Das Thema der laufenden Fortbildung ist ein wichtiger Aspekt meines Selbstverständnisses. Der Wandel in der IT und der IT-Sicherheit im speziellen pausiert nicht. Gute Konzepte und Technologien werden durch bessere verdrängt. Diesem Wandel trage ich durch die Auseinandersetzung mit verschiedensten Themen Rechnung.
Ich möchte im Folgenden einige Bereiche aufzeigen, mit denen ich mich auseinandergesetzt habe. Viele Themen habe ich im Rahmen einer „geregelten Fortbildung“ mit zertifizierter Prüfung abgeschlossen. Einige sind eher technisch, andere haben ihren Schwerpunkt auf „Soft-Skills“. Bei einigen Fortbildungen habe ich initial den Kursinhalt auf englisch eingefügt – ich hoffe das stört nicht all zu sehr.
Liste ist nicht vollständig, ich werde noch fehlende Fortbildungen gelegentlich ergänzen.
„Smart City“ ist ein Begriff, der von Stadtplanern auf der ganzen Welt weit beliebt ist – aber manchmal unangemessen verwendet wird. In dieser Fortbildung setzte ich mich mit einem konzeptionellen Rahmenwerk für Smart Cities auseinander, das auf der Systemtheorie basiert.
‘Smart City’ is a notion that is widely, and sometimes not appropriately, used by urbanists across the globe. I got a more clear understanding of this notion by learning about a rigorous conceptual framework, which is based on the systems theory. In this course, I was exploring the ideas of Smart Cities by reviewing different conceptual approaches to Smart Cities an the the pros and cons of different approaches.
Patients have expectations of privacy and that they will have some control over their medical information. In a healthcare context, this can include medical images, diagnoses, and notes relating to their treatment, the state of their health-related financial information, and other sensitive facts. To protect this information, organizations apply a range of safeguards to provide assurance that information is shared only if necessary. This includes processes, procedures, techniques, or technologies specifically designed to guarantee the confidentiality, integrity, and availability of the information. The ultimate objective is to ensure that personally identifiable information (PII) is adequately protected regardless of its state or the system in which the information exists. This course will cover the following learning objectives: Identify essential security and privacy principles. Define the relationship between privacy and security. Describe sensitive data handling.
Risk management is a crucial element for understanding information and privacy security. This domain sets the foundation for the entire course; terms defined here will be used in this book and in your day-to-day career. Risk management is one of the most complicated and important topics in information security, and this chapter does not pretend to cover all the different elements pertaining to it, but it provides a high-level glimpse of the essential concepts of this vital function. In the healthcare industry, the importance of adopting a risk management approach is even more crucial, due to the sensitive nature of the information. Data sharing can, in many cases, be a matter of life and death in the healthcare industry. However, patient safety is not the only objective. Saving someone’s life only to have their most sensitive secrets leaked to unauthorized parties is counterproductive. Hence, the security and privacy practitioner must balance the clinical need for information and the patient’s rightful expectation of privacy. Like other industries, the healthcare industry relies on technology to improve operations and patient care. In many cases, these technologies come with associated risks that must be considered. The industry also has unique regulatory and business requirements that the security and privacy practitioner must uphold.
- Define the foundations of enterprise risk management.
- Explain the information risk management and assessment process.
- Identify control assessment procedures using organization risk frameworks.
- Explain the process of monitoring for and mitigating risk.
- Define continuous monitoring.
Healthcare security essentials and the unique challenges involved in keeping patient and organizational data secure. What constitutes a healthcare organization and how healthcare information technologies and data management affect privacy and security.
- Analyze logging systems in a cloud environment.
- Configure security monitoring systems to efficiently identify and mitigate threats to a cloud environment.
- Define the lifecycle of a security incident and the process to identify, document, and prevent future incidents.
- Explain the purpose of a Disaster Recovery Plan and how this affects data retention and recovery.
– Log management - – Monitoring/managing Intrusion Detection Systems in a cloud environment
- – Incident management, forensics/evidence preservation, threat hunting, alert automation
- Describe fundamental identity and access management concepts specific to the cloud. Identify key components of AAA (Authentication, Authorization, Auditing) for strengthened cloud security. Explain capabilities and best practices for efficient asset and resource management in the cloud. Explore common security vulnerabilities and evaluate their impact and risk mitigation strategies.
– Cloud perimeter protection - – Network Analysis
- – Data loss prevention, data classification and vulnerability management
- – Cloud asset management, data security (encryption, hashing)
Few technologies have been as powerful as information and communications technologies in reshaping economies, societies and international relations. Cyberspace touches every aspect of our lives. The benefits are enormous, but they do not come without risk. The global ICT environment is facing a dramatic increase in the malicious use of ICTs by State and non-State actors. The misuse of ICTs poses a risk for all States and may harm international peace and security.
The issue of information security has been on the agenda of the United Nations since 1998, when a draft resolution on the subject was introduced at the First Committee of the UN General Assembly. Since 2004, five Groups of Governmental Experts (GGE) have continued to study the threats posed by the use of ICTs in the context of international security and how these threats should be addressed. Three of these Groups have agreed on substantive reports with conclusions and recommendations that have been welcomed by all UN Member States.
This course aims to enhance the understanding, particularly of the 2013 and 2015 GGE reports by addressing the five pillars of the GGE reports: existing and emerging threats; how international law applies to the use of ICTs; norms, rules and principles for the responsible behaviour of States; confidence-building measures; and international cooperation and assistance in ICT security and capacity-building.
Together, these pillars form an important framework to further the peaceful use of ICTs. The course therefore unpacks these pillars by explaining the key concepts, providing examples and interviews with relevant experts and offering interactive exercises to apply what has been learned. After having completed the course, the participant will be familiar with the assessments and recommendations at the United Nations to promote an open, secure, stable, accessible and peaceful ICT environment.
Das war ein interessanter Blick in eine Grundlagenschulung für Support-Mitarbeiter für den IT-Support im Gesundheitsdienst. Ich habe diesen Kurs eher unter dem Aspekt gesehen – „Was muss wer wem für seinen Arbeitseinsatz mitgeben“. Den Kurs zu bestehen war also wirklich keine Herausfordeung. Das ist dann eher so wie die jährlichen Compliance-Schulungen, die man ja irgendwie auch aus dem Ärmel schüttelt, besonders wenn man selbst in dem Bereich Compliance arbeitet oder gearbeitet hat.
The API Security Fundamentals course covers the core threats to APIs and challenges to prevent breach. The course includes modules on real-world API breaches, the OWASP API Security Top 10, the 3 Pillars of API Security (governance, testing and monitoring), and the application security technology landscape. The course provides strategic advice for developing secure API programs, and includes specific best practices for security and development teams.
DevSecOps bridges the gap between security and agility, building security into the DevOps cycle and making it an integral part of the process. This self-paced interactive and immersive training experience leverages thought leadership from industry experts to provide security professionals with a deep dive into securing DevOps to achieve DevSecOps.
In this course, you will be introduced to the discipline of web application penetration testing and gain a hands-on perspective of how a penetration tester (pentester) applies methodology with practice to test web applications for security flaws. We will review several basic web application penetration testing techniques and gain hands-on experience as a penetration tester using a popular open source (FOSS) tool, Burp Suite. You will also learn to examine injection attacks such as cross-site scripting and SQL injection attacks and learn how to perform automated attacks with Intruder, as well as analyze responses with Repeater and Comparer.
In order to gain the best benefit from this course it is expected for you to have familiarity with:
- Virtualized environments such as VMWare or VirtualBox
- Understanding and configuring browser proxy settings
- Understanding of web protocols and the various requests, responses and status codes
- Familiarity with packet structure and OSI model
Cloud computing continues to transform the way we conduct business. As organizations are rethinking IT strategies, cybersecurity professionals need to first understand the cloud before they can help their organizations transition to the cloud. This self-paced immersive certificate is the first in a series of certificates on the cloud, designed to provide a solid understanding of cloud computing including key drivers and rationale for moving to the cloud, cloud architecture and computing concepts and characteristics, cloud service and deployment models, and cloud brokers.
Artificial intelligence has already become prevalent in the information security professionals’ personal and work life, including many familiar and highly visible applications and others that are behind-the-scenes and not so obvious. As an introduction to AI’s cybersecurity issues, including threats, vulnerabilities, defenses, pen testing and systems development, this short course is designed to arm practitioners with basic knowledge about AI and related technologies so that they can capably participate in discussions about its use in potential and actual implementations. Participants will learn terminology related to the spectrum of AI technology and review use cases, data management issues, typical architecture and what experts predict as the future of AI.
The Diamond Model provides security professionals a means to better understanding the enemy (adversary) as they work to identify the victims, capabilities, and infrastructure of a cybersecurity event. It also assists in understanding the adversary’s technology and social-political motivations and intentions. In this Express Learning course, take on the role of a cyber intelligence analyst and gain experience populating a Diamond Model following a cybersecurity event. Learn the core features of the Diamond Model and how to apply source information to communicate event details.
A Zero Trust security model, when implemented by an organization, reduces external and internal threats to systems and data. Preparing for a Zero Trust initiative is paradigm shifting for organizations that are migrating to the Cloud and/or transforming legacy network-based controls for Authentication (AuthN) and Authorization (AuthZ). This course prepares you to be successful by presenting foundational principles, threat scenarios, reference architectures, and a policy governance framework that can be applied to reduce risk.
Navigating the various privacy legislations and ensuring compliance requires not only knowledge of the law, but how frameworks can be utilized to ensure privacy is at the forefront of security practices. In this course, participants examine global privacy legislation and learn the importance of identifying and complying with privacy laws and regulations that apply to their industry and customer base. Course content breaks down the practical application of privacy legislation to the cybersecurity professional and provides a systematic plan for incorporating privacy into cybersecurity practices.
Ransomware is a type of malware that limits users from accessing their system, while demanding a ransom payment. It is becoming a large problem around the world. Victims are at risk of temporary and permanent data loss. In this Express Learning course, learn the major distinctions between ransomware and malware, the key characteristics of ransomware attacks, and the protection strategies and remediation plans for ransomware attacks that should be in place ahead of time.
A strong and talented security team alone cannot protect an organization from today’s cyber risk as it is the people, not the technology, that are the most common targets for those trying to attack our organization’s systems. This self-paced interactive course is designed to help security professionals develop and implement an effective security awareness program that goes beyond compliance and fosters a culture of security as everyone’s responsibility.
The dramatic and rapid growth in the deployment of the Internet of Things (IoT) creates mounting cybersecurity concerns. The skills and knowledge needed to manage those concerns will only grow in demand. This Immersive course provides a broad overview of IoT. Learners will be presented with the challenges involved in defining the IoT landscape and how that influences cybersecurity vulnerabilities within the complex, distributed, and often unmanaged IoT ecosystem.
The course surveys existing bodies of work in IoT security in order to better understand issues like data privacy and safety. Learners will leave with a clearer picture of the overall state of the IoT industry in terms of approaches to cybersecurity governance.
The Intelligence Cycle is the primary process intelligence analysts use when creating intelligence. In this Express Learning course, cybersecurity professionals compare the various intelligence disciplines and learn to leverage the Intelligence Cycle to outline the when, why, and how of cyber events. At the end of this course, you will take on the role of a cyber intelligence analyst and learn to create a cyber intelligence product.
Having an insurance policy that is expressly dedicated to covering cyber-related incidents is critical, but unfortunately, not all cyber insurance policies are created equal. In this Express Learning course, participants navigate the ins and outs of cyber insurance and examine real-world examples to fully understand the scope of what the cyber insurance policy covers, should an incident take place.
Weitere Bereiche in denen ich mich fortgebildet habe
Das Dasein und der Einsatz in Projekten bringt es mit sich, dass man neue Fähigkeiten dazu gewinnt oder nachschärft, neue Erfahrungen sammelt und seinen Horizont erweitert. Das kann man mehr oder weniger hoch hängen. Ich erwähne es nur ergänzend, um vielleicht das Bild etwas abzurunden.