This course is well suited to professionals with varied disciplines and positions. Application and Business Security stakeholders, such as cybersecurity architects, engineers, designers, planners, operators and managers as well as professionals project management, sales, finance and compliance, attend CSOS®. This course gives you a holistic view of the cyber security landscape, ongoing threats and the effective approach to keeping the entire enterprise safe and running beyond the network perimeter, third party risk, compliance to industry and regulatory requirements and having in place an effective incident response mechanism, to deal with the ever present cyber threats. The CSOS® provides a strong operational support to operationalizing the latest trends and best practices that support the Application Security and the security of the Application Ecosystem (AE)® and addressing the typical cybersecurity operation.


Become CSOS® Certified


Who should take this course?


Cyber Security Professionals including but not limited to, Security Analyst, Security Engineer, Security Architect, Security Administrator, Security Software Developer, Cryptographer, Cryptanalyst, Security Consultant and also Application Developers, Finance Professionals, Data Center Designers/Engineers, Data Center Planners, Project Managers, Legal & Compliance Professionals, College Students & Graduates and Business Continuity Experts.


What you study?


You will learn how to focus on and actively protecting the organization from cybersecurity threats and managing the risk to support the successful accomplishment of the organization’s mission by having a depth of understanding of: Cybersecurity Governance, Risk Management, Physical IT-Related Asset management: Acquisition, Development & Maintenance, Vulnerability Identification and Management: Treating Cybersecurity Risks, Cybersecurity Incident and Crisis Management, Business Continuity Management, Organizational Structure, Human Factors and Culture, Cybersecurity Competencies and the CISO, Human Resources Cybersecurity, Application Security, Cybersecurity Considerations for the 7-Layers of the Application Ecosystem, Controls Management, Change Management, Application Ecosystem Management: Cybersecurity Day-to-Day Operations, Access Control, External Context & Supply Chain, Maintaining Situational Awareness: Monitoring & Reviewing Key Risk Indicators (KRI) and Security Service Level Agreements


Learning Outcomes


Learn systems approach to planning for cyber attacks, Learn how to situate Cybersecurity in tandem with the organization’s operational resilience policies and objectives, Learn how to maintain Cybersecurity infrastructure, Learn about the Application Ecosystem’s Cybersecurity and how to actively keep the Application secured, Understand cyber security policies and procedures, Learn effective cybersecurity operation, Learn day-to-day cyber security operational management, Cyber Security human resource management, Learn how to form and manage 3rd party dependencies, Learn how to manage cybersecurity assets, Learn how to understand Cybersecurity environments and the correct response, Learn about Cybersecurity Incident and how to respond to an incident


CSOS® Syllabus


Day 1Cyber Security Operations Specialist (CSOS)®️

Cybersecurity Overview
  • Cybersecurity Complexity
  • Malware & Types of Attacks
  • Governance Objectives
  • Governance for Cybersecurity
  • Effective Cybersecurity Programme Governance
  • Cybersecurity Governance: Effective Versus Ineffective
  • Cybersecurity Governance Activities
  • Cybersecurity Organizational Structure
Risk Management
  • Cybersecurity Risk oversight of the Board
  • Cybersecurity Risk management Principles
  • Cybersecurity Risk Policies & Procedures
  • Cybersecurity Risk Strategic Performance Management
  • Cybersecurity Standards & Frameworks
  • Cybersecurity Risks: Identify, Analyze and Evaluate
  • How to treat Cybersecurity Risk
  • Using Process Capabilities to Treat Cybersecurity Risks
  • Using Insurance and Finance to Treat Cybersecurity Risks
Physical IT-Related Asset management: Acquisition, Development & Maintenance
  • Build, Buy or Update: Embedding Cybersecurity Requirements and Establishing Best Practices
    • Governance & Planning
    • Development & Implementation
    • End of Useful Life and Disposal
  • Specific Considerations
    • Commercial Off-the-Shelf Applications
    • Cloud/SaaS Applications
    • Physical Security
      • Commit To a Plan
      • Physical Security Risk Landscape View and the Impact on Cybersecurity
      • Manage/Review the Cybersecurity Organization
      • Design/Review Integrated Security Measures
      • Data Center Scenario Reworked
      • Understanding Objectives for Security Measures
      • Understanding Controls for the Data Center Scenario
      • Calculate/Review Exposure to Adversarial Attacks
      • Simulating the Path of an Adversary
      • Calculate the Probability of Interrupting & Disrupting the Adversary
      • Optimize Return on Security Investment
Vulnerability Identification and Management: Treating Cybersecurity Risks
  • Introduction
  • Cybersecurity Risk Treatment in Line with Organization’s Risk profile
  • Determine Cybersecurity Risk Profile
  • Cybersecurity Risk Treatment
    • Focus on the Crown Jewels
    • The Weakest Link: Humans
    • Preventive Measures Along Side Detective Measures
    • Ability of the Organization to Respond Must Remain the Focus
    • Cooperation Remains Essential
  • Alignment of Cybersecurity Risk Treatment
  • Cybersecurity Risk Treatment Practice
    • Business-As-Usual: Integrated into Enterprise Risk Management
    • Business-As-Usual: Integrated with the Regular Three Lines of Defense Applies for Model
    • Business-As -Usual: Managing Risk with Predefined Risk Appetite
    • Business-As-Usual: Using the Embedded Risk Management Processes
    • Business-As-usual: Treatment of Cybersecurity Risks
Threat Identification & Handling Management: Identify, Analyze & Evaluate
  • The Risk Landscape
  • The People Factor
  • Assessing & Managing Risk: A structured Approach
  • Cybersecurity Culture
  • Regulatory Compliance
  • Maturity Compliance
  • Protection Prioritised

Day 2Cyber Security Operations Specialist (CSOS)®️

Cybersecurity Incident and Crisis Management
  • Cybersecurity Incident Management
  • When to declare a Cybersecurity Event an Incident
  • How to qualify the two categories of Incident Sources
  • How to follow the Incident Management Policy and Processes
  • Incident Handling
    • Types of Incident
    • Incident handling Process Planning
    • Collect and Protect Incident Information
    • Identification
    • System and Network Logging Functions
  • Integrating Incident Reporting into Enterprise Risk Management (ERM)
  • Cybersecurity Crisis Management
    • From Incident Management to Crisis Management
    • Operating Principles of Crisis Management
    • Operationalising Cybersecurity Crisis Unit and its Structure
    • Tools & Techniques for Managing Cybersecurity Crisis
    • Cybersecurity Crisis Management Next steps
Integrating Cybersecurity & Business Continuity Management
  • What is Business Continuity
  • ISO 22301 Overview
  • BCM Lifecycle
  • Understand/Analyze the organization and Integrate with Cybersecurity
  • Determine BCM Strategy & Integrate with Cybersecurity
  • Developing and Implementing BCM Responses, Integrate with Cybersecurity
  • Exercising/Validating BCM and integrate with Cybersecurity
  • BCM Policy & Programme Management
  • Embedding BCM in the organizational culture
Organizational Structure
  • Cybersecurity and The Internal Organizational Structure
  • Standards & Guidance Approaches
  • Cybersecurity within the Enterprise
  • Adapting Cybersecurity to address Enterprise Exposures
  • Designing own Cybersecurity Risk Function Operating Model
  • The Enterprise Function Roles most involved in Cybersecurity across the Enterprise
  • Aligning Cybersecurity within the Enterprise Functions
  • Governance & Risk Oversight Functions for Cybersecurity
  • Cybersecurity and Executive Management Functions
  • Cybersecurity Draws Support from Other Enterprise Management Functions
Human Factors and Culture
  • Organizations as Social Systems
  • Cybersecurity More Than a Technology Problem
  • Organizational Culture
  • Cybersecurity and Human Factors
  • Insider Threats
  • Social Engineering Threats
  • Training
  • Frameworks and Standards
    • ISO 27001: 2013
    • Business Model Information Security (BMIS)
  • MSIT Framework
    • Human Factors & Technology Trends
    • Measuring Human Behaviours for Cybersecurity
    • Cybersecurity Due to Human Errors Can Be Reduced
The Application Ecosystem

Day 3Cyber Security Operations Specialist (CSOS)®️

Application Security
  • Application Development Security
    • Application Based Attacks
    • Web Based Attacks
  • Standardization of Application Security Features
    • Techniques to Enforce Application Security
    • Secure Code Design
    • Code Reviews
    • Secure Configuration
    • Testing for Loopholes
    • Constant Patching
  • Practical Cybersecurity Mitigants
    • Endpoint Security
    • Ransomware
    • Ransomware Mitigation
    • Spyware and Adware
    • Spyware and Adware Mitigation
    • Trojan Horses
    • Trojan Horses Mitigation
    • Viruses
    • Viruses Mitigation
Cybersecurity Considerations for the 7-Layers of the Application Ecosystem
  • Application Layer
  • Platform Layer
  • Compute Layer
  • Information Technology Layer
  • Site Facility Infrastructure Layer
  • Site
  • Topology
Application Ecosystem Management: Cybersecurity Day-to-Day Operations
  • Controls Management
  • Security Controls
  • Asset Management
  • Change Management
  • The Importance of Managing Change
  • When should Changes be Made?
  • What are the Impact Changes bring?
  • The safeguard Effect of Internal Control in Change Management
  • Organizational Change Management
Access Control
  • Access Control & A New Perspective
  • Organizations requirements for Access Control
  • User Access Management
  • User Registration and Deregistration
  • Access Provisioning for Users
  • Privileged Access Rights Management
  • Users Secret Authentication Information Management
  • User Access Under Review
  • User Rights: Removal & Adjustments
  • Responsibility of Users
  • Application & System Access Control
  • Access Restriction to Information
  • Procedures for Secure-Logins
  • Password Management System
  • Privileged Utility Programs Usage
  • Program Source Code & Controlled Access
External Context & Supply Chain
  • Overview
  • Supply Chain Support Strategy
  • Planning How to Create Supply Relationships
  • How to Identify Competent External Suppliers
  • Relationship Management
Maintaining Situational Awareness
  • Overview
  • Situational Awareness Plan
  • Situational Awareness Process
Cybersecurity Service Level Agreement
  • Overview
  • Purpose
  • Attributes
  • General Parts of SLA
  • SLA Service Performance
  • SLA Constraints & Service Management
  • SLAs Dos & Don’ts

IDCA Course Modules

IDCA offers a wide range of educational professional training programs geared specifically to the Cyber Security: