About this Course
Information security is part of every IT professional’s job. Hackers are constantly trying to compromise your networks, steal sensitive data, and overwhelm your systems. Planning, implementing, enforcing, or even removing security are tasks we all do to keep users and systems safe. Performing these tasks properly and in alignment with industry best practices is critical to virtually every technology role, from decision maker to developer to operator.
This scenario-based course focuses on computer security as an applied process across job roles and industries. The course also helps to prepare students for achieving the Certified Information Systems Security Professional (CISSP) certification. CISSP is widely regarded as the most valuable vendor-neutral credential a computer security professional can hold. It is frequently identified as a prerequisite for security jobs across all industries including security design, implementation, maintenance, policy development, and management of secured systems, process/procedures, policies, applications and networks.
This course is primarily for Information Technology Security Professionals who want to advance their security certifications such as Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified Ethical Hacker (CEH), and related courses. This course also covers most of the knowledge required to prepare for the Systems Security Certified Practitioner (SSCP) certification exam.
Audience Profile
This course is primarily designed for the IT professional whose role includes some information security tasks or responsibilities. Common job titles for students include CISO, Director, Manager, Supervisor, Analyst, Information Architect, Program Manager, Lead, Information Security Officer, Security Specialist, and Auditor. The ideal student has some practical experience in the information security industry. Experienced information security professionals will also find value in this course to update their security skills, expand their knowledge of theoretical security, practice security exercises in areas that require a “safe” environment, and deepen exposure to areas outside their current role.
DoD Directive 8570.1-M- CISSP meets Government and DoD agencies compliance with Federal Information Security Management Act (FISMA) and DoD Directive 8570.1-M
Exams.
At Course Completion
After completing this course, you will have an understanding of:
◾Security Architecture and Design
◾Implementing Governance Compliance Strategies and Risk Management
◾Security Access Control models, methods and implementations.
◾Disaster Recovery Planning
◾Cryptography Methodology
◾Operations in Information Security
◾Legal, Regulations, Investigations and Compliance in Security
◾Vulnerability Assessment
◾Continuous Security Lifecycle
◾Physical and Software Development Security
◾Network Security Considerations
Outline
1.Access Control
◾Security Principles and the Principle of Least
◾Privilege
◾Confidentiality
◾Integrity
◾Availability
◾Identification, Authentication, Authorization, Access, and Accounting
◾Authentication Techniques and Standards
◾Access Control Models
◾Access Control Methods and Implementations
◾Access Control Accounting and Auditing
2. Information Security Governance and Risk Management
◾Fundamental Principles of Security
◾Confidentiality
◾Integrity
◾Availability
◾Balancing the Security Principles
◾Security vs. Usability vs. Cost
◾Security Definitions
◾Types of Security Controls
◾Security Frameworks
◾ISO/IEC 27001
◾COSO
◾COBIT
◾Process Management
◾Security Management
◾Risk Management
◾Risk Assessment and Analysis
◾Asset Classification
◾Data Classification
◾Risk Mitigation Strategies
◾Policies
◾Standards
◾Guidelines
◾Baselines
◾Procedures
◾Executive Leadership in Risk Management
◾Implementing Governance and Compliance Strategies
3. Security Architecture and Design
◾Computer System Architecture
◾Operating System Security Architecture
◾Application Security Architecture
◾System Security Models
◾Security Architecture Evaluation and Certification
◾Trusted Computer System Evaluation Criteria (TCSEC, or Orange Book)
◾Common Criteria for Information Technology Security Evaluation (ISO/IEC 15408)
◾System Testing and Certification
4. Business Continuity and Disaster Recovery Planning
◾Standards and Best Practices
◾Planning for Incidents
◾The Business Continuity Process
◾Implementing A Disaster Recovery Plan
5. Cryptography
◾Overview of Cryptography
◾The History of Cryptography (Without Math)
◾The Use of Cryptography (With Math)
◾Symmetric Key (Shared Secret Key) Cryptography
◾Diffie-Hellman Key Agreement
◾Asymmetric Key (Public – Private Key) Cryptography
◾Digital Signature (Hash) Cryptography
◾Implementing All Types of Cryptography in Cryptosystems
◾Public Key Infrastructure (PKI) and Certificates
◾Encrypted VPN Tunnels
◾Digitally Signed Documents and Email
◾Encrypting Data At Rest and In Transit
6. Legal, Regulations, Investigations and Compliance
◾The Complexity of Cybercrime
◾Regions
◾Laws
◾Law Enforcement
◾Privacy Laws
◾Intellectual Privacy Laws
◾Eavesdropping and Workplace Spying Laws
◾Legal Liability and Security Compliance
◾Conducting a Security Investigation
◾Ethics of Information Security
7. Operations Security (formerly Security Operations)
◾The Role of Operations in Information Security
◾Personnel Management and Administration
◾Planning System Security
◾Implementing and Maintaining System Security
◾Applying Controls
◾System Hardening
◾Trusted Recovery
◾Configuration Management
◾Change Control Process
◾Change Control Documentation
◾Change Control Compliance and Auditing
◾Vulnerability Assessment
◾Continuous Security Lifecycle
8. Physical (Environmental) Security
◾The Importance of Physical Security in Information Security
◾Planning Physical Security
◾Identifying and Protecting Assets
◾Internal Physical Security Threats and Controls
◾Perimeter Physical Security Threats and Controls
◾External Physical Security Threats and Controls
9. Software Development Security
◾Security as a Part of Software Development
◾System Development Lifecycle
◾Secure Software Development Lifecycle
◾Software Development Models
◾Change Control and Update Management
◾Cloud Computing
◾Web and Mobile Applications
◾Database Management and Security
◾Malicious Software
◾Viruses
◾Trojan Horses
◾Worms
◾Rootkits
◾Backdoors
10. Telecommunications and Network Security
◾The Open Systems Interconnect Model
◾TCP/IP Security
◾IPv4 Security and Threats
◾IPv6 Security and Threats
◾Network Cabling Types and Security
◾Considerations
◾Network Devices
◾Hubs
◾Switches
◾Routers
◾Bridges
◾Gateways
◾Security Network Devices
◾Firewalls and Content Filters
◾Proxy Servers
◾Intrusion Detection Systems
◾Intrusion Prevention Systems
◾Firewalls
◾WAN Security
◾Dial-Up Network Security
◾Virtual Private Network (VPN) Security
◾Internet Protocol Security (IPsec)
Prerequisites
Before taking this course, students should have six to nine months in a role that is relevant to security practices. It is also recommended that student have successfully completed the following courses or have equivalent experience.
ICND1 v3.0 Interconnecting Cisco Networking Devices CCNA Part 1
A+901: CompTIA A+ Certification with Exam 220-901
Venue: LIVE Online
Address:
Description:
Live Online Training
Get the same training you expect in the classroom without leaving your office or home. These are NOT recorded classes. They are LIVE sessions with an expert instructor. We use the latest in video conferencing technologies and audio so you can confidently participate in any class just like being right there in person. We guarantee the effectiveness of our online training delivery approach that we will give you your money back if you are not totally satisfied. Ask us for a demo.
Online class requirements:
- Moderate to fast Internet
- A phone or computer headset is required in order to hear the instructor/moderator). You can use Computer Audio (VoIP) or you can dial in from a regular phone. For convenience, we recommend a hands-free headset or phone.
- Training software must be installed on your computer (trial versions are acceptable)
- RECOMMENDED: Dual Monitors or computers. For optimal online learning experience, we recommend participants have dual monitors or two computers. Your online classroom credentials allow you to join multiple times from multiple computers. Participants should use one monitor or computer to view the instructor’s shared screen and another monitor or computer to work with the software.
What happens when you enroll in an online class
When you register for an online class, you will receive a welcome email followed by login access to the Citrix GoToTraining virtual classroom. A workbook (printed copy or eBook) will be sent to you prior to the start of class.
Online Training Advantages
Convenience: You don’t have to travel and can attend from your home, office or anywhere with an internet connection. Our online classes are conducted using GoToTraining, a more robust version of the popular GoToMeeting screen sharing and conferencing platform. To accommodate multiple time zones, courses are typically scheduled from 10am – 5pm Eastern with a one-hour lunch break at 12:30 – 1:30 pm Eastern and a 10-minute break in the morning and afternoon. When conducting custom online course for your group, class times can be modified to accommodate your timezone.
Interactive Learning: Our online training is fully interactive. You can speak and chat with the instructor and classmates at any time. Various interactive techniques are used in every class. Our small class sizes (typically 4 – 8 students), allow our instructors to focus on individual performance and issues and to work closely with you to meet your unique needs. Classes are designed to be a hands-on learning experience, providing opportunities for you to try your new skills while the instructor is available for review, questions, and feedback. You have the option to give the instructor permission to view your computer to provide one-on-one assistance when needed.
