Description:

The rapid adoption of cloud technology and virtualisation has transformed the nature of the digital ecosystem surrounding our organisations.  In order to provide the services expected of a modern enterprise, most organisations are now wrestling with the challenge of managing a much larger IT footprint where their customers, suppliers, users and attackers can be anywhere (both inside and outside of your network). At the same time, the pace of change continues to accelerate with previously unknown vulnerabilities in technology being identified and rapidly exploited by bad actors.

This course is designed for business analysts with some experience of delivering change and is intended to provide a general understanding of how attackers can exploit weaknesses in the infrastructure that we build to support the modern enterprise.  This knowledge will enable you to better understand the risks associated with change and enable you to write requirements that are designed to manage those risks back down to acceptable levels.  We will look at what controls are available, and what best practices can be followed to implement a secure ecosystem of devices and platforms to support our organisation’s future plans.

Objectives:

After the course you will be able to:

• Explain how attackers can exploit vulnerabilities in IT systems such as cloud services, internet of things (IoT) and operational technology (OT) using malware and other tools to launch an attack against your organisation.

• Describe the most common technical controls that can be employed to prevent or contain a cyberattack such as firewalls and software defined wide area networks (SD-WANs), intrusion detection/prevention systems, network microsegmentation and zero-trust network access solutions, malware scanners, endpoint security tools, security patching routines and more.

• Describe what the principles of zero-trust are and how the zero-trust maturity model can be applied to provide frictionless access to your assets for authorised parties, while also preventing unauthorised parties from moving between systems.

• Use widely available technical standards and security baselines to produce more effective acceptance criteria.

Structure:

This course is delivered as a 2 day course, or equivalent.

There are currently no spaces available on this course. If you are interested in booking a place on a future course, please let us know via the button below.