Cyber Security

CSF+​P Cyber Security Foundation+​Practitioner™

The go-to course to transition your career or upskill your team and maximise resilience

  • Duration 5 Days
  • Fee - Virtual Instructor-Led $3,260 + GST
  • Exam Online Exam
  • Fee - Face-to-face Training $3,760 + GST
  • Team Training Get a quote
  • Download Course brochure

Upcoming Course Dates

View all course dates
Location Date Time  
Virtual Instructor-led Training | AEST 5 - 9 August 2024 09:00 am - 05:00 pm
Canberra, Face-to-Face 14 - 18 October 2024 09:00 am - 05:00 pm
Virtual Instructor-led Training | AEDT 21 - 25 October 2024 09:00 am - 05:00 pm
Virtual Instructor-led Training | AEDT 25 - 29 November 2024 09:00 am - 05:00 pm


CSF+P Cyber Security Foundation+Practitioner™ – The Cyber Security Course to Start Your Career

Advance Your Career

ALC’s 5-day Cyber Security Foundation+Practitioner™ course is designed for anyone who wants a sound understanding of Information / Cyber Security and a solid base on which to build their career. It is ideal for someone wanting to start a career in Cyber Security, or to transition their career. There are no pre-requisites to attend.

Maximise Your Cyber Resilience

The course follows a robust syllabus that covers all the key areas you need to know. At the same time, it provides maximum regional relevance by fully taking into account appropriate sections from the Australian Government Information Security Manual (ISM).

Cyber Security Foundation+​practitioner™ Digital Badge

**Digital Badge Now Available**

CSF+P Face-to-Face or Live Virtual Training

ALC courses are either 100% in-person or 100% live virtual. That way you get the best training experience.

We do not offer hybrid Cyber Security training whereby some participants are physically in class while others are joining remotely. This invariably results in a lesser training experience. If the trainer focuses on the needs of one group, it is usually at the expense of the other. You can spare yourself the frustration of the hybrid experience with ALC fully-dedicated Cyber Security Foundation+Practitioner training course.

Our Trainers Make the Difference

  • Arjun Xavshaw

    A highly experienced cybersecurity professional with 15 years of expertise in information technology, risk management, and training , Arjun excels in delivering tailored cybersecurity solutions for federal government clients

    Read full bio
  • Peter Nikitser

    Peter is exceptionally well qualified for this role and brings to bear a career spanning over 30 years in Information Technology, focusing on security even before the World Wide Web became mainstream.

    Read full bio

Learning Outcomes

The key objective is for each participant to complete the course and retain a very solid understanding and appreciation of the fundamentals of Cyber Security:

  • Cyber Security Concepts
  • Risk Management & Assurance
  • Security Architecture
  • Physical Security
  • Network Security
  • Endpoint Security
  • Incident Response

One of the special features of this course is its mix of theory and practical exercises, all designed to maximise understanding and retention. Strong use is made of a case study. Participants are provided with a download link where sample Word and Excel templates for the case study may be found, along with useful artefacts referenced in the material. Exercises include:

  • Develop an asset register
  • Identify threats, determine risks, and make recommendations
  • Evaluate service provider models, contrasting risks and opportunities
  • Discuss risks associated with storing data in the cloud
  • Select security architecture design principles
  • List and prioritise business-critical operations for business continuity
  • Evaluate the benefits of an in-house incident response capability versus using a managed service model

Who Should Attend

The course is designed for:

  • Anyone starting a career in information / cyber security
  • IT professionals wanting to transition their career into cyber security
  • Anyone needing a robust introduction to cyber security
  • Anyone planning to work in a position that requires cyber security knowledge
  • Anyone with information / cyber security responsibilities
  • Anyone who has learned “on the job” but who would benefit from a formal presentation to consolidate their knowledge
  • Professionals familiar with basic IT and information security concepts and who need to round out their knowledge

Course Contents

1. Cyber Security Concepts

Cyber Security Concepts

  • Defining cyber security
  • Cyber security triad
  • Cyber security landscape
  • Defining assets, threats, vulnerabilities, likelihood, consequence, and risk

Cyber Security Strategy

  • Business Strategy
  • Governance, Risk Management and Compliance (GRC)
  • Cyber Security Policy Framework
  • Education, Training, and Awareness

Laws & Regulations

  • Privacy laws and principles
  • International data protection legislation
  • Privacy Impact Assessment (PIA)
  • Cyber Crime Law
  • Regulations and corporate industry requirements for Directors
  • Intellectual property, issues, and attacks

Standards & Frameworks

  • ISO/IEC 27001
  • NIST Cybersecurity Framework
  • Payment Card Industry Data Security Standard (PCI DSS)

Roles & Responsibilities

  • Organisational structure
  • Ethics

Knowledge Check

  • Introduction to the Case Study
  • Practical session:
    • Exercise #1 – Development of a cyber asset register

2. Risk Management

Risk Management Concepts and Definitions

  • Various states of risk (inherent, current, residual)
  • Specialised risk topics (systemic, systematic, aggregation)
  • Risk Appetite and Tolerance
  • ISO/IEC 31000 Risk Management Process
  • Risk Assessment – Identification, Analysis, and Evaluation
  • Risk Treatment
  • Risk Register and Risk Treatment Plan
  • Risk Monitoring Metrics

Risk Management Threats and Opportunities

  • Evolution of the Threat Landscape
  • Advanced Persistent Threats
  • Lockheed Martin Cyber Kill Chain®
  • Developing a threat taxonomy
  • Threat characteristics
  • Common types of malicious software
  • Common malware attack methods
  • Surface Web, Deep Wen, and Dark Web
  • Social Engineering Attacks
  • Applets
  • Bring Your Own Device
  • The Internet of Things

Controls and Enablers
Defence-in-Depth Controls
CERT NZ Critical Controls
ACSC Essential Eight

  • Strategies to mitigate Targeted Cyber Intrusions
  • The Essential Eight
  • The Essential Eight Maturity Model

Knowledge Check

  • Practical session:
    • Exercise #2.1 – Development of a threat taxonomy and identification of vulnerabilities
    • Exercise #2.2 – Evaluate current controls and current risk level

3. Security Architecture

Security Architecture Concepts and Definitions

  • Security Architecture Frameworks – SABSA and TOGAF
  • Security Architecture Design Principles – Viega & McGraw, and Saltzer & Schroeder

Certification and Accreditation

  • Evaluation Standards – Common Criteria, TCSEC, ITSEC, CTCPEC
  • Common Criteria – Evaluation Assurance Levels
  • Internet Engineering Task Force
  • FIPS Standards for Encryption
  • FIPS 140-3

Service Models

  • Insourcing, outsourcing, and managed services
  • Single provider, multiple providers, and prime provider

Cloud Computing

  • Characteristics of Cloud Computing
  • Cloud Computing Building Blocks
  • Cloud Service Models
  • Cloud Deployment Models
  • Shared Responsibility Model
  • Cloud Vulnerabilities and Risks
  • Server Virtualisation – Benefits and Security Issues
  • Storage Virtualisation
  • Cloud Access Security Brokers
  • Assessing Cloud Environments
  • Cloud Security Alliance Pandemic Eleven


  • Symmetric algorithms
  • Asymmetric algorithms
  • Hashing algorithms
  • Message Authentication Code
  • Digital Signatures

Emerging Technologies

  • Artificial Intelligence
  • Internet of Things
  • Quantum Computing
  • BlockChain

Knowledge Check

  • Practical session:
    • Exercise #3 – Recommendations for service provider models in addressing risks
    • Exercise #4.1 – Identify the challenges associated with using cloud solutions
    • Exercise #4.2 – Identify security architecture design principles

4. Physical Security

Perimeter Security

  • Fences, gates and bollards
  • Guards, dogs and lighting
  • CCTV

Building Security

  • Lock grades and key types
  • Lock picking, bump keys and bump guns
  • Adjacent buildings and shared tenancy
  • Demarcation issues
  • Server rooms and storage
  • Doors, windows, and walls
  • Local crime
  • Access control cards
  • RFID Tags
  • Contraband checks

Physical Access Control

  • Tailgating
  • Mantraps
  • Turnstiles
  • Dumpster diving
  • Motion detectors

Environmental Controls

  • Electricity
  • Emergency power
  • Electromagnetic interference
  • HVAC for environmental control
  • Fire Suppression Agents
  • Sprinkler Systems

Knowledge Check

5. Network Security

Network Fundamentals

  • OSI Model
  • TCP/IP Model – Original and Updated
  • Encapsulation and De-encapsulation
  • Port numbers and TCP/UDP flags
  • TCP three-way handshake
  • Voice over IP (VoIP)
  • Domain Name System (DNS)
  • IP Addressing – Classful, Classless, RFC1918
  • IP Masquerading and Network Address Translation
  • IP version 4 and IP version 6
  • Network Topologies
  • Network Security Zones
  • Zero Trust Networks

Network Security

  • Firewalls
  • Firewall Designs
  • Firewall Implementation Issues
  • Intrusion Detection and Prevention Systems (IDPS)
  • Secure Email Gateway (SEG)
  • Secure Web Gateway (SWG)
  • Data Loss Prevention (DLP)
  • Public Key Infrastructure (PKI)
  • IEE 802.1x Extensible Authentication Protocol (EAP)
  • Remote Authentication Dial-in User Service (RADIUS)
  • Internet Protocol Security (IPSec)

Knowledge Check

6. Endpoint Security

Endpoint Security

  • Servers, desktops, laptops, tablets, mobile devices, wearables
  • Endpoint Detection and Response (EDR)
  • Extended Detection and Response (XDR)
  • Specialised Endpoint Systems

Application Security

  • Systems Development Life Cycle
  • OWASP Top 10
  • STRIDE Threat Modelling
  • DREAD Threat Modelling
  • Web Application Firewall
  • Database Activity Monitor

Data Security

  • Data ownership roles and responsibilities
  • Data classification and labelling
  • Authentication, Authorisation and Accounting (AAA)
  • Access control
  • Privileged Access Management (PAM)
  • Access control models and implementation
  • Data governance and lifecycle
  • Data remanence

Knowledge Check

  • Practical session:
    • Exercise #5.1 – Complete the risk assessment from exercise 2 by recommending controls
    • Exercise #5.2 – Create a data classification scheme

7. Incident Response

Incident Response Management

  • Security logging
  • Security Information and Event Management (SIEM)
  • Security Orchestration Automation & Response (SOAR)
  • Security events and incidents
  • Incident Response Methodology using NIST SP800-61

Business Continuity and Disaster Recovery

  • Business Continuity Planning
  • Disaster Recovery Planning
  • Standards and Frameworks
  • NIST SP800-34
  • Business Continuity Institute Good Practice Guide

Digital Forensics

  • General phases of the forensic process
  • Digital forensics challenges
  • Anti-forensics
  • Forensic media analysis
  • Network forensics
  • Embedded device forensics
  • eDiscovery

Security Assurance

  • Configuration management
  • Minimum Security Baselines
  • Security Audits
  • Security Assessments
  • Security Testing
  • Vulnerability Assessments
  • Penetration Testing

Knowledge Check

  • Practical session:
    • Exercise #6 – Identify and rank the three most important business operations
    • Exercise #7 – Examination of insourcing or using a managed service for incident response
  • Mock Exam – 2 hours
  • Final exam study and preparation
  • Final Exam – 2 hours
  • Trainer was outstanding! Speaking a previous trainer and assessor I could not recommend him enough. Outstanding in charisma and material presentation.
    Was able to talk to all points with relevant expansion when required, answering any questions and provided relevant applications and examples.

    Live Virtual Training | 2024


CSF+P Cyber Security Foundation+Practitioner

read more


Fees per person

Cyber Security Foundation+Practitioner (5 days)

  • Live Virtual Training: $3260 + gst
  • Face-to-Face Training: $3760 + gst

Course fees include:

  • High Quality Course presentation
  • ALC comprehensive course workbook
  • Foundation+Practitioner Certificate exam in classroom at end of Day 5 (includes one free exam re-sit per participant)

Foundation + Practitioner Certificate Exam

Live Virtual Training – Participants will sit the exam online during the course. The exams are invigilated live by the ALC trainer and supporting staff. The online exam is run via the exam portal Test Invite and accessed via a web browser. 

Face-to-Face Training – Participants of the cyber security beginner certifications will be provided with a paper-based exam which is completed whilst at the course in the same venue of the course itself.

The cyber security certification exam is 2 hours in duration and comprises three parts. in Part A there are 75 questions worth 1 mark each. In Part B there are 5 questions worth 2 marks each & Part C there are 5 questions worth 3 marks each.  The pass mark is 65%.  There is only one correct answer to each question and no marks are deducted for incorrect answers.

The Cyber Security Foundation+Practitioner Certificate is issued to those who successfully pass the exam.

One free exam re-sit is available for each participant.