IT Management Consulting, Training Services, Audit & Security Reviews Since 1984

CPE Credits: 35


This five day seminar is an introduction to the various technical and administrative aspects of Information Security and Assurance. This seminar provides the foundation for understanding the key issues associated with protecting information assets, determining the levels of protection and response to security incidents, and designing a consistent, reasonable information security system, with appropriate intrusion detection and reporting features.

The purpose of the seminar is to provide the attendee with an overview of the field of Information Security and Assurance. Attendees will be exposed to the spectrum of security activities, methods, methodologies, and procedures. Coverage will include inspection and protection of information assets, detection of and reaction to threats to information assets, and examination of pre- and post-incident procedures, technical and managerial responses and an overview of the information security planning and staffing functions.


 System administrators, managers of telecommunications, directors of corporate security, safety and continuity planning, and IT professionals who through their involvement in managing or directing their organization's IT infrastructure are responsible for establishing and maintaining information security policies, practices and procedures. This seminar would also be of value to financial and operational audit professionals as well as non-IT professionals tasked with the responsibility for assessing their organization's IT operations, infrastructure, and security.


 There is no prerequisite for this seminar.


After completing this seminar, attendees will be able to:

  • Understand what information security is and how it came to mean what it does today
  • Comprehend the history of computer security and how it evolved into information security
  • Understand the key terms and critical concepts of information security as presented in the chapter
  • Outline the phases of the security systems development life cycle
  • Understand the role professionals involved in information security in an organizational structure. Identify and prioritize information assets
  • Identify and prioritize threats to information assets
  • Define an information security strategy and architecture
  • Plan for and respond to intruders in an information system
  • Describe legal, ethical and public relations implications of security and privacy issues
  • Present a disaster recovery plan for recovery of information assets after an incident

Course Outline:


Introduction to Information Security
  • History of Information Security
  • What is Security?
  • What Is Information Security?
  • Critical Characteristics of Information
  • NSTISSC Security Model
  • Components of an Information System
  • Securing Components
  • Balancing Security and Access
  • The Security Systems Development Life Cycle
  • Resolving Vulnerabilities
  • Information Security: Art or Science?
  • IT Security and Corporate Governance
  • Security Management Best Practices
  • Security Event Management
  • Mini Case Exercise
The Need for Security
  • Business Needs First, Technology Needs Last
  • Protecting the ability of the Organization to Function
  • Establishing Safe Operation of Applications
  • Protecting Data Collected by Organizations
  • Safeguarding Technology Assets
  • Threat Analysis
  • Security Investigation Phase
  • Attack Analysis
  • International Laws and Legal Bodies
  • Policy Versus Law
  • Ethical Concepts in Information Security
  • Organizational Liability and the Need for Counsel
  • Mini Case Exercise
Security Analysis
  • Risk Management
  • Risk Identification
  • Risk Assessment
  • Determining Results of Risk Assessment
  • Risk Control Strategies
  • Risk Mitigation Strategy selection
  • Controls
  • Recommended Practices in Controlling Risk
Logical Design
  • Blueprint for Security
  • Information Security Policies, Standards, and Procedures
  • NIST Security Models
  • Design of Security Architecture
  • Planning for Continuity
  • Business Impact Analysis
  • Incident Response Planning
  • Incident Reaction
  • Incident Recovery
  • Disaster Recovery Planning
  • Business Continuity Planning
  • Incident Management Case Exercise
Physical Design
  • Security Technology
  • Physical Design of the SecSDLC
  • Firewalls
  • Dial-up Protection
  • Intrusion Detection Systems
  • Scanning and Analysis Tools
  • Content Filters
  • Cryptography and Encryption-based Controls
  • Access Control Devices
  • Physical Security
  • Implementing Security
  • Access Controls
  • Fire Safety
  • Interception of Data
  • Remote Computing Security
  • Evaluating Physical Security Threats
  • Mini Case Exercise
Maintenance and Change
  • Staffing the Security Function
  • Credentials of Security Professionals
  • Employment Policies and Practices
  • Security Considerations for Non-employees
  • Separation of Duties and Collusion
  • Privacy and Security of Personal Data
  • Information Security Maintenance
  • Mini Case Exercise


Dr. Marcella's seminar will draw upon his 29 years of field experience in the areas of corporate, data, IT and physical security and his roll as a Board of Director member for the Saint Louis community InfraGard project, a Board of Governor member for the Saint Louis Institute of Internal Auditors and as a member of the Saint Louis Cyber-Terrorism Task Force.

For more information contact Dr. Marcella personally

Business Automation Consultants, LLC

P.O. Box 63362
St. Louis, MO 63163
(314) 504-0530
View Al Marcella, Ph.D., CISA, CFSA, CDP's profile on LinkedIn


Other Services: