CISSP

The CISSP is known as the "Gold Standard Credential" of Information Security.

Show knowledge and experience to your customers, prove your competence and gain confidence and competitive advantages through a broad and deep set of knowledge!

The participants of this 5-day course will be prepared intensively and exam-oriented in German language by an (ISC)² authorized trainer for the exam "Certified Information Systems Security Professional" (CISSP). The seminar uses the official (ISC) ² CISSP training materials and teaches the full CISSP Common Body of Knowledge:

 
Security and Risk Management

  • Security Management

  • Compliance, Law and Regulation

  • Governance and Policies

  • Standards and Frameworks

  • Risk Management

  • Business Continuity Planning

  

Asset Security

  • Protection of Assets

  • Classification

  • Roles and Responsibilities

Security Architecture and Engineering

  • Security Models

  • Design and protective measures

  • Cryptography

  • Physical Security

Communication and Network Security

  • Topologies

  • Technologies

  • Protocols

  • Attacks

  • Countermeasures

Identity and Access Management (IAM)

  • Identity and Access Management

  • Access Control Models

  • Biometrics

Security Assessment and Testing

  • Planning and Conducting Security Tests

  • Vulnerability Assessments

  • Pentests

Security Operations

  • Secure Operations and Maintenance

  • Incident Response

  • Disaster Recovery Planning

Software Development Security

  • Development of Secure Software

  • Web Applications and Mobile Applications

  • Malware and Attacks

  • IoT and ICS

We are looking forward to welcome you in our class!

  

 

CCSP

 

The Cloud: Permanent new challenges, technologies, vendors, laws, regulations and threats. Time for the right perspective! The CCSP is an international certificate created by the (ISC)² in collaboration with the Cloud Security Alliance (CSA) and accredits you the highest standard of cloud security expertise.

The participants of this 4-day course will be prepared intensively and exam-oriented in German by an (ISC) ² authorized trainer for the exam "Certified Cloud Security Professional" (CCSP). The seminar will provide you with the official (ISC)² CCSP training materials and teach the full CCSP Common Body of Knowledge:

Cloud Concepts, Architecture and Design

  • Cloud Computing Concepts

  • Cloud Reference Architecture

  • Security Concepts Relevant to Cloud Computing

  • Design Principles of Secure Cloud Computing

  • Evaluation of Cloud Service Providers

Cloud Data Security

  • Cloud Data Concepts

  • Cloud Data Storage Architecture

  • Data Security Technologies and Strategies

  • Data Discovery

  • Data Classification 

  • Information Rights Management

  • Data Retention, Deletion, Archiving Policies

  • Auditability, Traceability, Accountability of Data Events

Cloud Platform and Infrastructure Security

  • Cloud Infrastructure Components

  • Secure Data Center

  • Risks associated with Cloud Infrastructure

  • Security Controls

  • Disaster Recovery (DR) and Business Continuity (BC)

Cloud Application Security

  • Training and Awareness for Application Security

  • Secure Software Development Lifecycle (SDLC)

  • Cloud Software Assurance and Verification

  • Verified Secure Software

  • Specifics of Cloud Application Architecture

  • Identity and Access Management (IAM) Solution

Cloud Security Operations

  • Physical and Logical Infrastructure for Cloud Environment

  • Operational Controls and Standards

  • Digital Forensics

  • Communication with Relevant Parties

​Legal, Risk and Compliance

  • Legal Requirements and unique Risks within the Cloud Environment

  • Privacy Issues, Juristicional Variance

  • Audit Process, Methodologies, and required Adaptations for a Cloud Environment

  • Implications of Cloud to Enterprise Risk Management

  • Outsourcing and Cloud Contract Design

 

We are looking forward to welcome you in our class!

 

CISM

As a CISM, you manage complex information security programs, develop risk management programs, build corporate security governance and lead incident response teams. The certificate is a pioneer from consulting to management. Certificate holders have a good overview of standards, frameworks, and best practices and are highly acclaimed.

The participants of this 3-day course will be prepared intensively and exam-oriented in German language by an experienced trainer for the exam "Certified Information Systems Manager" (CISM). Using the official ISACA documents and test examinations, the seminar conveys all knowledge areas of the CISM Job Practice in a detailed and interactive form:

 

 

Information Security Governance

  • Information Security Management

  • Roles and responsibilities

  • Strategies

  • Standards and frameworks

  • Guidelines

  • Security Models

  • Protective measures

  • Metrics

Information Risk Management and Compliance

  • Risk Management

  • Standards and Frameworks

  • Classification of Assets

  • Compliance, Law and Regulation

Information Security Program Development and Management

  • Program Management

  • Process Models

  • Standards and Frameworks

  • Controls

  • Metrics and Monitoring

Information Security Incident Management

  • Security Incidents and Incident Response

  • Roles and Responsibilities

  • Business Continuity

  • Disaster Recovery

We are looking forward to welcome you in our class!

 

CISA

As auditor you check the controls for information systems, processes and data and make sure that your customers are on the right track. Your qualifications and work experience enables you to assess technology, risks, threats, and vulnerabilities, and to understand how to secure business processes, data, and systems. Your work ensures that the assumptions made in business are met, that data, systems and processes are secure and that the company's employees are working compliant to law, regulation and policies.

 

The certificate is traded globally as the Gold Standard for "IS Audits, Controls and Assurance Professionals".

The participants of this 4-day course will be prepared intensively and exam-oriented in German language by an experienced trainer for the exam "Certified Information Systems Auditor" (CISA). Using the official ISACA documents and test examinations, the seminar conveys all knowledge areas of the CISA Certification Job Practice in a detailed and interactive form:

The Process of Auditing Information Systems

  • Auditing

  • Process Models

  • Standards and Frameworks

  • Controls

  • Control Self-Assessment

Governance and Management of IT

  • Governance

  • Guidelines, Standards and Procedures

  • Strategies

  • Maturity and Optimization Models

  • Risk Management

  • Roles and Responsibilities

  • Business Continuity

Information Systems Acquisition, Development and Implementation

​​

  • Program Management

  • System Development Life Cycle

  • Models and Applications

  • Cloud Computing

  • Software Development

  • Acquisition of Software and Hardware

  • Controls

  • Audit Techniques

 

Information Systems Operations, Maintenance and Service Management

  • IT Service Management

  • IT Asset Management

  • Operation and Maintenance

  • Hardware and Software

  • Network Technologies

  • Disaster Recovery

Protection of Information Assets

  • Information Security Management

  • Protection of Assets

  • Identity and Access Controls

  • Network Infrastructure

  • Cryptography

  • Physical Security

  • Audit Techniques

We are looking forward to welcome you in our class!

 

Information Security Training

The participants of this 5-day intensive course will be comprehensively introduced to all important areas of information security and privacy by an experienced trainer. Participants will gain an in-depth overview of the content below and understand the key security measures involved in developing and securing software:

Course Content:

  • Security Requirements     

  • Principles     

  • Information Security Management Systems (ISMS) according to ISO 27001     

  • Code of Practice for Information Security

  • Security Controls according to ISO 27002     

  • Roles and Responsibilities     

  • Governance     

  • Guidelines, Standards, Procedures, Guidelines and Best Practices     

  • Awareness and Training     

  • Control Mechanisms and Frameworks

Risk Management

  • Risk Management according to ISO 27005

  • Threat Modeling and Business Impact Analysis

  • Protection of Assets

  • Risks and Controls

  • Risk Assessments and Risk Analysis

​​

Asset Security

  • Classification of Information and Systems

  • Inventory Management

  • Configuration Management

  • IT Asset Management

  • Roles and Responsibilities

  • Guidelines

  • Storage and Deletion of Information

Security Engineering

  • Security Models

  • Enterprise Security Architecture

  • Maturity Models

  • Procurement according to Common Criteria (CC)

  • Computers and Communication Architectures

  • Modern Computing Models (Cloud, Mobile, Big Data)

Cryptography

  • Symmetric, Asymmetric and Hybrid Algorithms     

  • Hashes and Digital Signatures     

  • Certificates and Public Key Infrastructure     

  • Certification and Registration Authorities

Physical Security

  • Threats    

  • Vulnerability Assessments     

  • Environmental Design

  • Access Controls

Network Communication

  • OSI Reference Model and TCP / IP Model     

  • Network Protocols     

  • Network Equipment     

  • Perimeter Security

  • Classic Attacks on Network Stacks     

  • Attacks and Security Controls

Identity Management and Access Controls

  • Identity Management

  • Access models

  • Identification, Authentication, Authorization, Auditing and Accountability

  • Physical Access Controls

  • Biometrics

  • Single Sign On

  • Cloud Computing

Web Applications

  • OWASP Top 10

  • Threats

  • Standards

  • Industrial Control Systems (ICS, CPS, SCADA)

Secure software development

  • Critical Errors

  • Software Development Lifecycle (SDLC)

  • Security in the Development Process

  • Test Methods

  • Operations and Maintenance

  • Change Management

  • Databases

  • Malware

  • Security in Procurement

​​

Operations and Maintenance

  • Roles and Responsibilities

  • Intrusion Detection and Intrusion Prevention (IDS / IPS)

  • Monitoring

  • Logging and Auditing

  • Security Information and Event Management (SIEM)

  • Media Management

  • Backup and Recovery

  • Patch Management

  • Vulnerability Management

  • Incident Handling and Response

  • IT Forensics and Evidence

Business Continuity 

  • Business Continuity Planning (BCP)    

  • Business Impact Analysis (BIA)     

  • Roles and Responsibilities     

  • Requirements for Operations 

Disaster Recovery 

  • Disaster Recovery Planning (DRP)

  • Roles and Responsibilities

  • Requirements for Operations

We are looking forward to welcome you in our class!

 

Security Awareness Seminar

The participants of this one-day seminar will be informed comprehensively about common social engineering attacks ("human hacking") and their impact. Numerous examples and scenarios illustrate how attackers bypass the technical security measures in a company by moving people to provide information or access.

The most effective security measure is to sensitize employees and managers and to create an appropriate security culture within the organization. Take the next step, protect yourself, and immunize your business!

 
Human Hacking

  • Common Attacks 

  • Phishing

  • Malware

  • Drive-by Downloads

  • Online Banking

  • Open Source Intelligence

Social Engineering Scenarios

  • Passwords

  • E-Mails

  • USB Sticks

  • Certificates

  • Social Networks

​​

Psychological Aspects

  • Help and Support

  • Curiosity and Fear

  • Threat and Pressure

  • Name Dropping

Corporate Security Culture

  • Sensitization to Threats and Risks

  • Recognize Effects and Impact

  • Safe behavior

  • Recognize and Correct Misconduct

  • Security Incidents

  • Management and Role Models

  • Teaching Methods

We are looking forward to welcome you in our class!

 

Information Security

Gemarkenweg 1

51467 Bergisch Gladbach

GPG: 45E1715630AEA748