Information Security Boot Camp Agenda

Seminar: ID# 1264238


Information Security Concepts and Risk Management Practices
  • Fundamental principles of information security
  • Making the business case for information security
  • Information security management objectives
  • Risk analysis: threats, vulnerabilities, risks, and countermeasures
  • Policies, standards, procedures, and guidelines
  • Information classification
  • Security awareness
Laws and Standards Affecting Information Security and IT Audit
  • Computer crimes, investigations, evidence, forensics
  • Laws, directives and regulations
  • Types of laws
  • Privacy issues and legislation
  • Intellectual property, copyright laws and software piracy
  • European Union Data Protection Act
  • Prominent US and international laws
  • Information security and auditing standards
Security Engineering - Security Models, Mechanisms and Architectures
  • Enterprise information security architecture
  • Computer architectures
  • Operating system security
  • Virtualization: operational and security considerations
  • Security models
  • Access control models, techniques and technologies, and methods
  • Open and closed systems
  • Security design standards and criteria: “Rainbow Series”, ITSEC, Common Criteria
  • Certification and accreditation
Network Security Concepts and Solutions
  • Defining a 3-layer simplified network protocol model
  • Open Systems Interconnection (OSI) model
  • Transmission Control Protocol/Internet Protocol (TCP/IP): IPv4, IPv6
  • Network addresses and applications
  • LAN and WAN technologies, topologies and protocols
  • Wiring: copper, fiber optics
  • Wireless networks technologies, protocols and security
  • Voice over IP (VoIP)
  • Network interconnection devices: functionality, risks and safeguards
  • Directory services: LDAP, DNS
  • Network management tools: packet sniffers, SNMP, network utility and diagnostic software
  • Network security vulnerabilities, threats, risks and countermeasures
  • Hacker probing and attack techniques
  • Firewalls and proxy servers
  • Intrusion detection/prevention systems
  • VPNs and related Internet security protocols: SSL/TLS, IPSec, SSH
  • Network discovery, vulnerability and penetration testing
  • Demystifying the language of cryptography
  • Key management: asymmetric, symmetric
  • Encryption algorithms and hashing functions
  • Digital signatures
  • Certificate Authorities (CAs) and Public Key Infrastructure (PKI)
  • Applications of cryptography
  • Cryptography vs. steganography
Identity Management / Access Controls
  • Authentication mechanism: passwords, tokens, smart cards, biometrics
  • Point-to-point protocol (PPP) authentication: PAP, CHAP
  • Extensible authentication protocol: EAP
  • Enterprise authentication systems: RADIUS, TACACS+, Diameter
  • Single/reduced sign-on (SSO): Kerberos, Web-based SSO
Software Development and Application Security
  • System development life cycle methodologies
  • Configuration management and change control
  • Application development tools and methodologies
  • Client server and middleware security
  • Data types and structures
  • Database management systems
  • Web application security architecture: control points, attacks and defenses
  • Mobile code security risks: Java, ActiveX, JavaScript, VBScript
  • Malicious software and hacker attacks
Asset Security (including Physical, Human Resources and Environment)
  • Computing center location, construction and management
  • Physical security threats, vulnerabilities, risks and countermeasures
  • Perimeter security, boundary protection and facilities access controls
  • Electrical, temperature, water, and other environmental controls
  • Fire detection, prevention and suppression
  • Information storage media protection, sanitization and disposal
  • Emergency procedures
  • Human resources security: hiring practices, badges, terminations and transfers
Availability (Data Recovery and Business Continuity Planning)
  • Business continuity planning requirements
  • Business impact analysis
  • Redundancy and fault tolerance
  • Backup procedures: on-site and offsite
  • Backup resources: processing sites, storage, offices, utilities, equipment and supplies
  • Recovery testing procedures
  • Emergency response procedures
Wrap-Up Discussion
  • Includes continuous unit and course review exercises
Information Security Boot Camp
Metropolitan Area:
MicroTek Computer Lab DA
5430 Lyndon B Johnson Fwy
Three Lincoln Centre, Suite 300
9/14/2020 - 09/18/2020 (8:30am - 5:00pm)
Qty: 3
$2,132.10 5755 North Point Parkway, Suite 227 | Alpharetta, GA 30022 | 770-410-9375 |
Copyright 2024 | Web Site Development by OTAU