Training program

Learn to 'kill breakdowns'

• Implement the appropriate curative system, organize the treatment and monitoring of breakdowns.
• Reliability tools.
• FMEA, Kepner and Tregoe methods , Diapannes.

Master maintenance plans

• The different forms of preventive measures: systematic, conditional, predictive, self-maintenance.
• Build a maintenance plan, optimize the preventive program.

Improve ongoing maintenance

• PDCA applied to maintenance.
• Improvement, its scheduling and monitoring.

Internalize and outsource: what balance?

• Share your objectives with external companies.
• Organize and supervise service providers' interventions.

Manage maintenance performance

• Benchmark your maintenance with basic ratios, act on costs according to their distribution.
• Choose your indicators to manage your activity.

Description

Lean six sigma complements the Quality approaches with an approach resolutely focused on improving the efficiency of the company. A method to be deployed in the company, on key processes, it makes it possible to improve the results of activities in a truly significant and lasting way. Before you start, discover in this training the issues and conditions for success in this new challenge!

Who is this training for ?

Training objectives

Understand the challenges of Lean six sigma and its principles.
Discover the stages and tools of implementation in a company.

Training program

The foundations and issues of

• Lean six sigma Lean six sigma: a strategic approach managed by the management team.
• The creation of value throughout the company through process optimization.
• The statistical notion of six sigma: dispersion and centering of a process.
• Convergence with PDCA, Six sigma and lean management.

The DMAIC cycle applied to processes

• Identify the company's key processes. Choose the projects.
• Define the needs and expectations of the customer of the process.
• Measure the results, current performance processes.
• Analyze results: identify dysfunctions, analyze risks.
• Identify opportunities for progress to aim for six sigma: correct, act on the causes. , stabilize the process.
• Monitor the effectiveness of actions, ensure the sustainability of results.
• The conditions for success to complete the project and exploit feedback.

Place of quality tools in Lean six sigma

• Customer listening, process overview, SIPOC, VSM (value stream mapping, value analysis).
• Statistics: capability calculation, MSP (control quality statistics), point clouds.
• Problem solving tools, FMEA, process performance indicators.

The implementation of Lean six sigma in the company.

• The notion of 'champions', 'green belts' and 'black belts'...
• The benefits of Lean six sigma: point of view of a company having carried out a project .

Description

Today, the integration of all company data is essential to guarantee customer service. The relevance of the information is necessary for the proper functioning of the production management system, ERP (Enterprise Resource Planning). This training on the fundamentals of production allows you to discover, through simulation, the stages of the MRPII standard (Management of Production Resources), the real backbone of the production management system.

Who is this training for ?

Training objectives

Master the MRP II standard.
Evaluate the impact of planning on flow management.
Make system data reliable.

Training program

The prerequisites

• The causes and consequences of implementing an ERP.
• Bringing together the company's stakeholders around MRP II to satisfy the end customer.
• Indicators to measure planning performance, flexibility reserve.

MRP (Management of Production Resources): backbone of the production management system

• The different horizons of MRP II: programming (long term): plan the appropriate resources; scheduling (medium term): ensure the load matches the capacity per period; launch and monitoring (short term): plan the means to achieve the customer's request.

Data to be made reliable

• Dynamic data: sales forecasts to build the industrial and commercial plan and the master production program; stocks (raw materials, work in progress and finished products).
• The static data: the key elements of the item file, the nomenclatures, the ranges.
• The FMEA tool adapted to data reliability.

MRP II tools to master

• Carry out the net need calculation to move from customer demand (PDP) to the items to be manufactured or purchased.
• The rules for load/capacity balancing according to the planning horizon.
• Fine planning rules, PERT and GANTT.

The impact of planning on flow management

• Propose the optimization of production constraints.
• Simulate the consequences of its planning on the company's results.

Description

The scheduling/launch agent is at the heart of the problem of respecting the customer promise in terms of deadlines and just-in-time delivery. He is also involved in controlling the manufacturing process. He participates in the choice of the scheduling method, controls planning and monitors launches. This training will allow him to: 1. understand the overall approach to scheduling from the Industrial and Commercial Plan to workshop planning; 2. situate itself in relation to other functions in the company (methods, supplies, production, management control); 3. bring to life scheduling and flow management techniques (pull and push) and participate in the performance of information systems.

Who is this training for ?

Training objectives

Master the workshop scheduling and planning tools.
Understand the role and operating rules of scheduling.
Ensure the monitoring of schedules, and implement good rescheduling practices.

Training program

Before the face-to-face

• A self-diagnosis.

Ensure workshop planning to guarantee deadlines and responsiveness

• Respect customer needs, in terms of quality, cost and time: definition of the service rate.
• Apply the company's scheduling methods: synchronization of flows; analysis of the sizes of batch and work in progress.

Make planning a dynamic tool for communication and progress

• Appropriate the logic of MRP II (Management of Production Resources).
• Ensure the implementation of the PDP (Production Master Program).
• Establish a realistic planning: make static and dynamic data reliable; use the Net Requirements Calculation: CBn; check the availability of supplies; analyze the load front;

Learn more about planning methods and tools

• Establish the GANTT schedule.
• Configure Manufacturing Orders.
• Optimize start-ups and scheduling.

Recognize the causes of planning deviations and provide remedies

• Consolidate monitoring and feedback.
• Apply reprogramming rules.
• Use problem-solving tools: Pareto, why.

Advancing the business

• Identify Just In Time principles.
• Use continuous improvement tools.

After face-to-face - Implementation in a work situation

• A strengthening program: "One challenge per week for 7 weeks".

Description

In the industrial sector, the demands are constantly increasing: fewer resources for more results and flexibility. At the same time, changes in the external environment, sometimes brutal and unpredictable, constantly create new constraints: economic downturn, tougher competition, risks of relocation, increasingly complex legislation and at the same time, a renewal of generations heralding an increased demand for qualified labor. A strategist in the management of his unit, the factory director must take into account the fundamental needs of his company and use wisely all the tools and methods at his disposal. This factory manager training, by allowing you to take full action on industrial, financial, legal and communication levers, provides answers to the questions: where to start? how to reconcile medium- and long-term actions with the pressure linked to the vagaries of daily life?

Who is this training for ?

Training objectives

Manage the LEAN factory.
Confront your practices to build efficient development.
Create and maintain the social climate favoring performance.
Act fully on industrial, financial, legal and communication levers.

Training program

The keys to refocusing industrial management on value creation

• Challenge your role as Plant Director.
• Identify the strengths and weaknesses of your unit through self-diagnosis.
• Refocus production on value creation and visualize your industrial project: mapping.
• Carry out the Lean project in its technical and managerial dimensions: TPM, 5S, SMED and acceleration of flows.
• Manage a Lean project: team autonomous and visual management; daily, weekly, monthly rituals; what content, what duration?
• Scenario JIT simulation.
• Remote activities: Appropriate the contributions of 'an expert on a theoretical or practical point''The financial logic of the company". To apply good practices and learning from training

The keys to controlling costs

• Cost Engineering: measure performance; establish and monitor the operating budget; master the use of reporting and dashboards; analyze variances.
• Scenario Follow and interpret the financial evolution of the company: the Skills CampusCAR case.
• Transforming costs into cash flow: controlling working capital requirements, optimizing site financing.
• Investment budgets: calculate the profitability of an investment: the IRR method; respect the overall financial balance of the company.
• Scenario Improving processes using the ABC method : summary case.
• Appropriate the contributions of an expert on a theoretical or practical point: an expert "Managing performance: approach and tools".

The keys to acting legally

• Understand the mechanisms for the delegation of power and the civil and criminal liability of the manager.
• Build a healthy contractual relationship with its subcontractors and suppliers.
• Scenario Control the security risk: exercise the security obligation.
• Avoid the lending of illicit labor, the offense of bargaining, respect the monopoly of temporary work.
• Master the fundamental points of labor law and health, safety and environmental regulations.
• Contribute to a social climate in your role as president of staff representative bodies.
• Scenario Mastering the contractual relationship between employer and employee: exercise on the theme of the rights and duties of each party.
• Appropriate the contributions of an expert on a theoretical or practical point: an expert "Lead the HSE (health, safety, environment) approach on a daily basis".

The keys to managerial communication

• Locate your profile as a communicative manager to understand and develop your personal dimension as a communicative manager (openness, listening, confidence).
• Develop your personal impact and use the methods of the best communicators (posture , emotional language).
• Scenario Improving your communication: self-diagnosis my dominant communication style.
• Implement the components of your communication of influence and leadership with different audiences of the factory (internal and external).
• Associate, mobilize and unite your teams around the vision and its operational orientations.
• Identify the conditions for success of a good communication including in difficult or even conflictual contexts and maintain leadership.
• Master the principles of communication in the event of a crisis or major incident on the site.
• Scenario S' train to deal with the media: exercise and video simulation.
• Implement good practices and training acquired: two e-learning modules "Know yourself better to communicate better. Go. A" and "Know each other better to communicate better. Go. B". To discover a subject related to your training: an e-learning module "3 keys to communicating well".

Description

Maintenance is a company 'tool' to achieve a balance between allocated resources and strategy. The maintenance manager must be alongside production every day to respond to its needs with responsiveness. At the same time, he must anticipate through preventive actions. Responsible for an often large budget, he must also control his own costs by adapting to the volume of activity and continuously improving his overall service. He must master both economics and technical aspects, manage internal teams and manage service providers. Beyond professional knowledge, this training provides the maintenance manager with all the keys to organizing, piloting and managing modern maintenance to be able to formulate and share a progress project.

Who is this training for ?

Training objectives

Define maintenance performance and its alignment with the company's perspectives.
Control the quality/responsiveness of services.
Control the balance: preventive/curative/improvative and internalization/externalization.
Manage the relationship with internal teams, service providers and the customer.
Implement methods and tools to improve maintenance performance.

Training program

Identify the different levers for efficient maintenance

• Demonstrate the contribution of maintenance to company performance.
• Define 'balanced' maintenance and good maintenance practices.
• Develop the maintenance professions towards an efficient organization.
• Develop the notion of customer service in maintenance.
• Move towards the energy transition in maintenance.

Know the maintenance policies

• Define the objectives to be achieved.
• List the maintenance policies: Zero Base Maintenance; Total Productive Maintenance; the Internal Maintenance Contract.
• Evaluate the 'efficiency: concept of productivity; maintenance cost; average operating cost.

Master equipment management methods

• Implement key performance and efficiency indicators: MTBF; MTTR; Synthetic Rate of Return; Life Cycle Cost (LCC).
• Apply statistical laws to maintenance: Gauss's law; Weibull's law.

Define maintenance issues

• Define the three-dimensional structure of costs.
• Apply the ratio method to evaluate its issues.
• Scenario Evaluate its maintenance: use the method of 12 ratios.

Work safely

• Set up a risk prevention system.
• Prepare the necessary documents.
• The civil and criminal responsibilities of the maintenance manager.

Clear faults

• Know how to troubleshoot effectively.
• Adopt anti-breakdown measures.
• Keep logs up to date.
• FMEA maintenance .
• Fault analysis tools (Kepner Tregoe, Ishikawa).

Organize the management of spare parts

• Measure the financial impact of stock: out of stock and overstock.
• Define your parts needs and choose the appropriate management method.
• Optimize your costs by defining economic replenishment thresholds.
• Ensure stock monitoring.
• Scenario Optimize your stock: calculate the economic quantity.

Know IT tools

• CMMS and expert diagnostic support systems.
• Use the CMMS tool wisely.

Develop preventive maintenance

• Organize preventive maintenance according to the criticality of the equipment (VIS methods; PIEU).
• Implement preventive maintenance.
• Maintenance based on reliability ( MBF).

Prepare and schedule interventions

• Schedule and plan the workload.
• Schedule interventions.
• Process work requests.
• Optimize the level of preparation interventions.

Define the economic weight of equipment

• The choice of equipment renewal.
• Tax and technical depreciation of fixed assets.
• The justification of investments.

Control the activity of your department and control budgets and expenses

• Define your indicators and the activity dashboard.
• Establish your budget and justify it.

Internalize and outsource: what balance?

• The legal and legal framework for interventions.
• Set your strategy.
• Deal with external companies on the basis of shared objectives.
• Organize and supervise service providers' interventions.

Manage the maintenance team

• Lead the maintenance team on a daily basis.
• Develop motivation and involvement within the teams.
• Develop the professions from know-how to know how to do something or towards analysis so as not to do anything anymore.
• Follow each person's evolution.
• Scenario Maintain motivation: put the two-factor theory into practice .

Build your project

• Consolidate achievements by defining the maintenance improvement action plan.

Description

The 'methods' function today has a central place in the company's industrial system. The methods technician facilitates the daily running of production operations by acting on technique and organization while controlling costs. This training shows how to put your own reactivity, rigor and capacity for anticipation to the service of production performance.

Who is this training for ?

Training objectives

Simplify production processes and reduce work in progress.
Make manufacturing cycles flexible.
Reduce costs by reducing work in progress.

Training program

Placing manufacturing methods at the service of competitiveness

• Contribute through daily actions and agile methods to the profitability of the company.
• Deduce the action levers of the methods technician: simplify flows; optimize the position of work; improve the organization of production.

Optimize production flows

• Highlight areas of productivity (7 MUDA - QQOQCCP…).
• Put online or in blocks.
• Rationalize implementations.

Define the conditions for performance at the workplace

• Work on flexibility with rapid changeover manufacturing, the SMED method.
• Simplify the manufacturing process with the Operation Chart.
• Put the process under control with capability.
• Take stock of the different methods of evaluating production times.

Participate in improving the production organization

• Exploit sources of non-productivity thanks to the OEE (Synthetic Rate of Return).
• Evaluate an improvement project, the return on investment.

Description

In a more competitive context than ever, we can no longer compromise on the quality perceived by the customer, nor accept waste, non-quality costs or excessive control costs. Today, quality must rhyme with product conformity, customer satisfaction and productivity. This training allows key players in operational quality to acquire and put into practice the essential tools to improve the quality of products and processes. It gives them the means to initiate an effective process of progress on the ground. It is intended for managers, quality technicians and production team leaders who wish to become real drivers of the Quality approach and engage in a logic of continuous improvement.

Who is this training for ?

Training objectives

Acquire the tools to identify and reduce non-conformities in production in an immediate, sustainable and profitable manner

Training program

Establish a quality assessment of your production

• Engage in continuous improvement in quality/cost/deadline: the PDCA cycle, quality assurance.
• Clarify quality responsibilities in production.
• Take stock of customer complaints and non-conformities, non-quality costs, (Muda).
• Prioritize to react quickly and effectively: choose your objectives.

Implement an effective quality control plan

• Identify risks and critical stages of the production process with the process FMEA.
• Beyond the control plan, define relevant monitoring to combine quality and profitability.
• Write useful procedures and instructions.
• Ensure effective self-monitoring: conditions for success.

Anticipate the appearance of non-conformities

• Reception control of products and AQF (Supplier Quality Assurance).
• Calculation of process capability, concept of Cp, Cpk.
• Principles of control cards and MSP (Statistical Process Control).
• The '5S': gain in rigor.

React to quality incidents and customer complaints

• Control non-compliant product: isolation and customer protection actions.
• Search for the root causes of problems to avoid recurrence. Principle of 8D.
• Build and follow an action plan.

Continuous improvement every day

• Job and production compliance audits: the key questions.
• Use staff suggestions.
• Communicate current actions and promote the results.

Description

The Professional FFP certification allows you to become professional and obtain recognition from the Professional Training Federation. Delivered by a jury of Skills Campus experts, the certification is backed by a professional benchmark and recognized in the business world. The FFP Professional certificate validates the training acquired and certifies mastery of a function, activity or profession. It allows you to capitalize on the experience acquired in a professional career. This certification is intended for anyone participating in the cycle.

Who is this training for ?

Training objectives

This system allows each candidate to: Carry out their professional project in the company

Validate your training skills and their implementation

Accelerate your learning through a project and ensure its success thanks to the two presentations in video format and the three individual follow-up meetings

Take the necessary perspective to master your role by formalizing and presenting the results of your work to a jury of experts

Training program

The system is broken down into three phases

• Upstream phase Application file: validation of the application in relation to the professional reference of the targeted certification.
• Learning phase with tutoring progress of the ffp training with tutoring.
• Downstream phase Defense of the dissertation on the operational project before a jury of experts.

Description

The social report and the comparative situation report (CSR) of employment conditions between men and women are legal and mandatory documents in companies with more than 300 employees. Companies with fewer than 300 employees must provide the single annual report and a simplified version of the RSC. All these reports, integrated into the BDES (economic and social database), list a whole set of essential monitoring tables that can be implemented in any company, whatever its size. They are also a tool for social dialogue in the company. The analysis of this data and its evolution over time is also a real mine of information allowing an HR department to build relevant dashboards, alert and implement corrective actions to meet its objectives and to take decisions. This 2-day training course provides you with the methods to develop and analyze mandatory social reports and HR management dashboards.

Who is this training for ?

Training objectives

Respect your obligations in terms of BDES, social report, mandatory social reports.
Acquire the methods and tools to create and optimize your social dashboards.

Training program

Formalize the BDES, develop the social report (or the single report) and the RSC Men/Women

• Comply with legal obligations depending on the size of the company.
• Establish the implementation schedule.
• Organize the collection of information.
• Enter the indicators.
• Impacts of the GDPR on the BDES.

Analyze the various mandatory reports in order to identify the dashboards to put in place

• Analyze and interpret data from the social report and the Men/Women RSC.
• List the different notions of workforce.
• Identify the essential dashboards .
• Propose the establishment of dashboards: Workforce, Absenteeism, AT, payroll, Turn over.
• Set up tables to monitor the actions planned in the plans actions or equality agreements M/F, seniors, ...
• Measuring HRM performance: what management performance indicators?

Acquire the methodology for constructing dashboards

• Clarify recipients' requests.
• Adapt the content and frequency of dashboards.
• Calibrate the information using internal and external references.
• Create and know how to evolve your dashboards.

Use the figures and make your dashboards attractive

• The main ratios of the function.
• Use the appropriate statistical tools (effective dashboards, turnover, etc.).
• Know how to use them wisely histograms, pictograms, point clouds...
• Create an attractive presentation.

Description

With the implementation of the DSN, payroll, which already represented a key company process, recognized as such in the law, must more than ever be put under control. Payroll managers will find in this training all the avenues for reflection allowing them to implement tools to optimize reliability, performance and quality of service in this new context.

Who is this training for ?

Training objectives

Take a step back from your practices and think about appropriate controls to make payroll and DSN more reliable.
Optimize the efficiency, operation and communication of the payroll service.
Face a URSSAF control.

Training program

Before the face-to-face

• An audio diagnosis to define your priorities.

Optimize payroll control procedures and master the management of pay discrepancies

• Identify sensitive points in your payroll.
• Set up appropriate control points taking into account DSN constraints: just-in-time control; essential control points; tables control (consistency of mass, charges, etc.).
• Build an analysis grid for discrepancies between payroll journal, statement of charges and DSN.

Implement the payroll 'bible' and a procedures guide

• Build a matrix and acquire the methodology to write a payroll "bible", a guide to essential procedures.

Improve the performance and communication of the payroll department

• Organize legal monitoring.
• Optimize processes taking into account DSN constraints.
• Implement performance indicators.
• Improve communication of the Payroll department with employees and internal contacts.

Facing a URSSAF inspection

• Use the social order procedure wisely and prepare for the inspection.

After face-to-face, implementation in a work situation

• A strengthening program: "One challenge per week for 7 weeks" and a virtual class.

Description

Between absences from illness, maternity, paternity and childcare, paid leave... each month, one in three paychecks includes a variable element representing an absence. How to respect the deadlines and formalities linked to the implementation of the DSN? How to value absence? How to compensate for paid leave? How to reinstate daily allowances? So many subjects that the payroll manager must master to establish fair and reliable payroll. This is the objective of this training.

Who is this training for ?

Training objectives

Control the incidence of absences (medical, therapeutic part-time, partial activity, paid leave, etc
) in order to control, verify the settings, answer employees' questions

Training program

Distinguish between paid and unpaid absences and their consequences on pay

• Identify the methods for deducting absences, including in the event of annualization of working time or part-time work.
• Measure the impact of absences on salary maintenance, seniority, paid leave…
• Scenario Construction of the impact table.

Controlling the pay of employees in partial activity (ex-partial unemployment)

• Determine the partial activity allowances to be paid to the employee and the coverage by the state.
• Apply the social and tax regime.
• Implementation situation Calculation of the pay of an employee in partial activity.

Master the payroll management of medical absences

• Know the rights and duties of the employee and the employer (employer counter-visit; return medical examination; declaration of work accident).
• Calculate, check and pass pays daily allowances (IJSS) for illness, AT/MP, maternity (with or without subrogation).
• Determine the salary to be maintained and apply the net guarantee.
• Reintegrate into pays welfare benefits and manages therapeutic part-time work.
• Validate event DSNs.
• Scenario Calculation of IJSS, net guarantee, corresponding bulletins.

Manage and compensate paid leave

• Acquisition (incidence of absences, splitting, minimum duration) and taking of CP: compensation at 1/10° or maintenance of salary; transition to part-time/full-time during the acquisition period.
• Scenario Calculation of acquisition of CP with absences during the year, calculation of compensation (Maintenance and Tenth).

Description

The HR manager must be able to rely on pragmatic and rigorous human resources administration professionals who have mastered practical and legal know-how in order to provide an efficient and reliable service from welcoming the employee until their departure, including by managing their absences (for paid leave, illness, etc.). Assistants and managers who want to fulfill their missions well acquire, thanks to this training, the technical skills essential for quality administrative management of personnel.

Who is this training for ?

Training objectives

Master the stages of personnel management, from hiring to employee departure, while respecting the law.
Answer employees' common questions
Organize effectively.

Training program

Before the face-to-face

• A self-diagnosis.

Situate the legal context of the function

• Identify the applicable legal texts and give reliable answers.
• Know the role of the different HR contacts.
• Apply the rules related to registers, displays, GDPR.

Secure the hiring of employees

• Hiring formalities.
• Organize medical examinations.
• Draft the employment contract.
• Welcome the employee.
• Track trial periods.

Master the management of fixed-term contracts and temporary workers

• Durations and reasons.
• Renewal and succession.
• What salary? What bonuses?

Manage working time and absences

• Limits on working hours, part-time work.
• Paid leave, parental leave.
• Medical absences and DSN.

Support the end of employment contract

• Procedures and consequences of terminations.
• Organize the employee's departure and inform them of their rights (unemployment, welfare).

After face-to-face - Implementation in a work situation

• A strengthening program: "One challenge per week for 7 weeks".

Description

Skills Campus in partnership with Revue Fiduciaire offers National Payroll Day every year. This day offers you the opportunity: to take stock of current events by discussing with expert payroll speakers; to learn about the latest reforms and their consequences on payroll; to share expertise and benefit from personalized advice; to discuss business practices.

Who is this training for ?

Training objectives

Take stock of current events by interacting with expert payroll speakers
Learn about the latest reforms and their consequences on payroll; share expertise; discuss business practices

Training program

8:15 am

• Welcome participants.

8H45

• Presentation of the progress and objectives of the day.

9h00

• Review of payroll news for the year followed by questions/answers.

10h15

• News and Payroll Projects for the coming year (including draft Finance Law and Social Security Financing Law) followed by questions/answers.

PAUSE

11:30 a.m.

• Round table on a current theme with interventions by Experts and Managers who participated in the development and/or implemented one of the reforms. This round table allows us to provide a different perspective and to answer practical questions from participants.

12h

• Validation of the morning's knowledge through an interactive quiz.

Lunch taken together

14h15

• A practical workshop allows you to apply one of the current topics in a concrete and pragmatic way.

16h15

• A second practical workshop allows you to practice on a complex subject and prepare for implementation.

5:30 p.m.

• End of the day.

Description

You are a HR manager or RRH, more of a generalist in the HR function, you want to acquire the essential basics in terms of payroll rules to better understand the work of your employees and be able to supervise them. This is the objective of this training. Furthermore, concerned about the quality of the services provided by your payroll department and with the implementation of the DSN, you want to suggest that it implement rigorous controls in order to improve its performance and reliability.

Who is this training for ?

Training objectives

Understand the essential payroll rules in order to better communicate with the payroll department, prevent risks and propose effective methods to optimize the performance of your payroll department

Training program

Before the face-to-face

• A self-diagnosis.

Know the legal framework of payroll rules

• Remuneration elements subject to social security contributions (difference of benefits in kind and professional expenses).
• Pay overtime and additional hours.

Make the calculation of social charges more reliable

• The contribution bases: Urssaf (including CSG/RDS and Social package); Unemployment insurance; Retirement; provident insurance.
• The regularization of the contribution bases.
• Reductions in charges.
• Withholding tax.

Controlling the application of particular principles

• Paid leave and tenth.
• Medical absence (including guaranteed net income).
• Tax and social security regime for severance pay.

Validate the quality of the payroll process

• Know the DSN and its challenges.
• Making your payroll reliable (control tools, payroll bible, dashboards, payroll service performance indicators).

Prepare for a URSSAF inspection

• The most frequently resolved points, the procedure, the possibilities for appeal.

After face-to-face, implementation in a work situation

• One challenge per week for 7 weeks.

Description

Successive pension reforms have highlighted the fragility of our compulsory systems. The media coverage of this subject is gradually leading to awareness, resulting in increasingly frequent questions from employees on this theme, and discussions carried out within HR departments to optimize costs or improve systems. In order to face these new challenges, HR needs professionals competent in these areas, who will be proactive during negotiations on these complex issues and who will be able to guide employees. This training is intended for them.

Who is this training for ?

Training objectives

Understand private sector retirement systems and their developments in order to better inform and guide employees; propose suitable alternatives.
Understand the reforms in progress.

Training program

Organization and financing methods of private sector pension plans in France

• The general basic social security system.
• The AGIRC-ARRCO supplementary system new formula.
• Reforms in progress.

Know the methods for calculating social security retirement

• Understand the pension calculation formula.
• Identify the conditions for a full retirement, for early departure for 'long careers'.
• Differentiate between quarters validated, quarters contributed.
• Social and tax regime for the old-age pension.
• What about the survivor's pension, the increases...

Understand the evaluation of ARRCO and AGIRC supplementary pensions

• Understand the principle of acquiring points.
• Identify the conditions for obtaining free points.
• The calculation of the pension and the solidarity coefficient.
• Who to contact to rebuild a career.

Exploit the possibilities of retirement savings and supplementary retirement

• Retirement savings plan, supplementary pension: New PERE, characteristics, implementation, impact of the PACTE law, ...
• Apply the social and tax system.

Supporting career ends

• The Senior Action Plan.
• Propose end-of-career arrangements (part-time; CET; gradual retirement, etc.).
• The possibilities of redemption of quarters, the premium.
• Cumulative employment-retirement operation.
• Differentiate between retirement and voluntary departure.

Description

The acceleration of reforms in the social field and their complexity as well as the implementation of the DSN as the final stage of the payroll process highlight the absolute necessity of having excellent professionals in the position of Payroll Manager. Whether payroll processing is carried out within the company or whether it is partially outsourced, the Payroll Manager must have: perfect knowledge of the payroll mechanisms of his company, a sufficiently solid legal culture to be able to decipher the new measures and apply them in the company, a critical eye in relation to the risks and issues, methods and tools guaranteeing the reliability of payroll. This complete training cycle for the profession of Payroll Manager is a real plus for gaining efficiency and credibility.

Who is this training for ?

Training objectives

Acquire a solid legal culture to decipher texts
Master all payroll mechanisms: 1/10° CP; Net guarantee
Annual regularization of contributions
Contribution reductions
Social and fiscal reintegration


Adopt methods and tools guaranteeing payroll reliability
Effectively manage the payroll department
Adopt an advisory role and customer orientation

Training program

Master the main elements of gross and calculate social contributions (2 days)

• Know the sources of law necessary to establish payroll: locate the legal and conventional texts and their interactions; know how to search for information.
• Clearly distinguish compensation subject to that not subject to contributions: benefits in kind and professional expenses; employee savings (Pacte Law).
• Calculate social contributions and withholding tax the basics (Urssaf, CSG/CRDS, Social package, Pôle Emploi , Supplementary retirement, Pension, etc.); the rates and new rules for prorating the ceiling; withholding tax: Base, rate, special case
• Identify and prevent risks linked to the time of deduction. work: the hierarchy of standards in terms of working hours since the Labor Law; overtime, additional hours for part-time work, working days
• Practical application: Realization of work. numerous pay slips incorporating the principles discussed.

Manage absences and special contracts (2 days)

• Distinguish between the different paid or unpaid absences.
• Manage paid leave: acquisition, taking, compensation (Maintenance or 10th).
• Compensate sickness, maternity, paternity, AT/MP: IJSS; therapeutic part-time work; long-term sickness insurance;
• Establishing the pay of an employee in partial employment: Paying employees specific contracts: apprenticeship contract, professionalization contract, interns.
• Scenario Creation and control of bulletins including compensation of CP in 10th, Net guarantee, Partial activity...

Master the calculation of social charges (employer and employee) (2 days)

• Practice the progressive regularization of contribution bases.
• Control the operation of reductions in employer contributions and their developments.
• Regularize increases in family allowance contributions and illness.
• Calculate retirement contributions since the ARRCO/AGIRC merger.
• Measure the impact of reinstatements in the event of exceeding the retirement contribution exemption limits and foresight.
• Calculations of progressive regularization of contribution bases, reductions, tax and social reintegration
• Remote activity To share practices between trainer and participants during the intersession. : a virtual class

Secure payroll for any account balances (2 days)

• Calculate the last paycheck: calculate the specific compensation due in the event of termination; apply the progressive regularization of the ceilings in the event of balance of any account; check the tax and social security exemption limits for termination compensation; provide documents related to departure and respect the reporting of events.
• Establish the pay of a retiring employee: advise them on the procedures to follow; pay.
• Guarantee pay for redundancy: economic redundancy; reclassification leave...
• Calculation of excess of severance pay exemption limits and imputation on the slip. , simulations linked to economic layoffs...

Make payroll, DSN more reliable and face a URSSAF control (2 days)

• The evolution of declarations and the challenges of the DSN: identify social declarations and their deadlines; distinguish monthly/event DSN; identify the evolution of declarations included or not in the DSN.
• Optimize payroll control procedures and master the management of pay discrepancies: detect all control points taking into account DSN constraints; put in place documents guaranteeing the reliability of the process: payroll bible, load consistency dashboard, control procedures...
• Improve payroll service communication: identify each person's roles; What information should be transmitted?
• How to communicate it? ,
• Facing an Urssaf inspection: know the procedure well; summarize the risk points for the company.
• Scenario Load control, creation of control tools.. .
• Evaluation of acquired knowledge

Description

The withholding tax (PAS) is imposed on employers and employees as of January 1, 2019 and is disrupting HR-Payroll services in their habits and organization. What data is transmitted by the PAS? What are the employer's responsibilities? What impacts for the employee? How to integrate this major change? So many legitimate and important questions to which HR-Payroll services will find answers in this training.

Who is this training for ?

Training objectives

Measure the issues and the functioning of the PAS
Diagnose the impacts of the PAS and the employer's obligations
Understand the principle of the 'white year'
Identify good practices and points of vigilance
Answer questions or direct employees to the right person

Training program

Before the face-to-face

• An online quiz to assess your level of knowledge of this new sample.

Understand the

• Legal context of withholding tax (PAS) The texts in force.
• Who is concerned? The Planning.

What rate and levy base should be used?

• Common law rate, neutral rate, individual rate.
• The case of the new employee.
• Changes in personal situation during the year.
• Calculation of net tax.

2018: blank year: gain or loss? Principles.

• The CIMR.
• Income considered exceptional.

Anticipate the particularities linked to the

• Payroll The new DSN version 0.
• (blocks, return flows...).
• The presentation of the salary slip.
• The IJSS.

2181Ensuring the employer's obligations Declarations and planning.

• Sanctions for breach of confidentiality and payments.

Communicate with employees

After face-to-face, implementation in a work situation

• And the IRPs? When to answer employees' questions? When and to whom to refer them? Quiz to validate knowledge at the end of the internship.

Description

Payroll is often the company's largest expense item. The success of this mastery necessarily involves the construction of a forecast budget anticipating as much as possible the various events of the year (increases, GVT, change in staff, etc.). A large part is played out in the preparation of the budget: the more we anticipate, the fewer gaps we will have. This training offers a structuring methodology for constructing the payroll budget allowing you to anticipate as many events as possible in order to better manage the payroll.

Who is this training for ?

Training objectives

Precisely simulate the evolution of the payroll, taking into account events (increases, variations in staff numbers, etc.).
Build a reliable forecast budget in order to better manage changes in the payroll.

Training program

Understanding the concept of payroll

• Distinguish personnel costs and payroll.
• Determine the different notions of payroll: accounting, social and budgetary.
• Calculate the reference payroll in integrating points specific to each organization (CDD, overtime, JRTT, bonuses, etc.).

Calculate the impact of increases on payroll

• General: the level, mass, report effect.
• Individual: the GVT.

Simulate the impact of personnel movements and activity variations

• Personnel replacements: Noria effect.
• Category changes: structural effect.
• Changes in the workforce: workforce effect.
• Variations in activity: variations in hours; hiring on a fixed-term contract.
• The impact of paid leave.

Anticipate the impact of changes in the weight of employer contributions

• Increases in cost rates (provident insurance, mutual insurance, work accident, new retirement contributions).
• The impact of partial activity compensation.
• The impact of the new exemption calculations (contribution reductions, AF increase, illness, etc.).

Set up a budget monitoring table and propose alternative actions

• Identify non-permanent elements specific to the budget: illness, variable bonus…
• Build the budget monitoring dashboard for HR.
• Propose alternative actions .

Description

With changing behaviors, the essential integration of the digital ecosystem and new customer challenges (pathway, experience), the product manager sees his missions evolving. From data analysis to new rules for product management and brand communication (display, social networks, etc.). This reference cycle for taking up a position, 'Product manager training', allows you to properly position and exercise your recent role: management of a portfolio of products, services or brands, strategic development vision, conditions of implementation commercial.

Who is this training for ?

Training objectives

• Understand the functions of product manager, market manager and brand manager
  
• Acquire the methods and tools for managing marketing, a portfolio of products, markets or brands with the aim of profitability in the digital age
  
• Arbitrate investments and marketing budgets using key indicators
  
• Integrate the principles and tools for the operational implementation of the marketing plan
  

Training program

Integrate new marketing challenges

• The basic challenges of marketing.
• The new pillars of digital marketing.
• POEM, a new way of thinking for the marketer.
• The new sources of emergence and communication (search, e-pub, social networks, etc.).
• Identify the impact of sustainable development and CSR in the profession.

Take into account the responsibilities of a product manager

• The key missions of the product manager.
• Differences product manager, market manager, BtoB, BtoC.

Carry out the diagnosis and define a winning strategy

• Scenario Common thread case: establish the RCA matrix.
• Decision-making and purchasing behavior in BtoB and BtoC.
• Manage your offer portfolio .

Carry out the diagnosis and define a winning strategy

• Use the SWOT matrix effectively.
• Principles of segmentation and targeting.
• The 5 rules of effective positioning.

Optimize the marketing mix of the offer

• Adaptations of the digital marketing mix.
• The notions of global product, services and solutions.
• The new logics for setting the sales price.
• Retail and e-commerce: the new distribution challenges.
• Integrate multi-media communication and promotion challenges.

Succeed in the marketing plan

• Model and basic principles of the marketing plan.
• Measuring profitability and actions: dashboards and indicators.
• Scenario Common thread case: establish the product marketing plan.

Remote activity

• Un module e-learning : "Le diagnostic SWOT".

Take new behaviors into account

• Changes in uses and attitudes towards brands.
• Consumption and purchasing trends in BtoB and BtoC.
• Monitoring: issues, organization and web tools.
• The key study tools: the brief & the questionnaire.
• The questionnaire: key stages, brief, management, data processing and presentation of the report.
• Listening to customers.

Marketing innovation: creating and developing differentiating offers.

• Understanding the different typologies of innovation.
• Innovation seen by innovators.
• The challenges of innovation: why innovate?
• Take ownership of the innovation marketing approach.
• Innovation marketing: create and develop differentiating offers.

Customer experience diagnosis

• Strategy choices in terms of customer experience.
• The differences with customer relations.

The components of the customer experience

• Understanding customer emotions and needs to generate engagement.
• E-mailing; telephone; mobile app; connected store; e-merchandising; social media...

Building a new customer experience

• Relational scenarios.
• Customer journeys and critical points.
• Enriching the customer file.
• The definition of 'a UX road map.
• Scenario Training on a business case.

Marketing tools: market intelligence and competition

• Share competitive and market data.
• Use the best sources according to your context: web, social media, trade shows...
• Scenario Common thread case: building the product pitch.

Translate the marketing plan into a commercial action plan

• Present the marketing plan to the sales force.
• The creation and management of a marketing team and sales force.
• From marketing objectives to commercial objectives.
• Consistency between the operational marketing plan and the commercial action plan.

Develop sales support materials

• Build the commercial argument (CAP/REPERES).
• Arguments, product sheets and other supports.
• The marketing-sales book.
• Use of digital tools: Intranet, dashboards, social networks, interactive presentations...
• Scenario Self-diagnosis: identify your strengths and areas for improvement.

After face-to-face - Implementation in a work situation

• A strengthening program: "One challenge per week for 7 weeks".

Description

This cycle will provide you with all the knowledge necessary to define and implement the company's security policy. You will learn to meet security requirements in IT communications and information system architecture. This cycle will also deal with ISO standards relating to this area, with a particular focus on risk analysis and the implementation of a backup and continuity plan.

Who is this training for ?

Training objectives

Know the different areas of IS security
Carry out a security risk analysis
Secure the network and applications
Define a backup and continuity plan

Training program

Information systems security

• The notion and types of risk (potentiality, impact, accident, error, malicious intent).
• The DIC classification.
• Risk management (prevention, protection, risk transfer, outsourcing).
• CISO, conductor of security.
• Role and responsibility.
• Normative and regulatory frameworks.
• Towards IT governance, links with ITIL and CMMI.
• The ISO standard in a management systems approach.
• ISO 27001 certification.
• Risk analysis.
• How to build your own threat/vulnerability knowledge base? Active methods: EBIOS/FEROS, MEHARI.
• Security audits.
• Best practices of standard 19011 applied to security.

Awareness and communication

• Implement an awareness and communication plan.
• The security charter, its legal existence, its content, its validation.
• Risk coverage.
• Backup, continuity, recovery and crisis management plans.
• Design optimal solutions.
• Approach to security solutions adapted to each action.
• Defining a target architecture.
• Choose between IDS and IPS, content control as a necessity.
• Deploying a PKI project, the pitfalls to avoid.
• Authentication techniques, SSO, identity federation.
• Legal principles applicable to IS.
• Tort and contractual liability .
• Recommendations for legal IT security.
• Cyber ​​surveillance of employees, legal limits and constraints.

Network and Internet security

• Evolution of cybercrime. New uses (Web 2.0, virtualization, Cloud Computing, etc.) and associated risks.
• - TCP-IP intrusion tools and methods. Attacks applications (DNS, HTTP, SMTP, etc.).
• - Security of client workstations. Threats: backdoor, viruses, rootkit... The role of the personal firewall and its limits.
• - Wireless security (Wi-Fi and Bluetooth). Specific attacks (Wardriving, WEP and EAP vulnerabilities).
• - Firewall and proxy technology. Evolution of the Firewall offer (appliance, VPN , IPS, UTM...).
• - Cryptographic techniques. Public key algorithms: Diffie Hellman, RSA... Sealing and electronic signature.
• - Security for the Intranet /Extranet. Attacks on SSL/TLS (sslstrip, sslnif...). LDAP directory and security - Virtual Private Networks (VPN).

Application security and monitoring

• The main application attack techniques (buffer overflow, XSS, SQL Injection, session theft).
• The SDL (Security Development Lifecycle) process.
• Using the
• Security-oriented code review tools.
• The Application Firewall (WAF).
• Hardening and verification integrity.
• Active security management and supervision.
• Security dashboards.
• The ISO 27004 standard.
• The missions of the CISO in monitoring security.
• Security audits (technical or organizational).
• Vulnerability tests or intrusion tests.
• Record evidence and respond effectively.
• Keep informed of new vulnerabilities.
• Manage upgrades.
• Knowing how to react in the event of incidents.
• Essential services: where to find them?

Risk analysis

• Reminders on ISO 27000 terminologies.
• Identification and classification of risks.
• Risk analysis according to ISO.
• Risk analysis methods EBIOS 2010 and MEHARI 2010.
• Other international methods.
• How to choose the best method based on examples and practical case studies? rnA global method or a project method.
• The true cost of a risk analysis.

The emergency and continuity plan

• The challenges for the company of a continuity strategy: laws and regulations, norms and standards.
• Define the continuity strategy.
• The phases of 'a continuity plan project.
• Risk analysis for the continuity plan.
• Identification of critical activities.
• The elements and budget to develop the scenarios.
• Rescue teams: constitution, roles.
• The principles of triggering the emergency plan.

Description

With the explosion of digital technology which has multiplied development opportunities, the management of information systems security has become a major issue for all companies. This very rich seminar will present to you all the actions and solutions to ensure the security of your IS: from risk analysis to the optimal implementation of security solutions. You will also see the insurance and legal themes closely linked to the application of a security policy.

Who is this training for ?

Training objectives

No special knowledge

Training program

Introduction to risk management

• The definition of risk and its characteristics: potentiality, impact, severity.
• The different types of risks: accident, error, malicious intent.
• The DIC classification: Availability, Integrity and Confidentiality of information.
• Countermeasures in risk management: prevention, protection, risk reporting, outsourcing.

CISO: security conductor

• What are the role and responsibilities of the IS Security Manager? Towards a security organization, the role of "Assets Owners".
• Optimal management of resources and allocated resources.
• The Risk Manager in the company; his role in relation to the IS Security Manager.

Normative and regulatory frameworks

• SOX, COSO, COBIT regulations.
• For whom? For what? Towards information system governance.
• Links with ITIL and CMMI.
• The ISO 27001 standard in an information security management system approach.
• Links with ISO 15408: common criteria, ITSEC, TCSEC.
• The advantages of ISO 27001 certification for organizations.

The risk analysis process

• Identification and classification of risks.
• Operational, physical, logical risks.
• How to build your own knowledge base of threats and vulnerabilities? Use the methods and standards: EBIOS/FEROS, MEHARI.
• The risk analysis approach within the framework of ISO 27001, the PDCA approach (Plan, Do, Check, Act).
• The ISO 27005 standard and developments in French methods.
• From risk assessment to the risk treatment plan: good practices.

Security audits and awareness plan

• Continuous and complete process.
• Audit categories, from organizational audit to intrusion test.
• The best practices of the 19011 standard applied to security.
• How to create your internal audit program? How to qualify your auditors? Comparative contributions, recursive approach, human implications.
• Security awareness: who? what? how? Definitions of Morality/Deontology/Ethics.
• The security charter, its legal existence, its content, its validation.

The cost of security and contingency plans

• Security budgets.
• The definition of Return On Security Investment (ROSI).
• Cost evaluation techniques, the different calculation methods, the Total Cost of Ownership (TCO).
• The Anglo-Saxon concept of "Payback Period".
• Risk coverage and continuity strategy.
• Backup, continuity, recovery and crisis management plans, PCA/PRA, PSI, RTO/RPO.
• Develop a continuity plan, insert it into a quality approach.

Design optimal solutions

• Selection approach for security solutions adapted to each action.
• Definition of a target architecture.
• The ISO 1540 standard as a selection criterion.
• Choose between IDS and IPS, content control as a necessity.
• How to deploy a PKI project? Pitfalls to avoid.
• Authentication techniques, towards SSO projects, identity federation.
• The security approach in IS projects, the ideal PDCA cycle.

Security monitoring

• Risk management: observations, certainties.
• Key indicators and dashboards, towards an ISO and PDCA approach.
• Outsourcing: interests and limits.

Legal attacks on the Automatic Data Processing System

• Reminder, definition of the Automatic Data Processing System (STAD).
• Types of attacks, European context, the LCEN law.
• What legal risks for the company, its managers, the CISO?

Recommendations for “legal” IS security

• The protection of personal data, sanctions provided for in the event of non-compliance.
• On the use of biometrics in France.
• Cybersurveillance of employees: legal limits and constraints.
• The rights of employees and the sanctions incurred by the employer.

Description

This training will present you with a technical summary of the solutions to ensure the security of your virtualized environments: from the main weaknesses of virtualized architectures, to the optimal implementation of security solutions.

Who is this training for ?

Training objectives

• Identify security threats in virtualized environments
  
• Understand attack typologies
  
• Secure the virtual datacenter, VMS servers and workstations
  
• Evaluate available tools and techniques
  

Training program

Introduction to security

• Security: reactive, proactive, predictive.
• Internal and external threats.
• Fields of application (servers, workstations, clients, applications) .

Virtualization techniques

• Context isolation, hyper-virtualization, para-virtualization.
• Input/output (I/O) virtualization, classic and container.
• Unikernel systems, microvisors.

Safety in an industrial environment

• The Reason model.
• Organizations and disasters.
• Backups, replications, PRA.
• Trusted third parties, man in the attack middle.

Security in a virtualized environment

• Industrial advantages, risks.
• The layers to monitor.
• The Zero Trust security model, a new paradigm? Micro-segmentation.
• Defense in depth.
• Security areas: network, system, management, applications.

Security with VMware

• OSI layers.
• VLANs, routing, virtual switches, VSS, VDS, N1KV, VXLAN and logical switches.
• Service provider Certification Services, AD, LDAP, Nis, VMware NSX Edge.
• System security principles: trust zones (dmz), password policies.
• Encryption algorithms , public and private keys, self-signed certificates, trusted authority.

VMware application security

• Antivirus : VMsafe API, vShield Endpoint.
• Cartographie applicative, gestion des fluxs.
• Isolation : application sandboxing, containers.
• VMware Photon, ieVM.
• Protection des API.

Prediction, prevention, detection and remediation

• Tools overview (Nessus, Nmap, kali).
• Intrusion detections and tests.
• Logs, machine learning.
• Behavioral analysis.
• Risks and criticality: vCenter Operations (VMware).
• Risk mapping.
• Supervision and monitoring, alarms.

Management security

• ACL, simple authentication, roles and privileges.
• Social engineering.
• BYOD, Shadow IT (Rogue IT).
• Virtual infrastructure hardening plan.
• Management of updates and backups.

Description

This course aims to provide you with the technical skills necessary to understand industrial SCADA control systems that are responsible for managing society's critical infrastructure such as power grids, water treatment plants and facilities chemical industries. At the end of the course, you will be able to identify threats and vulnerabilities in these SCADA systems.

Who is this training for ?

Training objectives

• Understand the components of an industrial supervision and control system (SCADA)
  
• Analyze the risks of a SCADA architecture
  
• Understand threats and vulnerabilities
  
• Identify protective measures
  

Training program

Introduction to industrial supervision and control systems (SCADA)

• Panorama of industrial cybersecurity.
• Repositories on the security of industrial information systems.
• ANSSI (National Agency for Systems Security) 'Information).
• History of SCADA systems, definition and terminology (SCADA, control systems, regulation loop).
• Target sectors of activity, typology, target population in the 'French industry.
• Types of SCADA system architectures.
• Functional principles and areas of application of industrial supervision and control.
• Industrial programmable logic controllers (PLC), remote terminals (RTU).

Components and network architectures of SCADA systems

• Hardware components: architecture and functionalities.
• Software components: architectures and functionalities.
• Automata, valves, chemical or thermal sensors, command and control system , HMI (Human Machine Interface).
• Communication flows in SCADA systems.
• Network architectures by functional need.
• Time communication protocols real, PLC.
• Programming languages ​​for industrial automation.
• The design of a control system in response to specifications.

Introduction to SCADA System Security

• The security issue in SCADA systems.
• Cybersecurity of industrial systems, classification methods.
• Threats and vulnerabilities, known intrusions, APT attacks (advanced persistent threats).
• Real attack scenarios on SCADA systems: STUXNET, FLAME.
• Attack analysis: construction of the attack tree STUXNET attack.
• Authentication/encryption.

Risk analysis and security requirements for SCADA systems

• Risk analysis methodology.
• Risk analysis of a SCADA architecture.
• Identification and definition of security requirements.

Description

This course prepares you for the CISM® exam which covers all the security knowledge of the CBK common core defined by ISACA®. CISM certification is recognized globally.

Who is this training for ?

Training objectives

Assimilation of CISM® vocabulary for information security manager certification

Understanding of risk management practices to manage an organization's information security program

Training program

Domain 1: Information security governance

• Strategic alignment of information security
• Information security policy
• Senior management commitment
• Definition of roles and responsibilities
• Practical work

Domain 2: Information Risk Management and Compliance

• Systematic approach to risk management
• Risk identification, analysis and assessment
• Risk treatment strategies
• Risk management communication risks
• Practical work

Domain 3: implementation, information security program management

• Information security architecture
• Definition of required security measures
• Management of contracts and security prerequisites
• Measures and evaluation of information security performance
• Practical work

Domain 4: Information security incident management

• Security incident management plan
• Concepts and practices in security incident management
• Incident classification method
• Notification and escalation of incidents
• Incident detection and analysis techniques
• Practical work

Mock exam and certification procedure

• Partial simulation of the exam at the end of training
• Registration for the exam on the website www.isaca.org
• Exam procedure: 4 hours of multiple choice questions with 200 questions (only in English)

Description

This training aims to prepare candidates for the CISSO exam, the international certification delivered by MILE2. The training covers all information security knowledge spread over 19 areas. It is aligned with the objectives of the major standards ISO 27001, NIST, CISM and CISSP.

Who is this training for ?

Training objectives

Acquire the knowledge in the 19 areas of the common core necessary to pass the CISSO and CISSP
exams Acquire the knowledge to advise an organization on best practices in ISS management

Training program

Risk and Security Management, IAM and Access Control

• Risk Management: risk management, assessments and responses.
• Security Management: ISMS, roles and responsibilities, frameworks, human resources.
• Identification and Authentication: identity Management, authentication, Access Control Monitoring.
• Access Control: access control types, classification information, Access Control models and methods.

Security Operations and Cryptography

• Security Models and Evaluation Criteria: protection mechanism, security models.
• Operations Security: operational incidents and threats, responsibilities.
• Sym.
• Cryptography and Hashing: definition, history, fundamentals of cryptography, symmetric algorithms.
• Asym.
• Cryptography and PKI: hybrid crypto and digital signature, PKI, uses, crypto attacks .

Network and Communications Security, Security Architecture

• Network connections: network security and communication, topologies, network transmissions, cabling, LAN/WAN.
• Network Protocols and Devices: OSI model, protocols, ports & services.
• Telephony, VPNs and Wireless: telephony, VPNs, WiFi, network-based attacks.
• Security Architecture and Attacks: architecture models, system attacks.

Software Development Security, Database Security, Malware

• Soft Development Security: software development process, web security, PCI-DSS compliance.
• DB Security and System Development: models and terminologies, database security.
• Malware and Software Attacks: viruses, Worm, Logic Bomb, Trojan Horse, Timing Attack, Spyware.

BCP and DRP, Security Incidents, Laws and Ethics, Physical Security

• BCP & DRP: BIA, strategies, development plan, testing.
• Incident Management, Law and Ethics: Computer Crime, evidence management, ethics and confidentiality.
• Physical Security: premises and building construction, perimeter protection, electricity and fire threats.
• Exam Passing the CISSO certification exam.

Description

This seminar offers you the steps and best practices for carrying out an IT backup and business continuity project in accordance with standards (ISO 7001/27002, BS25999, ITIL V3, etc.). From risk analysis and plan design to testing and the crisis unit.

Who is this training for ?

Training objectives

Training program

Why manage continuity

• The evolution of companies and their strategy.
• The strategic importance of information.
• The challenges for the company of a strategy of continuity: laws and regulations, norms and standards.

Definitions and concepts

• Define the continuity strategy.
• The differences between business continuity plan (BCP), IT backup plan (DRP), recovery plan.
• Safety reminders: DICP criteria and the 11 ISO themes.
• The continuity roadmap.

The project and its management

• Reminders on project management.
• The phases of a continuity plan project.
• The particularities of the continuity plan project.

Risk analysis

• The components of risk.
• The principles of the different methods.
• The other standards (COBIT, ISO.
• ).
• The notion of an uncertainty matrix.
• Risk analysis for the continuity plan.

Identifying critical activities

• Determine the critical activities (BIA) of a company.
• The fundamental parameters of impact analysis.
• The notion of Service Delivery Objectives.

Means for designing devices

• The elements and the budget to develop the scenarios.
• The different fallback sites (hot, warm, cold sites, reciprocal agreement.
• ) internally or outsourced.
• Decision criteria.

Continuity plans

• The construction of procedures.
• Rescue teams: constitution, roles.
• An example of an outline of an emergency plan.

Escalation procedures and crisis unit

• The management of escalation in phase with the RTO.
• The constitution of the crisis unit.
• The principles of triggering the emergency plan.
• Business continuity as an ITIL process.
• The importance of maintaining the plan in operational condition on a daily basis: the PDCA life cycle.
• The continuity process and other processes.

Description

The challenge of computer forensics is to find the data, collect it and present it in a court of law. This intensive course allows participants to develop the expertise necessary to meet this challenge and also to take the official certification exam, accredited by PECB.

Who is this training for ?

Training objectives

Understand the scientific principles specific to computer investigation
Explain the structure of computers and operating systems
Explain network, Cloud and mobile device investigation
Master investigation tools and methodologies

Training program

Scientific principles specific to computer investigation

• Presentation of the scientific principles specific to computer investigation.
• Introduction to the computer investigation approach.
• Fundamental principles.
• Analysis and implementation of analysis operations.
• Preparation and execution of investigation procedures.

Structure of computers and operating systems

• Identification and selection of computer components.
• Identification and selection of peripherals and other components.
• Understanding operating systems (OS).
• Extracting and analyzing file structures.

Network, Cloud and mobile device investigation

• Understanding networks, cloud and virtual environments.
• Generic methods for extracting data in a virtual environment.
• Review of a mobile phone or tablet.
• Storing information on mobile devices.

Investigation tools and methodologies

• Enumeration and examination of computer hardware and software components.
• Selection and testing of investigation technologies.
• Analysis and selection of suitable procedures for investigation operations 'investigation.
• Discovery, documentation and return of evidence on site.
• Analysis and consideration of the context.

Investigation tools and methodologies

• Enumeration and examination of computer hardware and software components.
• Selection and testing of investigation technologies.
• Analysis and selection of suitable procedures for investigation operations 'investigation.
• Discovery, documentation and return of evidence on site.
• Analysis and consideration of the context.

Certification exam

• Domain 1: scientific principles specific to computer investigation.
• Domain 2: fundamental principles of computer investigation.
• Domain 3: structure of computers.
• Domain 4: operating systems and file structures.
• Domain 5: investigation of networks, in the Cloud or in virtual environments.
• Domain 6: network and mobile device investigation.
• Domain 7: investigative tools and methodologies.
• Domain 8: examination, acquisition and preservation of electronic evidence.
• Exam 3 hour exam.

Description

This intensive 5-day course allows participants to understand the principles and concepts of application security according to ISO 27034 but also to develop the expertise necessary to prepare and carry out internal and external audits either for an organization or for a application.

Who is this training for ?

Training objectives

Acquire the expertise required to carry out an ISO 27034 internal audit that meets the requirements of ISO 19011
Acquire the expertise to carry out an ISO 27034 certification audit that meets the requirements of ISO 17021 and 27006
Acquire the expertise required to manage a Security
Application audit teamUnderstand the scope, lifecycle and compliance limits of an organization or application to ISO 27034

Training program

Introduction to application security concepts

• Review of the fundamental principles of information security.
• Overall vision of the ISO 27034 standard.
• Concepts, principles, definitions, scope, components, processes and actors involved in application security.
• Implicit concepts integrated into the standard.
• Advantages and limits of ISO 27034.
• Differences and complementarity with the common criteria and the CMMI.
• The Normative Framework of the Organization (CNO) and the ISO/IEC 27034 certification process.
• Detailed presentation of sections 6 to 8 of ISO/ IEC 27034-1:2011.

Introduction to Application Security Auditing

• Fundamental auditing concepts and principles according to ISO 19011.
• Communication during an audit.
• Audit procedures.
• L 'documentary audit.
• On-site audit and formulation of audit findings, document non-conformities.
• Audit quality review.
• Evaluation of corrective action plans.

Application security audit according to ISO 27034

• Approach based on the prioritization of unacceptable security risks and the production of evidence.
• ISO/IEC 27034 surveillance audit.
• Management program 'ISO/IEC 27034 internal audit.
• Preparation of an ISO 27034 certification audit.
• Agreement on the scope of the application security audit.
• Determination of applications in the perimeter.
• Determination of application security elements in the perimeter for each application.

Organization level audit

• Agreement on the scope of the SA audit for the organization.
• The Normative Framework of the Organization (CNO).
• Management of the CNO .
• The organization's application security objectives.

Application level auditing

• Agreement on the scope of the application security audit for the application.
• The normative framework of the application (CNA).
• The process of management of application security at the CNA level.
• Trust level and CSA.
• ISO 27034 - Final revision.
• Questions and answers.

Certification exam

• Examen Examen de certification ISO 27034 Lead Auditor.

Description

This seminar provides a complete overview of Web threats. It details flaws in browsers, social networks and Web 2.0, new vulnerabilities in SSL/TLS and X509 certificates, as well as J2EE, .NET and PHP applications. It presents solutions to protect and control application security.

Who is this training for ?

Training objectives

Identify security threats to Web applications
Know Web security protocols
Understand attack typologies
Secure Web applications

Training program

Threats, vulnerabilities of web applications

• Major risks of web applications according to IBM X-Force IBM and OWASP.
• Cross Site Scripting (XSS), injection and session attacks.
• Propagation vulnerability with a Web Worm.
• Attacks on standard configurations.

Security protocols SSL, TLS

• SSL v2/v3 and TLS, PKI, X509 certificates, certification authority.
• Impact of SSL on the security of UTM and IDS/IPS firewalls.
• Vulnerabilities and attacks on SSL/TLS.
• Techniques for capturing and analyzing SSL flows.
• HTTPS stripping attack on secure links.
• Attacks on X509 certificates, OCSP protocol.
• SSL and web application performance.

Targeted attacks on user and browser

• Attacks on Web Browsers, Rootkit.
• Smartphone Security for Surfing the Net.
• Malicious Codes and Social Networks.
• The specific dangers of Web 2.
• 0.
• Social engineering techniques.

Targeted attacks on authentication

• Authentication via HTTP, SSL by client X509 certificate.
• Implement strong authentication, by software.
• Non-intrusive Web SSO solution (agentless) .
• Main attacks on authentications.

Web services security

• Protocols, security standards XML Encryption, XML Signature, WS-Security/Reliability.
• Injection attacks (XML injection.
• ), brute force or by replay.
• Application firewalls for Web services.
• Main players and products on the market.

Effectively secure web applications

• Hardening: securing the system and the HTTP server.
• Virtualization and security of web applications.
• Environments.
• NET, PHP and Java.
• The 5 phases of SDL.
• Fuzzing techniques.
• Qualify your application with ASVS.
• WAF: what efficiency, performance?

Control web application security

• Pentest, security audit, vulnerability scanners.
• Organize effective technological monitoring.
• Declaration of security incidents.
• Demonstration Implementation of a Web server with type HTTPS Stripping.

Description

Cybercrime is a growing threat to society. Cybercriminals operate from anywhere to attack critical business infrastructure. The question addressed in this course will not be whether your body will be attacked but how to respond effectively to these attacks.

Who is this training for ?

Training objectives

Know the dangers and identify the sources of threats
Understand the risks and security issues
Fight and react to malicious acts
Know how to organize an effective, useful and graduated response

Training program

Cybercrime in the news

• Scams against the president? FOVI (False International Transfer Order).
• Social engineering, Spear Phishing.
• Theft of sensitive data, network intrusion of all kinds: what's the news? The darknet, malware, bots/botnets, ransomware.
• Bank card violations, skimming, the darknet.

Technical issues - Anticipate well

• Management of traces, evidence and recordings.
• How to detect and then characterize
• ).
• Internal best practices: IDS probe, analysis and correlation of events (SIEM).

The fight against cybercrime

• OCLCTIC, BEFTI, DGSI, Gendarmerie Nationale/C3N: everyone has their own skills.
• The SDLC and cybercrime investigators (ICC).
• Report all abnormal event: PHAROS, signal-spam, CERT.
• LPM, Vital Importance Operators, good practices and requirements on SIIV.
• Specialized service offers, the role of ANSSI, qualified service providers.

Legal issues - Understanding the risks

• Duality of legal liability: the principles of criminal and civil liability.
• Cybercrimes in France and internationally: what repressive mechanism? Definitions/case law on "theft" or leak of data, fraudulent attack and maintenance in an IS/Network.
• Definitions/case law on cyber harassment, happy slapping, e-reputation, damage to image on the Web.

Cybercrime: what legal means?

• Means of investigation and control of public authorities: LCEN, LOPPSI 2, Military Programming Law.
• Management of evidence: legality, admissibility, difference in criminal/civil procedure, collection of proof on the Web.
• Means of cryptology: dual-use goods, legal regime.
• Illustrations/case: hacking of a hospital's IS a defibrillator, attack on an IS by an administrator.
• Illustrations/case: Jérôme Kerviel affair, cyberattack on Swift banking messaging.

Description

The aim of implementing an identity and access management strategy is to strengthen security and simplify access to the most important company information. During this Identity and Access Management training you will learn how to implement a single authentication system based on a robust system which relies on a PKI infrastructure respecting industry standards, a federated management strategy of identities and the latest cloud technologies.

Who is this training for ?

Training objectives

Implement an identity management/authentication strategy to control access to your IT resources
Develop a public key infrastructure (PKI) system to manage enterprise trust relationships
Establish trust relationships external trust between organizations sharing a common identity management strategy
Improve authentication with digital certificates, smart cards and biometrics
Extend single sign-on (SSO) to the Azure and Amazon clouds.

Training program

Specificities of LDAP directories

• The specificities of directories with respect to relational databases.
• The history of X500 in LDAP.
• The role of the identity repository in the IS.
• The key concepts of LDAP directories.
• Topology: replication and distribution.
• LDAP and DSML protocols.

Modeling a directory

• The step-by-step modeling approach.
• Design of the schema, the LDAP tree.
• Practical work Based on a directory Open LDAP.

Choice of tools

• The state of the art on the market.
• LDAP server software (Open LDAP, offers from Sun, Novell, Microsoft, Oracle, IBM, etc.
• ).
• LDAP client software (Softerra LDAP Browser, Java LDAP Browser, etc.
• ).
• Directory connection APIs and frameworks ( JNDI, PerlLDAP, ADSI, PHP-LDAP, etc.
• ).
• The strengths and weaknesses of each solution.

Urbanization approach applied to identity management

• Mapping of IS repositories.
• Analysis of the context and needs.
• Definition of target repositories and their supply circuit (provisioning ).
• Choice of tools.
• Design of information flows.

Directory management tools

• DCMS tools.
• Management and presentation of directory content.
• Management by non-IT profiles.
• Strengths and weaknesses of each solution.

Provisioning tools

• Propagation of identity data.
• Organize directories feeding processes.
• The strengths and weaknesses of each solution (Sun, Novell, Microsoft, Oracle, IBM, etc.
• ).

Single Sign On and PKI tools

• Propagate application sessions.
• Two types of SSO architecture: client/server and reverse proxy.
• Advantages and limitations.
• SAML specification.
• Some market solutions.
• PKI integration.

Uses of business directories and ROI

• Identity data warehouse.
• Centralized repository.
• IT management tool.
• The benefits of data management 'identity.
• Rationalization of employee management.

Description

Make known the risks and consequences of a user action affecting the security of the information system. Explain and justify the security constraints imposed by the security policy. Discover and understand the main solutions put in place in the company.

Who is this training for ?

Training objectives

Understand the typology of risks linked to IS security and the possible consequences
Identify measures to protect information and secure your workstation
Foster the conduct of the company's IS security policy

Training program

IT security: understanding the threats and risks

• Introduction: General framework, what do we mean by IT security (threats, risks, protection)? How negligence can create a disaster.
• Some examples.
• Responsibility.
• The components of an IS and their vulnerabilities.
• Client and server operating systems.
• Service networks enterprise (premises, site-to-site, Internet access).
• Wireless networks and mobility.
• Applications at risk: Web, messaging.
• Basic data and file system.
• Threats and risks.
• Sociology of hackers.
• Underground networks.
• Motivations.
• Typology of risks.
• Cybercrime in France.
• Vocabulary (sniffing, spoofing, smurfing, hijacking.
• ).

Information protection and workplace security

• Vocabulary.
• Confidentiality, signature and integrity.
• Understand the constraints linked to encryption.
• General diagram of cryptographic elements.
• Windows, Linux or MAC OS: which is more secure? Management of sensitive data.
• The problem with laptops.
• What threat to the client computer? Understand what malicious code is.
• How to manage security vulnerabilities? The USB port.
• The role of the client firewall.

User authentication and external access

• Access controls: authentication and authorization.
• Why is authentication essential? The traditional password.
• Authentication by certificates and token.
• Remote access via the Internet.
• Understanding VPNs.
• The benefits of strong authentication.

How to get involved in IT security

• Analysis of risks, vulnerabilities and threats.
• Regulatory and legal constraints.
• Why my organization must comply with these security requirements.
• The key people in security: understanding the role of the CISO and the Risk manager.
• Acting for better security: Social and legal aspects.
• The CNIL, the legislation.
• Cybersurveillance and the protection of privacy.
• The charter for the use of IT resources.
• Everyday security.
• Good reflexes.
• Conclusion.

Description

This practical course will show you how to implement the main means of securing systems and networks. After studying some threats to the information system, you will learn the role of various security equipment in protecting the company in order to be able to design a security architecture and carry out its implementation.

Who is this training for ?

Training objectives

Know the vulnerabilities and threats of information systems Master the role of various safety equipment Design and create an appropriate security architecture Implement the main means of securing networks Use vulnerability detection tools: scanners, IDS probes Securing a Windows and Linux system

Training program

Risks and threats

• Introduction to security.
• State of IT security.
• The vocabulary of IT security.
• Attacks " lower layers".
• Strengths and weaknesses of the TCP/IP protocol.
• Illustration of attacks such as ARP and IP Spoofing, TCP-SYNflood, SMURF, etc.
• Denial of service and distributed denial of service.
• Application attacks.
• Intelligence gathering.
• HTTP, a particularly exposed protocol (SQL injection, Cross Site Scripting, etc.
• ).
• DNS: Dan Kaminsky attack.
• Practical work Installation and use of the Wireshark network analyzer.
• Implementation of an application attack.

Security architectures

• Which architectures for what needs? Secure addressing plan: RFC 1918.
• Address translation (FTP as an example).
• The role demilitarized zones (DMZ).
• Examples of architecture.
• Securing architecture through virtualization.
• Firewall: cornerstone of security.
• Actions and limits of traditional network firewalls.
• Technological evolution of firewalls (Appliance, VPN, IPS, UTM.
• ).
• Firewalls and virtual environments.
• Server proxy and application relay.
• Proxy or firewall: competition or complementarity? Reverse proxy, content filtering, caching and authentication.
• SMTP relay, an obligation? Practical work Implementation of a Cache proxy/Authentication.

Data security

• Cryptography.
• Symmetric and asymmetric encryption.
• Hash functions.
• Cryptographic services.
• Authentication of the user.
• The importance of mutual authentication.
• X509 certificates.
• Electronic signature.
• Radius.
• LDAP.
• Worms, viruses, trojans, malware and keyloggers.
• Current trends.
• The antiviral offer, complementarity of elements .
• EICAR, a "virus" to know.
• Practical work Deployment of an SMTP relay and an HTTP/FTP Antivirus proxy.
• Implementing a server certificate.

Security of exchanges

• Wi-Fi security.
• Risks inherent to wireless networks.
• The limits of WEP.
• The WPA and WPA2 protocol.
• Types of attacks.
• Man in the Middle attack with rogue AP.
• The IPSec protocol.
• Presentation of the protocol.
• Tunnel and transport modes.
• ESP and AH.
• Analysis of the protocol and associated technologies (SA, IKE, ISAKMP, ESP, AH.
• ).
• SSL/TLS protocols.
• Protocol overview.
• Negotiation details.
• Analysis of the main vulnerabilities.
• Sslstrip and sslsnif attacks.
• The SSH protocol.
• Presentation and functionalities.
• Differences with SSL.
• Practical work Performing a Man in the Middle attack on an SSL session.
• Implementation of IPSec transport mode/PSK.

Securing a system, “Hardening”

• Presentation.
• Insufficient default facilities.
• Evaluation criteria (TCSEC, ITSEC and common criteria).
• Securing Windows.
• Account and permission management.
• Service control.
• Network configuration and auditing.
• Securing Linux.
• Kernel configuration.
• File system.
• Service and network management.
• Practical work Example of securing a Windows and Linux system.

Daily audit and security

• Available tools and techniques.
• Intrusion testing: tools and means.
• Vulnerability detection (scanners, IDS probes, etc.
• Real-time IDS-IPS detection tools, agent, probe or cutoff.
• React effectively in all circumstances.
• Supervision and administration.
• Organizational impacts.
• Technology watch.

Case study

• Preliminary study.
• Needs analysis.
• Develop an architecture.
• Define the action plan.
• Deployment.
• Procedure for installing the elements.
• Implementation of the filtering policy.
• Practical work Development of a master's degree flow.

Description

This advanced course will allow you to measure the level of security of your information system using intrusion detection tools, vulnerability detection, auditing, etc. It will provide you with knowledge of advanced solutions to maintain and make the desired level of security evolve over time in relation to your needs. The practical work offered will allow you to acquire the skills necessary for the installation, configuration and administration of the most used applications in the security field.

Who is this training for ?

Training objectives

Measure the security level of your information system Use intrusion detection, vulnerability detection and auditing tools Strengthen the security of your information system Implement an AAA (Authentication, Authorization, Accounting) architecture Implement SSL/TLS

Training program

Reminders

• The TCP/IP protocol.
• Address translation.
• Network architecture.
• The firewall: advantages and limits.
• Proxies, reverse-proxy: application protection.
• Demilitarized zones (DMZ).

Attack tools

• Security paradigms and classification of attacks.
• Principles of attacks: spoofing, flooding, injection, capture, etc.
• Libraries: Libnet, Libpcap, Winpcap , Libbpf, Nasl, lua.
• Tools: Scapy, Hping, Ettercap, Metasploit, Dsnif, Arpspoof, Smurf.
• Practical work Protocol analysis with Wireshark.
• Using Scapy and Arpspoof.

Cryptography, application

• Security services.
• Cryptographic principles and algorithms (DES, 3DES, AES, RC4, RSA, DSA, ECC).
• Certificates and specific profiles for the various servers and clients (X509).
• IPSEC protocol and virtual private networks (VPN).
• SSL/TLS and VPN-SSL protocols.
• Data compression issues.
• Practical work Getting started with openssl and implementing OpenPGP.
• Generation of X509 v3 certificates.

Architecture AAA (Authentication, Authorization, Accounting)

• The AAA network: authentication, authorization and traceability.
• One Time Password: OTP, HOTP, Google Authenticator, SSO (Kerberos Protocol).
• The place of the LDAP directory in authentication solutions.
• The PAM and SASL modules.
• Radius architecture and protocol (Authentication, Authorization, Accounting).
• Possible attacks.
• How to protect yourself.
• Practical work Attack on a AAA server.

Detect intrusions

• Operating principles and detection methods.
• Market players, overview of the systems and applications concerned.
• Network (nmap) and application scanners ( web applications).
• IDS (Intrusion Detection System).
• The advantages of these technologies, their limits.
• How to place them in the architecture 'company.
• Market overview, detailed study of SNORT.
• Practical work Installation, configuration and implementation of SNORT, writing attack signatures.

Verify the integrity of a system

• The operating principles.
• What products are available.
• Presentation of Tripwire or AIDE (Advanced Intrusion Detection Environment).
• Vulnerability auditing.
• Principles and methods and organizations for managing vulnerabilities.
• Reference site and overview of audit tools.
• Definition of 'a security policy.
• Study and implementation of Nessus (state, operation, evolution).
• Practical work Audit of network and server vulnerabilities help from Nessus and Nmap.
• Website vulnerability audit.

Manage security events.

• Processing of information reported by the various security equipment.
• Consolidation and correlation.
• Presentation of SIM (Security Information Management).
• SNMP management and protocol: security strengths and weaknesses.
• SNMP security solution.
• Practical work SNMP attack setup.

Wi-Fi network security

• How to secure a Wi-Fi network? The intrinsic weaknesses of Wi-Fi networks.
• SSID Broadcast, MAC Filtering, what contribution? WEP has is it still of interest? The WPA protocol, first acceptable solution.
• WPA implementation in shared key mode, is that sufficient? WPA, Radius and AAA server, the enterprise implementation.
• The 802 standards.
• 11i and WPA2, which solution is the most successful today? Practical work Configuration of tools for traffic capture, network scanning and WIFI traffic analysis, traffic injection, WIFI key cracking.
• Configuration of an AP (Access Point) and implementation of security solutions.

IP telephony security

• Voice over IP concepts.
• Application presentation.
• The architecture of a VoIP system.
• The protocol SIP, open standard for voice over IP.
• The weaknesses of the SIP protocol.
• The problems of NAT.
• Attacks on telephony over IP.
• What are the security solutions?

Email security

• Email architecture and operation.
• Messaging protocols and access (POP, IMAP, Webmail, SMTP, etc.
• ).
• Problems and classifications of attacks on messaging (spam, fishing, identity theft, etc.
• ).
• Those involved in the fight against SPAM.
• Methods, architectures and tools to combat SPAM.
• Tools for collecting email addresses.
• Solutions implemented against SPAM.

Description

The TLS (Transport Layer Secure) standard is the most deployed protocol for securing application exchanges. This course will provide you with a good knowledge of TLS architecture, protocol and security services. You will implement it on the client and server side within exchanges to be secured.

Who is this training for ?

Training objectives

Implement the TLS protocol Strongly and securely configure TLS clients and servers Analyze TLS traffic Know attacks on TLS

Training program

Cryptography and security services

• Cryptographic terminology and principles.
• Main cryptography algorithms and their uses in TLS: AES, DHE, ECC, RSA, DSA.
• Hash function (MD5 , SHA1, SHA2, SHA3) with and without key (Hmac).
• Cryptography operating modes.
• Cryptanalysis and attack on cryptographic functions.
• Services security: confidentiality, authentication, integrity.
• Practical work Encryption and decryption based on OpenSSL and cryptanalysis.

Certificates and digital signature

• Digital signature.
• Attacks on public keys.
• Certificates and PKCS12 key implementation.
• Certificate profiles for TLS .
• Practical work Design of certificates (client and server side) and PKCS12 on the client side.

TLS Architecture and Services

• Positioning of the different versions: SSLv3, TLS1.
• 0, TLS1.
• 1, TLS1.
• 2.
• Architecture, protocol and security services, TLS exchanges.
• Configuration of cipher suites.
• Practical work Configuration of a TLS client and TLS traffic analysis.

Configuring and implementing the TLS protocol

• Configuration on the client and server side.
• Configuration for simple server authentication.
• Implementation of certificates, settings of encryption algorithms on the server side.
• Server authentication, configuration of certificate stores.
• Practical work Configuration and implementation of TLS on the Apache web server side.

Advanced TLS protocol services

• TLS extensions and features.
• Different authentication modes: OpenPGP certificate, PSK.
• Ticket and session reopening.
• Session benchmarking.
• Configuration of the TLS client (PKCS12).
• Practical work Configuration of TLS clients and servers for strong and mutual authentication.
• Implementation of extensions, performance analysis.

TLS protocol security analysis and outlook

• Attacks on the TLS protocol.
• Best practices, configuration control.
• Presentation of the DTLS protocol.
• Presentation of the future version of TLS 1.
• 3.
• Practical work Auditing the TLS protocol.
• Implementation of attacks on TLS.
• Configuring and implementing DTLS.

Description

The intrusion test, or "PenTest", is a technical intervention which makes it possible to determine the real potential for intrusion and destruction of a hacker on an IT infrastructure. This course presents the approach and tools to carry out this type of test and professionally write the final audit report.

Who is this training for ?

Training objectives

Acquire a methodology for organizing a penetration test type security audit on your IS
Evaluate the risks faced by an IT system in the face of an external intrusion
Produce a final report following an intrusion test
Formulate security recommendations

Training program

Introduction

• Evolution of IT security.
• State of IT security.
• The mindset and culture of the hacker.
• What risks and threats?

Audit methodology

• What is a "PenTest"? The benefit of performing an intrusion test.
• How to integrate the intrusion test into a general security.
• Learn to define a security management policy and an iterative "PenTest".
• Organize and plan the intervention.
• How to prepare the framework? The technical scope of the audit.
• Carry out the "PenTest".
• Gathering information.
• Acquiring access.
• Elevation of privileges.
• Maintaining access to the system.
• Traces of the intrusion .

“PenTest” tools

• Which tools to use? Scan and network tools.
• System analysis and web analysis tools.
• Scanning tools 'attack on employees.
• Which tool for maintaining access? Operation frameworks.
• Scenario Participants will audit a network of undertaken on the basis of a scenario as close as possible to a real case.

Vulnerabilities and exploitation

• Discovery of new vulnerabilities.
• How to exploit them? Carry out the schedule.
• Distribution of tasks.
• Practical work Identify new vulnerabilities.
• Example of creating a schedule.

The final report

• The importance of preparing the report.
• Collecting information.
• Preparing the document and writing the report.
• L 'overall analysis of system security.
• How to describe the vulnerabilities found? Formulate security recommendations.
• The general summary of system security.
• Send the report.
• The necessary precautions.
• What to do once the report has been sent? Collective reflection Preparation of a report following a penetration test.

Network equipment and wireless

• Vulnerabilities in network components.
• How to identify them? Exploit a vulnerability linked to a component.
• The wireless network.
• Weaknesses of the Wi-Fi network.
• Follow-up actions.

Description

This training, both theoretical and practical, presents the most advanced attack techniques to date and shows how to deal with them. From attacks carried out on identified targets (Web servers, clients, networks, firewalls, databases, etc.), the participant will learn how to trigger the appropriate response (anti-Trojan filtering, filtering of malformed URLs, spam detection and real-time intrusion detection with IDS probe).

Who is this training for ?

Training objectives

Identify and understand analysis and detection techniques Acquire the knowledge to deploy different intrusion detection tools Implement intrusion prevention and detection solutions Manage an intrusion incident Know the legal framework

Training program

The world of IT security

• "Official" definitions: hacker, hacking.
• The community of hackers in the world, the "gurus", the "script kiddies".
• The hacker's state of mind and culture.
• Conferences and major security sites.
• Practical work Underground navigation.
• Know how to locate useful information.

TCP/IP for firewalls and intrusion detection

• IP, TCP and UDP from another angle.
• Focus on ARP and ICMP.
• Forced routing of IP packets (source routing).
• IP fragmentation and reassembly rules.
• The usefulness of serious filtering.
• Securing your servers: an imperative.
• Parades by technology: from filtering router to stateful inspection firewall; from proxy to reverse proxy.
• Quick overview of solutions and products.
• Practical work Visualization and analysis of classic traffic.
• Use of different sniffers.

Understanding attacks on TCP/IP

• IP "Spoofing".
• Denial of service attacks.
• TCP sequence number prediction.
• Theft of TCP session: Hijacking (Hunt, Juggernaut).
• Attacks on SNMP.
• Attack by TCP Spoofing (Mitnick): demystification.
• Practical work r nInjection of packets manufactured on the network.
• Use of the participants' choice of graphical tools, Perl, C or dedicated scripts.
• Hijacking of a telnet connection.

Intelligence Gathering : l'art du camouflage

• Search for traces: querying Whois databases, DNS servers, search engines.
• Identification of servers.
• Understanding the context: analyzing the results, determine the filtering rules, specific cases.
• Practical work Search using non-intrusive techniques for information on a potential target (participants' choice).
• Use of network scanning tools.

Protect your data

• "Clear" password systems, by challenge, encrypted.
• An update on authentication under Windows.
• Reminders about SSH and SSL (HTTPS).
• Sniffing a switched network: ARP poisoning.
• Attacks on encrypted data: "Man in the Middle" on SSH and SSL, " Keystoke Analysis" on SSH.
• Sniffer detection: advanced tools and methods.
• Password attacks.
• Practical work Decryption and SSH session theft: "Man in the Middle" attack.
• Password cracking with LophtCrack (Windows) and John The Ripper (Unix).

Detect trojans and backdoors

• State of the art of backdoors under Windows and Unix.
• Setting up backdoors and trojans.
• Downloading scripts on clients, exploitation of browser bugs.
• The "Covert Channels": client-server application using ICMP.
• Example of communication with distributed Denial of Service Agents.
• Access private information with your browser.

Defend online services

• Taking control of a server: searching for and exploiting vulnerabilities.
• Examples of setting up "backdoors" and removing traces.
• How to bypass a firewall (netcat and bounces)? The search for denial of service.
• Distributed denials of service (DDoS).
• Buffer overflow attacks ).
• Exploitation of vulnerabilities in the source code.
• Similar techniques: "String Format", "Heap Overflow".
• Vulnerabilities in Web applications.
• Theft of information from a database.
• RootKits.
• Practical work Exploitation of the bug used by the worm "Code Red".
• Obtaining a root shell by different types of buffer overflow.
• Testing a denial of service (Jolt2, Ssping).
• Using netcat to bypass a firewall.
• Using "SQL Injection" techniques to break web authentication.

How to manage an incident?

• The signs of a successful intrusion into an IT system.
• What did the hackers obtain? How far did they go? How to react to a successful intrusion? Which servers are affected? Know how to find the entry point and fill it.
• The Unix/Windows toolbox for finding evidence.
• Cleaning and returning compromised servers to production.

Conclusion: what legal framework?

• The appropriate response to hackers.
• French law on hacking.
• The role of the State, official bodies.
• What to expect from the Central Crime Control Office (OCLCTIC)? The search for evidence and perpetrators.
• And in an international context? The intrusive test or domesticated hacking? Stay within a legal framework, choose the service provider, be sure of the result.

Description

This advanced course will show you the essential techniques for carrying out a post-mortem analysis (also called inforensic) of computer security incidents. Following attack simulations, you will learn how to collect and preserve evidence, analyze it and improve IT security after the intrusion.

Who is this training for ?

Training objectives

Master good reflexes in the event of an intrusion on a machine
Collect and preserve the integrity of electronic evidence
Analyze the intrusion a posteriori
Improve your security after an intrusion

Training program

Forensic (or inforensic) analysis of systems

• Computer forensics.
• Types of computer crimes.
• Role of the computer investigator.

Modern Cybercrime

• Types of crime.
• Security incident management framework, CERT.
• Analyze and understand network attacks.
• Network intrusion detection.
• Protection tools, French legislation.
• Practical work Analyze network logs from a Volumetric DDoS, ARP.
• Setting up SNORT.

Forensic analysis of a Windows operating system

• Acquisition, analysis and response.
• Understanding the startup processes.
• Collect volatile and non-volatile data.
• How the system works password, Windows registry.
• Analysis of data contained in RAM, Windows files.
• Analysis of cache, cookie and browsing history, event history.
• Practical work Injecting a user.
• Crack the password.
• Collect, analyze data from RAM.
• Reference, hash all files.
• Explore browser data, registry.

Log analysis

• Visualize, sort, search in traces.
• Splunk to understand attacks.
• Practical work Install, configure Splunk.
• Analyze Web logs from a Brute-Force on Form, implementation of countermeasures.

Collection of information

• Heterogeneity of sources.
• What is a security event? Security Event Information Management (SIEM), events collected from the IS.
• System logs of equipment (firewalls, routers, servers, databases).
• Practical work Geolocation of addresses.
• Analysis of web user history (cookie, data sent POST).
• Analyze Web logs from SQL Injection and implement countermeasures.

Digital proof

• Definition, role, types and classification rules.
• Evaluate and secure electronic elements of a crime scene.
• Collect and preserve the integrity of electronic evidence.
• Practical work Duplicate data bit by bit, check integrity.
• Recover deleted and/or hidden files.
• Analysis of digital data.

Description

This course presents the different cryptographic techniques as well as the main applications. Symmetric and asymmetric encryption, hashing, the most used algorithms as well as key management methods will be explained in detail.

Who is this training for ?

Training objectives

• Master the vocabulary associated with cryptology: algorithm, hashing, key
• Know the most used algorithms in cryptology
• Identify methods of exchange, management and certification of public keys
• Use symmetric and asymmetric encryption tools

Training program

Introduction

• History of the first encrypted documents.
• Cryptographic services.
• Mathematical concepts.
• Cryptographic security and attack techniques.

Stream Ciphers

• Presentation of the concept.
• Linear Feedback Stream Register (LFSR): operational details, Galois LFSR, applications.
• Other forms of stream encryption: RC4, SEAL.

Block Ciphers

• Presentation of the concept.
• The different forms: Electronic CodeBook (ECB), Cipher-Bloc Chaining (CBC), Cipher FeedBack (CFB).
• Comparison of stream and block ciphers.
• Data Encryption Standard (DES).
• Triple DES (3DES): presentation, operating modes.
• Advanced Encryption Standard ( AES).
• Additional algorithms: IDEA, RC5, SAFER.

Asymmetric encryption

• The RSA algorithm in detail.
• Security and key size.
• RSA attacks and challenge.
• Practical applications.
• ElGamel encryption.
• ElGamel in DSA.

Hash functions

• Concept and objectives.
• Algorithmic principles.
• Mathematical properties.
• Practical justifications for the different properties.
• Security and hash length.
• Simple (Unkeyed) and secure (Keyed) hashing: block encryption. MD4 function.
• Advanced attacks on hash functions.
• Technical overview of hash functions: SHA-1,SHA-256 and SHA-512.MD5.Haval.
• RIPEMD-128.

Integrity and authentication

• Presentation.Standards CBC-MAC.HMAC.
• Electronic signature.D.S.A and R.S.A signature.

Key management

• Key exchange with symmetric and asymmetric encryption.
• Details of exchanges.
• Diffie-Hellman algorithm.
• Attack of man in the middle.
• Management and certification of public keys.
• Revocation, renewal and archiving of keys.
• Certificates in X509 format, PKIX standard.
• The key management infrastructure (KMI/PKI).

Trusted third parties

• Presentation and standards.Architectures.
• Certification authority.Kerberos.

Description

This training will allow you to acquire an overview of supervision issues, the legal obligations concerned in terms of data retention and to quickly master the skills necessary to implement a software solution adapted to your needs.

Who is this training for ?

Training objectives

Know the legal obligations regarding data retention
Know the process of log analysis
Install and configure Syslog
Understand correlation and analysis with SEC

Training program

Introduction

• Presentation and standards.
• Architectures.
• Certification authority.
• Kerberos.

Collecting information

• The heterogeneity of sources.
• What is a security event? Security Event Information Management (SIEM).
• Events collected from the IS.
• System logs from equipment (firewalls, routers, servers, databases, etc.
• ).
• Passive collection in listening mode and active collection.
• Practical work Approach to a log analysis.
• The geolocation of an address.
• The correlation of logs from different origins, visualize, sort, search for rules.

Syslog

• The Syslog protocol.
• The client part and the server part.
• Centralize event logs with Syslog.
• Syslog is is it sufficient? Advantages and disadvantages.
• Practical work Installation and configuration of Syslog.
• Example of data analysis and correlation.

The SEC program

• Presentation of SEC (Simple Event Correlator).
• The configuration file and rules.
• How to detect interesting patterns.
• Correlation and analysis with SEC.
• Practical work Installation and configuration of SEC.
• Example of data analysis and correlation.

Splunk software

• The MapReduce architecture and framework.
• How to collect and index data? Exploit machine data.
• Transaction authentication.
• Integration with LDAP directories and Active Directory servers.
• Practical work Installation and configuration of Slunk.
• Example of analysis and correlation Datas.

French legislation

• The retention period of logs.
• The framework of use and legislation.
• The CNIL.
• Labor law.
• The IT charter, its content and the validation process.
• How to set up an IT charter? Its contribution to the security chain.
• Practical work Example of setting up an IT charter.

Conclusions

• Good practices.
• Pitfalls to avoid.
• Choose the right tools.
• The future for these applications.

User Internet access

• Why a proxy? Squid.
• Installation.
• Configuration.
• Authentication.
• URL filtering and content.
• Site control with Squid Guard.
• Log formats.
• Practical work Implementation: Squid, SquidGuard.

Description

IPv6 responds to the exhaustion of the stock of IPv4 addresses. However, its implementation poses security problems. This training allows you to know the vulnerabilities of IPv6 at different levels, the appropriate concrete solutions and the good practices related to the implementation of the network.

Who is this training for ?

Training objectives

Know the vulnerability issues related to IPv6 implementation Implement appropriate security solutions Apply good security practices

Training program

Introduction to security under IPv6

• The IPSec protocol.
• Host authentication with AH.
• Data confidentiality with ESP.
• The mechanism of IKE key exchange.
• Practical work Implementation of IPSec in transport mode between two hosts.
• Deployment of an IPsec tunnel between two routers.

Vulnerabilities related to stateless autoconfiguration (RA)

• Frequent bad practices.
• Problems linked to bad practices.
• Denial of service (DOS) attacks.
• The techniques of "Man In The Middle".
• Practical work Highlighting problems, followed by implementation of solutions on switches and machines.

Vulnerabilities of IPv6/ICMPv6/autoconf protocol functionalities

• Address spoofing.
• The use of ICMP redirect messages.
• The proper use of ICMPv6 filtering.
• Control of interface identifiers.
• Anycast addresses.
• IPv6 and extensions.
• Practical work Highlighting the risks, followed by implementation of solutions on switches and machines.

Vulnerabilities linked to network services

• DHCPv6: risks linked to its use.
• DNS and IPv6: best practices.
• Demonstration Illustrations of the risks linked to the use of DHCPv6 .
• Discussions on best practices related to DNS and IPv6.

Vulnerabilities linked to tunnels

• Controlling your interconnection.
• Believing yourself to be safe from IPv6.
• Demonstration Illustration by examples of the risks associated with tunnels.

Network construction best practices

• The use of ULA type addresses.
• Traffic filtering.
• Practical work Implementation of filtering on routers.
• Discussions on best practices.

Application control

• Controlling addresses and listening ports.
• Controlling subscriptions to multicast groups.
• Practical work Analysis under Windows and Unix.
• Implementation of filtering on machines.

Description

The challenge of computer forensics is to find the data, collect it and present it in a court of law. This intensive course allows participants to develop the expertise necessary to meet this challenge and also to take the official certification exam, accredited by PECB.

Who is this training for ?

Training objectives

Understand the scientific principles specific to computer investigation Explain the structure of computers and operating systems Explain network, cloud and mobile device investigation Master investigation tools and methodologies

Training program

Scientific principles specific to computer investigation

• Presentation of the scientific principles specific to computer investigation.
• Introduction to the computer investigation approach.
• Fundamental principles.
• Analysis and implementation of analysis operations.
• Preparation and execution of investigation procedures.

Structure of computers and operating systems

• Identification and selection of computer components.
• Identification and selection of peripherals and other components.
• Understanding operating systems (OS).
• Extracting and analyzing file structures.

Network, Cloud and mobile device investigation

• Understanding networks, cloud and virtual environments.
• Generic methods for extracting data in a virtual environment.
• Review of a mobile phone or tablet.
• Storing information on mobile devices.

Investigation tools and methodologies

• Enumeration and examination of computer hardware and software components.
• Selection and testing of investigation technologies.
• Analysis and selection of suitable procedures for investigation operations 'investigation.
• Discovery, documentation and return of evidence on site.
• Analysis and consideration of the context.

Certification exam

• Domain 1: scientific principles specific to computer investigation.
• Domain 2: fundamental principles of computer investigation.
• Domain 3: structure of computers.
• Domain 4: operating systems and file structures.
• Domain 5: investigation of networks, in the Cloud or in virtual environments.
• Domain 6: network and mobile device investigation.
• Domain 7: investigative tools and methodologies.
• Domain 8: examination, acquisition and preservation of electronic evidence.
• Exam 3 hour exam.

Description

This training, both theoretical and practical, presents the most advanced attack techniques to date and shows how to deal with them. From attacks carried out on identified targets (Web servers, clients, networks, firewalls, databases, etc.), the participant will learn how to trigger the appropriate response (anti-Trojan filtering, filtering of malformed URLs, spam detection and real-time intrusion detection with IDS probe).

Who is this training for ?

Training objectives

Identify and understand analysis and detection techniques
Acquire the knowledge to deploy different intrusion detection tools
Implement intrusion prevention and detection solutions
Manage an intrusion incident
Know the legal framework

Training program

The world of IT security

• "Official" definitions: hacker, hacking.
• The community of hackers in the world, the "gurus", the "script kiddies".
• The hacker's state of mind and culture.
• Conferences and major security sites.
• Practical work Underground navigation.
• Know how to locate useful information.

TCP/IP for firewalls and intrusion detection

• IP, TCP and UDP from another angle.
• Focus on ARP and ICMP.
• Forced routing of IP packets (source routing).
• IP fragmentation and reassembly rules.
• The usefulness of serious filtering.
• Securing your servers: an imperative.
• Parades by technology: from filtering router to stateful inspection firewall; from proxy to reverse proxy.
• Quick overview of solutions and products.
• Practical work Visualization and analysis of classic traffic.
• Use of different sniffers.

Understanding attacks on TCP/IP

• IP "Spoofing".
• Denial of service attacks.
• TCP sequence number prediction.
• Theft of TCP session: Hijacking (Hunt, Juggernaut).
• Attacks on SNMP.
• Attack by TCP Spoofing (Mitnick): demystification.
• Practical work r nInjection of packets manufactured on the network.
• Use of the participants' choice of graphical tools, Perl, C or dedicated scripts.
• Hijacking of a telnet connection.

Intelligence Gathering : l'art du camouflage

• Search for traces: querying Whois databases, DNS servers, search engines.
• Identification of servers.
• Understanding the context: analyzing the results, determine the filtering rules, specific cases.
• Practical work Search using non-intrusive techniques for information on a potential target (participants' choice).
• Use of network scanning tools.

Protect your data

• "Clear" password systems, by challenge, encrypted.
• An update on authentication under Windows.
• Reminders about SSH and SSL (HTTPS).
• Sniffing a switched network: ARP poisoning.
• Attacks on encrypted data: "Man in the Middle" on SSH and SSL, " Keystoke Analysis" on SSH.
• Sniffer detection: advanced tools and methods.
• Password attacks.
• Practical work Decryption and SSH session theft: "Man in the Middle" attack.
• Password cracking with LophtCrack (Windows) and John The Ripper (Unix).

Detect trojans and backdoors

• State of the art of backdoors under Windows and Unix.
• Setting up backdoors and trojans.
• Downloading scripts on clients, exploitation of browser bugs.
• The "Covert Channels": client-server application using ICMP.
• Example of communication with distributed Denial of Service Agents.
• Access private information with your browser.

Defend online services

• Taking control of a server: searching for and exploiting vulnerabilities.
• Examples of setting up "backdoors" and removing traces.
• How to bypass a firewall (netcat and bounces)? The search for denial of service.
• Distributed denials of service (DDoS).
• Buffer overflow attacks ).
• Exploitation of vulnerabilities in the source code.
• Similar techniques: "String Format", "Heap Overflow".
• Vulnerabilities in Web applications.
• Theft of information from a database.
• RootKits.
• Practical work Exploitation of the bug used by the worm "Code Red".
• Obtaining a root shell by different types of buffer overflow.
• Testing a denial of service (Jolt2, Ssping).
• Using netcat to bypass a firewall.
• Using "SQL Injection" techniques to break web authentication.

How to manage an incident?

• The signs of a successful intrusion into an IT system.
• What did the hackers obtain? How far did they go? How to react to a successful intrusion? Which servers are affected? Know how to find the entry point and fill it.
• The Unix/Windows toolbox for finding evidence.
• Cleaning and returning compromised servers to production.

Conclusion: what legal framework?

• The appropriate response to hackers.
• French law on hacking.
• The role of the State, official bodies.
• What to expect from the Central Crime Control Office (OCLCTIC)? The search for evidence and perpetrators.
• And in an international context? The intrusive test or domesticated hacking? Stay within a legal framework, choose the service provider, be sure of the result.

Description

Intrusion on company servers represents a major risk. It is essential to understand and apply the technologies and products to provide a sufficient level of security to deployed applications and more particularly to risky applications such as extranet services and messaging. Resolutely pragmatic, this course will provide you with the keys to protecting an online service based on concrete examples of attacks and appropriate responses.

Who is this training for ?

Training objectives

Training program

Introduction

• Analysis of the exam themes.
• Suggested methods.
• Practice network slicing.
• Build troubleshooting skills based on scenarios.
• Scenario Intensive test session in conditions similar to the exam with collective use of the results.

Constituents of a web application

• The elements of an N-tier application.
• The HTTP front-end server, its role and its weaknesses.
• The intrinsic risks of these components.
• The major players in the market.

The HTTP protocol in detail

• TCP, HTTP, persistence and pipelining callbacks.
• The GET, POST, PUT, DELETE, HEAD and TRACE PDUs.
• Header fields , status codes 1xx to 5xx.
• Redirection, virtual host, proxy caching and tunneling.
• Cookies, attributes, associated options.
• The authentications (Basic, Improved Digest.
• ).
• http acceleration, proxy, Web balancing.
• Protocol attacks HTTP Request Smuggling and HTTP Response splitting .
• Practical work Installation and use of the Wireshark network analyzer.
• Using a specific HTTP analysis proxy.

Web application vulnerabilities

• Why are web applications more exposed?rnThe major risks of web applications according to OWASP (Top Ten 2010).
• Cross Site Scripting attacks
• ).
• Exploitation of vulnerabilities on the HTTP front end (Nimda worm, Unicode flaw.
• ).
• Attacks on standard configurations (Default Password, Transversal Directory.
• ).
• Practical work rnCross Site Scripting attack.
• Exploitation of a flaw on the http front-end.
• Bypassing authentication by SQL query injection.

The network firewall in the protection of HTTP applications

• The network firewall, its role and functions.
• How many DMZs for an N-Tier architecture?rnWhy is the network firewall not capable of ensuring the protection of 'a web application?'}

Securing flows with SSL/TLS

• Reminders of the cryptographic techniques used in SSL and TLS.
• Manage your server certificates, the X509 standard.
• What does the new X509 EV certificate provide? Which certification authority to choose? SSL flow capture and analysis techniques.
• The main flaws in X509 certificates.
• Using a reverse proxy to SSL acceleration.
• The benefits of HSM crypto hardware cards.
• Practical work Implementation of SSL under IIS and Apache.
• Attacks on HTTPS streams with sslstrip and sslsnif.

System and software configuration

• The default configuration, the major risk.
• Rules to follow when installing an operating system.
• Linux or Windows.
• Apache or IIS? How to configure Apache and IIS for optimal security? The case of Middleware and the database.
• Vs.
• D.
• S.
• (Vulnerability Detection System).
• Practical work Web front-end security procedure (Apache or IIS ).

Principle of secure development

• Development security, what budget? Security in the development cycle.
• The role of client-side code, security or ergonomics? Control of the data sent by the customer.
• Fight against "Buffer Overflow" type attacks.
• The development rules to respect.
• How to fight against risks residuals: Headers, malformed URL, Cookie Poisoning.
• ?

User authentication

• Authentication via HTTP: Basic Authentication and Digest Authentication or by the application (HTML form).
• Strong authentication: X509 client certificate, SecurID Token, Mobilegov digital DNA.
• Other software authentication techniques: CAPTCHA, Keypass, etc.
• Password attacks: sniffing, brute force, phishing, keylogger.
• Attack on session numbers (session hijacking) or on cookies (cookie poisoning).
• Attack on HTTPS authentications (fake server, sslsniff, X509 certificate exploit.
• ) .
• Practical work "Man in the Middle" attack on user authentication and session theft (session hijacking).

The “application” firewall

• Reverse-proxy and application firewall, details of the functionalities.
• What are the contributions of the application firewall to the security of websites? Insert an application firewall on a system in production .
• Market players.
• Practical work Implementation of an application firewall.
• Security policy management.
• Attacks and results.

Description

This advanced training course will allow you to enrich your skills to protect yourself and better react to the many threats on the Web. You will see how to audit the security of your applications, test them and implement the most appropriate countermeasures.

Who is this training for ?

Training objectives

Training program

Reminder of the main security vulnerabilities

• Cross-Site Scripting (XSS) attack.
• Command injection and SQL injection.
• Denial of Service (DoS) attacks.
• Distributed Denial of Service (DDoS).
• Buffer overflow.
• The OWASP project (Open Web Application Security Project).
• Practical work Setting up a Web server with vulnerabilities to observe its behavior.
• Demonstration of the exploitation of a buffer overflow.

Application security

• Basic concept and importance.
• The accounts created to carry out the tests.
• The fictitious folders, can we do without them? The sequences of tests and development are they still present in production?

Audit and secure a web application

• Approach and set up an audit.
• Properly manage interaction with the database.
• Set up secure authentication.
• Exploitation of an authentication flaw.
• Management of errors, exceptions and logs.
• Know how to analyze and correlate log information .
• Good practices for having secure forms.
• Example of using a poorly developed form.
• Practical work Implementation of a three-tier infrastructure, client, Web server and databases.
• Simulation of an attempted attack.
• Analysis and solution.

Encryption

• Reminders of the basic principles.
• Implement encryption in an application.
• Possible exploitations.
• Test if an application is well protected by encryption.
• Encryption applications on the market.
• Practical work Implementation of a private certification authority with integration of certificates into an application.

Test applications

• How to test before putting into production.
• Fingerprinting: identifying the characteristics of the server (web engine, framework, applications).
• Using a web spider to detect broken links, pages with or without authentication and encryption.
• How to measure the availability of an application with a simulation.
• Practical work Example attempt attacks and fingerprinting.
• How to write a web spider to detect broken links.
• Check authentication on pages.

Description

This training will allow you to acquire all the techniques and methodologies necessary to take the exam to obtain CCSA R77 certification. You will learn how to set up a security policy, address translation (NAT) and the Intrusion Prevention System (IPS) module.

Who is this training for ?

Training objectives

Training program

Introduction

• Check Point products.
• What's new in version R77.

Operation and installation

• The architecture in distributed mode and in standalone mode.
• The management server.
• The SIC protocol.
• The commands backup and restoration.
• Presentation of the Gaïa system.
• Practical work Installation of Check Point R77.

Implementation of a security policy

• Getting started with SmartConsole.
• Start and use SmartDashboard.
• Security policy.
• Managing rules.
• Practical work Installation of SmartConsole.
• Create objects.
• Create a security policy.
• Activate anti-spoofing.

Address translation (NAT)

• Address translation rules.
• NAT "static" and NAT "hide".
• ARP management.
• Practical work Setting up automatic NAT of the "hide", "static" type and manual transaction rules.

Monitoring and log management

• The log management policy.
• Track connections with SmartView Tracker.
• The SmartView Monitor, features and alert thresholds.
• Practical work Example of log management.
• Block intrusions with SAM (Suspicious Activity Monitor).

R75 client authentication

• Identity Awareness.
• Application Control.
• Old authentication methods.
• Practical work Setup of Identity Awareness.

Site-to-site VPN and nomadic VPN

• The architecture of the VPN.
• The basics of encryption.
• Introduction to IKE and IPSec.
• The certificate authority ( CA).
• The Domain-Based VPN.
• The SecureClient and the SSL Network Extender.
• Practical work Setting up a tunnel Site-to-site IPSec by preshared key and certificate.
• Configuring remote access with IPSec VPN and SSL VPN.

The IPS module

• Presentation of IPS.
• Web Intelligence.
• Application Intelligence.
• IPS and IDS security profiles.
• Practical work Example of protection against vulnerabilities with the IPS module.

Description

This training will allow you to acquire all the techniques and methodologies necessary to take the exam to obtain CCSE R77 certification. You will learn how to implement advanced clustering, high availability and quality of service (QoS) mechanisms.

Who is this training for ?

Training objectives

Training program

Operation, Check Point R77 update

• Check Point R77 update.
• Update compatibility.
• Upgrade tools.
• Presentation of Database Revision Control .
• Practical work Installation of systems and updating to R77.

Identity Awareness et Application Control

• The limits of a classic firewall by IP and by port.
• Access control.
• The four Identity Awareness R77 authentication methods.
• Check Point 3D Security.
• The HTTPS Inspection.
• The "AppWiki".
• The URL Filtering.
• Practical work Implementation of Identity Awarness and Application Control.

The SecurityCore acceleration module

• Presentation of the new SecurityCore acceleration module.
• Accelerating connections with SecureXL.
• The SecureX module and accelerating sessions.
• The case of http.
• CoreXL technology.
• How SecureXL and CoreXL work simultaneously.

Le clustering Check Point

• The high availability of the Management Server.
• The redundancy of the firewalls.
• The ClusterXL High Availability (Active/Passive).
• The ClusterXL Load Sharing (Active/Active).
• VMAC and ARP issues.
• The VRRP.
• SecureXL vs VRRP comparison.
• Practical work Setting up a high availability cluster and Load Sharing.

VPN and advanced routing

• VPN routing.
• Route-Based VPN.
• Dynamic routing with RIP, OSPF and BGP routing protocols.
• The operating modes of Wire Mode.
• Directional VPN Route Match.
• Link Selection and VPN redundancy.
• Traditional/simplified VPN.
• The Tunnel Management.
• Practical work Implementation of the Route-Based VPN solution.

Advanced Firewall

• Tools: Dbedit and guiDBedit.
• System files.
• Log management.
• Recovering a CPInfo file.
• Example of using "InfoView" and "Confwiz".
• SIC, ICA and certificates.
• Processes Check Point.
• Tcpdump.
• The fw monitor command.
• Practical work Using debug tools.

Description

This training will introduce you to the new features brought by the latest version of Check Point products, version R77. At the end, you will be able to set up and manage a security policy, address translation (NAT) or the Intrusion Prevention System (IPS) module.

Who is this training for ?

Training objectives

Install and configure Check Point R77
Implement a security policy
Block intrusions with SAM (Suspicious Activity Monitor)
Implement Check Point Mobile

Training program

Introduction

• Check Point products.
• Components.
• New features in version R77.

Operation and installation

• The architecture in distributed and standalone mode.
• The management server.
• The SIC protocol.
• Presentation of the Gaia system .
• The command line interface (CLI).
• Backup and restore commands.
• Practical work Installation of Check Point under Gaïa in version R77.

Implementation of a security policy

• Getting started with SmartConsole.
• Start and use SmartDashboard.
• Managing administrators and profiles.
• Security policy.
• Rules management.
• Practical workrnInstall SmartConsole.
• Create objects and a security policy.
• Activate the 'anti-spoofing.'}

Address translation (NAT)

• Address translation rules.
• NAT "static" and NAT "hide".
• ARP management.
• Practical work Setting up automatic NAT of the "hide", "static" type and manual transaction rules.

Monitoring and log management

• The log management policy.
• Track connections with SmartView Tracker.
• The SmartView Monitor, features and alert thresholds.
• Practical work Setting up automatic NAT of type "hide", "static" and manual transaction rules.

R77 client authentication

• Legacy methods of authentication.
• Identity Awareness.
• Application Control.
• Authentication: captive portal, Identity Agent, Active integration Directory.
• Practical work Implementation of Identity Awareness.

Site-to-site VPN and nomadic VPN

• The architecture of the VPN.
• Encryption basics.
• Introduction IPSec, the certification authority.
• The authority of certification (CA).
• Domain-Based VPN, heavy client mode.
• Authentication modes in Mobile Access: Check Point Mobile, SSL/SNX, .
• Practical work Setting up a site-to-site IPSec tunnel.
• Configuring remote access via IPSec VPN.
• Activation and implementation in place of Check Point Mobile.

The IPS module

• Presentation.
• Vulnerabilities and security flaws.
• Implementation of a security profile.
• Geo-Protection, inspection HTTPS.
• Other modules: Data Leakage Prevention, QoS, .
• Practical work Example of protection against vulnerabilities with the IPS module.

Description

This training provides all the knowledge necessary for optimizing the application and setting up clustering and high availability mechanisms. It details the use of numerous advanced configuration options such as quality of service (QoS), redundancy, etc.

Who is this training for ?

Training objectives

Training program

Check Point R75/R76 Update

• Update compatibility.
• Upgrade tools.
• Presentation of Database Revision Control.
• Practical work Installation systems and update to R75/R76.

Identity Awareness et Application Control

• The limits of a classic firewall by IP and by port.
• Access control.
• The four Identity Awareness R75 authentication methods/ R76.
• Check Point 3D Security.
• The "AppWiki".
• The URL Filtering.
• The HTTPS Inspection .
• Practical work Implementation of Identity Awareness and Application Control.

Le clustering Check Point

• The high availability of the Management Server.
• The redundancy of the firewalls.
• The ClusterXL High Availability (Active/Passive).
• The ClusterXL Load Sharing (Active/Active).
• VMAC and ARP issues.
• The VRRP.
• SecureXL vs VRRP comparison.
• Practical work Setting up a high availability cluster and Load Sharing.

VPN and advanced routing

• Debugging VPN.
• VPN routing.
• Route-Based VPN.
• Dynamic routing with RIP routing protocols , OSPF and BGP.
• Wire Mode operating modes.
• Directional VPN Route Match.
• Link Selection and VPN redundancy.
• Traditional/simplified VPN.
• Tunnel Management.
• Practical work Setting up Route-Based VPN.

Advanced Firewall

• Tools: Dbedit and guiDBedit.
• System files.
• Log management.
• How to use the CPinfo tool? Example of using "InfoView" and "Confwiz".
• SIC, ICA and certificates.
• Check Point processes.
• The very powerful Tcpdump command line packet analyzer.
• The fw monitor command.
• Practical work Using debugging tools.

Description

This training will teach you how to deploy the Fortinet security solution to protect your corporate network. At the end, you will be able to install it and will master the essential elements of its configuration, including application filtering, VPNs and high availability.

Who is this training for ?

Training objectives

Describe the FortiGate functionalitiesImplement an SSL and IPSEC VPN
Install and configure the firewall
Implement a network and application filtering strategy
Implement the high availability of FortiGate

Training program

Introduction

• Firewall technologies and characteristics.
• The architecture.
• The FORTINET product family.
• The components of the Appliance.

Configuration et administration

• Administrative tasks.
• CLI/GUI and FortiManager modes.
• The installation procedure.
• Getting started main interface.
• Practical work Install and configure the firewall.

Network filtering and application filtering

• The firewall's access control policy.
• Address and port filtering.
• Define a filtering policy.
• Rules management.
• Content filtering and pattern detection.
• URL filtering.
• Advanced options.
• Anti-spam filters.
• SMTP protocol control.
• Attached files.
• Protection profiles.
• L 'antivirus.
• Blocking by file extension.
• Practical work Implementation of a network and application filtering strategy.

NAT and routing

• NAT/Route/Transparent usage modes.
• Static routing and dynamic routing.
• Which routing policy should be put in place? rnPractical work rnSetting up a routing policy.
• Authentication with AD or Radius.

VLANs and Virtual Domains (VDOM)

• Reminders on the concept of VLAN.
• When to use it? Administration and supervision.
• InterVDOM routing.
• Practical work Installation and configuration of VLAN and VDOM.

VPN with IPSEC

• IPSEC reminders.
• The site-to-site IPSEC VPN.
• Interface mode and tunnel mode.
• The IPSEC VPN client to site.
• The "FortiClient" client.
• Xauth authentication.
• Tunnels with the pre-shared key.
• Practical work Configure an IPSEC tunnel.

VPN with SSL

• Reminders about the SSL protocol.
• Tunnel mode and Portal mode.
• Choose the appropriate mode.
• Practical work SSL tunnel configuration in portal and tunnel mode.

High availability

• The concepts of high availability.
• The active-passive/active-active mode.
• Meet the needs of the business.
• Practical work Implementation of active/passive FGCP high availability.

Description

How to motivate your team other than through salary? All motivation strategies are based on communication, relationships of trust, cohesion, and empowerment through delegation. This training will give you all the keys to making your team efficient by using the levers of motivation.

Who is this training for ?

Training objectives

Adapt your management to the personalities of your team
Formalize common objectives
Communicate directives and explain them clearly
Find motivation levers for your employees
Empower your employees through delegation
Manage difficult personalities

Training program

Establish common references with your team

• Know the different management styles: directive, persuasive, participatory or delegative.
• Find your own management style.
• Define your strengths and areas for progress .
• Adapt your management to the context and personalities.
• Discover the notion of situational leadership.
• Formalize common objectives: define objectives and performance levels corresponding (SMART objectives).
• Communicate, monitor and control the objectives set for individuals and the team.
• Practical work Case studies and collective reflection on leadership of a manager.

Lead your team

• Locate the role of the team in the company: vision, strategy, resources.
• Develop your image as a leader: use your emotional intelligence, know how to communicate in public, know how to adapt.
• Successfully integrate newcomers into the team: welcoming and building confidence.
• Managing difficult personalities: different types of personalities and behaviors.
• Promote speaking out and recognize initiatives.
• Know how to channel them and use them wisely.
• Have changes accepted and remove obstacles and individual resistance and collectives.
• Practical work Filmed and debriefed situations: animation of team meetings with various types of collaborators (easy, difficult).

Know how to communicate

• Communicate directives: structure your thoughts and ideas, take ownership of decisions and explain them clearly.
• Know how to deal with unforeseen events in a positive way.
• Be convincing: involve your audience and argue to persuade.
• Handle objections: know how to rely on them to assert your point of view.
• Communicate on negative points: reframe without demotivating, announce bad news and managing a disagreement.
• Practical work Filmed communication exercises.

Succeed in win-win negotiations

• Opt for a strategy based on consensus: the notion of life positions.
• Discover the employee's vision: spontaneous listening, active listening, questioning and reformulation.
• Develop a personalized argument, adapt your response to your interlocutor.
• Practical work Negotiation exercises: identification of what is negotiable and what is not, identification of real issues .

Create trust

• Share your vision and values: vision/values ​​distinctions and consistency between the two.
• Give the group the means to act, be a resource provider.
• Develop the creativity of your team: brainstorming and other methods of developing creativity.
• Get beyond individual logic in favor of teambuilding: cohesion and team spirit.
• Practical work Case study and collective reflection around the construction of belonging to a team.

Use the levers of motivation

• Take into account the individual needs and find the motivation levers of your employees.
• Adopt a method of communication adapted to each type of employee.
• Create a stimulating atmosphere: celebrate events and successes.
• Positive changes.
• Propose concrete tools: benefits, bonuses, promotions, projects, working conditions.
• Practical work Participants identify the causes of motivation, demotivation, non-motivation in their team.
• Identification and proposals for implementing tools to remedy them.

Dare to delegate

• Understand and identify the issues of delegation: giving power while maintaining responsibility for actions.
• Know what can be delegated and what cannot be.
• Distinguish between delegating and executing.
• Empower your employees through delegation: to whom to delegate? Communicate and support the delegation: the delegation interview, the delegatee's acceptance .
• Manage the delegation: develop a verification schedule and keep control of the planning Practical work Scenario: setting up a delegation, delegation interview and monitoring of actions.

Build your personal action plan for progress

• Highlight your personal talents and areas for improvement.
• Set yourself objectives.
• Determine measurement criteria and points of vigilance.
• Exercise: Construction of a personal progress action plan.

Description

This internship will allow you to acquire the main techniques for implementing teleworking in your company. You will understand the different facets, in particular the actors involved, the remote management of a teleworker and the use of mobile tools.

Who is this training for ?

Training objectives

Know the legal framework and the different types of teleworking
Manage the organization of work and time of a teleworking team
Establish quality communication, even remotely
Take into account company stakeholders and health obligations and security

Training program

The evolution and legal framework of teleworking

• Definition of teleworking.
• Teleworking and time sharing.
• Development of teleworking in France and elsewhere.
• Legal framework in full evolution.
• National Interprofessional Agreement (ANI) on teleworking.
• Recent case law on teleworking.
• Addendum to the employment contract.
• Exercise: Take a quiz on the legal aspects of teleworking.

The different facets of teleworking

• When the employee works at home.
• Coworking, telecenter.
• Robot portrait of the teleworker.
• Professions concerned in his company.
• Main obstacles and advantages of teleworking.
• Main advantages of teleworking.
• Teleworking, another way of working.
• Exercise: Respond to a project management tool to determine the challenges of this approach and the representation of teleworking in your company.

Remote management

• Role of the manager of a teleworker.
• Robot portrait of the ideal manager for remote management.
• Implement teleworking in a team already in place .
• Recruit a team.
• Manage a mixed sedentary and teleworking team.
• Manage your entire team remotely.
• Lead a internal network: the main rules.
• Interest of operating in a network: developing collaborative work and tools.
• Exercise: Provisional planning of major stages with the participants according to their management context.

The tools and actors involved

• Use of nomadic tools.
• Advantages of Web 2.
• 0.
• Securing the data in question.
• Set up an Internet Charter.
• Set up a teleworker: choice of location and mode of communication.
• Organization of work.
• Professional life balance / private life.
• Stakeholders involved: vision of managers, Human Resources department, Staff Representative Bodies.
• Exercise: Team game on the benefits of teleworking in his company.
• Mapping the actors of his company.

Description

Open space must be associated with a management policy and an appropriate organization. This training allows managers to acquire the right reflexes to best organize the work environment in order to avoid stress, tensions and conflicts.

Who is this training for ?

Training objectives

Organize the work environment in open space
Identify and analyze cohabitation issues
Anticipate potential conflicts linked to community living
Motivate your colleagues without making them feel monitored
Reexamine the organization of work and reflect to support

Training program

Diagnosis of open spaces: open space lived and not dreamed of

• History of open spaces: from the textile workshop to desk sharing.
• Analysis of the fashionable model: the friendly, daring open space,
• Illusion of good humor: hidden stress, positive attitude.
• Illusion of exchanges: wearing a headset, internal chat.
• Illusion of a space democratic from transversal management (geographical and material hierarchy).
• Identification and analysis of cohabitation issues.
• Exercise: rnQuiz show and slideshow on open space.
• Presentation and analysis of open space plans by the participants.

Conflict and stress management in open space

• Anticipate potential conflicts linked to living in a community (noise, smell, agitation, light.
• ).
• Prevent the risks of isolation.
• Detect internalized suffering, linked to the "positive attitude".
• Optimize the circulation of information and instructions: NICT and management.
• Exercise: rnRole games based on scenarios focused on conflict resolution.
• Guide for analyzing delicate situations.

Challenges of transparency in open space

• Preserve your bubble without isolating yourself.
• Motivate your colleagues without making them feel watched.
• Remobilize around work and not on showmanship of work.
• Analyze visibility strategies in these panoptic spaces subject to surveillance logic.
• Analyze policies for creating a good atmosphere at work: (lounge spaces, daily croissants.
• ).
• Exercise: Role playing based on scenarios.
• Example: attitude towards an employee " overfacebooké", use of K-Party.

Planning is management

• Rethink your work organization and think about human support for your employees.
• Reflection before designing plans.
• Best practices to optimize communication in open space.
• Downstream establishment of rules of common life.
• Exercise: Educational refresher workshop based on participants' open spaces.

Description

Communication is a management lever that impacts the quality of life at work, the prevention of psychosocial risks and collective performance. This training will allow you to master the main techniques for effectively conveying your messages and managing conflicts.

Who is this training for ?

Training objectives

Develop effective communication adapted to your management context
Acquire skills and tools useful for good managerial communication
Master the emotional dimension of communication
Know how to communicate in your daily life as a manager and in difficult situations

Training program

Develop your posture as a “communicating manager”

• Identify your preferred mode of communication.
• Identify your listening style according to Porter's study.
• Increase your potential and identify your areas of progress.
• Measure the impact of managerial communication on work efficiency.
• Identify good managerial communication practices.
• Practical work Self-diagnosis on his preferred mode of communication.
• Case study of interpersonal communication.

Optimize communication with colleagues

• Identify the communicator typologies of your employees.
• Discern the needs of your employees: the MASLOW pyramid.
• Appropriate the principles of non-public communication violent (C.
• N.
• V).
• Practice active listening techniques to communicate well.
• Take into account takes into account non-verbal communication.
• Practical work Behavioral scenarios on active listening and non-violent communication techniques.
• Video: analyzing the semiology of communication non-verbal.

Master the emotional dimension of managerial communication

• Define the role of emotion in managerial communication.
• Analyze our emotional reactions and those of our employees: main strengths and obstacles.
• Understand the messages delivered by emotions to create connections and communicate better.
• Practice managing emotions on a daily basis.
• Practical work Case study on emotions and their manifestations at work .
• Exercise: anchoring.
• Role playing: deciphering emotions and identifying associated behaviors.

Knowing how to communicate in your daily life as a manager

• Communicate in difficult situations with tool D.
• E.
• S.
• C.
• Know how to say no.
• Practice the reframing interview and feedback techniques.
• Know how to break bad news to a colleague or their group.
• Write your individual action plan: set objectives and desired results.
• Scenarios Scenarios filmed based on real-life professional scenarios.
• Debriefing in a group on the behaviors implemented.

Description

This training will allow you to understand the basics of workplace ergonomics in an industrial environment. It will show you how to identify arduousness factors, create analysis grids, etc., with a view to implementing an approach to improving working conditions.

Who is this training for ?

Training objectives

Numerous concrete cases and feedback, to reflect on the application to your own context
The ergonomic diagnosis of a workstation
An example of an approach methodology for successful implementation in a work situation
A field trainer for an operational approach

Training program

Presentation of ergonomics: discipline and preconceived ideas

• Know the basics of ergonomics: history, general presentation, main trends.
• Distinguish the different disciplines in ergonomics (biomechanics, cognitive, sociology, psychology, anthropometry).
• Understand the underlying model and the main notions (activity, regulation, system.
• ).
• Acquire approach and methodology: analysis of the task and the activity, identification of arduousness factors.
• Practical work Analysis of a work situation based on a few films.
• Production of a first draft of the analysis of the task.

Acquire benchmarks for “simple” job evaluation

• Know the main standards in force in the context of industrial work: understanding and limits.
• Use the workstation evaluation tools or grids (Niosh, Orege, METEO grid of PSA, AFPI.
• ).
• Locate the important and simple criteria to take into account in a work situation.
• Practical work Creation of 'a succinct analysis grid.
• Application of the evaluation grid on a position presented in the videos.
• The results and uses of the grids will be discussed in a group.

Implement a process to improve working conditions

• Determine the actions to be implemented, plan and monitor them.
• Use monitoring tools and methods (job mapping, action plan) and animation (groups monitoring).
• Evaluate the conditions for the success of an ergonomics approach.
• Reflection on the positioning of ergonomics.
• Know the methods of certification in ergonomics: the conditions for obtaining and the approach to implement.
• Practical work Exchange with participants on the approaches implemented in their respective companies, the difficulties encountered and the conditions of success.

Description

Establishing a culture of continuous improvement is a project in itself because it has repercussions throughout the organization. This training will teach you in particular how to structure and manage the deployment of a Lean policy in your company.

Who is this training for ?

Training objectives

Structuring the deployment project
Establishing the project roadmap
Managing the project over time
Communicating and leading around the project
Mastering the key success factors for a successful and lasting deployment

Training program

Context and challenges

• Reminder of the fundamental principles of Lean Management.
• Identify the risks incurred in not structuring and anticipate its deployment.
• Become aware of the importance of support from Management.
• Understand the origins of the concept of policy deployment (Hoshin Kanri).
• Identify the main issues of policy deployment.
• Exercise: rnBased on a simple and concrete example, research work by the participants of what could be the 7 main stages of a deployment project.

Carry out an inventory of the current situation

• Lay the foundations of the entire project and put in place all the conditions necessary for success.
• Focus on the three key elements of this phase: lucidity, involvement of all , communication.
• Follow the procedure of the initial diagnosis: choose who evaluates, on what criteria and in what way.
• Use the summary of the inventory.
• Collective reflection Exchanges around the presentation of a real example by the facilitator.

Establish the vision

• Identify areas for progress consistent with continuous improvement themes.
• Explore the past to build on the company's values.
• Study the environment to establish objectives adapted to the market.
• Focus on the essential points.
• Characterize the objectives to be achieved.
• Practical work Individual work by each participant to establish what the vision of their company could be and presentation to the rest of the group.

Break down the strategy into targets and objectives

• Decrease the strategic objectives into indicators throughout the company.
• Establish the deployment roadmap.
• Set up the project team and the management structure .
• Communicate and launch the process officially.
• Exercise: Developing an indicator tree and a roadmap.

Deploy, monitor results and correct discrepancies

• Define the roles and missions of the different actors.
• Treat delays and resolve problems.
• Monitor results.
• Identify key success factors for a successful deployment.

Description

An essential step in the deployment of a culture of continuous improvement, the success and relevance of the initial diagnosis are key factors in the success of your Lean project. This training will teach you how to carry out all the stages of this diagnosis, from its preparation to its restitution.

Who is this training for ?

Training objectives

Understand the importance and objectives of an initial diagnosis
Know the themes concerned by the initial diagnosis
Master the operating procedure of the initial diagnosis
Carry out the synthesis and use the results of the initial diagnosis

Training program

Context and objectives of the initial diagnosis

• Reminder of the main principles of Lean Management.
• Reminder of the main stages of policy deployment.
• Identify the risks incurred by neglecting your initial diagnosis.
• Prepare the general organization of the diagnosis.
• Plan communication before, during and after the diagnosis.
• Exchanges Presentation of the contexts, issues and expectations of each person .

Prepare and organize the diagnosis

• Identify the scope of intervention and the participants.
• Define the different themes to evaluate during a diagnosis.
• Structure the evaluation grid.
• Harmonize the evaluation criteria and validate them beforehand.
• Practical work rnConstruction by the participants of a grid 'assessment for each theme.'}

Conduct interviews and field visit

• Carry out interviews.
• Put your interlocutor at ease.
• Avoid pitfalls.
• Carry out an effective and relevant field visit .
• Identify and evaluate the elements sought: 5S, visual management, compliance with standards.
• Practical work Work in groups of 2, carrying out interviews using the evaluation grid.