Cyber capacity building program

Our highly practical course gives a complex overview of how to protect your company against ICT supply chain risks. From threat modeling to secure code review, we will show you how to prioritize and understand the cybersecurity risks your organization faces each day.

As a global cybersecurity provider for 20+ years, we’ve gathered incomparable experience building cyber-resilient ICT infrastructure, and we’ll share this experience with trainees. You will also learn all the viable know-hows based on the work of Kaspersky Transparency Centers.

Improve your cybersecurity expertise with the ultra-practical exercises and concrete real-life cases. No wordy theory, no lengthy lectures – just precise and extremely tangible drills that efficiently convert time spent into skills acquired.

Built for Tier 2 Analysts

All levels

$1,400 inc. tax per learner

All levels

$1,400 inc. tax per learner

Background

As enterprise IT systems get fit to solve sophisticated tasks, their complexity inevitably grows. But with increased complexity comes reduced security. How can companies today choose a reliable and trustworthy supplier or product and avoid supply chain risks? What if your organization has limited resources for cybersecurity – but you have security regulations to comply with?

Kaspersky’s online Cyber Capacity Building Program teaches you handy techniques for evaluating product security. Companies, government organizations, academia – all can enhance security of their ICT infrastructure through testing and understanding what goes on in a product or service.

In this training, you’ll learn how to evaluate a product’s security; identify, prioritize and model threats; review code for security, and even delve into code fuzzing. You’ll get to know a range of approaches to managing vulnerabilities within your organization’s ICT infrastructure.

The training combines the industry’s most efficient methodologies and unique know-hows from Kaspersky’s own internal practices, including those from our pioneering Global Transparency Initiative and a network of Global Transparency centers where our cybersecurity solutions can be assessed.

Course leaders

Igor Kumagin,

Cybersecurity Expert

Anastasiya Kazakova,

Public Affairs Expert

Alexey Shchukarev,

Security Researcher

Roland Sako,

Security Researcher, ICS CERT Vulnerability Research

Overview & objectives

Building capacity to identify, evaluate and estimate risks related to external applications in ICT infrastructure
Managing identified risks and assessing the integrity and security of external applications
Forming a list of requirements for external applications to minimize cybersecurity risks related to them
Developing an understanding of industry best practices for building a secure ICT ecosystem with regard to external applications

Syllabus

Evaluating product security

Introduction to applications and system security; building reliable and resilient ICT infrastructure:

Approaches for evaluating product security;
Assessment techniques of a vendor’s software development process;
Analyzing a vendor’s data processing practices;
Static and dynamic examination techniques of a software product for its security.

Threat modelling

Introduction to the process of identifying and mitigating potential threats, such as structural vulnerabilities or the absence of appropriate safeguards. The purpose of threat modelling is to provide a systematic analysis of what controls or defenses need to be included, given the nature of the system, the probable attacker’s profile, the most likely attack vectors, and the assets most desired by an attacker.

The sections includes:

Approaches to threat modeling;
Actor identification;
Risk identification;
Prioritization.

Secure code review

Introduction to basic techniques for identifying vulnerabilities in software code. The purpose of the code review is to ensure that a product has no potential vulnerabilities or backdoors. We will also share best practices of Kaspersky’s Transparency Centers and how processes are organized for external reviews of our source code and software development.

The sections includes:

Approaches for automated source code analysis;
Static analysis of source code;
Dynamic analysis of source code;
Approaches to manual analysis of source code.

Code fuzzing

This gives an introduction to the process of defining, developing and testing Windows-based applications through fuzzing to identify bugs and vulnerabilities. Though the training focuses on native Windows-based applications, most of the concepts – as well as the methodology and tools – can be applied to other platforms.

After completing this course, trainees will be able to:

Understand different fuzzing techniques and when to apply them;
Choose the appropriate tools and prepare a target for fuzzing;
Generate interesting fuzzing input depending on the target.

Vulnerability management and disclosure

Introduction to and definition of approaches for building the process of managing vulnerabilities within an organization’s ICT infrastructure.

This section includes:

Sharing best practices for vulnerability management and disclosure;
Sharing best practice for coordinated vulnerability disclosure;
Sharing Kaspersky’s experience in handling vulnerability reports from the research community;
Revealing nuances of bug bounty programs.

Who it's for

Government organizations, including government CERTs

Government organizations, no matter their size and capacities, should build trusted and cyber-resilient ICT infrastructures to mitigate cybersecurity risks that may impact the public security, economic and social well-being of their citizens.

Academia and research institutions

These organizations often handle a lot of personal or even sensitive data but are very often under-resourced to afford dedicated cybersecurity specialists. Kaspersky’s Cyber Capacity Building Program is a cost-effective solution to address this problem.

Other companies

This training is useful to private organizations, including small and medium companies, and particularly to information security professionals, managers and executives. Understanding the basics of software verification will improve their supply risk management processes and secure their systems.

How you'll learn

Guided video lectures

Hands-on knowledge from Kaspersky experts and key practitioners.

Iterative learning

Practical exercises and detailed solution walkthroughs.

Team training

With a constantly evolving threat landscape it’s vital IT security specialists keep their skills up to date. With our online training, you can learn effective threat detection and mitigation strategies from the comfort if you’re home with highly practical hands-on courses.

Let’s talk

Benefits

Access

6 months to complete your course from activation of your access code

Language

Delivered in English with subtitles

Pace

Self-guided learning that fits around your life

Learning environment

Browser-based via desktop, mobile & tablet

Certificate of completion

PDF document on a Kaspersky letterhead certifying the completion of the course, signed by the course leader(s)

Enroll your team

Register

Request Access

Pre-register