. Course Overview Cyber Security

Course Overview
Cyber Security
Sharpen your mind
Deloitte Academy
.
2014
We believe it is important to share our knowledge with clients and business relations.
For this reason, we want to offer you the opportunity to participate in a training
course together with our Deloitte Security & Privacy professionals.
This overview contains the following training courses:
•
CISSP Certification
•
CISM Certification
•
SAP Security
•
Prepare for Privacy
•
HackLab: Hands-on Hacking
•
HackLab: Malware Analysis
•
HackLab: Introduction to Cybercrime
•
HackLab: SAP
•
ISO 27001 Implementation and Audit
•
SCADA Security
•
Oracle GRC
•
SAP GRC
•
In-house training, custom training and learning programmes
CyberLympics 2011, 2012 and 2013.
Deloitte has extensive experience in the field of advising and assessing the information security within governments
and business. Our team consists of more than 30 specialists that describe "ethical hacking" as their great passion.
The knowledge, experience and passion are reaffirmed in the recent finals of the Global CyberLympics. The team of
Deloitte Netherlands did win, for the third time in a row a contest which consisted of both offensive and defensive
security challenges.
CISSP Certification
The Certified Information Systems Security Professional (CISSP) certification is a globally
recognized credential: the first of its kind and accredited by the American National
Standards Institute (ANSI).
Course objectives
The Deloitte (ISC)2 CISSP Certification course is an intensive, five-day
course that covers the most comprehensive compendium of
information security best practices – the Common Body of Knowledge
(CBK). The CISSP CBK establishes a common framework of
information security terms and principles that allow information security
professionals worldwide to discuss, debate and resolve matters
pertaining to the profession, with a common understanding.
The CISSP CBK consists of the following 10 domains:
Programme
Day 1
•
Information Security Governance and
Risk Management
•
Security Architecture and Design
Day 2
•
Access Control
•
Application Security
•
Operations Security
1.
Access Control;
2.
Application Security;
3.
Business Continuity and Disaster Recovery Planning;
•
Cryptography
4.
Cryptography;
•
Physical Security
5.
Information Security and Risk Management;
Day 4
6.
Legal, Regulations, Compliance and Investigations;
Day 3
•
Networking
•
Business Continuity Planning
7.
Operations Security;
8.
Physical (Environmental) Security;
•
Business Continuity Planning
Security Architecture and Design;
•
Legal and Regulatory
•
Sample exam (100 questions)
9.
10. Telecommunications and Network Security
Day 5
Exam
The Deloitte CISSP certification course has a passing rate of over 90%
as opposed to the average CISSP success rate of around 60%.
Target audience
Participants will receive a voucher with which
they can book an examination at a desired
date and time at a Pearson VUE test centre
of their choice.
Security managers, risk managers, IT auditors, IT security
professionals and security officers
Course date and location
This five-day course will be held on 3 – 7 March and on
10 – 14 November 2014 in Amsterdam, the Netherlands.
Costs
The costs are EUR 2,995 ex VAT. Exam voucher, catering (lunch) and
course materials are included in the price.
Course overview − Security & Privacy
2
CISM Certification
CISM, Certified Information Security Manager, is a globally acknowledged information
security management certification. This certification demonstrates you can connect
information security to your organization’s business goals, understand the security aspects
of new and current technologies, and possess the knowledge and skills to manage
information security within your organization.
Course objectives
Programme
The Deloitte CISM certification course is a three-day course, which
aims to prepare participants for successfully passing the CISM exam.
Day 1
•
Introduction to CISM
The CISM certification indicates that participants understand a global
framework of information security management concepts and
principles. These can be applied to different situations, so information
security is managed in the best way possible. Areas of interest include
risk management, handling security incidents, compliance issues,
managing information security programs and integrating information
security into the business.
•
Information security governance
•
Exercises
The CISM framework clarifies the use of information security
management in the organization, while it ensures its application is in
sync with the organisation’s business goals. Information security
management thus becomes more effective and efficient.
Day 3
The CISM course comprises four domains:
1.
Information security governance
2.
Information risk and compliance
3.
Information security program development and management
4.
Information security incident management
Besides these four domains, exam preparation will be a significant part
of the course.
Day 2
•
Information risk and compliance
•
Information security incident management
•
Exercises
•
Information security program
development and management
•
Summary
•
Exam preparation
Exam
The exam can be taken on 14 June or 13
December 2014. Participants have to
register themselves at ISACA
(www.isaca.org), up to 4 weeks prior to
the exam.
It is advisable to take the exam right after the
training.
Target audience
(Information) Security managers (senior and junior level), business
managers with information security in their portfolio, IT security
professionals and security officers.
Course date and location
This three-day course will be held on 10 – 12 June and on 8 – 10
December 2014 in Amsterdam, the Netherlands.
Costs
The costs are EUR 1,295 ex VAT. Catering (lunch) and course
materials (CISM Review Manual and review questions) are included in
the price. Exam fee is excluded.
Course overview − Security & Privacy
3
SAP Security
During this five-day course, we will facilitate an in-depth view of SAP security. Starting
from the basic concepts, the most important SAP security options will be discussed. Since
we believe in ‘doing is learning’, the course not only provides technical background: it
includes plenty of opportunity to discuss practical use, benefits, constraints and real-life
examples. More importantly, many hands-on exercises are included, challenging
participants to put the theory into practise. Deloitte uses its own sandbox environments to
this end.
Course objectives
If you have ever been involved with SAP and its security concept, you
are most likely familiar with the term SAP_ALL. Developers say they
can’t work without it, auditors say nobody should have it assigned.
This course will teach you the most important SAP security features
and will allow you to understand their implications. It will enable you to
tailor the security settings and procedures to best fit your organization
without losing sight of best practises.
Target audience
Security managers, SAP application managers, SAP security
professionals and IT auditors regularly dealing with SAP related
security challenges and such.
Other stakeholders such as internal control managers, risk managers
and IT professionals with an interest to learn more about SAP Security
concepts and techniques will benefit from this course as well.
Course date and location
This course is split into two parts. The first part is held on 30 – 31
January 2014 and provides an introduction to the SAP security concept.
The second part, held on 3 – 5 February 2014, provides additional
details and advanced topics.
The complete course will be held in Amsterdam.
Costs
The costs are EUR 1,795 ex VAT. Catering (lunch) and course
materials are included in the price.
Programme
The SAP Security course will cover the most
important security settings for an SAP ERP
system. You will be introduced to SAP basis
security features, their implications and
constraints, where they are implemented, and
how they can be audited. The course will also
address topics such as ‘hacking’
vulnerabilities, tooling and best practises.
Although the course will focus on SAP ERP
(commonly also referred to as R/3 and ECC),
these concepts likewise apply to all other
ABAP based systems, such as CRM, SRM
and BI.
The following topics will be addressed:
•
The SAP Landscape;
•
Access Path;
•
Introduction to Security;
•
Navigation;
•
User Management;
•
Authorization concept;
•
Profile Generator;
•
Logging;
•
System Parameters;
•
Transaction Security;
•
Program Security;
•
Table Security;
•
Job Scheduling;
•
Change Management;
•
Interfaces;
•
Use of tooling such as GRC.
Course overview − Security & Privacy
4
Prepare for Privacy: Are you prepared?
The importance of protecting personal data within organisations has increased
exponentially. Technological developments have facilitated organizations in processing
more personal data and on a larger scale. This has triggered a rapidly growing public interest
in the protection of personal data and related legislation and regulations.
Course objectives
This practical course will provide the participants with insight into the
rules on processing personal data and the steps required for complying
with privacy legislation.
Target audience
Data officers, HR managers, chief information officers, security
managers and other persons who are responsible for protecting
personal data or who work with personal data every day.
The participants will not need a thorough knowledge of privacy
legislation.
Course date and location
Programme
The course will discuss the notification and
information requirement, the requirements for
international transfers and the security
measures to be implemented. The cookie
legislation, the rules on direct marketing,
emails and internet monitoring and privacy
aspects of “the Cloud will be dealt with too.
Finally, the course goes into the various risks
of processing personal data, unnecessary or
otherwise, preventing data leakage, and the
upcoming European Privacy Regulation.
This one-day course will be held on 16 May 2014 in Amsterdam, the
Netherlands.
Costs
The costs are EUR 695 ex VAT. Catering (lunch) and course materials
are included in the price.
Course overview − Security & Privacy
5
HackLab: Hands-on Hacking
Computer hacking is the practice of influencing computer hardware and software to
accomplish a goal outside of their original purpose. A computer hacker is a person who
identifies weaknesses and exploits them. Hacking is considered a complex activity. This
course will explore the world of hacking and shed a light on how hackers work.
Course objectives
The practical five-day course equips participants with hands-on black
box, white box and grey box vulnerability testing. We will address
testing of web applications, mobile applications, mobile devices,
wireless security, host based and network based infrastructure.
The course takes the participants through the different stages of our
proven methodology of information gathering, target selection and
vulnerability identification and exploitation. Besides the methodology
we will also discuss the different leading practises, such as OWASP
and go into the different tools for vulnerability testing.
Programme
Day 1: Introduction and external
penetration tests
•
Introduction and security trends
•
Penetration testing methodology
•
External Infrastructure penetration test
•
Firewall security / Prevention systems
•
Physical security assessments and social
engineering
Target audience
Day 2: Internal penetration tests
Security managers, application developers, IT professionals and IT
auditors who have an interest in ‘Vulnerability Assessment’ and
‘Hacking’.
•
Infrastructure security test
•
Host-based security test
•
Wireless security test
Participants of the course are expected to have a basic understanding
of network, TCP/IP and Operating Systems (Windows and Linux).
•
Network security test
Day 3: Application Assessments
•
Architecture
Course date and location
•
Information Gathering
This five-day course will be held on 7 – 11 April and on 15 – 19
September 2014 in Amsterdam, the Netherlands.
•
Vulnerability analysis
•
Code review
•
OWASP top 10
Costs
•
The costs are EUR 1,995 ex VAT. Catering (lunch) and course
materials are included in the price.
Executing of a web application
vulnerability assessment
Day 4: Current trends in hacking
•
Mobile Applications and security
•
Incident response / Security Operating
Centres
•
Malware analysis
•
Hacking game
•
Reporting Exercise
Day 5: Vulnerability assessment case
•
Summarizes all topics of the week
•
Interview the client
•
Vulnerability assessment execution
•
Reporting and presentation of the results
•
Evaluation and closing
Course overview − Security & Privacy
6
HackLab: Malware Analysis
Malware stands for malicious software, scripts or code meant to aid an attacker to hack a
system, keep control, steal information or to cause damage. Analysing malware is a difficult
task without the right knowledge and experience. During this course hands-on experience is
gained with the analysis of malware, from the first
steps to the analysing of advanced malware.
Course objectives
This hands-on course enables participants to make their first steps
towards malware analysis up to the full reverse engineering of malware.
We will deal with different methods of malware analysis, such as
behavioural and static analysis. Topics addressed in this course include:
the different properties and actions of malware, forensic traces, network
traffic, obfuscation and encryption. Various malware files, specifically
written for this course, will be analysed prior to analysing existing malware.
A major element of this course is hands-on reverse engineering, giving
maximum experience to participants during the three days.
Following this course enables participants to perform their first analysis on
encountered malware, correctly estimate the behaviour of malware, and
understand how it can be countered.
Target audience
Programme
Day 1: Introduction
•
General malware overview
•
Malware history
•
How victims are infected
•
Botnets
•
Malware analysis introduction
•
Malware identification
•
Malware packers and unpacking
•
Behavioural analysis
•
Malware debugging
Day 2: Analysis
•
Banking Malware
Incident response employees, digital forensic researchers, IT system &
network administrators and IT professionals interested in malware
analysis.
•
Static Analysis
•
Anti-Virus products
•
Malware recovery
The participants should have fundamental insight into network protocols,
IP network services, and operating systems. Experience with malware is
not required, but a solid technical background is desired.
•
Malware crypto
•
Malware tools
•
Malware scripts analysis
•
Malware network traffic analysis
•
Exploit analysis
•
Malware Anti-Forensics
Course date and location
This three-day course will be held on 15 – 17 April and on 9 – 11
September 2014 in Amsterdam, the Netherlands.
Day 3: Training and deepening
Costs
The costs are EUR 1,295 ex VAT. Catering (lunch) and course materials
are included in the price.
On Day 3, the knowledge gained is further
put into practice. In different assignments,
including the analysis of advanced malware
specimens and Capture The Flag (CTF)
exercises, insight will be provided into the
inner working of malware analysis and
reverse engineering in practice.
Course overview − Security & Privacy
7
HackLab: Introduction to Cybercrime
Over the last couple of years, cyber attacks have frequently made the headlines. Newspapers
and online media are filled with terms such as trojans, botnets, phishing, denial of service
attacks and data breaches. But what do these terms really mean and why are these attacks
possible? This course will provide you with a theoretical and practical understanding of
cyber attacks: essential if you wish to deal effectively with cybercrime within your
organisation.
Course objectives
This course will explain the most common types of cyber attacks, the
technology they are based on and the weaknesses they exploit in IT
systems. To better understand cybercrime, we will look into the
evolution of the Internet, the underlying technology and its global
democratisation. We will also show how this insight into cybercrime
can be used to design and implement effective risk mitigation
measures, advise on security or prosecute cyber fraudsters.
This course is a good foundation for any professional wanting to
pursue training or further their knowledge of this field. It is not a deep
dive into hacking activities or malware analysis. For more information
on these topics please refer to HackLab: Hands-on Hacking and
HackLab: Malware Analysis.
Target audience
This course is targeted at members of law enforcement agencies,
policy makers, security officers, security managers, IT managers,
application developers, IT professionals and IT auditors who have an
interest in the latest developments in cybercrime.
Course date and location
This three-day course will be held on 10−12 February and on 24−26
September 2014 in Amsterdam, the Netherlands.
Costs
The costs are EUR 1,295 ex VAT. Catering (lunch) and course
materials are included in the price.
Programme
Day 1: The Internet, protocols, phishing
•
The birth of the Internet
•
The Internet protocols: IP and TCP
•
The basis of HTTP and HTML
•
Proxies and firewalls
•
The mail protocol SMTP
•
Routers
•
The Domain Name System (DNS)
•
Phishing
•
Countermeasures phishing
Day 2: DDOS, web applications and
malware
•
Denial of Service attacks
•
Operating systems
•
(Web) servers and applications
•
HTTP
•
Browsers
•
Malware
•
Botnets
•
Banking trojans
Day 3: Hacking and countermeasures
•
Hacking
•
Hacking phases
•
Vulnerabilities
•
Cases
•
SCADA/ICS
•
Countermeasures
Course overview − Security & Privacy
8
HackLab: SAP
Hacking and cybercrime currently receive a lot of media attention after recent incidents like
Distributed Denial of Service (DDOS) attacks and theft of account and credit card data.
Critical business applications like SAP have so far received little attention, even though they
are the administrative heart of any business. This course shows a selection of vulnerabilities
and how you can defend yourself against them.
Course objectives
This one-day course provides insight into the vulnerabilities of a SAP
application and the associated infrastructure. After a brief introduction
on SAP security and penetration testing in general, we will discuss a
selection of known SAP vulnerabilities, showing you how easy it can
be to access critical functions and data. We will also discuss how you
can detect these vulnerabilities and properly secure your system
against them.
Programme
Introduction
•
Introduction
•
Penetration test methodology
•
Overview SAP components
Risks
Target audience
(SAP) Security professionals, IT managers, risk managers and IT
professionals having an interest in SAP security and ethical hacking.
Course date and location
This one-day course will take place on 13 February 2014 in
Amsterdam.
Costs
The costs of this course will be EUR 395 ex VAT. Catering (lunch) and
course materials are included in the price.
•
What can go wrong
•
Risks in a SAP landscape
Vulnerabilities
•
Sample vulnerabilities for the different
SAP components
•
Possible countermeasures
An average SAP landscape comprises a
large number of technical components. It is
impossible to discuss all possible
vulnerabilities for all these components in a
single day. Hence we have selected a
number of relevant vulnerabilities, applicable
for different components. This enables us to
clearly outline the security possibilities in a
SAP landscape.
Course overview − Security & Privacy
9
ISO 27001 Implementation and Audit
Gaining and delivering information is critical to achieving your business goals and building
a sustainable business. Securing information within organizations is therefore becoming
more important. The ISO 27001 standard is designed to help your organization manage and
secure critical business information in the context of overall business risk and signals your
clients that you are actively working towards a more secure organization.
Course objectives
This three-day course offers practical guidance on how ISO 27001
certification can be achieved and what the biggest challenges are
during an audit. It explains the required Plan, Do, Check & Act cycle
and the role of the Information Security Management System (ISMS).
The course offers insight on how controls are selected in order to cover
business risks and explains the relationship between ISO 27001 and
other ISO standards.
Areas of interest include risk analysis, business risk, creating
improvement plans and integrating information security into your
business. Special attention is given to incident management, business
continuity, data classification and access control.
Participants will benefit from our experience as both implementers and
auditors through real-life cases and examples.
All topics will be handled from both an implementer and auditor point of
view.
Programme
Day 1
•
Introduction to ISO 27001 standard
•
Structure of ISO 27001 standard and
relationship to other ISO standards
•
Differences between 2005 and 2013
version
•
Information Security Management
System and role of the Plan, Do Check &
Act cycle
Day 2
•
Risk analysis and improvement plans
•
Security policies and ISO 27001
•
Project planning
Day 3
Target audience
Information security managers, internal IT auditors, business
managers with information security in their portfolio, IT security
professionals and security officers.
•
ISO 27001 controls
•
Audit and review, including improvement
cycle
•
Steps towards certification of the
organization
Course date and location
This three-day course will be held on17−19 February 2014 in
Amsterdam, the Netherlands.
Costs
The costs are EUR 750 ex VAT. Catering (lunch) and course materials
are included in the price.
Course overview − Security & Privacy
10
SCADA Security
The past years, off-the-shelve software and hardware as well as remote access possibilities
in industrial environments have increased. The broader threat landscape and increased
sophistication of attacks indicate the need to improve SCADA (supervisory control and data
acquisition) security capabilities. But where to begin? During this course we will provide
insight in threats, best practices, vulnerabilities and mitigating controls. We will take the
participant through the complete SCADA security cycle: Know, Prevent, Detect, Respond
and Recover.
Course objectives
This intensive, three-day course that covers various topics to improve
understanding of the SCADA environment and security of SCADA
systems.
The course provides the fundamentals on SCADA security. The
participants will be able to make informed decisions regarding the
security of controls systems and understand the implications of these
decisions.
The course delivers knowledge about the differences between
industrial and business IT, including the difficulties of implementing
common security practices on SCADA systems. From a compliance
perspective several standards provide helpful insights to improve the
security capabilities. For this purpose the course will elaborate on
standards and best practices such as: ISO-27000, NERC-CIP, SANS
and ISA-99. On a practical level, the course will provide a hands-on
workshop in which participants can experience SCADA exploitation. In
addition, the program elaborates on SCADA vulnerability and security
assessments.
Target audience
IT professionals, penetration testers and managers that want to
increase their understanding and knowledge of the SCADA
environment and SCADA security assessments.
Programme
Day 1: Know
•
Understanding the SCADA threat
landscape
•
Understanding the differences between
industrial- and business IT security
•
Understanding best practices and
standards
Day 2: Prevent & Detect
•
Reviewing SCADA architecture
•
Reviewing SCADA vulnerabilities
•
Security logging and monitoring
•
Selecting and implementing security
controls
Day 3: Respond & Recover
•
Hands-on SCADA exploitation workshop
•
Active and passive security assessments
•
Implementing a security operations centre
and disaster recovery strategies
•
Future SCADA security technologies
Course date and location
This three-day course will be held on 17 – 19 March 2014 in
Amsterdam, the Netherlands.
Costs
The costs are EUR 1,295 ex VAT. Catering (lunch) and course
materials are included in the price.
Course overview − Security & Privacy
11
Oracle GRC
This two day course enables you to smoothen your Oracle Governance, Risk & Compliance
(GRC) implementation journey. It brings insight in how Oracle’s GRC software can help in
managing risks and controls (access, process and business controls) from a single repository.
The course aims to get you comfortable with a best practise implementation strategy and
approach, lessons learned and key success factors. For those looking for hands-on
experience and practical use cases the course offers a technical Deep Dive.
Course objectives
In today’s unpredictable and highly competitive business environment,
it’s important to take a holistic view of governance, risk and compliance
(GRC) — while focusing not only on the risks that can threaten value,
but also the risks that an enterprise can take to create value. People,
processes and technology should all work together to help the
enterprise stay in control of the risks it chooses to take.
Programme
This two day course contains both functional
and high-level technical aspects of Oracle
GRC and will help audience with both
technical and non-technical background.
Oracle’s comprehensive GRC software provides the functionalities to
automate your GRC initiatives and processes to optimize business
processes, manage risks and comply with regulations.
Day 1
This course will teach you how Oracle’s GRC software can help in
managing risks and controls (access, process and business controls)
from a single repository. Additionally, the course covers
implementation strategy, lessons learned, key success factors and
best practices to make you more comfortable with your GRC
implementation. We will also take a deep-dive into the system to
understand the technical basics, based on a case study.
•
Holistic view on GRC
•
Product overview of Oracle GRC
•
New features and key enhancement
•
Implementation strategy and approach
•
Lessons learned
•
Key success factors
•
Best practices.
Target audience
Risk managers, financial and business controllers, Oracle competence
centre managers, functional consultants, implementation consultants,
security & GRC consultants, program managers and IT governance
experts.
Course date and location
The first day will mainly focus on functional
side of Oracle GRC and covers:
Day 2
The second day is designed to give you a
more comprehensive understanding of the
technical implementation of GRC and focuses
on:
•
Installation requirements
•
Technical configuration basics of Oracle
GRC based on use cases and exercises,
e.g:
This two-day course will be held on 13 − 14 March 2014 in Amsterdam,
the Netherlands.
− TCG – Transaction Controls Governor
Costs
− AACG – Application Access Controls
Governor
The costs are EUR 795 ex VAT. Catering (lunch) and course materials
are included in the price.
− CCG – Configuration Controls
Governor
− PCG – Preventive Controls Governor
Although this program is specifically designed
for Oracle GRC Controls, it will touch upon
the integration point with Oracle GRC
Manager and Oracle GRC Intelligence.
Course overview − Security & Privacy
12
SAP GRC
This course enables you to release the value of Governance, Risk & Compliance (GRC)
within your organization through automation with SAP GRC. It brings insight in how SAP’s
GRC software can help in managing risks and controls (access, process and business
controls) from a single repository. The course aims to get you comfortable with a best
practise implementation strategy and approach, lessons learned and key success factors. For
those looking for hands-on experience and practical use cases the course offers a technical
Deep Dive.
Course objectives
In today’s unpredictable and highly competitive business environment,
it’s important to take a holistic view of governance, risk and compliance
(GRC) — while focusing not only on the risks that can threaten value,
but also the risks that an enterprise can take to create value. People,
processes and technology should all work together to help the
enterprise stay in control of the risks it chooses to take.
SAP’s comprehensive GRC software provides the functionalities to
automate your GRC initiatives and processes to optimize business
processes, manage risks and comply with regulations.
This course will teach you how SAP’s GRC software can help in
managing risks and controls (access, process and business controls)
from a single repository. Additionally, the course covers
implementation strategy, lessons learned, key success factors and
best practices to make you more comfortable with your GRC
implementation. We will also take a deep-dive into the system to
understand the technical basics, based on a case study.
Programme
This course is divided into two parts which
enables participants to register, based on
their experience and learning goals
Part 1: SAP GRC Essentials (2 Days)
The first two days mainly focus on functional
side of SAP GRC and covers:
•
Holistic view on GRC
•
Product overview of SAP GRC
•
New features and key enhancement
•
Implementation strategy and approach
•
Lessons learned
•
Key success factors
•
Best practices.
Part 2: SAP GRC Deep Dive (3 Days)
Target audience
Risk managers, financial and business controllers, SAP competence
centre managers, functional consultants, implementation consultants,
security & GRC consultants, program managers and IT governance
experts.
The following 3 days are designed to give you
a more comprehensive understanding of the
technical implementation of GRC and focuses
on:
•
Installation requirements
•
Technical configuration basics of SAP
GRC Access Control based on use cases
and exercises, e.g.:
Course date and location
− Access Risk Analysis
This five-day course will be held on 24 − 28 March 2014 in Amsterdam,
the Netherlands.
− Access Request Provisioning
− Business Role Management
− Emergency Access Management
Costs
− MSMP Based Workflow design for
workflow
The costs are EUR 1,795 ex VAT. Catering (lunch) and course
materials (hand-outs and exercises) are included in the price.
The costs for participants who only want to participate in Part 1: SAP
GRC Essentials (2 Days) are 795 ex VAT.
− BRF+ based rule creation
•
Technical configuration basics of SAP
GRC Process Control and Risk
Management based on use cases and
exercises.
Course overview − Security & Privacy
13
In-house training, custom training and
learning programmes
Deloitte offers more than just the trainings referred to before. We provide in-house trainings
too: anything from standard trainings to trainings tailored to your organization. We can even
set up a full learning programme uniquely geared to your organization.
In-house training
In-house or in-company training distinguishes itself because it
specifically focuses on your organization. The training can thus be
adapted to your wishes.
Standard training
Apart from our offerings discussed in this flyer, we have a great choice
of standard trainings available. We can consult with you to include
specific priority aspects you consider to be important.
Topics
Deloitte provides a great deal of trainings all
across the world, so we have a large number
of standard trainings and topics readily
available. These are just some of the
trainings we have on offer:
•
Security & Risk Management
(Governance, Frameworks, Architecture,
Transformation)
Custom training
•
Business Continuity & Disaster Recovery
A careful analysis of your learning needs and an extensive intake will
enable us to prepare a custom training. This will allow you to train and
educate your professionals very effectively. Since the course materials
and examples will be geared to your own organization, your
professionals will be able to immediately use what they have learned in
their daily practice.
•
Identity & Access Management
•
Security Architecture
•
Cyber Security
•
Infrastructure Protection
•
Application Protection
•
Secure Software Development
•
End User security (Awareness, Social
media, Mobile devices)
•
Vendor control (Cloud computing,
Assurance)
•
Privacy
•
Hacking and Vulnerability Assessments
Learning programme
In addition to offering in-house trainings, we also offer you the option to
prepare a full, tailored learning programme, entirely geared to your
organization, the business objectives, and the employees’ learning
needs.
Costs
Specific systems & certifications
Feel free to contact us for more information on pricing or to get a quote.
Even a relatively low number of participants can make an in-house
training more economical than a regular external training.
In addition, we offer security trainings on
specific systems, such as SAP and Oracle.
We can arrange trainings for most of the
security certifications (CISSP, CISM, CISA,
CEH, etc.) as well.
Further information
Training forms
If the training you need is not stated here, or if you want further
information on our training and learning offering, please contact us.
Contact details can be found in the back of this brochure.
We are able to provide various training forms
such as: classroom based, e-learnings,
webinars, workshops and game-based.
Course overview − Security & Privacy
14
Your facilitators
Our professionals are your facilitators − sharing with you their practical knowledge. Our course offerings distinguish
themselves by being topical and effective. The limited number of participants per course offers plenty of space for
interaction between facilitator and participants in a stimulating and pleasant atmosphere. The following professionals
facilitate the courses mentioned in this brochure:
Marko van Zwam
Partner Deloitte Security & Privacy
Marko is a partner within Deloitte Risk Services and leads the Security & Privacy team, which consists of more than
100 professionals. He has over 18 years of experience in IT, IT Security, IT Audit and IT Risk Management.
Gijs Hollestelle
Facilitator CISSP Certification
Gijs is a senior manager in the Security & Privacy team. Gijs has over 8 years of experience in security issues,
from security awareness to IT infrastructure security and Ethical Hacking. Gijs was part of the winning team at the
Global CyberLympics 2013.
Coen Steenbeek
Facilitator HackLab – Hands-on Hacking
Coen is a manager in the Security & Privacy team. Coen specializes in both technical engagements like
vulnerability assessments and in performing security management related tasks (ISO27001 / 2). During his career
at Deloitte Coen has earned the RE, CEH, CISSP, CISM and CGEIT certifications and he was part of the winning
team at the Global CyberLympics 2013.
Trajce Dimkov
Facilitator SCADA Security
Trajce is a manager within the Security & Privacy team and has over 7 years of experience in ICT infrastructure
and security. Trajce specializes in both security management of industrial control systems and vulnerability
assessment. Previous to his work at Deloitte, Trajce did a PhD at the University of Twente on social engineering
and physical penetration testing and is currently involved in many vulnerability assessments that include these two
ingredients.
Frank Hakkennes
Facilitator SAP Security & HackLab: SAP
Frank is a manager in the Deloitte Security & Privacy Risk Services team. Frank specializes in security
management, particularly for SAP environments. Frank is a certified SAP Security Consultant and has been
responsible for audit, implementation and advisory services in respect of (SAP) security and configuration
management.
Course overview − Security & Privacy
15
Tom-Martijn Roelofs
Facilitator HackLab – Introduction Cybercrime
Tom-Martijn is Director Cyber Security in the Security & Privacy team. Tom-Martijn has extensive experience in
combating cybercrime, IT management and audit. As a former head of ABN AMRO’s cybercrime response team,
Tom-Martijn has gained extensive expertise in incident response, fraud detection, network security monitoring and
crisis. He has set up a training program for combating financial cybercrime.
Henk Marsman
Facilitator CISM Certification
Henk is a senior manager in the Security & Privacy team and has over 13 years of experience in IT Security and
risk management. Henk focusses on security management and identity & access management. He also has a
background in public key infrastructure and network security. Currently Henk co-leads the Security management
practice within the Security & Privacy team.
Martijn Knuiman
Facilitator HackLab – Hands-on Hacking
Martijn is a senior manager in the Security & Privacy team. Martijn has over 10 years of experience in ICT
infrastructure and security. Martijn has extensive experience in Network Operating Systems, IT forensics, Data
Leakage Prevention, Security Governance, Security Management and Ethical Hacking.
Annika Sponselee
Facilitator Prepare for Privacy
Annika is a senior manager within the Security & Privacy team. Annika has over 8 years of experience in privacy
law and data protection law. Before Annika started working at Deloitte, she was a lawyer at Baker & McKenzie,
also in privacy law. Her daily activities include advisory and support services for large companies and
multinationals on national and international privacy law issues. Annika regularly gives trainings and presentations
on privacy legislation.
Thijs Bosschert
Facilitator HackLab – Malware Analysis
Thijs is a manager in the Security & Privacy team. Thijs has over 8 years of experience in Incident Response and
Forensics and over 11 years of experience in IT security. Thijs has experience in conducting and managing
incident responses and forensics investigations, pen-testing and malware research. Thijs was part of the Deloitte
Global CyberLympics team that won at the Global CyberLympics 2013.
Ruud Schellekens
Facilitator CISSP Certification
Ruud is a manager in the Security & Privacy team. With a strong IT background, Ruud started as an IT auditor. In
this role he obtained a broad knowledge of the security of ERP applications and IT infrastructures. In addition,
Ruud has been involved in developing various Deloitte security auditing tools. Ruud is a certified CISM, EDP
auditor, CISSP and GRAPA professional.
Floris Schoenmakers
Facilitator SCADA Security
Floris is a senior consultant within the Security & Privacy team. Floris has done research into the increasing
integration of industrial and business IT in SCADA environments and the vulnerabilities associated with this
integration. Floris is certified CISSP and CSSA. His main focus is the security of industrial systems and
infrastructure.
Course overview − Security & Privacy
16
Suzanne Janse
Facilitator SAP GRC
Suzanne is working as director in the Security & Privacy team of Deloitte Risk Services. She heads the ERP Risk
Consulting and GRC (Governance, Risk & Compliance) software practice; a team of highly motivated subject
matter experts in the field of ERP (SAP, Oracle) Security & Controls and GRC software implementation.
Ashees Mishra
Facilitator SAP GRC
Asheesh works as a manager in the Security & Privacy section of Deloitte Risk Services. He has more than 9 years
of work experience in area of SAP GRC Access control, Process Control, Risk Management, SAP Security and Net
weaver IDM. He has lead and been part of several SAP GRC (AC/PC) rollout projects, Controls and SOX
engagements, SAP Security and authorization design.
Willem van der Valk
Facilitator Oracle GRC
Willem is an experienced senior manager within the Security & Privacy team of Deloitte Risk Services. He has a
background in Oracle eBS and has a broad knowledge of Governance, Risk & Compliance (GRC). Willem has
been involved in many Oracle ERP and GRC implementations. Furthermore he regularly performs Oracle Security
and Controls assessments at different type of clients.
Berry Kok
Facilitator Oracle GRC
Berry is an experienced junior manager within the Deloitte Risk Services department and has a focus on GRC,
Security and Controls, User Access Management and Segregation of Duties within Oracle applications. Berry
developed his Oracle expertise by following multiple courses at the Oracle University (i.e. GL, AP, AR,
Procurement, GRC) and performing several Oracle security related assignments, ranging from ERP and GRC
implementations, SOD reviews and Security & Controls audits.
Marlous Theunissen
Facilitator HackLab – Malware Analysis
Marlous is a consultant in the Security and Privacy team of Deloitte Risk Services. Marlous graduated cum laude in
Computer Science and Engineering with focus on both security and algorithms. She has gained experience in
penetrations tests and malware analysis, and passed both the CISM and CISSP examinations this year.
Course overview − Security & Privacy
17
Additional course information
Number of participants
Permanent Education
Depending on the nature of the course and the level of
interaction we have a maximum number of participants
per course.
Deloitte Academy is a NBA (The Netherlands Institute
of Chartered Accountants) acknowledged institution.
These courses will earn you PE points.
Course hours
Registration
9:00 to 17:30 hours, including lunch.
You can register for this course through
www.deloitte.nl/academy.
Location
Our courses are being facilitated at our office in
Amsterdam. Approximately one month before the
course date you will receive more information about the
exact location of the course.
Language
The courses will be given in English or Dutch,
depending on the participants’ preferred language. The
course material is in English.
More information
For more information about these courses contact:
Deloitte Academy
Postbus 2031
3000 CA Rotterdam
Phone: 088 − 288 9333
Fax:
088 − 288 9844
E-mail: [email protected]
Internet: www.deloitte.nl/academy
Cancellation policy
Please refer to our website for our Terms and
Conditions and cancellation policy.
Deloitte Academy reserves the right to cancel the
course in the event of insufficient registrations. You will
be informed about this on time.
Course overview − Security & Privacy
18
Contact us
Deloitte Academy
Wilhelminakade 1
3072 AP Rotterdam
Postbus 2031
3000 CA Rotterdam
Phone 088 288 9333
Fax
088 288 9844
[email protected]
www.deloitte.nl/academy
Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee, and its
network of member firms, each of which is a legally separate and independent entity. Please see www.deloitte.nl/about for a
detailed description of the legal structure of Deloitte Touche Tohmatsu Limited and its member firms.
Deloitte provides audit, tax, consulting, and financial advisory services to public and private clients spanning multiple industries.
With a globally connected network of member firms in more than 150 countries, Deloitte brings world-class capabilities and
high-quality service to clients, delivering the insights they need to address their most complex business challenges. Deloitte has
in the region of 200,000 professionals, all committed to becoming the standard of excellence.
This communication is for internal distribution and use only among personnel of Deloitte Touche Tohmatsu Limited, its member
firms, and their related entities (collectively, the “Deloitte Network”). None of the Deloitte Network shall be responsible for any
loss whatsoever sustained by any person who relies on this communication.
© 2014 Deloitte The Netherlands