SALTBUSH TRAINING COURSE DETAILS

Overview

Saltbush Training has partnered with Kenneth Van Wyk to develop a 5-day Web Application Security course aimed at addressing security issues associated with deploying web applications in today's complex networked environment. Students will receive a deep and thorough understanding of the most prevalent and dangerous security defects in today's applications and will learn practical and actionable guidelines on how to remediate against these common defects and how to test for them in their own applications.

Check out www.krvw.com/about/about.html to learn more about Kenneth Van Wyk.

Who Should Attend

• Designers of Internet systems and those responsible for deployment of Internet connected infrastructure.
• Web developers.
• IT security practitioners and reviewers responsible for assessing the security of deployed systems.
• Fraud and security investigations staff seeking an understanding of common attack vectors.

Topics Covered

Click here to view a comprehensive description of the Web Application Security course and topics covered.

Click here to enrol

Back to Top

Overview

If you are new to ICT Security, or have a need to be informed about what ACSI 33 is and how it should be employed in your organisation, then this two day seminar is what you’ll need to get a foundation understanding of what is required by DSD.

Who Should Attend?

• IT Security Advisers and Managers that are either new to the position or who would like a refresher.
• Security Executives, System Managers, Security Administrators or in fact anyone with an interest in Government ICT security requirements.

Topics Covered

• Security Governance. Includes management structures, forums and frameworks.
• Security Policy. The over-arching policy, it’s purpose and basic content.
• Security Risk Management. The difference between Strategic and Operational Risk and the purpose of the Security Risk Management Plan in the secure management of systems.
• Incident Response Plan. The IRP defines establishes the way an organisation will detect and respond to security incidents. This baseline document allows System Managers to tap into and leverage the organisations systematic approach to reposnding to incidents.
• System Security Plans. The SSP defines the way administrative and technical controls are to be employed.
• Standard Operating Procedures. The SOP is a detailed work instruction - a “How to do it” document. We’ll look at who needs them and for what tasks.
• Accreditation and Certification. We’ll look at what this is and who is responsible for it.
• Change Management. The role of security in any change to an ICT system is explored.
• Security Awareness Training. A key tool that ensures the success of any security strategy.
• ICT Security Standards. We’ll touch on DSD’s requirements for Gateways, hardware selection, software security, access control, network security, cryptography and data transfer.

Click here to enrol

Back to Top

Overview

DSD update ACSI 33 every September and ITSEC Training Services runs a one day seminar on the Changes and Additions made in the new release. The seminar covers the changes and additions and the impact this has on compliance, certification and accreditation.

Who Should Attend?

• IT Security Advisers and Managers that have a sound understanding of ACSI 33 that need to know how the changes and updates will impact on their compliance programs.
• Security Executives, System Managers, Security Administrators or in fact anyone who needs to appreciate the changes and additions to ACSI 33.

Click here to enrol

Back to Top

Overview

DSD have amended the security documentation set to now include the Incident Response Plan (IRP). The Security Incident Management Course is designed to take attendees on the path to prepare an IRP for their Agency of Organisation. The course covers the definition of a security incident, what different types of incidents there are and how to detect them.

Once an incident is detected, the process of declaring and responding to a security incident is discussed and a response procedure will be workshopped by attendees. Additonally, students will look atthe Government reporting requirements as established by DSD.

Who Should Attend?

• IT Security Advisers and Managers that have a need to establish the impact of te Incident Response Plan on their organisations and how this will will impact on their compliance programs.
• Security Executives, System Managers, Security Administrators or in fact anyone who needs to appreciate the complexities of detecting and responding to security incidents.

Click here to enrol

Back to Top

Overview

This course has been designed specifically for State Government departments who have a need to adopt the PSM and ISM and have had little or no exposure to these documents or their requirements. It covers at a high level the concepts of Physical Security, Information Security, Personnel Security and ICT Security. This seminar is packed with valuable information that will help you on the path of compliance to these standards.

Who Should Attend?

• Security Managers that have aneed to know how Australian Government Security Standards might impact their operations.
• Security Executives, System Managers, Security Administrators or in fact anyone who needs to appreciate the implications of adopting the PSM and ISM will have on their functions.

Topics Covered

• Overview of the PSM and ACSI 33 landscape
• Overview of Security Classifications and the implications for marking, handling and storage
• Foundations of ASCI 33/ISM Security Policy – It’s purpose and content
• Fundamentals of Standard Operating Procedures (SOPs) – a “How to do it” instruction document, who needs it and what tasks are required
• ICT Security standard requirements – DSDs requirements for gateways, hardware selection, software security, access control, network security, cryptography and data transfer.

Click here to enrol

Back to Top

Overview

This specialist qualification is designed to meet the training needs of people responsible for, or who aspire to, the management of ICT security within their organisation, and comprehensively addresses the ACSI 33 and ISO/IEC 27001 standards.

Job Opportunities

Senior roles managing ICT Security

Who should Attend

• ICT Security Officers
• ICT Security Managers
• ICT Security Advisers

Entry Requirements

To be eligible to enter this course you will need to:

• be mature age (20 years or over)
• be an Australian citizen
• work for a Government department or agency or private sector equivalent
• have access to the specific work practices and procedures required to demonstrate competency in the units undertaken.

And at least one of the following:

• years in the ICT Industry e.g. 2 years experience as a system administrator/ICT auditor
• previous qualifications in ICT e.g. CISA, CISM, CISSP, I-RAP, MCSE, CCNA or Industry equivalent.

What's involved

• Face to face training sessions
• Milestone activities
• Work-based projects
• Assessment interview

Class Size

Minimum 8 participants
Maximum 20 participants

Units of Study

To gain this qualification you will need to complete all of the following units of study:

• Use advanced workplace communication strategies
• Information Security Management Systems
• ISMS Organisation
• Managing and Treating Risk
• ISMS Plans and Procedures
• ICT Security Compliance
• Protective Security
• Managing System Security
• Controlling Access
• Communication Security
• Network Security
• Quality in Security
• Business Continuity Management
• Gather and Analyse Information
• Make a Presentation

Click here to enrol

Back to Top