Trainings

CDA & ASSECO CYBERSECURITY TRAININGS

1. Introduction

Cyber Defense Africa SAS (“CDA”) is a joint stock company (société par actions simplifiée) registered in the Republic of Togo under No TG-LOM 2020 M 0893 (RCCM) / 1001555586 (NIF) / 91350 (CNSS) with a share capital of XOF 1.965.000.000 fully subscribed and registered address Rue Abdoulaye Fadiga, 07 BP 13215 Lomé, Togo.
CDA is a joint-venture established by the Republic of Togo and Asseco Group to protect Togolese citizens, businesses, organizations and public administrations against cyber-attacks, advise the National Cybersecurity Agency (ANCy) on the definition and implementation of the national cybersecurity strategy and standards and foster development of cyber security knowledge and best practices in Africa. CDA is the operational entity in charge of ensuring Togo’s cybersecurity, by organizing proactive and reactive measures to counter cyber threats, in accordance with global best practices.

Asseco is the largest IT company in Central and Eastern Europe and the 5th largest software group in Europe by revenues (EUR 2.5Bn in 2019) offering comprehensive dedicated IT solutions for all industries. The Asseco Group’s companies are listed on Warsaw Stock Exchange, the Tel Aviv Stock Exchange, as well as on the New York NASDAQ. As of December 2019, Asseco Group employed over 25,000 people in more than 50 countries globally, including most European countries, Israel, USA, Canada, Japan, India, Australia, South Africa, Ethiopia, Nigeria and Togo.
This document describes the highly customizable and tailored cybersecurity trainings offered jointly by CDA and Asseco.

1. Regular Trainings

1.1 Essential Services Manager / Auditor

Duration: 3 days
Training format: Online Training, French/English
Ideal attendee profile: CISO, Security Auditor, CIO, Security Specialist, Security Manager

Course objectives:

  • The training allows you to understand:
  • Essential services, goals and risks;
  • Compliance, ISMS and BCMS requirements;
  • goals, implementation challenges and operation of ISMS, BCMS and Incident Response Team in an organization;
  • IT risk governance framework and risk management process;
  • roles of high management, operational management as well of internal audit department;
  • common issues related to the design and operation of business continuity plan, incident Response Team and information security controls are presented and discussed;
  • certification process.

This course covers issues through Togolese regulations and the ISO / IEC 27000 and 22301 family of standards.

Target Audience:

The training is addressed to persons:

  • accountable for essential services, information processing, information security, continuity, Incident Management, compliance as well as for the management system in organization;
  • responsible for information technology, information security, business continuity and incident response;
  • delivering professional assurance by IT audit, IT risk management or Information security processes.

Course content for 3 days:

  • Essential services;
  • ISO Management Systems;
  • Information Security and continuity – vocabulary;
  • ISO Management System – architecture;
  • Goals of compliance, ISO management systems, continuity and of information security;
  • Risk management and risk management in essential services;
  • Notification;
  • Requirements;
  • Implementation;
  • Maintenance;
  • Monitoring, Auditing, reporting.

Other Information:

Training method: on-line presentation, questions and answers – Webex Training Platform.
Training materials: each participant receives a set of electronic training materials.
Certification: participants receive an electronic diploma from Asseco Academy.

1.2 Implementing information security policy in organization

Duration: 5 days
Training format: Online / Onsite training, English/French
Ideal attendee profile: CISO, Security Auditor, CIO, Security Manager, Information Security Officers

Day I – Base of information security

  1. Preview – How to implement Information Security (IS) main technics:
    • Security audit/ Gap Analysis;
    • Penetration tests;
    • Risk Management;
    • Technical controls implementing (needs versus costs), types of controls;
    • Information Security Policy (ISP) creation and modification;
    • Incident response process;
    • Permanent management of IS – continuity of above-mentioned technics and improvement;
    • Relation to other ICT management processes (IT service management, Business Continuity Management).
  2. Compliance requirement:
    • Example of law existing in Togo and EU (GDPR, National cybersecurity system Act, business information protection);
    • Example of industry recommendations/requirements (PCI DSS).
  3. Review of most popular IS standards:
    • ISO/IEC 27001 – Information technology — Security techniques — Information security management systems — Requirements;
    • ISO/IEC 27002 – Information technology — Security techniques — Code of practice for information security controls;
    • ISO/IEC 27005 – Information technology – Security techniques – Information security risk management;
    • ISO/IEC 29134 Information technology – Security techniques – Guidelines for privacy impact assessment;
    • ENISA Guidelines on assessing DSP and OES compliance to the NISD security requirements;
    • OWASP Top 10.

Day II – Security Audit and Risk Management – 2 sides of the same coin

  1. ISO 19011 and ISO 17021 – base of auditing:
    • Main audit rules, technics, risks and traps;
    • How to create audit plan base on ISO/IEC 27001 using ISO/IEC 27006 recommendation.
  2. Risk Management approach recommended in ISO/IEC 27005 (assets, threats, vulnerabilities, strength of controls, impacts, probability of incidents).
  3. Risk Management approach recommended in ISO/IEC 29134.
  4. Review of risk assessment procedure (based on ISO/IEC 27005).
  5. Review of risk treatment procedure (based on ISO/IEC 27005).
  6. Review of Excel spreadsheet used to risk assessment and risk treatment.
  7. Review of risk management tools.

Day III – Practice of audit and risk management

  1. Organization definition for following exercises – type of activity, stakeholders, law, relation with customers and suppliers, organization structure.
  2. Exercise 1 – creation of audit plan and audit checklist.
  3. Evaluation and discussion.
  4. Exercise 2 – performing of risk assessment base of proposed Excel spreadsheet:
    • Risk analysis;
    • Risk evaluation.
  5. Evaluation and discussion.
  6. Exercise 3 – performing risk treatment.
  7. Evaluation and discussion.

Day IV – Information Security Policy

  1. Hierarchy of ISP document – policies, standards, guidelines, procedures, instructions. How to fit ISP to current customer.
  2. Examples of ISP Declaration.
  3. Example of ICT Security Policy.
  4. Example of User Security Policy.
  5. Process approach:
    • Access management;
    • Monitoring process;
    • Security incident management;
    • Change management;
    • Configuration management;
    • Business continuity management;
    • Compliance management;
    • Security Audit & Penetration Testing;
    • Asset identification and classification;
    • Human resources management;
    • ISP documentation management.
  6. Examples of procedures/standards e.g.:
    • User access management procedure;
    • SIEM monitoring procedure;
    • Security events reporting procedure;
    • Security incidents & breach response procedure;
    • Change management procedure (several type of changes);
    • Configuration documentation procedure;
    • Backup procedure with technical instructions;
    • Security audit planning and documentation procedure;
    • Classification standard;
    • ISP change management procedure.

Day V – Practice of ISP creation

  1. Organization definition for exercise – type of activity, stakeholders, law, relation with customers, organization structure.
  2. Exercise – Creation ISP documents by students:
    • ISP document;
    • Procedures.
  3. Evaluation and discussion.

2. Advanced special purpose trainings

2.1 Open Source Intelligence (OSINT) Training

Duration: 1 day
Max participants: 8
Training format: Onsite, English/French
Ideal attendee profile: Security Analyst, CISO, Security Specialist, Security Engineer

The training consists of two modules: theoretical and practical. Its main goal is to teach listeners practical OSINT skills on real-life examples.

Introduction to OSINT

  • This part will provide listeners with a gentle introduction to the topic of OSINT. We will define Open Source Intelligence and its place in the modern world.
  • The question of OSINT process automation will also be addressed.

Initial Information Gathering: IP addresses, Domain Names

  • Tools: host, whois, theHarvester, SecurityTrails, bing.com

Google Dorking and web archives

  • Tools: web.archive.org, google.com, DNS Trails

Social Media analysis

  • Finding information about phone number with TrueCaller
  • Social Media profiles analysis

Geolocation and image metadata

  • Reverse image search, images metadata exfiltration
  • Tools: BeerApp, FlightRadar

Cryptocurrencies

  • Tracking BTC/ETH transactions

2.2 Testing web applications

Duration: 5 days
Max participants: 8
Training format: Onsite, English/French
Ideal attendee profile: Security Analyst, CISO, Security Specialist, Security Engineer, Web Application Developers

Learn to test security of Web applications. Discover basics of Kali Linux and other tools needed for web applications’ security testing. You will learn about the vulnerabilities related to web applications, how to exploit them and how to eliminate them.
You will learn about advanced, latest and more niche attacks in theory and practice, new attack tools and techniques and vulnerabilities in programming languages, vulnerabilities in real web applications and basics of cryptography.

2.3 Operational Security (OPSEC) Training

Duration: 2 days
Max participants: 8
Training format: Onsite, English/French
Ideal attendee profile: Security Analyst, CISO, Security Specialist, Security Engineer, Security Manager

OPSEC workshop covers wide range of the following operational security topics:

  1. unknowingly generated excessive data as a side effect of using certain technologies;
  2. defining computer-related risks to the security of organization;
  3. techniques to evade threat actors;
  4. secure operations on potentially malicious files;
  5. hiding operations by using proxies (TOR, VPN);
  6. e-mail headers analysis – capability of spoofing and verifying the sender;
  7. domain spoofing and phishing techniques;
  8. encryption of drives, attachments, and communication;
  9. securely erasing the data;
  10. real-life examples of missed OPSEC implementations.

Workshop comprises lectures and exercises held in English. It aims to raise staff awareness, develop operational planning skills, deepen knowledge about commonly used tools and acquire practical skills.

2.4 Introduction to cryptocurrencies

Duration: 2 days
Max participants: 8
Training format: Onsite, English/French
Ideal attendee profile: Security Analyst, CISO, Security Specialist, Security Manager

The basics of how Bitcoin protocol works.
Cryptocurrency anonymity.
Cryptocurrency community and economy.
Quick introduction to smart contracts.
Quick introduction to DeFi (Decentralized Finance).

2.5 Introduction to TOR and Darknet

Duration: 2 days
Max participants: 8
Training format: Onsite, English/French
Ideal attendee profile: Security Analyst, CISO, Security Specialist, Security Engineer.

The basics of how TOR protocol works.
TOR hidden services overview.
Security of TOR users and service providers.
Darknet in the real world.

3. Forensics Trainings

3.1 EnCase Acquisition, FTK Imager, Axiom – Foundation for Specialists

Duration: 2 days
Max participants: 8
Training format: Onsite, English/French
Ideal attendee profile: Security Analyst, Forensic Specialist, Security Specialist, Security Engineer.

The “Practical computer forensics – Specialist” training is an introduction to the educational path “computer forensics”. The training is divided into a theoretical part, during which participants are familiarized with the best practices of computer forensics. The practical part of the course focuses on providing students with knowledge about the methods of extracting, securing and analyzing data. It also includes a practical presentation of methods of preparing the environment for analysis, acquiring digital information and learning about the techniques of searching for the so-called fugitive/unstable traces.

3.2 EnCase Forensic for Professionals

Duration: 2 days
Max participants: 8
Training format: Onsite, English/French
Ideal attendee profile: Security Analyst, Forensic Specialist, Security Specialist, Security Engineer
Prerequisites: completed training on Foundation level.

The “Practical computer forensics – Professional” training is dedicated to people who participated in the training at the Specialist level. The subject of the course mainly includes the analysis of user activity (browsed websites, opened files) and determining their identity and the equipment they use. During the training, the following issues will be discussed in-depth: verification of e-mail messages, their content, origin and how to read data from e-mail programs. Each stage of the training will be completed with an analysis of the results obtained.

3.3 EnCase Acquisition, FTK Imager, Axiom for Experts

Duration: 2 days
Max participants: 8
Training format: Onsite, English/French
Ideal attendee profile: Security Analyst, Forensic Specialist, Security Specialist, Security Engineer
Prerequisites: completed training on Professional level.

The “Practical computer forensics course – Expert” training is intended for people who participated in the training at the Specialist and Professional levels. During the practical classes, participants will learn the methods of checking which applications and when they were run, will analyze disks and files in order to extract data from them. The training also provides knowledge in the field of Windows password recovery and matrix reconstruction, which is critical when analyzing network resources. Techniques for obtaining information from the Windows swap file will be presented. The lecturers will also demonstrate how to recover thumbnails of files that may prove crucial during the investigation.

3.4 XRY, XAMN – Foundation for Specialists

Duration: 2 days
Max participants: 4
Training format: Onsite, English/French
Ideal attendee profile: Security Analyst, Forensic Specialist, Security Specialist, Security Engineer.

The “Mobile devices analysis training – Basic level” training. The acquired knowledge and skills will allow you to independently secure various types of mobile devices (smartphone / feature phone) in accordance with the best practices of computer forensics.

3.5 XRY, XAMN, PinPoint for Professionals

Duration: 1 day
Max participants: 4
Training format: Onsite, English/French
Ideal attendee profile: Security Analyst, Forensic Specialist, Security Specialist, Security Engineer
Prerequisites: completed training on Foundation level.

The “Mobile devices analysis – Professional level” training is an extension of the Specialist level. The training offers to acquire advanced knowledge in the field of mobile forensics and practical adaptation of the participant to perform independent investigative analyzes. During the classes, the possibilities of recovering deleted data and an advanced, in-depth analysis of the read information are shown.

3.6 XRY, XAMN, Service Boxes [RiFF Box, Medusa Pro, ATF], ADB, EDL for Experts

Duration: 1 day
Max participants: 4
Training format: Onsite, English/French
Ideal attendee profile: Security Analyst, Forensic Specialist, Security Specialist, Security Engineer
Prerequisites: completed training on Professional level

The “Mobile device analysis – Expert level” training is dedicated to people who participated in the training at the Specialist and Professional levels. During the course, each participant will learn a very advanced analysis of mobile devices and acquire an expert tool, practical skills in the area of mobile forensics. The training provides advanced knowledge in the field of data recovery from mobile devices and creating electronic reports. In addition, it shows the possibility of bypassing the codes of mobile device locks and alternative, possibilities of accessing data stored in the memories of these devices.

4. Cybersecurity Exercises & Games

4.1 Cybersecurity exercises

Cybersecurity exercises are one of the most effective forms of preparing an organization to respond to threats. They allow to achieve and maintain a high level of knowledge and practical skills. They develop, strengthen and improve habits that are necessary for the management process in the field of crisis management by individuals and teams functioning at all levels of an organization. Exercises are simulating a major incident throughout the organization and verifying the organization’s ability to manage it effectively. The entire organization takes part in the exercise (from the IT security team through, among others, the legal department, HR and PR departments, to a board member). They verify the ability of the entire organization to effectively respond to a serious incident, its level of preparation to function during the incident, the ability to use the opportunities resulting from cooperation with external entities and the ability to fulfill legal obligations to perform specific actions. Additionally, they enable the decision makers to make the right choices on effective forms and methods of operation in a variety of situations, especially in making and implementing certain decisions and managing subordinate cells. Asseco prepares the complete scenario of the exercise according to the customer’s needs as well as develops all required forms of communication during the exercise. All tasks and technical infrastructure – if required according to the goals and scenario – will also be prepared. As the result, a complete report including recommendations for the organization will be delivered.

4.2 CERT Games

Type: custom games designed according to Customer needs

Exercises involve competition in removing threats in a realistic IT system and managing emerging security incidents. They are designed for IT security teams (SOC / CERT) to prepare them to respond to a threat. These exercises develop the ability to work under stress, competence in incident and vulnerability management as well as develop a culture of cooperation in security teams. Asseco prepares the complete scenario of the exercise – most often it is based on a simulation of an IT security incident. A technical introduction including the need of malware or logs analysis, as well as other technical activities of the security team, will be provided. The results will be presented in a report.

4.3 CERT CTF

Type: standard CTF designed according to Customer needs

Classic Capture the Flag exercise. Exercises involve competition of small groups IT security professionals (up to 3 members). The goal is to solve technical tasks in the field of network and information security. There are different categories of tasks available with one flag each. Some of them involve offline analysis of files, while the others require to connect with services in the infrastructure prepared for exercises. The categories of tasks include e.g. CERT, Forensic, Network, Web, Crypto, Bin, mobile. Asseco will provide the tasks, exercise platform and a presentation of the results. The final presentation will include descriptions and explanations of the solution for individual tasks. As an option we also offer assistance of trainers during the exercise – they will answer the questions of attendees and direct them to the right solution