Training is not a commodity – all training centres are not the same. Iverson Associates Sdn Bhd is the most established, the most reputable, and the top professional IT training provider in Malaysia. With a large pool of experienced and certified trainers, state-of-the-art facilities, and well-designed courseware, Iverson offers superior training, a more impactful learning experience and highly effective results.
At Iverson, our focus is on providing high-quality IT training to corporate customers, meeting their learning needs and helping them to achieve their training objectives. Iverson has the flexibility to provide training solutions whether for a single individual or the largest corporation in a well-paced or accelerated training programme.
Our courses continue to evolve along with the fast-changing technological advances. Our instructor-led training services are available on a public and a private (in-company) basis. Some of our courses are also available as online, on demand, and hybrid training.
The C|CISO Training Workshop is a premium Training & Certification program for aspiring Chief Information Security Officers that wish to penetrate the inner sanctum of Information Security Management and Leadership.
During the C|CISO Training Workshop, participants will be challenged to develop a business continuity plan for a company in a given industry and situation, use metrics to communicate cyber risk for different audiences, and describe how to align a given security program with the goals of the business in which it resides, among many other exercises. The challenges are aimed at helping aspiring leaders develop business acumen, practice on their managerial skills and further hone their technical expertise by diving deep into how security should be injected into the procurement process and how a CISO should manage budgets and assets.
The C|CISO course has certified leading information security professionals around the world and is the first of its kind training and certification program aimed at producing top-level Information Security Leaders. The C|CISO does not focus solely on technical knowledge but on the application of information security management principles from an executive management point of view. The program was developed by seasoned CISOs for current and aspiring CISOs. C|CISO Material assumes a high-level understanding of technical topics and doesn’t spend much time on strictly technical information, but rather on the application of technical knowledge to an information security executive’s day-to-day work.
The C|CISO aims to bridge the gap between the executive management knowledge that CISOs need and the technical knowledge that many aspiring CISOs have. This can be a crucial gap as a practitioner endeavors to move from mid-management to upper, executive management roles. Much of this is traditionally learned as on the job training, but the C|CISO Training Program can be the key to a successful transition to the highest ranks of information security management.
22-26 Apr 2024
7-11 Oct 2024
The CCISO program is for executives looking to hone their skills & learn to better align their information security programs to the goals of organization as well as aspiring CISOs. Other information security management certification programs focus on middle management. CCISO focuses on exposing middle managers to executive-level content as well as encouraging existing CISOs to continually improve their own processes & programs.
In order to sit for the CCISO exam, applicants that attend training must apply via the CCISO Eligibility Application showing 5 years of experience in at least 3 of the 5 CCISO domains (experience can be overlapping). Students who do not meeting the eligibility criteria for the CCISO exam can sit for the EC-Council Information Security Manager (EISM) exam & apply for the CCISO exam when they meet the requirements.
Domain 1 covers Policy, Legal, and Compliance issues involved in the executive management of an Information Security Program.
Domain 2 is concerned with Audit and Risk Management, including understanding your organization’s risk tolerance and managing accordingly.
Domain 3 covers many of the day-today aspects of the CISO job including project, technology, and operations management.
Domain 4 delves into the technology of the CISO’s role, but from an executive perspective.
Domain 5 covers Finance and Strategic management, some of the key skills that help CISOs rise to the level of their peer C-Level executives.
The C|CISO Exam was developed by practicing CISOs and based on the real-world scenarios professionals from across industries have faced while securing some of the most prestigious organizations in the world. Applicant’s knowledge in all five of the C|CISO Domains will be tested on the exam that focuses on scenario-based questions and requires applicants to apply their real-world experience in order to answer successfully. To that end, in order to qualify to sit for the C|CISO Exam after taking the C|CISO class, applicants have at least 5 years of information security experience in 3 or more of the C|CISO Domains. Any student lacking this experience may take the ECCouncil Information Security Management exam and earn the EISM certification. In order to sit for the C|CISO exam and earn the certification, candidates must meet the basic C|CISO requirements. Candidates who do not yet meet the C|CISO requirements but are interested in information security management can pursue the EC-Council Information Security Management (EISM) certification.
EXAM TITLE : EC-Council Certified CISO
EXAM CODE : 712-50
# OF QUESTIONS : 150
DURATION :2.5 Hours
AVAILABILITY : ECC Exam Portal
TEST FORMAT : Scenario-based multiple choice
PASSING SCORE : 72%
The Red Hat Certified Specialist in Identity Management exam (EX362) tests your knowledge, skills, and ability to create, configure, and manage Red Hat® Enterprise Linux authentication services and integrate those services with a variety of Red Hat and non-Red Hat products and technologies.
By passing this exam, you become a Red Hat Certified Specialist in Identity Management, which also counts toward becoming a Red Hat® Certified Architect (RHCA®).
This exam is based on Red Hat Enterprise Linux 7, Red Hat Satellite Server 6, Red Hat Ansible Tower 2, and Microsoft Windows 10 Active Directory.
These audiences may be interested in becoming a Red Hat Certified Specialist in Directory Services and Authentication:
The Red Hat Certified Specialist in Security: Linux exam validates your knowledge and abilities in securing Red Hat® Enterprise Linux®.
By passing this exam, you become a Red Hat Certified Specialist: Linux, which also counts toward becoming a Red Hat Certified Architect (RHCA®).
This exam is based on Red Hat Enterprise Linux version 7.5.
These audiences may be interested in becoming a Red Hat Certified Specialist in Security: Linux:
The Certified SOC Analyst (CSA) program is the first step to joining a security operations center (SOC). It is engineered for current and aspiring Tier I and Tier II SOC analysts to achieve proficiency in performing entry-level and intermediate-level operations.
CSA is a training and credentialing program that helps the candidate acquire trending and in-demand technical skills through instruction by some of the most experienced trainers in the industry. The program focuses on creating new career opportunities through extensive, meticulous knowledge with enhanced level capabilities for dynamically contributing to a SOC team. Being an intense 3-day program, it thoroughly covers the fundamentals of SOC operations, before relaying the knowledge of log management and correlation, SIEM deployment, advanced incident detection, and incident response. Additionally, the candidate will learn to manage various SOC processes and collaborate with CSIRT at the time of need.
Available upon request
Gain core knowledge and experience to successfully implement and manage security programs in this official (ISC)2 CISSP course
This course is the most comprehensive review of information security concepts and industry best practices, and covers the eight domains of the official CISSP CBK (Common Body of Knowledge). You will gain knowledge in information security that will increase your ability to successfully implement and manage security programs in any organization or government entity. You will learn how to determine who or what may have altered data or system information, potentially affecting the integrity of those asset and match an entity, such as a person or a computer system, with the actions that entity takes against valuable assets, allowing organizations to have a better understanding of the state of their security posture. Policies, concepts, principles, structures, and standards used to establish criteria for the protection of information assets are also covered in this course.
This five-day program is comprised of a total of eight domains and includes:
· Official (ISC)2 Guide to the CISSP Common Body of Knowledge® (CBK) (electronic format)
· Official (ISC)2 CISSP Training Handbook
· Official (ISC)2 CISSP Flash Cards
· CISSP Certification Exam Voucher
29 Jan 2024 - 2 Feb 2024
4-8 Mar 2024
15-19 Apr 2024
10-14 Jun 2024
22-26 Jul 2024
9-13 Sep 2024
11-15 Nov 2024
This training course is intended for professionals who have at least five years of cumulative, paid work experience in two or more of the eight domains of the (ISC)2 CISSP CBK and are pursuing CISSP training and certification to acquire the credibility and mobility to advance within their current information security careers. The training seminar is ideal for those working in positions such as, but not limited to:
Professionals with at least five years of experience and who demonstrate a globally recognized level of competence, as defined in the CISSP Common Body of Knowledge (CBK) in two or more of the eight security domains.
After completing this course, the student will be able to:
• Apply fundamental concepts and methods related to the fields of information technology and security.
• Align overall organizational operational goals with security functions and implementations.
• Determine how to protect assets of the organization as they go through their lifecycle.
• Leverage the concepts, principles, structures, and standards used to design, implement, monitor, and secure operating systems, equipment, networks, applications, and those controls used to enforce various levels of confidentiality, integrity, and availability.
• Apply security design principles to select appropriate mitigations for vulnerabilities present in common information system types and architectures.
• Explain the importance of cryptography and the security services it can provide in today’s digital and information age.
• Evaluate physical security elements relative to information security needs.
• Evaluate the elements that comprise communication and network security relative to information security needs.
• Leverage the concepts and architecture that define the associated technology and implementation systems and protocols at Open Systems Interconnection (OSI) model layers 1–7 to meet information security needs.
• Determine appropriate access control models to meet business security requirements.
• Apply physical and logical access controls to meet information security needs.
• Differentiate between primary methods for designing and validating test and audit strategies that support information security requirements.
• Apply appropriate security controls and countermeasures to optimize an organization’s operational function and capacity.
• Assess information systems risks to an organization’s operational endeavors.
• Determine appropriate controls to mitigate specific threats and vulnerabilities.
• Apply information systems security concepts to mitigate the risk of software and systems vulnerabilities throughout the systems’ lifecycles.
• Justify an organizational code of ethics.
• Relate confidentiality, integrity, availability, non-repudiation, authenticity, privacy and safety to due care and due diligence.
• Relate information security governance to organizational business strategies, goals, missions, and objectives.
• Apply the concepts of cybercrime to data breaches and other information security compromises.
• Relate legal, contractual, and regulatory requirements for privacy and data protection to information security objectives.
• Relate transborder data movement and import-export issues to data protection, privacy, and intellectual property protection.
• Relate the IT asset management and data security lifecycle models to information security.
• Explain the use of information classification and categorization, as two separate but related processes.
• Describe the different data states and their information security considerations.
• Describe the different roles involved in the use of information, and the security considerations for these roles.
• Describe the different types and categories of information security controls and their use.
• Select data security standards to meet organizational compliance requirements.
• Explain the identity lifecycle as it applies to human and nonhuman users.
• Compare and contrast access control models, mechanisms, and concepts.
• Explain the role of authentication, authorization, and accounting in achieving information security goals and objectives.
• Explain how IAM implementations must protect physical and logical assets.
• Describe the role of credentials and the identity store in IAM systems.
• Describe the major components of security engineering standards.
• Explain major architectural models for information security.
• Explain the security capabilities implemented in hardware and firmware.
• Apply security principles to different information systems architectures and their environments.
• Determine the best application of cryptographic approaches to solving organizational information security needs.
• Manage the use of certificates and digital signatures to meet organizational information security needs.
• Discover the implications of the failure to use cryptographic techniques to protect the supply chain.
• Apply different cryptographic management solutions to meet the organizational information security needs.
• Verify cryptographic solutions are working and meeting the evolving threat of the real world.
• Describe defenses against common cryptographic attacks.
• Develop a management checklist to determine the organization’s cryptologic state of health and readiness.
• Describe the architectural characteristics, relevant technologies, protocols and security considerations of each of the layers in the OSI model.
• Explain the application of secure design practices in developing network infrastructure.
• Describe the evolution of methods to secure IP communications protocols.
• Explain the security implications of bound (cable and fiber) and unbound (wireless) network environments.
• Describe the evolution of, and security implications for, key network devices.
• Evaluate and contrast the security issues with voice communications in traditional and VoIP infrastructures.
• Describe and contrast the security considerations for key remote access technologies.
• Explain the security implications of software-defined networking (SDN) and network virtualization technologies.
• Recognize the many software elements that can put information systems security at risk.
• Identify and illustrate major causes of security weaknesses in source code.
• Illustrate major causes of security weaknesses in database and data warehouse systems.
• Explain the applicability of the OWASP framework to various web architectures.
• Select malware mitigation strategies appropriate to organizational information security needs.
• Contrast the ways that different software development methodologies, frameworks, and guidelines contribute to systems security.
• Explain the implementation of security controls for software development ecosystems.
• Choose an appropriate mix of security testing, assessment, controls, and management methods for different systems and applications environments.
• Describe the purpose, process, and objectives of formal and informal security assessment and testing.
• Apply professional and organizational ethics to security assessment and testing.
• Explain internal, external, and third-party assessment and testing.
• Explain management and governance issues related to planning and conducting security assessments.
• Explain the role of assessment in data-driven security decision-making.
• Show how to efficiently and effectively gather and assess security data.
• Explain the security benefits of effective change management and change control.
• Develop incident response policies and plans.
• Link incident response to needs for security controls and their operational use.
• Relate security controls to improving and achieving required availability of information assets and systems.
• Understand the security and safety ramifications of various facilities, systems, and infrastructure characteristics.
• Explain how governance frameworks and processes relate to the operational use of information security controls.
• Relate the process of conducting forensic investigations to information security operations.
• Relate business continuity and disaster recovery preparedness to information security operations.
• Explain how to use education, training, awareness, and engagement with all members of the organization as a way to strengthen and enforce information security processes.
• Show how to operationalize information systems and IT supply chain risk management.
EC-Council Disaster Recovery Professional (EDRP) is a comprehensive professional course that teaches students how to develop enterprise-wide business continuity and disaster recovery plans.
EDRP provides the professionals with a strong understanding of business continuity and disaster recovery principles, including conducting business impact analysis, assessing of risks, developing policies and procedures, and implementing a plan.
EDRP teaches professionals how to secure data by putting policies and procedures in place, and how to recover and restore their organization’s critical data in the aftermath of a disaster.
26 Feb - 1 Mar 2024
13-17 May 2024
24-28 Jun 2024
2-6 Sep 2024
• IT Professionals in the BC/DR or System Administration domain
• Business Continuity and Disaster Recovery Consultants
• Individuals wanting to establish themselves in the field of IT Business Continuity and Disaster Recovery
• IT Risk Managers and Consultants
• CISOs and IT Directors
The Certified Application Security Engineer (CASE) credential is developed in partnership with large application and software development experts globally.
The CASE credential tests the critical security skills and knowledge required throughout a typical software development life cycle (SDLC), focusing on the importance of the implementation of secure methodologies and practices in today’s insecure operating environment.
The CASE certified training program is developed concurrently to prepare software professionals with the necessary capabilities that are expected by employers and academia globally. It is designed to be a hands-on, comprehensive application security course that will help software professionals create secure applications. The training program encompasses security activities involved in all phases of the Software Development Lifecycle (SDLC): planning, creating, testing, and deploying an application.
Unlike other application security training, CASE goes beyond just the guidelines on secure coding practices and includes secure requirement gathering, robust application design, and handling security issues in the post-development phases of application development.
This makes CASE one of the most comprehensive certifications on the market today. It is desired by software application engineers, analysts, testers globally, and respected by hiring authorities.
Course Objectives
8-10 Jan 2024
1-3 Apr 2024
10-12 Jul 2024
7-9 Oct 2024
Individuals involved in the role of developing, testing, managing, or protecting wide area of applications
.NET Developers with a minimum of 2 years of experience and individuals who want to become application security engineers/analysts/testers.
- Securing ASP.NET Application from Session Fixation Attack
Checklist for Secure Session Management
The Certified Application Security Engineer (CASE) credential is developed in partnership with large application and software development experts globally.
The CASE credential tests the critical security skills and knowledge required throughout a typical software development life cycle (SDLC), focusing on the importance of the implementation of secure methodologies and practices in today’s insecure operating environment.
The CASE certified training program is developed concurrently to prepare software professionals with the necessary capabilities that are expected by employers and academia globally.It is designed to be a hands-on, comprehensive application security course that will help software professionals create secure applications.
The training program encompasses security activities involved in all phases of the Software Development Lifecycle (SDLC): planning, creating, testing, and deploying an application.
Unlike other application security trainings, CASE goes beyond just the guidelines on secure coding practices and includes secure requirement gathering, robust application design, and handling security issues in post development phases of application development.
This makes CASE one of the most comprehensive certifications on the market today. It is desired by software application engineers, analysts, testers globally, and respected by hiring authorities.
The Purpose of CASE Is
15-17 Jan 2024
15-17 Apr 2024
15-17 Jul 2024
14-16 Oct 2024
Individuals involved in the role of developing, testing, managing, or protecting wide area of applications
Java Developers with a minimum of 2 years of experience and individuals who want to become application security engineers/analysts/testers
Immediate Credibility: The CASE program affirms that you are indeed an expert in application security. It also demonstrates the skills that you possess for employers globally.
Pertinent Knowledge: Through the CASE certification and training program, you will be able to expand your application security knowledge.
Multifaceted Skills: CASE can be applied to a wide variety of platforms, such as, mobile applications, web applications, IoT devices, and many more.
A Holistic Outlook: Ranging from pre-deployment to post-deployment security techniques, covering every aspect of secure – software development life cycle, CASE arms you with the necessary skills to build a secure application.
Better Protect and Defend: By making an application more secure you are also helping defend both organizations and individuals globally. As a CASE, it is in your hands to protect and defend and ultimately help build a safer world.
Best Practices for Input Validation
- Setting a Limited Time Period for Session Expiration
- Preventing Session Cookies from Client-Side Scripts Attacks
- Example Code for URL Rewriting
Guidelines for Secured Session Management
- Standard Auditing Enable Network Auditing
This latest iteration of EC-Council’s Certified Incident Handler (E|CIH) program has been designed and developed in collaboration with cybersecurity and incident handling and response practitioners across the globe.
It is a comprehensive specialist-level program that imparts knowledge and skills that organizations need to effectively handle post breach consequences by reducing the impact of the incident, from both a financial and a reputational perspective.
Following a rigorous development which included a careful Job Task Analysis (JTA) related to incident handling and incident first responder jobs, EC-Council developed a highly interactive, comprehensive, standards-based, intensive 3-day training program and certification that provides a structured approach to learning real-world incident handling and response requirements.
Professionals interested in pursuing incident handling and response as a career require comprehensive training that not only imparts concepts but also allows them to experience real-scenarios. The E|CIH program includes hands-on learning delivered through labs within the training program. True employability after earning a certification can only be achieved when the core of the curricula maps to and is compliant with government and industry-published incident and response frameworks.
E|CIH is a method-driven program that uses a holistic approach to cover vast concepts concerning organizational incident handling and response from preparing and planning the incident handling response process to recovering organizational assets after a security incident. These concepts are essential for handling and responding to security incidents to protect organizations from future threats or attacks.
25-27 Mar 2024
10-12 Jun 2024
18-20 Sep 2024
18-20 Nov 2024
The incident handling skills taught in E|CIH are complementary to the job roles below as well as many other cybersecurity jobs:
EC-Council’s Certified Hacking Forensic Investigator (CHFI) is the only comprehensive ANSI accredited, lab-focused program in the market that gives organizations vendor-neutral training in digital forensics. CHFI provides its attendees with a firm grasp of digital forensics, presenting a detailed and methodological approach to digital forensics and evidence analysis that also pivots around Dark Web, IoT, and Cloud Forensics. The tools and techniques covered in this program will prepare the learner for conducting digital investigations using ground-breaking digital forensics technologies.
The program is designed for IT professionals involved with information system security, computer forensics, and incident response. It will help fortify the application knowledge in digital forensics for forensic analysts, cybercrime investigators, cyber defense forensic analysts, incident responders, information technology auditors, malware analysts, security consultants, and chief security officers.
The program equips candidates with the necessary skills to proactively investigate complex security threats, allowing them to investigate, record, and report cybercrimes to prevent future attacks
Why CHFI v10?
CHFI v10 is a complete vendor-neutral course covering all major forensics investigation technologies and solutions.
CHFI has detailed labs for a hands-on learning experience. On average, 50% of training time is dedicated to labs, loaded on EC-Council’s CyberQ (Cyber Ranges). It covers all the relevant knowledge bases and skills to meet regulatory compliance standards such as ISO 27001, PCI DSS, SOX, HIPPA, etc.
It comes with an extensive number of white papers for additional reading.
5-9 Feb 2024
15-19 Apr 2024
6-10 May 2024
27-31 May 2024
1-5 Jul 2024
19-23 Aug 2024
14-18 Oct 2024
18-22 Nov 2024 (Penang)
The CHFI program is designed for all IT professionals involved with information system security, computer forensics, and incident response.
How you will benefit
A BREACH can be BRUTAL. Investing in building an expert in-house forensics team with CHFI training and certification is a strategic move for enterprises looking to safeguard their stakeholders’ interests as well as their own. CHFI empowers their existing team with learning the latest investigation practices.
The course aligns with all the crucial forensic job roles across the globe.
It is an ANSI 17024 accredited Certification Program, mapped to the NICE 2.0 framework.
The course focuses on the latest technologies including IoT Forensics, Dark Web Forensics, Cloud Forensics (including Azure and AWS), Network Forensics, Database Forensics, Mobile Forensics, Malware Forensics (including Emotet and Eternal Blue), OS Forensics, RAM forensics and Tor Forensics, CHFI v10 covers the latest tools, techniques, and methodologies along with ample crafted evidence files.
The CHFI certification is awarded after successfully passing exam EC0 312-49. CHFI EC0 312-49 exams are available at ECC exam centers around the world.
PMP, Project Management Professional (PMP), CAPM, Certified Associate in Project Management (CAPM) are registered marks of the Project Management Institute, Inc.