SCORE 4/5 by Smals Colleagues Ce cours est un des supports utilisés dans le cadre du programme de sensibilisation à la sécurité. Le contenu a pour but de décrire les actions que tout le monde peut entreprendre pour améliorer la sécurité de l'information. Recommended by Smals Experts //

SMALS STANDARDS L'équipe IAM, à savoir Identity & Access Management, ainsi que la cellule Network Security vous sont présentées. Les deux équipes sont impliquées dans la pratique appliquée de la sécurité applicative chez Smals.

Les enregistrements de ce webinaire ne sont accessibles que pour les participants. 

SCORE 4/5 by Smals Colleagues Cybersecurity doesn’t fall solely within your IT department's purview. If you own a smartphone, work on a computer, or use the internet, then you're exposed to a variety of complex security risks on a constant daily basis. In this course, instructor Caroline Wong details what these threats are and what you can do about them—both to protect yourself and your organization. In a series of engaging scenarios, Caroline shines a spotlight on some of the most common security risks you'll encounter in your personal and work life, as well as how to mitigate them. Learn how to identify and avoid phishing, malware, counterfeit apps, and social engineering attacks. Plus, get tips on adhering to cybersecurity best practices for wireless networks, online accounts, software, intellectual property, and more. By the end of this course, you’ll also be prepared to stay safe online as a remote or hybrid worker. Topics include: Ce cours n´est disponible qu´en anglais. Si ce n´est pas un problème pour vous, soumettez votre demande. This course is in French only. If this is not a problem for you, by all means go ahead and apply. Demande de formation

Ce cours donne un aperçu des différentes réglementations dans le domaine de la vie privée et de la sécurité des systèmes d'information, tant générales que spécifiques à la sécurité sociale et à la santé (SZ&G). Le grand nombre de réglementations à différents niveaux (européen, fédéral, régional) et les différentes organisations concernées en font une question complexe. De plus, la vie privée et la sécurité sont un domaine en pleine évolution. Ce cours n'est donc pas conçu comme un ouvrage de référence, qui vise à être complet. Il est conçu comme un point de départ pour une étude plus approfondie par les personnes intéressées et est utile pour mettre en pratique le principe de "protection des données par conception & par défaut". Pour en savoir plus, consultez la présentation sur la "data protection by design & by default". Le cours lui-même est, en plus d'une introduction, structuré en 7 sessions, couvrant des domaines spécifiques de la vie privée et de la sécurité.

Deze infosessie  gaat over het thema ‘privacy & security aspecten van informatie systemen’. Tijdens deze sessies hebben we het specifiek over de ‘data protection impact analysis’ (DPIA), de gegevens-beschermings-effect-beoordeling.

Want to keep your interconnected systems and data safe? In this course, Lisa Bock covers network security and securing an organization's infrastructure. Lisa introduces security devices such as firewalls and honeypots. In addition, she reviews the importance of isolating networks with VLANS and NAT addressing, along with a review of common security protocols. She also provides overviews of how to protect clients with antivirus software, encrypt folders and files, implement software restriction policies, and secure your cloud services. Finally, she looks at the often-overlooked topic of physical security, which includes securing a building's perimeter and the hardware within. Topics include: Ce cours n´est disponible qu´en anglais. Si ce n´est pas un problème pour vous, soumettez votre demande. This course is in French only. If this is not a problem for you, by all means go ahead and apply. Demande de formation

Wireless networks are convenient and popular, but poor configuration and encryption leave them open to attack. Hackers can use Wi-Fi vulnerabilities to infiltrate your entire network. Security professionals need to know how to detect, prevent, and counter these kinds of attacks using the latest tools and techniques—the subject of this course with cybersecurity expert Malcolm Shore. Malcolm covers everything from configuring basic security to understanding how hackers extract passwords, harvest connections at rogue access point, and attack networks via Bluetooth. He also explains how to select the right antennae for testing and introduces some sophisticated Windows and Linux tools to scan for vulnerabilities, including Acrylic, Ekahau, and Wireshark. By the end of the course, you should be able to shore up your wireless connections and gain confidence that your local network is safe to use. Note: This course is part of our test prep series for the Certified Ethical Hacker exam. Review the complete exam objectives at https://www.eccouncil.org/programs/certified-ethical-hacker-ceh/. Topics include: Selecting an antenna Configuring security Extracting WEP and network passwords Testing passwords Harvesting connections from rogue access points Attacking networks via Bluetooth Capturing wireless packets with Acrylic Wi-Fi Heat mapping with Ekahau Wi-Fi sniffing with Wireshark Testing the Internet of Things Ce cours n´est disponible qu´en anglais. Si ce n´est pas un problème pour vous, soumettez votre demande. This course is in French only. If this is not a problem for you, by all means go ahead and apply. Demande de formation

Ethical hacking tests the strength of an organization's defenses and is a desired skill for any IT professional. In this course, security expert Lisa Bock explains how to protect data in a digital world and covers the basics of Information security. She begins by discussing how to layer defenses and outlines the power of using adaptive security controls. Lisa describes how artificial intelligence can help early threat detection and explains the benefits of MITRE ATT&CK, which provides tools and techniques specific to the ethical hacking process. She then stresses the need to maintain a vigilant posture, by using threat modeling and cyber threat intelligence. Lisa also provides an overview of the various hacker frameworks and reviews the laws and standards that define best practice behavior. She concludes by covering why it’s essential to perform ethical hacking, examines attack types and motives, lists the main hacking phases, and outlines the desired skills of an ethical hacker. Topics include: Ce cours n´est disponible qu´en anglais. Si ce n´est pas un problème pour vous, soumettez votre demande. This course is in French only. If this is not a problem for you, by all means go ahead and apply. Demande de formation

Social engineering is a technique hackers use to manipulate end users and obtain information about an organization or computer systems. In order to protect their networks, IT security professionals need to understand social engineering, who is targeted, and how social engineering attacks are orchestrated. In this course, cybersecurity expert Lisa Bock discusses the methods a hacker might use, including embedding malicious links and attachments in emails and using mobile devices and social media to deploy an attack. She discusses the concept of "misuse of trust"—how hackers use charm, power, and influence to penetrate an organization—and why you need to be extra cautious with the disgruntled employee. Finally, Lisa discusses countermeasures security professionals can take to address these attacks. Note: This course maps to the Social Engineering competency of the Certified Ethical Hacker exam. You can review the exam objectives on the official EC-Council website. Topics include: Visualizing the victim Recognizing an attack Using charm, power, and influence Manipulating with social media Preventing insider attacks Stealing identities Pen testing with social engineering Taking countermeasures Ce cours n´est disponible qu´en anglais. Si ce n´est pas un problème pour vous, soumettez votre demande. This course is in French only. If this is not a problem for you, by all means go ahead and apply. Demande de formation

Though technology changes rapidly, the need to assure the confidentiality, integrity, authenticity, and accountability of information does not. Understanding the basics of cryptography is fundamental to keeping your networks, systems, and data secure. In this course, Lisa Bock reviews the historical and present-day uses of encryption, including techniques such as symmetric and asymmetric encryption, algorithms, and hashing. She also reviews message digest and passwords and discusses practical ways to apply cryptography to ensure data security and integrity. By the end of this course, you'll have a solid understanding of what it takes to move and store data securely. Topics include: Ce cours n´est disponible qu´en anglais. Si ce n´est pas un problème pour vous, soumettez votre demande. This course is in French only. If this is not a problem for you, by all means go ahead and apply. Demande de formation

In this course, you will learn to: ● Secure your computer, your network, and your data from 99% of all attacks on the Internet ● Find and fix weaknesses and harden your computer's security ● Keep yourself safe online, at home, at school, or at work ● Test for security vulnerabilities using the tricks the bad guys use ● Avoid phishing, viruses, ransomware, and online scams Demande de formation //

FREE GDPR and Incident Response Templates & Documentation - Practical GDPR and Incident Response Blueprint. In this course, you will learn to:● Understand what incident response is ● Will have a list of incident response tools and resources ● Will have a list of templates to use ● Will have a list of incident response playbooks Demande de formation //

Mobile devices are used for our most sensitive transactions, including email, banking, and social media. But they have a unique set of vulnerabilities, which hackers are all too willing to exploit. Security professionals need to know how to close the gaps and protect devices, data, and users from attacks. Join cybersecurity expert Malcolm Shore as he explores the two dominant mobile operating systems, Android and iOS, and shows ways to protect devices through analysis and testing. Watch this course to review the basics of mobile OS models, the toolsets you need for testing, and the techniques for detecting and preventing the majority of security flaws. These methods are recognized by EC Council as integral part of those looking to earn their Certified Ethical Hacker certification. The complete CEH BOK can be found at https://www.eccouncil.org/Certification/certified-ethical-hacker/CEH-What-You-Will-Learn. Topics include: Statistic and dynamic analysis of mobile applications Testing on Android Analyzing Android applications Securing iOS applications Jailbreaking iOS for command-line access Analyzing iOS apps Ce cours n´est disponible qu´en anglais. Si ce n´est pas un problème pour vous, soumettez votre demande. This course is in French only. If this is not a problem for you, by all means go ahead and apply. Demande de formation

Durée de la formation : 2,22hEthical hacking involves testing to see if an organization's network is vulnerable to outside attacks. It's one of the most desired skills in an IT security professional. In this course, security ambassador Lisa Bock guides you through the System Hacking competency from the CEH Body of Knowledge. Find out how hackers are able to hack into a system and gain access. Learn about privilege escalation, keyloggers, and spyware. Plus, explore countermeasures that IT security professionals can take to prevent these attacks.Topics include:Ce cours n´est disponible qu´en anglais. Si ce n´est pas un problème pour vous, soumettez votre demande. Demande de formation

Diving into cryptography with The Alpha Geek and Total Seminars team. Learn cyber security and ethical hacking. In this course, you will learn to: ● Define cryptography and the key role it plays in protecting our digital data ● Find out how Web sites use certificates to make sure our usernames, passwords, credit card numbers, and other personal data stay secure ● Understand ciphers, binary, hashing, symmetric and asymmetric cryptosystems, digital signatures and certificates, and public key infrastructure ● Learn how hashing helps us to be certain the data we receive or download is legitimate ● Prepare for the CompTIA Security+ exam by better understanding cryptography and PKI, one of the six exam domains Demande de formation //

This course follows a proven methodology for conducting thorough and effective technical security audits and assessments based on guidelines from NIST. Learn how to develop the testing methodology essential for technical security reviews. Discover how to identify and analyze targets, use key technical testing tools, identify and mitigate findings, and more. Performing technical information security audits and assessments is essential to protecting information assets. By the end of this course, you'll know how to determine if your network is secure. Topics include Cite the three phases of external security assessments. Explain the reasons for conducting a log review. Explain what network sniffing is and why it’s used. Describe when to use a file integrity checking tool. Differentiate between active network discovery and passive network discovery. Explain how to scan for vulnerabilities. Relate the three techniques useful for validating target vulnerabilities. Explain the four-stage methodology of conducting penetration tests. Ce cours n´est disponible qu´en anglais. Si ce n´est pas un problème pour vous, soumettez votre demande. This course is in French only. If this is not a problem for you, by all means go ahead and apply. Demande de formation

Cybersecurity can be daunting because of its technical complexity and the ever-changing threats to individuals and organizations. And more than ever, cybersecurity also is a core business function for organizations of all kinds. Just like other business issues—like finance, legal, or human resources—cybersecurity has its own set of external policies, laws, rules, established practices, and resources for getting help. Getting to know these policies and resources better across your organization—and not just within your IT department—can be hugely beneficial to your company. This course seeks to make key cybersecurity policies and resources clear and understandable—whether you work in IT, in business, or are just interested in how information security fits in with our public policies and laws. Join instructor Gregory Michaelidis to improve your personal or organizational cybersecurity with grounding in the latest regulations, governmental authorities, and resources available. Topics include: Ce cours n´est disponible qu´en anglais. Si ce n´est pas un problème pour vous, soumettez votre demande. This course is in French only. If this is not a problem for you, by all means go ahead and apply. Demande de formation

The number of IoT (Internet of Things) devices deployed is increasing exponentially, which presents significant security challenges. In this course, Lisa Bock covers topics related to the IoT and OT hacking domain from the CEH body of knowledge. Lisa dives into the myriad of security challenges that the IoT faces, highlighting the importance of conducting ethical hacking to unearth vulnerabilities within IoT and operational technology (OT) devices. The course covers strategies for managing OT and industrial control systems (ICS). Furthermore, Lisa outlines methods for executing attacks on IoT/OT systems along with ways to safeguard systems against potential attacks, to ensure participants are well-equipped to protect these technologies. To help apply these concepts, Lisa provides a list of resources for best practice frameworks and guidance on securing IoT/OT systems. At the end of the course, you will have a robust arsenal to navigate the complex landscape of IoT security. Topics include: Ce cours n´est disponible qu´en anglais. Si ce n´est pas un problème pour vous, soumettez votre demande. This course is in French only. If this is not a problem for you, by all means go ahead and apply. Demande de formation

APIs are a crucial business driver for delivering data to your applications. In this course, learn about various options for securing your RESTful API that can help you keep your application data—and your users—safe. Instructor Emmanuel Henri begins the course with an overview of top security threats and an introduction to the Open Web Application Security Project (OWASP), an important resource on security. He then steps through how to set up and secure a Node and Express API, including how to add handlers for registration and login, finalize secured endpoints, and test your finalized API. To wrap up, he shares a few alternatives for securing APIs. Topics include: Open Web Application Security Project (OWASP) Reasons for using a JSON Web Token (JWT) Adding bcrypt password hashing Adding handlers for registration and login Finalizing secured endpoints Testing APIs with Postman Ce cours n´est disponible qu´en anglais. Si ce n´est pas un problème pour vous, soumettez votre demande. This course is in French only. If this is not a problem for you, by all means go ahead and apply. Demande de formation

Security is a major concern in the DevOps world. There is a constant push for companies to move more quickly, and security teams struggle to keep up with testing. This has led to the rise of a new field: DevSecOps. This course introduces the concept of DevSecOps and explains how an organization can build out a DevSecOps program that helps teams integrate security into the application development pipeline. Learn about the role of APIs, containers, security as code, and automation, and how a continuous integration and delivery framework can help your organization run security tests as often as developers want. Instructor Tim Chase also introduces some free tools and resources for starting your DevSecOps journey. Topics include: Recognize which groups make up DevOps. Identify what should be included in the DevSecOps process. Explain how API and security testing function. Indicate the challenges and benefits of CI/CD. Recognize the central repository for containers. Describe how to secure IaC. Identify where DevSecOps test results are placed. Ce cours n´est disponible qu´en anglais. Si ce n´est pas un problème pour vous, soumettez votre demande. This course is in French only. If this is not a problem for you, by all means go ahead and apply. Demande de formation

Learn how to configure a Cisco switch to connect and control resources on your network. Join Denise Allen-Hoyt in this course, as she explores the Cisco command-line interface using an out-of-band connection with a cable and terminal program. Denise shows how to access the switch's three modes—user EXEC, privileged EXEC, and global configuration—and use commands to configure essential settings. After addressing the switch and configuring a default gateway, Denise explains how to modify individual port modes, secure those ports, and create and manage virtual LANs (VLANs). In the final chapter, she shows how to verify your settings and reset the switch if necessary. Topics include: Accessing a switch Configuring the terminal program Configuring a switch hostname Saving and viewing configurations Securing access Encrypting passwords Assign an IP address to a switch Exploring port modes and security Creating VLANs Resetting a switch Ce cours n´est disponible qu´en anglais. Si ce n´est pas un problème pour vous, soumettez votre demande. This course is in French only. If this is not a problem for you, by all means go ahead and apply. Demande de formation

Most people have heard of RESTful APIs, but the underlying concept—representational state transfer (REST)—still causes confusion. REST is all about modeling resources that change. RESTful APIs use REST architecture along with HTTP requests to transfer data and changes in application state between clients and servers. This course breaks down the principles of RESTful design and show how to build secure RESTful APIs on top of ASP.NET Core. Nate Barbettini answers questions such as: What is RESTful design? How do you perform RESTful routing? How can you build reusable classes to represent resources? What role does caching play? And how do you secure RESTful APIs? He also covers topics such as data modeling, hypermedia relationships, and authentication and authorization. By the end of the course, you should know the basics—how to properly request and return data in ASP.NET Core—and the best practices for building secure and scalable APIs to serve web clients, mobile clients, and beyond. Topics include: What is RESTful design? Building a new API with ASP.NET Core Using HTTP methods Returning JSON Creating RESTful routing with templates Versioning Securing RESTful APIs with HTTPS Representing resources Representing links Representing collections Sorting and searching collections Building forms Adding caching to an ASP.NET Core API Configuring user authentication and authorization Ce cours n´est disponible qu´en anglais. Si ce n´est pas un problème pour vous, soumettez votre demande. This course is in French only. If this is not a problem for you, by all means go ahead and apply. Demande de formation

Are you looking to learn the basics of configuring a firewall to secure your Cisco network? In this course, security ambassador Lisa Bock focuses on the most essential Cisco firewall technologies. Explore the core concepts of a firewall, what it is, and how it works in a variety of distinct security contexts, as Lisa shows you how to configure a basic firewall, choosing the option that’s best for you. Learn about stateless, stateful, and application firewalls with best practices for deploying each. Discover the essentials of managing access control lists, implementing network address translations on Cisco ASA, and identifying when and how to leverage a zone-based firewall to monitor traffic between internal and external zones. In closing, Lisa takes a closer look at some of the key features available on the Cisco ASA, such as the basics of access management, the Cisco Modular Policy Framework, high availability technology, and the Hot Standby Router Protocol (HSRP). Topics include: Ce cours n´est disponible qu´en anglais. Si ce n´est pas un problème pour vous, soumettez votre demande. This course is in French only. If this is not a problem for you, by all means go ahead and apply. Demande de formation

Hackers target PHP web applications more often than other sites because most PHP code is written by developers with little security experience. Protecting web applications from these attacks has become an essential skill for all PHP developers. PHP: Creating Secure Websites shows you how to meet the most important security challenges when developing websites with PHP. Instructor Kevin Skoglund covers the techniques and PHP code needed to develop sites that are more secure, and to avoid common mistakes. Learn how to configure PHP properly and filter input and escape output. Then check out step-by-step defenses against the most common forms of attack, including cross-site scripting and SQL injection. Ce cours n´est disponible qu´en anglais. Si ce n´est pas un problème pour vous, soumettez votre demande. This course is in French only. If this is not a problem for you, by all means go ahead and apply. Demande de formation

En tant que responsable de la sécurité ou DSI, vous devez mettre en place une politique de cybersécurité pour répondre aux menaces qui pèsent sur votre informatique. Pour cela, Pierre Cabantous vous propose de faire un tour de la cybersécurité en entreprise. Dans ce cours, vous étudierez la démarche d'un pirate, avant et après l'intrusion dans un système, à la suite de l'exploitation d'une vulnérabilité. Vous verrez comment gérer ces vulnérabilités par rapport à un niveau de risque que vous apprendrez à calculer. Vous aborderez aussi une des principales menaces encourues aujourd'hui par tout service accessible en ligne : les attaques par déni de service. Puis vous découvrirez comment protéger votre organisation aux niveaux technique et organisationnel, en suivant des bonnes pratiques, des process ainsi que des normes européennes comme le RGPD. Topics include: Ce cours n´est disponible qu´en anglais. Si ce n´est pas un problème pour vous, soumettez votre demande. This course is in French only. If this is not a problem for you, by all means go ahead and apply. Demande de formation