Essential Skills Gained

Understand core security principles and practices.

Implement governance and compliance strategies effectively.

Design robust security architectures and manage risk.

Enhance disaster recovery and business continuity planning.

Format

Instructor-led
5 days with lectures and hands-on labs.

Audience

CISO
Information Architect
Security Specialist
Auditor

Description

Information security is part of every IT professional’s job. Hackers are constantly trying to compromise your networks, steal sensitive data, and overwhelm your systems. Planning, implementing, enforcing, or even removing security are tasks we all do to keep users and systems safe. Performing these tasks properly and in alignment with industry best practices is critical to virtually every technology role, from decision maker to developer to operator. This scenario-based course focuses on computer security as an applied process across job roles and industries. The course also helps to prepare students for achieving the Certified Information Systems Security Professional (CISSP) certification. CISSP is widely regarded as the most valuable vendor-neutral credential a computer security professional can hold. It is frequently identified as a prerequisite for security jobs across all industries including security design, implementation, maintenance, policy development, and management of secured systems, process/procedures, policies, applications and networks. This course is primarily for Information Technology Security Professionals who want advance their security certifications such as Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified Ethical Hacker (CEH), and related courses. This course also covers most of the knowledge required to prepare for the Systems Security Certified Practitioner (SSCP) certification exam

Upcoming Course Dates

No upcoming dates. Please check back later.

Course Outline

Download PDF

Access Control

Security Principles and the Principle of Least
Privilege
Confidentiality
Integrity
Availability
Identification, Authentication, Authorization, Access, and Accounting
Authentication Techniques and Standards
Access Control Models
Access Control Methods and Implementations
Access Control Accounting and Auditing

Information Security Governance and Risk Management

Fundamental Principles of Security
Confidentiality
Integrity
Availability
Balancing the Security Principles
Security vs. Usability vs. Cost
Security Definitions
Types of Security Controls
Security Frameworks
ISO/IEC 27001
COSO
COBIT
Process Management
Security Management
Risk Management
Risk Assessment and Analysis
Asset Classification
Data Classification
Risk Mitigation Strategies
Policies
Standards
Guidelines
Baselines
Procedures
Executive Leadership in Risk Management
Implementing Governance and Compliance Strategies

Security Architecture and Design

Computer System Architecture
Operating System Security Architecture
Application Security Architecture
System Security Models
Security Architecture Evaluation and Certification
Trusted Computer System Evaluation Criteria (TCSEC, or Orange Book)
Common Criteria for Information Technology Security Evaluation (ISO/IEC 15408)
System Testing and Certification

Business Continuity and Disaster Recovery Planning

Standards and Best Practices
Planning for Incidents
The Business Continuity Process
Implementing A Disaster Recovery Plan

Cryptography

Overview of Cryptography
The History of Cryptography (Without Math)
The Use of Cryptography (With Math)
Symmetric Key (Shared Secret Key) Cryptography
Diffie-Hellman Key Agreement
Asymmetric Key (Public – Private Key) Cryptography
Digital Signature (Hash) Cryptography
Implementing All Types of Cryptography in Cryptosystems
Public Key Infrastructure (PKI) and Certificates
Encrypted VPN Tunnels
Digitally Signed Documents and Email
Encrypting Data At Rest and In Transit

Legal, Regulations, Investigations and Compliance

The Complexity of Cybercrime
Regions
Laws
Law Enforcement
Privacy Laws
Intellectual Privacy Laws
Eavesdropping and Workplace Spying Laws
Legal Liability and Security Compliance
Conducting a Security Investigation
Ethics of Information Security

Operations Security (formerly Security Operations)

The Role of Operations in Information Security
Personnel Management and Administration
Planning System Security
Implementing and Maintaining System Security
Applying Controls
System Hardening
Trusted Recovery
Configuration Management
Change Control Process
Change Control Documentation
Change Control Compliance and Auditing
Vulnerability Assessment
Continuous Security Lifecycle

Physical (Environmental) Security

The Importance of Physical Security in Information Security
Planning Physical Security
Identifying and Protecting Assets
Internal Physical Security Threats and Controls
Perimeter Physical Security Threats and Controls
External Physical Security Threats and Controls

Software Development Security

Security as a Part of Software Development
System Development Lifecycle
Secure Software Development Lifecycle
Software Development Models
Change Control and Update Management
Cloud Computing
Web and Mobile Applications
Database Management and Security
Malicious Software
Viruses
Trojan Horses
Worms
Rootkits
Backdoors

CISSP (Information Security for the IT Professional)