...
The trainings offered should provide detailed trainning on those tasks eliminating as many security risks as possible. The trainings should include e.g. technics to check for non-essential software programs which can be removed from the system, since they could provide "back-door" access to the system. Guest accounts should be closed, alternate boot devices disabled, only secure passwords allowed, no remote root access, monitoring of unauthorized access attempts, etc.
System operations
Training should focus on providing secure services to the user community. This includes but is not limited to secure authentication and authorization practices, recognizing breaches, scanning for vulnerabilities, patching, logging, intrusion detection, incident response and forensic practices.
Service lifecycle and secure practices during of each stage should be covered in-depth. These stages include requirement gathering, technology investigation, development, testing, deployment, production operation and retirement. It should also cover transitioning between stages.
Monitoring and logging
Forensics
...