Koolitus annab osalejatele arusaamise digiühiskonnas teenuste pakkumise olemusest, mõjuteguritest ja edu eeldustest. Õpitakse tundma makromajanduse trende teades, et see mõjutab avalike teenuse loomist ja pakkumist.

Koolitus käsitleb teenuse juhtimise põhikomponente, juhtimise eesmärke, võtmerolle ja erinevate osapoolte ülesandeid. Osalejad õpivad, mida tähendab olla „tark tellija“ ning kuidas väärtust loovaid teenuseid mõtestada – kellele ja kuidas tegelikult väärtust luuakse.

Koolitus tutvustab ka tööriistu ja meetodeid kliendi vajaduste kaardistamiseks, teenuste tulemuslikkuse hindamiseks ning kvaliteedi juhtimiseks. Koolitus toetab teadmiste rakendamist nii strateegilisel kui operatiivsel tasandil, mis aitaks luua kasutajakeskseid ning tulemuslikke teenuseid.

Rohkem informatsiooni projekti kohta leiate siit: https://www.bcskoolitus.ee/projekt/koolitusprogramm-tark-tellija/

Õppe maht

Kontaktõpe: 7 akadeemilist tundi  

Iseseisev õpe: 4 akadeemilist tundi (tuleb läbida enne kontaktkoolitust) 

Kokku: 11 akadeemilist tundi 

Õppekavarühm

0413 Juhtimine ja haldus

Sihtgrupp 

Regionaal- ja Põllumajandusministeeriumi haldusala asutuste tippjuhtkond ja keskastmejuhid.

Eeldused koolitusel osalemiseks 

Osaleja läbib teooria iseseisvalt enne kontaktkoolituse algust Digiriigi Akadeemias: 

• Teenusepõhise juhtimise alused (1 ak tund)
• Teenuse juhtimine: eesmärgistamine ja mõõdikute seadmine (1 ak tund)
• Kasutajate kaasamine teenuse arendamisel (1 ak tund)
• Teenusepõhine juhtimine: koostöö, rollid ja vastutused (1 ak tund)

Kontaktkoolituse teemad 

• Teenusmajandus 

•  Makromajanduse trendid (mis meie ümber toimub ja kuidas see meid mõjutab?) 

• Teenusjuhtimine 

• Väärtust loova teenuse põhimõtted  

• IT teenuste juhtimise põhimõtted 

Metoodika 

• Ümberpööratud klassiruum – osaleja läbib  teooria iseseisvalt Digiriigi Akadeemias  

• Loeng, praktilised näited, arutelud 

• Mängustamine (nt Kahoot, Slido jms) 

• Kogemusõpe (1-2-4-All meetod) 

• Töötoad 

• Harjutused  

Õpiväljundid 

• Osaleja oskab tuvastada ja analüüsida peamisi makromajanduse trende, mis mõjutavad avalikku sektorit ja majandust tervikuna ning, kuidas see mõjutab riigis digiteenuste pakkumist.  

• Osaleja saab aru mida tähendab digiühiskonnas teenuste pakkumine, mis selleks tarvis ning, mis on õnnestumise ja ebaõnnestumise valemid. 

• Osaleja saab aru, mis on tema roll digiühiskonnas asutuses, mis pakub avalikusele (digi)teenuseid.  

• Osaleja mõistab lõppkasutajale väärtust pakkuva tarkvaratoote juhtimise olulisust ja teab, miks seda peab rakendama avalikus sektoris ning mis on erinevate osapoolte rollid selle saavutamiseks. 

• Osaleja teab sobivaid meetodeid ja tööriistu, et hinnata ja mõõta kliendile väärtust loova teenuse juhtimise tulemuslikkust, oskab kirjeldada asutuse lõppklienti ning teab meetodeid lõppkliendi tegelike vajaduste väljaselgitamiseks.  

• Osaleja teab teenuste kvaliteedinäitajate üldisi põhimõtteid.  

• Osaleja suudab kasutada (IT) teenusjuhtimise põhiteooriaid, et mõista ja hallata avaliku sektori teenuseid. 

Koolituste toimumise kuupäevad ja registreerimine RTIP keskkonnas

• 11. juuni (Tallinn) – registreerumise LINK
• 07. august (Tallinn) – registreerumise LINK
• 13. august (Tallinn) – registreerumise LINK
• 14. august (Tallinn) – registreerumise LINK
• 28. august (Tartu) – registreerumise LINK

Service Hardening is about configuring services to reduce their attack surface. By combining various low priority configuration issues, an attacker may be able to gain access and even elevate in a system without leaving much traces behind. Training focuses on practices that can be applied to almost any service – without modifying the program code.

During the 2 day hands-on course experience the participants should form a good understanding of current attacker tool-set, attack types and methods. By experiencing the attacker mindset and point of view via hands-onexercises the participants not only will gain much higher appreciation for attack threats, but will be much more alert and better prepared for their own IT systems defence and security testing.

(veel …)

Web Application Security (WAS) is an eye-opening practical security course for anyone involved with development, testing and upkeeping of web applications on a daily basis.

Training days: 3-4 November & 10-11 November 2025

Training duration: a total of 4 days of highly practical information heavily mixed with hands-on labs: two days of Server-Side attacks (directly attacking the server itself) and two days of Client-Side attacks (attacks that incorporate the victim’s browser).

Target audience: WebApp developers, testers, QA, maintainers, team leads, project leads, web server or hosting providers / administrators, information security specialists and managers.

Teaching aids: Any operating system computer with permissions to install and configure applications.

Server-Side attacks module (2 days):

• Security, security related terminology
• Factors for calculating risk
• Information sources
• The HTTP protocol and communication, using intercepting proxies
• Web application architectures – REST vs “oldschool”
• Building a defense (user input, input validation, encoding, sanitization, defense layers)
• Authentication (passwords and hashes; rules, common misunderstandings and mythsrelated to passwords)
• Authorization (lacking access controls)
• Unintended information leakage (using search engines, metadata from files)
• Business logic issues
• SQL injection – detection, query and database structure identification, blind and partially blind attacks, incorrect defenses and bypasses
• Command injection
• Web server configuration issues
• Path traversal
• File inclusion attacks (LFI, LFI2RCE)
• File upload and processing (bypassing incorrect defenses, ZIP and XML features)
• Server-Side Request Forgery (SSRF)
• XML eXternal Entity (XXE)

Client-Side attacks module (2 days):

• Browser security policies and terminology
• Cross-Site Script (XSS) – what it is and what it is not
• Web Content Injection attacks (HTML injection, JavaScript injection)
• URL encoding, URL manipulation
• Referrer, Referrer-Policy
• Content Execution Attacks
• Web Content Execution from uploaded files (HTML, XMl, SVG)
• Serving files, Content-Disposition header
• Using 3rd party content
• HTTP response headers (Content-Security-Policy (CSP), X-Content-Type-Options, StrictTransport-Security)
• Browser storages
• Cookies, setup and parameter nuances
• Web Storage API
• Session, session hijacking and session fixation attacks
• Client-Side Request Forgery attacks
• Cross-Origin Resource Sharing (CORS), CORS-safelisted and pre-flight requests, related headers
• UI Redress Attacks (ClickJacking)

Training methods: Our course employs a dynamic blend of theoretical concepts and hands-on application. Through interactive lectures, engaging discussions, and immersive labs, participants actively experience web application security. Everyone, regardless of their background, will successfully complete the labs, either independently or with guidance from our expert instructors. By placing you in the attacker’s shoes within our dedicated lab environment, we transform theoretical knowledge into practical skills. Instructors leverage real-world case studies and storytelling from penetration tests to provide a vivid and relatable learning experience. This approach ensures that participants not only grasp the intricacies of security principles but also gain the practical know-how to navigate and secure real-world scenarios.

Ideology of this training: At the core of our course is the belief that understanding the offensive side is paramount to effective defense. The “Attack to Defend” motto encapsulates this ideology, emphasizing the importance of practical knowledge. We go beyond traditional approaches, challenging outdated terms and providing insights into cutting-edge techniques. The course is designed not just to teach security principles but to instill a proactive mindset, empowering you to anticipate and thwart potential threats.

Intended outcome: By the end of this course, participants will possess the expertise to architect inherently secure software, integrating robust defense mechanisms seamlessly into the development process.Security will be ingrained as a proactive element, enabling participants to identify vulnerabilities early and build resilient applications from the ground up. Whether you’re a security enthusiast, developer, or IT professional, this program equips you to confidently create digital landscapes where security is not an addition but an integral part of the development lifecycle.

Graduation Criteria: A graduate of the training receives a certificate if he performs all the practical exercises given during the training.  Participants who have not achieved the learning outcomes will be issued a certificate of participation in the training upon request.

Curriculum group: 0612 Database and network design and management.

More information read from here.

Koolituse eesmärk: 2. augustil 2024 jõustus tehisintellekti käsitlev määrus (EL) 2024/1689, mida hakati osaliselt rakendama juba alates 2. veebruarist 2025

Koolitus annab osalejatele vajalikud teadmised kehtivatest IT-sektori õiguslikest nõuetest, isikuandmete kaitse üldmääruse EL/2016/679 (IKÜM) ning  tehisintellekti üldmääruse EL/2024/1689 (TI-määrus) tingimustes.

Koolitusele on oodatud:

• IT-spetsialistid (arendajad, süsteemiadministraatorid), kes peavad oma töös arvestama õiguslike regulatsioonidega.
• IT-ettevõtete juhid ja tellijad, kes soovivad mõista TI  kasutamisele kehtestatud õigusalaseid nõudeid.

Lisaks kõik ülejäänud, kellel on teema vastu huvi.

Varasem õigusalane haridus pole vajalik. Kasuks tulevad baasteadmises IT-süsteemidest ja andmetöötlusest.

Soovituslik lugemine: Isaac Asimovi novell „The Machine That Won the War“, 1961 („Masin, mis võitis sõja“, eesti keeles 1976, kogumik Lilled Allgernonile)

Õppevahendid: Veebis osalemise puhul on vaja veebibrauseriga arvutit  koos Zoomi rakendusega.

Programm:

Õigusnormi selgitus

• õigusnormide omavaheline seos
• õigusnormi tõlgendamine

TI-määrus

• kohaldamisala
• keelatud kasutusviisid
• suure riskiga tehisintellektisüsteemid
  • esitatavad nõuded
  • pakkujate ja juurutajate ning muude osaliste kohustused
  • läbipaistvuskohustused
• üldotstarbelised tehisintellektimudelid
  • liigitamine
  • pakkujate kohustused
  • süsteemse riskiga üldotstarbeliste tehisintellektimudelite pakkujate kohustused
• turustamisjärgne seire intsidentidest teatamine

Ülevaade privaatsusõiguse õiguslikust reguleerimisest:

• millised on isiku õigused ja kohustused isikuandmete töötlemisel
• isikuandmete töötlemise regulatsioonid rahvusvahelisel ja siseriiklikul tasandil
• isikuandmete töötleja õigused ja kohustused isikuandmete töötlemisel
• IKÜM isikuandmete kasutamisest uuringutest
• IT lahenduste vastavus IKÜM nõuetele
• kuidas on võimalik isikuandmeid töödelda, viia läbi uuringuid, ilma IKÜM nõudeid rikkumata
• ainult isikuandmete töötlemisele omastest erisustest võrreldes andmeturbega laiemalt. Andmete kaitse (data security) ja isikandmete kaitse (personal data protection) ühisosa ja erinevused.

Õigusaktide andmebaasid

• Euroopa Liidu teataja kasutamine
• Riigi Teataja kasutamine
• kuidas leida omavahel seotud õigusakte
• muud andmebaasid

Õppemeetodid: Õppetöös saab osaleda klassiruumi tulles või liitudes koolitusega läbi veebikeskkonna Zoom.

Koolituse maht on 8 akadeemilist  tundi.

Hindamismeetod: Õpiväljundite saavutamist hinnatakse koolituse lõpus teadmiste testiga selleks ettevalmistatud õppekeskkonnas.

Hindamiskriteerium: Test loetakse positiivseks kui 51% vastustest on õiged.

Koolituse lõpetamine: Koolituse lõpetaja saab tunnistuse kui sooritab positiivselt koolituse lõpus tehtud teadmiste testi.  Osalejatele, kes õpiväljundeid saavutanud ei ole väljastatakse soovi korral tõend koolitusel osalemise kohta.

Hind sisaldab: Materjale

Õppekavarühm: 0612 Andmebaaside ja võrgu disain ning haldus.

NB! The last registration day is 28.09.2025

Training dates: 10, 13, 15, 16 and 17.10.2025

The course introduces tools and tactics to manage cybersecurity risks, identify various types of common threats, evaluate the organization’s security, collect and analyze cybersecurity intelligence, and handle incidents as they occur. (veel …)

NB! The last registration day is 02.09.2025

In this 3-day course, you will get a comprehensive overview of the TOGAF® 10 standard, which is one of the most widely used and recognized enterprise architectural solutions in the world. You will learn how TOGAF® 10 helps build and manage effective and sustainable business architectures that support business goals and strategies. (veel …)

NB! The last registration day is 07.09.2025

Training dates: 24.09; 25.09; 26.09; 01.10; 02.10 and 03.10.2025

This 3-day SQL Basics course is suitable for those with little prior knowledge. It teaches about the structure and operating principles of SQL databases, Familiarizes participants with the main SQL commands and functions and practically teaches them how to create simple SQL requests.  (veel …)

NB! The last registration day is 05.11.2025

Within the course, we offer the opportunity to master the latest version of PRINCE2® – the 7th edition, enhanced with more contemporary tools, technologies, and processes for all types of projects. PRINCE2® 7th edition Foundation-level training lasts for 3 days and is suitable for anyone looking to start or further their career in project management using a modern and internationally recognized method.

During the training, participants will gain an understanding of the method’s key processes, principles, and themes to ensure that project management aligns with all 21st-century standards and requirements.

Course target

Audience

NB! The last registration day is 21.09.2025

This training provides an opportunity to gain basic knowledge in the field of software testing – process management, planning and test reporting. At the end of the training, after successfully passing the final examination, the international ISTQB® certificate – ISTQB Foundation Level Exam for ISTQB CTFL Certification – ISTQB Official Registration (astqb.org) is obtained.

At the end of this course, participants will achieve the following skills:

• use a common language for effective communication with other testers and project partners;
• understand main testing concepts, the essence of the testing process, testing approaches and principles to achieve testing goals;
• plan and prioritize testing tasks using selected testing techniques;
• analyze both functional and non-functional specifications;
• perform tests according to agreed testing plans, as well as analyze and report test results;
• write a clear overview of incidents;
• participate in test reports.

Target audience and prior prerequisites: Everyone who is going to participate in software testing process.

Prerequisites: Basic knowledge of system testing and experience in the IT industry.

Technology needed for the course: A Windows operating system computer with permissions to install and configure applications.

Those who do not have the necessary computer can rent it by agreement with BCS Training. Please inform the training company in advance.

Course outline 

• Introduction to software testing:
  • Basic elements of testing;
  • Definitions of testing;
  • Test objectives;
  • General principles of testing;
  • Testing processes;
  • Psychology of testing.
• Testing through the full software development lifecycle:
  • Software development models;
  • Verification and validation;
  • Testing levels – unit testing, integration testing, system testing, and acceptance testing;
  • Regression testing;
  • Testing and development.
• Static testing techniques:
  • Types of inspection;
  • Inspection process (overview);
  • Roles and responsibilities in reporting;
  • Reporting success factors;
  • Static analysis tools.
• Test design techniques:
  • Test development process;
  • Documentation;
  • Types of test design techniques;
  • Specification-based techniques (black box);
  • Structure-based techniques (white box);
  • Experience-based techniques;
  • Criteria for the selection of testing techniques.
• Test management:
  • Organization of testing;
  • Organization of the team: roles and responsibilities;
  • Planning and evaluation of testing;
  • Monitoring and control of testing progress;
  • Configuration management;
  • Risk management;
  • Classification and management of defects.
• Test support tools:
  • Selection considerations;
  • Types of testing tools;
  • Effective use of tools: potential benefits and risks;
  • Classification of tools.

Study methods: You can participate in the study by joining the training through the online environment Teams. The volume of training is 24 hours incl. 12 hours of practical exercises or group work in the training environment.

Assessment method: The achievement of learning outcomes is assessed on the basis of feedback-based practical exercises or group works carried out during the training.

Completion of training: Each participant receives a certificate of attendance after the course, the official certificate is awarded only when the exam is taken and passed within one year after the course (exam registration must be done within 6 months after completing the course).

The price includes: Study materials and examination cost (must be registered 6 months after the course and passed 12 months after the course.

Assessment method: The achievement of learning outcomes is assessed on the basis of feedback-based practical exercises or group works carried out during the training.

Curriculum group: 0612 Database and network design and management.