Security Management Training in Virginia

This instructor-led, live training in [location] (online or onsite) is designed for intermediate-level IT auditors who aim to effectively integrate artificial intelligence tools into their audit practices. By the end of this training, participants will be able to: - Understand the fundamental concepts of artificial intelligence and their application in IT auditing. - Leverage AI technologies such as machine learning, natural language processing (NLP), and robotic process automation (RPA) to enhance audit efficiency, accuracy, and scope. - Conduct risk assessments using AI tools, facilitating continuous monitoring and proactive risk management. - Incorporate AI into audit planning, execution, and reporting, thereby improving the overall effectiveness of IT audits for government.

Encryption Key Management is the discipline of securely creating, storing, distributing, rotating, and retiring cryptographic keys to protect sensitive data and ensure regulatory compliance.

This instructor-led, live training (online or onsite) is designed for intermediate-level IT and security professionals who aim to implement robust encryption key management practices and systems across enterprise environments for government.

By the end of this training, participants will be able to:

• Understand the lifecycle of encryption keys and best practices for their protection.
• Set up and manage key management systems (KMS) both on-premises and in the cloud.
• Implement access control and auditing for key usage.
• Comply with regulations and standards related to encryption key security.

Format of the Course

• Interactive lecture and discussion.
• Hands-on use of key management tools in lab environments.
• Guided exercises focused on secure key lifecycle implementation.

Course Customization Options

• To request a customized training for this course based on your infrastructure or compliance requirements, please contact us to arrange.

This instructor-led, live training in Virginia (online or onsite) is designed for advanced-level security analysts who wish to enhance their skills in utilizing advanced Micro Focus ArcSight ESM content. The goal is to improve an organization's ability to detect, respond, and mitigate cyber threats with greater precision and speed. By the end of this training, participants will be able to: - Optimize the use of Micro Focus ArcSight ESM to enhance monitoring and threat detection capabilities. - Construct and manage advanced ArcSight variables to refine event streams for more precise analysis. - Develop and implement ArcSight lists and rules for effective event correlation and alerting. - Apply advanced correlation techniques to identify complex threat patterns and reduce false positives, ensuring robust cybersecurity practices for government.

This instructor-led, live training (available online or onsite) is designed for government law enforcement officers at the beginner level who wish to deepen their understanding of human behavior. The training aims to enhance participants' skills in communication, empathy, conflict resolution, and overall effectiveness in their roles. By the end of this training, participants will be able to: - Gain a deeper understanding of human psychology. - Develop advanced communication and conflict resolution skills for more effective interactions with the public, colleagues, and during negotiation scenarios. - Promote awareness and understanding of diverse cultural backgrounds, thereby improving community policing and relations with various demographic groups.

This instructor-led, live training in Virginia (online or onsite) is aimed at beginner-level security professionals who wish to acquire the knowledge and skills necessary to adapt to the rapidly evolving digital landscape in the security industry for government.

By the end of this training, participants will be able to:

• Understand Digital Transformation in the context of security for government.
• Learn how digital solutions can enhance security operations, efficiency, and effectiveness within public sector workflows.
• Manage security-related data to support informed decision-making and governance for government.

This instructor-led, live training (online or onsite) is aimed at beginner-level security managers who wish to effectively integrate and leverage technology in their field for government. By the end of this training, participants will be able to: - Comprehend the evolution of technology in security. - Learn how to effectively combine traditional security methods with modern technological solutions. - Understand the fundamentals of cybersecurity, risks associated with digital systems, and strategies to protect against cyber threats in the security industry for government.

This instructor-led, live training (online or onsite) is aimed at beginner-level security managers and designers for government who wish to effectively plan, design, and implement security strategies that are integrated, technologically advanced, and compliant with legal and ethical standards. By the end of this training, participants will be able to: - Integrate security considerations into architectural and facility design. - Assess threats and vulnerabilities to inform security planning. - Develop comprehensive security plans that address a range of threats. - Create effective emergency response and crisis management plans.

This instructor-led, live training (online or onsite) is designed for government security administrators at the beginner level who wish to enhance their understanding of security practices within an organization. By the end of this training, participants will be able to: - Understand the fundamentals of security operations and administration. - Identify and mitigate various security threats and vulnerabilities. - Implement and manage security solutions effectively. - Comprehend legal and ethical considerations in security operations for government. - Prepare for incident response and disaster recovery procedures.

This instructor-led, live training in [location] (online or onsite) is designed for advanced-level professionals who aim to achieve a thorough understanding of fraud examination concepts and prepare for the Certified Fraud Examiner (CFE) exam. By the end of this training, participants will be able to: - Acquire comprehensive knowledge of fraud examination principles and the fraud examination process. - Identify, investigate, and prevent various types of financial fraud schemes. - Understand the legal environment related to fraud, including the legal elements of fraud, relevant laws, and regulations for government and private sector applications. - Develop practical skills in conducting fraud investigations, such as evidence collection, interviewing techniques, and data analysis. - Learn to design and implement effective fraud prevention and deterrence programs within organizations. - Gain the confidence and knowledge necessary to successfully pass the Certified Fraud Examiner (CFE) exam.

This instructor-led, live training (available online or onsite) is designed for advanced-level security managers who wish to acquire the knowledge and skills necessary to excel in their roles as security management professionals and to perform well on the ISSMP certification exam. By the end of this training, participants will be able to: - Understand the five domains of ISSMP. - Develop the skills needed to manage an information security program for government. - Learn how to establish and maintain effective security governance. - Gain insights into risk management, incident response, and continuity planning. - Prepare effectively for the ISSMP certification exam.

This instructor-led, live training in Virginia (online or onsite) is aimed at beginner-level security professionals who wish to thoroughly understand how to protect physical assets, people, and facilities for government use.

By the end of this training, participants will be able to:

• Comprehend the fundamentals of physical security for government operations.
• Learn about risk assessment and management in the context of physical security for government facilities.
• Examine various physical security measures and technologies relevant to government environments.
• Understand the integration of physical security with other security domains within government workflows.
• Acquire skills in designing and implementing effective physical security plans for government entities.

This instructor-led, live training in Virginia (online or onsite) is aimed at IT professionals who wish to understand how to use the CipherTrust Solution suite for government applications.

By the end of this training, participants will be able to:

• Comprehend the CipherTrust Solution and its fundamental functions.
• Assess device architecture and usage strategies.
• Administer the CipherTrust product suite effectively.

This instructor-led, live training in Virginia (online or onsite) is aimed at security managers who wish to acquire basic to intermediate-level skills in CCTV security surveillance and management for government. By the end of this training, participants will be able to: - Understand the various types of CCTV systems and their benefits and features. - Comprehend cabling requirements and setup procedures for CCTV systems. - Install, configure, and manage CCTV systems effectively.

Description:

Disclaimer: Please be advised that this updated CISM exam content outline is applicable to exams starting 1 June 2022.

The Certified Information Security Manager (CISM®) is the most prestigious and demanding qualification for information security managers globally. This certification provides a platform for professionals to become part of an elite peer network, equipped with the ability to continuously learn and adapt to the evolving opportunities and challenges in information security management.

Our CISM training methodology offers comprehensive coverage of the four CISM domains, focusing on building foundational concepts and solving ISACA-released CISM exam questions. The course is designed as an intensive training program and rigorous exam preparation for ISACA’s Certified Information Security Manager (CISM®) Examination.

Our instructors encourage all attendees to review the ISACA-released CISM QA&E (Questions, Answers, and Explanations) for exam preparation. This resource is invaluable in helping participants understand the style of questions, effective problem-solving approaches, and rapid assimilation of CISM concepts during live classroom sessions. All our trainers have extensive experience in delivering CISM training and are dedicated to thoroughly preparing you for the CISM examination.

Goal:

The ultimate goal is to pass your CISM examination on the first attempt.

Objectives:

• Apply the knowledge gained in a practical manner that benefits your organization
• Establish and maintain an information security governance framework to achieve organizational goals and objectives
• Manage information risk to an acceptable level to meet business and compliance requirements
• Establish and maintain information security architectures (people, process, technology)
• Integrate information security requirements into contracts and activities of third parties/suppliers
• Plan, establish, and manage the capability to detect, investigate, respond to, and recover from information security incidents to minimize business impact

Target Audience:

• Security professionals with 3-5 years of front-line experience
• Information security managers or those with management responsibilities
• Information security staff, information security assurance providers who require an in-depth understanding of information security management, including: CISOs, CIOs, CSOs, privacy officers, risk managers, security auditors and compliance personnel, BCP/DR personnel, executive and operational managers responsible for assurance functions

This training is designed to support professionals in enhancing their skills and knowledge for government and organizational success.

This instructor-led, live training in [location] (online or onsite) is designed for government security professionals who wish to enhance their skills in managing security threats and conducting security risk assessments. By the end of this training, participants will be able to: - Oversee security systems and effectively manage any hostile environments. - Address and mitigate any security risks or threats. - Conduct thorough security risk assessments for government operations.

This instructor-led, live training (online or onsite) is designed for beginner-level professionals who wish to gain a comprehensive understanding of ISO 27001 and its critical role in enhancing information security within organizations, including those for government. By the end of this training, participants will be able to: - Understand the purpose and benefits of an Information Security Management System (ISMS). - Familiarize themselves with key concepts, terms, and principles outlined in ISO 27001. - Recognize the role of auditors in ensuring compliance with ISO 27001 standards. - Gain insight into the audit process and the importance of continual improvement within the ISO 27001 framework.

This instructor-led, live training (online or onsite) is designed for intermediate-level cybersecurity professionals who seek to deepen their understanding of GRC frameworks and apply them to ensure secure and compliant business operations for government. By the end of this training, participants will be able to: - Understand the essential components of cybersecurity governance, risk, and compliance. - Perform thorough risk assessments and devise effective risk mitigation strategies. - Implement compliance measures and manage regulatory requirements. - Develop and enforce robust security policies and procedures.

This instructor-led, live training in Virginia (online or onsite) is aimed at developers and anyone who wishes to learn and use OAuth to provide applications with secure delegated access for government. By the end of this training, participants will be able to: - Understand the fundamentals of OAuth. - Identify the security challenges specific to native applications when using OAuth. - Learn about common extensions to the OAuth protocols. - Integrate with any OAuth authorization server.

This instructor-led, live training (available online or on-site) is designed for intermediate to expert-level IT professionals who seek to enhance their skills and qualifications in information security or related fields for government. By the end of this training, participants will be able to: - Understand the differences between ISO/IEC 27001:2013 and ISO/IEC 27001:2022. - Acquire the knowledge and skills necessary to plan and implement an efficient transition from the 2013 to the 2022 version of the standard. - Apply this knowledge in practical scenarios, ensuring a smooth transition within their respective organizations for government.

This instructor-led, live training in Virginia (online or onsite) is aimed at intermediate-level system administrators who wish to learn how to use Siteminder to implement various authentication methods for government systems. By the end of this training, participants will be able to: - Understand the core concepts of Siteminder and its role in authentication and access management for government. - Configure and manage user authentication with Siteminder. - Implement various authentication methods supported by Siteminder. - Troubleshoot common issues related to Siteminder authentication. - Integrate Siteminder with other identity providers for federated authentication.

The ISO/IEC 27002 Lead Manager training equips individuals with the essential expertise and knowledge required to support organizations in implementing and managing Information Security controls as outlined in ISO/IEC 27002.

Upon completion of this course, participants are eligible to sit for the exam and apply for the “PECB Certified ISO/IEC 27002 Lead Manager” credential. This certification demonstrates a mastery of the principles and techniques necessary for the implementation and management of Information Security Controls based on ISO/IEC 27002.

Who Should Attend?

• Managers or consultants aiming to implement an Information Security Management System (ISMS) in alignment with ISO/IEC 27001 and ISO/IEC 27002
• Project managers or consultants seeking to excel in the ISMS implementation process
• Individuals responsible for information security, compliance, risk management, and governance within an organization
• Members of information security teams
• Expert advisors in information technology
• Information Security officers
• Privacy officers
• IT professionals
• Chief Technology Officers (CTOs), Chief Information Officers (CIOs), and Chief Information Security Officers (CISOs)

Learning Objectives

• Acquire expertise in the implementation of Information Security controls by adhering to the framework and principles of ISO/IEC 27002
• Gain a thorough understanding of the concepts, approaches, standards, methods, and techniques necessary for the effective implementation and management of Information Security controls
• Understand the interrelationships among the components of Information Security controls, including responsibility, strategy, acquisition, performance, conformance, and human behavior
• Appreciate the significance of information security in organizational strategy
• Mastery of the processes involved in managing information security
• Proficiency in formulating and implementing security requirements and objectives

Educational Approach

• This training combines theoretical instruction with practical application
• Lectures enriched with real-world examples
• Practical exercises based on case studies
• Review sessions to aid in exam preparation
• A practice test that mirrors the certification exam format

General Information

• Certification fees are included in the exam price
• Participants will receive a comprehensive training manual containing over 500 pages of information and practical examples
• A certificate of participation, awarding 31 CPD (Continuing Professional Development) credits, will be provided to all attendees
• In the event of an exam failure, participants are entitled to retake the exam within 12 months at no additional cost

This training is designed to enhance the capabilities of professionals in the public sector, ensuring they have the necessary skills and knowledge to effectively manage information security for government agencies.

Course Description

This comprehensive course is tailored to address AI security, governance, compliance, and risk management in enterprise settings. It is specifically designed for security professionals, compliance officers, and technology leaders who are responsible for the secure deployment and governance frameworks of AI systems. The curriculum aligns with best practices and standards for government and industry, ensuring participants are well-equipped to manage AI-related risks and ensure compliance with regulatory requirements.

There is an international focus on combating money laundering. Compliance officers, Anti-Money Laundering (AML) Officers, Money Laundering Reporting Officers (MLROs), Know Your Customer (KYC) analysts, auditors, and managers need to understand how to ensure compliance with Subsidiary 373.01, the Prevention of Money Laundering and Funding of Terrorism Regulations (PMLFTR). Under the PMLFTR, all Subject Persons, including those within the regulated financial services sector, are required to appoint a Money Laundering Reporting Officer (MLRO). This practical course provides essential knowledge and guidance on how to approach AML compliance within your organization, with particular attention to the regulatory environment in Malta. The training is designed to enhance understanding and adherence to these regulations for government and private sector entities alike.

Description:

Basel III is a global regulatory framework for bank capital adequacy, stress testing, and market liquidity risk. Initially agreed upon by the Basel Committee on Banking Supervision in 2010-2011, the implementation of these standards was extended to March 31, 2019. Basel III enhances bank capital requirements by increasing liquidity and reducing leverage.
Basel III complements rather than replaces Basel I and II by requiring different levels of reserves for various forms of deposits and other borrowings.
Navigating this complex and evolving regulatory landscape can be challenging. Our training program, accredited by the Basel Certification Institute, is designed to help you manage these changes effectively and understand their impact on your institution. The quality and relevance of our training materials are guaranteed to be current and practical.

Objectives:

• Prepare participants for the Certified Basel Professional Examination.
• Equip attendees with hands-on strategies and techniques for defining, measuring, analyzing, improving, and controlling operational risk within a banking organization.

Target Audience:

• Board members with risk oversight responsibilities
• Chief Risk Officers (CROs) and Heads of Risk Management
• Risk Management team members
• Compliance, legal, and IT support staff
• Equity and credit analysts
• Portfolio managers
• Rating agency analysts

Overview:

• Introduction to Basel norms and amendments to the Basel Accord (III)
• Regulations for market, credit, counterparty, and liquidity risk
• Stress testing methodologies and procedures, including how to formulate and conduct stress tests
• The potential impacts of Basel III on the international banking sector, with practical examples of its application
• The need for new Basel norms
• An in-depth look at the Basel III norms
• Objectives of the Basel III norms
• A timeline for Basel III implementation

This training program is tailored to meet the needs of professionals in the financial sector, ensuring they are well-equipped to comply with regulatory requirements and enhance risk management practices for government and private institutions alike.

Who is it for:

This certificate is designed for anyone with an interest in information security, whether as a career path or to enhance general business knowledge. It is particularly relevant for government personnel and professionals who require a foundational understanding of Information Security Management Principles. This certification serves as a solid base on which other qualifications can be built, or it provides a comprehensive overview that enables organizations to ensure their information is adequately protected.

What will I learn:

Candidates should be able to demonstrate:

• An understanding of the key concepts related to information security management.
• Familiarity with current national legislation and regulations impacting information security management, including those specific to government operations.
• Awareness of current national and international standards, frameworks, and organizations that support the effective management of information security for government and other sectors.
• An understanding of the business and technical environments in which information security management must function, particularly within government contexts.
• Knowledge of the categorization, operation, and effectiveness of various types of controls and their characteristics, tailored to meet the needs of government agencies and organizations.

Who is it For:

This certificate is designed for individuals with an interest in information security, whether as a career path or for general business knowledge. It is particularly relevant for those who require an understanding of Information Security Management Principles, including professionals looking to enhance their skills and contribute to the protection of sensitive data within organizations.

What Will I Learn:

Candidates will be able to demonstrate:

• An understanding of the fundamental concepts related to information security management.
• Familiarity with current national legislation and regulations that impact information security management.
• Awareness of national and international standards, frameworks, and organizations that support the management of information security.
• Knowledge of the business and technical environments in which information security management must be effectively applied.
• An understanding of the categorization, operation, and effectiveness of various types of controls used in information security.

Note: This is a four-day course that extends the standard delivery by one day to provide additional time for exam preparation and practice exercises. The extended format ensures participants have ample opportunity to reinforce their learning and prepare thoroughly for the certification exam.

Who is it for:

This program is designed for individuals involved in information security and information assurance, particularly those working in or supporting government agencies.

What will I learn:

Candidates should be able to demonstrate:

• The ways in which managing information risk can bring significant benefits to public sector organizations.
• The ability to explain and effectively utilize terminology related to information risk management for government use.
• How to conduct threat and vulnerability assessments, business impact analyses, and risk assessments within a governmental context.
• An understanding of the principles of controls and risk treatment in government settings.
• The skill to present assessment results in a format that can serve as the foundation for a risk treatment plan tailored for government operations.
• The application of information classification schemes appropriate for government agencies.

Description:

This four-day event (CGEIT training) is designed to ensure that participants pass the challenging CGEIT exam on their first attempt. The CGEIT qualification, awarded by ISACA, is an internationally recognized symbol of excellence in IT governance. It is tailored for professionals responsible for managing IT governance or those with significant advisory or assurance responsibilities in this area. Achieving CGEIT status will provide wider recognition in the marketplace and increased influence at the executive level, particularly for government.

Objectives:

This seminar has been designed to prepare participants for the CGEIT examination by enabling them to supplement their existing knowledge and understanding, thereby better preparing them to pass the exam as defined by ISACA.

Target Audience:

This training course is intended for IT and business professionals with significant IT governance experience who are undertaking the CGEIT exam.

This comprehensive, three-day course is designed to equip participants with the essential knowledge and skills necessary for managing information security, information assurance, or information risk-based processes. The Certified Information Security Management Principles (CISMP) course aligns with the latest national information assurance frameworks (IAMM), as well as ISO/IEC 27002 and 27001—the codes of practice and standards for information security. This course is also certified by CESG, ensuring it meets rigorous training standards. The curriculum follows the most recent syllabus from the British Computer Society (BCS) and prepares participants for a two-hour multiple-choice BCS examination. Upon completion, participants will gain detailed knowledge of key concepts in information security, including confidentiality, integrity, availability, vulnerability, threats, risks, and countermeasures. They will also understand the current legislation and regulations impacting information security management. This qualification enables award holders to apply practical principles learned during the course, ensuring that normal business processes become more robust and secure, particularly for government operations.

Learning Objectives

This COBIT 2019 Foundation course is designed to introduce participants to COBIT 2019 and enhance their understanding of how an integrated business framework for the governance and management of enterprise IT can be applied to achieve IT business integration, cost reductions, and increased productivity. The key areas covered in this course include:

• Introduction to the new framework
• Key concepts and terminology
• Governance and framework principles
• Governance system components
• Governance and management objectives
• Performance management
• Designing a tailored governance system for government

This instructor-led, live training in [location] (online or onsite) is aimed at payment services compliance professionals who wish to establish, implement, and enforce a compliance program within an organization. By the end of this training, participants will be able to: - Understand the regulations set forth by government agencies for payment service providers. - Develop internal policies and procedures necessary to meet government regulatory requirements. - Implement a compliance program that aligns with applicable laws and regulations. - Ensure that all corporate processes and procedures adhere to the established compliance program. - Maintain the organization's reputation while safeguarding it from legal liabilities, specifically for government operations.

Network security begins at the physical level. In this instructor-led, live training for government participants, attendees will learn about the security risks associated with computer server rooms and how to enhance security through strategic practices, planning, and technology implementation.

By the end of this training, participants will be able to:

• Evaluate their organization's security risk as it pertains to computer server rooms.
• Establish control and monitoring systems to limit physical access to critical infrastructure.
• Develop access policies for different personnel roles.
• Communicate security policies effectively with team members.

Description:

Cybersecurity skills are in high demand, as threats continue to impact organizations globally. According to a survey by ISACA, a significant majority of professionals recognize the importance of these skills and plan to work in positions that require cybersecurity expertise. To address this critical need, ISACA has developed the Cybersecurity Fundamentals Certificate, which provides comprehensive education and verification of essential skills.

Objectives:

With the increasing prevalence of cybersecurity threats and a growing shortage of qualified professionals, ISACA's Cybersecurity Fundamentals Certificate program is designed to rapidly train entry-level employees. This ensures they have the necessary skills and knowledge to effectively operate in the cybersecurity domain, thereby enhancing security measures for government and other organizations.

Target Audience:

The certificate program is an ideal pathway for individuals seeking to gain foundational knowledge in cybersecurity and begin building their expertise in this vital area. It is particularly beneficial for those entering the field or looking to enhance their career prospects with a strong foundation in cybersecurity principles.

In this instructor-led, live course in [location], participants will gain the skills necessary to develop an effective security strategy to address the unique challenges of DevOps for government. The training will equip attendees with the knowledge and tools required to enhance security practices while maintaining the agility and efficiency essential in public sector workflows.

This course offers a comprehensive introduction to the newly enacted Accessibility Law, tailored specifically for government professionals. It equips developers with the essential skills needed to design, develop, and maintain fully accessible applications. The curriculum begins with an overview of the law's significance and implications, followed by hands-on coding practices, tools, and testing methods to ensure compliance and inclusivity for users with disabilities in government settings.

Course Goal:

To ensure that an individual has a core understanding of GRC processes and capabilities, and the skills necessary to integrate governance, performance management, risk management, internal control, and compliance activities for government.

Overview:

• GRC Basic Terms and Definitions
• Principles of GRC
• Core Components, Practices, and Activities
• Relationship of GRC to Other Disciplines

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a United States legislation that establishes standards for data privacy and security in the handling and storage of medical information. These guidelines serve as an essential benchmark for developing health applications, regardless of geographic location. Applications that comply with HIPAA are widely recognized and trusted on a global scale. In this instructor-led, live training (remote), participants will gain a comprehensive understanding of HIPAA through a series of hands-on exercises in a live-lab environment. By the end of this training, participants will be able to: - Understand the fundamental principles of HIPAA - Develop health applications that adhere to HIPAA standards - Utilize developer tools designed for achieving HIPAA compliance **Audience** - Developers - Product Managers - Data Privacy Officers **Format of the Course** - A blend of lecture, discussion, and extensive hands-on practice. **Note** - To request a customized training for government or other organizations, please contact us to arrange.

This instructor-led, live training in Virginia (online or onsite) is designed for developers and administrators who aim to produce software and products that comply with HiTRUST standards. By the end of this training, participants will be able to: - Grasp the essential concepts of the HiTrust Common Security Framework (CSF). - Recognize the HITRUST CSF administrative and security control domains. - Gain knowledge about the various types of HiTrust assessments and scoring methodologies. - Understand the certification process and requirements for achieving HiTrust compliance. - Learn best practices and tips for effectively adopting the HiTrust approach, ensuring alignment with public sector workflows, governance, and accountability for government.

Why Should You Attend?

The ISO/IEC 27001 Foundation training provides a comprehensive understanding of the essential elements required to implement and manage an Information Security Management System (ISMS) as outlined in ISO/IEC 27001. This training course will cover various components of the ISMS, such as policy development, procedures, performance measurement, management commitment, internal audits, management reviews, and continuous improvement.

Upon completion of this course, you will be eligible to take the certification exam and apply for the “PECB Certified ISO/IEC 27001 Foundation” credential. This certification demonstrates your proficiency in the fundamental methodologies, requirements, framework, and management approaches necessary for government and public sector organizations.

Who Should Attend?

• Individuals involved in Information Security Management within their organizations
• Professionals seeking to gain knowledge about the core processes of Information Security Management Systems (ISMS)
• Those interested in advancing their careers in Information Security Management for government and other public sector entities

Educational Approach

• Lecture sessions are enriched with practical questions and real-world examples to enhance understanding.
• Practical exercises include case studies and group discussions to reinforce learning.
• Practice tests simulate the Certification Exam environment, providing a realistic assessment of your knowledge and readiness.

ISO/IEC 27001 Lead Auditor Training

The ISO/IEC 27001 Lead Auditor training equips participants with the essential expertise to conduct Information Security Management System (ISMS) audits by applying widely recognized audit principles, procedures, and techniques.

Why Should You Attend?

This training course will provide you with the knowledge and skills necessary to plan and execute internal and external audits in accordance with ISO 19011 and the ISO/IEC 17021-1 certification process.

Through practical exercises, you will gain mastery of audit techniques and become competent in managing an audit program, leading an audit team, communicating effectively with customers, and resolving conflicts.

After acquiring the necessary expertise to perform these audits, you can take the examination and apply for the “PECB Certified ISO/IEC 27001 Lead Auditor” credential. Holding a PECB Lead Auditor Certificate will demonstrate your capabilities and competencies in auditing organizations based on best practices.

Who Should Attend?

• Auditors aiming to perform and lead ISMS certification audits
• Managers or consultants seeking to master the ISMS audit process
• Individuals responsible for maintaining compliance with ISMS requirements
• Technical experts preparing for an ISMS audit
• Expert advisors in Information Security Management

Learning Objectives

• Understand the operations of an ISMS based on ISO/IEC 27001
• Recognize the relationship between ISO/IEC 27001, ISO/IEC 27002, and other standards and regulatory frameworks
• Understand an auditor’s role in planning, leading, and following up on a management system audit according to ISO 19011
• Learn how to lead an audit and manage an audit team
• Learn how to interpret the requirements of ISO/IEC 27001 in the context of an ISMS audit
• Acquire the competencies of an auditor to plan, lead, draft reports, and follow up on audits in compliance with ISO 19011

Educational Approach

• This training combines theoretical knowledge with best practices used in ISMS audits
• Lecture sessions are supplemented with examples based on case studies
• Practical exercises include role-playing and discussions based on a case study
• Practice tests mirror the Certification Exam to prepare participants for government and industry certification requirements

Why Should You Attend?

The ISO/IEC 27002 Introduction training course equips you with a comprehensive understanding of Information Security Management Systems (ISMS) and Information Security Controls as outlined in ISO/IEC 27002. By participating in this training, you will gain insight into the significance of ISMS and Information Security Controls, along with the benefits they offer to businesses, society, and governments.

Who Should Attend?

• Individuals interested in Information Security Management and Information Security Controls
• Professionals seeking to deepen their knowledge about the core processes of Information Security Management Systems and Information Security Controls

Learning Objectives

• Understand the Information Security standards and best practices for implementing and managing Information Security Controls
• Gain a clear understanding of the controls essential for managing Information Security risks, particularly relevant for government operations and public sector workflows.

This course equips participants with the expertise needed to establish information security in accordance with ISO 27005, focusing on information security risk management as outlined in ISO 27001. The training is tailored to enhance the capabilities of professionals responsible for safeguarding sensitive data and ensuring compliance with international standards, particularly for government agencies and other public sector organizations.

The ISO/IEC 27005 Lead Risk Manager training equips participants with the essential expertise to support organizations in the risk management process related to all assets critical for Information Security. This training utilizes the ISO/IEC 27005 standard as a reference framework, providing a comprehensive understanding of designing and developing an Information Security Risk Management program. The course also delves into best practices for risk assessment methods such as OCTAVE, EBIOS, MEHARI, and harmonized TRA. This training facilitates the implementation process of the ISMS framework outlined in the ISO/IEC 27001 standard.

Upon mastering the necessary concepts of Information Security Risk Management based on ISO/IEC 27005, participants can sit for the exam and apply for the “PECB Certified ISO/IEC 27005 Lead Risk Manager” credential. By obtaining a PECB Lead Risk Manager Certificate, individuals will demonstrate their practical knowledge and professional capabilities to support and lead teams in managing Information Security Risks, particularly relevant for government agencies and other public sector entities.

Who Should Attend?

• Information Security risk managers
• Information Security team members
• Individuals responsible for Information Security, compliance, and risk within an organization
• Individuals implementing ISO/IEC 27001 or seeking to comply with it, as well as those involved in a risk management program
• IT consultants
• IT professionals
• Information Security officers
• Privacy officers

Examination - Duration: 3 Hours

The “PECB Certified ISO/IEC 27005 Lead Risk Manager” exam fully aligns with the requirements of the PECB Examination and Certification Programme (ECP). The exam covers the following competency domains:

• Domain 1: Fundamental principles and concepts of Information Security Risk Management
• Domain 2: Implementation of an Information Security Risk Management program
• Domain 3: Information security risk assessment
• Domain 4: Information security risk treatment
• Domain 5: Information security risk communication, monitoring, and improvement
• Domain 6: Information security risk assessment methodologies

General Information

• Certification fees are included in the exam price
• Participants will receive training material containing over 350 pages of information and practical examples
• A participation certificate with 21 CPD (Continuing Professional Development) credits will be issued
• In the event of exam failure, participants can retake the exam within 12 months at no additional cost

Information security threats and attacks are evolving continuously. The most effective defense against these challenges is the proper implementation and management of information security controls and best practices. Information security is also a critical expectation and requirement set by customers, legislators, and other stakeholders. This training course is designed to prepare participants in implementing an information security management system (ISMS) based on ISO/IEC 27001. It aims to provide a comprehensive understanding of the best practices for managing an ISMS and a framework for its ongoing improvement. After completing the training course, participants can take the exam. Successful completion of the exam allows you to apply for the “PECB Certified ISO/IEC 27001 Lead Implementer” credential, which demonstrates your ability and practical knowledge to implement an ISMS in accordance with the requirements of ISO/IEC 27001. ### Who Can Attend? - Project managers and consultants involved in or concerned with the implementation of an ISMS - Expert advisors seeking to master the implementation of an ISMS - Individuals responsible for ensuring compliance with information security requirements within an organization - Members of an ISMS implementation team ### General Information - Certification fees are included in the exam price. - Training materials containing over 450 pages of information and practical examples will be provided. - A participation certificate with 31 CPD (Continuing Professional Development) credits will be issued. - In the event of exam failure, you can retake the exam within 12 months at no additional cost. ### Educational Approach - The training course includes essay-type exercises, multiple-choice quizzes, examples, and best practices used in the implementation of an ISMS. - Participants are encouraged to communicate with each other and engage in discussions while completing quizzes and exercises. - Exercises are based on a case study. - The structure of the quizzes mirrors that of the certification exam. ### Learning Objectives This training course will help you: - Gain a comprehensive understanding of the concepts, approaches, methods, and techniques used for the implementation and effective management of an ISMS. - Acknowledge the correlation between ISO/IEC 27001, ISO/IEC 27002, and other standards and regulatory frameworks. - Understand the operation of an information security management system and its processes based on ISO/IEC 27001. - Learn how to interpret and implement the requirements of ISO/IEC 27001 in the specific context of an organization. - Acquire the necessary knowledge to support an organization in effectively planning, implementing, managing, monitoring, and maintaining an ISMS for government.

Who Can Attend?

• Auditors seeking to perform and lead information security management system (ISMS) audits for government and private sector organizations
• Managers or consultants aiming to master the ISMS audit process for government entities
• Individuals responsible for maintaining conformity with ISMS requirements within their organization, including those in public sector roles
• Technical experts preparing for ISMS audits in various sectors, including government agencies
• Expert advisors in information security management for government and other organizations

Learning Objectives

By the end of this training course, participants will be able to:

1. Explain the fundamental concepts and principles of an ISMS based on ISO/IEC 27001
2. Interpret the ISO/IEC 27001 requirements for an ISMS from the perspective of an auditor, ensuring alignment with public sector standards
3. Evaluate ISMS conformity to ISO/IEC 27001 requirements in accordance with fundamental audit concepts and principles, applicable to both government and private entities
4. Plan, conduct, and close an ISO/IEC 27001 compliance audit, adhering to ISO/IEC 17021-1 requirements, ISO 19011 guidelines, and best practices in auditing for government and other organizations
5. Manage an ISO/IEC 27001 audit program, ensuring effective governance and accountability in the public sector

Educational Approach

• This training is based on both theoretical knowledge and best practices used in ISMS audits for government and other sectors
• Lecture sessions are enriched with examples drawn from real-world case studies, including those relevant to the public sector
• Practical exercises include role-playing and discussions centered around a comprehensive case study, ensuring participants can apply their learning in real scenarios
• Practice tests are designed to closely mirror the Certification Exam, providing valuable preparation for certification in ISMS auditing for government and other organizations

Audience

All staff who require a comprehensive understanding of Compliance and Risk Management for government operations.

Format of the Course

The course will be delivered through a combination of:

• Facilitated Discussions
• Slide Presentations
• Case Studies
• Practical Examples

Course Objectives

By the end of this course, participants will be able to:

• Understand the key aspects of Compliance and the national and international initiatives aimed at managing related risks for government.
• Define methods for establishing a Compliance Risk Management Framework within an organization and its staff.
• Explain the roles of Compliance Officer and Money Laundering Reporting Officer, and how these positions should be integrated into governmental operations.
• Identify critical areas in Financial Crime, particularly as they pertain to International Business, Offshore Centers, and High-Net-Worth Clients for government.

This instructor-led, live training (offered online or on-site) focuses on analyzing the risks associated with Open Data while enhancing resilience against data loss or disasters. By the end of this training, participants will be able to: - Understand the concepts and benefits of Open Data for government. - Identify various types of data. - Recognize the risks inherent in Open Data and learn methods to mitigate these risks. - Develop strategies for managing Open Data risks and creating effective contingency plans. - Implement risk mitigation techniques to reduce the likelihood and impact of data-related disasters.

This instructor-led, live Payment Card Industry Professional training for government in Virginia (online or onsite) provides an individual qualification for industry practitioners who wish to demonstrate their professional expertise and understanding of the PCI Data Security Standard (PCI DSS). By the end of this training, participants will be able to: - Understand the payment process and the PCI standards designed to protect it. - Comprehend the roles and responsibilities of entities involved in the payment industry. - Gain a deep insight into and understanding of the 12 PCI DSS requirements. - Demonstrate knowledge of how PCI DSS applies to organizations involved in the transaction process.

The governance of any organization is only as strong as its board of directors, and that board's effectiveness hinges on the capabilities of its chairman. However, the role of board leadership is both the most critical for ensuring board efficacy and the one with the least training and support. Conflicts over power between board leaders and chief executives are not uncommon. This document outlines the best practices of the world’s leading board leaders, offering insights into the proven strategies used by experienced professionals in the boardroom. These practices are essential for government agencies seeking to enhance their governance and accountability frameworks.

This instructor-led, live training in Virginia (online or onsite) is aimed at IT administrators, security coordinators, and compliance managers who wish to identify, evaluate, and implement security policy management methods for government and organizational use. By the end of this training, participants will be able to develop, manage, and monitor security policies to protect their organization's information, network, and physical and software assets.

You may be seeking your first board seat, or you may have recently obtained a board role and are preparing for your initial board meeting. Additionally, an organization may wish to equip its emerging leaders and diverse talents with the necessary knowledge for effective boardroom participation. This one-day program is designed to provide all the essential information needed to ensure participants are well-informed and prepared from the moment they enter the boardroom. It aligns with best practices for government and supports the development of skilled, accountable leadership.