. Course Overview Cyber Security
Transcription
. Course Overview Cyber Security
Course Overview Cyber Security Sharpen your mind Deloitte Academy . 2014 We believe it is important to share our knowledge with clients and business relations. For this reason, we want to offer you the opportunity to participate in a training course together with our Deloitte Security & Privacy professionals. This overview contains the following training courses: • CISSP Certification • CISM Certification • SAP Security • Prepare for Privacy • HackLab: Hands-on Hacking • HackLab: Malware Analysis • HackLab: Introduction to Cybercrime • HackLab: SAP • ISO 27001 Implementation and Audit • SCADA Security • Oracle GRC • SAP GRC • In-house training, custom training and learning programmes CyberLympics 2011, 2012 and 2013. Deloitte has extensive experience in the field of advising and assessing the information security within governments and business. Our team consists of more than 30 specialists that describe "ethical hacking" as their great passion. The knowledge, experience and passion are reaffirmed in the recent finals of the Global CyberLympics. The team of Deloitte Netherlands did win, for the third time in a row a contest which consisted of both offensive and defensive security challenges. CISSP Certification The Certified Information Systems Security Professional (CISSP) certification is a globally recognized credential: the first of its kind and accredited by the American National Standards Institute (ANSI). Course objectives The Deloitte (ISC)2 CISSP Certification course is an intensive, five-day course that covers the most comprehensive compendium of information security best practices – the Common Body of Knowledge (CBK). The CISSP CBK establishes a common framework of information security terms and principles that allow information security professionals worldwide to discuss, debate and resolve matters pertaining to the profession, with a common understanding. The CISSP CBK consists of the following 10 domains: Programme Day 1 • Information Security Governance and Risk Management • Security Architecture and Design Day 2 • Access Control • Application Security • Operations Security 1. Access Control; 2. Application Security; 3. Business Continuity and Disaster Recovery Planning; • Cryptography 4. Cryptography; • Physical Security 5. Information Security and Risk Management; Day 4 6. Legal, Regulations, Compliance and Investigations; Day 3 • Networking • Business Continuity Planning 7. Operations Security; 8. Physical (Environmental) Security; • Business Continuity Planning Security Architecture and Design; • Legal and Regulatory • Sample exam (100 questions) 9. 10. Telecommunications and Network Security Day 5 Exam The Deloitte CISSP certification course has a passing rate of over 90% as opposed to the average CISSP success rate of around 60%. Target audience Participants will receive a voucher with which they can book an examination at a desired date and time at a Pearson VUE test centre of their choice. Security managers, risk managers, IT auditors, IT security professionals and security officers Course date and location This five-day course will be held on 3 – 7 March and on 10 – 14 November 2014 in Amsterdam, the Netherlands. Costs The costs are EUR 2,995 ex VAT. Exam voucher, catering (lunch) and course materials are included in the price. Course overview − Security & Privacy 2 CISM Certification CISM, Certified Information Security Manager, is a globally acknowledged information security management certification. This certification demonstrates you can connect information security to your organization’s business goals, understand the security aspects of new and current technologies, and possess the knowledge and skills to manage information security within your organization. Course objectives Programme The Deloitte CISM certification course is a three-day course, which aims to prepare participants for successfully passing the CISM exam. Day 1 • Introduction to CISM The CISM certification indicates that participants understand a global framework of information security management concepts and principles. These can be applied to different situations, so information security is managed in the best way possible. Areas of interest include risk management, handling security incidents, compliance issues, managing information security programs and integrating information security into the business. • Information security governance • Exercises The CISM framework clarifies the use of information security management in the organization, while it ensures its application is in sync with the organisation’s business goals. Information security management thus becomes more effective and efficient. Day 3 The CISM course comprises four domains: 1. Information security governance 2. Information risk and compliance 3. Information security program development and management 4. Information security incident management Besides these four domains, exam preparation will be a significant part of the course. Day 2 • Information risk and compliance • Information security incident management • Exercises • Information security program development and management • Summary • Exam preparation Exam The exam can be taken on 14 June or 13 December 2014. Participants have to register themselves at ISACA (www.isaca.org), up to 4 weeks prior to the exam. It is advisable to take the exam right after the training. Target audience (Information) Security managers (senior and junior level), business managers with information security in their portfolio, IT security professionals and security officers. Course date and location This three-day course will be held on 10 – 12 June and on 8 – 10 December 2014 in Amsterdam, the Netherlands. Costs The costs are EUR 1,295 ex VAT. Catering (lunch) and course materials (CISM Review Manual and review questions) are included in the price. Exam fee is excluded. Course overview − Security & Privacy 3 SAP Security During this five-day course, we will facilitate an in-depth view of SAP security. Starting from the basic concepts, the most important SAP security options will be discussed. Since we believe in ‘doing is learning’, the course not only provides technical background: it includes plenty of opportunity to discuss practical use, benefits, constraints and real-life examples. More importantly, many hands-on exercises are included, challenging participants to put the theory into practise. Deloitte uses its own sandbox environments to this end. Course objectives If you have ever been involved with SAP and its security concept, you are most likely familiar with the term SAP_ALL. Developers say they can’t work without it, auditors say nobody should have it assigned. This course will teach you the most important SAP security features and will allow you to understand their implications. It will enable you to tailor the security settings and procedures to best fit your organization without losing sight of best practises. Target audience Security managers, SAP application managers, SAP security professionals and IT auditors regularly dealing with SAP related security challenges and such. Other stakeholders such as internal control managers, risk managers and IT professionals with an interest to learn more about SAP Security concepts and techniques will benefit from this course as well. Course date and location This course is split into two parts. The first part is held on 30 – 31 January 2014 and provides an introduction to the SAP security concept. The second part, held on 3 – 5 February 2014, provides additional details and advanced topics. The complete course will be held in Amsterdam. Costs The costs are EUR 1,795 ex VAT. Catering (lunch) and course materials are included in the price. Programme The SAP Security course will cover the most important security settings for an SAP ERP system. You will be introduced to SAP basis security features, their implications and constraints, where they are implemented, and how they can be audited. The course will also address topics such as ‘hacking’ vulnerabilities, tooling and best practises. Although the course will focus on SAP ERP (commonly also referred to as R/3 and ECC), these concepts likewise apply to all other ABAP based systems, such as CRM, SRM and BI. The following topics will be addressed: • The SAP Landscape; • Access Path; • Introduction to Security; • Navigation; • User Management; • Authorization concept; • Profile Generator; • Logging; • System Parameters; • Transaction Security; • Program Security; • Table Security; • Job Scheduling; • Change Management; • Interfaces; • Use of tooling such as GRC. Course overview − Security & Privacy 4 Prepare for Privacy: Are you prepared? The importance of protecting personal data within organisations has increased exponentially. Technological developments have facilitated organizations in processing more personal data and on a larger scale. This has triggered a rapidly growing public interest in the protection of personal data and related legislation and regulations. Course objectives This practical course will provide the participants with insight into the rules on processing personal data and the steps required for complying with privacy legislation. Target audience Data officers, HR managers, chief information officers, security managers and other persons who are responsible for protecting personal data or who work with personal data every day. The participants will not need a thorough knowledge of privacy legislation. Course date and location Programme The course will discuss the notification and information requirement, the requirements for international transfers and the security measures to be implemented. The cookie legislation, the rules on direct marketing, emails and internet monitoring and privacy aspects of “the Cloud will be dealt with too. Finally, the course goes into the various risks of processing personal data, unnecessary or otherwise, preventing data leakage, and the upcoming European Privacy Regulation. This one-day course will be held on 16 May 2014 in Amsterdam, the Netherlands. Costs The costs are EUR 695 ex VAT. Catering (lunch) and course materials are included in the price. Course overview − Security & Privacy 5 HackLab: Hands-on Hacking Computer hacking is the practice of influencing computer hardware and software to accomplish a goal outside of their original purpose. A computer hacker is a person who identifies weaknesses and exploits them. Hacking is considered a complex activity. This course will explore the world of hacking and shed a light on how hackers work. Course objectives The practical five-day course equips participants with hands-on black box, white box and grey box vulnerability testing. We will address testing of web applications, mobile applications, mobile devices, wireless security, host based and network based infrastructure. The course takes the participants through the different stages of our proven methodology of information gathering, target selection and vulnerability identification and exploitation. Besides the methodology we will also discuss the different leading practises, such as OWASP and go into the different tools for vulnerability testing. Programme Day 1: Introduction and external penetration tests • Introduction and security trends • Penetration testing methodology • External Infrastructure penetration test • Firewall security / Prevention systems • Physical security assessments and social engineering Target audience Day 2: Internal penetration tests Security managers, application developers, IT professionals and IT auditors who have an interest in ‘Vulnerability Assessment’ and ‘Hacking’. • Infrastructure security test • Host-based security test • Wireless security test Participants of the course are expected to have a basic understanding of network, TCP/IP and Operating Systems (Windows and Linux). • Network security test Day 3: Application Assessments • Architecture Course date and location • Information Gathering This five-day course will be held on 7 – 11 April and on 15 – 19 September 2014 in Amsterdam, the Netherlands. • Vulnerability analysis • Code review • OWASP top 10 Costs • The costs are EUR 1,995 ex VAT. Catering (lunch) and course materials are included in the price. Executing of a web application vulnerability assessment Day 4: Current trends in hacking • Mobile Applications and security • Incident response / Security Operating Centres • Malware analysis • Hacking game • Reporting Exercise Day 5: Vulnerability assessment case • Summarizes all topics of the week • Interview the client • Vulnerability assessment execution • Reporting and presentation of the results • Evaluation and closing Course overview − Security & Privacy 6 HackLab: Malware Analysis Malware stands for malicious software, scripts or code meant to aid an attacker to hack a system, keep control, steal information or to cause damage. Analysing malware is a difficult task without the right knowledge and experience. During this course hands-on experience is gained with the analysis of malware, from the first steps to the analysing of advanced malware. Course objectives This hands-on course enables participants to make their first steps towards malware analysis up to the full reverse engineering of malware. We will deal with different methods of malware analysis, such as behavioural and static analysis. Topics addressed in this course include: the different properties and actions of malware, forensic traces, network traffic, obfuscation and encryption. Various malware files, specifically written for this course, will be analysed prior to analysing existing malware. A major element of this course is hands-on reverse engineering, giving maximum experience to participants during the three days. Following this course enables participants to perform their first analysis on encountered malware, correctly estimate the behaviour of malware, and understand how it can be countered. Target audience Programme Day 1: Introduction • General malware overview • Malware history • How victims are infected • Botnets • Malware analysis introduction • Malware identification • Malware packers and unpacking • Behavioural analysis • Malware debugging Day 2: Analysis • Banking Malware Incident response employees, digital forensic researchers, IT system & network administrators and IT professionals interested in malware analysis. • Static Analysis • Anti-Virus products • Malware recovery The participants should have fundamental insight into network protocols, IP network services, and operating systems. Experience with malware is not required, but a solid technical background is desired. • Malware crypto • Malware tools • Malware scripts analysis • Malware network traffic analysis • Exploit analysis • Malware Anti-Forensics Course date and location This three-day course will be held on 15 – 17 April and on 9 – 11 September 2014 in Amsterdam, the Netherlands. Day 3: Training and deepening Costs The costs are EUR 1,295 ex VAT. Catering (lunch) and course materials are included in the price. On Day 3, the knowledge gained is further put into practice. In different assignments, including the analysis of advanced malware specimens and Capture The Flag (CTF) exercises, insight will be provided into the inner working of malware analysis and reverse engineering in practice. Course overview − Security & Privacy 7 HackLab: Introduction to Cybercrime Over the last couple of years, cyber attacks have frequently made the headlines. Newspapers and online media are filled with terms such as trojans, botnets, phishing, denial of service attacks and data breaches. But what do these terms really mean and why are these attacks possible? This course will provide you with a theoretical and practical understanding of cyber attacks: essential if you wish to deal effectively with cybercrime within your organisation. Course objectives This course will explain the most common types of cyber attacks, the technology they are based on and the weaknesses they exploit in IT systems. To better understand cybercrime, we will look into the evolution of the Internet, the underlying technology and its global democratisation. We will also show how this insight into cybercrime can be used to design and implement effective risk mitigation measures, advise on security or prosecute cyber fraudsters. This course is a good foundation for any professional wanting to pursue training or further their knowledge of this field. It is not a deep dive into hacking activities or malware analysis. For more information on these topics please refer to HackLab: Hands-on Hacking and HackLab: Malware Analysis. Target audience This course is targeted at members of law enforcement agencies, policy makers, security officers, security managers, IT managers, application developers, IT professionals and IT auditors who have an interest in the latest developments in cybercrime. Course date and location This three-day course will be held on 10−12 February and on 24−26 September 2014 in Amsterdam, the Netherlands. Costs The costs are EUR 1,295 ex VAT. Catering (lunch) and course materials are included in the price. Programme Day 1: The Internet, protocols, phishing • The birth of the Internet • The Internet protocols: IP and TCP • The basis of HTTP and HTML • Proxies and firewalls • The mail protocol SMTP • Routers • The Domain Name System (DNS) • Phishing • Countermeasures phishing Day 2: DDOS, web applications and malware • Denial of Service attacks • Operating systems • (Web) servers and applications • HTTP • Browsers • Malware • Botnets • Banking trojans Day 3: Hacking and countermeasures • Hacking • Hacking phases • Vulnerabilities • Cases • SCADA/ICS • Countermeasures Course overview − Security & Privacy 8 HackLab: SAP Hacking and cybercrime currently receive a lot of media attention after recent incidents like Distributed Denial of Service (DDOS) attacks and theft of account and credit card data. Critical business applications like SAP have so far received little attention, even though they are the administrative heart of any business. This course shows a selection of vulnerabilities and how you can defend yourself against them. Course objectives This one-day course provides insight into the vulnerabilities of a SAP application and the associated infrastructure. After a brief introduction on SAP security and penetration testing in general, we will discuss a selection of known SAP vulnerabilities, showing you how easy it can be to access critical functions and data. We will also discuss how you can detect these vulnerabilities and properly secure your system against them. Programme Introduction • Introduction • Penetration test methodology • Overview SAP components Risks Target audience (SAP) Security professionals, IT managers, risk managers and IT professionals having an interest in SAP security and ethical hacking. Course date and location This one-day course will take place on 13 February 2014 in Amsterdam. Costs The costs of this course will be EUR 395 ex VAT. Catering (lunch) and course materials are included in the price. • What can go wrong • Risks in a SAP landscape Vulnerabilities • Sample vulnerabilities for the different SAP components • Possible countermeasures An average SAP landscape comprises a large number of technical components. It is impossible to discuss all possible vulnerabilities for all these components in a single day. Hence we have selected a number of relevant vulnerabilities, applicable for different components. This enables us to clearly outline the security possibilities in a SAP landscape. Course overview − Security & Privacy 9 ISO 27001 Implementation and Audit Gaining and delivering information is critical to achieving your business goals and building a sustainable business. Securing information within organizations is therefore becoming more important. The ISO 27001 standard is designed to help your organization manage and secure critical business information in the context of overall business risk and signals your clients that you are actively working towards a more secure organization. Course objectives This three-day course offers practical guidance on how ISO 27001 certification can be achieved and what the biggest challenges are during an audit. It explains the required Plan, Do, Check & Act cycle and the role of the Information Security Management System (ISMS). The course offers insight on how controls are selected in order to cover business risks and explains the relationship between ISO 27001 and other ISO standards. Areas of interest include risk analysis, business risk, creating improvement plans and integrating information security into your business. Special attention is given to incident management, business continuity, data classification and access control. Participants will benefit from our experience as both implementers and auditors through real-life cases and examples. All topics will be handled from both an implementer and auditor point of view. Programme Day 1 • Introduction to ISO 27001 standard • Structure of ISO 27001 standard and relationship to other ISO standards • Differences between 2005 and 2013 version • Information Security Management System and role of the Plan, Do Check & Act cycle Day 2 • Risk analysis and improvement plans • Security policies and ISO 27001 • Project planning Day 3 Target audience Information security managers, internal IT auditors, business managers with information security in their portfolio, IT security professionals and security officers. • ISO 27001 controls • Audit and review, including improvement cycle • Steps towards certification of the organization Course date and location This three-day course will be held on17−19 February 2014 in Amsterdam, the Netherlands. Costs The costs are EUR 750 ex VAT. Catering (lunch) and course materials are included in the price. Course overview − Security & Privacy 10 SCADA Security The past years, off-the-shelve software and hardware as well as remote access possibilities in industrial environments have increased. The broader threat landscape and increased sophistication of attacks indicate the need to improve SCADA (supervisory control and data acquisition) security capabilities. But where to begin? During this course we will provide insight in threats, best practices, vulnerabilities and mitigating controls. We will take the participant through the complete SCADA security cycle: Know, Prevent, Detect, Respond and Recover. Course objectives This intensive, three-day course that covers various topics to improve understanding of the SCADA environment and security of SCADA systems. The course provides the fundamentals on SCADA security. The participants will be able to make informed decisions regarding the security of controls systems and understand the implications of these decisions. The course delivers knowledge about the differences between industrial and business IT, including the difficulties of implementing common security practices on SCADA systems. From a compliance perspective several standards provide helpful insights to improve the security capabilities. For this purpose the course will elaborate on standards and best practices such as: ISO-27000, NERC-CIP, SANS and ISA-99. On a practical level, the course will provide a hands-on workshop in which participants can experience SCADA exploitation. In addition, the program elaborates on SCADA vulnerability and security assessments. Target audience IT professionals, penetration testers and managers that want to increase their understanding and knowledge of the SCADA environment and SCADA security assessments. Programme Day 1: Know • Understanding the SCADA threat landscape • Understanding the differences between industrial- and business IT security • Understanding best practices and standards Day 2: Prevent & Detect • Reviewing SCADA architecture • Reviewing SCADA vulnerabilities • Security logging and monitoring • Selecting and implementing security controls Day 3: Respond & Recover • Hands-on SCADA exploitation workshop • Active and passive security assessments • Implementing a security operations centre and disaster recovery strategies • Future SCADA security technologies Course date and location This three-day course will be held on 17 – 19 March 2014 in Amsterdam, the Netherlands. Costs The costs are EUR 1,295 ex VAT. Catering (lunch) and course materials are included in the price. Course overview − Security & Privacy 11 Oracle GRC This two day course enables you to smoothen your Oracle Governance, Risk & Compliance (GRC) implementation journey. It brings insight in how Oracle’s GRC software can help in managing risks and controls (access, process and business controls) from a single repository. The course aims to get you comfortable with a best practise implementation strategy and approach, lessons learned and key success factors. For those looking for hands-on experience and practical use cases the course offers a technical Deep Dive. Course objectives In today’s unpredictable and highly competitive business environment, it’s important to take a holistic view of governance, risk and compliance (GRC) — while focusing not only on the risks that can threaten value, but also the risks that an enterprise can take to create value. People, processes and technology should all work together to help the enterprise stay in control of the risks it chooses to take. Programme This two day course contains both functional and high-level technical aspects of Oracle GRC and will help audience with both technical and non-technical background. Oracle’s comprehensive GRC software provides the functionalities to automate your GRC initiatives and processes to optimize business processes, manage risks and comply with regulations. Day 1 This course will teach you how Oracle’s GRC software can help in managing risks and controls (access, process and business controls) from a single repository. Additionally, the course covers implementation strategy, lessons learned, key success factors and best practices to make you more comfortable with your GRC implementation. We will also take a deep-dive into the system to understand the technical basics, based on a case study. • Holistic view on GRC • Product overview of Oracle GRC • New features and key enhancement • Implementation strategy and approach • Lessons learned • Key success factors • Best practices. Target audience Risk managers, financial and business controllers, Oracle competence centre managers, functional consultants, implementation consultants, security & GRC consultants, program managers and IT governance experts. Course date and location The first day will mainly focus on functional side of Oracle GRC and covers: Day 2 The second day is designed to give you a more comprehensive understanding of the technical implementation of GRC and focuses on: • Installation requirements • Technical configuration basics of Oracle GRC based on use cases and exercises, e.g: This two-day course will be held on 13 − 14 March 2014 in Amsterdam, the Netherlands. − TCG – Transaction Controls Governor Costs − AACG – Application Access Controls Governor The costs are EUR 795 ex VAT. Catering (lunch) and course materials are included in the price. − CCG – Configuration Controls Governor − PCG – Preventive Controls Governor Although this program is specifically designed for Oracle GRC Controls, it will touch upon the integration point with Oracle GRC Manager and Oracle GRC Intelligence. Course overview − Security & Privacy 12 SAP GRC This course enables you to release the value of Governance, Risk & Compliance (GRC) within your organization through automation with SAP GRC. It brings insight in how SAP’s GRC software can help in managing risks and controls (access, process and business controls) from a single repository. The course aims to get you comfortable with a best practise implementation strategy and approach, lessons learned and key success factors. For those looking for hands-on experience and practical use cases the course offers a technical Deep Dive. Course objectives In today’s unpredictable and highly competitive business environment, it’s important to take a holistic view of governance, risk and compliance (GRC) — while focusing not only on the risks that can threaten value, but also the risks that an enterprise can take to create value. People, processes and technology should all work together to help the enterprise stay in control of the risks it chooses to take. SAP’s comprehensive GRC software provides the functionalities to automate your GRC initiatives and processes to optimize business processes, manage risks and comply with regulations. This course will teach you how SAP’s GRC software can help in managing risks and controls (access, process and business controls) from a single repository. Additionally, the course covers implementation strategy, lessons learned, key success factors and best practices to make you more comfortable with your GRC implementation. We will also take a deep-dive into the system to understand the technical basics, based on a case study. Programme This course is divided into two parts which enables participants to register, based on their experience and learning goals Part 1: SAP GRC Essentials (2 Days) The first two days mainly focus on functional side of SAP GRC and covers: • Holistic view on GRC • Product overview of SAP GRC • New features and key enhancement • Implementation strategy and approach • Lessons learned • Key success factors • Best practices. Part 2: SAP GRC Deep Dive (3 Days) Target audience Risk managers, financial and business controllers, SAP competence centre managers, functional consultants, implementation consultants, security & GRC consultants, program managers and IT governance experts. The following 3 days are designed to give you a more comprehensive understanding of the technical implementation of GRC and focuses on: • Installation requirements • Technical configuration basics of SAP GRC Access Control based on use cases and exercises, e.g.: Course date and location − Access Risk Analysis This five-day course will be held on 24 − 28 March 2014 in Amsterdam, the Netherlands. − Access Request Provisioning − Business Role Management − Emergency Access Management Costs − MSMP Based Workflow design for workflow The costs are EUR 1,795 ex VAT. Catering (lunch) and course materials (hand-outs and exercises) are included in the price. The costs for participants who only want to participate in Part 1: SAP GRC Essentials (2 Days) are 795 ex VAT. − BRF+ based rule creation • Technical configuration basics of SAP GRC Process Control and Risk Management based on use cases and exercises. Course overview − Security & Privacy 13 In-house training, custom training and learning programmes Deloitte offers more than just the trainings referred to before. We provide in-house trainings too: anything from standard trainings to trainings tailored to your organization. We can even set up a full learning programme uniquely geared to your organization. In-house training In-house or in-company training distinguishes itself because it specifically focuses on your organization. The training can thus be adapted to your wishes. Standard training Apart from our offerings discussed in this flyer, we have a great choice of standard trainings available. We can consult with you to include specific priority aspects you consider to be important. Topics Deloitte provides a great deal of trainings all across the world, so we have a large number of standard trainings and topics readily available. These are just some of the trainings we have on offer: • Security & Risk Management (Governance, Frameworks, Architecture, Transformation) Custom training • Business Continuity & Disaster Recovery A careful analysis of your learning needs and an extensive intake will enable us to prepare a custom training. This will allow you to train and educate your professionals very effectively. Since the course materials and examples will be geared to your own organization, your professionals will be able to immediately use what they have learned in their daily practice. • Identity & Access Management • Security Architecture • Cyber Security • Infrastructure Protection • Application Protection • Secure Software Development • End User security (Awareness, Social media, Mobile devices) • Vendor control (Cloud computing, Assurance) • Privacy • Hacking and Vulnerability Assessments Learning programme In addition to offering in-house trainings, we also offer you the option to prepare a full, tailored learning programme, entirely geared to your organization, the business objectives, and the employees’ learning needs. Costs Specific systems & certifications Feel free to contact us for more information on pricing or to get a quote. Even a relatively low number of participants can make an in-house training more economical than a regular external training. In addition, we offer security trainings on specific systems, such as SAP and Oracle. We can arrange trainings for most of the security certifications (CISSP, CISM, CISA, CEH, etc.) as well. Further information Training forms If the training you need is not stated here, or if you want further information on our training and learning offering, please contact us. Contact details can be found in the back of this brochure. We are able to provide various training forms such as: classroom based, e-learnings, webinars, workshops and game-based. Course overview − Security & Privacy 14 Your facilitators Our professionals are your facilitators − sharing with you their practical knowledge. Our course offerings distinguish themselves by being topical and effective. The limited number of participants per course offers plenty of space for interaction between facilitator and participants in a stimulating and pleasant atmosphere. The following professionals facilitate the courses mentioned in this brochure: Marko van Zwam Partner Deloitte Security & Privacy Marko is a partner within Deloitte Risk Services and leads the Security & Privacy team, which consists of more than 100 professionals. He has over 18 years of experience in IT, IT Security, IT Audit and IT Risk Management. Gijs Hollestelle Facilitator CISSP Certification Gijs is a senior manager in the Security & Privacy team. Gijs has over 8 years of experience in security issues, from security awareness to IT infrastructure security and Ethical Hacking. Gijs was part of the winning team at the Global CyberLympics 2013. Coen Steenbeek Facilitator HackLab – Hands-on Hacking Coen is a manager in the Security & Privacy team. Coen specializes in both technical engagements like vulnerability assessments and in performing security management related tasks (ISO27001 / 2). During his career at Deloitte Coen has earned the RE, CEH, CISSP, CISM and CGEIT certifications and he was part of the winning team at the Global CyberLympics 2013. Trajce Dimkov Facilitator SCADA Security Trajce is a manager within the Security & Privacy team and has over 7 years of experience in ICT infrastructure and security. Trajce specializes in both security management of industrial control systems and vulnerability assessment. Previous to his work at Deloitte, Trajce did a PhD at the University of Twente on social engineering and physical penetration testing and is currently involved in many vulnerability assessments that include these two ingredients. Frank Hakkennes Facilitator SAP Security & HackLab: SAP Frank is a manager in the Deloitte Security & Privacy Risk Services team. Frank specializes in security management, particularly for SAP environments. Frank is a certified SAP Security Consultant and has been responsible for audit, implementation and advisory services in respect of (SAP) security and configuration management. Course overview − Security & Privacy 15 Tom-Martijn Roelofs Facilitator HackLab – Introduction Cybercrime Tom-Martijn is Director Cyber Security in the Security & Privacy team. Tom-Martijn has extensive experience in combating cybercrime, IT management and audit. As a former head of ABN AMRO’s cybercrime response team, Tom-Martijn has gained extensive expertise in incident response, fraud detection, network security monitoring and crisis. He has set up a training program for combating financial cybercrime. Henk Marsman Facilitator CISM Certification Henk is a senior manager in the Security & Privacy team and has over 13 years of experience in IT Security and risk management. Henk focusses on security management and identity & access management. He also has a background in public key infrastructure and network security. Currently Henk co-leads the Security management practice within the Security & Privacy team. Martijn Knuiman Facilitator HackLab – Hands-on Hacking Martijn is a senior manager in the Security & Privacy team. Martijn has over 10 years of experience in ICT infrastructure and security. Martijn has extensive experience in Network Operating Systems, IT forensics, Data Leakage Prevention, Security Governance, Security Management and Ethical Hacking. Annika Sponselee Facilitator Prepare for Privacy Annika is a senior manager within the Security & Privacy team. Annika has over 8 years of experience in privacy law and data protection law. Before Annika started working at Deloitte, she was a lawyer at Baker & McKenzie, also in privacy law. Her daily activities include advisory and support services for large companies and multinationals on national and international privacy law issues. Annika regularly gives trainings and presentations on privacy legislation. Thijs Bosschert Facilitator HackLab – Malware Analysis Thijs is a manager in the Security & Privacy team. Thijs has over 8 years of experience in Incident Response and Forensics and over 11 years of experience in IT security. Thijs has experience in conducting and managing incident responses and forensics investigations, pen-testing and malware research. Thijs was part of the Deloitte Global CyberLympics team that won at the Global CyberLympics 2013. Ruud Schellekens Facilitator CISSP Certification Ruud is a manager in the Security & Privacy team. With a strong IT background, Ruud started as an IT auditor. In this role he obtained a broad knowledge of the security of ERP applications and IT infrastructures. In addition, Ruud has been involved in developing various Deloitte security auditing tools. Ruud is a certified CISM, EDP auditor, CISSP and GRAPA professional. Floris Schoenmakers Facilitator SCADA Security Floris is a senior consultant within the Security & Privacy team. Floris has done research into the increasing integration of industrial and business IT in SCADA environments and the vulnerabilities associated with this integration. Floris is certified CISSP and CSSA. His main focus is the security of industrial systems and infrastructure. Course overview − Security & Privacy 16 Suzanne Janse Facilitator SAP GRC Suzanne is working as director in the Security & Privacy team of Deloitte Risk Services. She heads the ERP Risk Consulting and GRC (Governance, Risk & Compliance) software practice; a team of highly motivated subject matter experts in the field of ERP (SAP, Oracle) Security & Controls and GRC software implementation. Ashees Mishra Facilitator SAP GRC Asheesh works as a manager in the Security & Privacy section of Deloitte Risk Services. He has more than 9 years of work experience in area of SAP GRC Access control, Process Control, Risk Management, SAP Security and Net weaver IDM. He has lead and been part of several SAP GRC (AC/PC) rollout projects, Controls and SOX engagements, SAP Security and authorization design. Willem van der Valk Facilitator Oracle GRC Willem is an experienced senior manager within the Security & Privacy team of Deloitte Risk Services. He has a background in Oracle eBS and has a broad knowledge of Governance, Risk & Compliance (GRC). Willem has been involved in many Oracle ERP and GRC implementations. Furthermore he regularly performs Oracle Security and Controls assessments at different type of clients. Berry Kok Facilitator Oracle GRC Berry is an experienced junior manager within the Deloitte Risk Services department and has a focus on GRC, Security and Controls, User Access Management and Segregation of Duties within Oracle applications. Berry developed his Oracle expertise by following multiple courses at the Oracle University (i.e. GL, AP, AR, Procurement, GRC) and performing several Oracle security related assignments, ranging from ERP and GRC implementations, SOD reviews and Security & Controls audits. Marlous Theunissen Facilitator HackLab – Malware Analysis Marlous is a consultant in the Security and Privacy team of Deloitte Risk Services. Marlous graduated cum laude in Computer Science and Engineering with focus on both security and algorithms. She has gained experience in penetrations tests and malware analysis, and passed both the CISM and CISSP examinations this year. Course overview − Security & Privacy 17 Additional course information Number of participants Permanent Education Depending on the nature of the course and the level of interaction we have a maximum number of participants per course. Deloitte Academy is a NBA (The Netherlands Institute of Chartered Accountants) acknowledged institution. These courses will earn you PE points. Course hours Registration 9:00 to 17:30 hours, including lunch. You can register for this course through www.deloitte.nl/academy. Location Our courses are being facilitated at our office in Amsterdam. Approximately one month before the course date you will receive more information about the exact location of the course. Language The courses will be given in English or Dutch, depending on the participants’ preferred language. The course material is in English. More information For more information about these courses contact: Deloitte Academy Postbus 2031 3000 CA Rotterdam Phone: 088 − 288 9333 Fax: 088 − 288 9844 E-mail: nlacademy@deloitte.nl Internet: www.deloitte.nl/academy Cancellation policy Please refer to our website for our Terms and Conditions and cancellation policy. Deloitte Academy reserves the right to cancel the course in the event of insufficient registrations. You will be informed about this on time. Course overview − Security & Privacy 18 Contact us Deloitte Academy Wilhelminakade 1 3072 AP Rotterdam Postbus 2031 3000 CA Rotterdam Phone 088 288 9333 Fax 088 288 9844 nlacademy@deloitte.nl www.deloitte.nl/academy Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee, and its network of member firms, each of which is a legally separate and independent entity. Please see www.deloitte.nl/about for a detailed description of the legal structure of Deloitte Touche Tohmatsu Limited and its member firms. Deloitte provides audit, tax, consulting, and financial advisory services to public and private clients spanning multiple industries. With a globally connected network of member firms in more than 150 countries, Deloitte brings world-class capabilities and high-quality service to clients, delivering the insights they need to address their most complex business challenges. Deloitte has in the region of 200,000 professionals, all committed to becoming the standard of excellence. This communication is for internal distribution and use only among personnel of Deloitte Touche Tohmatsu Limited, its member firms, and their related entities (collectively, the “Deloitte Network”). None of the Deloitte Network shall be responsible for any loss whatsoever sustained by any person who relies on this communication. © 2014 Deloitte The Netherlands