Security of Network and Information Systems Directive (NIS)

5 Day Course
Hands On
Code QANISDIR

This course has been retired. Please view currently available Cyber Security Training Courses.

Modules

Hide all

Competent Authority Obligations (2 topics)

  • Operators of essential services
  • Digital service providers

Technology Primers (3 topics)

  • Internet primer
  • Industrial controls systems security primer
  • Introduction to cloud security

Governance (5 topics)

  • Governance in the information security arena
  • Information security management & leadership roles
  • Responsible & accountable persons
  • Continual improvement
  • Principles of auditing

Risk Management (5 topics)

  • Component vs System techniques
  • Risk assessments
  • Risk measurement against 'risk appetite'
  • oManaging risk
  • Risk reduction and acceptance techniques

Asset Management (2 topics)

  • Asset value
  • Assets and critical dependencies

Supply Chain (3 topics)

  • Cyber risks in the supply chain
  • Flow down of security obligations in contracts
  • Third party dependency modelling

Security Policies and Processes (3 topics)

  • Information Security Management System (ISMS)
  • Communication, enforcement and governance
  • Alignment to business goals and outcomes

Identity & Access Management (3 topics)

  • Authorisation & Authentication
  • Identity as a service
  • Privilege management

Data Security (Confidentiality, Integrity & Availability) (3 topics)

  • Data in transit & Data at rest
  • Encryption
  • Patch management

Resilient Networks & Systems (5 topics)

  • Network primer
  • Failover and redundancy
  • Segregation & air gaping
  • Third party access & management
  • Access control

Security training & Awareness (2 topics)

  • Implementing security programmes
  • Tailoring messages for your audience

SIEM Processes, Features & Functions (1 topic)

  • Security & Event Auditing

Anomaly Detection (3 topics)

  • Anti-malware and evasion
  • Audit Logs - What to collect from where
  • Telemetry behaviour patterns

Threat Detection (4 topics)

  • Intruder behaviour
  • Insider threat hunting
  • Common methods of attack
  • Advanced threats

Security Assessments (4 topics)

  • Vulnerability management
  • Social engineering and ethical phishing
  • Insider threat assessment
  • Red teams

Resilience (4 topics)

  • Incident response plans
  • Incident response within the supply chain
  • Post incident recovery (crisis and communications)
  • Lessons learned & root cause reporting

Prerequisites

There are no specific pre-requisites to attend this course, however we do expect delegates to have a basic understanding of technology, computing and the internet.

Course PDF

Print

Sections