Information Security Essentials

Course overview

This 3-day course prepares you to look at your business through a security lens, and to develop and implement a comprehensive information security strategy that will help your business to stay competitive. It covers key security concepts, providing real-world examples of how to implement security measures and risk mitigation methods in your Business. This training is a valuable resource in preparation for many industry recognized certification exams.

Prerequisites

• A basic understanding of operating systems and networks
• Some experience with managing networks is helpful but not required

Audience

• IT Professionals who want an overview of security concepts and techniques
• Managers who want to understand the critical areas of information security
• Anyone working towards an industry recognized certification such as ISO/IEC27002, CISSP, Security+, CCSK or CISMP

Ways to save

Next steps

• Risk Management (HL946S)
• Business Contingency (HL947S)
• Security Policy and Governance for the Enterprise (HL948S) – coming soon

Course outline

Module 1: Setting a Secure Foundation

• Key security terminology
• Security and your company
• Security compliance requirements
• Security lifecycle
• Tenets of security
• TCP/IP technical refresher

Module 2: Understanding and Managing Risk

• Risk and risk management terms
• Apply definitions to an environment
• Potential threat vectors
• Business impact analysis
• Common enterprise vulnerabilities
• Levels of risk
• Performing quantitative and qualitative risk assessment
• Risk response strategy appropriate to level of risk
• Identify risk response strategies
• Applying risk analysis to an enterprise scenario

Module 3: Business continuity planning

• Importance of contingency or continuity planning
• Conditions that make it necessary
• Relationship to risk management
• Key elements of service level agreements
• Levels of redundancy
• Redundancy considerations
• Testing your BCP
• Applying BCP to an enterprise scenario

Module 4: Threats, Vulnerabilities, Attacks, and Countermeasures

• The most common attacks involving technology
• Physical and social forms of security attack
• Common malware overview

Module 5: Consumerization of IT and the Cloud

• Defining consumerization of IT
• Recognizing consumerization effects to the enterprise
• Identifying security risks in consumerization
• Security and mobile devices
• Social media risks and policies
• Cloud computing benefits and security risks
• Security policy basics for consumerization

Module 6: Security Technologies

• Firewall operation and network security
• Intrusion detection and prevention systems
• Cryptography - secure communications
• Virtual private networks for security

Module 7: Useful Tools

• Vulnerability scanning
• Interpreting results and generating management reports
• Identifying tools to use
• Using Nessus to scan port vulnerabilities
• Using Network Mapper to identify systems on the network
• Using Netstumbler wireless network scanner

Module 8: Best Practices, Frameworks, and Security Policy

• Best practice checklist
• Understanding security frameworks available
• Most overlooked and underestimated threats