SALTBUSH TRAINING COURSE DETAILS

Overview

Saltbush Training has partnered with Kenneth Van Wyk to develop a 5-day Web Application Security course aimed at addressing security issues associated with deploying web applications in today's complex networked environment. Students will receive a deep and thorough understanding of the most prevalent and dangerous security defects in today's applications and will learn practical and actionable guidelines on how to remediate against these common defects and how to test for them in their own applications.

Check out www.krvw.com/about/about.html to learn more about Kenneth Van Wyk.

Who Should Attend

• Designers of Internet systems and those responsible for deployment of Internet connected infrastructure.
• Developers responsible for the production of code.
• IT security practitioners and reviewers responsible for assessing the security of deployed systems.
• Fraud and security investigations staff seeking an understanding of common attack vectors.

Topics Covered

Click here to view a comprehensive description of the Web Application Security course and topics covered.

Click here to enrol

Back to Top

Overview

If you are new to ICT Security, or have a need to be informed about what ACSI 33 is and how it should be employed in your organisation, then this two day seminar is what you’ll need to get a foundation understanding of what is required by DSD.

Who Should Attend?

• IT Security Advisers and Managers that are either new to the position or who would like a refresher.
• Security Executives, System Managers, Security Administrators or in fact anyone with an interest in Government ICT security requirements.

Topics Covered

• Security Governance. Includes management structures, forums and frameworks.
• Security Policy. The over-arching policy, it’s purpose and basic content.
• Security Risk Management. The difference between Strategic and Operational Risk and the purpose of the Security Risk Management Plan in the secure management of systems.
• Incident Response Plan. The IRP defines establishes the way an organisation will detect and respond to security incidents. This baseline document allows System Managers to tap into and leverage the organisations systematic approach to reposnding to incidents.
• System Security Plans. The SSP defines the way administrative and technical controls are to be employed.
• Standard Operating Procedures. The SOP is a detailed work instruction - a “How to do it” document. We’ll look at who needs them and for what tasks.
• Accreditation and Certification. We’ll look at what this is and who is responsible for it.
• Change Management. The role of security in any change to an ICT system is explored.
• Security Awareness Training. A key tool that ensures the success of any security strategy.
• ICT Security Standards. We’ll touch on DSD’s requirements for Gateways, hardware selection, software security, access control, network security, cryptography and data transfer.

Click here to enrol

Back to Top

Overview

DSD update ACSI 33 every September and ITSEC Training Services runs a one day seminar on the Changes and Additions made in the new release. The seminar covers the changes and additions and the impact this has on compliance, certification and accreditation.

Who Should Attend?

• IT Security Advisers and Managers that have a sound understanding of ACSI 33 that need to know how the changes and updates will impact on their compliance programs.
• Security Executives, System Managers, Security Administrators or in fact anyone who needs to appreciate the changes and additions to ACSI 33.

Click here to enrol

Back to Top

Overview

DSD have amended the security documentation set to now include the Incident Response Plan (IRP). The Security Incident Management Course is designed to take attendees on the path to prepare an IRP for their Agency of Organisation. The course covers the definition of a security incident, what different types of incidents there are and how to detect them.

Once an incident is detected, the process of declaring and responding to a security incident is discussed and a response procedure will be workshopped by attendees. Additonally, students will look atthe Government reporting requirements as established by DSD.

Who Should Attend?

• IT Security Advisers and Managers that have a need to establish the impact of te Incident Response Plan on their organisations and how this will will impact on their compliance programs.
• Security Executives, System Managers, Security Administrators or in fact anyone who needs to appreciate the complexities of detecting and responding to security incidents.

Click here to enrol

Back to Top

Overview

This course has been designed specifically for State Government departments who have a need to adopt the PSM and ISM and have had little or no exposure to these documents or their requirements. It covers at a high level the concepts of Physical Security, Information Security, Personnel Security and ICT Security. This seminar is packed with valuable information that will help you on the path of compliance to these standards.

Who Should Attend?

• Security Managers that have aneed to know how Australian Government Security Standards might impact their operations.
• Security Executives, System Managers, Security Administrators or in fact anyone who needs to appreciate the implications of adopting the PSM and ISM will have on their functions.

Topics Covered

• Overview of the PSM and ACSI 33 landscape
• Overview of Security Classifications and the implications for marking, handling and storage
• Foundations of ASCI 33/ISM Security Policy – It’s purpose and content
• Fundamentals of Standard Operating Procedures (SOPs) – a “How to do it” instruction document, who needs it and what tasks are required
• ICT Security standard requirements – DSDs requirements for gateways, hardware selection, software security, access control, network security, cryptography and data transfer.

Click here to enrol

Back to Top

Overview

This specialist qualification is designed to meet the training needs of people responsible for, or who aspire to, the management of ICT security within their organisation, and comprehensively addresses the ACSI 33 and ISO/IEC 27001 standards.

Job Opportunities

Senior roles managing ICT Security

Who should Attend

• ICT Security Officers
• ICT Security Managers
• ICT Security Advisers

Entry Requirements

To be eligible to enter this course you will need to:

• be mature age (20 years or over)
• be an Australian citizen
• work for a Government department or agency or private sector equivalent
• have access to the specific work practices and procedures required to demonstrate competency in the units undertaken.

And at least one of the following:

• years in the ICT Industry e.g. 2 years experience as a system administrator/ICT auditor
• previous qualifications in ICT e.g. CISA, CISM, CISSP, I-RAP, MCSE, CCNA or Industry equivalent.

What's involved

• Face to face training sessions
• Milestone activities
• Work-based projects
• Assessment interview

Class Size

Minimum 8 participants
Maximum 20 participants

Units of Study

To gain this qualification you will need to complete all of the following units of study:

• Use advanced workplace communication strategies
• Information Security Management Systems
• ISMS Organisation
• Managing and Treating Risk
• ISMS Plans and Procedures
• ICT Security Compliance
• Protective Security
• Managing System Security
• Controlling Access
• Communication Security
• Network Security
• Quality in Security
• Business Continuity Management
• Gather and Analyse Information
• Make a Presentation

Click here to enrol

Back to Top

Overview

This course looks at the unique security problems faced by application developers writing code for today.s mobile platforms. In this course we take a close look at Apple.s iOS platform used by iPhones, iPads, and iPod Touch devices. The class presents a clear and practical view of the problems, how they can be attacked, as well as remediation steps against the various attacks. It is heavily hands.on driven to not just describe but demonstrate both the problems and the solutions available.

This course starts with a description of the security problems faced by today's software developer, as well as a detailed description of relevant the Open Web Application Security Project.s (OWASP) Top 10 of 2010 security defects. These defects are studied in instructor-­.lead sessions as well as in hands-on lab exercises in which each student learns how to actually exploit the defects to .break into. a real web application. (The labs are performed in safe test environments.)

Next, the class covers the security principles that apply to smart phones, as well as illustrates them through case studies and further hands-on exercises. The iOS platform architecture and application architecture are then covered in detail, with descriptions of security services at the network/platform layer as well as security services available within the applications themselves.

The class then looks at common security mechanisms found within applications, and discusses how to securely implement them in applications.

To bring this all together, the class then covers development activities that can be performed throughout the design, implementation, and testing of an application.

Who Should Attend?

• This course is intended for Apple iOS application developers with hands-­.on experience using Apple.s Xcode software development kit, as well as iOS application designers and architects.

Requirements

• Apple OS X Snow Leopard with current updates
• Apple Xcode software development kit for iOS
• Registration into Apple's iPhone development program stronly recomended
• Approximately 10 gigabytes of available disk space
• 2-4 gigabyte of RAM

Click here to enrol

Back to Top

Course Description

The explosive growth of today.s mobile devices has taken the enterprise environments by storm, and modern work forces are demanding to be allowed to make use of them in their work.

This class looks at the unique security problems faced by IT security teams in integrating Apple.s iPad (and other iOS devices) into existing enterprise environments.

The class starts by presenting a clear and practical view of the problems encountered, how they can be attacked, as well as how to conduct cursory reviews of apps for similar exposures. The lecture material is reinforced with hands-on exercises in which the students use various tools to look for and verify security exposures.

Next, the class delves into the security controls that are available for enterprise deployments of iPads, making use of Apple.s iOS Configuration Utility to build deployment profiles and install them onto student iPads. Each relevant security control is described and demonstrated (where applicable) in a lab environment.

The class also briefly looks at some of the controls that are available to application developers to build stronger mobile applications. (This portion of the class is delivered via instructor lead examples and demonstrations, and no prior programming experience is assumed.)

To bring this all together, the class then covers practical considerations for enabling iPad use in real world deployments, such as users making use of personally owned devices.

Intended Audience

• This course is intended for IT security staff and management who are responsible for deploying iPads in their work environments.

Requirements

Each student will need to provide a laptop computer for the hands-on lab exercises. Recommended minimum configurations include the following:

• Apple OS X Snow Leopard with current updates

- or -

• Microsoft Windows 7 (Preferred)
• Bootable CD/DVD drive for running some lab tools from CD
• Approximately 10 gigabytes of available disk space
• 2-4 gigabyte of RAM

Click here to enrol

Back to Top