Course Category: Up-Coming

Introduction to HISF

Dates coming soon

Duration: ½ day

Delivery: Live Online Course, Instructor led with supervised activities

Introduction

Cyber and information security is increasingly important for all organisations. Health organisations are prime targets for cyber attacks as they hold important, valuable personal information. Cyber Toa’s Introduction to the Health Information Security Framework (HISF) covers important information security standards set out by the Health Information Security Organisation (HISO), specifically HISO10029:2015 Health Information Security Framework. The course explains the areas that HISF covers, provides understanding as to how to understand the structure of HISF requirements, and explains some of the baseline procedures that can be easily implemented in order to bring your organization up to standard. We also discuss recent news stories from New Zealand and worldwide throughout the course as learning examples.

With a range of interactive scenarios, case studies, videos and activities using real life tools and solutions, this course will teach learners about making informed cybersecurity decisions for any NZ health organization.

Course Content

Module 1: What is HISF?

  • Who has to comply with HISF, and at what levels?
  • What areas does HISF cover?
  • Why does my organisation need to comply and what are the risks of non-compliance?

Module 2: Understanding HISF Requirements

  • How is HSIF laid out?
  • Understanding specific HISF requirements
  • Other standards related to HISF (including privacy standards)
  • Who is responsible for meeting these requirements?

Module 3: Quick Tips for HISF Compliance

  • Understanding of some ‘baseline’ requirements
  • Some quick wins across multiple standards
  • Navigating the balance between compliance and security

Target Audience and Course Prerequisites

Cyber Toa’s Intro to HISF is aimed at management, administrators, technical staff or anyone who has responsibility for security or IT within New Zealand health organisations. It is helpful to understand the HISF level that the organisation you are involved in sits at (baseline, intermediate or advanced), however this is not required.

Specifically, it is recommended that you have the following skills and knowledge before starting this course:

  • Have experience with organization-specific IT infrastructure and practices

Course Outcomes

This course will explain the fundamentals of the Health Information Security Framework requirements, why it is important and which section are most relevant is relevant for your organisation. Specifically, this course focuses on the ‘baseline’ requirements that all health organisations are required to comply with.

On course completion, you will be able to:

  • Determine what requirements are relevant to your organization
  • Understand who is responsible for requirements
  • Understand how HISF fits in with other security documentation such as the NZISM and the NZ Privacy Act and other standards such as ISO27001 and NIST CSF.
  • Evaluate if there are other requirements which your organization could or should implement.

Privacy Assessment Course

Scheduled Dates: 1st October 1-5pm

Duration: ½ day

Delivery: Live Online Course, Instructor led, and Supervised Activities

Introduction

In the digital world privacy of staff and customers is becoming a key concern for many organisations. However, assessing the risk and impact of privacy breaches on a particular system or organization can be a minefield as it touches on many different aspects of an organisation. Cyber Toa have developed a short course designed to bring attendees up to speed with basics tools, resources and expectation for privacy in New Zealand – specifically around the creation and use of Privacy Impact assessments templates by the Office of the Privacy Commissioner.

This course, delivered by Cyber Toa’s Privacy Auditors, covers what we look for and highlight as part of our Privacy impact Assessments. We cover common pitfalls and errors we have seen in many organisations and give practical, actionable advice to enable the protection of Privacy without compromising security or functionality of a system. With a range of interactive scenarios, case studies, videos and activities using real life situations, learners can reflect on their own behaviour and learn to make informed security and privacy choices.

Course Content

Module One: Introduction to New Zealand Privacy in IT

  • Privacy Impact Assessment contents and Basics
  • The 12 privacy principles
  • Resources and threats
  • Privacy risks

Module Two: Organisational Privacy

  • Easy privacy solutions
  • Common privacy pitfalls
  • GCDO
  • Privacy Commission expectations

Module Three: Technical Privacy

  • What is metadata
  • How to identify application or storage flaws
  • How to assess and manage privacy risk
  • Privacy and cloud risk assessments

Target Audience and Course Prerequisites

The Cyber Toa Privacy Assessment course is aimed at anyone with Privacy responsibilities associated with IT systems. No prior knowledge is expected or required for this course

Course Outcomes

This course will teach the core twelve privacy principles outlined and used by the Office of the New Zealand Privacy Commissioner. The course explains, in detail, the process followed to perform a privacy audit and what to expect as part of a privacy impact assessment. It also covers a variety of technical and process tools that can improve an organisation’s privacy posture, and reduce their privacy risk.

On course completion, you will be able to:

  • Explain the most common privacy issues that many organisations and systems face
  • Understand the steps and content of a privacy impact assessment
  • Use some common tools for assessing both technical and organizational privacy
  • Understand the risk to business that privacy vulnerabilities pose as compared to other business risks.

Cybersecurity Self-Assessments for Compliance and Maturity

Course Description

Cyber Toa’s Cybersecurity Self-assessment course is intended for those wishing to self-assess their organization’s ability to respond to a range of potential cybersecurity threats following establish methodologies. Self-assessment allows you to make informed decisions about your security spend rather than relying only on compliance requirements or vendor statements. This course covers several best practice cybersecurity self-assessment tools suitable for both small and large organisations. The course covers how these tools can be used to document or establish cybersecurity maturity or ability to achieve compliance (for example for financial organisations). The course also includes adapting these existing frameworks to match the needs of a specific organization with experienced professional guidance. This course includes a range of interactive scenarios, case studies, videos and activities using real life examples so learners can obtain hands-on experience with the principles that are taught.

Next Scheduled Date: 29th September 1-5pm Book here with ITP

Duration: ½ day

Delivery: Live Online Course, Instructor led, and Supervised Activities

Course Content

Module 1: General Cybersecurity Assessments

  • Content Areas
    • Asset Management
    • Vulnerability Management
    • Risk Management
    • Training
    • Governance Processes
    • Incident Management
  • Tools
    • Reporting on Access Control and Identity Management
    • Automating data gathering

Module 2: Self-Assessment Tools

  • Methodologies
    • OWASP SAMM
    • CRR
    • FMA Security Audit
    • NZCERT Critical Controls and the NZISM
    • ASD Essential Eight
    • Developing ‘Maturity’
  • Labs: Comparing results to compliance standards (such as ISO27001)

Target audience and course prerequisites

The Cyber Toa Cybersecurity Self-assessment, Compliance and Maturity course is aimed at professionals from organizations with existing technical teams. Previous networking and IT knowledge is helpful, but not required for this course.

It is recommended that you have the following knowledge and experience before starting this course:

  • Are aware of the general compliance requirements for your industry
  • Have experience with organization-specific IT infrastructure and practices.
  • Have an interest in developing an organization-wide self-assessment ability that extends beyond only technical staff

Course Outcomes

This course will teach you the fundamentals of use established frameworks to assess the cybersecurity maturity level(s) of an organization. It covers three distinct methodologies – one from the Open Source Web Security Project, one from the US Government and two from New Zealand Government. It also covers which aspects of these are or are not suitable for particular organisations – and how to use these to build evidence of cybersecurity maturity in an organisation. Study of the course can also help to build the prerequisites to study other cybersecurity courses, including the “Security Operations Centre on a Budget” course and the Cyber Toa Defensive Network Security Fundamentals course for students wishing to pursue more technical cybersecurity careers.

On course completion, you will be able to:

  • Use at least three different methodologies to evaluate the cybersecurity of an organisation
  • Understand the strengths and weaknesses of each approach, and make an informed decision as to which approach(es) would suit your organisation
  • Understand the core similarities between all assessment approaches
  • Critique existing cybersecurity tools or reporting based on their ability to provide information relevant to these self-assessment tools

Course Materials

The course consists of a study volume, containing indexed notes and review questions, a series of supervised practical lab exercises and a comprehensive glossary.

Cybersecurity for Managers and Executives

Course Description

Cyber security effects everyone in an organization. Cyber Toa’s Cyber Security for Managers and Executives is intended for those who are wanting to learn core concepts, processes and practices in order to better manage their technical teams or organization. The course explains common terminology that may be used, fundamentals of cyber security, pre-existing cyber security processes, and an overview of how to put those processes into practice. With a range of interactive scenarios, case studies, videos and activities using real life tools and solutions, this course will teach learners about making informed cyber security decisions for what’s best for their team or organization.

Scheduled Dates: No course scheduled for June or July. Please contact us if you would like to organise to attend this course

Duration: ½ day

Delivery: Live online course, Instructor led, and supervised activities

Course Content

Module 1: Fundamentals and Terminology

  • NZCERT Guidelines
  • Web security and architecture
  • Firewalls
  • Cloud security

Module 2: Cyber Security Process

  • Relevant standards and audit tools (including NZISM, ISO27001, GDPR, RSR, PIA, HISO, NIST, and OWASP)
  • Evaluating risks posed by third parties
  • Supply chain attacks
  • Certifications and what they mean (including CISSP, SSCP, OSCP, CIPP/E, GSEC, and CISM)
  • Security documentation (which covers incident response playbooks, responsibilities, security policies and risk management processes)
  • Phishing and awareness training

Module 3: Cyber Security in Practice

  • Advisories for cyber security alerts
  • Secure development, dev ops
  • Cyber security self-assessment
  • Future-proofing and seeing through “sales speak”

Target Audience and Course Prerequisites

The Cyber Toa Cyber Security for Managers and Executives is aimed at management level positions such as application manager, project managers, information officers, production leads and risk officers.

Specifically, it is recommended that you have the following skills and knowledge before starting this course:

  • Know basic computer networking terminology (such as servers, routers etc).

Course Outcomes

This course will teach the core principles of cyber security that provide broad-spectrum resistance against a variety of common attacks, and tools that you will need to manage a technical team or organisation.

On course completion, you will be able to:

  • Identify the core cyber security concerns in a modern organization
  • Create and evaluate best organizational security practice
  • Understand cyber security jargon in order to manage a technical team or organisation
  • Use tools to identify and manage cyber security risk
  • Have a good understanding of non-technical cyber security solutions

Course Materials

The course consists of a study volume, containing indexed notes, and a comprehensive glossary.

Hands-On Web Application Testing

Course Description

Cyber security effects everyone in an organization. Cyber Toa’s Hands-On Web Application Testing course is intended for those wishing to learn the fundamentals of testing websites, APIs and web-apps against commonly-exploited vulnerabilities, following OWASP methodology. With a range of interactive scenarios, case studies, videos and activities using real life situations so students can reflect on their own behaviour and make informed security choices.

Next Scheduled Date: 6th October 9am-5pm (Proudly presented through ITP)

Duration: 1 day

Delivery: Live Online Course, Instructor led, Supervised Activities, and Practical labs

Target audience and course prerequisites

The Cyber Toa Hands-On Web Application Testing course is aimed at IT professionals with (or seeking) job roles such as IT security analysts, software developers, software testers, application managers or web developers.

Specifically, it is recommended that you have the following skills and knowledge before starting this course:

  • Know basic network terminology and functions (such as OSI Model, Topology etc).
  • Know the fundamentals of modern web technologies (such as HTML5, CSS, SQL etc).
  • Understand the basics of server-client interactions.

Course Outcomes

This course will teach you the fundamental principles of assessing web systems for commonly-exploited vulnerabilities. The course explains, in detail, the most common web vulnerabilities as reported in the 2017 OWASP (Open Web Application Security Project) Top 10 vulnerabilities report. It also covers a variety of manual and automated web vulnerability testing tools – such as ZAP (Zed Attack Proxy) and Arachni. Study of the course can also help to build the prerequisites to study more advanced IT security courses.

On course completion, you will be able to:

  • Explain the top 10 most common web exploits and evaluate the risk they present to your application and organization.
  • Use ZAP, Arachni and other testing tools to assess the security of an existing web.
  • Use the OWASP Application Security Verification Standard (ASVSv3) and the Security Knowledge Framework (SKF) to manually assess the security of a web application.
  • Create a prioritized list of remediation recommendations based on the results of a web vulnerability assessment.
  • Use the WebGoat learning resource to understand an application with known vulnerabilities.
  • Understand the comparative risk to business that web vulnerabilities pose as compared to other common cybersecurity risks.

Course Materials

The course consists of a study volume, containing indexed notes and review questions, a series of supervised practical lab exercises and a comprehensive glossary.

Pathway to Zero Trust with ESDN

Course Description

Internationally, many organisations are attempting to future-proof their IT infrastructure by embracing non-traditional network and organizational structures such as Zero Trust Networks. Unfortunately, many Zero-Trust approaches require organization to migrate their entire organization at once – creating significant business disruption and incurring significant costs and, as a result many organizations delay or even decide to stick with their existing flat network structures.

Cyber Toa’s ‘Pathway to Zero Trust’ course introduces what Zero-Trust networks are and how they aid in securing an organization whilst still enabling IT flexibility. We discuss some problematic Zero Trust solutions (such as BeyondCorp), and then present an alternative: Enterprise Software Defined Networks (ESDN). The course focuses on how ESDN on even a small section of an enterprise network can be used to comply with more than half of the NZCERT Critical Controls, for a fraction of the cost of replacing a traditional firewall appliance. We also discuss how ESDN can be used to administer complex networks easily, allowing for both an internal and an external security operations centre (SOC), whilst providing real-time information on all traffic and devices on the SDN network. The ESDN solution we present (Faucet , Poseidon and OpenFlow) is highly scalable and extensible, and allows for the adoption of various Zero Trust policies incrementally.

This course includes a range of interactive scenarios, case studies, videos and activities using real life examples so learners can obtain experience with the principles and technologies that are taught.

Scheduled Dates: 19th October 1-5pm

Duration: ½ day

Delivery: Live Online Course, Instructor led, and Supervised Activities

Course Content

Module 1: Zero Trust

  • Zero Trust Networks
    • What are Zero Trust networks
    • How do organisations achieve and administer Zero Trust?
    • What is Software Defined Networking?
    • What are the NZCERT Critical Controls?

Module 2: ESDN

  • EDN
    • Openflow, Faucet and Switches
    • Network structures
    • Network monitoring and visibility
    • Poseidon
    • ESDN for BYOD/IOT management

Module 3: Using ESDN for Zero Trust

  • ESDN for Security
    • Deny by Default
    • Data Loss Prevention
    • Network Segregation
    • Layer 2 security features
    • Network visibility
    • NZISM compliance with ESDN

Target audience and course prerequisites

The Cyber Toa ‘Pathway to Zero Trust with ESDN’ course is aimed at professionals from organizations with existing technical teams. Previous networking and IT knowledge is useful for this course, however this course is also suitable for a non-technical audience.

Specifically, it is helpful if you have the following knowledge and experience before starting this course:

  • Are familiar with the basics of networking and client-server interactions.
  • Are familiar with one or all of docker, GitHub, python and Linux.

Course Outcomes

This course will teach you the fundamentals of using an enterprise software defined networking solution. Specifically, the course discusses several use cases of ESDN, the most obvious being protecting a legacy or high-value asset. It focuses on ‘core’ technologies necessary for an ESDN or Zero Trust network including: monitoring, visualization, logging, authorization and authentication. Study of the course can also help to build the prerequisites to study other cybersecurity courses, including the “Security Operations Centre on a Budget” course and the Cyber Toa Defensive Network Security Fundamentals course for students wishing to pursue more technical cybersecurity careers.

On course completion, you will be able to:

  • Discuss various different approaches to migrating networks to Zero Trust
  • Understand what is necessary to use ESDN in an organisation
  • Understand the security and compliance implications of using ESDN
  • Understand what are realistic expectations for information generated from a network that you own, control or administer.

Course Materials

The course consists of a study volume, containing indexed notes and review questions, a series of supervised practical lab exercises and a comprehensive glossary.

Cybersecurity Fundamentals

Course Description

Cybersecurity effects everyone in an organization. Cyber Toa’s Cybersecurity Fundamentals course is intended for those wishing to learn the core concepts and sources of information for cybersecurity. The course explains best-practice advice from NZCERT, the application security verification standard and the Australian Cybersecurity Centre to insulate organizations and individuals against cyber-threats. With a range of interactive scenarios, case studies, videos and activities using real life situations so students can reflect on their own behaviour and have the information necessary to make informed security choices.

Next Scheduled Date: 22nd September 1-5pm (Sign Up through ITP)

Delivery: Live Online Course, Instructor led, Supervised Activities

Duration: ½ days

Course Content

Module 1: Introduction to Cybersecurity

  • What is modern cybersecurity?
  • What are the ‘Essential Eight’?
  • Why do these practices protect again most common cybersecurity threats?

Module 2: Cybersecurity Testing and Checking

  • How does antivirus software work?
  • What are the limitations of antiviruses and firewalls?
  • What attacks do these afford protection against?

Module 3: OWASP Top 10 Web Vulnerabilities

  • What is OWASP?
  • How do most common web vulnerabilities work?
  • How to assess the risk posed by specific vulnerabilities?

Target Audience and Course Prerequisites

The Cyber Toa Cybersecurity Fundamentals course is aimed at any staff that require basic knowledge of cybersecurity controls and systems. This includes managers, technical staff and any staff associated with risk management. This course is non-technical, and does not require information technology knowledge, however technical IT staff will also gain useful insights from this course.

Course Outcomes

This course will teach you some core principles of cyber security that provide broad-spectrum resistance against a variety of common attacks.The course explains, in detail, the most highly-recommended ‘Essential Eight’ security practices as recommended by the Australian Cybersecurity Centre and NZCERT. It also covers a variety of common web vulnerabilities based on the OWASP Top 10. Study of the course can also help to build the prerequisites to study more advanced IT security courses, including the Cyber Toa Defensive Network Security course and the Cyber Toa Cyber Reconnaissance and Recovery course.

On course completion, you will be able to:

  • Explain the top 10 most common web exploits and evaluate the risk they present to your application and organization
  • Explain the ‘Essential Eight’ cybersecurity practices recommended by the Australian Cybersecurity Centre
  • Use some common tools for assessing both software and organizational cybersecurity
  • Understand the risk to business that cybersecurity vulnerabilities pose as compared to other common risks.

Course Materials

The course consists of a study volume, containing indexed notes and review questions, a series of supervised practical lab exercises and a glossary.

Introduction to the NZISM

Course Description

The New Zealand Information Security Manual (NZISM) is the New Zealand Government’s security compliance handbook. It contains volumes of valuable information security advice for a variety of organisations, however it is particularly relevant to NZ government agencies or organisations that provide services or contracts to NZ government agencies.

Cyber Toa’s Introduction to the NZISM provides a short overview of the structure and specific relevant sections of the NZISM itself. The course focuses on the sections of the NZISM that will be relevant to most organisations. This course includes a range of case studies and activities using real life examples so learners can gain information about how controls are applied or achieved in practice.

Next Scheduled Date: No Courses currently booked! Please check back soon or contact us to request this course.

Duration: ½ day

Delivery: Live Online Course, Instructor led, Supervised Activities,

Course Content

Module 1: NZISM structure

  • What does the NZISM provide?
  • Understanding classifications, rationale, and controls
  • System audits
  • NZISM content overview and controls

Module 2: Core NZISM compliance

  • Working off-site (including BYOD)
  • Media disposal
  • Gateway ad Network security
  • Cryptography

Module 3: NZISM FAQs

  • Cloud Computing
  • Email Security
  • Password Security
  • Mobile Device Security
  • Supply Chain

Target audience and course prerequisites

The Cyber Toa Introduction to the NZISM course is suitable for any IT professionals, project managers, managers or third-party service providers from organizations within the New Zealand government, organizations that supply services to NZ government or anyone seeking to comply with government cybersecurity requirements.

Previous information security and IT knowledge is helpful, but not required for this course. It is suggested (but not required) that attendees have:

  • experience with organization-specific IT infrastructure and practices.
  • an interest in developing a solid basic understanding of the structure, content and relevance of the NZISM and associated documentation.

Course Outcomes

This course will explain the fundamentals of the New Zealand Information Security Manual, including why it was written, who it is relevant and useful to and the structure of the document itself. Specifically, this course focuses on the compliance requirements of the NZISM – paying particular attention to the ‘MUST’ or ‘MUST NOT’ security controls, and those relevant to information classed from ‘UNCLASSIFIED’ through to ‘RESTRICTED’. This course also explains what all these terms mean, and how to determine which are appropriate for your data.

The course will also dedicate time to the specific content of some of the 489 controls required for this level of compliance but, in particular, will focus on the areas with the most controls (BYOD, Secure Disposal, and Gateway Security). The course will also spend dedicated time on aspects of the NZISM that are most often used (Incident reporting, mobile, email and password security and Cloud Computing)

On course completion, you will be able to:

  • Navigate and use the NZISM to obtain specific controls required for your organisation
  • Evaluate whether each control is required for your organization, and understand what may be required in order to comply with it
  • Provide an overview of what fundamentals are required for your organization to comply with the minimum requirements for the NZISM
  • Understand how the NZISM fits alongside other security documentation (such as the PSR, the NZCERT Critical Controls and the ASD Essential Eight)

Course Materials

The course consists of a live webinar with dedicated time for questions and answers taught by a cybersecurity specialist and All of Government Auditor. Attendees will also be provided with slides and reference materials relevant to the delivered content.

Cybersecurity Incident Response Playbooks

Course Description

Cybersecurity effects everyone in an organization. Cyber Toa’s Cybersecurity Incident Response Playbooks course is intended for those wishing to develop incident response playbook(s) for their organization to respond to a range of potential cybersecurity threats. This course covers best practice cyber-response playbooks following the NIST cyber-response frameworks. The course also includes adapting existing framework to match the needs of a specific organization with experience professional guidance. This course includes a range of interactive scenarios, case studies, videos and activities using real life examples so learners can obtain hands-on experience with the principles that are taught.

Scheduled Dates: 13th October 1-5pm Book here through ITP

Duration: ½ days

Delivery: Live Online Course, Instructor led, and Supervised Activities

Course Content

Module 1: Cybersecurity Responses

  • Responses
    • Appropriate Responses to Cybercrime
    • Response plans
    • Critiquing Cyber-response playbooks
  • Labs
    • Generating and Critiquing a cyber-response strategy
    • NIST compatible cyber-response playbooks

Module 2: Organizational Vulnerabilities

  • Software
    • Antiviruses, Firewalls
    • Vulnerability Assessments
    • What software do attackers target?
  • Common Cyber-attacks
    • Phishing
    • Malware
    • Internal Threats
  • Labs: Comparing Organisations to recommended Cybersecurity practices

Target audience and course prerequisites

The Cyber Toa Cybersecurity Incident Response Playbook course is aimed at IT professionals from organizations with existing network and infrastructure teams. Previous networking and IT knowledge is helpful, but not required for this course. Specifically, it is recommended that you have the following skills and knowledge before starting this course:

  • Are aware of general types of cyberattacks (phishing, malware etc)
  • Have experience with organization-specific IT
  • Have an interest in developing an organization-wide cyber-response strategy that extends beyond only technical staff infrastructure and practices

Course Outcomes

This course will teach you the fundamentals of crafting cybersecurity incident response plans for organisations. It explains common cybercrime and cyberattack scenarios for various industries both in New Zealand and abroad. The course also includes best-practice cyber-responses to specific cyberattacks such as phishing, spearphishing and malware infections. Study of the course can also help to build the prerequisites to study more advanced IT security courses, including the Cyber-Reconnaissance and Recovery Fundamentals course and the Cyber Toa Defensive Network Security Fundamentals course for students wishing to pursue more technical cybersecurity careers. On course completion, you will be able to:

  • Explain common cyberattacks for your industry.
  • Perform a basic assessment on an organization’s risk profile against specific cyberattacks
  • Produce an iterative cyber-response playbook for specific attack scenarios
  • Critique existing IT processes based on their resistance to cyber-threats

Course Materials

The course consists of a study volume, containing indexed notes and review questions, a series of supervised practical lab exercises and a comprehensive glossary.