Detailed Course Outline
- Module 1 - Security Management a. The Role of the CSLO b. Business Goals and Objectives c. Overview of Governance a. The First Priority for the CSLO b. Outcomes of Governance c. Performance and Governance d. Organization of IT Security e. Security Strategy f. The Goal of Information Security g. Defining Security Objectives h. Security Budget i. Security Integration j. Architecture k. Information Security Frameworks l. Integration m. COBIT 4.1 n. Deming and Quality o. Ethics p. Fraud q. Hiring and Employment r. Intellectual Property s. Protecting IP t. Attacks on IP u. OECD Privacy Principles v. PII and PHI w. Awareness Training
- Module 2 - Risk Management a. Risk Management b. Risk Assessment c. Quantitative vs Qualitative Risk d. What Is the Value of an Asset? e. What Is a Threat/Vulnerability f. Assess and Evaluate Risk g. Controls h. Comparing Cost and Benefit i. Cost of a Countermeasure j. Appropriate Controls k. Documentation
- Module 3 – Encryption a. Encryption b. Secrecy of the Key c. Cryptographic Functions d. XOR Function e. Symmetric Encryption f. Asymmetric Algorithms g. Hashing Algorithms h. Digital Signatures i. Digital Envelope j. Public Key Infrastructure (PKI) k. Certificates l. Uses of Encryption in Communications m. Auditing Encryption Implementations n. Steganography o. Cryptographic Attacks
- Module 4 - Information Security Access Control Concepts a. Information Asset Classification a. Criticality b. Sensitivity c. Regulations and Legislation b. Asset Valuation c. Information Protection d. Storing, Retrieving, Transporting and Disposing of Confidential Information e. Password Policy f. Password Cracking g. Biometrics h. Authorization i. Accounting/Auditability j. Centralized Administration k. Access Control
- Module 5 - Incident Handling and Evidence a. Goals of Incident Management and Response b. Security Incident Handling and Response c. Evidence Handling d. What is an Incident - Intentional e. What is an Incident - Unintentional f. Malware g. Attack Vectors h. Information Warfare i. Developing Response and Recovery Plans j. Incident Response Functions k. Incident Management Technologies l. Responsibilities of the CSLO m. Crisis Communications n.
- Module 6 - Challenges in Developing an Incident Management Plan a. When an Incident Occurs b. During an Incident c. Containment Strategies d. The Battle Box e. Evidence Identification and Preservation f. Post Event Reviews o. Disaster Recovery Planning (DRP) and Business Recovery Processes p. Development of BCP and DRP q. Disaster Recovery Sites r. Recovery of Communications s. Plan Maintenance Activities t. Techniques for Testing Security u. Vulnerability Assessments v. Penetration Testing Module 6 - Operations Security a. Operations Security b. Specific Operations Tasks c. Data Leakage – Object Reuse d. Records Management e. Change Control f. Trusted Recovery g. Redundant Array of Independent Disks (RAID) h. Phases of Plan i. BCP Risk Analysis j. Recovery Point Objective k. Priorities l. OWASP Top Ten (2013) m. Common Gateway Interface n. How CGI Scripts Work o. Cookies p. Virtualization - Type 1 q. Virtualization – Type 2 r. Technologies – Databases and DBMS s. Facilities t. Facilities Security u. Environmental Security v. Physical Access Issues and Exposures w. Controls for Environmental Exposures
- Module 7 - Network Security a. Network Topologies– Physical Layer b. Data Encapsulation c. Protocols at Each Layer d. Devices Work at Different Layers e. Technology-based Security f. Network Security Architecture g. Firewalls h. Unified Threat Management (UTM) i. UTM Product Criteria j. TCP/IP Suite k. Port and Protocol Relationship l. Network Security m. Internet Threats and Security n. Auditing Network Infrastructure Security o. IPSec - Network Layer Protection p. Wireless Technologies– Access Point