Introduction to HISF

Dates coming soon

Duration: ½ day

Delivery: Live Online Course, Instructor led with supervised activities

Introduction

Cyber and information security is increasingly important for all organisations. Health organisations are prime targets for cyber attacks as they hold important, valuable personal information. Cyber Toa’s Introduction to the Health Information Security Framework (HISF) covers important information security standards set out by the Health Information Security Organisation (HISO), specifically HISO10029:2015 Health Information Security Framework. The course explains the areas that HISF covers, provides understanding as to how to understand the structure of HISF requirements, and explains some of the baseline procedures that can be easily implemented in order to bring your organization up to standard. We also discuss recent news stories from New Zealand and worldwide throughout the course as learning examples.

With a range of interactive scenarios, case studies, videos and activities using real life tools and solutions, this course will teach learners about making informed cybersecurity decisions for any NZ health organization.

Course Content

Module 1: What is HISF?

  • Who has to comply with HISF, and at what levels?
  • What areas does HISF cover?
  • Why does my organisation need to comply and what are the risks of non-compliance?

Module 2: Understanding HISF Requirements

  • How is HSIF laid out?
  • Understanding specific HISF requirements
  • Other standards related to HISF (including privacy standards)
  • Who is responsible for meeting these requirements?

Module 3: Quick Tips for HISF Compliance

  • Understanding of some ‘baseline’ requirements
  • Some quick wins across multiple standards
  • Navigating the balance between compliance and security

Target Audience and Course Prerequisites

Cyber Toa’s Intro to HISF is aimed at management, administrators, technical staff or anyone who has responsibility for security or IT within New Zealand health organisations. It is helpful to understand the HISF level that the organisation you are involved in sits at (baseline, intermediate or advanced), however this is not required.

Specifically, it is recommended that you have the following skills and knowledge before starting this course:

  • Have experience with organization-specific IT infrastructure and practices

Course Outcomes

This course will explain the fundamentals of the Health Information Security Framework requirements, why it is important and which section are most relevant is relevant for your organisation. Specifically, this course focuses on the ‘baseline’ requirements that all health organisations are required to comply with.

On course completion, you will be able to:

  • Determine what requirements are relevant to your organization
  • Understand who is responsible for requirements
  • Understand how HISF fits in with other security documentation such as the NZISM and the NZ Privacy Act and other standards such as ISO27001 and NIST CSF.
  • Evaluate if there are other requirements which your organization could or should implement.

Cybersecurity Self-Assessments for Compliance and Maturity

Course Description

Cyber Toa’s Cybersecurity Self-assessment course is intended for those wishing to self-assess their organization’s ability to respond to a range of potential cybersecurity threats following establish methodologies. Self-assessment allows you to make informed decisions about your security spend rather than relying only on compliance requirements or vendor statements. This course covers several best practice cybersecurity self-assessment tools suitable for both small and large organisations. The course covers how these tools can be used to document or establish cybersecurity maturity or ability to achieve compliance (for example for financial organisations). The course also includes adapting these existing frameworks to match the needs of a specific organization with experienced professional guidance. This course includes a range of interactive scenarios, case studies, videos and activities using real life examples so learners can obtain hands-on experience with the principles that are taught.

Next Scheduled Date: 29th September 1-5pm Book here with ITP

Duration: ½ day

Delivery: Live Online Course, Instructor led, and Supervised Activities

Course Content

Module 1: General Cybersecurity Assessments

  • Content Areas
    • Asset Management
    • Vulnerability Management
    • Risk Management
    • Training
    • Governance Processes
    • Incident Management
  • Tools
    • Reporting on Access Control and Identity Management
    • Automating data gathering

Module 2: Self-Assessment Tools

  • Methodologies
    • OWASP SAMM
    • CRR
    • FMA Security Audit
    • NZCERT Critical Controls and the NZISM
    • ASD Essential Eight
    • Developing ‘Maturity’
  • Labs: Comparing results to compliance standards (such as ISO27001)

Target audience and course prerequisites

The Cyber Toa Cybersecurity Self-assessment, Compliance and Maturity course is aimed at professionals from organizations with existing technical teams. Previous networking and IT knowledge is helpful, but not required for this course.

It is recommended that you have the following knowledge and experience before starting this course:

  • Are aware of the general compliance requirements for your industry
  • Have experience with organization-specific IT infrastructure and practices.
  • Have an interest in developing an organization-wide self-assessment ability that extends beyond only technical staff

Course Outcomes

This course will teach you the fundamentals of use established frameworks to assess the cybersecurity maturity level(s) of an organization. It covers three distinct methodologies – one from the Open Source Web Security Project, one from the US Government and two from New Zealand Government. It also covers which aspects of these are or are not suitable for particular organisations – and how to use these to build evidence of cybersecurity maturity in an organisation. Study of the course can also help to build the prerequisites to study other cybersecurity courses, including the “Security Operations Centre on a Budget” course and the Cyber Toa Defensive Network Security Fundamentals course for students wishing to pursue more technical cybersecurity careers.

On course completion, you will be able to:

  • Use at least three different methodologies to evaluate the cybersecurity of an organisation
  • Understand the strengths and weaknesses of each approach, and make an informed decision as to which approach(es) would suit your organisation
  • Understand the core similarities between all assessment approaches
  • Critique existing cybersecurity tools or reporting based on their ability to provide information relevant to these self-assessment tools

Course Materials

The course consists of a study volume, containing indexed notes and review questions, a series of supervised practical lab exercises and a comprehensive glossary.

Introduction to the NZISM

Course Description

The New Zealand Information Security Manual (NZISM) is the New Zealand Government’s security compliance handbook. It contains volumes of valuable information security advice for a variety of organisations, however it is particularly relevant to NZ government agencies or organisations that provide services or contracts to NZ government agencies.

Cyber Toa’s Introduction to the NZISM provides a short overview of the structure and specific relevant sections of the NZISM itself. The course focuses on the sections of the NZISM that will be relevant to most organisations. This course includes a range of case studies and activities using real life examples so learners can gain information about how controls are applied or achieved in practice.

Next Scheduled Date: No Courses currently booked! Please check back soon or contact us to request this course.

Duration: ½ day

Delivery: Live Online Course, Instructor led, Supervised Activities,

Course Content

Module 1: NZISM structure

  • What does the NZISM provide?
  • Understanding classifications, rationale, and controls
  • System audits
  • NZISM content overview and controls

Module 2: Core NZISM compliance

  • Working off-site (including BYOD)
  • Media disposal
  • Gateway ad Network security
  • Cryptography

Module 3: NZISM FAQs

  • Cloud Computing
  • Email Security
  • Password Security
  • Mobile Device Security
  • Supply Chain

Target audience and course prerequisites

The Cyber Toa Introduction to the NZISM course is suitable for any IT professionals, project managers, managers or third-party service providers from organizations within the New Zealand government, organizations that supply services to NZ government or anyone seeking to comply with government cybersecurity requirements.

Previous information security and IT knowledge is helpful, but not required for this course. It is suggested (but not required) that attendees have:

  • experience with organization-specific IT infrastructure and practices.
  • an interest in developing a solid basic understanding of the structure, content and relevance of the NZISM and associated documentation.

Course Outcomes

This course will explain the fundamentals of the New Zealand Information Security Manual, including why it was written, who it is relevant and useful to and the structure of the document itself. Specifically, this course focuses on the compliance requirements of the NZISM – paying particular attention to the ‘MUST’ or ‘MUST NOT’ security controls, and those relevant to information classed from ‘UNCLASSIFIED’ through to ‘RESTRICTED’. This course also explains what all these terms mean, and how to determine which are appropriate for your data.

The course will also dedicate time to the specific content of some of the 489 controls required for this level of compliance but, in particular, will focus on the areas with the most controls (BYOD, Secure Disposal, and Gateway Security). The course will also spend dedicated time on aspects of the NZISM that are most often used (Incident reporting, mobile, email and password security and Cloud Computing)

On course completion, you will be able to:

  • Navigate and use the NZISM to obtain specific controls required for your organisation
  • Evaluate whether each control is required for your organization, and understand what may be required in order to comply with it
  • Provide an overview of what fundamentals are required for your organization to comply with the minimum requirements for the NZISM
  • Understand how the NZISM fits alongside other security documentation (such as the PSR, the NZCERT Critical Controls and the ASD Essential Eight)

Course Materials

The course consists of a live webinar with dedicated time for questions and answers taught by a cybersecurity specialist and All of Government Auditor. Attendees will also be provided with slides and reference materials relevant to the delivered content.

Cybersecurity Incident Response Playbooks

Course Description

Cybersecurity effects everyone in an organization. Cyber Toa’s Cybersecurity Incident Response Playbooks course is intended for those wishing to develop incident response playbook(s) for their organization to respond to a range of potential cybersecurity threats. This course covers best practice cyber-response playbooks following the NIST cyber-response frameworks. The course also includes adapting existing framework to match the needs of a specific organization with experience professional guidance. This course includes a range of interactive scenarios, case studies, videos and activities using real life examples so learners can obtain hands-on experience with the principles that are taught.

Scheduled Dates: 13th October 1-5pm Book here through ITP

Duration: ½ days

Delivery: Live Online Course, Instructor led, and Supervised Activities

Course Content

Module 1: Cybersecurity Responses

  • Responses
    • Appropriate Responses to Cybercrime
    • Response plans
    • Critiquing Cyber-response playbooks
  • Labs
    • Generating and Critiquing a cyber-response strategy
    • NIST compatible cyber-response playbooks

Module 2: Organizational Vulnerabilities

  • Software
    • Antiviruses, Firewalls
    • Vulnerability Assessments
    • What software do attackers target?
  • Common Cyber-attacks
    • Phishing
    • Malware
    • Internal Threats
  • Labs: Comparing Organisations to recommended Cybersecurity practices

Target audience and course prerequisites

The Cyber Toa Cybersecurity Incident Response Playbook course is aimed at IT professionals from organizations with existing network and infrastructure teams. Previous networking and IT knowledge is helpful, but not required for this course. Specifically, it is recommended that you have the following skills and knowledge before starting this course:

  • Are aware of general types of cyberattacks (phishing, malware etc)
  • Have experience with organization-specific IT
  • Have an interest in developing an organization-wide cyber-response strategy that extends beyond only technical staff infrastructure and practices

Course Outcomes

This course will teach you the fundamentals of crafting cybersecurity incident response plans for organisations. It explains common cybercrime and cyberattack scenarios for various industries both in New Zealand and abroad. The course also includes best-practice cyber-responses to specific cyberattacks such as phishing, spearphishing and malware infections. Study of the course can also help to build the prerequisites to study more advanced IT security courses, including the Cyber-Reconnaissance and Recovery Fundamentals course and the Cyber Toa Defensive Network Security Fundamentals course for students wishing to pursue more technical cybersecurity careers. On course completion, you will be able to:

  • Explain common cyberattacks for your industry.
  • Perform a basic assessment on an organization’s risk profile against specific cyberattacks
  • Produce an iterative cyber-response playbook for specific attack scenarios
  • Critique existing IT processes based on their resistance to cyber-threats

Course Materials

The course consists of a study volume, containing indexed notes and review questions, a series of supervised practical lab exercises and a comprehensive glossary.