Cyber security is how individuals and organisations reduce the risk of cyber-attack. Cyber security’s core function is to protect the devices we all use (smartphones, laptops, tablets and computers), and the services we access – both online and at work – from theft or damage. Cybersecurity is the collected set of technologies, processes, and procedures organizations use to protect their computing environments from damage and unauthorized data access perpetrated by cybercriminals or malicious insiders.

ISO/IEC 27032 Cybersecurity Professional training enables you to acquire the expertsie and competence needed to support an organization in implementing and managing a Cybersecurity program based on ISO/IEC 27032 . During this training course, you will gain a comprehensive knowledge of Cybersecurity, the relationship between Cybersecurity and other types of IT security, and stakeholders’ role in Cybersecurity.

Who should attend?

  • Cybersecurity professionals
  • Information Security experts
  • Professionals seeking to manage a Cybersecurity program
  • Individuals responsible to develop a Cybersecurity program
  • IT specialists
  • Information Technology expert advisors
  • IT professionals looking to enhance their technical skills and knowledge

Learning objectives

  • Educate participants about current and emerging cybersecurity threats and vulnerabilities, including cyberattacks and cybercrime trends.
  • Teach participants how to identify, assess, and manage cybersecurity risks within their organizations.
  • Explain the importance of governance structures and frameworks for effective cybersecurity management.
  • Assist participants in developing and implementing cybersecurity policies and strategies aligned with their organizational goals and objectives.
  • Instruct participants on how to create and implement an incident response plan to address cybersecurity incidents effectively.
  • Explain the significance of supply chain security and best practices for securing the supply chain against cyber threats.
  • Instruct participants on implementing security measures and controls to protect information and systems from unauthorized access, disclosure, alteration, and destruction.
  • Help participants understand cybersecurity compliance and regulatory requirements specific to their industry or jurisdiction.
  • Guide participants in developing and maintaining business continuity and disaster recovery plans to ensure the organization’s ability to continue critical operations in the event of a cybersecurity incident.
  • Assist participants in conducting cybersecurity assessments and audits to evaluate their organization’s compliance with cybersecurity policies and controls.
  • Promote the development of a cybersecurity culture within the organization, emphasizing the role of every employee in maintaining security.
  • Discuss methods for measuring the effectiveness of cybersecurity measures and using metrics for improvement.

Course content

Introduction to Cybersecurity and related concepts as recommended by ISO/IEC 27032

  • Course Objectives and Structure
  • Standard and Regulatory Framework
  • Interested parties
    • Users
    • Coordinator and standardization organisations
    • Government authorities
    • Law enforcement agencies
    • Internet service providers
  • Fundamental Concepts in Cybersecurity
  • Cybersecurity Program
  • Initiating a Cybersecurity Program
  • Analysing the Organisation
  • Leadership

Cybersecurity Policy and Risk management

  • Cybersecurity Policies
  • Cybersecurity Risk Management
  • Threats
  • Vulnerabilities
  • Attack vectors
  • Attack Mechanisms

Cybersecurity Controls, Information Sharing and Coordination

  • Controls for Internet security
  • Information Sharing and Coordination
  • Policies for Internet security
  • Access control
  • Education, awareness and training
  • Security incident management
  • Asset management
  • Supplier management
  • Business continuity over the Internet
  • Privacy protection over the Internet
  • Vulnerability management
  • Network management
  • Protection against malware
  • Change management
  • Identification of applicable legislation and compliance requirements
  • Use of cryptography
  • Application security for Internet-facing applications
  • Endpoint device management

Incident management, Monitoring and Continuous Improvement

  • Business Continuity
  • Cybersecurity Incident Management
  • Testing in Cybersecurity
  • Performance Measurement
  • Cybersecurity Incident Response and Recovery
  • Continual Improvement

Training Methodologies

  • Case Study
  • Individual Exercises
  • Role Play
  • Group Exercises
  • Group Presentation
  • Examination