PKI: Implement and Manage Training Course
Overview
This Public Key Infrastructure – Implement and Manage course helps any individual to gain knowledge in managing robust PKI and having better understanding of topics surrounding public key infrastructure. Moreover, the PKI course is a preparation for the increasingly critical component – which ensures confidentiality, integrity, and authentication in an enterprise. Our PKI course provides the knowledge and skills necessary to select, design and deploy PKI, to secure existing and future applications within your organization. It also gives a deeper look into the foundations of cryptography and the working principles of the algorithms being used.
Throughout the whole course, participants will gain in-depth knowledge on the following topics:
- Legal aspects of a PKI
- Elements of a PKI
- PKI management
- Trust in a digital world
- Digital signature implementation
- Trust models
After completing the PKI course, each individual will be able to successfully design, setup, deploy, and manage a public key infrastructure (PKI).
This is a 3-day course is considered essential for anyone who needs to understand Public Key Infrastructure (PKI) and the issues surrounding its implementation. It covers the issues and technologies involved in PKI in-depth and gives hands-on practical experience of setting up and maintaining a variety of PKI solutions. Detailed knowledge of issues surrounding PKI helps to put recent attacks which have appeared in the news headlines into context and enable valid decisions to be made about their relevance to your organisation.
Objectives
To introduce the student to the theoretical aspects of the foundations and benefits of Public Key Infrastructure (PKI), including different types of encryption, digital signatures, digital certificates and Certificate Authorities.
To give students hands on experience of implementing and using PKI solutions with a variety of applications.
To give students an understanding of the concepts of evaluating and selecting PKI technologies
Audience
Anyone involved in Public Key Infrastructure | PKI decision-making, implementing and securing e-commerce and other Internet applications, including CIOs, Chief Security Officers, MIS Directors, Security Managers and Internal Auditors.
Course Outline
Introduction to PKI
- Basic Security Concepts
- Public Key Infrastructure Defined
- Digital Certificates and Signatures
- Smart Cards
- PKI Standards
Basic cryptography
- Uses of Cryptography
- History of Cryptography including early methods
- Symmetric and Asymmetric Encryption plus Algorithms
- Diffie-Hellman Key Generation
- Hashing for Integrity plus Algorithms
Practical uses for encryption and associated issues
- Signed and Encrypted Email using S/MIME and PGP
- Secure connections to websites
- Digitally signing PDFs
- Encrypting files
- Encrypting hard drives
- Encrypting “containers”
- SSL, VPN and Wireless
- PKI and Cloud Computing
- Attacks on Encryption
Certificate Authorities
- Public v Private CAs
- Regulations governing CAs
- CA Certificate Policies
- Types of Certificates Provided
- CA Hierarchies
- Certificate Authority Operations
- Certificate expiration
- Certificate revocation
- Certificate Revocation Lists (CRL)
- Online Certificate Status Protocol (OCSP)
- Key recovery
- Installing a CA and issuing certificates
- Certificate Templates
Summary
- Top 5 Deployment Issues
- Top 10 Risks
- Advanced PKI Topics and Futures
- Summary of Public Key Infrastructure
Open Training Courses require 5+ participants.
PKI: Implement and Manage Training Course - Booking
PKI: Implement and Manage Training Course - Enquiry
PKI: Implement and Manage - Consultancy Enquiry
Testimonials (2)
conforme con la forma de explicar del instructor
Juan Carlos Barranco Camargo - GSE
Course - PKI: Implement and Manage
Explicación de algoritmos y la manera de identificar los mas adecuados
Gabriel Diaz Leon - GSE
Course - PKI: Implement and Manage
Related Courses
CHFI - Certified Digital Forensics Examiner
35 HoursThe Certified Digital Forensics Examiner vendor neutral certification is designed to train Cyber Crime and Fraud Investigators whereby students are taught electronic discovery and advanced investigation techniques. This course is essential to anyone encountering digital evidence while conducting an investigation.
The Certified Digital Forensics Examiner training teaches the methodology for conducting a computer forensic examination. Students will learn to use forensically sound investigative techniques in order to evaluate the scene, collect and document all relevant information, interview appropriate personnel, maintain chain-of-custody, and write a findings report.
The Certified Digital Forensics Examiner course will benefit organizations, individuals, government offices, and law enforcement agencies interested in pursuing litigation, proof of guilt, or corrective action based on digital evidence.
Node.JS and Web Application Security
21 HoursAs a developer, your duty is to write bulletproof code.
What if we told you that despite all of your efforts, the code you have been writing your entire career is full of weaknesses you never knew existed? What if, as you are reading this, hackers were trying to break into your code? How likely would they be to succeed? What if they could steal away your database and sell it on the black market?
This Web application security course will change the way you look at code. A hands-on training during which we will teach you all the attackers’ tricks and how to mitigate them, leaving you with no other feeling than the desire to know more.
It is your choice to be ahead of the pack, and be seen as a game changer in the fight against cybercrime.
Delegates attending will:
- Understand basic concepts of security, IT security and secure coding
- Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
- Learn client-side vulnerabilities and secure coding practices
- Learn about Node.js security
- Learn about MongoDB security
- Have a practical understanding of cryptography
- Understand essential security protocols
- Understand security concepts of Web services
- Learn about JSON security
- Get practical knowledge in using security testing techniques and tools
- Learn how to handle vulnerabilities in the used platforms, frameworks and libraries
- Get sources and further readings on secure coding practices
Ethical Hacking and Countermeasures
35 HoursDescription:
This class will immerse the students into an interactive environment where they will be shown how to scan, test, hack and secure their own systems. The lab intensive environment gives each student in-depth knowledge and practical experience with the current essential security systems. Students will begin by understanding how perimeter defences work and then be lead into scanning and attacking their own networks, no real network is harmed. Students then learn how Intruders escalate privileges and what steps can be taken to secure a system. Students will also learn about Intrusion Detection, Policy Creation, Social Engineering, DDoS Attacks, Buffer Overflows and Virus Creation.
Target Audience:
This course will significantly benefit security officers, auditors, security professionals, site administrators, and anyone who is concerned about the integrity of the network infrastructure.
Embedded Systems Security
21 HoursThis instructor-led, live training in the US introduces the system architectures, operating systems, networking, storage, and cryptographic issues that should be considered when designing secure embedded systems.
By the end of this course, participants will have a solid understanding of security principles, concerns, and technologies. More importantly, participants will be equipped with the techniques needed for developing safe and secure embedded software.
Interactive Application Security Testing (IAST)
14 HoursInteractive Application Security Testing (IAST) is a form of application security testing that combines Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) or Runtime Application Self-protection (RASP) techniques. IAST is able to report the specific lines of code responsible for a security exploit and replay the behaviors leading to and following such an exploit.
In this instructor-led, live training, participants will learn how to secure an application by instrumenting runtime agents and attack inducers to simulate application behavior during an attack.
By the end of this training, participants will be able to:
- Simulate attacks against applications and validate their detection and protection capabilities
- Use RASP and DAST to gain code-level visibility into the data path taken by an application under different runtime scenarios
- Quickly and accurately fix the application code responsible for detected vulnerabilities
- Prioritize the vulnerability findings from dynamic scans
- Use RASP real-time alerts to protect applications in production against attacks.
- Reduce application vulnerability risks while maintaining production schedule targets
- Devise an integrated strategy for overall vulnerability detection and protection
Audience
- DevOps engineers
- Security engineers
- Developers
Format of the course
- Part lecture, part discussion, exercises and heavy hands-on practice
Securing Windows Using PowerShell Automation
42 HoursThis instructor-led, live training in the US (online or onsite) is aimed at SysAdmins, systems engineers, security architects, and security analysts who wish to write, execute, and deploy PowerShell scripts and commands to automate Windows security management in their organization.
By the end of this training, participants will be able to:
- Write and execute PowerShell commands to streamline Windows security tasks.
- Use PowerShell for remote command execution to run scripts on thousands of systems across an organization.
- Configure and harden Windows Server and Windows Firewall to protect systems from malware and attacks.
- Manage certificates and authentication to control user access and activity.
Security Analyst
35 HoursTarget Audience would be - Network server administrators, firewall administrators, information security analysts, system administrators, and risk assessment professionals
WEBAP - Web Application Security
28 HoursDescription:
This course will give the participants thorough understanding about security concepts, web application concepts and frameworks used by developers in order to be able to exploit and protect targeted application. In today’s world, that is changing rapidly and thus all the technologies used are also changed at a fast pace, web applications are exposed to hackers attacks 24/7. In order to protect the applications from external attackers one has to know all the bits and pieces that makes the web application, like frameworks, languages and technologies used in web application development, and much more than that. The problem is that attacker has to know only one way to break into the application and developer (or systems administrator) has to know all the possible exploits in order to prevent this from happening. Because of that it is really difficult to have a bullet proof secured web application, and in most of the cases web application is vulnerable to something. This is regularly exploited by cyber criminals and casual hackers, and it can be minimized by correct planning, development, web application testing and configuration.
Objectives:
To give you the skill and knowledge needed to understand and identify possible exploits in live web applications, and to exploit identified vulnerabilities. Because of the knowledge gained through the identification and exploitation phase, you should be able to protect the web application against similar attacks. After this course the participant will be able to understand and identify OWASP top 10 vulnerabilities and to incorporate that knowledge in web application protection scheme.
Audience:
Developers, Police and other law enforcement personnel, Defense and Military personnel, e-Business Security professionals, Systems administrators, Banking, Insurance and other professionals, Government agencies, IT managers, CISO’s, CTO’s.
Certified Information System Security Professional (CISSP) CBK Review
35 HoursA CISSP is an information assurance professional who defines the architecture, design, management and/or controls that assure the security of business environments. The vast breadth of knowledge and the experience it takes to pass the exam is what sets a CISSP apart. The credential demonstrates a globally recognized level of competence provided by the (ISC)2® CBK®, which covers critical topics in security today, including cloud computing, mobile security, application development security, risk management and more.
This course helps you review the 10 domains of the information security practices. It also serves as a strong learning tool for mastering concepts and topics related to all aspects of information systems security.
Objectives:
- To review of the main topics of CISSP CBK (Common Body of Knowledge).
- To prepare for a CISSP examination
CISM - Certified Information Security Manager
28 HoursDescription:
Disclaimer: Please be advised that this updated CISM exam content outline is applicable to exams starting 1 June 2022.
CISM® is the most prestigious and demanding qualification for Information Security Managers around the globe today. This qualification provides you with a platform to become part of an elite peer network who have the ability to constantly learn and relearn the growing opportunities/ challenges in Information Security Management.
Our CISM training methodology provides an in-depth coverage of contents across the Four CISM domains with a clear focus on building concepts and solving ISACA released CISM exam questions. The course is an intense training and hard-core exam preparation for ISACA’s Certified Information Security Manager (CISM®) Examination.
Our instructors encourage all attending delegates to go through the ISACA released CISM QA&E (Questions, Answers and Explanations) as exam preparation - you get this FREE as part of our course. The QA&E is exceptional in helping delegates understand the ISACA style of questions, approach to solving these questions and it helps rapid memory assimilation of the CISM concepts during live classroom sessions.
All our trainers have extensive experience in delivering CISM training. We will thoroughly prepare you for the CISM examination.
Goal:
The ultimate goal is to pass your CISM examination first time.
Objectives:
- Use the knowledge gained in a practical manner beneficial to your organisation
- Establish and maintain an Information security governance framework to achieve your organization goals and objectives
- Manage Information risk to an acceptable level to meet the business and compliance requirements
- Establish and maintain information security architectures (people, process, technology)
- Integrate information security requirements into contracts and activities of third parties/ suppliers
- Plan, establish and manage the capability to detect, investigate, respond to and recover from information security incidents to minimize business impact
Target Audience:
- Security professionals with 3-5 years of front-line experience
- Information security managers or those with management responsibilities
- Information security staff, information security assurance providers who require an in-depth understanding of information security management including: CISO’s, CIO’s, CSO’s, privacy officers, risk managers, security auditors and compliance personnel, BCP / DR personnel, executive and operational managers responsible for assurance functions
Web Security Testing - Security and Testing of Web Applications using OWASP
21 HoursThis instructor-led, live training in (online or onsite) is aimed at developers, engineers, and architects seeking to secure their web apps and services.
By the end of this training, participants will be able to integrate, test, protect, and analyze their web apps and services using the OWASP testing framework and tools
Ethical Hacker
35 HoursThis class will immerse the students into an interactive environment where they will be shown how to scan, test, hack and secure their own systems. The lab intensive environment gives each student in-depth knowledge and practical experience with the current essential security systems. Students will begin by understanding how perimeter defenses work and then be lead into scanning and attacking their own networks, no real network is harmed. Students then learn how intruders escalate privileges and what steps can be taken to secure a system. Students will also learn about Intrusion Detection, Policy Creation, Social Engineering, DDoS Attacks, Buffer Overflows and Virus Creation. When a student leaves this intensive 5 day class they will have hands on understanding and experience in Ethical Hacking.
The purpose of the Ethical Hacking Training is to:
- Establish and govern minimum standards for credentialing professional information security specialists in ethical hacking measures.
- Inform the public that credentialed individuals meet or exceed the minimum standards.
- Reinforce ethical hacking as a unique and self-regulating profession.
Audience:
The Course is ideal for those working in positions such as, but not limited to:
- Security Engineers
- Security Consultants
- Security Managers
- IT Director/Managers
- Security Auditors
- IT Systems Administrators
- IT Network Administrators
- Network Architects
- Developers
CAS for Administrators
7 HoursIn this instructor-led, live training the US (online or onsite), we discuss CAS's architecture and features and practice installing and configuring a CAS server.
By the end of this training, participants will be able to:
- Have an understanding of CAS's implementation of SSO (Single-Sign-On Authentication).
- Have the necessary practice to deploy and manage their own authentication server.
Shadowsocks: Set Up a Proxy Server
7 HoursShadowsocks is an open-source, secure socks5 proxy.
In this instructor-led, live training, participants will learn how to secure an internet connection through a Shadowsocks proxy.
By the end of this training, participants will be able to:
- Install and configure Shadowsocks on any of a number of supported platforms, including Windows, Linux, Mac, Android, iOS, and OpenWrt.
- Deploy Shadosocks with package manager systems, such as pip, aur, freshports and others.
- Run Shadowsocks on mobile devices and wireless networks.
- Understand how Shadowsocks encrypts messages and ensures integrity and authenticity.
- Optimize a Shadowsocks server
Audience
- Network engineers
- System Administrators
- Computer technicians
Format of the course
- Part lecture, part discussion, exercises and heavy hands-on practice
Network Security Administrator
35 HoursAudience:
System Administrators and Network Administrators as well as anyone who is interested in defensive network security technologies.