BlackBerry Cybersecurity Courses

Cybersecurity for Your Business (CFYB)

Length:
One (1) day course + one (1) day consulting

Who Should Attend?
Board members and management involved in securing your business.
We recommend up to 6 participants per session to allow for a constructive Q and A session.

Description

All modern businesses need to be cyber aware and cyber secure but it’s important that your security support your organization’s mission. In this course, you will learn how to:

  • Protect resources, information, hardware, software, corporate reputation, legal position, employees, and tangible and intangible assists
  • Increase your organization’s opportunities to make profit
  • Improve your reputation—secure organizations are good to work with
  • Decide on levels of risk for computer security
  • Extend security beyond organizational boundaries
  • Mitigate cost of controls and maintenance

Key Topics

  • Information Security
  • Setting up a Policy
  • Program Management
  • Risk Management
  • Life Cycle Planning
  • Personnel/Users
  • Disaster Recovery Procedure
  • Computer Security Incident Handling
  • Training and Testing
  • Security Considerations in Computer Support and Operations
  • Physical Security
  • Identification and Authentication
  • Logical Access Control
  • Audit Trails and Logging
  • Securing Your Data
  • In-region Security Frameworks/Regulations

Qualification

All candidates will be awarded a BlackBerry Verified Certificate of Attainment

Pre-requisites

None

Assessment

None

Staff Security Awareness Training PLUS (SSAT PLUS)

Length
One (1) day course

Who should attend?
Suitable for all staff
We recommend up to 10 participants per session to allow for a constructive Q and A session.

Description

This course is a comprehensive session on how to stay safe at work and at home with regards to information security. The “PLUS” also covers what to do if someone attempts an attack and countermeasures to fraudsters and social engineered attacks.

There are two ways an attacker can compromise your information—either face to face or over the wire (phone, mobile phone, email, the internet, Wi-Fi etc). The information you put at risk every day (bank account details, personal information, company data, etc.) is vulnerable to attack unless you safeguard it. This course is all about active defence against malicious cyber attacks against you, your family and the company you work for.

This course is offered in three parts to provide overviews on the following:

  1. Security awareness training – keeping yourself safe online and offline.
  2. Basic forensic first response – what to do if you discover a cyber-attack attempt
  3. Anti-Social Engineering – how to protect yourself from the new wave of cyber criminals.

Key Topics

1.    Staff Security Awareness Training (SSAT)
Staff can unwittingly put your data at risk or even give away confidential information by not taking appropriate precautions. Even if you have an Acceptable Use policy, Email policy or IT Security guidelines, your employees may not be reading them. This Security Awareness Training makes staff aware of risks in a practical and appealing way, helping to create a ‘security aware culture’ within your business.

Objectives:
After attending the course you will have an understanding of:

  • To have a good understanding of your organization’s IT security policies
  • To be aware of internet security threats and understand the terms Virus, Worm, Trojans, Spam and Phishing
  • To understand and be aware of security fallacies
  • To learn how to identify fraudulent emails
  • To be familiar with social engineering techniques to gain an employee’s trust and access secure information
  • To understand, through real-life case studies, how ‘hacking’ and ‘social engineering’ techniques are used to compromise IT security
  • To understand how to protect information when using removable media, mobile phones
  • To learn how to create a completely secure password
  • To learn the principles of how to work safely at home and on the road, using VPN or Wi-Fi connections
  • To understand the risks inherent to social networking sites

2.    Basic Forensic Incident; First Responder Course
The Forensic Incident; First Responder level is designed for those who may need to collect computer evidence. In any digital forensics scenario, first response is the most critical stage. Incorrect handling of evidence could destroy vital clues and/or lead to a case being inadmissible in court.

Objectives:
After attending the course you will have an understanding of:

  • Recognising a need for a computer forensics scenario
  • Determining what constitutes computer evidence
  • UK Laws concerning the acquisition of computer forensic evidence
  • ACPO guidelines on computer evidence
  • Chain of custody
  • The tools used, and risks involved with, evidence collection
  • Working with third parties, such as law enforcement
  • How to correctly produce documentation regarding computer evidence
  • Digital media

3. Anti-social Engineering and Security Counter Measures
Social engineering is a non-technical method of intrusion used by hackers, which relies heavily on human interaction and often involves tricking people into breaking normal security procedures. It is one of the greatest threats encountered by organizations today. In this session, you will learn about the methodology used by expert social engineering operatives to gain access, learn hidden information and penetrate systems.

Objectives:
After attending the course you will have an understanding of:

  • What is Social Engineering
  • The skills of a Social Engineer
  • Principles of influence
  • Mental focus skills
  • Blending in
  • Personality profiling
  • Basic psychology of social engineering
  • Priming
  • Verbal and nonverbal communication techniques
  • Calibrating people’s traits
  • The power of suggestions
  • Physical security breaches
  • Scope documents and the law
  • Pretexting
  • Actions on discovery

Qualification

None

Pre-requisites

None

Assessment

None

Forensic Incident; First Responder Course (FIFR)

Length
Two (2) days

Who should attend?
Anyone who may need to correctly collect digital evidence, such as managers, trading standards teams, auditors and front line technical staff. Suitable for both technical and non-technical staff.

Description

The Forensic Incident; First Responder level is designed for anyone who may need to collect computer evidence. In any digital forensics scenario, first response is the most critical stage. Incorrect handling of evidence could destroy vital clues and/or lead to a case being inadmissible in court.

Key Topics

  • How to recognise a need for a computer forensics scenario
  • UK Laws concerning evidence collection
  • ACPO guidelines on computer evidence
  • Chain of custody
  • The tools used, and risks involved with, evidence collection
  • What constitutes digital evidence
  • Working with third parties, such as law enforcement
  • Correctly producing documentation regarding computer evidence
  • Digital media

Qualification

Successful candidates will receive a BlackBerry Verified 'Forensic Incident; First Responder' Certificate of Attainment

Pre-requisites

None

Assessment

Continuous Assessment

Staff Security Awareness Training (SSAT)

Length
Half (1/2) day

Who should attend?
Managers, administration staff, and any employee who handles secure and confidential IT Information.

Description

Staff can unwittingly put your data at risk or even give away confidential information by not taking appropriate precautions. Even if you have an Acceptable Use policy, Email policy or IT Security guidelines, your employees may not be reading them. This Security Awareness Training makes staff aware of risks in a practical and appealing way, helping to create a ‘security aware culture’ within your business.

Key Topics

  • Understanding of your organization’s IT security policies
  • Internet security threats such as Viruses, Worms, Trojans, Spam and Phishing 
  • Understanding and being aware of security fallacies 
  • How to identify fraudulent emails
  • Real-life case studies that demonstrate how ‘hacking’ and ‘social engineering’ techniques are used to compromise IT security
  • How to protect information when using removable media, mobile phones
  • Social engineering techniques – how social engineers gain an employee’s trust in order to access secure information
  • How to create a completely secure password
  • How to work safely at home and on the road, using VPN or Wi-Fi connections
  • The risks inherent to social networking sites

Qualification

All candidates will be awarded a BlackBerry Verified ‘Security Awareness Trained’ Certificate of Attainment

Pre-requisites

None

Assessment

None

BlackBerry Cybersecurity Services Coordinator (CSC)

Length
One (1) day

Who Should Attend?
Anyone who needs to specify, procure, manage and/or interpret vulnerability assessments (penetration tests)

Description

The CSC provides candidates with the tools and techniques necessary to ensure the objectives of security testing are met. It’s offered in two sections, Technical and Management.

Key Topics

Technical

  • Basic network security
    • Firewall functionality
    • Lockdown and hardening
    • The principals of intrusion detection
    • Intrusion prevention systems
  • An overview of the threats
    • Network level attacks
    • Application level attacks (SOAP, XML, SQL Injection)
    • Sources of vulnerability information and alerts
  • The basics of the testing process
    • Vulnerability analysis
    • Application level testing
    • Password cracking
  • Dealing with other staff in your organization
    • Configuration/change/patch management and supporting procedures such as incident management

Management

  • Professionalisation schemes and qualifications
    • Existing schemes and qualifications, their status and when they should be applied
    • The need for competition rotating service providers
  • Scoping the tests
    • The importance of stating objectives
    • Scoping the minimum device set
    • The need for, and correct use of, sampling
    • Rolling out the results
    • Testing of live systems and testing of pre-go-live
  • Liabilities and responsibilities
    • Typical dependencies on each party
  • Comparing proposals
    • Using testing days vs reporting days
  • Testing in practice
    • Adding ITHC activities and contingencies to a project plan.
  • Reporting
    • Including the benefits of daily wash-up
    • The need for a final wash-up discussion
    • Who should attend
    • Maintaining assurance in the system going forward and managing test connections

Qualification

Successful candidates will receive a ‘BlackBerry Verified’ certification and will become an ‘associate‘ member.

Pre-requisites

  • Basic knowledge of networking and applications.
  • Knowledge of project management, including the ability to interpret a project plan.
  • Basic understanding of contractual terms and conditions.

Assessment

Multiple choice assessment at the conclusion of the course

An Introduction to Cybersecurity Services (ICS)

Length
One (1) day

Who Should Attend?
Anyone interested in cybersecurity, especially if you have a military or IT background, or if you are a student. This course is designed as a “taster” course.

Description

This one-day course is an introduction to the exciting world of cybersecurity and is intended as a starting point for anyone who may wish to pursue a career in cybersecurity. Attendees will learn about the basics of ethical hacking, digital forensics, social engineering/red team operations and ethical web application hacking.

Ethnical Hacking (Penetration Testing)

Attendees will be introduced to the highly technical world of penetration testing and take part in a mock penetration test against a fictitious client with real tools and techniques

Digital Forensics

Attendees will be presented with a mock crime scene and walked through the process of protecting the evidence, with the opportunity to try some digital forensics tools against live machines and see what evidence is available.

Social Engineering/Red Team Operations

Attendees will learn about the skills of the social engineer and get a taste of how they “hack the human”, as well as how to defend against such attacks. 

Key Topics

  • Google hacking
  • Web hacking
  • Infrastructure hacking
  • XSS and SQL exploitation
  • Man-in-the-middle attacks
  • Wireless hacking
  • Tools to collect evidence
  • Tools to uncover hidden items and passwords
  • Documentation at a crime scene
  • Priming people
  • Physical security and tailgating techniques

Qualification

All candidates will be awarded a BlackBerry Verified Certificate of Attainment

Pre-requisites

Technical knowledge of Windows and Linux will be an advantage

Assessment

Continuous

BlackBerry Cybersecurity Services Professional (CSP) Level 2

Length
Five (5) days

Who Should Attend?
IT professionals who are interested in vulnerability/penetration testing but do not require a CHECK equivalent qualification.

Description

During the Cybersecurity Services Professional (CSP) Level 2 course candidates are taught the theoretical & practical aspects of penetration testing in a real-life, hands-on scenario. Candidates will take part in a mock penetration test against a fictitious client with real tools and techniques. From the moment candidates enter the class they will be introduced to the highly technical world of penetration testing. Whether you are manipulating network traffic to grab passwords with Ettercap, intercepting WLAN traffic with Aircrack or seeking out vulnerabilities with Metasploit – you will find yourself in a fascinating and engaging environment that will prepare you for the role of pen tester.

Key Topics

  • Information security in the corporate world
  • Professionalism and communication skills
  • Ethics and the law
  • Core Network Protocols
  • Network enumeration and network mapping
  • Network device management and exploitation
  • Service enumeration
  • Service topology/dependency mapping
  • Application enumeration and profiling
  • Application and operating system management
  • Application and operating system exploitation
  • APR spoofing – MITM attack
  • Subnet Masks
  • Google hacking
  • Port scanning & Fingerprinting
  • Banner Grabbing
  • Vulnerability scanning
  • Brute forcing
  • Session Hijacking
  • XSS – Cross site scripting
  • Exploitation frameworks
  • SQL Injection

Qualification

Successful candidates will be awarded a BlackBerry Verified Certificate of Attainment

Pre-requisites

  • Experience with Windows and Linux operating systems in a networked environment
  • CLI skills, which include the navigation of file systems and manipulation of files and directories for both Windows and Linux
  • Ability to interrogate network systems for basic information such as IP address and MAC address
  • Knowledge of network fundamentals (IP addressing, subnets, routing)
  • Familiarity with TCP/IP stack and OSI Model
  • Knowledge of common Internet protocols (HTTP, FTP,DNS etc)

Assessment

  • Multiple choice exam - Closed book, 80 questions, 1-hour
  • Written Exam - Closed book
  • Practical Exam - Candidates will sit a digital assault course
  • Viva Exam - Candidates are requested to provide a ‘synopsis’ of their findings to the examiner in a viva environment lasting no more than 30 minutes.

Social Engineering Level 1 (SE1)

Length
One (1) day

Who Should Attend?

  • Professionals in who are interested in Red Team operations and Social Engineering Testing
  • Professionals wishing to progress beyond the CSA or CSTM courses
  • Anyone who wants to learn how to “counter” Social Engineering attacks

Description

Social engineering is a non-technical method of intrusion used by hackers, which relies heavily on human interaction and often involves tricking people into breaking normal security procedures. It is one of the greatest threats organizations encounter today. In this course, candidates will learn the methodology used by expert social engineering operatives to gain access, learn hidden information and to penetrate systems.

Key Topics

  • What is social engineering
  • The psychology of social engineering
  • The principles of influence
  • Priming techniques
  • Mental focus skills
  • Blending in
  • Verbal and non-verbal communication
  • Calibrating people’s traits
  • The power of suggestion
  • Personality profiling
  • Physical breaches and social engineering testing
  • Scope documents and the law
  • Pretexting
  • Actions on discovery

Qualification

Successful candidates will receive a BlackBerry Verified ‘Social Engineering Level 1’ Certificate of Attainment

Pre-requisites

Basic pen testing and technical knowledge

Assessment

None

Secure Web Applications (SWA)

Length
Two (2) days

Who Should Attend?
Suitable for anyone who is comfortable working with code, but also for software engineers, software architects and web developers wanting to know how to protect against malicious attacks.

Description

Web applications remain one of the most profitable areas a malicious attacker may target. In this course an experienced penetration tester will teach you what they find, how they find it and how to protect against these attacks. This will involve looking at a specific piece of code, identifying a security flaw, and implementing a fix for flaws found on the Top 10 and CWE/SANS Top 25 Most Dangerous Programming Errors.

In addition to reviewing the code behind these common errors, attendees will be instructed in the field of penetration testing so they may identify flaws in web applications.

The course is focused on software development, however the technical content is accessible enough for anyone who is comfortable working with code and wishes to understand web application security from a development perspective.

Key Topics

Common Web Application Vulnerabilities

  • Cross-site scripting (XSS)
  • Cross-site request forgery (CSRF)
  •  SQL injection
  • HTTP response splitting
  • Parameter manipulation

Development management

  • SSDLC
  • Reaching milestones

Data Validation

  • Input validation
  • Whitelisting vs. blacklisting
  • Output encoding and escaping
  • Using frameworks and APIs

Authentication

  • How to use encryption
  • Protecting session ids
  • Basic and Forms Based Authentication

Session management

  • Session hijacking
  • Session fixation

Offensive Security

  • Penetration testing methodology
  • Understanding risk, threat and vulnerability
  • Common security models
  • Tool based testing
  • Manual identification of vulnerability

Qualification

Successful candidates will receive a BlackBerry Verified ‘Secure Web Applications’ Certificate of Attainment

Pre-requisites

Candidates should have at least one year’s experience working with a web programming language and be familiar with SQL.

Assessment

Written assessment and practical assessment

Intensive Networking (IN)

Length
One (1) day course

Who Should Attend?

  • Professionals in public or private enterprise who are involved or interested in vulnerability/penetration testing and IT security, but require some grounding in networking before progressing
  • Professionals wishing to progress further by taking the CSA or CTM courses and exams and ultimately to become CHECK Team Members (CTM).

Description

This course is designed specifically for candidates who do not have the full pre-requisites to embark on the CSA or CTM course or for those wishing to refresh their knowledge prior to attending.

Attendees will cover a range of networking topics including fundamental concepts such as OSI model, TCP/IP stack, IP routing, manipulating IP addresses, subnetting and creating custom subnet masks. The tools and techniques taught will cover the Windows and Linux operating systems to provide insight into using command line tools to interrogate, manipulate and test network and Internet connections.

The course is a mix of theoretical networking content and hands on sessions.

Key Topics

  • Identify & manipulate an IP address
  • Configure a subnet mask and default gateway
  • Describe an IP address & classful addressing
  • Describe major address, broadcast and subnet
  • Describe the role of a subnet & subnet mask
  • Plan subnets and create a CSM (Custom Subnet Mask) based on requirements
  • Routing
  • Compare static vs dynamic routing
  • Describe stateless vs stateful firewall
  • OSI model and role of the layers
  • Compare the OSI model to the TCP/IP Stack. Describe the role of protocols their port numbers (HTTP, HTTPS, FTP, DNS etc.)
  • Navigate file systems using cd
  • Manipulate files and directories using md, rd, dir, copy, del, ren, mkdir, rmdir, ls, cp, rm and mv
  • Create & display files using type, >>,> cat, and echo
  • List running processes using ps
  • Use an editor to open and manipulate files

Qualification

Successful candidates will receive a BlackBerry Verified ‘Intensive Networking’ Certificate of Attainment

Pre-requisites

Basic computer experience is all that is required

Assessment

A practical networking skills-based assessment using all the techniques and tools taught during the day