Encryption & Secret Management
Mastering fundamentals for secure your data à 360°.
The target audience for training
- CISOs, security managers, IT directors, IS consultants.
- System, cloud and network administrators.
- Integrators, IT architects and anyone involved in protecting sensitive data.
What you will learn
This course will take you through the techniques needed to audit an iOS mobile application, as well as the most common vulnerabilities in this type of application.
Whether you're a technical auditor or a developer, you need to know about bad security practices and exploitation techniques. Come and learn more about the vulnerabilities associated with this platform in this training course!
This course will show you advanced auditing methods for Android mobile applications.
The aim of the course is to go beyond the "Introduction" course. This course is entirely practical.
Training programme
- Duration: 2 days
Module 1: Fundamentals of encryption
- Symmetric vs. asymmetric encryption
- Concepts of keys, IV, common algorithms (AES, RSA, ECC)
- Hashing, signing, flow vs. block encryption
- Risks associated with poor implementation
Module 2: Managing secrets and keys
- What is a secret? What are the threats?
- Lifecycle management: creation, storage, rotation, revocation
- Vaults, HSM, TPM, KMIP, KMS
- Integration with CI/CD, DevOps, containers
Module 3: Encryption solutions for different environments
- On the workstation/endpoint: BitLocker, FileVault, EFS
- In the datacenter : Encrypted LUNs, databases, HSM
- In the cloud: BYOK / HYOK, native KMS, S3/EBS encryption, Azure Disk Encryption
- On IaaS: encryption of VMs, disks, volumes, snapshots
Module 4: Encryption & certificates: issues and practices
- Certificates, PKI, TLS, S/MIME, machine vs. user certificates
- Certificate lifecycle: generation, deployment, renewal
- Multi-environment management: Cloudflare, Let's Encrypt, Microsoft CA, etc.
- Risks associated with expired or poorly managed certificates
Module 5: Governance, audit and compliance n
- ISO 27001 / 27018 / 27701 recommendations
- Alignment with the RGPD: encryption as a technical measure
- Logging, proof of compliance, auditability
- Best practice in secure deletion
Final MCQ + discussion on integration into an existing IS policy
Training objectives
At the end of the day, participants will be able to :
- Explain the basic mechanisms of data encryption.
- Identify the right solutions for each environment (cloud, datacenter, endpoint, etc.).
- Manage the lifecycle of keys, certificates, tokens and secrets.
- Choose encryption solutions tailored to their IS (on-prem and SaaS).
- Assess the regulatory and standards requirements associated with encryption.
Teaching methods
- Training led by an expert in applied cryptography.
- Alternating theory / demonstrations / exchanges of experience.
- Digital course support with practical worksheets and comparative solutions.
- MCQs to validate prior learning.
Training prerequisites
- Basic knowledge of information systems and security.
- No mathematical skills in cryptography required.
- Language : French
- Level : Fundamental
- Certification body : ACG CYBERACADEMY
- Certification: No
- Accessibility : Yes
- Duration: 2 days
Important information:
Our courses are not registered with the Répertoire National des Certifications Professionnelles (RNCP), but they do comply with the requirements of the Répertoire Spécifique (RS).