Information Security Boot Camp
Overview
This course covers the (ISC)2 Common Body of Knowledge (CBK) and evaluates real world methods and tools required to construct or audit a comprehensive information security framework. It provides a business-oriented, architectural perspective that defines how to organize and oversee a risk-based enterprise information security program., blending theories and best management practices with key physical and information technology safeguards.
Key references and yardsticks are provided to gain familiarity with industry-leading practices, legislation, and professional standards for information/cyber security and audit practitioners.
The course also provides unit and course review exercises to help participants prepare for the CISSP exam (or similar such as CISA) and help guide their organization as it develops or revises its information security program. Multiple takeaways are provided.
Why you should take this course
For users with an introductory knowledge of this topic, and are searching for additional information and its application.
Here are the topics we'll cover.
-
Security and Risk Management
- Fundamental Principles of information Security
- Information Security Management and its Cycle
- Information Classification
- Risk Analysis
- Policies, Standards, and Procedures
- Security Awareness
-
Laws and Standards Affecting Information Security and IT Audit
- Ethics Affecting Information Security
- International Laws
- Organizational Liabilities
- Computer Crimes and Other Breaches of information Security
- Investigations and Evidence of Computer Crimes
- Incident Response
- Information Security and Auditing Standards
-
Security Engineering: Security Models, Mechanisms, and Architectures
- Integrated Security Architecture
- Computer Architecture
- Operating System Protection
- Security Policies and Models
- Access Control Principles
- Open and Closed Systems
- Security Services and Access Controls
- Security Design Standards and Criteria
- Certification and Accreditation
-
Network Security Concepts and Solutions
- Defining a Network
- Open Systems Interconnection (OSI) Model
- Transmission Control Protocol/Internet Protocol (TCP/IP)
- Network Addresses and TCP/IP Applications
- Directory Services
- Wiring
- Wireless Networks
- Types of Transmissions
- LAN vs. WAN
- Network Devices – Wired and Wireless
- Network Management Tools
-
Cryptography
- Cryptography Terminology
- Key Management
- Encryption Algorithms and Hashing Functions
- Digital Signatures
- Public Key Infrastructure (PKI)
- Pretty Good Privacy (PGP)
- Attacks on Crypto Systems
- Applications of Encryption
- Steganography
-
Identity Management/Access Controls
- Authentication Mechanisms/Credentials: Passwords, Tokens, Smart Cards, Biometrics, Digital Certificates
- Enterprise Authentication Systems: RADIUS, TACACS+, Diameter
- Single/Reduced Sign-On Systems
-
Software Development and Application Security
- Application Security Defined
- System Development Life Cycles
- Change Control
- Computing Models
- Security for Different Environments
- Data Types and Structures
- Database Management Systems
- Web Application Design and Security
- Malicious Software
-
Asset Security: Physical, Human Resources, and Environment
- Facilities Location, Construction, and Management
- Physical Security Threats, Vulnerabilities, Risks and Countermeasures
- Perimeter Security, Boundary Protection, and Facilities Access Controls
- Electrical, Temperature, Water, and Other Environmental Controls
- Fire Detection, Prevention, and Suppression
- Information Storage Media Protection and Disposal
- Emergency Procedures
- Human Resources Security
-
Availability: Data Recovery and Business Continuity Planning
- Comparing Business Continuity and Disaster Recovery Planning
- Identifying Important Components of Ongoing Backup, Redundancy and Disaster Avoidance Programs
- Performing a Business Impact Analysis
- Evaluating Backup and Recovery Programs Effectiveness
Learning Style
Level
Who this course is for
NASBA Certified CPE
Field of Study
Length of course
Advanced Preparation
Here are the learning objectives we'll cover
- Recall key aspects of information security relevant to security practitioners and laypersons.
- Relate key concepts and practices to the CISSP, CISM and other information security certification exams.
- Understand industry best practices, legislation, professional standards, and information resources affecting information security.
- Evaluate baselines and yardsticks for defining and benchmarking information security programs.