Call us at 1-800-413-0939
Hands On Technology Transfer

Cyber Security for Small and Medium Businesses Training Course

Attend face-to-face, remote-live, on-demand or on site at your facility.

On-Demand Training with Personal Facilitation
Top

Cyber Security for Small and Medium Businesses

Delivery Options: Attend face-to-face in the classroom, remote-live or via on-demand training.

Pricing

Face-to-face or remote-live: £1945

On-demand: £1145

Discounts: We offer multiple discount options. Click here for more information.

Duration

Face-to-face or remote-live: 5 Days

On-demand: Approximately 35 hours of coursework with personal facilitation, to be completed in a four week span.

Registration

Face-to-face or remote-live: Click here to view our schedules and register for face-to-face or remote-live sessions.

On-demand: Click here to register for on-demand training with personal facilitation, on a start date of your choosing.

Students Will Learn

  • How to create a secure IT environment
  • To assess risk
  • How to manage the risks associated with firewall, servers and routers
  • The use of certificate and digital signatures
  • How to build policies, procedures, standards, guidelines and controls
  • To implement user account security
  • How to respond to incidents
  • To understand and assess social media threats, methods, and techniques
  • Recovery planning and methods
  • To undertand and manage issues related to patch management and other software vulnerabilities
  • How to build monitoring capability to identify security trends or issues
  • The laws, rules and regulations with which enterprises must and/or should comply

Course Description

The Cyber Security for Small and Medium Businesses course provides a practical overview of the cyber security issues faced today by enterprises of all shapes and sizes, and teaches students how to protect their enterprise data. The course covers how to identify risks, monitor computers and networks for breaches, implement security policies, deploy tools to secure systems, and plan for all scenarios.

Upon completion of the course, students will be able to identify vulnerabilities and design and implement security polices and systems. They will also have a solid foundation regarding laws, rules and regulations that pertain to cyber security, as well as an understanding of available tools (mostly public domain or low cost) for monitoring and securing systems.

Course Prerequisites

Fundamental knowledge of computer operations and networking.

Course Overview

The Human Factors of Security
  • What Is Risk?
    • What You Can Do to Reduce Risk
    • Four Processes
    • The CIA of Security
  • The Company Manual: What's in It
  • Defining Security Policy
    • Policies, Procedures, Standards, Guidelines and Controls
  • Developing Electronic Policy
Objectives of Security
  • Security: Why and How
  • Basic Networking Technology
  • Overview of TCP/IP
  • Ports
  • Mapping a Network
  • Baselines
Active Directory
  • Central Management vs. Standalone Management
  • Standalone
    • Why?
    • Drawbacks
  • Fundamentals of Active Directory
    • Roles
    • Drawbacks
    • Group Policies
    • Backing up Active Directory
What Hackers Know
  • The Social and Web Views of Your Enterprise
  • Public and Private Information
  • How to Analyze Your Web Presence
  • Hidden Issues
  • ID Issues
  • Web Logs
  • Web Crawlers
Perpetrators and Their Motivators
  • You, Your Employees and Social Engineering
  • Defense against Phishing
    • Examples of Phishing
  • Certificates
    • Certificate Authorities
    • Building a CA
  • Digital Certificates and Email
  • Deploying Digital Certificates
Assessing Vulnerabilities (Before the Enemy Does)
  • Patch Management on Devices and Computers
  • Authentication for Credentials
    • PAP
    • CHAP
    • EAP
  • Weak Passwords
    • Defaults Passwords
    • Standard Password Configurations
  • Two-Factor Solutions
    • Biometrics
    • Card and Pin
Regulatory Issues and Action Items
  • Gramm-Leach-Bliley Act (GLBA)
  • Sarbanes-Oxley Act (SOX)
  • Payment Card Industry Data Security Standard (PCI DSS)
  • General Data Protection Regulation (GDPR)
  • Health Insurance Portability and Accountability Act (HIPAA)
  • NY DFS Cybersecurity Regulation (23 NYCRR 500)
Viruses, Malware and Ransomware
  • Viruses
  • Worms
  • Trojans
  • Malware
  • Ransomware
  • Defense Against the Dark Arts
  • Training End Users
Disaster Recovery (DR) and Business Continuity Planning (BCP)
  • A True Disaster
  • Disaster Recovery
  • Business Continuity Planning
  • Requirements for DR and BCP
  • Contents of Disaster Recovery and Business Continuity Plans
  • Building a Disaster Recovery Plan
  • Building a Business Continuity Plan
Backups
  • Types and Trade-Offs
    • Full
    • Incremental
    • Differential
  • Disk-Based
  • Cloud-Based
Support Groups and Sites
  • InfraGuard
  • SBA
  • FTC
  • ISACA
  • Local Groups
  • Your Support Company
Auditing for Compliance and Verification
  • Controls
    • Technical
    • Physical
    • Administrative
  • Employing Audits
    • Internal Audits
    • External Audits
Frameworks and GRC
  • Frameworks
    • NIST
    • CSF
    • RMF
  • Tools
    • The DHS CSET Tool
  • GRC
  • A Risk Register
Monitoring
  • Benefits
  • Targets
    • Servers
    • Bastion Hosts
    • Routers, Firewalls and Switches
    • Web Sites
    • Workstations
    • Networks (IDS, IPS)
  • Tools
    • Tripwire
    • CIMTRAK
    • Security Information and Event Management (SIEM)
  • Building a Monitoring System
Onboarding Employees
  • Before Hire
    • Background Check
    • Reference Check
  • At Hire
    • Reviewing the Company Manual
    • Policies with Regard to Web Use, Email and SPAM
    • Contacts
Incident Investigation
  • Defining Incidents and Events
  • Before the Investigation
  • Incident Investigation Methods
  • Forensics
  • Chain of Custody
Networking
  • Ethernet
    • Architecture
    • MAC Addresses
    • Network Traffic
    • Wireshark
    • FTP
  • Protecting Network Traffic
    • IPSEC
  • WIFI
    • WIFI Encryption: WEP, WPA, WPA2, WPA3
    • Hacking a WIFI Network
  • Virtual Private Networks
    • Tunnels
    • SSL
    • Microsoft Direct Access
    • Securing VPNs
Change Management
  • Definitions
  • Adaptation and Methods
Physical Security
  • Server Protection
  • Workstation Protection
  • Locking Down Stations
  • The Physical Plant
    • Office Access
    • Server Access
    • Network Policies
    • Material Security
  • Outside the Office
    • Laptops
    • Remote Devices
    • Encrypting Hard Drives
    • Smart Phones
    • Anti-Virus Software

Related Courses

Course Benefits

  • Course materials include student guide, hands-on lab manual and USB flash drive for examples and lab work
  • Students receive a certificate of completion at the end of class
  • Students can retake any portion of a class that has been completed, within 12 months at no extra cost
  • There are no registration fees or cancellation fees

Course Schedule

Choose a city below to view a schedule and registration options. If you have any questions, please call us at 1.800.413.0939 between 9:00 am - 5:00 pm Eastern Standard Time.