Company Training Academy

Biblioteca de aulas

• O que é a NIS 2? (6:27)
  Noções básicas da diretiva da UE sobre segurança cibernética
• Práticas básicas de higiene cibernética (4:47)
  Medidas essenciais de segurança cibernética para todo usuário
• Tratamento de incidentes de segurança cibernética (6:16)
  Como identificar e reagir prontamente a problemas de segurança cibernética
• Recuperação de desastres (8:38)
  Como recuperar sistemas de informação e dados
• Criptografia (10:39)
  Conceitos criptográficos e sua aplicação
• Controle de acesso (6:07)
  Permitir acessos apropriados e impedir acessos inadequados
• Gestão de ativos cibernéticos (7:22)
  Identificação, classificação, proteção e uso de ativos digitais
• Fundamentos de segurança de redes (6:43)
  Protegendo redes digitais e comunicações de dados
• NIS 2: certificação e normalização (7:52)
  Explicação dos artigos 24 e 25 da NIS 2
• NIS 2: segurança da cadeia de suprimentos (9:16)
  Gestão de riscos cibernéticos relacionados a fornecedores
• Fundamentos de backup (4:36)
  Recuperação após perda de dados
• Continuidade de negócios (9:40)
  Arranjos de resiliência e recuperação
• Fundamentos de autenticação (6:05)
  Prevenindo acessos não autorizados a ativos digitais
• NIS 2: política de segurança de sistemas de informação (10:01)
  Redação de uma política de segurança cibernética de alto nível para a NIS 2
• Segurança na aquisição, desenvolvimento e manutenção (12:15)
  Segurança cibernética no ciclo de vida de sistemas de TI
• Comunicações de emergência (6:30)
  Configuração de métodos alternativos de comunicação
• Autoridades da NIS 2 (6:31)
  8 órgãos governamentais responsáveis por aplicar a NIS 2
• Treinamento e conscientização em segurança cibernética (11:33)
  Criação de um programa de treinamento e conscientização contínuos
• Segurança de recursos humanos (12:57)
  Atividades antes, durante e após o vínculo empregatício
• Medição da segurança cibernética (7:59)
  Avaliação da eficácia da gestão de riscos
• Ações corretivas (8:02)
  Como eliminar a causa de não conformidades
• Abrangência da NIS 2 (6:26)
  Organizações essenciais e importantes que devem estar em conformidade
• NIS 2: requisitos de segurança cibernética (8:51)
  As 10 medidas de segurança cibernética mais importantes da NIS 2
• Papel da gestão na segurança cibernética (7:34)
  Tarefas para a alta e média gestão
• NIS 2: gestão de incidentes e crises (10:28)
  Gestão de riscos cibernéticos relacionados a fornecedores
• NIS 2: obrigações de reporte (8:49)
  Como comunicar incidentes significativos
• NIS 2: aplicação e fiscalização (10:19)
  Principais ações das autoridades para aplicar a conformidade
• Comunicações seguras (13:32)
  Protegendo canais de voz, vídeo e texto
• Ameaças internas (6:30)
  Gestão de insiders com acesso a informações sensíveis
• Fundamentos de segurança em nuvem (5:38)
  Protegendo dados ao usar serviços em nuvem
• NIS 2: etapas de implementação (7:23)
  15 etapas para alcançar a conformidade total com a NIS 2
• Avaliação da segurança de fornecedores (12:46)
  Vulnerabilidades dos fornecedores, qualidade e desenvolvimento seguro
• Malware de computador (4:58)
  Phishing, ransomware e spyware
• Segurança de e-mail (4:08)
  Riscos relacionados ao uso de e-mail
• Erro humano (4:33)
  Reduzindo erros com informações sensíveis
• Roubo de identidade (4:58)
  Como cibercriminosos roubam sua identidade?
• A mente de um hacker (5:42)
  3 tipos de hackers e como se proteger
• Gestão de riscos de segurança da informação (8:29)
  Avaliação e tratamento de riscos como base da segurança cibernética
• Senhas (5:30)
  Criando e mantendo senhas seguras
• Segurança física de dispositivos (5:52)
  Protegendo fisicamente informações e dispositivos
• Privacidade (4:36)
  8 princípios de privacidade que todos devem conhecer
• Propriedade intelectual (5:36)
  Métodos técnicos, legais e organizacionais para proteger DPI
• Proteção de documentos em papel (6:35)
  Vulnerabilidades de mídias em papel e métodos de proteção
• Segurança de dispositivos móveis (5:30)
  Protegendo laptops, tablets, smartphones e outros dispositivos
• Engenharia social (6:02)
  Os métodos mais comuns que criminosos usam para acessar sua conta
• Redes sociais (5:24)
  Principais riscos cibernéticos ao usar Facebook, X, LinkedIn e outros
• Trabalho remoto (4:37)
  Riscos ao trabalhar fora das instalações do escritório
• Gerenciando a segurança de fornecedores (6:32)
  Riscos relacionados a fornecedores e contratados, e como tratá-los
• What is ISO 27001? [em inglês] (1:02)
  Learn about the basics of the leading cybersecurity standard
• The structure of ISO 27001 [em inglês] (2:01)
  ISO 27001 main clauses and their purpose
• Information security principles used in ISO 27001 [em inglês] (2:07)
  An example of confidentiality, integrity, and availability in practice
• ISO 27001: Introduction to the ISMS [em inglês] (2:22)
  The purpose of an Information Security Management System
• Key roles in ISO 27001 implementation [em inglês] (1:07)
  Roles of the project manager, security officer, and senior management
• Documenting ISO 27001 requirements [em inglês] (2:55)
  Mandatory and non-mandatory documents
• Implementing ISO 27001 requirements [em inglês] (2:13)
  Using the PDCA cycle as guidance for implementation
• ISO 27001 Benefits [em inglês] (2:02)
  4 key benefits: compliance, marketing, costs, and better organization
• ISO 27001: Understanding your organization and its context [em inglês] (2:03)
  Analyzing internal and external issues
• ISO 27001: Understanding the needs and expectations of interested parties [em inglês] (1:35)
  Who are interested parties, and what are their requirements?
• ISO 27001: Determining the scope of the ISMS [em inglês] (1:50)
  What is the ISMS scope, and why is it important?
• ISO 27001: Leadership and commitment [em inglês] (1:45)
  Key senior management activities that represent commitment
• ISO 27001: Information Security Policy [em inglês] (1:13)
  Mandatory elements of this top-level policy
• ISO 27001: Organizational roles, responsibilities, and authorities [em inglês] (2:14)
  Which roles are mandatory according to ISO 27001?
• ISO 27001: Information security objectives [em inglês] (2:14)
  Why are objectives important, and how to define them?
• ISO 27001: Resources [em inglês] (1:40)
  Example of resources and how to document them
• ISO 27001: Competence [em inglês] (1:22)
  The options to acquire required skills and knowledge
• ISO 27001: Awareness [em inglês] (1:23)
  How to organize security awareness in a company
• ISO 27001: Communication [em inglês] (1:24)
  What kind of communication is required, and why is it important?
• ISO 27001: Documented information [em inglês] (3:12)
  Creating, updating, and controlling policies, procedures, and records
• ISO 27001: Addressing risks and opportunities [em inglês] (1:46)
  The basics of risk management
• ISO 27001: Risk management process [em inglês] (2:15)
  Five key steps to assess and treat risks
• ISO 27001: Information security risk assessment – Risk identification [em inglês] (3:03)
  Risk identification, risk analysis, and risk evaluation
• ISO 27001: Information security risk assessment – Risk analysis and evaluation [em inglês] (2:40)
  Using scales to assess impact and likelihood
• ISO 27001: Information security risk treatment [em inglês] (0:00)
  Four most common options for treating risks
• ISO 27001: Statement of Applicability [em inglês] (1:59)
  The purpose and structure of the SoA
• ISO 27001: Formulating the risk treatment plan [em inglês] (1:49)
  The purpose and mandatory elements of the RTP
• ISO 27001: Implementing the risk treatment plan [em inglês] (1:15)
  Key elements of implementation and how to document results
• ISO 27001: Operational planning and control [em inglês] (2:18)
  Key elements of the Do phase in the PDCA cycle
• ISO 27001: Operating the ISMS [em inglês] (1:18)
  What does operating the ISMS mean?
• ISO 27001: Managing outsourcing of operations [em inglês] (1:57)
  Examples of security controls for outsourcing activities
• ISO 27001: Controlling changes [em inglês] (1:58)
  An example of a change management procedure
• ISO 27001: Risk assessment review [em inglês] (1:46)
  Why is risk review important, and how often to perform it?
• ISO 27001: Monitoring, measurement, analysis, and evaluation [em inglês] (3:13)
  Key elements for evaluating the performance of the ISMS
• ISO 27001: Internal audit [em inglês] (2:35)
  Key elements of an internal audit
• ISO 27001: Management review [em inglês] (2:30)
  Inputs and outputs for the management review meeting
• ISO 27001: Nonconformities and corrective actions [em inglês] (3:22)
  Required actions when a nonconformity occurs
• ISO 27001: Continual improvement [em inglês] (2:19)
  Examples of improvement initiatives
• ISO 27001: Introduction to Annex A [em inglês] (5:18)
  The purpose and structure of Annex A
• ISO 27001: People controls [em inglês] (2:05)
  Overview of Annex A.6 – Controls before, during, and after employment
• ISO 27001: Physical controls [em inglês] (3:37)
  Overview of Annex A.7 – Securing physical areas and equipment
• ISO 27001: Technological controls – overview and new controls [em inglês] (4:13)
  Overview of Annex A section A.8 – Technological controls
• ISO 27001: Technological controls – software development [em inglês] (2:51)
  Controls that cover architecture, lifecycle, testing, and coding principles
• ISO 27001: Organizational controls – operational security [em inglês] (2:43)
  Controls for access control, information transfer, operating procedures, etc.
• ISO 27001: Organizational controls – policies and responsibilities [em inglês] (3:22)
  Controls for roles, segregation of duties, contact with external parties, etc.
• ISO 27001: Organizational controls – information and asset management [em inglês] (1:52)
  Controls for asset inventory, acceptable use, classification, etc.
• ISO 27001: Technological controls – operational security [em inglês] (4:48)
  Controls that cover security in day-to-day IT activities
• ISO 27001: Organizational controls – supplier security [em inglês] (3:14)
  Controls for assessing risks, contractual requirements, monitoring, etc.
• ISO 27001: Organizational controls – incidents and business continuity [em inglês] (4:52)
  Controls to deal with threats, events, incidents, and larger disruptions
• ISO 27001: Organizational controls - compliance, privacy, and legal aspects of security [em inglês] (2:49)
  Controls that ensure security is compliant with legal requirements
• What is DORA? [em inglês] (3:46)
  EU regulation for digital resilience in financial sector
• Who needs to comply with DORA? [em inglês] (2:41)
  Which financial institutions and other companies must comply?
• Which IT providers need to comply with DORA and how? [em inglês] (3:49)
  Securing ICT Supply Chains for Financial Resilience
• What are DORA-related regulations? RTS, CDR, and CIR [em inglês] (3:13)
  Additional Requirements Through Regulatory Technical Standards
• What are the main requirements specified in DORA? [em inglês] (3:45)
  Summary of 9 Most Important Requirements
• DORA implementation steps [em inglês] (4:54)
  Optimal Steps for DORA Compliance Project Implementation
• Writing DORA documentation [em inglês] (3:30)
  Structure and Content of DORA Documentation
• DORA: Organizing training and awareness [em inglês] (2:57)
  Key training & awareness requirements and how to comply with them
• DORA: Penalties and fines [em inglês] (3:08)
  Who Enforces Them and How Do They Look Like?
• DORA: Governance responsibilities for senior management [em inglês] (2:30)
  Implementing Internal Governance & ICT Risk Oversight
• DORA: Key elements of ICT risk management framework [em inglês] (3:42)
  Description of Overall Activities in ICT Risk Management Framework
• DORA: Developing top-level information security policy [em inglês] (1:54)
  Content of the Top-level Policy
• DORA: How to write Digital operational resilience strategy [em inglês] (3:06)
  Key Elements of the Strategy
• DORA: Identifying ICT-supported business functions and assets [em inglês] (1:36)
  ICT Function Mapping & Asset Lifecycle Management
• DORA: Performing risk assessment [em inglês] (2:43)
  Mandatory Elements of ICT Risk Assessment
• DORA: Learning and evolving [em inglês] (2:40)
  Methods for Continuous Cybersecurity Evolution
• DORA: Measurement, monitoring, and controlling the ICT systems [em inglês] (1:14)
  Elements of Continuous Measurement, Monitoring, and Controlling
• DORA: Internal audit of ICT risk management framework [em inglês] (1:23)
  Performing Internal Audit for ICT Risk Compliance
• DORA: Follow-up and corrective actions [em inglês] (2:16)
  The Purpose and Content of the Follow-up
• DORA: Report on the review of ICT risk management framework [em inglês] (2:23)
  Details of the Annual Review and Reporting
• DORA: Main elements of simplified ICT risk management framework [em inglês] (6:42)
  Requirements for Small Financial Entities
• DORA: Policies and procedures for ICT operations security [em inglês] (1:40)
  The Content of Operational Security Documents
• DORA: Capacity and performance management [em inglês] (1:39)
  Optimizing ICT Capacity and Performance for Operational Resilience
• DORA: Data and system security [em inglês] (2:12)
  Comprehensive Data and System Security Procedure Requirements
• DORA: Network security management [em inglês] (1:58)
  Main Methods for Ensuring Network Security
• DORA: Securing information in transit [em inglês] (1:39)
  Ensuring Secure Data Transmission and Confidentiality
• DORA: Encryption and cryptography [em inglês] (2:02)
  Management of Encryption and Cryptographic Keys
• DORA: Human resources policy [em inglês] (1:31)
  HR's Role in Digital Operational Resilience
• DORA: Identity management and authentication [em inglês] (1:13)
  Requirements for Identity Policies and Authentication Mechanisms
• DORA: Access control [em inglês] (2:38)
  Regulatory Requirements and Best Practices for Access Control
• DORA: Physical and environmental security [em inglês] (1:36)
  Physical and Environmental Security Policy for ICT Assets
• DORA: ICT systems acquisition, development, and maintenance [em inglês] (2:36)
  ICT Systems Lifecycle Security Policy and Testing
• DORA: ICT project management [em inglês] (1:24)
  Rules for Managing ICT Projects
• DORA: ICT change management [em inglês] (2:16)
  Elements of Change Management for Secure ICT Systems
• DORA: Logging [em inglês] (1:14)
  Logging Procedures for Recording Critical Events
• DORA: Detecting anomalous activities [em inglês] (1:40)
  Elements of Collecting and Analyzing Activities
• DORA: Vulnerabilities, patch management, and updates [em inglês] (2:11)
  Vulnerability Management and Patch Processes for ICT Systems
• DORA: Incident management process [em inglês] (2:51)
  Systematic Incident Handling and Rapid Response
• DORA: Classification of ICT incidents and threats [em inglês] (4:05)
  Detailed Classification Criteria
• DORA: Reporting major incidents and cyber threats [em inglês] (3:05)
  Types of Incident Reports for Authorities
• DORA: ICT business continuity policy [em inglês] (2:13)
  Elements of the Top-level Business Continuity Document
• DORA: Business impact analysis, RTO, and RPO [em inglês] (1:44)
  The Purpose of RTOs and RPOs for Business Continuity
• DORA: Backup and restoration of data [em inglês] (2:01)
  Detailed Rules for Setting Up Backup and Restoration
• DORA: Secondary processing site [em inglês] (1:36)
  Alternative Site Requirements for Central Counterparties
• DORA: ICT response and recovery plans [em inglês] (2:02)
  Requirements for the Content of the Plans
• DORA: Testing business continuity and recovery plans [em inglês] (3:03)
  Detailed Requirements for Plan Testing
• DORA: Crisis management and communication [em inglês] (1:33)
  Elements of Handling Crisis
• DORA: Main elements of digital operational resilience testing [em inglês] (2:07)
  Comprehensive Testing Program for ICT Risk Resilience
• DORA: Resilience testing of ICT tools and systems [em inglês] (1:31)
  Types of Resilience Tests
• DORA: Threat-Led Penetration Testing TLPT [em inglês] (3:15)
  Requirements for TLPT and for Testers
• DORA: Key elements ICT third-party risk management [em inglês] (4:30)
  Governance, Assessment, Contracts, and Exit Strategies
• DORA: Selecting critical ICT service providers [em inglês] (3:29)
  Critical ICT Provider Designation and Oversight Framework
• DORA: Risk assessment of ICT service providers [em inglês] (3:02)
  Assessing Suppliers Before Signing Contracts
• DORA: Contracts with ICT service providers [em inglês] (4:32)
  Standardized Security Clauses for Protection of ICT Services
• DORA: Register of information [em inglês] (3:43)
  Standardized Register for ICT Contractual Oversight
• DORA: Monitoring, inspection, and audit of ICT service providers [em inglês] (2:17)
  Independent Review and Ongoing Monitoring
• DORA: Exit strategies for ICT services [em inglês] (3:48)
  Enabling a Smooth Transition Away From a Service Provider
• DORA: Government oversight of critical ICT service providers [em inglês] (2:56)
  The Tasks and Powers of the Lead Overseer
• What is EU GDPR and where does it apply? [em inglês] (1:35)
  EU GDPR: Protecting data rights and setting global standards for personal data processing.
• Which frameworks are related to GDPR? [em inglês] (1:33)
  Leveraging ISO standards (27701, 27001, 29100) and OECD guidelines to reinforce GDPR best practices.
• Key terms in GDPR [em inglês] (6:34)
  Essential GDPR vocabulary covering personal data, processing, roles, and data protection techniques.
• Key roles according to GDPR [em inglês] (2:07)
  Key GDPR roles: Controllers, processors, DPOs, and supervisory authorities shape compliance responsibilities.
• Business activities that are impacted the most by GDPR [em inglês] (1:53)
  Discover how GDPR affects diverse business functions, from Marketing and IT to HR and beyond.
• Six legitimate purposes of processing personal data according to GDPR [em inglês] (3:58)
  Six legitimate processing purposes under GDPR: from contracts to consent
• What are the main GDPR principles? [em inglês] (2:58)
  GDPR principles: lawfulness, fairness, transparency, purpose limitation, minimisation, accuracy, security, and storage limits.
• Real-world example for understanding main GDPR principles [em inglês] (4:10)
  How GDPR’s principles—transparency, minimisation, consent, and timely deletion—apply in practice.
• The basics of Privacy Notices according to GDPR [em inglês] (2:31)
  Clear disclosures on data processing to ensure transparency under GDPR.
• Contents of a Privacy Notice according to GDPR [em inglês] (2:04)
  Clear, plain disclosures on data collection, processing, rights, contacts, and safeguards
• What is GDPR Inventory of Processing Activities [em inglês] (4:58)
  How to build and maintain an Inventory of Processing Activities to meet GDPR requirements.
• What is GDPR personal data retention [em inglês] (2:05)
  What does data retention mean, and how to ensure compliance with GDPR requirements.
• Responsibilities for fulfilling GDPR requirements for inventory and retention [em inglês] (3:01)
  How to define clear roles and processes for maintaining GDPR inventories and retention schedules.
• The content of GDPR Inventory of Processing Activities for controllers [em inglês] (1:19)
  Inventory for controllers: DPO, processing purposes, data categories, recipients, transfers, retention limits, and safeguards.
• The content of GDPR Inventory of Processing Activities for processors [em inglês] (1:17)
  Essential details on sub-processors, controllers, processing categories, and data transfers.
• GDPR Consent – The basics [em inglês] (2:42)
  What is GDPR consent is, and what its key requirements are?
• How and when to ask for GDPR consent [em inglês] (1:49)
  Learn how and when to request consent under GDPR, ensuring transparency and user choice.
• Data subject rights according to GDPR [em inglês] (3:24)
  Learn how data subject rights empower individuals to control their personal data under GDPR.
• Basic GDPR rules for data subject access rights [em inglês] (2:01)
  DSAR basics, from valid request formats to response timelines.
• Handling DSAR requests according to GDPR [em inglês] (1:20)
  DSAR best practices, response timelines, and identity verifications under GDPR.
• DSAR exemptions and rejections according to GDPR [em inglês] (2:31)
  How to handle DSAR queries, typical exemptions, and valid grounds for rejections.
• What is Data Protection Impact Assessment (DPIA) according to GDPR? [em inglês] (2:05)
  How DPIAs help identify and mitigate risks in data processing.
• DPIA Step 1 according to GDPR: Listing and grouping data processing activities [em inglês] (1:04)
  How to identify and group data processes for assessment.
• DPIA Steps 2 and 3 according to GDPR: The threshold questionnaire & determining if DPIA is needed [em inglês] (1:45)
  How high-risk processing is identified accurately with a threshold questionnaire.
• DPIA Steps 4, 5 and 6 according to GDPR: Answer the DPIA questionnaire, identify and list key security risks [em inglês] (2:40)
  What is needed for DPIA steps and how to address key security risks
• Step 7 DPIA according to GDPR: Recording the implementation; maintenance [em inglês] (1:02)
  Regular DPIA reviews keep safeguards updated and documented for compliance.
• What is Data Protection by Design and by Default according to GDPR? [em inglês] (2:00)
  Data Protection by design and by Default concepts for building data protection into processes and systems
• GDPR policies to be implemented to ensure security of personal data [em inglês] (5:26)
  Key policies that support secure data practices and mitigate privacy risks.
• Best practices to implement GDPR Data Protection by Design and by Default policies [em inglês] (2:16)
  Key steps for defining and maintaining GDPR Data Protection by Design and by Default policies.
• Introduction to GDPR data transfers [em inglês] (2:06)
  Managing personal data transfers, adequacy measures, and GDPR compliance.
• How can GDPR data transfers be enabled? [em inglês] (2:55)
  How to choose suitable mechanisms for lawful international data transfers
• Managing third parties according to GDPR [em inglês] (1:57)
  How to ensure GDPR compliance when engaging third-party processors and service providers
• GDPR basic rules for data breaches [em inglês] (3:40)
  When personal data is exposed or stolen: rules for compliance and best practices.
• Data breach response according to GDPR [em inglês] (1:14)
  Swift actions and logging procedures to address data breaches.
• GDPR data breach notifications [em inglês] (1:29)
  Essential guidelines for data breach notifications under GDPR.
• What to do after a data breach according to GDPR [em inglês] (1:04)
  How to evaluate data breaches, contain damage, and prevent future risks.
• Why does a company need a DPO? [em inglês] (2:18)
  Key details about the DPO’s role, appointment, and responsibilities.
• The responsibilities of the DPO [em inglês] (4:16)
  Detailed obligations, tasks, and best practices for a DPO under GDPR
• Responsibilities towards the DPO [em inglês] (1:09)
  Ensuring DPO independence, resources, and timely involvement.
• Define a GDPR Personal Data Protection Policy [em inglês] (3:57)
  How to define a personal data protection policy for clear GDPR alignment.
• Setting up privacy governance for GDPR [em inglês] (1:36)
  Arranging departmental champions, boards, and consistent reviews for privacy compliance
• Key steps in your GDPR project [em inglês] (2:55)
  Key steps to launch or refine GDPR compliance within an organization.
• Conducting a GDPR Gap Analysis [em inglês] (2:47)
  Identify, assess, and address key GDPR requirements through a gap analysis.
• GDPR Awareness and Training [em inglês] (4:38)
  How to plan effective GDPR awareness and training across teams and tasks.
• Methods for sustaining and improving GDPR compliance [em inglês] (1:34)
  How to sustain and improve GDPR compliance in a changing environment.
• Handling existing contracts with third parties to comply with GDPR [em inglês] (3:00)
  How to align third-party agreements with GDPR requirements.
• Handling new contracts with third parties according to GDPR [em inglês] (3:30)
  Ensuring robust selection, contractual terms, and ongoing reviews under GDPR.
• Regular GDPR reviews and improvement actions [em inglês] (2:41)
  Regular checks on DPIAs, DSAR handling, and staff training to keep compliance alive.