Logo

Maxtrain.com - [email protected] - 513-322-8888 - 866-595-6863

M2-CISSO/CISSM

CISSO / CISSM Boot Camp

Alert Me

Description

The CISSO / CISSM bootcamp addresses the broad range of industry best practices, knowledge and skills expected of a security manager/officer. The candidate will learn in-depth theory pertaining to the practical implementation of core security concepts, practices, monitoring and compliance in the full panorama of IS management.   Through the use of a risk-based approach, the ISSO is able to implement and maintain cost-effective security controls that are closely aligned with both business and industry standards.

Whether you’re responsible for the management of a Cyber Security team, a Security Officer, an IT auditor or a Business Analyst, the Ultimate CISSO/CISSM Bootcamp is an ideal way to increase your knowledge, expertise and skill.

Accreditation:

The C)ISSO and C)ISSM certifications have been validated by the NSA CNSSI-4012, National Information Assurance as well as the Training Standard for Senior System Managers and NSTISSI – 4011, National Training Standard for Information Systems Security (INFOSEC).

Upon Completion:

Upon completion, Ultimate CISSO/CISSM Boot Camp students will not only be able to establish industry acceptable Cyber Security & IS management standards with current best practices but also be prepared to competently take both the C)ISSO and C)ISSM exams. 

Student Materials:

  • Student Workbook
  • Student Prep Guide

Certification Exams:

  • Mile2 C)ISSO – Certified Information Systems Security Officer
  • Mile2 C)ISSM -Certified Information Systems Security Manager

Outline

 

 

Module 1 - Risk Management

  • What Is the Value of an Asset?
  • What Is a Threat Source/Agent?
  • What Is a Threat?
  • What Is a Vulnerability?
  • Examples of Some Vulnerabilities that Are Not Always Obvious
  • What Is a Control?
  • What Is Likelihood?
  • What Is Impact?
  • Control Effectiveness
  • Risk Management
  • Purpose of Risk Management
  • Risk Assessment
  • Why Is Risk Assessment Difficult?
  • Types of Risk Assessment
  • Different Approaches to Analysis
  • Quantitative Analysis
  • ALE Values Uses
  • Qualitative Analysis - Likelihood
  • Qualitative Analysis - Impact
  • Qualitative Analysis – Risk Level
  • Qualitative Analysis Steps
  • Management’s Response to Identified Risks
  • Comparing Cost and Benefit
  • Cost of a Countermeasure

Module 2 - Security Management

  • Enterprise Security Program
  • Building A Foundation
  • Planning Horizon Components
  • Enterprise Security – The Business Requirements
  • Enterprise Security Program Components
  • Control Types
  • “Soft” Controls
  • Technical or Logical Controls
  • Physical Controls
  • Security Roadmap
  • Senior Management’s Role in Security
  • Negligence and Liability
  • Security Roles and Responsibilities
  • Security Program Components
  • Security and the Human Factors
  • Employee Management
  • Human Resources Issues
  • Importance to Security?
  • Recruitment Issues
  • Termination of Employment
  • Informing Employees
  • About Security
  • Enforcement
  • Security Enforcement Issues

Module 3 – Information Security Governance

  • Course Agenda
  • Examination Content
  • Chapter 1 Learning Objectives
  • The First Question
  • Information Security Governance Overview
  • Selling the Importance of Information Security
  • The First Priority for the CISM
  • Business Goals and Objectives
  • Outcomes of Information Security Governance
  • Benefits of Information Security Governance
  • Performance and Governance
  • Information Security Strategy
  • Developing Information Security Strategy
  • Elements of a Strategy
  • Objectives of Security Strategy
  • The Goal of Information Security
  • Defining Security Objectives
  • Business Linkages
  • Business Case Development
  • The Information Security Program
  • Security Program Priorities
  • Security versus Business
  • Security Program Objectives
  • What is Security?
  • Security Integration
  • Security Program
  • Architecture
  • Information Security Frameworks
  • Using an Information Security Framework
  • The Desired State of Security
  • The Desired State cont.
  • The Maturity of the Security Program Using CMM
  • Using the Balanced Scorecard
  • The ISO27001:2013 Framework
  • Examples of Other Security Frameworks
  • Examples of Other Security Frameworks
  • Constraints and Considerations for a Security Program
  • Constraints and Considerations for a Security Program cont.
  • Elements of Risk and Security
  • Risk Management
  • Information Security Concepts
  • Information Security Concepts cont.
  • Security Program Elements
  • Security Program Elements cont.
  • Third Party Agreements
  • Roles and Responsibilities of Senior Management
  • Senior Management Commitment
  • Steering Committee
  • CISO Chief Information Security Officer Responsibilities
  • Business Manager Responsibilities
  • IT Staff Responsibilities
  • Centralized versus Decentralized Security
  • Evaluating the Security Program
  • Audit and Assurance of Security
  • Evaluating the Security Program
  • Effective Security Metrics
  • Effective Security Metrics cont.
  • Key Performance Indicators (KPIs)
  • End to End Security
  • Correlation Tools
  • Reporting and Compliance
  • Regulations and Standards
  • Effect of Regulations
  • Reporting and Analysis
  • Ethics
  • Ethical Standards
  • Ethical Responsibility
  • Practice Questions

Module 4 – Information Risk Management and Compliance

  • Exam Relevance
  • Information Asset Classification
  • Roles and Responsibilities
  • Roles and Responsibilities
  • Information Classification Considerations
  • Regulations and Legislation
  • Asset Valuation
  • Valuation Process
  • Information Protection
  • Information Asset Protection
  • Definition of Risk
  • Why is Risk Important
  • Risk Management Definition
  • Risk Management Objective
  • Risk Management Overview
  • Risk Management Overview
  • Defining the Risk Environment
  • Threats to Information and Information Systems
  • Threat Analysis
  • Aggregate Risk
  • Cascading Risk
  • Identification of Vulnerabilities
  • The Effect of Risk
  • Impact
  • Impact cont.
  • Risk Management Process
  • Risk Assessment Methodology
  • Annualized Loss Expectancy (ALE)
  • Qualitative Risk Assessment
  • Data Gathering Techniques
  • Results of Risk Assessment
  • Alignment of Risk Assessment and BIA
  • Risk Treatment
  • Risk Treatment
  • Risk Mitigation and Controls
  • Control Recommendations
  • Cost Benefit Analysis of Controls
  • Cost Benefit Analysis of Controls cont.
  • Risk Mitigation Schematic
  • Control Types and Categories
  • Control Types and Categories cont.
  • Security Control Baselines
  • Ongoing Risk Assessment
  • Measuring Control Effectiveness
  • Building Risk Management In (Agenda)
  • Risk Related to Change Control
  • Controlling Risk in Change Control
  • Risk Management During SDLC
  • Ongoing Risk Management Monitoring and Analysis
  • Audit and Risk Management
  • Audit and Risk Management cont.
  • Risk in Business Process Re-Engineering
  • Risk in Project Management
  • Risk During Employment Process
  • New Employee Initiation
  • Risk During Employment
  • Risk at Termination of Employment
  • Risks During Procurement
  • Risk During Procurement cont.
  • Reporting to Management
  • Documentation
  • Training and Awareness
  • Training and Awareness
  • Training for End Users
  • Practice Questions

Module 5 – Information Security Program Development and Management

  • Course Agenda
  • Exam Relevance
  • Learning Objectives cont.
  • Definition
  • Security Strategy and Program Relationship
  • Information Security Management
  • Importance of Security Management
  • Definition
  • Effective Security Management
  • Reasons for Security Program Failure
  • Program Objectives
  • Security Program Development
  • Security Program Development cont.
  • Outcomes of Information Security Program Development
  • Governance of the Security Program
  • Role of the Information Security Manager (Agenda)
  • Strategy
  • Policy
  • Creating Effective Policy
  • Awareness
  • Implementation
  • Monitoring
  • Compliance
  • Developing an Information Security Road Map
  • Defining Security Program Objectives
  • Inventory of Information Systems
  • Challenges in Developing an Information Security Program
  • Challenges in Developing an Information Security Program cont.
  • Elements of a Security Program Road Map
  • Security Programs and Projects
  • Security Program and Project Development
  • Security Project Planning
  • Selection of Controls
  • Common Control Practices
  • Security Program Elements (Agenda)
  • Policies
  • Acceptable Use Policy
  • Acceptable Use Policy cont.
  • Standards
  • Procedures
  • Guidelines
  • Technology
  • Personnel Security
  • Training and Skills Matrix
  • Organizational Structure
  • Outsourced Security Providers
  • Third-party Service Providers
  • Facilities
  • Facilities Security
  • Environmental Security
  • Information Security Concepts (Agenda)
  • Information Security Concepts (Agenda)
  • Access Control
  • Identification
  • Authentication
  • Authorization
  • Accounting / Auditability
  • Criticality
  • Sensitivity
  • Trust Models
  • Technology-based Security
  • Technologies
  • Security in Technical Components
  • Operations Security
  • Technologies – Access Control Lists
  • Filtering and Content Management
  • Technologies - SPAM
  • Technologies – Databases and DBMS
  • Encryption
  • Technologies - Cryptography
  • Technologies – Cryptography cont.
  • Technologies – Encryption cont.
  • Technologies – Hashing Algorithms
  • Technology – Communications OSI Model
  • Technology – Communications TCP/IP
  • Technologies – Operating Systems
  • Technology - Firewalls
  • Emerging Technologies
  • Intrusion Detection Policies and Processes
  • Intrusion Detection Systems
  • IDS / IPS
  • Password Cracking
  • Vulnerability Assessments
  • Penetration Testing
  • Penetration Testing cont.
  • Third Party Security Reviews
  • Integration into Life Cycle Processes
  • Security in External Agreements
  • Security in External Agreements
  • Security Program Implementation
  • Phased Approach
  • Challenges During Implementation
  • Evaluating the Security Program
  • Evaluating Security Program cont.
  • Evaluating the Security Program cont.
  • Measuring Information Security Risk and Loss
  • Measuring Effectiveness of Technical Security Program
  • Measuring Effectiveness of Security Management
  • Security Project Management
  • Review of Security Compliance
  • Practice Questions

Module 6 - Information Security Incident Management

  • Learning Objectives
  • Definition
  • Goals of Incident Management and Response
  • Goals of Incident Response cont.
  • What is an Incident - Intentional
  • What is an Incident - Unintentional
  • History of Incidents
  • Developing Response and Recovery Plans
  • Incident Management and Response
  • Incident Management and Response cont.
  • Incident Management and Response cont.
  • Importance of Incident Management and Response
  • Incident Response Functions
  • Incident Response Manager Responsibilities
  • Incident Response Manager Responsibilities cont.
  • Requirements for Incident Response Managers
  • Senior Management Involvement
  • The Desired State
  • Strategic Alignment of Incident Response
  • Detailed Plan of Action for Incident Management
  • Detailed Plan of Action for Incident Management - Prepare
  • Detailed Plan of Action for Incident Management – Prepare cont.
  • Detailed Plan of Action for Incident Management - Protect
  • Detailed Plan of Action for Incident Management - Detect
  • Detailed Plan of Action for Incident Management - Triage
  • Detailed Plan of Action for Incident Management - Response
  • Elements of an Incident Response Plan
  • Crisis Communications
  • Challenges in Developing an Incident Management Plan
  • Personnel
  • Personnel cont.
  • Personnel cont.
  • Team Member Skills
  • Skills cont.
  • Skills cont.
  • Security Concepts and Technologies
  • Organizing, Training and Equipping the Response Staff
  • Value Delivery
  • Performance Measurement
  • Reviewing the Current State of Incident Response Capability
  • Audits
  • Gap Analysis – Basis for
  • an Incident Response Plan
  • When an Incident Occurs
  • During an Incident
  • During an Incident cont.
  • Containment Strategies
  • The Battle Box
  • Evidence Identification and Preservation
  • Post Event Reviews
  • Disaster Recovery Planning (DRP) and Business Recovery Processes
  • Development of BCP and DRP
  • Plan Development
  • Plan Development cont.
  • Recovery Strategies
  • Recovery Strategies
  • Basis for Recovery Strategy Selections
  • Disaster Recovery Sites
  • Disaster Recovery Sites cont.
  • Recovery of Communications
  • Notification Requirements
  • Notification Requirements cont.
  • Response Teams
  • Insurance
  • Testing Response and Recovery Plans
  • Types of Tests
  • Test Results
  • Test Results cont.
  • Plan Maintenance Activities
  • BCP and DRP Training
  • Practice Questions

Module 7 - Authentication

  • Agenda
  • Access Control Methodology
  • Access Control Administration
  • Accountability and Access Control
  • Trusted Path
  • Who Are You?
  • Authentication Mechanisms
  • Strong Authentication
  • Authorization
  • Access Criteria
  • Fraud Controls
  • Access Control Mechanisms
  • Agenda
  • Biometrics Technology
  • Biometrics Enrollment Process
  • Downfalls to Biometric Use
  • Biometrics Error Types
  • Biometrics Diagram
  • Biometric System Types
  • Agenda
  • Passwords and PINs
  • Password “Shoulds”
  • Password Attacks
  • Countermeasures for Password Cracking
  • Cognitive Passwords
  • One-Time Password Authentication
  • Agenda
  • Synchronous Token
  • Asynchronous Token Device
  • Cryptographic Keys
  • Passphrase Authentication
  • Memory Cards
  • Smart Card
  • Agenda
  • Single Sign-on Technology
  • Different Technologies
  • Scripts as a Single Sign-on Technology
  • Directory Services as a Single Sign-on Technology
  • Thin Clients
  • Kerberos as a Single Sign-on Technology
  • Tickets
  • Kerberos Components Working Together
  • Major Components of Kerberos
  • Kerberos Authentication Steps
  • Why Go Through All of this Trouble?
  • Issues Pertaining to Kerberos
  • SESAME as a Single Sign-on Technology
  • Federated Authentication
  • Agenda
  • IDS
  • Network IDS Sensors
  • Types of IDSs
  • Behavior-Based IDS
  • IDS Response Mechanisms
  • IDS Issues
  • Trapping an Intruder

Module 8 - Access Control

  • Role of Access Control
  • Definitions
  • More Definitions
  • Layers of Access Control
  • Layers of Access Controls
  • Access Control Mechanism Examples
  • Access Control Characteristics
  • Preventive Control Types
  • Control Combinations
  • Administrative Controls
  • Controlling Access
  • Other Ways of Controlling Access
  • Technical Access Controls
  • Physical Access Controls
  • Accountability
  • Information Classification
  • Information Classification Criteria
  • Declassifying Information
  • Types of Classification Levels
  • Models for Access
  • Discretionary Access Control Model
  • Enforcing a DAC Policy
  • Mandatory Access Control Model
  • MAC Enforcement Mechanism – Labels
  • Where Are They Used?
  • Role-Based Access Control (RBAC)
  • Acquiring Rights and Permissions
  • Rule-Based Access Control
  • Access Control Matrix
  • Access Control Administration
  • Access Control Methods
  • Remote Centralized Administration
  • RADIUS Characteristics
  • RADIUS
  • TACACS+ Characteristics
  • Diameter Characteristics
  • Decentralized Access
  • Control Administration

Module 9 - Security Models and Evaluation Criteria

  • System Protection – Trusted Computing Base
  • System Protection– Reference Monitor
  • Security Kernel Requirements
  • Security Modes of Operation
  • System Protection– Levels of Trust
  • System Protection– Process Isolation
  • System Protection – Layering
  • System Protection - Application Program Interface
  • System Protection- Protection Rings
  • What Does It Mean to Be in a Specific Ring?
  • Security Models
  • State Machine
  • Information Flow
  • Bell-LaPadula
  • Rules of Bell-LaPadula
  • Biba
  • Clark-Wilson Model
  • Non-interference Model
  • Brewer and Nash – Chinese Wall
  • Take-Grant Model
  • Trusted Computer System Evaluation Criteria (TCSEC)
  • TCSEC Rating Breakdown
  • Evaluation Criteria - ITSEC
  • ITSEC Ratings
  • ITSEC – Good and Bad
  • Common Criteria
  • Common Criteria Components
  • First Set of Requirements
  • Second Set of Requirements
  • Package Ratings
  • Common Criteria Outline
  • Certification vs. Accreditation

Module 10 - Operations Security

  • Operations Issues
  • Role of Operations
  • Administrator Access
  • Computer Operations – Systems Administrators
  • Security Administrator
  • Operational Assurance
  • Audit and Compliance
  • Some Threats to Computer Operations
  • Specific Operations Tasks
  • Product Implementation Concerns
  • Logs and Monitoring
  • Records Management
  • Change Control
  • Resource Protection
  • Contingency Planning
  • System Controls
  • Trusted Recovery
  • Fault-Tolerance Mechanisms
  • Duplexing, Mirroring, Check Pointing
  • Redundant Array of Independent Disks (RAID)
  • Fault Tolerance
  • Redundancy Mechanism
  • Backups
  • Backup Types
  • Remote Access
  • Facsimile Security
  • Email Security
  • Before Carrying Out Vulnerability Testing
  • Vulnerability Assessments
  • Methodology
  • Penetration Testing
  • Penetration Testing
  • Hack and Attack Strategies
  • Protection Mechanism – Honeypot
  • Threats to Operations
  • Data Leakage – Social Engineering
  • Data Leakage – Object Reuse
  • Object Reuse
  • Why Not Just Delete File or Format the Disk?
  • Data Leakage – Keystroke Logging
  • Data Leakage – Emanation
  • Controlling Data Leakage – TEMPEST
  • Controlling Data Leakage – Control Zone
  • Controlling Data Leakage – White Noise
  • Summary

Module 11 - Symmetric Cryptography and Hashing

  • Cryptography Objectives
  • Cryptographic Definitions
  • A Few More Definitions
  • Need Some More Definitions?
  • Symmetric Cryptography – Use of Secret Keys
  • Cryptography Uses Yesterday and Today
  • Historical Uses of Symmetric Cryptography
  • Historical Uses of Symmetric Cryptography – Scytale Cipher
  • Historical Uses of Symmetric Cryptography: Substitution Cipher
  • Caesar Cipher Example
  • Historical Uses of Symmetric Cryptography: Vigenere Cipher
  • Polyalphabetic Substitution
  • Vigenere Table Example
  • Example Continued
  • Historical Uses of Symmetric Cryptography: Enigma Machine
  • Historical Uses of Symmetric Cryptography: Vernam Cipher
  • Historical Uses of Symmetric Cryptography: Running Key and Concealment
  • One-Time Pad Characteristics
  • Binary Mathematical Function
  • Key and Algorithm Relationship
  • Why Does a 128-Bit Key Provide More Protection than a 64-Bit Key?
  • Ways of Breaking Cryptosystems – Brute Force
  • Ways of Breaking Cryptosystems – Frequency Analysis
  • Determining Strength in a Cryptosystem
  • Characteristics of Strong Algorithms
  • Open or Closed More Secure?
  • Types of Ciphers Used Today
  • Encryption/Decryption Methods
  • Type of Symmetric Cipher – Block Cipher
  • S-Boxes Used in Block Ciphers
  • Type of Symmetric Cipher – Stream Cipher
  • Encryption Process
  • Symmetric Characteristics
  • Sender and Receiver Must Generate the Same Keystream
  • They both must have the same key and IV
  • Strength of a Stream Cipher
  • Let’s Dive in Deeper
  • Symmetric Key Cryptography
  • Symmetric Key Management Issue
  • Symmetric Algorithm Examples
  • Symmetric Downfalls
  • Secret Versus Session Keys
  • Symmetric Ciphers We Will Dive Into
  • Symmetric Algorithms – DES
  • Evolution of DES
  • Block Cipher Modes – CBC
  • Different Modes of Block Ciphers – ECB
  • Block Cipher Modes – CFB and OFB
  • CFB and OFB Modes
  • Symmetric Cipher – AES
  • Other Symmetric Algorithms
  • Hashing Algorithms
  • Protecting the Integrity of Data
  • Data Integrity Mechanisms
  • Weakness in Using Only Hash Algorithms
  • More Protection in Data Integrity
  • MAC – Sender
  • MAC – Receiver
  • Security Issues in Hashing
  • Birthday Attack
  • Example of a Birthday Attack

Module 12 - Asymmetric Cryptography and PKI

  • Asymmetric Cryptography
  • Public Key Cryptography Advantages
  • Asymmetric Algorithm Disadvantages
  • Symmetric versus Asymmetric
  • Asymmetric
  • Asymmetric Algorithm – Diffie-Hellman
  • Asymmetric Algorithm – RSA
  • Asymmetric Algorithms – El Gamal and ECC
  • Example of Hybrid Cryptography
  • When to Use Which Key
  • Using the Algorithm Types Together
  • Digital Signatures
  • Digital Signature and MAC Comparison
  • What if You Need All of the Services?
  • S. Government Standard
  • Why Do We Need a PKI?
  • PKI and Its Components
  • CA and RA Roles
  • Let’s Walk Through an Example
  • Digital Certificates
  • What Do You Do with a Certificate?
  • Components of PKI – Repository and CRLs
  • Steganography
  • Key Management
  • Link versus End-to-End Encryption
  • End-to-End Encryption
  • E-mail Standards
  • Encrypted message
  • Secure Protocols
  • SSL and the OSI Model
  • SSL Hybrid Encryption
  • SSL Connection Setup
  • Secure E-mail Standard
  • SSH Security Protocol
  • Network Layer Protection
  • IPSec Key Management
  • Key Issues Within IPSec
  • IPSec Handshaking Process
  • SAs in Use
  • IPSec Is a Suite of Protocols
  • IPSec Modes of Operation
  • IPsec Modes of Operation
  • Attacks on Cryptosystems
  • More Attacks

Module 13 - Network Connections

  • Network Topologies– Physical Layer
  • Topology Type – Bus
  • Topology Type – Ring
  • Topology Type – Star
  • Network Topologies – Mesh
  • Summary of Topologies
  • LAN Media Access Technologies
  • One Goal of Media Access Technologies
  • Transmission Types – Analog and Digital
  • Transmission Types – Synchronous and Asynchronous
  • Transmission Types – Baseband and Broadband
  • Two Types of Carrier Sense Multiple Access
  • Transmission Types– Number of Receivers
  • Media Access Technologies - Ethernet
  • Media Access Technologies – Token Passing
  • Media Access Technologies – Polling
  • Cabling
  • Signal and Cable Issues
  • Cabling Types – Coaxial
  • Cabling Types – Twisted Pair
  • Types of Cabling – Fiber
  • Cabling Issues – Plenum-Rated
  • Types of Networks
  • Network Technologies
  • Network Technologies
  • Network Configurations
  • MAN Technologies – SONET
  • Wide Area Network Technologies
  • WAN Technologies Are Circuit or Packet Switched
  • WAN Technologies – ISDN
  • ISDN Service Types
  • WAN Technologies – DSL
  • WAN Technologies– Cable Modem
  • WAN Technologies– Packet Switched
  • WAN Technologies – X.25
  • WAN Technologies – Frame Relay
  • WAN Technologies – ATM
  • Multiplexing

Module 14 - Network Protocols and Devices

  • OSI Model
  • An Older Model
  • Data Encapsulation
  • OSI – Application Layer
  • OSI – Presentation Layer
  • OSI – Session Layer
  • Transport Layer
  • OSI – Network Layer
  • OSI – Data Link
  • OSI – Physical Layer
  • Protocols at Each Layer
  • Devices Work at Different Layers
  • Networking Devices
  • Repeater
  • Hub
  • Bridge
  • Switch
  • Virtual LAN
  • Router
  • Gateway
  • Bastion Host
  • Firewalls
  • Firewall – First line of defense
  • Firewall Types – Packet Filtering
  • Firewall Types – Proxy Firewalls
  • Firewall Types – Circuit-Level Proxy Firewall
  • Type of Circuit- Level Proxy – SOCKS
  • Firewall Types – Application-Layer Proxy
  • Firewall Types – Stateful
  • Firewall Types – Dynamic Packet-Filtering
  • Firewall Types – Kernel Proxies
  • Firewall Placement
  • Firewall Architecture Types – Screened Host
  • Firewall Architecture Types – Multi- or Dual-Homed
  • Firewall Architecture Types – Screened Subnet
  • IDS – Second line of defense
  • IPS – Last line of defense?
  • HIPS
  • Unified Threat Management
  • UMT Product Criteria
  • Protocols
  • TCP/IP Suite
  • Port and Protocol
  • Relationship
  • Conceptual Use of Ports
  • UDP versus TCP
  • Protocols – ARP
  • Protocols – ICMP
  • Protocols – SNMP
  • Protocols – SMTP
  • Protocols – FTP, TFTP, Telnet
  • Protocols – RARP and BootP
  • Network Service – DNS
  • Network Service – NAT

Module 15 - Telephony, VPNs and Wireless

  • PSTN
  • Remote Access
  • Dial-Up Protocols and Authentication
  • Protocols
  • Dial-Up Protocol – SLIP
  • Dial-Up Protocol – PPP
  • Authentication Protocols – PAP and CHAP
  • Authentication Protocol – EAP
  • Voice Over IP
  • Private Branch Exchange
  • PBX Vulnerabilities
  • PBX Best Practices
  • Virtual Private
  • Network Technologies
  • What Is a Tunnelling Protocol?
  • Tunnelling Protocols – PPTP
  • Tunnelling Protocols – L2TP
  • Tunnelling Protocols – IPSec
  • IPSec - Network Layer Protection
  • IPSec
  • IPSec
  • SSL/TLS
  • Wireless Technologies– Access Point
  • Standards Comparison
  • Wireless Network Topologies
  • Wi-Fi Network Types
  • Wireless Technologies – Access Point
  • Wireless Technologies – Service Set ID
  • Wireless Technologies – Authenticating to an AP
  • Wireless Technologies – WEP
  • WEP
  • Wireless Technologies –
  • More WEP Woes
  • Weak IV Packets
  • More WEP Weaknesses
  • How WPA Improves on WEP
  • How WPA Improves on WEP
  • TKIP
  • The WPA MIC Vulnerability
  • 11i – WPA2
  • WPA and WPA2 Mode Types
  • WPA-PSK Encryption
  • Wireless Technologies – WAP
  • Wireless Technologies – WTLS
  • Wireless Technologies – Common Attacks
  • Wireless Technologies – War Driving
  • Kismet
  • Wireless Technologies – Countermeasures
  • Network Based Attacks
  • ARP Attack
  • DDoS Issues
  • Man-in-the Middle
  • Traceroute Operation

Module 16 - Security Architecture and Attacks

  • ESA Definition…
  • What is Architecture?
  • Architecture Components
  • Key Architecture Concepts - Plan
  • Objectives of Security Architecture
  • Technology Domain Modeling
  • Integrated Security is Designed Security
  • Security by Design
  • Architectural Models
  • Virtual Machines
  • Cloud Computing
  • Memory Types
  • Virtual Memory
  • Memory Management
  • Accessing Memory Securely
  • Different States that Processes Work In
  • System Functionality
  • Types of Compromises
  • Disclosing Data in an Unauthorized Manner
  • Circumventing Access Controls
  • Attacks
  • Attack Type – Race Condition
  • Attack Type - Data Validation
  • Attacking Through Applications
  • How Buffers and Stacks Are Supposed to Work
  • How a Buffer Overflow Works
  • Attack Characteristics
  • Attack Types
  • More Attacks
  • Host Name Resolution Attacks
  • More Attacks (2)
  • Watching Network Traffic
  • Traffic Analysis
  • Cell Phone Cloning
  • Illegal Activities

Module 17 - Software Development Security

  • How Did We Get Here?
  • Device vs. Software Security
  • Why Are We Not Improving at a Higher Rate?
  • Usual Trend of Dealing with Security
  • Where to Implement Security
  • The Objective
  • Security of Embedded Systems
  • Development Methodologies
  • Maturity Models
  • Security Issues
  • OWASP Top Ten (2011)
  • Modularity of Objects
  • Object-Oriented Programming Characteristic
  • Module Characteristics
  • Linking Through COM
  • Mobile Code with Active Content
  • World Wide Web OLE
  • ActiveX Security
  • Java and Applets
  • Common Gateway Interface
  • How CGI Scripts Work
  • Cookies
  • PCI Requirements
  • Virtualization - Type 1
  • Virtualization – Type 2

Module 18 - Database Security and System Development

  • Database Model
  • Database Models – Hierarchical
  • Database Models – Distributed
  • Database Models – Relational
  • Database Systems
  • Database Models – Relational Components
  • Foreign Key
  • Database Component
  • Database Security Mechanisms
  • Database Data Integrity Controls
  • Add-On Security
  • Database Security Issues
  • Controlling Access
  • Database Integrity
  • Data Warehousing
  • Data Mining
  • Artificial Intelligence
  • Expert System Components
  • Artificial Neural Networks
  • Software Development Models
  • Project Development – Phases III, IV, and V
  • Project Development–Phases VI and VII
  • Verification versus Validation
  • Evaluating the Resulting Product
  • Controlling How Changes Take Place
  • Change Control Process
  • Administrative Controls
  • Malware
  • Virus
  • More Malware
  • Rootkits and Backdoors
  • DDoS Attack Types
  • Escalation of Privilege
  • Protect against privilege escalation
  • DDoS Issues
  • DDoS
  • Buffer Overflow Definition
  • Overflow Illustration
  • Mail Bombing
  • E-Mail Links
  • Phishing
  • Spear Phishing
  • Replay Attack
  • Cross-Site Scripting Attack
  • Timing Attacks
  • More Advanced Attacks
  • Summary

Module 19 – Malware and Software Attacks

  • Malware
  • Virus
  • More Malware
  • Rootkits and Backdoors
  • DDoS Attack Types
  • Escalation of Privilege
  • DDoS Issues
  • DDoS
  • Buffer Overflow Definition
  • Overflow Illustration
  • Buffer Overflows
  • Mail Bombing
  • E-Mail Links
  • Phishing
  • Spear Phishing
  • Replay Attack
  • Cross-Site Scripting Attack
  • Timing Attacks
  • More Advanced Attacks
  • Summary

Module 20 - Business Continuity

  • Phases of Plan
  • Who Is Ready?
  • Pieces of the BCP
  • BCP Development
  • Where Do We Start?
  • Why Is BCP a Hard Sell to Management?
  • Understanding the Organization
  • Critical products and services
  • Dependencies
  • Supply chain
  • Between departments
  • Personnel
  • Information
  • Equipment
  • Facilities
  • BCP Committee
  • BCP Risk Analysis
  • Identify Vulnerabilities and Threats
  • Categories
  • How to Identify the Most Critical Company Functions
  • Loss Criteria
  • Interdependencies
  • Identifying Functions’ Resources
  • How Long Can the Company Be Without These Resources?
  • Calculating MTD
  • Recovery Point Objective
  • Calculation of maximum data loss
  • Determines backup strategy
  • Defines the most current state of data upon recovery
  • Recovery Strategies
  • Based on the results of the BIA
  • May be different for each department
  • Must be less than MTD
  • Sets the RTO
  • What Items Need to Be Considered in a Recovery?
  • Facility Backups – Hot Site
  • Facility Backups – Warm Site
  • Facility Backups – Cold Site
  • Compatibility Issues with Offsite Facility
  • Which Do We Use?
  • Choosing Offsite Services
  • Subscription Costs
  • Choosing Site Location
  • Other Offsite Approaches
  • BCP Plans Commonly and Quickly Become Out of Date
  • Summary

Module 21 - Disaster Recovery

  • Proper Planning
  • Executive Succession Planning
  • Preventing a Disaster
  • Preventive Measures
  • Backup/Redundancy Options
  • Disk Shadowing
  • Backing Up Over Telecommunication
  • Serial Lines
  • HSM
  • SAN
  • Co-Location
  • Other Options
  • Review - Results from the BIA
  • Review - Results from
  • Recovery Strategy
  • Now What?
  • Priorities
  • Plan Objectives
  • Defining Roles
  • The Plan
  • Recovery
  • Return to Normal Operations
  • Environment
  • Operational Planning
  • Emergency Response
  • Reviewing Insurance
  • When Is the Danger Over?
  • Now What?
  • Testing and Drills
  • Types of Tests to Choose From
  • What Is Success?
  • Summary

Module 22 - Incident Management, Law, and Ethics

  • Seriousness of Computer Crimes
  • Incidents
  • Incident Management Priorities
  • Incident Response Capability
  • Incident Management Requires
  • Preparing for a Crime Before It Happens
  • Incident Response Phases
  • Types of Law
  • Foundational Concepts of Law
  • Common Laws – Criminal
  • Common Laws – Civil
  • Common Laws – Administrative
  • Intellectual Property Laws
  • More Intellectual Property Laws
  • Software Licensing
  • Digital Millennium Copyright Act
  • Historic Examples of Computer Crimes
  • Who Perpetrates These Crimes?
  • The Evolving Threat
  • Types of Motivation for Attacks
  • A Few Attack Types
  • Telephone Fraud
  • Identification Protection & Prosecution
  • Computer Crime and Its Barriers
  • Countries Working Together
  • Security Principles for International Use
  • Determine if a Crime Has Indeed Been Committed
  • When Should Law Enforcement Get Involved?
  • Citizen versus Law Enforcement Investigation
  • Investigation of Any Crime
  • Role of Evidence in a Trial
  • General Rules for Evidence
  • Evidence Requirements
  • Evidence Collection Topics
  • Chain of Custody
  • How Is Evidence Processed?
  • Evidence Types
  • Hearsay Rule Exception
  • Privacy of Sensitive Data
  • Privacy Issues – U.S. Laws as Examples
  • European Union Principles on Privacy
  • Routing Data Through Different Countries
  • Employee Privacy Issues
  • Computer Forensics
  • Trying to Trap the Bad Guy
  • Companies Can Be Found Liable
  • Sets of Ethics
  • Ethics – mile2
  • Ethics – Computer Ethics Institute
  • Ethics – Internet Architecture Board
  • GAISP- Generally Accepted Information Security Principles

Module 23 - Physical Security

  • Physical Security – Threats
  • Different Types of Threats & Planning
  • Facility Site Selection
  • Facility Construction
  • Devices Will Fail
  • Controlling Access
  • Possible Threats
  • External Boundary Protection
  • Lock Types
  • Facility Access
  • Piggybacking
  • Securing Mobile Devices
  • Entrance Protection
  • Perimeter Protection – Fencing
  • Perimeter Protection – Lighting
  • Perimeter Security – Security Guards
  • Surveillance/Monitoring
  • Types of Physical IDS
  • Electro-Mechanical Sensors
  • Volumetric Sensors
  • Facility Attributes
  • Electrical Power
  • Problems with Steady Power Current
  • Power Interference
  • Power Preventive Measures
  • Environmental Considerations
  • Fire Prevention
  • Automatic Detector Mechanisms
  • Fire Detection
  • Fire Types
  • Suppression Methods
  • Fire Extinguishers
  • Fire Suppression

 

PreRequisites

 

 

  • 1 Year experience in at least 2 modules or
  • 1 year in IS Management

 

Audience

 

 

  • IS Security Officers
  • IS Managers
  • Risk Managers
  • Auditors
  • Information Systems Owners
  • IS Control Assessors
  • System Managers
  • Government

 

$4000.00 List Price

5 Days Course

Class Dates

Request a Date or a Private Class below.


MAX Educ. Savings
Category:
Loading ...