This course targets Professionals who are engaged with operational aspects of live and running applications and the application ecosystems. From incident management planning to identity and access management, secure live applications, keeping out cyber attackers, to capacity planning, enhancement and upgrade management, risk mitigation and migration, HR roles and responsibilities, vendor and contract management of security service level agreements (SSLAs) are all covered and effectively outlined in the program. The CSOM® produces distinguished cybersecurity operational managers, architects, service providers and mentors and enables them to have leading roles in Cybersecurity Operations.
Become CSOM® Certified
Who should take this course?
Cyber Security Professionals including but not limited to, Security Analyst, Security Engineer, Security Architect, Security Administrator, Security Software Developer, Cryptographer, Cryptanalyst, Security Consultant and also Application Developers, Finance Professionals, Data Center Designers/Engineers, Data Center Planners, Project Managers, Legal & Compliance Professionals, College Students & Graduates and Business Continuity Experts.
What you study?
The COSM® course focuses on best practices to be applied, approaches and methodologies to enhance the long-run objectives as well as the daily cybersecurity operations.
Learning Outcomes
This course teaches how to streamline processes, increase efficiency and productivity whilst maintaining highly Cybersecure Application Ecosystem. The core concepts are based on demonstrated principles, which are optimized from lessons learned from Cybersecurity front-runners.
CSOM® Syllabus
Day 1Cyber Security Infrastructe Specialist (CSIS) ®
- Introduction And Overview
-
The outset of Cybersecurity
Governance
Risk Integration
Legislative Requirement
Security Requirement
Internal Threats
External Threats
Physical Security Threats
Cybercrime: Leading Business Risk Globally
Major Cyber Breaches
Cybersecurity Complexity
Infinity Paradigm
Definition of Cybersecurity
Cybersecurity Principles
- Cybersecurity Principles
-
The Layers
The Four Principles
Principle 1 & its key Activities
Principle 2 & its key Activities
Principle 3 & its key Activities
Principle 4 & its key Activities
- Cybersecurity Dimensions: Attack & Defense
-
Cybersecurity Attack
Security Threat to Networks
Two types of Attacks
Stages of an Attack
Cybersecurity Defense
Layered Security & Configuration of Perimeter
Firewall
Intrusion Detection & Penetration System
- Cybersecurity Risk & Consequences
-
Consequences of Attack
Maturity
Culture Shift
Appetite
Advice
Putting a Price on Risk
Day 2Cyber Security Infrastructe Specialist (CSIS)®
- Cybersecurity Trends
-
Understanding the threat landscape
Common Threat Agents and Vulnerabilities
Zero-Day Vulnerabilities
Attributes of Cyber Attack
Understanding the attributes of an Attack
Malware & Types of attack
Obfuscation and Mutations in Malware
- Network Access Control & Wireless Network Security
-
An Overview of Network Access Control (NAC)
NAC Policies
The Network Access Control/Network Access Protection (NAC/NAP) Client/Agent
The Enforcement Points
Enforcement Point Action
Authentication and Authorization
NIST & Cybersecurity
ISO 27001 For Information Security
- Weaknesses of Existing Cybersecurity Standards
-
Available standards
Weaknesses of existing standards
Why IDCA is critical to filling the gaps
- Cybersecurity in Cloud
-
Types of Cloud Assets
Compute Assets
Storage Assets
Network Assets
Asset Management Pipeline
Procurement Leaks
Processing Leaks
Finding Leaks
Protecting data in the cloud
Tokenization
Encryption
- Cybersecurity for IoT and Edge/or 5G Computing
-
IoT Security Challenges & Landscape
Why IoT Security devices are targeted
Edge Motivation
Edge Definition
Evolution of IT Computing Models
Advantages of Edge Computing
Edge Layered Stack
OWASP (Open Web Application Security Project) Top 10 Internet of Things
Day 3Cyber Security Operations Specialist (CSOS)®️
- Cybersecurity Overview
-
Cybersecurity Complexity
Malware & Types of Attacks
- Governance
-
Governance Objectives
Governance for Cybersecurity
Effective Cybersecurity Programme Governance
Cybersecurity Governance: Effective Versus Ineffective
Cybersecurity Governance Activities
Cybersecurity Organizational Structure
- Risk Management
-
Cybersecurity Risk oversight of the Board
Cybersecurity Risk management Principles
Cybersecurity Risk Policies & Procedures
Cybersecurity Risk Strategic Performance Management
Cybersecurity Standards & Frameworks
Cybersecurity Risks: Identify, Analyze and Evaluate
How to treat Cybersecurity Risk
Using Process Capabilities to Treat Cybersecurity Risks
Using Insurance and Finance to Treat Cybersecurity Risks
- Physical IT-Related Asset management: Acquisition, Development & Maintenance
-
Build, Buy or Update: Embedding Cybersecurity Requirements and Establishing Best Practices
Governance & Panning
Development & Implementation
End of Useful Life and Disposal
Specific Considerations
Commercial Off-the-Shelf Applications
Cloud/SaaS Applications
Physical Security
Commit To a Plan
Physical Security Risk Landscape View and the Impact on Cybersecurity
Manage/Review the Cybersecurity Organization
Design/Review Integrated Security Measures
Data Center Scenario Reworked
Understanding Objectives for Security Measures
Understanding Controls for the Data Center Scenario
Calculate/Review Exposure to Adversarial Attacks
Simulating the Path of an Adversary
Calculate the Probability of Interrupting & Disrupting the Adversary
Optimize Return on Security Investment
- Vulnerability Identification and Management: Treating Cybersecurity Risks
-
Introduction
Cybersecurity Risk Treatment in Line with Organization’s Risk profile
Determine Cybersecurity Risk Profile
Cybersecurity Risk Treatment
Focus on the Crown Jewels
The Weakest Link: Humans
Preventive Measures Along Side Detective Measures
Ability of the Organization to Respond Must Remain the Focus
Cooperation Remains Essential
Alignment of Cybersecurity Risk Treatment
Cybersecurity Risk Treatment Practice
Business-As-Usual: Integrated into Enterprise Risk Management
Business-As-Usual: Integrated with the Regular Three Lines of Defense Applies for Model
Business-As -Usual: Managing Risk with Predefined Risk Appetite
Business-As-Usual: Using the Embedded Risk Management Processes
Business-As-usual: Treatment of Cybersecurity Risks
- Threat Identification & Handling Management: Identify, Analyze & Evaluate
-
The Risk Landscape
The People Factor
Assessing & Managing Risk: A structured Approach
Cybersecurity Culture
Regulatory Compliance
Maturity Compliance
Protection Prioritised
Day 4Cyber Security Operations Specialist (CSOS)®️
- Cybersecurity Incident and Crisis Management
-
Cybersecurity Incident Management
When to declare a Cybersecurity Event an Incident
How to qualify the two categories of Incident Sources
How to follow the Incident Management Policy and Processes
Incident Handling
Types of Incident
Incident handling Process Planning
Collect and Protect Incident Information
Identification
System and Network Logging Functions
Integrating Incident Reporting into Enterprise Risk Management (ERM)
Cybersecurity Crisis Management
From Incident Management to Crisis Management
Operating Principles of Crisis Management
Operationalising Cybersecurity Crisis Unit and its Structure
Tools & Techniques for Managing Cybersecurity Crisis
Cybersecurity Crisis Management Next steps
- Integrating Cybersecurity & Business Continuity Management
-
What is Business Continuity
ISO 22301 Overview
BCM Lifecycle
Understand/Analyze the organization and Integrate with Cybersecurity
Determine BCM Strategy & Integrate with Cybersecurity
Developing and Implementing BCM Responses, Integrate with Cybersecurity
Exercising/Validating BCM and integrate with Cybersecurity
BCM Policy & Programme Management
Embedding BCM in the organizational culture
- Organizational Structure
-
Cybersecurity and The Internal Organizational Structure
Standards & Guidance Approaches
Cybersecurity within the Enterprise
Adapting Cybersecurity to address Enterprise Exposures
Designing own Cybersecurity Risk Function Operating Model
The Enterprise Function Roles most involved in Cybersecurity across the Enterprise
Aligning Cybersecurity within the Enterprise Functions
Governance & Risk Oversight Functions for Cybersecurity
Cybersecurity and Executive Management Functions
Cybersecurity Draws Support from Other Enterprise Management Functions
- Human Factors and Culture
-
Organizations as Social Systems
Cybersecurity More Than a Technology Problem
Organizational Culture
Cybersecurity and Human Factors
Insider Threats
Social Engineering Threats
Training
Frameworks and Standards
ISO 27001: 2013
Business Model Information Security (BMIS)
MSIT Framework
Human Factors & Technology Trends
Measuring Human Behaviours for Cybersecurity
Cybersecurity Due to Human Errors Can Be Reduced
Day 5Cyber Security Operations Specialist (CSOS)®️
- Application Security
-
Application Development Security
Application Based Attacks
Web Based Attacks
Standardization of Application Security Features
Techniques to Enforce Application Security
Secure Code Design
Code Reviews
Secure Configuration
Testing for Loopholes
Constant Patching
Practical Cybersecurity Mitigants
Endpoint Security
Ransomware
Ransomware Mitigation
Spyware and Adware
Spyware and Adware Mitigation
Trojan Horses
Trojan Horses Mitigation
Viruses
Viruses Mitigation
- Cybersecurity Considerations for the 7-Layers of the Application Ecosystem
-
Application Layer
Platform Layer
Compute Layer
Information Technology Layer
Site Facility Infrastructure Layer
Site
Topology
- Application Ecosystem Management: Cybersecurity Day-to-Day Operations
-
Controls Management
Security Controls
Asset Management
Change Management
The Importance of Managing Change
When should Changes be Made?
What are the Impact Changes bring?
The safeguard Effect of Internal Control in Change Management
Organizational Change Management
- Access Control
-
Access Control & A New Perspective
Organizations requirements for Access Control
User Access Management
User Registration and Deregistration
Access Provisioning for Users
Privileged Access Rights Management
Users Secret Authentication Information Management
User Access Under Review
User Rights: Removal & Adjustments
Responsibility of Users
Application & System Access Control
Access Restriction to Information
Procedures for Secure-Logins
Password Management System
Privileged Utility Programs Usage
Program Source Code & Controlled Access
IDCA Course Modules
IDCA offers a wide range of educational professional training programs geared specifically to the Cyber Security:
- CSIS® Cyber Security Infrastructure Specialist®
- CSES® Cyber Security Engineering Specialist®
- CSOS® Cyber Security Operations Specialist®
- CSTP® Cyber Security Technology Professional®
- CSOM® Cyber Security Operations Manager®
- CSIE® Cyber Security Infrastructure Expert®
- CSE® Cyber Security Expert®
- CSM® Cyber Security Manager®
- CSA® Cyber Security Authority®
Cyber Security Infrastructure Specialist®
2-Day Certification Course
This course is fundamental for professionals with varied disciplines and positions. Application and Business Security stakeholders, cybersecurity architects, engineers, designers, planners, operators and managers as well as professionals project management, sales, finance and compliance, attend CSIS® to enrich their knowledge beyond the industry buzzwords. The CSIS® course provides end-to-end coverage of the cybersecurity concepts, fundamentals, components, infrastructure, standards, disciplines, latest trends and best practices to support the integrity and security of the Application Ecosystem (AE)®.




Cyber Security Engineering Specialist®
3-Day Certification Course
This course is well suited to professionals with varied disciplines and positions. Application and Business Security stakeholders, such as cybersecurity architects, engineers, designers, planners, operators and managers as well as professional roles such as project management, sales, finance and compliance, attend CSES®. This course provides a comprehensive understanding of cybersecurity architecture, cryptography and secure communications and the overall design as well a good understanding of web and mobile and the role of cybersecurity. How to leverage engineering in cybersecurity to address the risks associated with the application and data is adequately addressed. It covers the security consideration for the Application Ecosystem




Cyber Security Operations Specialist®
3-Day Certification Course
This course is well suited to professionals with varied disciplines and positions. Application and Business Security stakeholders, such as cybersecurity architects, engineers, designers, planners, operators and managers as well as professionals project management, sales, finance and compliance, attend CSOS®. This course gives you a holistic view of the cyber security landscape, ongoing threats and the effective approach to keeping the entire enterprise safe and running beyond the network perimeter, third party risk, compliance to industry and regulatory requirements and having in place an effective incident response mechanism, to deal with the ever present cyber threats. The CSOS® provides a strong operational support to operationalizing the latest trends and best practices that support the Application Security and the security of the Application Ecosystem (AE)® and addressing the typical cybersecurity operation.




Cyber Security Technology Professional®
3-Day Certification Course
This course is designed for Cybersecurity Operation Managers® and Cybersecurity Infrastructure Experts® who are in charge of planning cybersecurity technology roadmaps. The CSTP® course unwraps the true essence of technologies in and around the application and the application ecosystem. The new trends, recommendations, and the cybersecurity components that possess the finest design and selection criteria most suitable to protect the application and its ecosystem, save costs, increase efficiency, lower risks, and offer sustainable and optimum features. Various technologies from each category are showcased and compared with the available alternatives, legacy systems and other technology routes that differ based on the solution design and strategic planning of every application ecosystem.




Cyber Security Operations Manager®
5-Day Certification Course
This course targets Professionals who are engaged with operational aspects of live and running applications and the application ecosystems. From incident management planning to identity and access management, secure live applications, keeping out cyber attackers, to capacity planning, enhancement and upgrade management, risk mitigation and migration, HR roles and responsibilities, vendor and contract management of security service level agreements (SSLAs) are all covered and effectively outlined in the program. The CSOM® produces distinguished cybersecurity operational managers, architects, service providers and mentors and enables them to have leading roles in Cybersecurity Operations.




Cyber Security Infrastructure Expert®
5-Day Certification Course
This course is well suited to professionals with varied disciplines and positions. Application and Business Security stakeholders, such as cybersecurity architects, engineers, designers, planners, operators and managers as well as professionals project management, sales, finance and compliance, attend CSES®. This course provides a comprehensive understanding of cybersecurity architecture, cryptography and secure communications, the overall design as well a good understanding of 5G network and the role of cybersecurity. How to leverage engineering in cybersecurity to address risk associated with the application and data is adequately addressed. It covers the security consideration for the Application Ecosystem and its 7 layers - adequately securing the application.




Cyber Security Expert®
8-Day Certification Course
This course is designed for Cybersecurity Engineering Experts® who desire to possess the right skill sets for architecting, engineering, designing and planning cybersecurity solutions across industries. It covers the engineering concepts, challenges, capacities, plans and strategies as well as how cybersecurity applies to application technology aspects and deciding factors in determining and implementing best engineering course of action principles. The CSE® certification strengthens the engineering strategy, design, solution selection and awareness of future technologies, leading to effective engineering of cybersecurity solution by enhancing and preparing professionals for process advancements.




Cyber Security Manager®
8-Day Certification Course
This course is well suited to Managers in charge of Cybersecurity, Risk Management and IT Operations. It covers the management concepts, challenges, capacities, plans and strategies as well as technology aspects and deciding factors in determining and implementing best management principles. The CSM® certification strengthens the operational awareness of future technologies, leading to effective management of cybersecurity by enhancing and preparing professionals for process advancements.



