|
Day
1
Module 1 - Access Control
Steps
of Access Control, Access Control Mechanisms, Authentication, Biometrics,
Password Practices, Synchronous One-Time Password Generator, Asynchronous
One-Time Password Generator, Token Devices, Passphrase, Authentication
Mechanisms, Single Sign-On Technologies, Kerberos Components, Access
Control Models, Discretionary Access Control, Mandatory Access Control,
Security Labels, Role-based Access Control, Role-based Access Model,
Lattice-based Access Control, Rule-based Access Control, Centralized
Access Control Administration, Decentralized Access Control Administration,
RADIUS Steps, TACACS Steps, Technical Controls, Physical Controls,
Accountability, Log Protection, Social Engineering, IDS, Penetration
Testing, Attack Strategies
Module
2 - Network and Telecommunications Security
TCP\IP,
IP, UDP Versus TCP, Networks, Intranet and Extranet, Network Wiring,
Network Topologies, LAN Media Access Technologies, Protocols, Networking
Devices, Firewalls, Bastion Host, Demilitarized Zone, Virtual Private
Network, Tunneling Protocols, Wide Area Network, Remote Access,
Dial-up and RAS, PBX Protection, Physical and Data Link Layer, Wireless
Application Protocol, Wired Equivalent Privacy (WEP) , Possible
WLAN Attacks, War Driving, Countermeasures
Day 2
Module
3 - Information Security and Risk Management
Evolution
of Security Management, Security through Obscurity, Control Types,
Due Care and Due Diligence, CIA Triad, Possible Threats, Security
Controls, Security Models, Risk Management, Steps of a Risk Analysis,
Security Policies, Approach to Security Management, Data Classification,
Commercial versus Military Classifications, Employee Management
Module
4 - Applications and Systems Development
Applications
and Systems Development Objectives, Project Development, Verification
versus Validation, Administrative Control, Change Control, Configuration
Management Issues, Software Development, Application Development
Methodology, Object-Oriented Programming, Module Interaction, Cohesive
and Coupling, Distributed Computing, Java Security, Database Systems,
Database Security Mechanisms, Data Mining, Artificial Intelligence,
Artificial Neural Networks, Malicious Code, Attack Types, Smurf
Attack, SYN Attack, Timing Attacks
Day 3
Module
5 - Cryptography
History
of Cryptography, Scytale Cipher, Cryptography in War, Protection
of Encryption, Keys and Text, Breaking Encryption Systems, Attack
on Cipher Types, Government and Cryptography, Clipper Chip, Escrowing
Keys, Cipher Types, S-boxes in Block Ciphers, Stream Cipher, Symmetric
versus Asymmetric, Key Distribution, Public Key Cryptography, Key
Management, Data Encryption, Creation of a Session Key with Diffie-Hellman,
Key recovery, Secured and Signed Message, Types of Symmetric Algorithms,
DES Conceptually, Advanced Encryption Standard, Message Integrity,
Hashing Algorithms, Digital Signature, Message Integrity, Public
Key Infrastructure, Certificate Details, CA Hierarchy, Cross-certification,
CA Communication, One-Time Pad, E-mail Security, Secure Protocols,
SET, IPSec, Attacks Types
Module
6 - Security Architecture and Design
Computer
Architecture Components, Central Processing Unit (CPU), Storage
Types, Memory Mapping, Hardware Segmentation, Process versus Thread,
OSI Model, Data Encapsulation, Application Layer, Presentation Layer,
Session Layer, Transport Layer, Network Layer, Data Link and Physical
Layers, Protocols at Each Layer, Systems Self Protection, Resource
Access, Process Isolation, Layered Approach, Protection Rings, Trusted
Computing Base, Security Perimeter, Reference Monitor, Security
Kernel, Operating States, Security Models, State Machine Models,
Bell-LaPadula Model, Biba Model, Clark-Wilson Model, Non-Interference
Model, Information Flow Model, Brewer and Nash Model - Chinese Wall
Security Policy, Trusted Computer System Evaluation Criteria (TCSEC),
Information Technology Security Evaluation Criteria (ITSEC), Common
Criteria, Timing Attacks
Day 4
Module
7 - Operations Security
Operations
Security Objectives, Operational Controls, Control Types, Audit
Data, Configuration Management, Trusted Recovery, Facsimile Security,
Operational Duties, Network Availability, RAID Levels, Redundancy
Mechanism, Backups, Threats and Attacks
Module
8 - Business Continuity and Disaster Recovery Planning
Disaster
Recovery Issues, Impacting Business, Possible Threats, Categories
of Disruptions, Results from the BIA, Disaster Recovery Plan, Developing
a Recovery Team, Backup Alternatives, Facility Backups, Electronic
Vaulting, Off-Site Storage, Testing and Drills, Maintenance, Phases
of Plan, Preventions
Day 5
Module
9 - Legal, Regulations, Compliance and Investigations
Law,
Investigation, and Ethics Objectives, Ethics, Computer Crime Issues,
Attack Types, Phone Fraud, Legal Liability, Risk Assessment, Privacy
Issues, International Issues, Types of Common Laws, Criminal Law,
Civil Law, New Federal Policies, Intellectual Property Laws, Responding
to a Computer Crime, Incident Handling, Incident Response, Forensics,
Evidence
Module
10 - Physical (Environmental) Security
Physical
Security Components, Threats, Facility Location, Facility Construction,
Facility Attributes, Physical Security Controls, Hardware Backups,
Electrical Power, Environmental Considerations, Fire Prevention,
Entrance Protection, Audit Trails, Exterior Boundary Protection,
Perimeter Issues, Perimeter Protection, Security Guards, Monitoring,
Intrusion Detection Systems
|
