- Consultant-Expert in Governance, Security, Business Continuity and Information Systems Management.
- Certification auditor for certification bodies – Accredited by COFRAC.
- Member of the BCI “Business Continuity Institute” North & West Africa (24 years of experience).
Description
“Cybersecurity and information systems management”
Who is this training for?
This training is aimed at information systems directors, IT network managers, information systems audit managers and risk management managers.
The highlights of this training are:
• A clear and precise decryption of the points included in the program for the two days;
• Rich, structured, synthetic and practical content for immediate implementation within your company or for improving your internal organization in terms of risk management and incidents related to cybersecurity.
Objectives and skills targeted:
Cybersecurity is a set of processes, tools, and frameworks designed to protect networks, devices, programs, and data from cyberattacks. Cybercriminals launch such attacks to gain unauthorized access to computer systems, disrupt business operations, modify, manipulate, or steal data, conduct industrial espionage, or extort money from victims.
Cyberattacks often result in financial or reputational damage, damage to IT infrastructure, and regulatory fines. To protect their valuable assets and data from hackers, businesses and individuals need a robust cybersecurity posture.
Governments, businesses, non-profit organizations, educational institutions, and individuals are all at risk of cyberattacks and data breaches. A cyberattack has multiple repercussions and its effects are catastrophic: damage to the company's image, business shutdown, loss of confidential information, etc. Its financial impact is likely to cause irreparable harm to the company.
In the future, the number of attacks will multiply, with the evolution of digital technologies, the increase in the number of devices and users, increasingly complex global supply chains, and the increasingly strategic role of data in the digital economy. To minimize the risk of an attack and to secure systems and data, a strong cybersecurity posture becomes vital.
Enterprise cybersecurity is a more complex approach than traditional cybersecurity, and involves protecting all corporate resources, both on-premises and in the cloud. It also involves other aspects:
• Verification of third-party vendors and their security controls;
• Understanding of the risk environment;
• Implementation of strong access controls across the enterprise;
• Assessment of existing vulnerabilities and threats;
• Regular data backup;
• Protection of resources against unauthorized access or data leakage;
• Implementation of a correction plan.
Although the terms cybersecurity and information systems (IS) security are often used interchangeably, they do not cover exactly the same reality because each corresponds to different types of security. The terms computer security and cybersecurity are also often confused.
Computer security is the protection of computer resources such as terminals, databases, servers, networks and data to prevent unauthorized access, and therefore the risk of misuse or theft. It is a holistic process that focuses on how corporate data is managed on a daily basis. These attacks can come from inside or outside a company.
Information systems security refers to the protection of the confidentiality, integrity and availability of data by preventing unauthorized access, modification, manipulation or destruction.
Cybersecurity is a “subset” of computer security. It aims to protect resources from hacking or cyberattacks, that is, threats originating from or occurring via the Internet.
All companies, regardless of their size and sector of activity, are concerned by cybersecurity. Spreading a true culture of cybersecurity in companies is even one of the major objectives of companies that operate in a high-tech environment. Today, the question is no longer whether your company will suffer a cyberattack, but when it will occur. Faced with the growing cyber risk year after year, companies must act with full awareness to prevent and no longer cure.
Teaching methods:
• Our training courses are punctuated with practical cases and concrete examples, combined with technical knowledge;
• Our teaching methods encourage interactivity between participants and speakers;
• Support is provided to each participant at the start of the training and is available in the online educational space.
Teaching methodology:
• Theoretical presentations to establish basic concepts.
• Interactive discussions and case studies to contextualize issues in Morocco and internationally.
Please note:
To guide the discussions, it is recommended that you send us your questions by email before the seminar to the address mentioned on the registration form.
Training evaluation:
• Attendance sheet to be signed by participants and the speaker per training day;
• Hot evaluation of the training action, by the participants, at the end of the seminar;
• Provision of an individual training certificate upon request.
Program
Morning
1. General introduction to cybersecurity
• Definition and importance of cybersecurity- Availability, integrity and confidentiality
- Vulnerability, threat and risk
• Global impact of cybersecurity for businesses and individuals
2. Legal and regulatory framework for cybersecurity:
• National legal framework (Morocco): Analysis of Moroccan cybersecurity laws, such as law 09-08 on the protection of personal data, law 05-20 on cybercrime, etc.• International legal framework: International conventions, such as the Budapest Convention, and their impact.
• National and international regulatory framework: ISO standards (ISO/IEC 27001 for information security, ISO/IEC 27032 for cybersecurity), NIST, CIS Controls, etc.
3. Cybersecurity Fundamentals: Concepts and Threats:
• Key Principles of Cybersecurity:- Zero Trust: Never trust, always verify.
- Least Privilege: Give only the necessary rights.
- Segregation of Duties: Avoid conflicts of interest in processes.
- Defense in Depth: Multiplying layers of security
• Risk management:
- Presentation of the risk management process
→ Risk identification.
→ Evaluation and classification.
→ Risk treatment (mitigation, transfer, acceptance, avoidance). Communication, monitoring and review.
- Role of IT participants
→ Identification of technical vulnerabilities (scans, audits).
→ Prioritization of risks according to their technical and business impact.
→ Proactive communication with stakeholders.
- Raising awareness among management controllers
→ Importance of financial support for security projects.
→ Justification of security investments (ROSI, reduction of potential losses).
→ Strategies for integrating security into annual budgets.
- Involvement of Top Management
→ Strategic alignment.
→ Mobilization of resources.
→ Creation of a safety-oriented corporate culture.
Afternoon
4. Security checks
• Recognition of common threats and associated means of protection:- Phishing and Spear Phishing;
- Malwares and Ransomwares;
- Internal threats (Insider Threat);
- Vulnerabilities in software;
- Denial of Service (DDoS) attacks.
• Operating system protection:
- Vulnerability management, updates, basic security configuration.
• Configuring Secure Networks:
- VPN;
- Segmentation;
- Best practices for Wi-Fi.
• Firewall and security device management:
- Configuration and importance of IDS/IPS.
• Encryption of sensitive data:
- Notions of symmetric and asymmetric encryption;
- Importance of SSL certificates.
• Data management policies:
- Backups;
- Access management;
- Secure deletion.
• Practical workshop: Complete scenario of a fictitious entity that has been the victim of a cyber-attack (Spear Phishing with exfiltration of confidential data resulting in damage to the entity's reputation).
5. Questions and answers and conclusion of the day
• Questions from participants, review of the key concepts of the dayMorning
6. Data security and privacy protection
• Privacy legislation: GDPR, law 09-08 in Morocco, and their practical applications.• Data classification:
- The interest of data classification;
- Common classification categories;
- Roles of stakeholders (General Management, RSSI, IT, Business Managers and users).
7. Threat and incident management
• Identification and response to cyber attacks: Intrusion analysis and detection techniques;• Threat detection mechanisms: Presentation of monitoring and alerting tools;
• Incident Response Plans: Preparation of an emergency plan, roles and responsibilities.
Afternoon
8. Cloud Security and Emerging Technologies
• Securing cloud services: Types of cloud, sharing of responsibility (customer/provider), best practices.• Security of connected objects: Risks and solutions specific to IoT in a Moroccan and international context.
• Future trends:
- Artificial intelligence in cybersecurity
→ Use of AI by attackers:
* Automated and personalized phishing.
* AI-generated evolving malware.
* Vulnerability detection using Machine Learning (ML).
→ AI as a defense tool:
* Advanced threat detection using machine learning.
* Solutions based on predictive models to anticipate attacks.
* Current limitations of the use of AI in defense.
- Quantum Computing and Cybersecurity
→ The risks posed by quantum computing:
* Breaking current encryption systems (RSA, AES, ECC).
* Threats to encrypted transactions and communications.
→ Solutions to counter the quantum threat:
* Development of post-quantum encryption.
* Adoption of hybrid security protocols for a smooth transition.
• Group discussion: Impacts of emerging technologies on cybersecurity in Morocco and around the world.
9. Closing session and recommendations
• Summary of the two days: review of key points.• Recommendations for strengthening cybersecurity in Moroccan companies.
• Discussions and final questions: Space for questions, exchange of experiences and suggestions.
Intervenant(s)
Map
Nos Événements
Événements similaires
Site menu
Useful links
Contact Info
Phone : 0661-915614 / 0661-915706
Email: contact@qsm-consulting.ma
Location: 9 av LALLA YACOUT Apartment D, 5th floor, 20000 Casablanca, Morocco