Education OfferingTo enable our customers to stay informed, educated and aware about the various topics and latest evolutions in information risk management, the Ascure Academy offers a full program of training classes, workshops and seminars on different kinds of topics and using different approaches. The Ascure Academy has currently the following offering:
Customized education experiences: Awareness services:ISO 27001:2005 Lead Auditor CourseThe ISO/IEC 27001:2005 Lead Auditor training course recapitulates the essentials of an ISO/IEC 27001:2005 information security management system and how to establish, implement, operate, monitor, review, maintain and improve such a system. The main part of the course is dedicated to teach participants how to perform a formal audit of such a system. The course concludes with the accredited certification exam. The course is a combination of lectures, case studies, exercises alone or in a group, role play and written home work. It is based on ISO 19011:2002 (Guidelines for quality and/or environmental management systems auditing). The training is equally aligned with the generally accepted audit principles, the practices of internal audit of the Institute of Internal Auditors (IIA) as well as with the practices of the International Federation of Accountants (IFAC). Trainer: The trainer has an extensive experience in ICT and Information Security related disciplines both at the strategic, tactical and technical levels. In his current position as Senior Information Security Consultant, he focuses on Information Security Governance, Information Security Policy, Information Risk management and Business Continuity Planning. Besides his consulting activities, he manages the Ascure Information Security Governance Competence Centre. He obtained the CISSP certification (Certified Information Security Systems Professional issued by ISC²) and the CISA certification (Certified Information Systems Auditor issued by ISACA) as well as the CISM certification (Certified Information Systems Manager issued by ISACA). He also obtained an MBCI certificate (Member of the Business Continuity Institute), passed the BSI ISO/IEC 27001:2005 Lead Auditor exam and obtained the CIRM (Certificate of the institute of Risk Management, issued by IRM). Format: Open Classes/Custom Training/Awareness
Web Application/Services SecurityWeb Applications have become the point of entry to critical and confidential data, and have become the interface to internal resources, e-business and e-government platforms. Yet, we read time-and-time again that they remain a major source of comprise. Web Services are maybe not so visible, but there are more and more of them everyday. They are being set up both internally within organizations to facilitate internal communications and processes, and externally to facilitate the exchange of business-critical (e.g. financial) data. Most of these Web Services lack any solid security. This 2-day course will run through the important topics which should be looked at when involved in the secure design, development, quality assurance and implementation of any Web Application - or Web Services - Architecture. This is a practical and detailed course covering relevant subjects such as the involved risks, the exposed vulnerabilities and the possible countermeasures. These will be explained with demonstrations and you will participate in a hands-on training. Format: Open Classes/Custom Training/Awareness Hacking Inside-OutThe best way to start securing your infrastructure and information resources, is to understand how your security can be breached. When one understands how an attacker works, thinks and which tools he uses, it is a lot easier and more efficient to start to protect your infrastructure and information resources against possible attacks. The purpose of this course is to show network/system administrators and security personnel how they can secure their system/network, by informing them about how they can attack and hack into a network and infrastructure. By explaining what vulnerabilities can be exploited, demonstrating how it is done and what the outcome is, it is easier to see what the weaknesses are in a network/system and what countermeasures are needed (can be taken) to improve overall security. Format: Open Classes/Custom Training/Awareness IT Security FundamentalsInformation and IT security is broad and fast changing topic within today’s business environment. In order to give you a clear and full understanding of the topic, Ascure offers a complete course covering every aspect of information and IT security. The course offers a theoretical and practical look at risk and insecurity in today’s information age. It consists of several modules that deal with the full range of information and IT security issues. The course deals with information security organization, management, policies, security controls and security techniques, taking into account best practices and standards. Format: Open Classes/Custom Training Check out the schedule!Business Continuity Management (incl. DRP)Today, with an increasing reliance on technology to support the core business functions, comes a growing acceptance that simple ‘Disaster Recovery Plans’ for ICT services are now insufficient to maintain operational, even in a disaster modus. This 2 day course provides a proven framework and lifecycle for the construction, implementation, training and testing of a business continuity plan and looks at the issues surrounding the continuity of essentials business functions under all circumstances. Format: Open Classes/Custom Training/Awareness Check out the schedule!CISSP CBK Review SeminarThe Ascure CISSP CBK Review Seminar covers every aspect of information security and is the ideal preparation for taking the ISC² - CISSP exam. It gives you insight in every domain of information security, offering you a horizontal view on information security and making your information security knowledge a lot broader and more in-depth. This course provides a foundation of solid information security training mapped to the 10 security domains of the Common Body of Knowledge (CBK). The course provides specialized training on the art of attacking ambiguous, subjective, and very tricky exam questions. The course includes plenty of mentoring through practice exams and the course has critical points highlighted for you. Our trainers have been certified in one or more certifications as, CISSP, CISA, CISM, MBCI and other product specific certifications. For ISC² and ISACA members annual certification points can earned with following this course. Format: Open Classes/Custom Training Check out the schedule!Information Risk ManagementInformation risk management is a 2 day course on identifying and managing information risk. Information risk management is increasingly recognised to be a critical leadership skill and a key element in corporate information governance but few people in leadership roles had specific training in these skills. This course addresses the need for information risk management skills and providing a broad introduction to the subject of Information risk management. This 2 day course has been designed for use across all sectors, including private and commercial companies, charities and public institutions. It includes a broad range of case study, hands-on and group exercises. The course raises awareness of information risk management and explores the process, main tools and techniques available for the successful assessment and treatment of risk. Format: Open Classes/Custom Training/Awareness Information Security Governance (Laws, Regulations and Frameworks)Get trained by experts from the field on the Information Security Governance and the International Standard of Information Security “The most important standard for managing information security that has been developed – it establishes a truly international common language for information security for all organizations around the world to engage with each other to do business.” Our trainers have in the field experience. Information Security Governance is a broad and fast changing topic within today’s business environment. This 2 day course covers every aspect of information security governance and also offers a theoretical and practical look at the ISO17799 (27002). The course consists of several modules that deal with information security governance and the in the field implementation using a pragmatic approach. The course deals also with the ISO17799 (27002) framework, information security policy, information security organization, controls and security techniques for the implementation, looking at the strategical, tactical and operational level. And discusses every domain of the ISO 17799 (27002) in detail. Format: Open Classes/Custom Training/Awareness
Public Key Infrastructure UpdateAlthough PKI and related technologies have been around for a long time, there was a clear reluctance from the market to use them. Among others, the image of complexity/cost that hung around PKI (need for procedures, hyper-secure infrastructure, integration in applications, etc) fed this reluctance. But also and mainly, there were no real business needs for PKI and related technologies. At that time, the market was rather seeking (low-cost) simplification in business through a shift from paper to electronic world and where applicable (low-cost) solutions for security-enhancements (mainly in the field of strong authentication). However, a few years ago, there was no legal framework around dematerialisation. Now that laws on e-commerce, electronic signatures, ... exist, there are no barriers anymore for dematerialisation. And very rapidly, one can see that behind dematerialisation, PKI is becoming unavoidable… because dematerialisation relies on the functional features provided by PKI, i.e., e-signature, strong authentication, encryption. Also, evolution and certains regulations (like SOX) raised the bar with relation to security-enhancements and controls. Some controls are no longer enough. Certain shortcomings may lead to potential liabilities. Certain business-scenarios are even too risky if proper security is not embedded. So also here there is a growing need for he functional features provided by PKI, i.e., e-signature, strong authentication, encryption. At the same time, there is an emergence in the market of low(er)-cost reliable tools/solutions (and embedding of related functions in every-day ICT-solutions/platforms). Also, we see the advent of national electronic Identity (eID) cards in Europe which raises awareness and possibilities. This, joint to the fact that the need for dematerialisation is today becoming so high and the related potential ROI’s are so clear today, makes PKI boom today. Currently the most important questions do not related to whether or not it should be used but on how to correctly and cost-effectively implement and use it (i.e. with legal compliance, with the accurate level of security, with a certain level interoperability with third parties, on which buildings blocks to rely, within which budget, …) while benefiting from current implementations such as national eID’s. All these questions will be treated during the seminar and highlighted with recent use-cases. Format: Open Classes/Custom Training/Awareness Data Protection & Digital (Information) Rights ManagementToday, information is a very important asset of many companies and these companies need to keep their information confidential internally as well as externally. The last few months have given us many examples how confidential information got lost and was exposed to the outside world. Data confidentiality is not only a concern for companies and organisation towards the outside world, but also in the company itself. With the introduction of digital rights management (DRM) systems, companies can decide who can do what with which specific document or content. It is not only important to protect confidential data, but also to protect the hardware device where this data is stored on. People are becoming more mobile using laptops, mobile phones, PDA's and so on which means that the information becomes more mobile. As a company, you should make sure that the devices used by your employees are protected so that the data stored on it can never be recovered by an unauthorized person. Format: Open Classes/Custom Training/Awareness
Crisis ManagementDuring a crisis the world changes in chaos. The managed, secured, controlled and predictable environment changes into a unpredictable and threatening environment. The model of "day to day operations" and "business as usual" does not work anymore. Immediate actions are needed and there is no time for practicing. Just by proactively foreseeing in a crisis management structure and training your crisis management team in how to react during a crisis, makes that a crises can be managed in an efficient and effective way. This two day management course is needed for everyone that wants to get more insight and view on what crisis management can do for their organization or business, this course can be seen as an overview and practical guide on crisis management. Format: Open Classes/Custom Training/Awareness Identity & Access Management"Identity and Privilege Management" can be a true business enabler as well as an effective way to cut costs if it is correctly introduced in an organization. It can also help an organization to get control of whom has access to what (and as such provide critical assurance). Regrettably the market is full of noise with regard to Identity and Access Management and also the major topic / the key success factor being identity & privilege management is not well understood, so please come and join us for this seminar to demystify the subject and give management a clear understanding of the subject. Many things drive organisations to set up an Identity, Access and Privilege Management (IAM/PRM) environment (and should be reasons to attend):
Format: Open Classes/Custom Training/Awareness
Information Security InsightInformation Security is a broad subject that covers a lot of different aspects. Each of these information security aspects has an impact on your organization and its day to day business (model). How business is done can be highly influenced by information security.
Every topic will be discussed with a certain level detail, without falling into very technical details. The course focuses more on the "Why" and "What" of these topics and does not focus on the "How". An important aspect to this course is the "ROSI (Return on Security Investment)" that is also discussed for each topic. What is the value of information security to my business? This is the perfect course for a manager that needs to get more insight in information security and wants more control over his information security investments. Format: Open Classes/Custom Training/Awareness Check out the schedule!
Ascure Academy customized offeringAll education services can also be given privately at the customer or another location. These kind of private (closed) trainings, seminars and workshops are customizable according to the specific needs and requirements of our customers. The Ascure Academy can organize or assist in setting up specific education programs. Ascure always follows a highly pragmatic approach in designing the program and providing the training, assuring that the needs and characteristics of the customers are mapped to the approach and content of the education program. Depending on the topic Ascure can offer standard and customizable content that can be further adjusted during the design of the training, seminars or workshop. This can range from hour-events to events that cover multiple days. Ascure has also experience in not only providing the training content and the trainer (or speaker), but also in doing the logistics of the training, adding other team-building sessions or recreation sessions to the training program, etc. Check out the schedule!Ascure Awareness ServicesYou can implement every existing security control; it will not offer you the required security without a staff knowing what it is all about and how to respond to security incidents. Just writing a policy is not enough in today’s society. Your staff needs to be motivated to handle security. They need to know the risks, how to respond to incidents and what the consequences are of not responding. Becoming secure, being secure and staying secure depends on your staff. Making and keeping your staff “security aware” is one of the first steps towards good security practices, increased and continued security. Your employees are the eyes, nose, mouth and ears of security within your organization, use them properly. Therefore the Ascure Academy offers a full range of customizable information security awareness services addressing every need and specific characteristic of your organization and business. Following a highly customer-oriented and pragmatic approach, in designing and implementing specific information security awareness strategies, programs and initiatives. Check out the schedule! |
   |
