For Security
PCI DSS

PCI DSS Awareness

PCI DSS Awareness training course is prepared for professionals who are interested in PCI DSS, organizations which is required to comply with PCI DSS. The goal of this training course is to make the PCI DSS standard is understood by related parties. By the way, organisations are able to mitigate risks related with the following subjects within the organisation.

  • Build and Maintain a Secure Network
  • Protect Cardholder Data
  • Maintain a Vulnerability Management Program
  • Implement Strong Access Control Measures
  • Regularly Monitor and Test Networks
  • Maintain an Information Security Policy

 

 

ISO27001

ISO/IEC 27001 - Information Security Management System

Information is critical to the operation and perhaps even the survival of your organization. Being certified to ISO/IEC 27001 will help you to manage and protect your valuable information assets.

ISO/IEC 27001 is the only auditable international standard which defines the requirements for an Information Security Management System (ISMS). The standard is designed to ensure the selection of adequate and proportionate security controls.

This helps you to protect your information assets and give confidence to any interested parties, especially your customers. The standard adopts a process approach for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving your ISMS.

Establisment of the ISMS is concluded by performing ISO/IEC 27001 requirements and key controls on following security sections:

  • Security Policy
  • Organisation of Information Security
  • Asset Managemet
  • Human Resources Security
  • Physical and Environmental Security
  • Communications and Operations Management
  • Access Control
  • Information Systems Acqusitions, Development and Maintenance
  • Information Security Incident Management
  • Business Continuity Management
  • Compliance

In order to minimize your potential risks, attending this training course is recommended.

 

 

PENTEST

Penetration Testing Methodogies

This training course is prepared for professinals who desires to work in this area in an ethical perspective, and organisations to develop the competence of its information secuirty working power.

  • Information Gathering
  • Detecting Live Systems
  • Vulnerability Scanning Softwares
  • Exploitation
  • BackTrack Tool
  • Vulnerability Database
  • Network Sniffing and Packet Analysis
  • DoS/DDoS Methods
  • Hping
  • Wireless Network Penetration Methods
  • Password Attacks
  • Social Engineering Methods

Following tools will be mentioned:

  • BackTrack
  • Samurai
  • Burp Suite
  • Hping
  • GFI Languard
  • Nmap
  • Nessus
  • Snort
  • Tcpdump
  • WireShark
  • Hydra
  • Cain & Abel

 

 

MONITOR

Network Security and Protocol Analysis

Current cyber attack methods against information systems depends on deep knowledge and analyze on network technlogies. This course sessions provide extensive information about TCP/IP protocol analaysis and attack mitigation technics via real-world samples on workshops.

  • TCP/IP Protocol
  • Network Topologies and Components
  • Local Network Security
  • Sniffers and TCP/IP Packet Analysis
  • Network Based Attacks
  • Arp Poisioning, IP Spoofing, Session Hijacking, DDoS
  • Tcpdump, Ntop

 

 

WEB

Web Application Security

The quantity and importance of data entrusted to web applications is growing, and defenders need to learn how to secure it. This course will help you to better understand web application vulnerabilities, thus enabling you to properly defend your organization's web assets.

  • Basic application vulnerabilities
  • Secure software design
  • ID management
  • Session management
  • Input/Output validation controls
  • Forms and form processing
  • Buffer overflows
  • SQL injection
  • Error handling and logging

 

 

UNIX

Unix / Linux System Hardening

You will be provided best practices on preventing vulnerabilities on Unix / Linux systems.

  • Secure installation steps
  • Basic network configuration
  • Monitoring and alarm tools
  • Log management and Syslog
  • Network security tools
  • root access control with sudo
  • Kenel configuration with sysctl
  • Configuring SSH
  • Application and System security with SELinux and chroot
  • Security configurations for Apache, BIND and Sendmail

 

 

All rights reserved. Secrove Information Security Consulting © 2012