Information Security Boot Camp

Cybersecurity

Overview

This course covers the (ISC)2 Common Body of Knowledge (CBK) and evaluates real world methods and tools required to construct or audit a comprehensive information security framework. It provides a business-oriented, architectural perspective that defines how to organize and oversee a risk-based enterprise information security program., blending theories and best management practices with key physical and information technology safeguards.

Key references and yardsticks are provided to gain familiarity with industry-leading practices, legislation, and professional standards for information/cyber security and audit practitioners.

The course also provides unit and course review exercises to help participants prepare for the CISSP exam (or similar such as CISA) and help guide their organization as it develops or revises its information security program. Multiple takeaways are provided.

Why you should take this course

For users with an introductory knowledge of this topic, and are searching for additional information and its application.

Here are the topics we'll cover.

  1. Security and Risk Management

    • Fundamental Principles of information Security
    • Information Security Management and its Cycle
    • Information Classification
    • Risk Analysis
    • Policies, Standards, and Procedures
    • Security Awareness
  2. Laws and Standards Affecting Information Security and IT Audit

    • Ethics Affecting Information Security
    • International Laws
    • Organizational Liabilities
    • Computer Crimes and Other Breaches of information Security
    • Investigations and Evidence of Computer Crimes
    • Incident Response
    • Information Security and Auditing Standards
  3. Security Engineering: Security Models, Mechanisms, and Architectures

    • Integrated Security Architecture
    • Computer Architecture
    • Operating System Protection
    • Security Policies and Models
    • Access Control Principles
    • Open and Closed Systems
    • Security Services and Access Controls
    • Security Design Standards and Criteria
    • Certification and Accreditation
  4. Network Security Concepts and Solutions

    • Defining a Network
    • Open Systems Interconnection (OSI) Model
    • Transmission Control Protocol/Internet Protocol (TCP/IP)
    • Network Addresses and TCP/IP Applications
    • Directory Services
    • Wiring
    • Wireless Networks
    • Types of Transmissions
    • LAN vs. WAN
    • Network Devices – Wired and Wireless
    • Network Management Tools
  5. Cryptography

    • Cryptography Terminology
    • Key Management
    • Encryption Algorithms and Hashing Functions
    • Digital Signatures
    • Public Key Infrastructure (PKI)
    • Pretty Good Privacy (PGP)
    • Attacks on Crypto Systems
    • Applications of Encryption
    • Steganography
  6. Identity Management/Access Controls

    • Authentication Mechanisms/Credentials: Passwords, Tokens, Smart Cards, Biometrics, Digital Certificates
    • Enterprise Authentication Systems: RADIUS, TACACS+, Diameter
    • Single/Reduced Sign-On Systems
  7. Software Development and Application Security

    • Application Security Defined
    • System Development Life Cycles
    • Change Control
    • Computing Models
    • Security for Different Environments
    • Data Types and Structures
    • Database Management Systems
    • Web Application Design and Security
    • Malicious Software
  8. Asset Security: Physical, Human Resources, and Environment

    • Facilities Location, Construction, and Management
    • Physical Security Threats, Vulnerabilities, Risks and Countermeasures
    • Perimeter Security, Boundary Protection, and Facilities Access Controls
    • Electrical, Temperature, Water, and Other Environmental Controls
    • Fire Detection, Prevention, and Suppression
    • Information Storage Media Protection and Disposal
    • Emergency Procedures
    • Human Resources Security
  9. Availability: Data Recovery and Business Continuity Planning

    • Comparing Business Continuity and Disaster Recovery Planning
    • Identifying Important Components of Ongoing Backup, Redundancy and Disaster Avoidance Programs
    • Performing a Business Impact Analysis
    • Evaluating Backup and Recovery Programs Effectiveness

Learning Style

Instructor Led

Level

Intermediate

Who this course is for

Business Intelligence, Data Warehouse Developers and Architects, Data Modelers, Developers, Data Analysts, Business Analysts, Database Administrators, Project Managers, and IT Consultants.

NASBA Certified CPE

40 credits

Field of Study

Auditing

Length of course

40h

Prerequisites

Introduction to Information Security
or equivalent experience

Advanced Preparation

None
Start Learning Today
Stay ahead of the curve and future-proof your business with training programs designed for you.
Contact Sales

Here are the learning objectives we'll cover

  • Recall key aspects of information security relevant to security practitioners and laypersons.
  • Relate key concepts and practices to the CISSP, CISM and other information security certification exams.
  • Understand industry best practices, legislation, professional standards, and information resources affecting information security.
  • Evaluate baselines and yardsticks for defining and benchmarking information security programs.

Attendance policy for on-site and online instructor-led training

Students are expected to arrive on time for classes with the proper materials and attitude. An overall attendance rate of 100% is expected to fully absorb the materials and to complete labs. If you have an expected absence, please email support@acilearning.com or your instructor ahead of time. The number of CPEs awarded will be equivalent to the number of hours attended.

ACI Learning is registered with NASBA

ACI Learning is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: https://www.nasbaregistry.org/