Course Description
Cyber Toa’s Cybersecurity Self-assessment course is intended for those wishing to self-assess their organization’s ability to respond to a range of potential cybersecurity threats following establish methodologies. Self-assessment allows you to make informed decisions about your security spend rather than relying only on compliance requirements or vendor statements. This course covers several best practice cybersecurity self-assessment tools suitable for both small and large organisations. The course covers how these tools can be used to document or establish cybersecurity maturity or ability to achieve compliance (for example for financial organisations). The course also includes adapting these existing frameworks to match the needs of a specific organization with experienced professional guidance. This course includes a range of interactive scenarios, case studies, videos and activities using real life examples so learners can obtain hands-on experience with the principles that are taught.
Next Scheduled Date: 29th September 1-5pm Book here with ITP
Duration: ½ day
Delivery: Live Online Course, Instructor led, and Supervised Activities
Course Content
Module 1: General Cybersecurity Assessments
- Content Areas
- Asset Management
- Vulnerability Management
- Risk Management
- Training
- Governance Processes
- Incident Management
- Tools
- Reporting on Access Control and Identity Management
- Automating data gathering
Module 2: Self-Assessment Tools
- Methodologies
- OWASP SAMM
- CRR
- FMA Security Audit
- NZCERT Critical Controls and the NZISM
- ASD Essential Eight
- Developing ‘Maturity’
- Labs: Comparing results to compliance standards (such as ISO27001)
Target audience and course prerequisites
The Cyber Toa Cybersecurity Self-assessment, Compliance and Maturity course is aimed at professionals from organizations with existing technical teams. Previous networking and IT knowledge is helpful, but not required for this course.
It is recommended that you have the following knowledge and experience before starting this course:
- Are aware of the general compliance requirements for your industry
- Have experience with organization-specific IT infrastructure and practices.
- Have an interest in developing an organization-wide self-assessment ability that extends beyond only technical staff
Course Outcomes
This course will teach you the fundamentals of use established frameworks to assess the cybersecurity maturity level(s) of an organization. It covers three distinct methodologies – one from the Open Source Web Security Project, one from the US Government and two from New Zealand Government. It also covers which aspects of these are or are not suitable for particular organisations – and how to use these to build evidence of cybersecurity maturity in an organisation. Study of the course can also help to build the prerequisites to study other cybersecurity courses, including the “Security Operations Centre on a Budget” course and the Cyber Toa Defensive Network Security Fundamentals course for students wishing to pursue more technical cybersecurity careers.
On course completion, you will be able to:
- Use at least three different methodologies to evaluate the cybersecurity of an organisation
- Understand the strengths and weaknesses of each approach, and make an informed decision as to which approach(es) would suit your organisation
- Understand the core similarities between all assessment approaches
- Critique existing cybersecurity tools or reporting based on their ability to provide information relevant to these self-assessment tools
Course Materials
The course consists of a study volume, containing indexed notes and review questions, a series of supervised practical lab exercises and a comprehensive glossary.