Course overview

The training is continuously updated as new security threats are constantly emerging and during the course you will get a mindset and tools to avoid mistakes that someone else has already made and needed to correct!

Although the training is primarily aimed at those responsible for the data environment, we also recommend you in a decision-making role to participate and get an idea of what is required to avoid major costs later on!

See also our courses in IT security to develop your knowledge in cybersecurity, information security and protection of modern IT environments.

Course Objective

That you as a course participant are generally educated in IT security. You have gained a basic understanding of the various security threats that exist and what you can do to protect yourself against them.

Target Group

The course is aimed at technicians, IT managers and project managers, product owners and developers.

Prerequisites

No special prior knowledge is required.

Certification

This course does not have any associated certification. Each participant who completes the course receives a course certificate.

Trainer

This course is delivered in collaboration with one of Informator’s training partners.

More about the course

1. introduction

2. overview of IT security

Safety areas
Threats and protection
Common attacks and security issues
Risk analysis and measures
IT security, threat, ease of use and cost
Manipulating and intercepting data

3. malicious code

Viruses, worms and Trojans
Targeted attacks
Problems with antivirus software and firewalls
Rootkits
Backdoors
Buffer overflows
Denial of service attacks, DOS, DDOS
Botnets and zombie computers

4. Verify security

Intrusion detection
Automated safety analysis
Commonly used software

5. Vulnerabilities

Vulnerabilities and attacks
CAN, CVE, BID
Reference pages
Checklists and updates
IP restrictions

6. Application Security

Requirements for in-house developed or purchased applications
Common mistakes
Validation of data
Design problem
Password management
Web security
Guidelines for programmers
Communication with other systems
SQL injection
Code injection
Brute force attackers
Problems with client/server solutions

7. firewalls

Filtering, statefull vs stateless
Local firewalls
Proxy
Firewall topology
IP restrictions
Whitelist vs blacklists
VPN, Virtual Private Networks

8. cryptography

Asymmetric cryptography
Symmetric cryptography
HASH algorithms
RSA, DES, AES, MD5, SHA
Certificates and certificate management
CA, certificate authority
PKI, public key infrastructure

9. physical information security

Shell protection
Safety zones
Mechanical and electronic protection
Identification and access control

10. Policies and safety standards

Security classification of information
Different types of policies
IT security instructions to users
System security plan
Design, implementation and compliance (PDCA)
Targeted policies for users, clients
ISO27001/BS7799-1
ISO27002
CC, common criteria
Requirements for municipalities
Guidelines on information security
Document classification
Processing of personal data
Things to consider when procuring cloud services
Physical security
Organization
System safety analysis

11. From the attacker’s point of view

12. How to protect yourself

13. closing

Course overview

3 days

Basic

Can’t find a (suitable) date, but are interested in the course? Send in an expression of interest and we will do what we can to get an opportunity that suits.

För samtliga utbildningar gäller våra
Allmänna Villkor.

Company-adapted course

The course can be adapted from several perspectives:

Content and focus area
Scope of application
Structure

In collaboration with the course leader, we make sure that the course meets your wishes