Trajnimi

ISC2 Certified in Cybersecurity (CC)

Rreth trajnimit
Information Security

Trajnimi i Sigurisë së Informacionit ofron një hyrje gjithëpërfshirëse të koncepteve dhe praktikave kryesore të nevojshme për të mbrojtur asetet e informacionit. I krijuar për punonjësit në të gjitha nivelet, ky trajnim mbulon bazat e sigurisë kibernetike, duke përfshirë parimet e sigurisë, menaxhimin e rrezikut, kontrollet e qasjes, sigurinë e rrjetit dhe reagimin ndaj incidenteve. Pjesëmarrësit do të fitojnë aftësi dhe njohuri praktike për të identifikuar dhe zbutur kërcënimet e zakonshme, duke siguruar një mjedis pune më të sigurt. Pavarësisht nëse jeni i ri në këtë fushë ose kërkoni të rifreskoni njohuritë tuaja, ky trajnim ofron njohuri thelbësore për të rritur ndërgjegjësimin dhe aftësitë tuaja për sigurinë kibernetike.

Nëpërmjet seancave interaktive, ushtrimeve praktike dhe studimeve të rasteve në botën reale, pjesëmarrësit do të mësojnë se si të zbatojnë praktikat më të mira të sigurisë në rolet e tyre të përditshme. Trajnimi gjithashtu thekson rëndësinë e një kulture sigurie proaktive dhe ofron strategji për të qëndruar të informuar për kërcënimet e reja. Deri në fund të trajnimit, pjesëmarrësit do të jenë të pajisur mirë për të kontribuar në përpjekjet e sigurisë së organizatës së tyre dhe për të promovuar një vend pune dixhital më të sigurt.

Çka përmban trajnimi?

Session 1: Theory

  • Duration: 3 Hours

  • Learning Objectives: Understand the core concepts of information assurance, risk management, and security governance.

  • Topics Covered:

    • The CIA Triad: Confidentiality, Integrity, and Availability.

    • Non-Repudiation & Privacy: Core security concepts.

    • Risk Management: Identifying, assessing, and treating risks (risk acceptance, avoidance, mitigation, transference).

    • Security Controls: Technical, Administrative, and Physical controls.

    • Governance: The role of policies, procedures, standards, and regulations.

    • ISC² Code of Ethics: Understanding professional conduct.

Session 2: Practical Lab

    • Duration: 3 Hours

    • Learning Objectives: Gain practical experience with network scanning and basic risk assessment.

    • Lab Exercises:

      1. Setup Your Lab: Install VirtualBox and a Linux VM (e.g., Ubuntu) and a target VM (e.g., Metasploitable2) for a safe testing environment.

      2. Asset Identification with Nmap:

        • Use nmap from your Linux VM to perform a basic scan of your network and the target VM.

        • Identify active hosts, open ports, and running services.

        • Discuss how this information is the first step in protecting assets.

      3. Basic Risk Assessment Scenario:

        • Given a scenario (e.g., a small business with a public-facing web server), use a simple spreadsheet to create a risk register.

        • Identify 3-5 potential risks, assess their likelihood and impact (High, Medium, Low), and propose a security control for each.

Session 3: Theory

  • Duration: 3 Hours

  • Learning Objectives: Understand the concepts and importance of planning for and responding to security incidents and disruptions.

  • Topics Covered:

    • Business Continuity (BC): Purpose, components, and importance of Business Impact Analysis (BIA).

    • Disaster Recovery (DR): Purpose, components, and recovery site strategies (hot, warm, cold sites).

    • Incident Response (IR): The incident response lifecycle (preparation, detection & analysis, containment, eradication & recovery, post-incident activity).

Session 4: Practical Lab

  • Duration: 3 Hours

  • Learning Objectives: Apply incident response concepts in a simulated scenario.

  • Lab Exercise:

    1. Simulated Phishing Attack Scenario (Tabletop Exercise):

      • Scenario: An employee reports a suspicious email, and soon after, the help desk receives calls about users being locked out of their accounts.

      • Activity: As a group, walk through the incident response steps using a collaborative whiteboard tool (like Miro or Mural).

      • Tasks:

        • Detection & Analysis: What are the first steps to verify the attack? What logs would you check?

        • Containment: How do you stop the attack from spreading? (e.g., disable user accounts, block malicious domains).

        • Eradication & Recovery: How do you remove the threat and restore systems?

        • Post-Incident: What lessons were learned? What security controls could have prevented this?

Session 5: Theory

  • Duration: 3 Hours

  • Learning Objectives: Understand the principles and methods for controlling both physical and logical access to resources.

  • Topics Covered:

    • Physical Access Controls: Badge systems, security guards, CCTV, environmental design.

    • Logical Access Controls: The principle of least privilege, segregation of duties.

    • Authentication: Methods (passwords, biometrics, tokens), Multi-Factor Authentication (MFA).

    • Authorization Models: Discretionary Access Control (DAC), Mandatory Access Control (MAC), and Role-Based Access Control (RBAC).

Session 6: Practical Lab

    • Duration: 3 Hours

    • Learning Objectives: Create users and manage permissions in a live environment.

    • Lab Exercises:

      1. User and Group Management (Linux VM):

        • Create two new user accounts (user1, user2).

        • Create a new group (project_a).

        • Add user1 to the project_a group.

        • Create a directory and use chown and chmod to grant read/write access only to members of the project_a group.

      2. Set up MFA:

        • Choose a personal online account (e.g., Google, Microsoft, social media) and enable Multi-Factor Authentication using an authenticator app.

        • Document the steps taken and discuss the user experience versus the security benefit.

Session 7: Theory

  • Duration: 3 Hours

  • Learning Objectives: Understand fundamental networking concepts and common threats and controls.

  • Topics Covered:

    • Networking Models: OSI and TCP/IP models.

    • Common Protocols: TCP, UDP, IP, HTTP, HTTPS, DNS, FTP.

    • Network Threats: Denial-of-Service (DoS/DDoS), Man-in-the-Middle (MITM), viruses, worms.

    • Network Security Infrastructure: Firewalls, Intrusion Detection/Prevention Systems (IDS/IPS), VPNs.

Session 8: Practical Lab

    • Duration: 3 Hours

    • Learning Objectives: Use network analysis tools to inspect traffic and configure a basic host firewall.

    • Lab Exercises:

      1. Introduction to Wireshark:

        • Start a packet capture in your VM using Wireshark.

        • Generate some web traffic by browsing to an http (not https for visibility) website.

        • Use a display filter (e.g., http or dns) to isolate specific traffic.

        • Inspect a packet and identify the source/destination IP addresses and ports.

      2. Host Firewall Configuration:

        • On your Linux VM, use ufw (Uncomplicated Firewall) to block all incoming traffic.

        • Specifically allow incoming SSH traffic (port 22) so you can still access it.

        • Verify the rules are working by trying to ping or connect to another port from your host machine.

Session 9: Theory

  • Duration: 3 Hours

  • Learning Objectives: Understand key operational security tasks and policies.

  • Topics Covered:

    • Data Security: Encryption (symmetric, asymmetric), hashing, data handling (destruction, retention).

    • System Hardening: Configuration management, patching, baselines.

    • Best Practice Security Policies: Acceptable Use Policy (AUP), password policy.

    • Security Awareness Training: Phishing, social engineering, and the importance of user education.

Session 10: Practical Lab & Exam Review

    • Duration: 3 Hours

    • Learning Objectives: Practice data security techniques and review key concepts for the exam.

    • Lab Exercises:

      1. File Integrity with Hashing:

        • Create a text file and calculate its SHA256 hash using sha256sum in Linux.

        • Make a small change to the file and recalculate the hash. Observe that it’s completely different, demonstrating the concept of integrity.

      2. Log Analysis:

        • In your Linux VM, inspect the authentication logs (/var/log/auth.log).

        • Look for successful and failed login attempts. Discuss how this log could be used to detect a brute-force attack.

      3. Final Exam Review:

        • Go through a set of CC practice questions as a group.

        • Discuss the answers and reasoning for each.

        • Open Q&A session for any remaining questions on the five domains.

Regjistrohu sot dhe fillo trajnimin

Information Security

Ligjëruesit

Linkedin Instagram

Korab Osmanaj

Information Security

Fito aftësitë.
Fito certifikatën.
Fito punën.

Pjesëmarrja në këtë kurs trajnim do të përmirësojë ndërgjegjësimin tuaj për sigurinë kibernetike dhe do t’ju pajisë me aftësi praktike për të identifikuar dhe zbutur kërcënimet e zakonshme. Do të qëndroni të informuar për rreziqet e reja, do të promovoni një kulturë proaktive të sigurisë brenda organizatës tuaj dhe do të fitoni një bazë të fortë për avancimin e karrierës. Për më tepër, kursi do t’ju ndihmojë të kuptoni kërkesat e pajtueshmërisë dhe menaxhimin e rrezikut, duke kontribuar në një vend pune më të sigurt dhe më të qëndrueshëm.

PJESËMARRËSIT E DALLUAR NË TRAJNIME PUNËSOHEN NË​

Kompanitë me të cilat kemi miqësi

Regjistrohu sot dhe fillo trajnimin

Information Security