Training Attitude

>>>

training catalogue

2005

01

overview “Security is a process not a product, so it’s everyone’s responsibility” TRAINING ATTITUDE has been created to train individuals, executives, managers and IT professionals to help them secure their applications and protect organisations’ sensitive data from lost, theft or any malicious programs. Our mission: educate and prevent, share experiences and bring our expertise to our clients and partners to face security problems. But above all, make the courses affordable, comprehensive and effective. At TRAINING ATTITUDE, we think that training the individual is the key factor of success for any kind of business, not only in IT security. TRAINING ATTITUDE partners with OutdoorInAsia (OIA) to provide OIA Learning ™ training courses dedicated to executives, middle management and higher management.

TRAINING ATTITUDE - COURSE CATALOGUE

02

about us Who we are ? Our executive team is composed of security professionals, internationally recognised security experts and training specialists. Our training team is comprised of security professionals and trainers who have delivered training to large corporations in Asia such as ‌ The methodology used by our trainers is a hands-on approach. It includes a combination of presentations, case studies and above all, sharing of experiences. Our methodology is founded on the BS 7799 international code of practice, which forms the basis of ISO 17799, the fundamentals of which a very large part is education and training.

TRAINING ATTITUDE - COURSE CATALOGUE

TRAINING ATTITUDE - COURSE CATALOGUE

OutdoorInAsia OutdoorInAsia Group is a Singapore-based travel and training company specializing in tailor-made packages for corporations and groups in Asia. Outdoorinasia Pte Ltd was founded in 2000 and received the award of France Singapore Best Entrepreneur in 2004. As a pioneer of this industry, OutdoorInAsia sets up the standards of quality and services of outdoor tourism in Singapore and is recognized as a reputable partner within the tourism industry. In 2002, Outdoorinasia was composed of various entities : - OIA Corporate : Teambuilding and training for corporates - PaddleInAsia : A specialist of kayaking for corporates - GuidesInAsia : A school of professional outdoor guides - OIA Travel : a Travel Agent for small groups specializing in Adventure Travel - OutdoorCine Pty : Based in Australia, edits and produces database of outdoor images

>> 02

Mentored by Virgin Group, Outdoorinasia is now as an established bred and raised local label that combines expertise, experience, enthusiasm, creativity with impec-

OIA Learning™ Training Objectives : cable logistics. -

Develop trust and communication. Time management and negotiation skills. Teamwork and communication.

about us

TRAINING ATTITUDE - COURSE CATALOGUE

03

program Security experts are unanimous: security is 20% a technical problem and 80% a human one. Organisations are spending too much on products and solutions and not enough on technical support, education and prevention. Nothing else apart from education can help companies and individuals protect their data and confidential information.

>>

Thus, practical security is really a question of management and administration more than one of technical skill. Consequently, security must be a priority of any firm’s management. Attitude is everything !

TRAINING ATTITUDE ™ Courses :

-

Information Security Awareness: Information Security for Management: Information Security for Human Ressources: First Response and Incident Response Plan: Penetration Testing:

1/2 day 1 day 1 day 2 days 1 day

-

Team-Bonding games: Actor’s studio creativity workshop: Contract for Change and Action Plan studio Experimental Learning Entrepreneur Attitude

1/2 day 1/2 day 1 day 1/2 day 1 day

TRAINING ATTITUDE - COURSE CATALOGUE

03

1/2 day

program

>Information Security Awareness<

>Information Security Awareness<

Introduction<< Computer Networks have become indispensable for conducting business in government, commercial and academic organizations. While computer networks have revolutionized the way the companies do business, the risks they introduce can be devastating to a business. Even the most sophisticated organizations and software are vulnerable to technological assault. Attacks on networks can lead to loss of money, time, products, reputation, sensitive information... Whether companies acknowledge it or not, their organisation’s networks and systems are vulnerable to both internal and external attack. Organisations cannot conduct business and build products without a strong Information Technology (IT) infrastructure. An infrastructure vulnerable to intruder attack cannot be robust. In addition, users have an organisational, ethical, and often legal responsibility to protect sensitive data or information. They must also preserve the reputation of their organizations and business partners. The human factor is a major determinant of the overall success of a company’s information security efforts. Employee’s information security awareness and knowhow is a critical factor in security.

Objectives : Overview of the risks factors. Sensitize audience to information security but especially explain WHY individuals need to be better informed. Sensitize management to infosec so as to prioritize their needs. Make personnel aware of the risks and threats they are facing but especially make them “responsible”.

TRAINING ATTITUDE - COURSE CATALOGUE

Contents : Historical, evolution. Security, a technical problem ? not that sure. Understand the stakes. Understand the threats, vulnerabilities and the risks. Different categories of risks. Damages. How to be protected and anticipate. Regulations .

>Information Security for Management<

03

1 day

program

>Information Security for Management<

Management<< The core aim of this course is to empower managers to effectively protect their organization against information security incidents. Such incidents may result in financial loss, negative publicity and potential lawsuits. We deliver effective training and education enabling executives to be better positioned to avoid information security incidents. Participants will gain skills about why and how to manage Information Security in their organization. They will learn how to implement Information Security as a manager and practice it as a user on a daily basis. By understanding the nature of threats and behavioural habits of malicious users, they will learn to mitigate these risks currently faced by their organization. They will be able to make investment decisions based on real knowledge and first hand experience in Information Security.

Objectives :

Contents :

Evolution of systems and management responsibilities.

Overview of the risks factors. Sensitize audience to information security but especially explain WHY individuals need to be better informed. Make personnel aware of the risks and threats they are facing but especially make them “responsible”. Overview of the management responsibilities and liabilities. Guidelines for information security policy.

Why do we need security? •The risks, the threats, contributing factors, damages. What type of security? •Information security basis, rules, behaviour, technical elements. How to stay alert? •Facing vulnerabilities and risks. •How to maintain a system safe. •Risk management, backups and solutions. •Keep employees informed and make them « responsible ».

TRAINING ATTITUDE - COURSE CATALOGUE

>First Response and Incident Response Plan<

03

program

2 days

>First Response and Incident Response Plan<

Introduction<< The purpose of this course is to explore the role of first responders, the incident response plan and the overall corporate position in the event of incident. Experts in the field of Investigation and computer forensics have been quoted, as saying there is not single correct way to handle an incident, however there are more than one way to do it incorrectly.

Objectives : This course will prepare you to create a comprehensive incident response policy and associated incident response plan. The course will highlight the importance of How and just as importantly When to escalate. Other topics covered are how to create a Computer Security Information Response Team (CSIRT), how to appropriately secure a crime scene and preserve evidence, and how / why testing of the incident response plan will lead towards successful prosecution.

Who Should Attend ? Computer Information Management positions and those directly associated with the management of computer information programs. This course is a non technical course focused on policy, execution and corporate directive . Contents :

FIRST RESPONSE AND RESPONSE PLANS · Introduction · Discovering an Attack · Importance of the Response plan · Following the plan · Post Attack actions FORENSICS & FIRST RESPONDERS · Overview · Following the plan to secure the scene ·The Response Plan revisited · The chain of custody · Securing the scene · Executing the review cycle · Course Summary ·Q&A

INTRODUCTION What is covered and what is not covered · Why plan and What to plan · How to create the CSIRT and Who should be on the CSIRT · What to secure and how to do it properly Correct vs. Incorrect: · No singular correct method, Many Incorrect methods Why Are Our Network Vulnerable and what can we do? Has there been an incident ? · Define the incident To respond or not? · Protect the asset and proceed with Business? To Prosecute or Not? · Peruse the attacker and prosecute in the courts? Return to production? · Disaster Recovery? Prevention in the future? · How to document the incident and protect against a similar incident in the future? What have we learnt? · Review the response outcomes · Review and update the Plan · Update the Policy

TRAINING ATTITUDE - COURSE CATALOGUE

03

program

1 day

>Penetration Testing

Introduction<< The number of intrusion incidents is increasing every year. Whether the motivation is financial gain, theft of proprietary data, political, destruction or simply trouble making, all organizations are exposed to a variety of intruder threats and attacks. The objective of an Intrusion Test is to investigate the system from the attacker’s perspective. The primary aim is to identify actual exposures and risk, and to suggest practical solutions. The results of the intrusion test are then used to Implement preventative measures.

>Penetration Testing<

Objectives :

This course is designed at transferring methodology, know-how and critical security skills by putting participants in a real environment where they will walk through an organization’s Information System, mimicking real hackers in the process of attacking the system. Participants will identify and exploit technical vulnerabilities in Windows and UNIX systems and will learn about human engineering. Participants will also learn how to find and implement solutions to exposures and risks.

Who Should Attend ?

The course will benefit security personnel , auditors, network and security consultants and site administrators who have basic networking and operating UNIX and Windows competencies.

Contents : Basic operating systems and network security principles Legal issues Typical hacking methodology Information gathering Target networks and hosts mapping Network mapping, Internet footprinting Specific web vulnerabilities Vulnerabilities exploitation: Bypassing router and firewall filtering… Human weakness: Social engineering Compromising a system Taking control of system Fixing vulnerabilities and weaknesses

TRAINING ATTITUDE - COURSE CATALOGUE