Course Overview

Gain the skills to use Microsoft Purview to improve your data security in Microsoft 365. In this training, you learn how to create sensitive information types, create sensitivity labels, and use auto-labeling policies based on these labels. You also learn how to set up DLP (Data Loss Prevention) policies to safeguard your organization’s data.

Course Objectives

  • Create and manage sensitive information types
  • Protect information in Microsoft Purview
  • Prevent data loss in Microsoft Purview

Course Content

Module 1: Create and manage sensitive information types

  • Recognize the difference between built-in and custom sensitivity labels
  • Configure sensitive information types with exact data match-based classification
  • Implement document fingerprinting
  • Create custom keyword dictionaries

Module 2: Protect information in Microsoft Purview

  • Discuss the information protection solution and its benefits.
  • List the customer scenarios the information protection solution addresses.
  • Describe the information protection configuration process.
  • Explain what users will experience when the solution is implemented.
  • Articulate deployment and adoption best practices.

Module 3: Prevent data loss in Microsoft Purview

  • Discuss the data loss prevention solution and its benefits.
  • Describe the data loss prevention configuration process.
  • Explain what users experience when the solution is implemented.

Course Overview

In this workshop, you learn to maintain a RACFdatabase with IBM Security zSecure Admin and monitor the system with IBM Security zSecure Audit.

During hands-on exercises, you act as a RACF security administrator for a fictitious company. In this simulated job role, you learn to define a RACF security environment for a specific department.

This workshop teaches the basics of the security administration process and how to implement company security policies and guidelines into specific RACF profile definitions and settings. You learn to verify the quality and validity of RACF profiles that you define. Finally, you learn to interpret and report SMF events that the z/Os system logs during this RACF management workshop

Course Objectives

After this course participants should be able to:

  • Describe the authorization checking process to access a UNIX file or directory
  • Create the appropriate RACF definitions to define a z/OS UNIX System Services user ID
  • Describe the audit options for z/OS UNIX System Services
  • Set up permissions to control access to a file or directory
  • List and maintain extended access control list (ACL) entries
  • List and maintain the audit settings for a file or directory

Course Content

Unit 1: UNIX System Services security introduction

Unit 2: Protect files and directories

Unit 3: Report and audit UNIX System Services

Course Overview

This workshop teaches the basics of the security administration process and how to implement company security policies and guidelines into specific RACF profile definitions and settings.

In this workshop, you learn how to maintain a Resource Access Control Facility (RACF®) database with IBM® Security zSecure Admin and monitor the system with IBM Security zSecure Audit.

During hands-on exercises, you act as a RACF security administrator for a fictitious company. In this simulated job role, you learn to define a RACF security environment for a specific department.

You learn to verify the quality and validity of the RACF profiles that you define. Finally, you learn how to interpret and report SMF events that the z/OS system logs during the workshop.

Course Objectives

After this course participants should be able to:

  • Describe the purpose and flow of the RACF management workshop
  • Set up a flexible RACF group structure for a department based on PMI security policies and IT guidelines
  • Define a departmental security administrator user ID, user IDs for plot writers, verify password quality, and create and refresh an IBM Security zSecure CKFREEZE data set
  • Create role-based function groups, resource profiles, and an IBM Security zSecure UNLOAD data set
  • Implement role-based access using connections and permissions to the function groups
  • Use and explain the various zSecure Admin Verify functions, define a started task, verify started procedures, and manage staff member changes
  • Review and, if applicable, maintain RACF audit settings and report and examine SMF records that are logged during this workshop
  • Prevent users with OPERATIONS from accessing your PMI departmental data sets
  • Clean up RACF profiles and, if applicable, data sets and catalog aliases

Course Content

  • Set up a RACF security environment for a hypothetical company based on their security policies and guidelines
  • Create and refresh the IBM Security zSecure Admin UNLOAD and CKFREEZE data sets
  • Maintain RACF user and group profiles
  • Implement role-based access with function groups
  • Define, maintain, and examine RACF data set profiles
  • Use and explain the Verify functions Protect all, All not empty, and Password
  • Define and verify started procedures
  • Review and, if applicable, maintain RACF audit settings
  • Report and examine SMF records
  • Clean up RACF profiles and, if applicable, data sets and catalog aliases

Course Overview’

This course describes audit concerns that IBM® Security zSecure Audit reports.

The course explains auditing your RACF® database and z/OS subsystems such as CICS, IMS, and DB2. You can measure your security and z/OS system settings against the security requirements of a selected policy level. Also, you learn about an Access Monitor data set containing historic RACF access decisions statistics.

This information is used to find profiles, permissions, or connections that are unused and can be removed from the RACF database. Furthermore, you learn reviewing the general SMF and RACF audit settings. This course explains how to use and interpret predefined SMF reports, and how to create customized SMF reports.

Finally, the Library and sequential data set status and change analysis functions are explained.

Course Objectives

After this course participants should be able to:

  • Describe and explain the flow of a security call from z/OS and resource Managers to RACF
  • Perform user ID and password audit analysis
  • Audit sensitive user IDs and z/OS resources and create audit reports about who can define RACF profiles
  • Create audit reports for the CICS, IMS, and DB2 subsystems
  • Review the system-wide Audit settings, select and process predefined SMF reports, and define custom SMF reports
  • Utilize the Access Monitor reports to clean up the RACF database
  • Audit changes to system-sensitive libraries and sequential data sets

Course Content

Unit 1: Introduction to RACF auditing

Unit 2: Auditing user IDs and passwords

Unit 3: Auditing sensitive resources

Unit 4: Auditing subsystems

Unit 5: Auditing SMF

Unit 6: Using Access Monitor and RACF-Offline

Unit 7: Analyzing libraries and sequential data sets

Course Overview

Learn the basics of the IBM Security zSecure programming language CARLa. This course teaches you to use the CARLa programming language to create reports for RACF, SMF, UNIX Systems Services (USS), CICS, DB2, and RACF command generation.

You spent approximately 40 percent of the course on hands-on lab exercises, where you produce CARLa code that you can use for effective management and reporting on RACF, SMF, USS, and other subsystems.

You learn to use CARLa to create custom reports, commands, emails, XML output, or modify existing zSecure RACF functions to fit with your installation’s requirements. In addition, you learn how to automate these functions by using them in scheduled batch jobs.

Course Objectives

After this course participants should be able to:

  • Use the CARLa interface to process the allocated supported input sources and introduction of the main CARLa statements
  • Use various SELECT options for input filtering and to specify output formatting using the SORTLIST statement and output modifiers
  • Apply CARLa frequently used functions such as subselect, lookup, substring, parsing, and using the DISPLAY statement
  • Define report titles, redirect output, add statistics with the SUMMARY statement, and use CARLa to generate RACF commands
  • Process multiple input sources simultaneously, generate CARLa code with 2-pass CARLa, and use the CARLa compare options
  • Use CARLa in batch jobs to automate the generation of reports, CARLa code, RACF commands, emails, WTO messages, and XML-formatted output
  • Generate reports about the various logged SMF records
  • Learn about and use other supported CARLa NEWLIST types

Course Content

Unit 1: Introduction and the CARLa interface

Unit 2: CARLa SELECT, SORTLIST, and DEFINE statements

Unit 3: Frequently used CARLa functions

Unit 4: NEWLIST and SUMMARY options

Unit 5: Advanced CARLa functions

Unit 6: Use CARLa in batch jobs

Unit 7: Produce SMF reports with CARLa

Unit 8: Other supported CARLa NEWLIST types and functions

Course Overview

This course introduces the zSecure Audit rule-based compliance evaluation framework. The course explains rule-based compliance evaluation concepts and includes an overview and demonstration of the supported compliance evaluation functions and reports.

With the standard built-in compliance evaluation interface, you report the compliance of your systems against one or more of the supported external standards: STIG, STIGplus, GSD, or PCI-DSS.

The course also teaches you how to customize compliance evaluations for the supported standards to fit your company’s requirements.

Finally, you learn how to create a company-defined compliance standard. Hands-on exercises are included to enforce the skills that are taught in this course so that you can experiment with the rule-based compliance evaluation interface.

Course Objectives

After this course participants should be able to:

  • Explain the concept of rule-based compliance evaluation with zSecure Audit
  • Run compliance evaluations against the supported standards GSD331, STIG, and PCI-DSS
  • Use the compliance evaluation results to apply the applicable changes to comply with the applicable (external) standard
  • Customize compliance evaluations to fit with company security and audit policies
  • Build customized system-defined compliance standards, rule sets, rules, and tests

Course Content

Unit 1: Rule-based compliance introduction and concepts

Unit 2: Running compliance evaluations and interpret results

Unit 3: Customizing compliance standards, rules, or tests

Course Overview

This is an instructor-led course that provides basic introduction of the IBM Security Admin ISPF interface for customers who administer RACF profiles and generate basic RACF overview reports.

This course focuses on frequently used administrative functions, standard reports, and verification functions of IBM Security zSecure Admin.

Gain experience in administering RACF profiles using the built-in functions and line commands that the ISPF interface provides. Learn how to report and review RACF profiles using the built-in functions and provided line commands. Verification functions that report RACF database inconsistencies are explored and demonstrated. The CKGRACF function is also described.

Finally, you also learn how to produce customized reports, tailor the RACF installation data field, and define company-specific custom fields.

Course Objectives

After this course participants should be able to:

  • Introduce the IBM Security zSecure Admin tool
  • Select and review RACF profiles with the ISPF zSecure Admin panels and examine access control lists (ACLs) for resource profiles
  • Perform profile maintenance and use supported features to apply bulk changes
  • Review and maintain RACF SETROPTS options and Class Descriptor table (CDT) settings and maintain input files to control your IBM Security zSecure Admin session
  • Show differences for the same system over time or differences between different systems
  • Use the standard reports that IBM Security zSecure Admin provides
  • Produce user and group profile reports and compare users or groups side-by-side
  • Produce resource reports about various resources and defined access
  • Use the Verify options to report and resolve RACF database inconsistencies, and learn about CKGRACF
  • Define custom reports, customize Installation data, and define RACF custom fields

Course Content

Unit 1: Run IBM Security zSecure Admin

Unit 2: Select and display existing RACF profiles

Unit 3: Perform profile maintenance

Unit 4: Use Advanced options

Unit 5: Produce RACF administration reports

Unit 6: Create specific user ID and group reports

Unit 7: Create resource reports

Unit 8: Produce RACF management reports

Unit 9: Create customized reports

Course Overview

IBM Security QRadar enables deep visibility into network, endpoint, user, and application activity. It provides collection, normalization, correlation, and secure storage of events, flows, assets, and vulnerabilities. Suspected attacks and policy breaches are highlighted as offenses. In this course, you learn about the solution architecture, how to navigate the user interface, and how to investigate offenses. You search and analyze the information from which QRadar concluded a suspicious activity. Hands-on exercises reinforce the skills learned.

Virtual Learning

This interactive training can be taken from any location, your office or home and is delivered by a trainer. This training does not have any delegates in the class with the instructor, since all delegates are virtually connected. Virtual delegates do not travel to this course, Global Knowledge will send you all the information needed before the start of the course and you can test the logins.

Course Objectives

After completing this course, you should be able to perform the following tasks:

  • Describe how QRadar collects data to detect suspicious activities
  • Describe the QRadar architecture and data flows
  • Navigate the user interface
  • Define log sources, protocols, and event details
  • Discover how QRadar collects and analyzes network flow information
  • Describe the QRadar Custom Rule Engine
  • Utilize the Use Case Manager app
  • Discover and manage asset information
  • Learn about a variety of QRadar apps, content extensions, and the App Framework
  • Analyze offenses by using the QRadar UI and the Analyst Workflow app
  • Search, filter, group, and analyze security data
  • Use AQL for advanced searches
  • Use QRadar to create customized reports
  • Explore aggregated data management
  • Define sophisticated reporting using Pulse Dashboards
  • Discover QRadar administrative tasks

Course Content

Topics

  • Unit 0: IBM Security QRadar 7.5 – Fundamentals
  • Unit 1: QRadar Architecture
  • Unit 2: QRadar UI – Overview
  • Unit 3: QRadar – Log Source
  • Unit 4: QRadar flows and QRadar Network Insights
  • Unit 5: QRadar Custom Rule Engine (CRE)
  • Unit 6: QRadar Use Case Manager app
  • Unit 7: QRadar – Assets
  • Unit 8: QRadar extensions
  • Unit 9: Working with Offenses
  • Unit 10: QRadar – Search, filtering, and AQL
  • Unit 11: QRadar – Reporting and Dashboards
  • Unit 12: QRadar – Admin Console

Extensive lab exercises are provided to allow learners an insight into the routine work of an IT Security Analyst operating the QRadar SIEM platform. The exercises cover the following topics:

  • Architecture exercises
  • UI Overview exercises
  • Log Sources exercises
  • Flows and QRadar Network Insights exercises
  • Custom Rule Engine (CRE) exercises
  • Use Case Manager app exercises
  • Assets exercises
  • App Framework exercises
  • Working with Offenses exercises.
  • Search, filtering, and AQL exercises
  • Reporting and Dashboards exercises
  • QRadar Admin tasks exercises

The lab environment for this course uses the IBM QRadar SIEM 7.5 platform.

Course Overview

QRadar SIEM provides deep visibility into network, user, and application activity. It provides collection, normalization, correlation, and secure storage of events, flows, assets, and vulnerabilities. Suspected attacks and policy breaches are highlighted as offenses.

This 2-day instructor-led course walks you through various advanced topics about QRadar such as custom log sources, reference data collections and custom rules, X-Force data and the Threat Intelligence app, UBA and QRadar Advisor, tuning and custom action scripts. The course also discusses integration with IBM SOAR. Hands-on exercises reinforce the skills learned.

The lab environment for this course uses the IBM QRadar SIEM 7.5 platform.

Virtual Learning

This interactive training can be taken from any location, your office or home and is delivered by a trainer. This training does not have any delegates in the class with the instructor, since all delegates are virtually connected. Virtual delegates do not travel to this course, Global Knowledge will send you all the information needed before the start of the course and you can test the logins.

Course Objectives

  • Learn how to create custom log sources
  • Discover how to work with reference data collections and custom rules
  • Use X-Force data and Threat Intelligence app
  • Use the Use Case Manager app
  • Learn how to use UBA and QRadar Advisor
  • Discover Tuning
  • Explore Custom action scripts
  • Discuss Integration with IBM SOAR

Course Content

Unit 1: Custom log sources

Unit 2: Reference data collections and custom rules

Unit 3: IBM X-Force Threat Intelligence in QRadar

Unit 4: User Behavior Analytics and Advisor with Watson

Unit 5: Tuning

Unit 6: Custom action scripts

Unit 7: IBM SOAR integration

Course Overview

This 2-day course shows IT professionals and security officers how to develop an effective security governance strategy for their organization. Students also learn how compliance regulations and industry standard best practices (frameworks) can guide the creation of suitable security policies. This course focuses on real-world implementation, but can also prepare students for Security+ and CISSP certification exams.

Course Content

hl948s.pdf (hpe.com)