Securing your business with
IA and cyber security
training
Britain is hit by up to
1,000 cyber attacks
every hour.
Source: British Intelligence Sources, quoted in the Daily Telegraph
Cybercrime and information security
breaches are on the rise. From phishing
scams and Trojan worms to laptops left on
trains, businesses need the correct security
measures and processes in place to make
sure they are protected.
At QA, we deliver training to:
help you to protect your organisation from hackers
and security breaches
enable best practice IA (Information Assurance)
and cyber security
meet all of your needs - we provide a range of
security training options including:
vendor specific courses
policy and guidance courses from professional security bodies
government specific IA courses
transforming performance
through learning
You can’t afford not to invest in IA
and cyber security training
Hackers, Trojan worms and Zeus botnets may sound like the stuff of gritty crime novels and
Hollywood thrillers, but cybercrime is very real and it is having a very real effect on UK
businesses today.
The threat
Intelligence sources have warned that Britain is being targeted by up to 1,000 cyber attacks every hour in a relentless campaign
to steal secrets, access confidential data or disable corporate systems. If your business does not have the right measures in place,
your IT systems are at risk of being compromised – in fact, they may already have been compromised, and the impact of not
recognising or pre-empting online security breaches can be far reaching and long term.
Developments in technology have meant that practically all businesses rely on the internet. Whether it be to conduct business
meetings, store business data or just to send emails – the daily running of a business tends to be conducted online. This reliance
on the internet comes with its own risks. The online environment offers thieves new ways of accessing confidential company
information and so online security needs to be taken very seriously.
How to protect your business
Approximately 80% of known cyber attacks could have been prevented
or successfully overcome with the implementation of basic business
security practises targeted at employees, processes and technology.
Educating your workforce and raising user awareness is the first step
you need to take to protect your business.
Your cyber security training needs
A company’s cyber security training needs can be categorised as
follows:
All of your employees need to be armed with the knowledge to be
able to identify potential threats and to empower them to operate in
a secure way
Your operational team need the skills to develop and implement
secure processes and policies
Your IT team need the skills to be able to secure your technical
systems and the ability to defend them should they be breached
QA offers the definitive cyber security portfolio of training courses
which will meet all of your IA and cyber security needs.
Nearly two-thirds of critical infrastructure companies
report regularly finding malware designed to
sabotage their systems.
Source: McAfee, 2011
0845 757 3888 | www.qa.com/cybersecurity
The threat
Intelligence sources have warned that Britain is being targeted by up to 1,000 cyber attacks every hour in a relentless campaign
to steal secrets, access confidential data or disable corporate systems. If your business does not have the right measures in place,
your IT systems are at risk of being compromised – in fact, they may already have been compromised, and the impact of not
recognising or pre-empting online security breaches can be far reaching and long term.
Developments in technology have meant that practically all businesses rely on the internet. Whether it be to conduct business
meetings, store business data or just to send emails – the daily running of a business tends to be conducted online. This reliance
on the internet comes with its own risks. The online environment offers thieves new ways of accessing confidential company
information and so online security needs to be taken very seriously.
How to protect your business
Below are details of all of the IA and cyber security courses which QA offers. It details everything from product/technology-based
courses and certification tracks, to best-practise courses which focus on giving a more general overview of IA and cyber security.
End User/Technology Awareness
Approximately 80% of known cyber attacks could have been prevented
or successfully overcome with the implementation of basic business
security practises targeted at employees, processes and technology.
All of your employees need to be armed with the knowledge to be
able to identify potential threats and to empower them to operate in
a secure way
Your operational team need the skills to develop and implement
secure processes and policies
Your IT team need the skills to be able to secure your technical
systems and the ability to defend them should they be breached
Introduction to ISO 27001
Introduction to TCP/IP
End User Security: Protecting Your
Online Footprint
ISO 27001 Lead
Implementer
ISO/IEC 27001
Lead Auditor
ISO 27001 Internal Auditor
ISO 27001 Registered
Auditor Qualification
BCS Practitioner Certificate
in Information Risk
Management
BCS Practitioner Certificate
in Business Continuity
Management
BCS Intermediate and Practitioner
Certificates in Enterprise and
Solution Architecture
BCS Certificate in Data
Protection
BCS Certificate in Freedom
of Information
TOGAF 9 Foundation and Certified
(Level 1 and 2)
Understanding and
Managing the Threat of
Malware
IT Security
Fundamentals
Penetration Testing –
Tools & Techniques
Wireless Security:
Hands-On
Understanding the World Wide Web
Fundamentals of Networking and
the Internet
OSI Open Source
Intelligence Investigators:
An Introduction
Understanding the Cyber Threat
OSI Open Source
Intelligence Investigators:
Advanced
OSI Social Engineering
Attack and Defence
Stress Testing your Network
Security
Developing Secure .NET Web
Applications – Mitigating the
OWASP Top 10 Security
Vulnerabilities
Developing Secure Java Web
Applications – Mitigating the
OWASP Top 10 Security
Vulnerabilities
CompTIA
Introduction to Cyber
Security for Industrial
Control Systems
EC Council
Advanced
PKI and TLS Workshop
QA offers the definitive cyber security portfolio of training courses
which will meet all of your IA and cyber security needs.
Nearly two-thirds of critical infrastructure companies
report regularly finding malware designed to
sabotage their systems.
ISO 27001 Implementation
BCS Certificate in Information Security
Management Principles
Cyber Security: An Introduction
Technical Non-Certification Courses
A company’s cyber security training needs can be categorised as
follows:
Intermediate
Operating Systems Fundamentals
Educating your workforce and raising user awareness is the first step
you need to take to protect your business.
Your cyber security training needs
Foundation
ISO27001
Hackers, Trojan worms and Zeus botnets may sound like the stuff of gritty crime novels and
Hollywood thrillers, but cybercrime is very real and it is having a very real effect on UK
businesses today.
The definitive IA and cyber security
course portfolio
BCS and
The Open Group
You can’t afford not to invest in IA
and cyber security training
Hands-on cyber security for
Industrial Control Systems
CompTIA Advanced Security
Practitioner
CompTIA Security +
EC Council Certified Network
Security Administrator
EC Council Secure Computer User Specialist
EC Council Certified Secure Computer User
EC Council Certified
Ethical Hacker
EC Council Certified Security
Analyst
EC Council Computer
Hacking Forensic
Investigator
ISC(2)
ISC(2) Systems Security
Certified Practitioner
QA also offers IA and cyber security training from the following vendors:
0845 757 3888 | www.qa.com/cybersecurity
Acronis
Check Point
Cisco
Citrix
Juniper
Microsoft
Novell
Sun
Wireshark
ISC(2) Certified Information
Systems Security
Professional
CISSP Concentrations
Source: McAfee, 2011
ISC(2) Information Systems Security
Architecture Professional
ISC(2) Information Systems Security
Engineering Professional
ISC(2) Information Systems Security
Management Professional
0845 757 3888 | info@qa.com | www.qa.com/cybersecurity
All third party trademark rights acknowledged.
IA training for government
Trust the experts: training using licensed materials
from CESG, the National Technical Authority for
Information Assurance.
The information held by government departments is critically important,
highly sensitive and in need of protection. Any security issue or loss of
data could put individuals, companies and even the nation as a whole
at risk.
Government departments have to protect their systems and the information which they hold.
The Cabinet Office, through CESG (the National Authority on Information Assurance), sets IA
and cyber security policies and standards which government departments must adhere to.
QA is the only commercial organisation to work across central and local government, providing
training using licensed materials from CESG, for IA professionals.
QA’s courses include:
IA
There are over
20,000 malicious
emails on
government
networks each
month.
Iain Lobban | Director of GCHQ
Course title
Duration
Fundamentals of Information Assurance in HMG 1 day
Information Risk Management for HMG IA Practitioners - IS 1&2
2 days
Information Assurance Accreditor Introduction 1 day
Tempest
Course title
Duration
EM Security and TEMPEST Fundamentals
2 days
TEMPEST Testers basic onsite testing
15 days
TEMPEST Testers transmitter testing
10 days
TEMPEST Testers certification testing
5 days
TEMPEST Testers advanced testing
15 days
CAS(T)
Course title
Duration
CAS(T) Lead Auditor Conversion (inc exam)
1 day
0845 757 3888 | www.qa.com/cybersecurity
Timeline of security breaches
Below is a timeline which illustrates some of the key events in the evolution of cybercrime.
It shows the evolving nature of cybercrime and the increasing threat which it poses to businesses
and public sector organisations alike.
1903
John von Neumann publishes the paper 'Theory of
self-reproducing automata'. The ideas in the paper were
instrumental in the creation of early computer viruses.
‘The Animal’ (the first trojan malware program) is released. It was a
non-malicious virus but it exploited holes in the Operating System of the
computer and left the name of the Animal in all the directories and files
that the user had access to.
US Government introduces the Comprehensive Crime Control
Act. It introduced new rules against the unauthorised access
and use of computers/computer networks.
The Cascade virus is released. It was the first virus that was able to
encrypt itself to avoid detection. It caused the letters of a document to
'fall' to the bottom of the screen. The virus caused IBM to publicly release
anti-virus software.
The Concept macro virus is released.
The first macro virus for Microsoft Word found in the wild.
The Code Red worm is released. The worm attacked a vulnerability in
Microsoft's Internet Information Server (IIS) and infected around 2 million
servers.
March - The Witty worm is the first Internet worm to carry a
destructive payload. Witty attacked computers that had ISS
firewall products installed. Once infected the machines would
attempt to infect other random IP addresses and then crash the
host's hard disk.
August - The first appearance of the Vundo trojan is recorded. These
Trojans displayed pop-up ads for spyware or malware removal software
and switched off some security features and programs.
February - The first malware designed for the MAC Operating
System is detected. The trojan known as either Leap-A or
Oompa-A used the iChat application to spread to other devices.
Jeremy Clarkson publishes his bank account details in The Sun
newspaper (in response to panic over child benefit data breach)
Someone set up a £500 direct debit to the charity Diabetes UK.
Clarkson forced to admit that he was wrong and that the information
could be used to remove money from his account.
Google network is compromised. Many other large companies
reveal that they have also been compromised - The aim of the
attacks was to gain access to intellectual property and
software code.
March - Global Payments is attacked. 1.5 million Visa and Mastercard
card details are compromised.
April - Hacker Edward Pearson investigated for stealing confidential
information. Police found information for 200,000 PayPal accounts,
3000 credit card accounts and the personal details of over 8 million
UK residents. Pearson also infiltrated Nokia’s network and
8000 staff records.
June - LinkedIn is compromised - 6 million passwords stolen.
The passwords were then loaded onto a Russian web forum.
QA/IACyber/Jan2014
© QA Ltd 2014. All rights reserved
1966
1971
1974
1983
1984
1985
1987
1990
1995
2000
2001
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
Nevil Maskelyne disrupts a radio demonstration by John
Fleming and Guglielmo Marconi. Maskelyne sent messages to
the receiver on the stage of the Royal Institute in London,
revealing vulnerabilities within the system.
The Creeper worm spreads through ARPANET – the Advanced
Research Projects Agency Network, funded by the US Defence
Department. It infected the main-frame computers, copying
itself onto the system and displaying a message.
The ARF-ARF virus is released. A Trojan horse which wiped out a
computers directory by offering to sort it into alphabetical order.
Robert Schifreen & Stephen Gold are arrested for accessing the British
Telecom network. The case was a major factor in the creation of the
Computer Misuse Act 1990.
The Computer Misuse Act passed by the British Government.
The Act makes it an offence to obtain unauthorised access to
a computer or computer network.
The ILoveYou worm affects networks across the world. The worm used
social engineering techniques to entice users to open the mail
attachment and then exploited weaknesses in common mail systems to
spread within organisations. The worm infected over 50 million
computers.
January - The SQL Slammer worm is released. The worm attacked
machines running Microsoft SQL Server. It only took 15 minutes to spread
worldwide.
September - First Titan Rain attack is detected. Titan Rain targeted
military and contractor networks. It was one of the first examples of an
Advanced Persistent Threat (APT) attack. It involved a rapid breach that
removed data to intermediate servers in South Korea, Hong Kong &
Taiwan.
The UK National Infrastructure Security Co-ordination Centre
(NISCC) reports targeted email attacks on over 300
Government departments and major commercial organisations.
January - The Storm worm begins attacking computers through an email
spam campaign. Infected computers are then used to deliver spam emails.
October - Two CDs containing the child benefit database went missing
after being sent by a courier. The information was secured using a very
basic password mechanism which could be easily bypassed. There has
been no evidence that the discs fell into criminal possession.
Credit card transaction processing company Heartland
Payment Systems’ network breached. Tens of millions of
credit card details were compromised.
March - RSA servers are compromised. Network breached by an email
phishing attack aimed at employees, which carried an Excel attachment
with a Remote Administration Tool (RAT). Using the RAT attackers
accessed RSA servers.
April - The PlayStation network is breached. Information - including
financial details of 77 million users - is compromised.
2013
Adobe is compromised - 2.9 million customers names and credit card
information stolen.
Cyber-attack war game, ‘Waking Shark II’, launched in London to test
security of financial institutions – a step in the right direction to ensure
companies are prepared for an attack.
LivingSocial daily-deal website hackers retrieved more than 50 million
users data.
Hacker group, Anonymous, attacks The Federal Reserve internal site and
accesses personal data of more than 4,000 bank executives.