Application security, Mobile security and Social Engineering. In addition, this course concentrates on how to practically apply what is learned on current day-to-day penetration testing and does not expand on unrelated, dated or unnecessary theoretical concepts.

Along with the in-depth hands-on practical skills, this training course equips you with the management skills you need to lead a penetration test, taking into account business risks and key business issues. The individuals who complete the course have the right blend of the real business and technical competencies needed to be a respected, understood and professional penetration tester. On the last day of the training course, you will get to use the skills learned in a comprehensive capture and flag penetration testing exercises.

Who Is It For?

• - IT professionals looking to enhance their technical skills and knowledge
• - Auditors looking to understand the Penetration Testing processes
• - IT and Risk managers seeking a more detailed understanding of the appropriate and beneficial use of Penetration Tests
• - Incident handlers and Business Continuity professionals looking to use testing as part of their testing regimes
• - Penetration testers
• - Ethical hackers
• - Cybersecurity professionals

Learning objectives

- Learn how to interpret and illustrate the main Penetration Testing concepts and principles

- Understand the core technical knowledge needed to organize and carry out an effective set of Pen Tests

- Learn how to effectively plan a Penetration Test and identify a scope which is suitable and appropriate based on risk

- Acquire hands-on practical skills and knowledge on relevant tools and techniques used to efficiently conduct a Penetration Testing

- Learn how to effectively manage the time and resources needed to scale a specific Penetration Test

Brochure

About the Program

ISO 27799 provides guidelines for organizational information security standards and Information Security Management practices which include but are not limited to the selection, implementation and management of controls by taking into consideration the organization’s Information Security risk environments. This standard provides guidelines to support the implementation of information security controls in healthcare organizations based on ISO/IEC 27002.

By following the guidelines of this international standard, healthcare organizations will be able to maintain a level of security that is suitable to their conditions and will help to ensure the availability, integrity and confidentiality of their personal health information. Basically, ISO 27799 serves as a tool to protect personal health information.

ISO 27799 training is essential as it will provide you with the fundamental guidelines to protect personal health information. This training will enable you to acquire the necessary knowledge to ensure healthcare organizations that their personal information is protected according to an internationally recognized standard. The benefits of this standard are valid to all healthcare institutions regardless of their size, type, or complexity. Healthcare organizations have a technological infrastructure, as well as information systems and information assets that are very sensitive and prone to vulnerabilities. That being said, the ISO 27799 standard will help these organizations to securely manage the personal information that they process.

Why should you attend?

ISO 27799 Lead Manager training enables you to acquire the necessary expertise to support an organization in implementing and managing Information Security controls based on ISO 27799 and ISO/IEC 27002. During this training course, you will also gain a comprehensive knowledge of the best practices of Information Security Controls and how to improve Information Security within a healthcare organization. Additionally, this training enables you to develop the necessary expertise to support healthcare organizations in establishing, implementing, managing and maintaining an Information Security Management System (ISMS). Furthermore, during this training you will learn the complex and different factors that should be taken into account when dealing with information security issues within a healthcare organization.

After mastering all the necessary concepts of Information Security Controls, you can sit for the exam and apply for a “PECB Certified ISO 27799 Lead Manager” credential. By holding a PECB Lead Manager Certificate, you will be able to demonstrate that you have the practical knowledge and professional capabilities to support and lead a team in implementing and managing Information Security Controls in healthcare organizations based on ISO 27799 and ISO/IEC 27002.

Who Is It For?

• - Managers or consultants seeking to implement an Information Security Management System (ISMS) based on ISO/IEC 27001, ISO/IEC 27002 and ISO 27799
• - Project managers or consultants seeking to master the Information Security Management System implementation process in healthcare organizations
• - Individuals responsible for Information Security, compliance, risk, and governance in a healthcare organization
• - Information Security team members
• - Expert advisors in information technology
• - Information Security officers
• - Information Security managers
• - Privacy officers
• - IT professionals
• - CTOs, CIOs and CISOs

Learning objectives

- Master the implementation of Information Security controls in healthcare organizations by adhering to the framework and principles of ISO 27799 and ISO/IEC 27002

- Master the concepts, approaches, standards, methods and techniques required for the implementation and effective management of Information Security controls in healthcare organizations

- Comprehend the relationship between the components of Information Security controls, including responsibility, strategy, acquisition, performance, conformance, and human behavior

- Understand the importance of Information Security for the strategy of a healthcare organization

- Master the implementation of Information Security management processes

- Master the expertise to support a healthcare organization to effectively implement, manage and maintain Information Security Controls

- Master the formulation and implementation of Information Security requirements and objectives

- Master the development and administration of a health information security program, including: policies, procedures, risk assessment, security architectures etc.

Brochure

About the Program

Computer Forensics, also known as Cyber Forensics refers to the analysis of information in the computer systems, with the objective of finding any digital evidence that can be used for legal proceedings, but also to discover the cause of an incident. Computer forensics is the process of extracting data and information from computer systems to function as digital evidence for civic purposes, or in most cases to prove and legally impeach cybercrime.

The purpose of computer forensics is to provide forensic practices, legal processes, and ethical principles to assure reliable and detailed digital evidence that can be used for the courtroom needs. The objective of computer forensics is to guarantee a well-structured investigation and a follow-up of processes in order to resolve incidents and malfunctions in an organization.

ISO 27799 training is essential as it will provide you with the fundamental guidelines to protect personal health information. This training will enable you to acquire the necessary knowledge to ensure healthcare organizations that their personal information is protected according to an internationally recognized standard. The benefits of this standard are valid to all healthcare institutions regardless of their size, type, or complexity. Healthcare organizations have a technological infrastructure, as well as information systems and information assets that are very sensitive and prone to vulnerabilities. That being said, the ISO 27799 standard will help these organizations to securely manage the personal information that they process.

Why should you attend?

A forensics process is applied after the cyber attack or incident has occurred in order to collect and analyze the data to determine what happened, how did it happen and why did it happen? Computer forensics can be used as a tool to exploit backdoors that should be patched. A computer forensics investigation is a proficient mechanism that allows organizations’ to rationalize their time and immense financial impacts.

An internationally recognized computer forensic professional will be able to provide a detailed investigation of computer systems and assist the law enforcement authorities. Computer forensics’ provide you with the advantage of learning and practicing the latest comprehensive security methodologies of network systems, encryption technology, file operating systems, and criminal science.

Who Is It For?

• - Individuals interested in Computer Forensics.
• - Individuals seeking to gain knowledge about the main processes of Computer Forensics.
• - Individuals interested in Computer Forensics Processes.
• - Individuals interested to pursue a career in Computer Forensics
• - Computer Forensics specialists
• - Computer Forensics consultants
• - Cybersecurity professionals
• - Cyber intelligence analysts
• - Electronic data analysts
• - Specialists in computer evidence recovery
• - Professionals working or interested in law enforcement
• - Professionals seeking to advance their knowledge in Computer Forensics analysis
• - Information Security team members
• - Information technology expert advisors
• - Individuals responsible for examining media to extract and disclose data
• - IT Specialists

Learning objectives

- Understand the role of computer forensics in the business world.

- Support an organization to prevent incident occurrence.

- Learn the prime forensic skills that can be applied in different situations.

- Improve your forensic techniques and tools to identify and respond to cybercrimes.

- Become an internationally recognized digital forensic professional.

Brochure

About the Program

The digital evolution has brought immense benefits in innovation and growth, but the great dependence that many business models have on the Internet Cybersecurity audit is the attempt to test the efficiency of security measures and disclose any potential vulnerability that an organization may be exposed to. Cybersecurity audit probes the effectiveness and safety of the systems and their security components. Audit plays a very important role in assessing the opportunities for making the organization more secure.

Organizations have a number of cybersecurity policies, security restrictions, actions, trainings, practices, and technologies that are used to protect all the data contained in the systems. A cybersecurity audit in other words is an analysis to validate whether all the existing cybersecurity measures are being followed and implemented properly.

As the organizations constantly face cyber-threats, conducting regular cybersecurity audits is an excellent opportunity to assess the cybersecurity effectiveness of an organization. Cybersecurity auditing will help an organization to determine the current level of its cybersecurity, identify vulnerabilities and identify protection mechanisms against possible threats and attacks.

Moreover, this discipline examines preventive, detective and corrective controls as well as how to apply the audit process to a specific environment. Cybersecurity auditing helps you to gain control and knowledge of the state of all the systems that make up your ICT infrastructure. You will have an increased knowledge about the state of the security of your company, and what preventive and corrective measures should implement to enhance the security of computers, servers, networks, and other relevant devices.

Why should you attend?

The Cybersecurity Audit training course encapsulates the basic knowledge of auditing a cybersecurity program. The content of this training course incorporates the essentials of cybersecurity auditing encompassed in a two-day foundation course. Cybersecurity audits are an essential tool in testing the effectiveness and safety of the mitigation strategies that organizations employ to protect their systems against cyberattacks. Moreover, candidates will become familiarized with the key concepts of cybersecurity. These key concepts include different controls such as preventive, detective and corrective controls, and more importantly the knowledge of applying the appropriate controls to various environments. During this training course you will be able to understand the different modules of cybersecurity audit, including the cybersecurity frameworks, management of the cybersecurity risks, audit activities such as the initiation of an audit and draft of audit reports, cybersecurity controls and audit strategies.

After completing this course, you can sit for the exam and apply for the “PECB Certified Cybersecurity Audit Foundation” credential. A PECB Foundation Certificate proves that you have understood the fundamental methodologies, requirements, framework and management approach.

Who Is It For?

• - Individuals involved in cybersecurity management.
• - Individuals seeking to gain knowledge about the main processes of auditing a cybersecurity program.
• - Individuals interested to pursue a career in cybersecurity audit.

Learning objectives

- Understand and acquire comprehensive knowledge on the components and operations of a cybersecurity program conform to ISO/IEC 27032.

- Acknowledge the correlation between ISO/IEC 27032, ISO/IEC 27001, the NIST Cybersecurity Framework as well as other standards and operating frameworks.

- Understand the auditor’s role: to plan, lead and follow-up on a cybersecurity audit in accordance with relevant audit standards and best practices.

Brochure

About the Program

Secure Application Development (SAD) is the process of writing secure code without errors and vulnerabilities that expose an application to cyber threats and attacks. Developing securely is a preventive measure that will help organizations avoid and/or mitigate attacks related to the applications that it develops. Since, software bugs and flaws in the rationale of a program are the constant cause for software vulnerabilities, secure application development is a very important part of an organization’s cybersecurity.

Secure Application Development (SAD) was developed as a result of the awareness trainings for software developers on how to best secure coding. According to many software security professionals, the most exposures to threats are due to errors in programming, so educating the software developers is a very crucial step in every organization.

Vulnerabilities in software programs and systems have been increasing drastically in the past decade. Developing a secure application in today's frantic world of mobile devices, social networks, the cloud and complex business applications can be challenging. Customers expect applications to be made available and updated faster than ever. It is important to know how to develop software in an agile manner without compromising the security of the information of users and organizations.

One of the most important steps whilst developing secure applications is an effective well-structured training discipline that helps developers learn vital secure coding principles and how they can be applied and integrated into SDLC architecture and design elements. With regards to the secure development – the earlier you apply secure code in the software development stage the better. Not utilizing secure code could create vulnerabilities in your enterprise databases, software, and web applications leaving your company open to cyber threats. The lack of a credible Secure Application Development (SAD) program could result in weakened overall cybersecurity, loss of clients due to breaches of information and sensitive data, and at potentially irreversible financial losses.

Benefits of Lead Secure Application Developer Certification

• - An understanding of which security mechanisms should to be implemented according to best industry practices.
• - The knowledge on how threats can be minimized.
• - Identify the complex areas of the cyber microcosm where secure development can enhance the security of your company.

About the Program

Communications Security as a discipline, addresses the prevention of unauthorized access to telecommunications traffic or any information that is either transferred or transmitted in by electrical means. Communications Security serves as a protective shield for electronic emissions associated with sensitive information: a process involving the usage of specialized technical, operational and physical security measures. Hence, effective and secure communication can deliberately lead to creating trust for both internal and external parties within the organizational reach.

Communications Security, as an ITS discipline, raises awareness and understanding for cautiousness whilst handling sensitive information. By following the steps indicated by the strategy, you will be able to maintain a structured framework for protecting sensitive and classified information in your company.

Benefits of Communications Security Certification

• - The necessary knowledge to assist in implementing a standardized and secure communications structure.
• - Understood the importance of secured communications in organizations by adhering to the framework and principles of the ISO/IEC 27001.
• - Understood the relationship between the components of Communications Security management, including the roles and responsibilities, training, awareness &education, selection and termination of activities.
• - The necessary skills to support an organization in implementing and managing an ongoing Communications Security program.
• - The necessary knowledge to improve the Communications Security processes in an organization.

About the Program

Any document management project, whether for a public or private archive, needs to incorporate digitalization as an essential instrument to achieve an effective and secure electronic file management system. Digitalization and Electronic Archiving as a discipline, addresses the issues and trends in document and records keeping in the digital age. This involves digital curation, web archiving, personal information management and managing records in digital repositories. Hence, it covers the essential elements to know to tackle a project of digitalization and archiving of digital data, in particular, security techniques, the risks and the legal and regulatory issues of such a project, without forgetting the contractual and insurance aspects.

Digitalization and Electronic Archiving, as an Information Security discipline helps you to better manage personal information and records in the digital repositories effectively and securely. It is about how information is managed, and how you can take advantage of it in an efficient way so that it can benefit you and your organization. Digitalization and Electronic Archiving of documents is one of the main engines of transformation since the analysis of information allows you to utilize better decision making, which is crucial for any company regardless of its size, type and complexity.

Why should you attend?

This course provides all the critical knowledge required to approach, understand, manage and successfully carry out a digitalization and retention/archiving project, including security, search and risk analysis techniques and the identification of legal, regulatory, contractual and insurance issues. A set of methodological tools is included in the themes covered, to effectively digitize any process and choose the appropriate solution without getting into the details of the related technologies. Finally, the course offers some food for thought on the changes in store for digital data and the new technologies to consider for establishing true data governance.

When you are well versed in all the concepts required for digitalization project, you will be able to take the exam and apply to be a PECB Certified Lead Digitalization and Electronic Archiving Manager. By earning this certificate, you will demonstrate that you have the practical knowledge and professional capacities to support and direct a team in charge of carrying out a digitalization and electronic retention/archiving project.

Who Is It For?

• - Digitalization and electronic archiving project managers.
• - Consultants, security managers, IT coordinators, jurists and archivists asked to manage digitalization and electronic archiving projects.
• - Data governance managers, risk management coordinators.
• - Anyone who wishes to gain a better understanding of the issues involved in the digitalization of business processes and conserving digital data, or digital transformation in general, including:
•     * Expert advisors in information technology.
•     * Information security officers.
•     * Information security managers.
•     * All IT professionals.
•     * CTOs, CIOs and CISOs.

Learning objectives

Brochure

About the Program

The Human Resource Security discipline is designed to examine key controls applied before, during, and after the hiring of human resources. These controls include but are not limited to the definitions of roles and responsibilities, recruitment, contracting terms and conditions, awareness, education and training, disciplinary processes, termination of activities.

Additionally, the controls address the return of assets and management of access rights, in accordance with the guidelines established in the section of Human Resources Security of the ISO/IEC 27002 standard.

By following the guidelines of this framework, organizations will be able to maintain a stable human resource management system that is suitable to their conditions and ensures the availability, integrity and confidentiality of the information related to human resources activities.

Why should you attend?

The Human Resources Security Foundation training course allows you to learn the basic elements to implement and manage information security controls before, during and after a recruitment process. By the end of this training course, you will be able to understand the best practices of implementing human resources security controls in compliance with the ISO/IEC 27002 standard.

Having completed this training course, you can sit for the exam and apply for the “PECB Certified Human Resources Security Foundation” credential. A PECB Foundation certificate shows that you have grasped the fundamental concepts, methods, and management approaches to Human Resources Security.

Who Is It For?

Learning objectives

About the Program

Cybersecurity or the Cyberspace Security refers to the protection of systems, programs, networks and devices from cyber-attacks in order to preserve the confidentiality, integrity and availability of data within the Cyberspace. These cyber-attacks try to access, destroy or modify sensitive data, leading to the disruption of operations, money loss, reputation damage or loss of customers’ trust. Cybersecurity highlights the role of information security, network and internet security, physical security and critical information infrastructure protection (CIIP) in the Cyberspace.

The global evolution of technology has resulted in a rapid increase of the number of cyber-crimes and cyber-attacks. To combat the spread of these attacks, Cybersecurity helps you understand the effective measures and controls that need to be implemented in order to stay protected from all kinds of attacks. Therefore, the implementation of the right Cybersecurity controls and mechanisms enables your organization to assess and treat the Cybersecurity risks that they face.

Cybersecurity professionals will prove that they possess the necessary expertise to support organizations implement effective protection measures that involve the combination of people, processes and technology.

Moreover, you will be able to demonstrate that you have the necessary skills to support the process of integrating the Cybersecurity controls into the organization’s processes and ensure that the intended outcomes are achieved.

Why should you attend?

This training course has been designed to prepare anyone to become a cybersecurity professional. The content of this training course represents the essentials of Cybersecurity, and it is designed in the way that the capabilities learned by following this training course will be used to protect organizations and the society as a whole from areas of emerging threats. Throughout this training, you will gain a comprehensive knowledge on Cybersecurity based on the best practices, the relationship between Cybersecurity and other types of IT Securities, the identification of processes that are the most vulnerable to cyber-attacks, and so on. Participants will gain an insight into the fundamental Cybersecurity principles, Risk Management, Security Architecture and Controls, Incident Management, Cryptography and Operations Security, etc.

In addition to the training, participants will have access to exams in order to receive an internationally recognized certification that will validate their Cybersecurity skills and prepare them to successfully enter or advance in the labor market.

Who Is It For?

This course is aimed at all the individuals who want to guide their future professional career in the area of Cybersecurity. It is not important whether you are a student, manager, engineer, IT administrator, systems administrator etc., this is a training course for everyone who wants to expand his or her professional knowledge in this area.

Learning objectives

Brochure

About the Program

Ethical Hacking refers to the act of penetrating computer systems, networks or applications with the intention to exploit vulnerabilities that may lead to potential threats and risks. The main aim of Ethical Hacking is the improvement of the overall security of organizations by fixing the gaps and vulnerabilities found during penetration tests. Ethical hackers are allowed to use the same hacking techniques as malicious hackers with the permission of the organization which is to be tested.

Ethical Hackers are also known as White Hat Hackers because they use their expertise in hacking in order to improve the security of organizations by decreasing the number of vulnerabilities and security breaches. With the increase of the number of cyber-attacks, the global demand for ethical hacking services is constantly increasing as well. Globally known organizations chose to include ethical hacking in their security strategies, increasing the demand for Ethical Hackers across various industries. Moreover, experienced Ethical Hackers earn higher salaries than other professionals.

As an Ethical Hacker, you will prove that you possess the necessary expertise to support organizations detect their weaknesses, before a Black Hat Hacker does. Moreover, you will be able to demonstrate that you have the necessary skills to support the process of integrating penetration tests into the organization’s processes and ensure that the intended outcomes are achieved.

Why should you attend?

The Certified Lead Ethical Hacker training course enables you to develop the necessary expertise to perform information system penetration tests by applying recognized principles, procedures and penetration testing techniques, in order to identify potential threats on a computer network. During this training course, you will gain the knowledge and skills to manage a penetration testing project or team, as well as plan and perform internal and external pentests, in accordance with various standards such as the Penetration Testing Execution Standard (PTES) and the Open Source Security Testing Methodology Manual (OSSTMM). Moreover, you will also gain a thorough understanding on how to draft reports and countermeasure proposals. Additionally, through practical exercises, you will be able to master penetration testing techniques and acquire the skills needed to manage a pentest team, as well as customer communication and conflict resolution.

The Certified Lead Ethical Hacking training course provides a technical vision of information security through ethical hacking, using common techniques such as information gathering and vulnerability detection, both inside and outside of a business network.

The training is also compatible with the NICE (The National Initiative for Cybersecurity Education) Protect and Defend framework.

After mastering the necessary knowledge and skills in ethical hacking, you can take the exam and apply for the "PECB Certified Lead Ethical Hacker" credential. By holding a PECB Lead Ethical Hacker certificate, you will be able to demonstrate that you have acquired the practical skills for performing and managing penetration tests according to best practices.

Who Is It For?

Learning objectives

About the Program

ISO/IEC 27701 standard is published in August 2019, and it is the first international standard that deals with privacy information management. The standard will assist organizations to establish, maintain and continually improve a Privacy Information Management System (PIMS) by enhancing the existing ISMS, based on the requirements of the ISO/IEC 27001 and guidance of ISO/IEC 27002. It can be used by all types of organizations irrespective of their size, complexity or the country they operate.

The exponential growth of the collection of personal information and the increasing of data processing has led to privacy concerns. Hence, implementing a Privacy Information Management System (PIMS) in compliance with the requirements and guidance of the ISO/IEC 27701 will enable organizations to assess, treat, and reduce risks associate with the collection, maintenance and processing of personal information.

This standard is essential for every organization that is responsible and accountable for Personally Identifiable Information (PII) as it provides requirements on how to manage and process data and safeguard privacy. It enriches an already implemented ISMS to address privacy concerns properly by assisting the organizations to understand the practical approaches involved in the implementation of an effective management of PII.

Why should you attend?

The ISO/IEC 27701 Foundation training course is designed to help participants understand the basic concepts and principles of a Privacy Information Management System (PIMS) based on ISO/IEC 27701. Moreover, during this training course, students will learn more on the structure of the standard including its requirements, guidance and controls on the protection of the privacy of Personally Identifiable Information (PII) principals and the relationship of the standard with ISO/IEC 27001 and ISO/IEC 27002.

The ISO/IEC 27701 Lead Implementer training course enables you to develop the necessary expertise to assist an organization to establish, implement, maintain and continually improve a Privacy Information Management System (PIMS) based on ISO/IEC 27701 by enhancing an existing ISMS based on ISO/IEC 27001 and the guidance of ISO/IEC 27002.

The ISO/IEC 27701 Lead Auditor training course enables you to develop the necessary skills to perform a Privacy Information Management System (PIMS) audit by applying widely recognized audit principles, procedures and techniques.

Who Is It For?

Learning objectives

Brochure

About the Program

The General Data Protection Regulation (GDPR) is a regulation that will enforce a stronger data protection regime for organizations that operate in the European Union (EU) and handle EU citizens’ data. GDPR constitutes the protection of personal data of employees, customers and others. In case organizations fail to comply with this regulation, they will be subject to heavy fines and damaged reputation. Considering that personal data represents critical and sensitive information that all organizations should protect, such a regulation will help put in place appropriate procedures and controls to prevent Information Security breaches. By May 2018, all organizations that operate in the EU should comply with this regulation.

Considering that data breaches have become highly sophisticated in the recent years, the need for data protection has increased as well.

Information Security is crucial to the success of any organization since it deals with the protection of sensitive data from unauthorized access, use, replication and destruction. As such, organizations should put in place measures and controls to manage and diminish Information Security risks and comply with GDPR requirements. In case organizations fail to comply with the GDPR requirements, the penalties can reach up to 2% of an organization’s annual turnover. Also, in case of more serious infringements, the penalties can amount to 4% of an organization’s annual revenue. The implementation of a Privacy Framework, on the other hand, will allow professionals to develop and implement reliable controls that are generally accepted.

Becoming a Certified Data Protection Officer will enable you to acquire the necessary expertise to understand the risks that could have a negative impact on your organization and implement the required strategic responses based on the GDPR best practices, requirements and principles.

Being GDPR certified means that you are legally compliant with the new European Union’s Data Protection Regulation (GDPR). GDPR training gives the green light to professionals to receive certification from legitimate certification bodies to prove both to the EU and clients that they are in line with the GDPR.

GDPR certification is crucial if you are interested to be equipped with the necessary knowledge to keep your business compliant and ahead of your competitors as well as assure your customers that you respect their data privacy. This course will teach you how to redefine the way your customer’s data is obtained, stored, processes and secured.

Why should you attend?

The GDPR Introduction training course enables you to comprehend the basic concepts and requirements of the General Data Protection Regulation (GDPR).

By attending the GDPR Introduction course, you will understand the importance of the GDPR and the benefits that business, society and governments can obtain.

The GDPR Foundation training enables you to learn the basic elements to implement and manage a compliance framework with regard to the protection of personal data. During this training course, you will be able to understand the fundamental privacy principles and become familiar with the role of the Data Protection Officer.

The Certified Data Protection Officer training course enables you to develop the necessary knowledge, skills and competence to effectively implement and manage a compliance framework with regard to the protection of personal data.

Who Is It For?

Learning objectives

Brochure