Security Posture Compliance, Assessment and Penetration Testing

It is critical for an organization to secure and protect their information system. Security posture assessment exposed potential threats to the information assets and it is a comprehensive evaluation of organization’s enterprise-wide networks environment with objective to mitigate risks and to establish ‘Defense-in-Depth’.

Information security is implemented by systems; policies and procedures in comply with ISO/IEC 27001:2013 Information Security Management System (ISMS). Therefore, the security posture assessment provides a thorough understanding on information security, follows with technical knowledge and skill sets.


  1. Identify the organization’s information security structure, mitigate risks and enhance overall security. Includes information security awareness and its benefits; introduction to ISO/IEC 27001:2013 requirements and controls for policies and procedures development;
  2. Establish network assessment skills to mitigate risks within and outside organization’s network infrastructure;
  3. Establish server and desktop security assessment skills by exposing the vulnerabilities of unsecured Windows and Linux systems;
  4. Establish web application security assessment skills; and
  5. Assess the weaknesses and vulnerabilities in target systems and demonstrate hacking attempts by exposing the tools and information that hackers use in underground activities


  1. Information security practitioners and professionals
  2. System and network administrators
  3. Web and application developers
  4. Penetration testers

ICT Policy Compliance & Physical Security Training

  1. Compliance Framework
  2. How to use the Framework
  3. How to check for compliance
  4. Physical Security
  5. Case studies
Network Security Assessment
  1. Common network vulnerabilities and mitigation
  2. Methodology and components in building secured network architecture,
  3. Data flow analysis
  4. Industry best practices
  5. Assessment methodology
  6. Hands-on and practical on network security assessment
Wireless Security Assessment
  1. Wireless Encryption Networks
  2. Wireless Discovery and Sniffing
  3. Wireless Penetration Testing
  4. Wireless Vulnerability Testing
  5. Wireless Traffic Assessment
  6. Hands-on and practical on wireless security assessment
Server and Desktop Security
  1. Server and desktop vulnerabilities investigation and exploitation
  2. Security assessment methodologies for both Windows and Linux environment
  3. Insight and in-depth explanation of reconnaissance approaches
  4. Mitigation and rectifications
  5. Hands-on scanning and enumerations
Web Application Security Assessment
  1. Web applications security assessment methodology
  2. Introduction to web application vulnerabilities
  3. Common web application vulnerabilities and recommendations
  4. Hands-on exercises

En. Muhammad Arman Bin Selamat
Malaysian Vulnerability Assessment Centre (MyVAC)

Muhammad Arman Bin Selamat is an information security analyst with extensive experiences in Web Application, Network and Computer Security. He has worked with various public and private sector as IT Executive and then served with CyberSecurity Malaysia as an IT Analyst since March 2008.

He has strong technical background and is good team player. He is highly motivated and has excellent analytical, decision making and problem-solving skills. He possesses expertise in programming using ASP, PHP, VB6 & VB.NET. He has an expertise on Web Application Security, Network Security and Host Security.

He also developed and delivered training for a wide range of government bodies and organizations to meet client needs. Through CyberSecurity Malaysia he hopes to support organizations in securing their network to achieve confidentiality, integrity and availability (CIA).

En. Ruhama Bin Mohammed Zain
Cyber Security Professional Development
CyberSecurity Malaysia

(CISSP, CISM, CSSLP, ISO27001 Lead Auditor, SANS GWAPT, SANS GPEN, SANS GMOB, CCNA Security) is a security practitioner with 9 years of experience. He has been involved in penetration testing and security assessment of diverse network environments ranging from small to large corporate networks. He has prepared findings and recommendations to mitigate vulnerabilities found during security assessment engagements. Currently he is involved in control system security assessment in CyberSecurity Malaysia.


  • 21 - 25 August 2023
  • 18 - 22 September 2023
*dates are tentative, unless specified


MYR4,000.00 (subject to 8% SST)

Please click here to register

Contact us to request for a quotation

30 CPD Point

Please submit the Certificate of Completion to Global ACE Certification at


Have any inquiries? Check out the FAQ