ITU-IMPACT

Training and Skills Development

Course Catalogue

Management Track Technical Track

Incident Digital Network Application Law

Course Area Security Management
Response Forensics Security Security Enforcement

Foundation Security Management Essentials

Intermediate Developing Security Policies Developing and Introduction to Securing Networks Web Cybercrime
and Procedures Implementing Digital Forensics Application Inves igation for
Computer Vulnerability Security Law Enforcement
Incident Response Network Forensics Assessment /
ISO 27001 Information
Team (CIRT) and Investigations Penetration Testing
Security Management
System (ISMS) Concepts and Incident Handling Security Audit NetFlow Analysis
Awareness and Response
Mac and Mobile
Advanced Incident Forensics
ISO 27001 Information
Handling and
Security Management Response Cloud Forensics
System (ISMS)
Implementation Malware Analysis

Advanced (ISC)2 CISSP CBK Review Seminar

Target CIO, CISO, Incident Managers, Forensics Analysts, Network Administrator, Web Application Law Enforcement
Audience
IT Security Managers, Responders and Forensics Investigators, Network Support, Developers, Officers,
IT Security Executives, Analysts, Incident Handlers, Incident Handlers, Webmasters, Legal Officers,
Compliance Managers, Network and System and Malware Analysts. Network Managers, and Application and Lawyers.
Dept. Heads, Managers and Administrators, and IT Support, Support Executives.
Executives. Malware Researchers IT Administrators,
and Investigators. and CIRT Analysts.
 TECHNICAL Developing and Implementing

ITU-IMPACT Security
Computer Incident
TRACK Response Team (CIRT)

Management and
Incident Handling and Response
Incident
Response
Advanced Incident Handling and Response

Specialised Tracks Malware Analysis

- The Roadmap Introduction to Digital Forensics

Advanced Network Forensics

Digital Security Audit

Forensics
Mac and Mobile Forensics

Cloud Forensics

Securing Networks

Vulnerability Assessment /
Network Penetration Testing
Security
NetFlow Analysis

MANAGEMENT
TRACK
Application
Security Web Application Security

Security Management Essentials

Developing Security Policies and Procedures Law

Security Cybercrime Investigations
Management Enforcement
for Law Enforcement
ISO 27001 Information Security Management
System (ISMS) Concepts and Awareness

ISO 27001 Information Security Management

System (ISMS) and Implementation
 1. Management Track
This track addresses managements concerns on the overall information Key success factors are areas such as security or corporate governance taking
security management for businesses and organisations which has evolved into account the adoption of security frameworks, information security
from a technical perspective to business. standards, security policies, best practices, guidelines, and risk management.

1.1 Security Management

Organisations today are exposed to more complexities and uncertainties
with the increasing use of technology and the pace at which the risk
environment is changing. As every business assets and processes are
exposed to both internal and external threats, organisations must
implement internationally accepted information security standards, best
practices and controls to identify, manage and mitigate these threats.
Organisation-centric approaches to security management taking into
consideration the impact of risks on the organisation determines the best
security activities and practices most suitable for the organisations
cybersecurity resilience.

1.1.1 Security Management Essentials

Security Management is a comprehensive course which provides IT Course Objective

professionals and practitioners with the most up-to-date developments in
cybersecurity. This course covers the key concepts, definitions, principles
and goals of information security taking into consideration both
management and technological aspects.
Key topics include firewalls, intrusion detection and prevention systems,
risk management models including ISO 27001, standards, security
policies, tools and techniques used in cyber threats, security risks to
networks, defending against attacks through the implementation of proper
security mechanisms, encryption, authentication and authorisation
technologies. Participants will also see live demonstrations of the tools
and techniques used by malicious individuals to attack vulnerable
applications and systems.
Security Awareness is included as part of the course targeting all
audiences specifically managers and IT Administrators. This is a value
added offering to ensure participants are well informed of most current
security threats and issues related to their roles and respons bilities.
Security Awareness for Managers is targeted at those with responsibility
for staff and protection of assets, while Security Awareness for IT
Administrators is targeted at those with IT and Network Systems
administration, developmental, and supporting responsibilities.
This course sets the core foundation of IT security knowledge. It is suitable for
any member of the IT community from the newest of the team to the most
experienced professional. It descr bes the core fundamentals of information
security in an interesting and relevant manner, covers the close alignment of
information security with the changing business requirements, enabling
participants to effectively understand information security concepts in business
processes and designs.
Target Audience
IT Managers/Executives, IT Systems Administrators, Security Administrators,
Database Administrators, Access Control Administrators, Systems Analysts
and Designers, Application Developers, Business Analysts, and user
representatives.
Course Duration
This course can be customised according to participants requirement.
Delivery Mode
Lecture with presentation slides, course materials, learning activities, case
studies, and review questions.

1.1.2 Developing Security Policies and Procedures

Course Objective

As business needs as well as the environment change, new risks are Target Audience: Security Managers, CISOs, CSOs and anyone responsible
always on the horizon and critical systems are continually exposed to new for developing security policies.
vulnerabilities. Policy development and assessment are a continual
Course Duration: 3 days
process. This is a hands-on intensive course on writing, implementing and
assessing security policies. This intensive course is suitable for IT and Delivery Mode: Lecture with presentation slides, course materials, learning
non-IT professionals carrying out cybersecurity duties including creating activities, case studies, and review questions.
and maintaining of policy and procedures. It provides hands on training on
writting, implementing and assessing security policies. Participants will be
assigned to write policy template.
1.1.3 ISO 27001 Information Security Management System (ISMS) Concepts and Awareness

Course Objective

ISMS is a risk management approach to maintaining the confidentiality, Target Audience: This is a non technical security course concerning information
integrity and availability of the organisations information. This course is security management. It is suitable for executives and managers from a wide
designed to promote awareness of the objectives and benefits of range of disciplines, and should be attended by a broad range of IT security
information security, as well as the requirements of professionals.

1. ISO 27001 for ISMS establishment, implementation, operation, Course Duration: 3 days
monitoring, review, maintenance and improvement, and
2. ISO 27002 on information security controls. Delivery Mode: Lecture with presentation slides, course materials, learning
activities, case studies, and review questions.
It also provides an insight into the emerging ISO 27000 series of
standards.

1.1.4 ISO 27001 Information Security Management (ISMS) Implementation

Course Objective

Recent high-profile information security breaches and increased
awareness of the value of information are highlighting the ever-increasing
need for organisations to protect their information assets. An information
security management system (ISMS) is a risk management approach to
maintaining the confidentiality, integrity and availability of the
organisations information. This course leads participants through a series
of exercises following the requirements of ISO 27001:2005 for ISMS
implementation.
Implementation exercises are supplemented with case studies on risk
management techniques using relevant tools and solutions.
Target Audience: This is a non-technical IT information security management
course suitable for managers from a wide range of disciplines.
Course Duration: 4 days
Delivery Mode: Lecture with presentation slides, course materials, learning
activities, case studies, and review questions.
Pre-requisite: Participants should have a basic knowledge of business
information systems and competency productivity tools i.e. word processors,
spreadsheets and presentation software.

2. Technical Track
This highly specialised track focuses on designing, developing,
configuring, implementing, and managing technical security solutions for
organisation and constituents. Participants will be able to enhance their
knowledge and skills using the current industry practices, and have access
to the latest technology, methodologies, and best practices.
The courses offered in this track are centred around proactive and reactive
solutions required for practitioners to effectively perform their duties in
managing and mitigating cyber threats against their organisations security
infrastructures and information systems.

2.1 Incident Response

Incident response is a structured approach in addressing and managing
the aftermath of an incident. The goal is to handle the situation in a way
that limits damage and reduces recovery time and costs. If not managed
properly, an incident can escalate into an emergency, a crisis, or even a
disaster, decreasing the organisations resilience ability.

2.1.1 Developing and Implementing a Computer Incident Response Team (CIRT)

Course Objective

This course will provide participants who have imited knowledge,
experience, or background required to formulate the policies, processes,
management structure, equipment, and other requirements necessary to
respond to network incidents. It provides information on refining the
current structure and capabilities for a Computer Incident Response Team
(CIRT) or a team with similar capabilities.
Target Audience: CIRT Manager, CIRT Analyst, Incident Handler, Security
Analyst
Course Duration: 4 days
Delivery Mode: Lecture with presentation slides, course materials, learning
activities, case studies, and review questions.
2.1.2 Incident Handling and Response
Course Objective

The course is designed to provide insight into the work an incident handler Target Audience: CIRT Manager, Analyst and any technical staff; Incident
may perform. It will provide an overview of the incident handling arena, Responders; and Network Administrators. Those with little or no incident
including CIRT services, intruder threats, and the nature of incident handling experience are encouraged to attend.
response activities.
Course Duration: 5 days
Participants will:
Delivery Mode: Lecture with presentation slides, course materials, learning
1. Learn how to gather the information required to handle an incident; activities, case studies, and review questions.
2. Realize the importance of having and following pre-defined CIRT
policies and procedures;
3. Understand the technical issues relating to commonly reported attack
types;
4. Perform analysis and response tasks for various sample incidents;
5. Apply critical thinking skills in responding to incidents, and
6. Identify potential problems to avoid while taking part in CIRT work.

The course incorporates interactive instructions, practical exercises, and

role playing. Participants will have hands-on exercises on sample
incidents taken from real life scenarios.

2.1.3 Advanced Incident Handling and Response

Course Objective

This course is designed to further enhance the knowledge and skills of Target Audience: Incident Managers, Responders and Analyst, Network and
incident handlers and responders involved in solving compromises and System Administrators, Malware Researchers and Investigators.
breaches by analysing events and formulating effective remedial actions
and strategies. Participants will work as a team on several incident
scenarios, artefacts and exercises applying industry best practices, Course Duration: 4 days
effective methodologies and tools. They will be taken through a series of
work plans and processes to identify, analyse, and then present the Delivery Mode: Lectures with presentation slides, extensive hands-on group
findings and response strategies to interested parties. This course will also exercises, and case studies.
include modules on artefact analysis, vulnerability handling and producing
security advisories.

2.1.4 Malware Analysis

Course Objective

Determining the functionality of malware is critical both during the incident Target Audience: Incident Responders, Network and System Administrators,
response process and to identify where threats originate from. The course CIRT Personnel, Malware Researchers, Malware Investigators, Antivirus
examines malware in both static and runtime environments. It will take into Analysts
account the viewpoint of an incident responder attempting to determine
what malicious activities the malware has conducted in order to mitigate Course Duration: 5 days
further malicious activity and remove the malware from an infected
system. The course will also consider the perspective of a Computer Delivery Mode: Lecture with presentation slides, course materials, learning
Incident Response Team (CIRT) or security team involved in investigating, activities, case studies, and review questions.
analysing and reporting on malware related incidents. Both static and
runtime malware analysis techniques and reverse engineering tools such
as IDA Pro and Ollydbg will be covered.

2.2 Digital Forensics

The ability to preserve and to analyse data found on digital storage media,
computer systems and networks is essential for understanding and
mitigating cyber attack against IT infrastructures. Forensics professional s
must be highly competent in collecting, examining, analysing and reporting
on digital evidence in order to preserve critical information.
They are also required to know the legal aspects associated with forensics
investigation particularly for representation in a court of law. The use of
real-world scenarios would enable participants not only to learn the
required skills, but also gain experience in their practical application.

2.2.1 Introduction to Digital Forensics

Course Objective

Investigating what happened on a computer system after a suspected Target Audience: Incident Responders, Network Administrators, System
intrusion is critical to quantifying losses from a security breach. This course Administrators, and CIRT Personnel.
will teach network and system administrators on identifying the particular
consequences of an intrusion. It helps administrators to identify what data Course Duration: 5 days
has been compromised by applying host forensics techniques and
conducting log analysis. The focus will be on the discovery of data hiding Delivery Mode: Lecture with presentation slides, course materials, learning
techniques, rootkits, malware functionality and time-based analytics. activities, case studies, and review questions.
Analysis of the FAT, NTFS and EXT2 file systems will also be covered. This
course serves as a good foundation for further instruction on commercial
tools or to use open source forensics tools more effectively.
2.2.2 Network Forensics and Investigations

Course Objective

Participants will gain real world knowledge and skills to analyse network
traffic, improve network security and reliability, and protect networks from
malicious and criminal attacks. In addition, they will learn the techniques to
identify suspicious traffic patterns, a breached host, and signs of Bots
running in a network, as well as the techniques to deal with and manage
compromised machines.
Target Audience: IT Security Practitioner, Forensic Analyst, Incident Handlers,
Network Administrators, Law Enforcement Officers and Support Staff.
Course Duration: 5 days
Delivery Mode: Instructor-led, group-paced, classroom-delivery learning model

2.2.3 Security Audit

Course Objective

This is a comprehensive course designed to equip security practitioners Target Audience: Network and System Administrators, CIRT Analyst,
with the technical knowledge and skills to investigate and better Cybercrime and Forensic Investigators.
understand their IT environment including computers, applications,
network systems, and services. This course covers topics such as Course Duration: 5 days
technical concepts, data analysis on devices, file systems, operating
systems, common threats, security best practices and the tools used to Delivery Mode: Lectures with presentation slides, case studies and extensive
identify, analyse and mitigate cyber threats faced by users, devices and hands-on exercises.
organisations.

2.2.4 Mac and Mobile Forensics

Course Objective

The course emphasises solid forensic practices in mobile phone
investigation as well as reporting. Stepping through the logical and
physical acquisition of memory with such a variety of devices is
challenging to say the least. The class addresses the strengths and
weaknesses for many of the mobile forensic tools being utilised in the field.
The Mac forensics training aims to form a well-rounded investigator by
introducing Mac forensics into a Windows-based forensics world. The
programme focuses on topics such as the HFS+ file system, Mac specific
data files, tracking user activity, system configuration, analysis and
correlation of Mac logs, Mac applications, and Mac exclusive technologies.
Target Audience: Experienced Digital Forensics Analysts, Media Exploitation
Analysts, Incident Response Team Members, Information Security
Practitioners, technical team members, and those with national responsibilities
in cybersecurity issues.
Course Duration: 5 days
Delivery Mode: Lectures with presentation slides, case studies and group
exercises and hands-on forensic analysis.

2.2.5 Cloud Forensics

Course Objective

This course provides a clear statement of the knowledge and skills Target Audience: CEO, CIO, CISO, policy makers, security architects, ethical
hackers, forensic practitioners, law enforcement, legal professionals and
required by a professional dealing with cloud forensics. The objectives of
advisors, researchers and academics.
this course are:
1. To enhance knowledge and skills required by a professional dealing with Course Duration: 4 days
cloud forensics,
Delivery Mode: Lectures with presentation slides and extensive hands-on
2. To share with participants risk assessment and mitigation strategies for exercises.
cloud adoption to be reflected adequately in cloud services contracts
3. Consideration of various legal implications of cloud investigations, and
4. Demonstrate technical competence in handling investigative cases in
cloud computing environments.
2.3. Network Security

Network Security courses are designed to equip IT professionals and
practitioners with the knowledge and skills required for implementing,
designing, configuring, maintaining and reviewing a secure network
system to prevent and manage network vulnerabilities. Participants will
learn the skills needed to identify and to analyse common internal and
external security threats against a network so proactive security and audit
strategies can be implemented to protect the organisation's information
assets and systems from weaknesses.
These weaknesses are often exploited by remote users using publicly and
commercially available software tools and through manual techniques.
Web-based applications need to be audited to ensure that vulnerabilities are
discovered, where risks mitigated promptly and effectively. Policies, processes,
management structures, equipment, and other requirements are also
necessary to respond to any unforeseen network incidents.

2.3.1 Securing Networks

Course Objective

In today's network dependent business environment, organisations link Target Audience: Network Administrators, Network Support, System Support,
their systems enterprise wide and virtual private networks, as well as Incident Handlers, Network Managers, IT Support.
connect remote users. In this course, participants learn to analyse risks to
networks and steps needed to select and deploy appropriate Course Duration: 3 days
countermeasures to reduce the exposure to these threats.
Delivery Mode: Lecture with presentation slides, course materials, learning
activities, case studies, and review questions.

2.3.2 Vulnerability Analysis / Penetration Testing

Course Objective

Breach of network security is a growing problem faced by many Target Audience: Incident Responders, Network and System Administrators,
organisations worldwide and it is becoming complex as intruders resort to CIRT/CSIRT Personnel, IT/ Security Auditors
highly advanced methods to gain access. This course exposes
Course Duration: 5 days
participants to network vulnerabilities, the methods used by intruders to
gain access into a network system and tools used to ward off such attacks. Delivery Mode: Lectures with presentation slides, case studies and extensive
hands-on exercises.
The course revolves around a series of hands-on exercises based on
techniques for penetrating into a network and defending against attacks. It Pre-requisite: Basic knowledge and skills in network architectures and
operating systems.
focuses on attack techniques, exploit techniques, vulnerability assessment
and penetrating testing techniques. Participants will gain skills to perform
penetration testing and countermeasures for the organisations.

2.3.3 NetFlow Analysis

Course Objective
This course focuses on network analysis and hunting of malicious activity
from a security operations centres perspective. It provides an
understanding of NetFlow data format, common netflow collection,
analysis, and visualization tools. It would cover NetFlow strengths,
operational limitations of NetFlow, strategic sensor placement, NetFlow
tools, visualization of network data, analytic trade craft for network
situational awareness, and networking hunting scenarios.
Target Audience: Incident Responders, Network and System Administrators,
CIRT/CSIRT Personnel, IT/ Security Auditors, Network Administrator, System
Administrators.
Course Duration: 3 days
Delivery Mode: Lectures with presentation slides, case studies, and extensive
hands-on exercises.
2.4 Application Security

Business applications and processes increasingly moving towards the
web services and adopting the software-as-a-service (SaaS) model, many
organisations today are exposing data and critical business services to
untested or insecure web-based applications. These applications with
inadequate or non-existent security offer opportunity for malicious hackers
to access your critical database containing customer information,
credit card data, proprietary data or classified information. Participants will
gain skills on how to assess applications from a hackers perspective,
understand application security vulnerabilities, and learn how to mitigate
these security holes so they are never exploited by a hacker.

2.4.1 Web Application Security

Course Objective

Understanding web application attack vectors is critical for web application
developers responsible for maintaining and securing a web-based system.
Web application vulnerabilities have been the cause of computer security
breaches for organisations. Businesses and customer-related information
are the target of web application attacks. This course covers common
methods for attacking web applications, such as SQL Injection, Cross-Site
Scripting, command injection, data leakage attacks, session hijacking and
PHP/Javascript/ASP vulnerabilities. Basic vulnerability discovery in web
applications will also be covered, as well as secure coding techniques and
the OWASP.
Target Audience: Web Application Developers, Penetration Testers, Web
Application Testers.
Course Duration: 5 days
Delivery Mode: Lecture with presentation slides, course materials, learning
activities, case studies, and review questions.
Pre-requisite: Some understanding of programming is required, preferably
PHP, Javascript, or ASP.

2.5. Law Enforcement

Cyber criminals today are targeting organisations with the intent of stealing When these cyber criminal falls in the hand of law enforcement, the officer must
confidential and financial information to commit crime. Using the internet be well versed in conducting investigation, analysis and reporting using
platform, this criminal activity is highly possible due to unsecured relevant tools and techniques to assist and bring in the culprits to justice.
application, systems, and networks.

2.5.1 Cyber crime investigation for Law Enforcement

Course Objective

This network investigations course is tailored specifically to the needs of Target Audience: Law Enforcement Officers and support staff.
law enforcement officers who are investigating cyber crimes. The course
will begin by reviewing the common types of cyber crimes, how criminal Course Duration: 4 days
activities are conducted on the Internet, the tools and motivations driving
the Internet as a medium for criminal activity. It investigates how Internet Delivery Mode: Lecture with presentation slides, course materials, learning
crime is commited using tools such as Botnets, DDoS attacks, illicit file activities, case studies, and review questions.
hosting, underground economy marketplaces, spam, phishing, extortion,
and more. The course demonstrates common hacking activities through
web application exploits, remote operating system, application exploits,
social engineering and web drive-by attacks. The objective of the course is
to give law enforcement officers a full set of tools and knowledge for
conducting effective network investigations.
Scholarship
As a global, non-profit organisation, ITU-IMPACT has received generous
donations from leading information security training providers. These
organisations are widely acknowledged as the top information security
certification bodies in the world and are renowned for providing
exceptional high quality courses and certifications recognised throughout the
information security community. These funds enable ITU-IMPACT to offer
highly sought-after training courses to qualified security professionals from any
one of our partner countries.

EC-Council Information Security Training Sponsorship Programme (ISTP)

ISTP is co-sponsored by EC-Council and is part of The EC-Council programmes identified under the ISTSP are Network Security
ITU-IMPACTs global agenda to combat cyber Administrator (E|NSA), Certified Ethical Hacker (C|EH), Computer Hacking
threats. The courses are awarded to selected Forensics Investigators (C|HFI), Certified Security Analyst (E|CSA), Licensed
recipients from ITU-IMPACT partner countries. Penetration Tester (L|PT) and Certified Disaster Recovery Professional
ITU-IMPACT is seeking suitable candidates with (E|DRP).
technical background in cybersecurity, good
communication and presentation skills, and have
keen interest in becoming a cybersecurity trainer in
support of the scholarship programme.

About ITU-IMPACT Centre for Training and Skills Development

The centre provides world-class training in cybersecurity. All training courses, specialised seminars and workshops are conducted in collaboration with the
leading ICT companies and institutions that include ITU, EC-Council, (ISC)2 and Honeynet Project. Our specialised courses bring together global expertise in
a broad range of specialisations, allowing ITU-IMPACT to work with governments and individual organisations to build internal capabilities in order to secure vital
infrastructure, mitigate threats and respond to unauthorised or unlawful activities. We carefully examine the needs and desires of our partner countries with an
eye toward continual improvement and development. As future requirements are identified, ITU-IMPACT will strive to develop and deploy effective training
courses to meet specific needs of information security practitioners and professionals.

For more information or enquiries, please contact:

International Multilateral Partnership Against Cyber Threats (IMPACT)
Jalan IMPACT
63000 Cyberjaya
Malaysia

T: +60 (3) 8313 2020

F: +60 (3) 8319 2020
E: training@impact-alliance.org
W: www.impact-alliance.org