About the Course

The Internet of Things (IoT) is becoming a ubiquitous technology delivering value for organisations and individuals. It also represents a cybersecurity risk as with IoT comes more points of vulnerability, often sitting outside the core IT infrastructure. IT, OT, and Security teams are responsible for keeping your extending environment secure and your data safe. To do so, these technology professionals must extend their knowledge and skills. Organisations that possess these skills can confidently leverage this revolutionary technology.

Certified IoT Security Practitioner (CIoTSP) upskills OT, IT, and Security teams by validating the knowledge and skills to secure network environments for IoT devices, analyse vulnerabilities, determine reasonable controls against threats, and effectively monitor IoT devices and respond to incidents.

This 5-day Certified IoT Security Practitioner (CIoTSP) training course is intended for delegates undertaking the CertNexus® Certification for Exam ITS-110 that will give the foundational skill set of secure IoT concepts, technologies, and tools that will enable them to become a capable IoT Security practitioner in a wide variety of IoT-related job functions and designed for practitioners who are seeking to demonstrate a vendor-neutral, cross-industry skill set that will enable them to design, implement, operate, and/or manage a secure IoT ecosystem. The delegates require hands-on practice on this programme, which covers IoT security concepts while providing ample opportunities to practice the skills needed of an IoT security professional.

Core Objectives

The delegates will achieve the following objectives:

• Know the importance of Securing IoT Portals
• Comprehend the true techniques of Implementing Authentication, Authorisation, and Accounting
• Apply the correct steps for Securing Network Services
• Analyse the information after Securing Data
• Synthesize in addressing privacy concerns
• Evaluate securing software/firmware
• Know how to enhance Physical Security

Training Approach

The delegates will be taught through learning techniques that ensure maximum understanding, comprehension, and retention of the information presented. The training methodology will vary depending on their needs, from front-end to blended learning. It is divided through information received, participation, and Learning by Doing to provide the highest level of apprehension and retention of the presented material. They will be working on case studies and doing a hands-on project, and at the end of the training course, they will be assessed to determine the level of knowledge they have retained.

The Attendees

This training course is designed for IoT practitioners looking to improve their skills and knowledge of IoT security and privacy.

It is also designed for delegates seeking the CertNexus® Certified Internet of Things Security Practitioner (CIoTSP) certification who want to prepare for Exam ITS-110.

Likewise, it will be valuable to the professionals but not limited to the following:

• Programmer
• Data Analyst
• IT Managers
• Data Scientists
• Anyone who would like to become Certified in Security

Daily Discussion

DAY ONE: SECURING IoT PORTALS

• Identify Common Threats Used to Compromise Unsecure Web, Cloud, or Mobile Interfaces
• Account Enumeration
• Weak Default Credentials
• Injection Flaws
• Unsecure Direct Object References
• Implement Countermeasures Used to Secure Web, Cloud, or Mobile Interfaces
• Change Default Passwords
• Secure Password Recovery Mechanisms
• Secure the Web Interface from XSS, SQLi, or CSRF
• Protect Credentials

DAY TWO: IMPLEMENTING AUTHENTICATION, AUTHORISATION, AND ACCOUNTING

• Identify Common Threats Used to Exploit Weak Authentication/Authorisation Schemes
• Lack of Password Complexity
• Poorly Protected Credentials
• Lack of 2FA
• Unsecure Password Recovery
• Implement Countermeasures used to Provide Secure Authentication, Authorisation, and Accounting
• Granular Access Control
• Password Management
• Ensure Re-authentication for Sensitive Features
• Event Logging and IT/OT Admin Notification

DAY THREE: SECURING NETWORK SERVICES

• Identify Common Threats Used to Exploit Unsecure Network Services
• Vulnerable Services
• Buffer Overflow
• Open Ports via UPnP
• Exploitable UDP Services
• Implement Countermeasures Used to Provide Secure Network Services
• Port Control
• Secure Memory Spaces
• DoS Mitigation/DDoS
• Secure Network Nodes

DAY FOUR: SECURING DATA

• Identify Common Threats Used to Exploit Unsecure Data
• Vulnerable Data in Motion
• Implement Countermeasures Used to Secure Data
• Encrypt Data in Motion, At Rest, and In Use
• Addressing Privacy Concerns
• Identify common threats Used to Compromise Privacy
• Collection of Unnecessary Personal or Sensitive Information
• Implement Countermeasures Used to Ensure Data Privacy
• Only Collect Critical Data
• Protect Sensitive Data

DAY FIVE: SECURING SOFTWARE/FIRMWARE

• Identify Common Threats Used to Exploit Unsecure Software/Firmware
• Poorly Designed/Tested Software/Firmware
• Implement Countermeasures Used to Provide Secure Software/Firmware
• Digitally Signed Updates
• Enhancing Physical Security
• Identify Common Threats Used to Exploit Poor Physical Security
• Access to Software/Configuration via Physical Ports
• Unprotected Shell Access for Accessible Ports
• Implement Countermeasures Used to Ensure Physical Security
• Protect Data Storage Medium