Leader in the cybersecurity training sector.

Contact

Course

ACG CyberAcademy offers you its expertise in digital technology and cyber security.

Career opportunities in a field where there is a shortage of talent.

Explore our routes

SOC Analyst pathway

The SOC (Security Operations Centre) Analyst programme consists of the following modules:

Chapter 1: Introduction to cyber security

  • Basic concepts of cyber security
  • Types of threats and attacks
  • Roles and responsibilities of the SOC Analyst

Chapter 2: Monitoring and detection

  • Real-time monitoring of logs and events
  • Anomaly detection
  • Correlation of events

Chapter 3: Threat Analysis

  • Assessment of security incidents
  • Collection of forensic data
  • Malware analysis

Chapter 4: Tools and Technologies

  • Use of SIEM (Security Information and Event Management) tools
  • Network packet analysis with Wireshark
  • Use of vulnerability analysis tools

Chapter 5: Security Incident Management

  • Incident response planning
  • Coordination of response teams
  • Communication in the event of an incident

Chapter 6: Containment and eradication

  • Insulation of compromised systems
  • Eliminating threats
  • System restoration

Chapter 7: Threat prevention

  • Updating security policies
  • Configuring secure systems
  • Safety awareness

Chapter 8: Continuous improvement

  • Post-incident analysis
  • Documentation of incidents
  • Updating safety procedures and policies

Practical Exercises And Training Scenarios

  • Security incident simulations
  • Analysis of real cases
  • Writing incident reports

GRC Consultant pathway

The GRC (Governance Risk Compliance) Consultant programme consists of the following modules:

Chapter 1: Introduction to Governance, Risk and Compliance (GRC)

  • ISO 31000: Risk management principles
  • COSO: Integrated Framework for Risk Management and Internal Control
  • RGPD (General Data Protection Regulation) : Data protection principles

Chapter 2: CRM reference frameworks

  • Real-time monitoring of logs and events
  • Anomaly detection
  • Correlation of events

Chapter 3: Risk identification and assessment

  • Risk management methodologies
  • Risk analysis and impact assessment
  • Risk matrix

Chapter 4: Risk mitigation

  • Risk reduction strategies
  • Business Continuity Planning (BCP)
  • Insurance and risk transfer

Chapter 5: Regulatory compliance

  • Roles of regulatory compliance
  • Monitoring regulatory developments
  • Consequences of non-compliance

Chapter 6: Compliance management programme

  • Drawing up a compliance programme
  • Compliance monitoring and reporting (creation or drafting of a report)
  • Internal and external compliance audits

Chapter 7: Corporate governance

  • Corporate governance models
  • Board of Directors and Governance Committees
  • Transparency and responsibility

Chapter 8: Ethics in business

  • Codes of conduct and ethical policies
  • Raising awareness of ethics
  • Managing ethical breaches

Practical exercises and case studies

  • Crisis management scenarios in GRC
  • Case studies of success and failure in CRM
  • Presentation of the results of a GRC assessment

Cybersecurity Consultant pathway

The Cybersecurity Consultant programme consists of the following modules:

Chapter 1: Introduction to cyber security

  • The challenges of information systems security: what is at stake, why are hackers interested in information systems, the new cybersecurity economy?
  • Security requirements, basic concepts and vocabulary
  • An overview of some of the threats
  • Examples of known attacks and their modus operandi
  • The different types of malware

Chapter 2: The basics of digital security

  • Detection of phishing attempts
  • Identification of unwanted or dangerous e-mails
  • Safe Internet browsing
  • Controlling personal data and browsing information
  • Generation of strong passwords
  • Online privacy protection
  • Managing your e-reputation
  • Data encryption
  • Protecting your computer
  • Safety precautions

Chapter 3: Network traffic translation and filtering

  • The TCP/IP protocol stack
  • The different IP address translation mechanisms (NAT, PAT)
  • Lifetime access control of access lists (ACL)

Chapter 4: Firewalls and security architectures

  • Secure operating systems
  • Vulnerability management
  • System hardening

Chapter 5: VPN, IDS/IPS and Wireless Network Security

  • IDS/IPS intrusion detection systems
  • Virtual private networks (VPNs)
  • Wireless network security

Chapter 6: Exchange security and cryptography

  • Cryptography requirements
  • Symmetric and asymmetric cryptosystems
  • Hash functions
  • Public Key Infrastructure PKI
  • Electronic certificates and validation protocols
  • The digital signatureThe SSL protocol

Chapter 7: Fundamental Concepts of Application Security and OWASP

  • What is application security?
  • Statistics and trends in web-related vulnerabilities and their impact
  • The new security perimeter
  • Presentation of OWASP
  • The major risks of Web applications according to OWASP
  • Injection attacks (command injection, SQL injection, LDAP injection, XXE, etc.)
  • Attacks involving breaches of authentication and access control
  • Poor security configurations and inadequate monitoring and logging
  • Exposure of sensitive data
  • Cross Site Scripting" or XSS attacks
  • The use of components with known vulnerabilities
  • Insecure de-serialization attacks
  • Other OWASP tools: OWASP Application Security Guide, OWASP Cheat Sheets, OWASP ASVS, OWASP Dependency Check, OWASP ZAP, OWASP ModSecurity, etc.

Chapter 8: Managing cyber security within an organisation

  • Integrating security within an organisation and in projects: overview of ISO 2700X standards, information security management system (ISO 27001), code of good practice for information security management (ISO 27002), risk management (ISO 27005), information classification, human resources management, etc.
  • Integrating security into projects: security throughout a project's lifecycle, risk analysis and treatment approach and SSI action plan
  • Difficulties associated with taking safety into account: insufficient understanding of the issues, need for management involvement, difficulties in making choices in complete confidence, delicate trade-off between convenience and safety, blurred boundaries between professional, public and private spheres, etc.
  • Jobs related to cyber security

Chapter 9: The challenges and risks associated with personal data management

  • The concept of privacy
  • The footprints left by your data
  • Data access control
  • Protection of data transfer over networks
  • The legal framework
  • Exploring the RGPD

Cloud Security Consultant pathway

The Cloud Security Consultant programme consists of the following modules:

  • Introducing the Cloud
  • Definition
  • The advantages of the Cloud
  • The Cloud: a new business strategy
  • A new approach to outsourcing
  • Private cloud vs. public cloud
  • Market overview
  • Threats and risks
  • Risks associated with loss of control over the information system
  • Risks associated with remote intervention
  • Risks associated with shared hosting
  • Threats to conidentialité data
  • Social engineering
  • Overview of attacks on the Cloud
  • Key figures
  • Taking security into account in the Cloud
  • Principles and procedures
  • Measuring risks and setting safety targets
  • Choice of service provider
  • The safety assurance plan
  • Objectives of the document
  • Description and design principles
  • Safety clauses
  • Presentation
  • Drafting principles
  • Case studies

Datacenter Security Consultant

The Datacenter Security Consultant programme consists of the following modules:

  • Specific issues and challenges relating to the security of assets and people in computer rooms
  • IT operational security vs. building security: complementary approaches
  • The contribution of MoR (Management of Risks) to data centre security
  • Principles for assessing and dealing with safety risks in accordance with EN 50600
  • Protection classes EN 50600
  • Continuous improvement of a security risk management strategy
  • Operational site requirements
  • Overview of external risks
  • Recommendations and decision-making parameters
  • Risks associated with the presence of unsolicited personnel
  • Application of EN50600 protection classes to the access authorisation strategy
  • Theoretical models of physical protection
  • Surveillance and general protection of the building
  • Vehicle and delivery management
  • Prevent, detect, delay and neutralise intrusions
  • Technical access management (TAM)
  • Video surveillance (VSS) in the computer room
  • Standards and regulations applicable to control and surveillance techniques
  • Good operating practices to limit intrusions, malicious acts and negligence
  • Theoretical background: the fire tetrahedron
  • Categorising the risks and damage caused by fires
  • Standards and regulations applicable to fire risk management
  • Application of EN50600 protection classes to fire protection strategy
  • Fire safety plan
  • Fire risk prevention measures: good design and operating practices
  • Compartmentalisation measures: limiting the impact of potential fires
  • Fire detection strategy and systems: identify and warn as early as possible
  • Strategy and fixed fire extinguishing systems: protecting assets in the hall and the health of operators
  • Portable fire-fighting equipment
  • Impact of the fire extinguishing strategy on building structures
  • Reminder of power distribution in computer rooms: topology and protection measures
  • Earthing and bonding: principles, objectives and complementarity
  • Earthing and bonding: installation techniques
  • Training employees who have to handle high-voltage power
  • Power supply emergency stop devices
  • Standards and regulations applicable to the protection of persons against electrical risks
  • Qualification of environmental risks
  • Application of EN50600 protection classes to the environmental risk protection strategy
  • Electromagnetic risk management
  • Notions of particle and molecular pollution risk management (for a more in-depth look at this subject, we offer the dedicated course "MQA - Maîtrise de la Qualité de l'Air en salle informatique")
  • Geological risk management
  • Emergency signalling in computer rooms: best practice for implementation
  • Normal, replacement and emergency lighting
  • Implementation of lighting in the different areas of the Datacenter
  • Standards and regulations applicable to signage
  • Floor load management: floor and sub-floor specifications
  • Good design practice and reinforcement methods
  • Weight distribution in bays, good operating practices
  • Management of ceiling hanging capacity
  • Adapting the computer room and data centre to earthquake risk
  • Standards and regulations applicable to design

System and network security - The basics

The Systems and Network Security Consultant programme consists of the following modules:

  • The scope (networks, operating systems, applications)
  • The players (hackers, security managers, auditors, vendors and publishers)
  • Technology watch
  • Official bodies
  • Attack scenarios
  • Attacks on network protocols
  • Vulnerabilities in Web, VoIP, chat ...
  • Vandal coding: viruses, worms and Trojan horses
  • Station access to corporate and organisational networks, 802.1X, NAC
  • The different types of firewall
  • Filtering rules
  • The rules of address translation (NAT)
  • Setting up a demilitarised zone (DMZ)
  • Detection and monitoring with iDS
  • Integrating a firewall into the corporate network and organisation
  • Log file management and analysis
  • Hardening Windows
  • The hardening of Unix/Linux
  • Hardening for nomads: IOS / Android
  • Web servers and clients
  • Electronic messaging
  • VoIP IPbx and telephones
  • Symmetrical algorithms
  • Asymmetric algorithms
  • Hashing algorithms
  • Authentication methods (pap, chap, Kerberos)
  • HMAC and the electronic signature
  • Certificates and PKI
  • SSL IPSEC S/MIME protocols
  • Site-to-site and nomad VPNs

We use cookies to improve your experience. See our Cookie policy and our Privacy policy.

Information request

I would like more information about your training courses

ACG Cyberacademy collects and uses the data provided via this form in order to process your registration requests. Fields marked with an * are required. The other information enables us to optimise the follow-up of your request and the quality of our customer relations.