Our programmes
To register for preferred course(s), please contact us.
- Advanced data analytics
- Cybersecurity awareness training
- Cybersecurity drills
- Data privacy awareness training (focus on GDPR, PDPD)
- ISAE 3402/3000 (SOC 1/2) awareness training
- ISO 27001 IT Risk Treatment and Security controls
- Secure development for web applications (focus on OWASP)
Advanced data analytics
A training course with seven sessions, to cover intermediate and advanced knowledge regarding data analytics and data visualisation.
Objectives & Outcome
By the end of the course, participants will be able to:
- Use Python to wrangle, analyse and visualise data
- Understand and apply key statistical concepts to do predictive model projects
Agenda
Session 1: Overview of Python and Basic Code (4 hours)
- Purpose: Introduction to the Python programming language, which is one of the most widely used tools for statistics and data science
- Content: (1) Overview of Python and the Python IDE, (2) Installing and loading packages, (3) Working Directory, (4) Creating a project, (5) Basic code
Session 2: Data Wrangling (8 hours)
- Purpose: It has been stated that up to 80% of data analysis is spent on the process of cleaning and preparing data. This session will guide learners through the data-wrangling process, along with giving a solid foundation of the basics of working with data
- Content:
(1) Dealing with numbers:
+ Definition of Integer - Double
+ Generating sequences of non-random numbers, or of random numbers
+ Setting the seed, rounding numbers
(2) Dealing with strings: string basics, string manipulation
(3) Dealing with factors: creating, converting and inspecting, ordering level, revaluing level
(4) Dealing with dates:
+ Converting strings to dates
+ Creating date sequences
(5) Managing data frames, missing values, outlier values, import data and loading data
(6) Reshaping data:
+ Converting Long to Wide and vice versa
+ Splitting a single column into multiple columns and vice versa
(7) Transforming data: Select, Filter, Grouping, Performing statistic summary, Arrange, Join
(8) Report
(9) Exercise
Session 3: Data Visualisation (8 hours)
- Purpose: This session shows learners how to create the most common types of graphics and then shows if the graphs meet the needs. Most of the recipes use the Matplotlib library, a powerful and flexible way to make graphs in Python
- Content: (1) Layer & Grammar of Graphics, (2) Bar Graphs, (3) Line Graphs, (4) Scatter Graphs, (5) Summarised data distribution, (6) Annotation, (7) Axes, (8) Controlling the overall appearance of graphs, (9) Legend, (10) Facet, (11) Colour, (12) Advanced Graphs, (13) Exercise
Session 4: Statistical Learning Overview (4 hours)
- Purpose: This session introduces learners to an overview of statistical learning, including assumptions and theories
- Content: (1) Introduction about statistical learning: Trade-off between accuracy and model interpretability, (2) Assessing model accuracy: Bias - Variance trade-off, Measuring, (3) Linear Regression Theory and Exercise
Session 5: Logistic Regression (4 hours)
- Purpose: This session shows learners how to apply Logistic Regression in the real world, and provides the concept of sampling data
- Content: (1) Logistic Regression Theory and Exercise, (2) Resampling method: Cross-Validation & Bootstrap
Session 6: Tree-based method (8 hours)
- Purpose: This session introduces learners how to apply tree-based methods to predict a target business model
- Content: (1) Basics of Decision Trees, (2) Bagging, Random Forest, Boosting Theory and Exercise
Session 7: Unsupervised Learning (8 hours)
- Purpose: This session introduces learners to understanding the concept of Unsupervised Learning and its application in banking
- Content: (1) PCA, K-Mean and Hierarchical Clustering Theory and Exercise, (2) Market Basket Analysis Theory and Exercise, (3) RFM Analysis Theory and Exercise
Final Project Completion (4 hours)
- Purpose: The final session for learners to handle a complete project
- Content: Competition - Start a predictive modelling project from scratch
48 hours
Classroom / Virtual
Target audience
- Intermediate to advanced data analysis learners (People working in data analysis teams at banking or financial services organisations)
Cybersecurity awareness training
Increased security is the obvious reason why all businesses, big or small, should have employees of all levels learn the importance of protecting themselves and the company from "human exploits" and cyber-attacks. Many compliance regulations such as ISO, HIPAA, PCI, SOX, GDPR, and even some local regulations require cybersecurity training for all employees.
Objectives
The course aims to raise awareness about information security, good information security practices, and related policy in order to help prevent unintentional compromises of sensitive information and computing systems.
Outcome
By the end of this course, attendees will:
- Be confident in the decisions they make when creating new passwords, filtering through suspicious emails or browsing the internet.
- Have raised awareness levels and the practical skills needed to better protect your business from the dangers of data breaches, network attacks and ransomware threats.
Agenda
- Importance of security awareness
- Avoiding social engineering
- Using internet safely
- Securing your devices
1/2 day
Classroom / Virtual
Target audience
- IT Risk and Compliance team
- Business managers/ End-users
Cybersecurity drills
It's crucial that executive and professionals throughout the organisation understand the scope of the cyber threats they face and possess the necessary knowledge to respond quickly and effectively. In the event of a cyber-attack, it's crucial that senior professionals respond quickly and confidently. This is only possible if you have an organised Incident Response Plan in place and everybody knows what they're supposed to do next to mitigate the impact of the attack. Cyber training drills can keep your company’s IT and security staff in shape. Cyber exercises can improve cyber fitness, reduce stress due to uncertainty, and build your cyber resilient capability.
Objectives
The course will:
- Enable the participants to face Information & cybersecurity scenarios then to improve and establish readiness in dealing with the practiced threats.
- Raise the organisation’s readiness and involvement level in the event of an information & cybersecurity attack and to test the familiarity of the participants with, and effectiveness of, the relevant ‘Incident Response’ processes.
- Understand the key areas participants need to address in order to defend against and respond to information & cybersecurity incidents.
- Empower the organisation to adjust and enhance decision making procedures and strategies in the context of challenging Information & cybersecurity dilemmas and scenarios.
Outcome
By the end of the course, attendees will be able to:
- Effectively respond to Cyber Security attacks.
- Identify key gaps in the current business and information & cybersecurity policies, standards, processes, and their implementation that may result in financial, data or reputational loss.
Agenda
- Tailored scenarios of simulated attacks to the client's IT environments
1 day
Classroom
Target audience
- IT Security team (Red team/Blue team)
Data privacy awareness training (focus on GDPR, PDPD)
Data privacy and data protection have become front-and-center issues around the world, as individuals demand more control of their personal information, and organisations face greater information security threats and risks. And with more people working remotely, it’s more critical than ever to ensure that employees understand the rules and guidelines for using and protecting data and avoiding costly data breaches. Information security focuses on keeping all kinds of nonpublic information and systems safe. The consequences for data breaches, mishandling personal information and violating data privacy laws are serious and can involve fines, damage to an organisation’s reputation and loss of customer trust.
Objectives
The course aims to teach:
- Data privacy, with a focus on how personal information is collected and used.
- How to apply privacy awareness best practices. Equip your employees with the right knowledge and skills to make data protection a default behavior.
Outcome
By the end of this course, attendees will:
- Have broadened understanding of data privacy and the many rights and responsibilities it generates.
- Know how to safely handle personal information.
- Be able to support your organisation in fulfilling privacy obligations.
Agenda
- Overview of GDPR and PDPD
- GDPR and PDPD's detailed requirements
- How to conduct GDPR and PDPD compliance audit
1 day
Classroom / Virtual
Target audience
- IT Risk and Compliance team
- Internal Audit team
- Legal and Data protection team
ISAE 3402/3000 (SOC 1/2) awareness training
- An ISAE 3402/3000 (SOC 1/2) audit report provides detailed information and assurance about a service organisation’s internal controls based on their compliance with the ISAE (International Standard on Assurance Engagements) standards.
- SOC 1 audits, which relate to organisations’ ICFR (internal control over financial reporting), are conducted against the assurance standards ISAE 3402.
- SOC 2 audits, which are essential in regulatory oversight, vendor management programmes, internal governance and risk management, are conducted against the assurance standards ISAE 3000. It focuses on security, availability, processing integrity, confidentiality and/or privacy controls.
Objectives
The course aims to provide:
- Understanding of the differences between ISAE 3402 and 3000
- Understanding of how an ISAE audit is performed
- Understanding of how to prepare for an ISAE audit report
Outcome
By the end of the course, attendees will be able to:
- Choose the proper types of ISAE audit
- Understand all related internal controls in scope
- Prepare an ISAE 3402/3000 audit report properly
Agenda
- An overview of ISAE 3402/3000 (SOC 1/2) for IT Security risk assurance.
- SOC 1, 2 readiness assessment health check for SOC (Type 1 and 2) audits.
- SOC 1, 2, 3 – audit reporting overview.
- SOC 1, 2 internal controls overview.
1 day
Classroom / Virtual
Target audience
- IT Risk and Compliance team
- IT/Business Operations team
- IT Security team
ISO 27001 IT Risk Treatment and Security controls
This course will provide guidance on best practice for information security management to help you select, implement, and manage controls, policies, processes, procedures, and organisational structures’ roles and responsibilities.
Objectives
The course will:
- Help individuals be familiar with the guidelines needed to initiate, implement, maintain, and improve information security management in an organisation.
- Help select the controls needed for implementing an ISMS based on ISO/IEC 27001.
Outcome
By the end of the course, attendees will:
- Be able to demonstrate comprehensive knowledge and the ability to assess information security risks based on a formal risk assessment approach and select appropriate risk treatment options by applying relevant controls.
- Have the knowledge to implement information security controls based on ISO 27002
- Understand the process of performing periodic risk assessments and selecting the appropriate risk treatment options to help an organisation improve its information security approach
Agenda
- IT Security risk treatment options
- IT Security controls
1 day
Classroom / Virtual
Target audience
- IT Risk and Compliance team
- ISO/ISMS team
- IT Audit/Security team
Secure development for web applications (focus on OWASP)
Security on the web is becoming an increasingly important topic for organisations to grasp. Recent years have seen the emergence of the hacktivist movement, the increasing sophistication of online career criminals and now the very real threat posed by nation states compromising personal and corporate security. The Open Web Application Security Project gives us the OWASP Top 10 to help guide the secure development of online applications and defend against these threats.
Objectives
The course aims to:
- Enable attendees to incorporate security into the software development life cycle. Move security into your design and build phases by identifying common insecure code issues and embracing the mindset of a security professional.
- Teach understanding of your attackers and risks and mitigate issues at critical junctures in your code, including client, and server interactions.
- Teach how to prevent unauthorised access and data leaks with authentication and cryptography.
Outcome
By the end of the course, attendees will be able to:
- Describe each of the OWASP Top 10 risks and the common activities that might lead to the introduction of these vulnerabilities
- Explain how the issues can be exploited, as well as the security vulnerabilities they create for both standard and emerging technologies
- Understand how the OWASP top 10 threats may be mitigated
Agenda
- Web application security
- OWASP Top 10
- Threat modelling and Risk management
- Application mapping
- Authentication and authorisation attacks
- Session management attacks
- Application logic attacks
- Data Validation
- AJAX attacks
- Code review and security testing
- Web app penetration testing
- Secure SDLC
- Cryptography
3 days
Classroom (including hands-on labs)
Target audience
- IT Security team
- IT Application Development/Software team
- IT Risk and Compliance team
Get in touch
Nguyen Tran Minh
Business Development Manager, PwC's Academy, PwC Vietnam
Tel: +84 24 3946 2246, ext.4613