Security Awareness & Training
Providing education to staff is a preventative control to help reduce the likelihood of security issues surfacing within your environment. PrivSec provide general security training to staff, along with specific training to developers around secure coding.
|
Phishing Simulations
We break down the traditional phishing engagement into distinct stages looking at the efficacy of different protections instead of working out simply if a phishing email is clicked on by a user or not. This approach allows you to better understand which parts of the chain need some work rather than simply knowing how many emails were clicked on.
Secure Code Training
PrivSec will come on site with your development team, or host you for the day, and provide you with a day of secure development training. This will cover:
- A detailed overview of the OWASP Top Ten Web Application vulnerabilities.
- Multiple real world examples and case studies of exploited vulnerabilities.
- Hands on experience exploiting these vulnerabilities on a custom web application
- Techniques and tooling to identify and exploit these bug classes, using both source code analysis and dynamic testing techniques.
- Remediation steps and techniques to mitigate and avoid these issues.
NZISM Basics
We have a wide range of experience in All of Government audit processes, and in particular have a deep knowledge of the New Zealand Information Security Manual (NZISM). Our NZISM training covers the following:
- What the NZISM is
- How to read the NZISM
- The C&A process
- Roles & Responsibilities
- The key controls within the NZISM