Britain is hit by up to
1,000 cyber attacks
every hour.
Securing your business with
IA and cyber security
Cybercrime and information security
breaches are on the rise. From phishing
scams and Trojan worms to laptops left on
trains, businesses need the correct security
measures and processes in place to make
sure they are protected.
At QA, we deliver training to:
help you to protect your organisation from hackers
and security breaches
enable best practice IA (Information Assurance)
and cyber security
meet all of your needs - we provide a range of
security training options including:
vendor specific courses
policy and guidance courses from professional
security bodies
government specific IA courses
training
Source: British Intelligence Sources, quoted in the Daily TelegraphYou can’t afford not to invest in IA
and cyber security training
0845 757 3888 | www.qa.com/cybersecurity
Nearly two-thirds of critical infrastructure companies
report regularly finding malware designed to
sabotage their systems.
Source: McAfee, 2011
Hackers, Trojan worms and Zeus botnets may sound like the stuff of gritty crime novels and
Hollywood thrillers, but cybercrime is very real and it is having a very real effect on UK
businesses today.
The threat
Intelligence sources have warned that Britain is being targeted by up to 1,000 cyber attacks every hour in a relentless campaign
to steal secrets, access confidential data or disable corporate systems. If your business does not have the right measures in place,
your IT systems are at risk of being compromised – in fact, they may already have been compromised, and the impact of not
recognising or pre-empting online security breaches can be far reaching and long term.
Developments in technology have meant that practically all businesses rely on the internet. Whether it be to conduct business
meetings, store business data or just to send emails – the daily running of a business tends to be conducted online. This reliance
on the internet comes with its own risks. The online environment offers thieves new ways of accessing confidential company
information and so online security needs to be taken very seriously.
How to protect your business
Approximately 80% of known cyber attacks could have been prevented
or successfully overcome with the implementation of basic business
security practises targeted at employees, processes and technology.
Educating your workforce and raising user awareness is the first step
you need to take to protect your business.
Your cyber security training needs
A company’s cyber security training needs can be categorised as
follows:
All of your employees need to be armed with the knowledge to be
able to identify potential threats and to empower them to operate in
a secure way
Your operational team need the skills to develop and implement
secure processes and policies
Your IT team need the skills to be able to secure your technical
systems and the ability to defend them should they be breached
QA offers the definitive cyber security portfolio of training courses
which will meet all of your IA and cyber security needs.
You can’t afford not to invest in IA
and cyber security training
The definitive IA and cyber security
course portfolio
End User/Technology Awareness
Foundation
Intermediate
Advanced
BCS and The Open Gr oup EC Council ISO27001 CompTI A Technical Non-Cer tification Courses
BCS Certificate in Information Security Management Principles
Introduction to ISO 27001
Introduction to TCP/IP IT Security Fundamentals
CompTIA Security + BCS Practitioner Certificate in Information Risk Management BCS Certificate in Data Protection BCS Practitioner Certificate in Business Continuity Management BCS Certificate in Freedom of Information
EC Council Certified Network Security Administrator ISO 27001 Implementation
ISO 27001 Lead Implementer
ISO 27001 Internal Auditor
CompTIA Advanced Security Practitioner
Understanding and Managing the Threat of Malware
PKI and TLS Workshop
Penetration Testing – Tools & Techniques
Wireless Security: Hands-On
BCS Intermediate and Practitioner Certificates in Enterprise and Solution Architecture
TOGAF 9 Foundation and Certified (Level 1 and 2)
EC Council Certified
Ethical Hacker EC Council Certified Security Analyst
EC Council Computer Hacking Forensic Investigator ISO/IEC 27001 Lead Auditor ISO 27001 Registered Auditor Qualification
ISC(2) Information Systems Security
EC Council Secure Computer User Specialist Operating Systems Fundamentals
Fundamentals of Networking and the Internet
Cyber Security: An Introduction
Understanding the World Wide Web
Understanding the Cyber Threat
Developing Secure .NET Web Applications – Mitigating the OWASP Top 10 Security Vulnerabilities
Developing Secure Java Web Applications – Mitigating the OWASP Top 10 Security Vulnerabilities
EC Council Certified Secure Computer User End User Security: Protecting Your Online Footprint
OSI Open Source Intelligence Investigators: An Introduction
OSI Open Source Intelligence Investigators: Advanced
OSI Social Engineering Attack and Defence
Introduction to Cyber Security for Industrial Control Systems
Stress Testing your Network Security
Hands-on cyber security for Industrial Control Systems
Below are details of all of the IA and cyber security courses which QA offers. It details everything from product/technology-based
courses and certification tracks, to best-practise courses which focus on giving a more general overview of IA and cyber security.
Nearly two-thirds of critical infrastructure companies
report regularly finding malware designed to
sabotage their systems.
Source: McAfee, 2011
Hackers, Trojan worms and Zeus botnets may sound like the stuff of gritty crime novels and
Hollywood thrillers, but cybercrime is very real and it is having a very real effect on UK
businesses today.
The threat
Intelligence sources have warned that Britain is being targeted by up to 1,000 cyber attacks every hour in a relentless campaign
to steal secrets, access confidential data or disable corporate systems. If your business does not have the right measures in place,
your IT systems are at risk of being compromised – in fact, they may already have been compromised, and the impact of not
recognising or pre-empting online security breaches can be far reaching and long term.
Developments in technology have meant that practically all businesses rely on the internet. Whether it be to conduct business
meetings, store business data or just to send emails – the daily running of a business tends to be conducted online. This reliance
on the internet comes with its own risks. The online environment offers thieves new ways of accessing confidential company
information and so online security needs to be taken very seriously.
How to protect your business
Approximately 80% of known cyber attacks could have been prevented
or successfully overcome with the implementation of basic business
security practises targeted at employees, processes and technology.
Educating your workforce and raising user awareness is the first step
you need to take to protect your business.
Your cyber security training needs
A company’s cyber security training needs can be categorised as
follows:
All of your employees need to be armed with the knowledge to be
able to identify potential threats and to empower them to operate in
a secure way
Your operational team need the skills to develop and implement
secure processes and policies
Your IT team need the skills to be able to secure your technical
systems and the ability to defend them should they be breached
QA offers the definitive cyber security portfolio of training courses
which will meet all of your IA and cyber security needs.
IA training for government
0845 757 3888 | www.qa.com/cybersecurity
The information held by government departments is critically important,
highly sensitive and in need of protection. Any security issue or loss of
data could put individuals, companies and even the nation as a whole
at risk.
Government departments have to protect their systems and the information which they hold.
The Cabinet Office, through CESG (the National Authority on Information Assurance), sets IA
and cyber security policies and standards which government departments must adhere to.
QA is the only commercial organisation to work across central and local government, providing
training using licensed materials from CESG, for IA professionals.
Trust the experts: training using licensed materials
from CESG, the National Technical Authority for
Information Assurance.
IA
Course title
Duration
Fundamentals of Information Assurance in HMG 1 day
Information Risk Management for HMG IA Practitioners - IS 1&2 2 days
Information Assurance Accreditor Introduction 1 day
QA’s courses include:
Tempest
Course title
Duration
EM Security and TEMPEST Fundamentals 2 days
TEMPEST Testers basic onsite testing 15 days
TEMPEST Testers transmitter testing 10 days
TEMPEST Testers certification testing 5 days
TEMPEST Testers advanced testing 15 days
CAS(T)
Course title
Duration
CAS(T) Lead Auditor Conversion (inc exam) 1 day
There are over
20,000 malicious
emails on
government
networks each
month.
Timeline of security breaches
Below is a timeline which illustrates some of the key events in the evolution of cybercrime.
It shows the evolving nature of cybercrime and the increasing threat which it poses to businesses
and public sector organisations alike.
1903
Nevil Maskelyne disrupts a radio demonstration by JohnFleming and Guglielmo Marconi. Maskelyne sent messages to
the receiver on the stage of the Royal Institute in London, revealing vulnerabilities within the system.
John von Neumann publishes the paper 'Theory of self-reproducing automata'. The ideas in the paper were
instrumental in the creation of early computer viruses. The Creeper worm spreads through ARPANET – the Advanced
Research Projects Agency Network, funded by the US Defence Department. It infected the main-frame computers, copying itself onto the system and displaying a message.
‘The Animal’ (the first trojan malware program) is released. It was a
non-malicious virus but it exploited holes in the Operating System of the computer and left the name of the Animal in all the directories and files that the user had access to.
The ARF-ARF virus is released. A Trojan horse which wiped out a
computers directory by offering to sort it into alphabetical order.
US Government introduces the Comprehensive Crime Control Act. It introduced new rules against the unauthorised access
and use of computers/computer networks. Robert Schifreen & Stephen Gold are arrested for accessing the British
Telecom network. The case was a major factor in the creation of the
Computer Misuse Act 1990.
The Cascade virus is released. It was the first virus that was able to
encrypt itself to avoid detection. It caused the letters of a document to 'fall' to the bottom of the screen. The virus caused IBM to publicly release
anti-virus software. The Computer Misuse Act passed by the British Government. The Act makes it an offence to obtain unauthorised access to
a computer or computer network.
The Concept macro virus is released.
The first macro virus for Microsoft Word found in the wild.
The Code Red worm is released. The worm attacked a vulnerability in
Microsoft's Internet Information Server (IIS) and infected around 2 million servers.
January - The SQL Slammer worm is released. The worm attacked
machines running Microsoft SQL Server. It only took 15 minutes to spread worldwide.
September - First Titan Rain attack is detected. Titan Rain targeted
military and contractor networks. It was one of the first examples of an Advanced Persistent Threat (APT) attack. It involved a rapid breach that removed data to intermediate servers in South Korea, Hong Kong & Taiwan.
March - The Witty worm is the first Internet worm to carry a destructive payload. Witty attacked computers that had ISS
firewall products installed. Once infected the machines would attempt to infect other random IP addresses and then crash the host's hard disk.
The UK National Infrastructure Security Co-ordination Centre (NISCC) reports targeted email attacks on over 300
Government departments and major commercial organisations.
August - The first appearance of the Vundo trojan is recorded. These
Trojans displayed pop-up ads for spyware or malware removal software and switched off some security features and programs.
February - The first malware designed for the MAC Operating System is detected. The trojan known as either Leap-A or
Oompa-A used the iChat application to spread to other devices.
1966
1971
1974
1983
1984
1985
1987
1990
1995
2000
2004
2005
2006
2007
2008
January - The Storm worm begins attacking computers through an email spam campaign. Infected computers are then used to deliver spam emails. Jeremy Clarkson publishes his bank account details in The Sun
newspaper (in response to panic over child benefit data breach)
Someone set up a £500 direct debit to the charity Diabetes UK. Clarkson forced to admit that he was wrong and that the information could be used to remove money from his account.
October - Two CDs containing the child benefit database went missing
after being sent by a courier. The information was secured using a very basic password mechanism which could be easily bypassed. There has been no evidence that the discs fell into criminal possession.
2009
2010
Credit card transaction processing company Heartland Payment Systems’ network breached. Tens of millions ofcredit card details were compromised.
2011
Google network is compromised. Many other large companies
reveal that they have also been compromised - The aim of the attacks was to gain access to intellectual property and software code.
2012
March - RSA servers are compromised. Network breached by an email
phishing attack aimed at employees, which carried an Excel attachment with a Remote Administration Tool (RAT). Using the RAT attackers accessed RSA servers.
April - The PlayStation network is breached. Information - including
financial details of 77 million users - is compromised.
March - Global Payments is attacked. 1.5 million Visa and Mastercard
card details are compromised.
The ILoveYou worm affects networks across the world. The worm used
social engineering techniques to entice users to open the mail attachment and then exploited weaknesses in common mail systems to spread within organisations. The worm infected over 50 million computers.
2001
