INCIDENT RESPONSE
01223 298 338

Certify to Deliver Cyber Essentials Assessments

As you are aware, there has been major changes to the qualification requirements for Cyber Essentials Plus Assessors. For those who will be assessing Cyber Essentials Plus and do not have the requirement for a ‘List A’ certification, IASME has worked with the National Cyber Security Centre and CyberScheme to develop a new certification - Vulnerability Assessment Plus (VA+). This certification is available for examination now through CyberScheme, and 3B Data Security has developed a one day, COVID-19 safe, instructor-led training course to cover the syllabus as part of an individuals exam preparation for the VA+ examination.

Vulnerability Assessment Plus Course Dates:

Pricing - £495 excluding VAT

Contact

If you are interested in the course please fill in the form below and detail which date and we will get back to you as soon as we can.

Telephone: 01223 298 333
Email: info@3BDataSecurity.com

Incident Response: 01223 298 338
Incident Response: IR@3BDataSecurity.com


Aims of the course 


  • Provide an overview of the vulnerability assessment process 
  • Learn about the tools used during a vulnerability assessment 
  • Understand the underlying concepts of TCP/IP, ports and protocols 
  • Apply critical thinking to solve problems encountered during an assessment 

Apply tools and techniques to assess: 


  • External facing interfaces 
  • Internal interfaces 
  • Threats of malware (Anti-malware solutions, application allowlisting) 
  • The threat of common external attacks (Email, SMS etc) 
  • The threat of common internal attacks (Web applications, downloads) 
  • Report/Explain Vulnerabilities found 

Learning Objectives 


  • Understand information security in the corporate world 
  • Understand the laws and regulations involved with vulnerability assessing 
  • Understand quantifying and measuring risks associated with vulnerabilities 
  • Understand how to find internal and external vulnerabilities 
  • Understand how to test hardening measures for malware 
  • Report and explain vulnerabilities found throughout a project 

Course Content
Section 1: Information security in the corporate world
LO1.1 – Exploiting a vulnerability 
LO1.2 – Understanding the ‘scope’ of the assessment 
LO1.3 – Planning and Management 
LO1.4 – CIA Model 
LO1.5 – DDPRR Model 

Section 2: Laws and regulations involved with vulnerability assessing
LO2.1 – Understand the basics of a hacking offence 
LO2.2 – Understand the Computer Misuse Act (1990) 
LO2.3 – Understand the Police and Justice Act (2006) 
LO2.4 – Understand the Data Protection Act (1998)

Section 3: Quantifying and measuring risks associated with vulnerabilities
LO3.1 – CVSS 3 

Section 4: Internal and external vulnerabilities
LO4.1 – Use tools to scan and enumerate an external target network 
LO4.2 – Use tools to scan and enumerate an internal target network 

Section 5: Hardening measures for malware
LO5.1 – Use techniques to assess the hardening of a system to malware 
LO5.2 – Use techniques to assess the threat of attacks via email / SMS  
LO5.3 – Use techniques to assess the treat of users introducing malware 

Section 6: Reporting and explaining vulnerabilities
LO6.1 – Audience 
LO6.2 – Technical writing skills 
LO6.3 – Executive summary 
 
We are a CREST Approved provider in three disciplines:
  • Cyber Security Incident Response
  • Vulnerability Assessment
  • Penetration Testing
Our team are experts in security testing across web applications, infrastructure, wireless infrastructure, VOIP, mobile devices and cloud infrastructure.
We are PCI Security Standards Council accredited as a PCI Qualified Security Assessor Company, and PCI Forensic Investigatior company. 

If your clients have information systems that involve storing, processing or transmitting cardholder data then please get in touch and we can assist them with compliance and advice on compliance with the PCI Data Security Standard.