Information Security Essentials (HL945S)
This course prepares you to look at your business through an information security lens, and to develop and implement a comprehensive information security strategy that will help your business to stay competitive. It covers key security concepts, providing real-world examples of how to implement security measures and risk mitigation methods in your organization.
Audience
- IT Managers or members of Information Security Management Teams
- Security and Systems Managers
- Anyone working towards an industry recognized certification such as – ISO/IEC 27001, ISO/IEC 27002, CISMP, CISSP, Security+ or CCSK
Prerequisites
- A basic understanding of operating systems and networks
- Some experience with managing networks is helpful but not required
- Some experience in project management or organizational management may be helpful but not required
Certifications
This course has been accredited by EXIN for the ISO/IEC 27002 (ISFS) certification and prepares you for the APMG-International ISO/IEC 27001 certification. Also, attend the additional 2-day Information Security Essentials Plus (HL946S) and prepare to challenge the Certified Information Security Management Principles (CISMP) exam by BCS.This course provides a stepping-stone to more advanced certifications, either managerial or technical (such as CISSP, Security+ and CCSK), and fits nicely with existing project management and service management programs.
Course Objectives
- Champion the security cause in your organization
- Describe an integrated approach to cyber security
- Move past compliance and to security as an advantage
- Integrate cyber security into the lifecycle of all services
- Understand confidentiality, integrity, and availability
- Improve risk assessment/risk management activities
- Gain knowledge regarding threats, vulnerabilities, and appropriate controls
- List regulations which may impact business goals
- Prepare for industry-recognized cyber security certifications
- Become a Chief Information Security Officer
Detailed course outline
Module 1: Setting a Secure Foundation
- Champion the business case for the importance of information security
- Describe how security/IA can become a business advantage
- Discuss information assurance maturity models
- Identify relevant sources of compliance requirements: legislative, regulatory, client
Module 2: Defining Key Tenets of Information Security
- Define information security and its key elements, Confidentiality, Integrity, and Availability
- Map compliance requirements to securing information (CIA)
- Differentiate between threats, vulnerabilities, and attacks
- Apply definitions to an environment
- Identify forms of threat
- List common enterprise vulnerabilities
- Describe what constitutes a security incident
Module 3: Managing Information Security in the Organization
- Communicate the advantages of using an existing framework
- Illustrate the security governance lifecycle
- List the key roles, responsibilities, and interactions
- Describe components of security professionalism and ethics
- Differentiate between policy, standard, procedure, and guideline
- Distinguish what makes a good security policy
- Describe the importance of communicating policies
Module 4: Introduction to IT Threats, Vulnerabilities, and Attacks
- Describe vulnerabilities in client/server communication
- Describe why large organizations are vulnerable
- Identify physical, technical, and social forms of security threat
- Identify and describe the most common attacks
- Discuss common examples of social engineering
Module 5: Assessing Risk
- Describe the role of risk management in information security and how the elements fit with the security governance lifecycle
- Estimate your organization's risk appetite in various key areas and begin a plan to verify
- Distinguish business impact analysis from risk assessment
- Distinguish quantitative and qualitative risk analysis
- List applicable privacy legislation in different regions
- List categories of intellectual property law
- Define vulnerability scanning
- List sample tools for port scanning and other vulnerability scanning
- Identify tool selection and comparison criteria
- Develop a useful report of outcome of scanning
Module 6: Controlling Access
- Describe the importance of access control in implementing information security
- Demonstrate how authentication and authorization work together to provide access control
- Outline why technical and physical controls for access are both important
Module 7: Selecting Controls
- List common controls for each category of threat
- List/categorize countermeasures by strategy
- Discuss the importance of patch management
- Categorize physical controls
- Discuss technical countermeasures
- Identify firewall positioning in network architecture and the DMZ network
- List actions a firewall can take in response to types of traffic
- Describe use of intrusion prevention systems
- Describe how an IPS detects an attack
- Compare types of IPS
- Describe how virtual private networking supports security objectives
- Describe how encryption aids security
- Describe how encryption is performed
- Distinguish between symmetric and asymmetric encryption
- Describe the positioning of virus scanners
Module 8: Planning Security for Consumerization of IT and the Cloud
- Describe the impact that the Consumerization of IT is having on IT
- Discuss the threats and vulnerabilities in the mobile world
- Summarize security interventions for mobile devices
- Identify the risks of social media
- Summarize controls for social media related threats
- Describe the relationship between cloud computing and consumerization
- Distinguish types of cloud based computing and services
- Identify risks of different forms of cloud use
- List controls for security in the cloud
- Describe the impact on security of big data, internet of things, and dark web
Module 9: Secure Outsourcing
- Describe the difference between outsourcing and managed service providers
- Develop polices, standards, procedures for third party vendors
- Understand compliance requirements for working with third parties
- List typical obligations for contractors
- Champion controls on third party access
- Describe security controls for information exchanged with contractors
- Develop processes for managing information during supplier changes
- Name business continuity management links to outsourced service providers
- List investigation and forensics requirements for suppliers
Module 10: Business Continuity and Disaster Recovery Planning
- Describe the importance of continuity planning
- List conditions that make it necessary
- Define continuity planning and terms
- Describe the relationship with risk management
- Identify elements of a business continuity plan
- Compare and contrast BCP and DRP
- Define key elements of service level agreements
- Describe verification techniques for redundancy
- Explain redundancy considerations
Module 11: Implementing Strategies for Security Success
- Address some of the most overlooked threats in IT Security
- List best practices in hiring and educating employees
