2025 ISS PRE-CONFERENCE TRAINING CLASSES

(Monday & Tuesday, October 27-28)

This course offers an introduction to digital forensics, investigation, and response. Areas of study include procedures for investigating computer and cybercrime, and concepts for collecting, analyzing, recovering, and preserving forensic evidence. There will be 4 labs to provide students with intimate, hands-on experience learning Forensics.

Major Instructional Areas
1. Digital forensic investigations
2. Forensic environments and tools
3. Evidence collection and handling
4. Forensic reporting
5. Solving business challenges with forensic investigations

Course Objectives
1. Summarize the basic principles of computer forensics.
2. Summarize important laws regarding computer forensics.
3. Describe various computer crimes and how they are investigated.
4. Describe digital forensic methodologies and evidence handling techniques.
5. Outline the proper approach to collecting, seizing, and protecting evidence.
6. Explain techniques for hiding and scrambling information as well as how data is recovered.
7. Summarize various types of digital forensics.
8. Describe contingency planning and incident response.
9. Explain how to perform network packet analysis.
10. Identify technical and legal trends in digital forensics.

*** Please note: This course comes with a 90-day license to both the Digital Forensics eBook and their Cloud Access Labs.

<><><><><><><><><><><><><><><><><><>

This 2-day course is designed to provide participants with the knowledge and skills required to develop and implement enterprise-wide resiliency programs based on the principles of BS 65000 and ISO 22301 as well as other supporting industry standards. The course covers the essential aspects of resiliency planning and management, including risk assessment, measuring business impact, building a response, and recovery strategy.

The program is delivered in an interactive and engaging format that combines instructor-led training, case studies, group discussions, and practical exercises. The course also includes a comprehensive workbook study that tests participants’ knowledge and skills, and successful completion of the workbook leads to certification as a CERP.

Who is this course for?
The CERP course is suitable for professionals involved in developing and implementing resiliency programs in organizations of all sizes and types.

Learning Objectives:
Upon completing the course, participants will be able to:

1. Understand the fundamental principles and concepts of enterprise resiliency management.
2. Conduct a comprehensive risk assessment to identify potential threats and vulnerabilities to an organization’s operations.
3. Develop and implement a business impact analysis to identify critical business functions and their dependencies.
4. Develop and implement a response strategy to manage and respond to disruptive events.
5. Discussions of best practices on the planning to restoring of critical business functions and operations.
6. Establish a resiliency program framework and governance structure to ensure continuous improvement and effectiveness.
7. Understand the importance of effective communication, training, and awareness in resiliency management.
8. Understand the role of standards such as BS 65000 and ISO 22301 in resiliency management and certification.  All attendees will be provided access to BS 65000, ISO22301 and ISO27002 standards for 1 year after the class.

The CERP course equips participants with the knowledge and skills required to develop and implement enterprise-wide resiliency programs, ensuring organizations can effectively respond to disruptive events and quickly recover critical business functions.

Note for people who want to be a CERP Trainer:  Attending a CERP training class and completing the class workbook is one of the prerequisites to becoming an approved trainer.  If you want to be a CERP Trainer, attending this class will meet your training class requirement.  If you have any questions, contact cso@informationsecuritysummit.org.

<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>

Enterprise Security Architecture (ESA) is an architectural discipline related to aligning Information Security (Infosec) efforts to the highest priority risk and business objectives.  Some of the most significant challenges facing securing an organization, as well as designing for the future, is the ability to design Cloud solutions with Cybersecurity as a ‘front-of-mind’ concept.  Thematically, Cloud Security Principles have emerged to aid organizations to align their focus on security controls and posture, while enabling the business for speed and success.  This presentation outlines the architect’s view of optimizing and organizing ESA strategy for Cloud implementations while outlining the most important concepts to monitor along the way.

Topics covered include:
-Overview of ESA as a practice and discipline.
-Security Architecture in the Cloud
-Guiding Principles to Design with Security
– Examine Zero-Trust Architecture& Modern Use Cases
-Q&A

Target Audience: IT & Cybersecurity Strategists, Enterprise and Enterprise Security Architects (current or aspiring), and Cloud practitioners.

Learning Objectives:
-Provide a foundational understanding of Enterprise Security Architecture as a discipline.
-Draw the correlations between Security Architecture and Cloud Implementations (challenges and opportunities).
-Provide the audience with real-world examples of how to secure Cloud integrations.
-Learn the Top 5 considerations for ESA concepts in the Cloud.
-Examine a Zero-Trust roadmap and architecture(s)

Audience: Intermediate, to Advanced

<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>

Consulting Strategies for Cybersecurity is a ½ day course that tackles the engagement aspects of technical consultants within the Cyber Risk landscape. The student/consultant will learn adaptable strategies to relate to their consumers while intently managing the customer’s expectations, perceptions, and outlook on the Cybersecurity professional. Successful consultants will be well-armed with knowledge of political insights, as well as the technical expertise to provide world-class solutions and outcomes.

Topics covered include:
a. Philosophy of a Consultant
b. Consultant Skills
c. Political IQ – PQ
d. Mastering Work product
e. Q&A

Target Audience: Cybersecurity Strategists and Practitioners, Consultants (IT/Cybersecurity – current & aspiring, and Cybersecurity Managers/leadership.

Learning Objectives:
-Provide a foundational understanding of the role/challenges of a Consultant (IT/CS).
-Add communication strategies to your Consultant tool belt.
-Enhance the student’s Political IQ & awareness, while learning coping strategies.
-Provide examples of world-class Cybersecurity work products, while educating on the importance of perception, brand, and reputation.

Audience:
Intermediate, to Advanced