• Classroom
Course Description

In this intense information-packed five-day seminar, attendees will cover all aspects of the ISC2 Common Body of Knowledge (CBK) in conjunction with evaluating methods and tools required for essential elements needed to construct or audit a comprehensive information security framework. You will gain a business-oriented, architectural perspective that defines how to organize and oversee a risk-based enterprise information security program, blending both theories and best management practices with key physical and information technology safeguards. We will cover Security and Risk Management; Asset Security; Security Engineering; Communications and Network Security; Identity and Access Management; Security Assessment and Testing; Security Operations; and Software Development Security.

To ensure that you gain proper familiarity with industry best practices, legislation, and professional standards for information security, key references and yardsticks for the material you will learn include but are not limited to: ISC2 Common Body of Knowledge (CBK), ISO-27001/27002, Payment Card Industry Data Security Standard (PCI DSS), Common Criteria, Information Technology Infrastructure Library (ITIL), and a wide array of IT and security-related publications from the Internet Engineering Task Force (IETF), Institute of Electrical and Electronics Engineers (IEEE), Federal Financial Institutions Examination Council (FFIEC), US National Institute of Standards and Technology (NIST), Defense Information Systems Agency (DISA), US National Security Agency (NSA), and leading IT suppliers.

This course is available on-site at your location, or offered through open enrollment 12/7/20 - 12/11/20.

Learning Objectives

  1. Information Security Concepts and Management Practices, fundamental principles of information security, making the business case for information security, information security management objectives, risk analysis: threats, vulnerabilities, risks, and countermeasures, policies, standards, procedures, and guidelines, information classification, security awareness
  2. Laws and Standards Affecting Information Security and IT Audit, computer crimes, investigations, evidence, forensics, laws, directives and regulations, types of laws, privacy issues and legislation, intellectual property, copyright laws and software piracy, European Union Data Protection Act, prominent US and international laws, information security and auditing standards
  3. Security Engineering - Security Models, Mechanisms, and Architectures, enterprise information security architecture, computer architectures, operating system security, virtualization: operational and security considerations, security models, access control models, techniques and technologies, and methods, open and closed systems, security design standards and criteria ?Rainbow Series?, ITSEC, Common Criteria, certification and accreditation
  4. Network Security Concepts and Solutions, defining a 3-layer simplified network protocol model, Open Systems Interconnection (OSI) model, Transmission Control Protocol - Internet Protocol (TCP/IP) IPv4, IPv6, network addresses and applications, LAN and WAN technologies, topologies and protocols, wiring copper, fiber optics, wireless networks technologies, protocols and security, voice over IP (VoIP), network interconnection devices functionality, risks and safeguards, directory services LDAP, DNS, network management tools: packet sniffers, SNMP, network utility and diagnostic software, network security vulnerabilities, threats, risks and countermeasures, hacker probing and attack techniques, firewalls and proxy servers, intrusion detection and prevention systems, VPNs and related Internet security protocols: SSL, TLS, IPSec, SSH, network discovery, vulnerability and penetration testing
  5. Cryptography, demystifying the language of cryptography, key management: asymmetric, symmetric, encryption algorithms and hashing functions, digital signatures, Certificate Authorities (CAs) and Public Key Infrastructure (PKI), applications of cryptography, cryptography vs. steganography
  6. Identity Management and Access Controls, authentication mechanism passwords, tokens, smart cards, biometrics, point-to-point protocol (PPP) authentication PAP, CHAP, extensible authentication protocol EAP, enterprise authentication systems RADIUS, TACACS+, Diameter, single or reduced sign-on (SSO) Kerberos, Web-based SSO
  7. Software Development and Application Security, system development life cycle methodologies, configuration management and change control, application development tools and methodologies, client server and middleware security, data types and structures, database management systems, Web application security architecture control points, attacks and defenses, mobile code security risks Java, ActiveX, JavaScript, VBScript, malicious software and hacker attacks
  8. Asset Security including Physical, Human Resources, and Environment, computing center location, construction and management, physical security threats, vulnerabilities, risks and countermeasures, perimeter security, boundary protection and facilities access controls, electrical, temperature, water, and other environmental controls, fire detection, prevention and suppression, information storage media protection, sanitization and disposal, emergency procedures, human resources security hiring practices, badges, terminations and transfers
  9. Availability, Data Recovery, and Business Continuity Planning, business continuity planning requirements, business impact analysis, redundancy and fault tolerance, backup procedures: on-site and offsite, backup resources: processing sites, storage, offices, utilities, equipment and supplies, recovery testing procedures, emergency response procedures
  10. Wrap-up Discussion, Also includes continuous unit and course review exercises

Framework Connections