Course Category: Fundamentals

Cybersecurity Self-Assessments for Compliance and Maturity

Course Description

Cyber Toa’s Cybersecurity Self-assessment course is intended for those wishing to self-assess their organization’s ability to respond to a range of potential cybersecurity threats following establish methodologies. Self-assessment allows you to make informed decisions about your security spend rather than relying only on compliance requirements or vendor statements. This course covers several best practice cybersecurity self-assessment tools suitable for both small and large organisations. The course covers how these tools can be used to document or establish cybersecurity maturity or ability to achieve compliance (for example for financial organisations). The course also includes adapting these existing frameworks to match the needs of a specific organization with experienced professional guidance. This course includes a range of interactive scenarios, case studies, videos and activities using real life examples so learners can obtain hands-on experience with the principles that are taught.

Next Scheduled Date: 29th September 1-5pm Book here with ITP

Duration: ½ day

Delivery: Live Online Course, Instructor led, and Supervised Activities

Course Content

Module 1: General Cybersecurity Assessments

  • Content Areas
    • Asset Management
    • Vulnerability Management
    • Risk Management
    • Training
    • Governance Processes
    • Incident Management
  • Tools
    • Reporting on Access Control and Identity Management
    • Automating data gathering

Module 2: Self-Assessment Tools

  • Methodologies
    • OWASP SAMM
    • CRR
    • FMA Security Audit
    • NZCERT Critical Controls and the NZISM
    • ASD Essential Eight
    • Developing ‘Maturity’
  • Labs: Comparing results to compliance standards (such as ISO27001)

Target audience and course prerequisites

The Cyber Toa Cybersecurity Self-assessment, Compliance and Maturity course is aimed at professionals from organizations with existing technical teams. Previous networking and IT knowledge is helpful, but not required for this course.

It is recommended that you have the following knowledge and experience before starting this course:

  • Are aware of the general compliance requirements for your industry
  • Have experience with organization-specific IT infrastructure and practices.
  • Have an interest in developing an organization-wide self-assessment ability that extends beyond only technical staff

Course Outcomes

This course will teach you the fundamentals of use established frameworks to assess the cybersecurity maturity level(s) of an organization. It covers three distinct methodologies – one from the Open Source Web Security Project, one from the US Government and two from New Zealand Government. It also covers which aspects of these are or are not suitable for particular organisations – and how to use these to build evidence of cybersecurity maturity in an organisation. Study of the course can also help to build the prerequisites to study other cybersecurity courses, including the “Security Operations Centre on a Budget” course and the Cyber Toa Defensive Network Security Fundamentals course for students wishing to pursue more technical cybersecurity careers.

On course completion, you will be able to:

  • Use at least three different methodologies to evaluate the cybersecurity of an organisation
  • Understand the strengths and weaknesses of each approach, and make an informed decision as to which approach(es) would suit your organisation
  • Understand the core similarities between all assessment approaches
  • Critique existing cybersecurity tools or reporting based on their ability to provide information relevant to these self-assessment tools

Course Materials

The course consists of a study volume, containing indexed notes and review questions, a series of supervised practical lab exercises and a comprehensive glossary.

Cybersecurity Fundamentals

Course Description

Cybersecurity effects everyone in an organization. Cyber Toa’s Cybersecurity Fundamentals course is intended for those wishing to learn the core concepts and sources of information for cybersecurity. The course explains best-practice advice from NZCERT, the application security verification standard and the Australian Cybersecurity Centre to insulate organizations and individuals against cyber-threats. With a range of interactive scenarios, case studies, videos and activities using real life situations so students can reflect on their own behaviour and have the information necessary to make informed security choices.

Next Scheduled Date: 22nd September 1-5pm (Sign Up through ITP)

Delivery: Live Online Course, Instructor led, Supervised Activities

Duration: ½ days

Course Content

Module 1: Introduction to Cybersecurity

  • What is modern cybersecurity?
  • What are the ‘Essential Eight’?
  • Why do these practices protect again most common cybersecurity threats?

Module 2: Cybersecurity Testing and Checking

  • How does antivirus software work?
  • What are the limitations of antiviruses and firewalls?
  • What attacks do these afford protection against?

Module 3: OWASP Top 10 Web Vulnerabilities

  • What is OWASP?
  • How do most common web vulnerabilities work?
  • How to assess the risk posed by specific vulnerabilities?

Target Audience and Course Prerequisites

The Cyber Toa Cybersecurity Fundamentals course is aimed at any staff that require basic knowledge of cybersecurity controls and systems. This includes managers, technical staff and any staff associated with risk management. This course is non-technical, and does not require information technology knowledge, however technical IT staff will also gain useful insights from this course.

Course Outcomes

This course will teach you some core principles of cyber security that provide broad-spectrum resistance against a variety of common attacks.The course explains, in detail, the most highly-recommended ‘Essential Eight’ security practices as recommended by the Australian Cybersecurity Centre and NZCERT. It also covers a variety of common web vulnerabilities based on the OWASP Top 10. Study of the course can also help to build the prerequisites to study more advanced IT security courses, including the Cyber Toa Defensive Network Security course and the Cyber Toa Cyber Reconnaissance and Recovery course.

On course completion, you will be able to:

  • Explain the top 10 most common web exploits and evaluate the risk they present to your application and organization
  • Explain the ‘Essential Eight’ cybersecurity practices recommended by the Australian Cybersecurity Centre
  • Use some common tools for assessing both software and organizational cybersecurity
  • Understand the risk to business that cybersecurity vulnerabilities pose as compared to other common risks.

Course Materials

The course consists of a study volume, containing indexed notes and review questions, a series of supervised practical lab exercises and a glossary.

Cybersecurity Awareness

Course Description

Cyber Toa’s cybersecurity awareness course covers a range of basic cybersecurity ‘hygiene’ principles that you can use to easily secure your personal or organizational cybersecurity.

Our aim here is to give you some clear actions that almost anyone can follow and some background information about how they help protect you. This course is suitable for anyone who regularly uses any digital devices including phones, computers, tablets, wireless and more.

This course is broken into eight modules, each with a short video and slides that covers a core concept. The course is capped off with a quiz which will help you check your knowledge of what you have learned.

Modules

  1. Cyber-attacks in New Zealand
  2. Passwords, Password Mangers and Multi-factor Authentication
  3. Microsoft office, pdfs, images and Metadata
  4. Backups and Updates
  5. New Zealand cybersecurity laws and policies
  6. Good wifi and mobile device practices
  7. NZCERT (New Zealand Computer Emergency Response Team) Critical Controls

Introduction to the NZISM

Course Description

The New Zealand Information Security Manual (NZISM) is the New Zealand Government’s security compliance handbook. It contains volumes of valuable information security advice for a variety of organisations, however it is particularly relevant to NZ government agencies or organisations that provide services or contracts to NZ government agencies.

Cyber Toa’s Introduction to the NZISM provides a short overview of the structure and specific relevant sections of the NZISM itself. The course focuses on the sections of the NZISM that will be relevant to most organisations. This course includes a range of case studies and activities using real life examples so learners can gain information about how controls are applied or achieved in practice.

Next Scheduled Date: No Courses currently booked! Please check back soon or contact us to request this course.

Duration: ½ day

Delivery: Live Online Course, Instructor led, Supervised Activities,

Course Content

Module 1: NZISM structure

  • What does the NZISM provide?
  • Understanding classifications, rationale, and controls
  • System audits
  • NZISM content overview and controls

Module 2: Core NZISM compliance

  • Working off-site (including BYOD)
  • Media disposal
  • Gateway ad Network security
  • Cryptography

Module 3: NZISM FAQs

  • Cloud Computing
  • Email Security
  • Password Security
  • Mobile Device Security
  • Supply Chain

Target audience and course prerequisites

The Cyber Toa Introduction to the NZISM course is suitable for any IT professionals, project managers, managers or third-party service providers from organizations within the New Zealand government, organizations that supply services to NZ government or anyone seeking to comply with government cybersecurity requirements.

Previous information security and IT knowledge is helpful, but not required for this course. It is suggested (but not required) that attendees have:

  • experience with organization-specific IT infrastructure and practices.
  • an interest in developing a solid basic understanding of the structure, content and relevance of the NZISM and associated documentation.

Course Outcomes

This course will explain the fundamentals of the New Zealand Information Security Manual, including why it was written, who it is relevant and useful to and the structure of the document itself. Specifically, this course focuses on the compliance requirements of the NZISM – paying particular attention to the ‘MUST’ or ‘MUST NOT’ security controls, and those relevant to information classed from ‘UNCLASSIFIED’ through to ‘RESTRICTED’. This course also explains what all these terms mean, and how to determine which are appropriate for your data.

The course will also dedicate time to the specific content of some of the 489 controls required for this level of compliance but, in particular, will focus on the areas with the most controls (BYOD, Secure Disposal, and Gateway Security). The course will also spend dedicated time on aspects of the NZISM that are most often used (Incident reporting, mobile, email and password security and Cloud Computing)

On course completion, you will be able to:

  • Navigate and use the NZISM to obtain specific controls required for your organisation
  • Evaluate whether each control is required for your organization, and understand what may be required in order to comply with it
  • Provide an overview of what fundamentals are required for your organization to comply with the minimum requirements for the NZISM
  • Understand how the NZISM fits alongside other security documentation (such as the PSR, the NZCERT Critical Controls and the ASD Essential Eight)

Course Materials

The course consists of a live webinar with dedicated time for questions and answers taught by a cybersecurity specialist and All of Government Auditor. Attendees will also be provided with slides and reference materials relevant to the delivered content.

Cybersecurity Incident Response Playbooks

Course Description

Cybersecurity effects everyone in an organization. Cyber Toa’s Cybersecurity Incident Response Playbooks course is intended for those wishing to develop incident response playbook(s) for their organization to respond to a range of potential cybersecurity threats. This course covers best practice cyber-response playbooks following the NIST cyber-response frameworks. The course also includes adapting existing framework to match the needs of a specific organization with experience professional guidance. This course includes a range of interactive scenarios, case studies, videos and activities using real life examples so learners can obtain hands-on experience with the principles that are taught.

Scheduled Dates: 13th October 1-5pm Book here through ITP

Duration: ½ days

Delivery: Live Online Course, Instructor led, and Supervised Activities

Course Content

Module 1: Cybersecurity Responses

  • Responses
    • Appropriate Responses to Cybercrime
    • Response plans
    • Critiquing Cyber-response playbooks
  • Labs
    • Generating and Critiquing a cyber-response strategy
    • NIST compatible cyber-response playbooks

Module 2: Organizational Vulnerabilities

  • Software
    • Antiviruses, Firewalls
    • Vulnerability Assessments
    • What software do attackers target?
  • Common Cyber-attacks
    • Phishing
    • Malware
    • Internal Threats
  • Labs: Comparing Organisations to recommended Cybersecurity practices

Target audience and course prerequisites

The Cyber Toa Cybersecurity Incident Response Playbook course is aimed at IT professionals from organizations with existing network and infrastructure teams. Previous networking and IT knowledge is helpful, but not required for this course. Specifically, it is recommended that you have the following skills and knowledge before starting this course:

  • Are aware of general types of cyberattacks (phishing, malware etc)
  • Have experience with organization-specific IT
  • Have an interest in developing an organization-wide cyber-response strategy that extends beyond only technical staff infrastructure and practices

Course Outcomes

This course will teach you the fundamentals of crafting cybersecurity incident response plans for organisations. It explains common cybercrime and cyberattack scenarios for various industries both in New Zealand and abroad. The course also includes best-practice cyber-responses to specific cyberattacks such as phishing, spearphishing and malware infections. Study of the course can also help to build the prerequisites to study more advanced IT security courses, including the Cyber-Reconnaissance and Recovery Fundamentals course and the Cyber Toa Defensive Network Security Fundamentals course for students wishing to pursue more technical cybersecurity careers. On course completion, you will be able to:

  • Explain common cyberattacks for your industry.
  • Perform a basic assessment on an organization’s risk profile against specific cyberattacks
  • Produce an iterative cyber-response playbook for specific attack scenarios
  • Critique existing IT processes based on their resistance to cyber-threats

Course Materials

The course consists of a study volume, containing indexed notes and review questions, a series of supervised practical lab exercises and a comprehensive glossary.