Security Architecture, Cryptography,
Operations Security, Applications and Systems Development, Law,
Investigations, and Ethics BCP/DR, Physical Security
Key Topics:
Security Architecture and Models
Formal security standards: Common Criteria, ITSEC, TSEC, and the
IETF
Computer and
network system principles: addressing, operating states, modes,
and protection mechanisms
Information
System certification and accreditation
Common architectural
flaws: covert channels, initialization and failure states, input
and parameter checking, EMI.
Cryptography
Symmetric (private key) and asymmetric (public key) methods
Message authentication
and digital signatures
Methods: PGP,
DES, RSA, SHA, MD5, and triple-DES
Public Key
Infrastructure and certificates
Kerberos,
ISAMP, and IPSEC
Operations Security
Hardware and media security controls
Operators
and resource access privileges
Principles:
separation of duties, least privilege, need to know
Preventive,
detective, and recovery controls
Internal and
external auditing
Intrusion
Detection
Application and System Development
Security and controls for systems development
Basic tools
for data/application integrity
Security control
architecture
Malicious
code
Attacks: spoofing,
logic bombs, trap doors, and traffic analysis
Law, Investigation, and Ethics
Major U.S. laws: three major types of laws.
Ethical issues
Model codes
of conduct
Evidence gathering
Incident handling
Business Continuity Planning and Disaster Recovery
Planning (Day Three)
Business continuity planning
Recovery plan
development, implementation, and restoration
Business impact
assessments
Recovery strategy
alternatives
Physical Security
Physical security threats
Personnel
access controls
Audit trails
Basic fire
detection and suppression
Facility management
and planning requirements
Length of Training:
3 Days (24 hours)
Class Dates :
June 18-20, 2003 (Weekdays*)
August 13-15, 2003 (Weekdays*)
Tutition:
$795.00 (Includes training, training materials, and parking)
* Weekdays courses are from 9:00 a.m.
- 4:30 p.m.
|
