COURSE SUMMARY This course is one of the essential courses required for certification and designation as a Security and Resilience Professional/Manager under the Infrastructure Resilience Research Group, IRRG, Office of the Dean, Faculty of Engineering and Design, Carleton University.

​

This course has been designed for employees and managers to gain and advance their understanding and knowledge to communicate and participate in discussions with IT and ICS experts to address the growing cyber security threats to organizations and digitalized infrastructure systems.

​

The course is divided into the following four (4) modules:

​

Module 1: Security in the Digital Age will discuss the cyber security threat landscape and organizational vulnerabilities, including sabotage; inside threat, etc.

​

Module 2: Cyber Attacker Tradecraft will discuss recent cyber incidents and their impacts on organizations, how attackers exploit small system vulnerabilities to escalate their access and steal classified/confidential information.

​

Module 3: Cyber Security Controls will provide information about open sources collection of intelligence techniques/cycles, social engineering types of information available to carry out personnel assessment, understanding criminal mindset, modern warfare, cyber security culture, and best practices.

​

Module 4: Cyber Security Terminologies and Concepts will explain in non-technical language  terms such as: network architecture, virus, ransomware, Stuxnet, cybercrime, IOT, VPN, cloud, exploits, firewall, bot/bot net, DDOS, phishing/spear phishing, etc.

​

At the end of the course, you will be able to:

​

 

• Use OSINT to supplement reliability screening reviews and investigations;

• Recognize the exposure from information publicly available to attackers;

• Explain at a high level the steps behind a cyber attack;

• Express and evaluate cyber risks as business risks;

• Communicate requirements and comprehend feedback from IT personnel with regards to cybersecurity; and

• Explain the rationale behind basic and specific IT security controls.
   

Who should attend:

​

Security professionals, from GC and Industry, who must interact with their organization’s IT, ICS control room supervisors, officials, and require basic underlining of the threats and techniques to be able to participate in discussions.

​

Managers responsible for addressing their organization’s cybersecurity issues.

Generalists interested in gaining awareness of the growing cybersecurity threats and concepts.