Training Courses

INFOSEC100: The Information Security Manager: Fundamentals of Managing Information Security

CPE credits: 35

Description: This five day seminar is an introduction to the various technical and administrative aspects of Information Security and Assurance. This seminar provides the foundation for understanding the key issues associated with protecting information assets, determining the levels of protection and response to security incidents, and designing a consistent, reasonable information security system, with appropriate intrusion detection and reporting features.

The purpose of the seminar is to provide the attendee with an overview of the field of Information Security and Assurance. Attendees will be exposed to the spectrum of security activities, methods, methodologies, and procedures. Coverage will include inspection and protection of information assets, detection of and reaction to threats to information assets, and examination of pre- and post-incident procedures, technical and managerial responses and an overview of the information security planning and staffing functions.

Audience: System administrators, managers of telecommunications, directors of corporate security, safety and continuity planning, and IT professionals who through their involvement in managing or directing their organization's IT infrastructure are responsible for establishing and maintaining information security policies, practices and procedures. This seminar would also be of value to financial and operational audit professionals as well as non-IT professionals tasked with the responsibility for assessing their organization's IT operations, infrastructure, and security.

Prerequisites: There is no prerequisite for this seminar.

Objectives: After completing this seminar, attendees will be able to:

Understand what information security is and how it came to mean what it does today
Comprehend the history of computer security and how it evolved into information security
Understand the key terms and critical concepts of information security as presented in the chapter
Outline the phases of the security systems development life cycle
Understand the role professionals involved in information security in an organizational structure. Identify and prioritize information assets
Identify and prioritize threats to information assets
Define an information security strategy and architecture
Plan for and respond to intruders in an information system
Describe legal, ethical and public relations implications of security and privacy issues
Present a disaster recovery plan for recovery of information assets after an incident

Course Outline:

Introduction to Information Security

History of Information Security
What is Security?
What Is Information Security?
Critical Characteristics of Information
NSTISSC Security Model
Components of an Information System
Securing Components
Balancing Security and Access
The Security Systems Development Life Cycle
Resolving Vulnerabilities
Information Security: Art or Science?
IT Security and Corporate Governance
Security Management Best Practices
Security Event Management
Mini Case Exercise

The Need for Security

Business Needs First, Technology Needs Last
Protecting the ability of the Organization to Function
Establishing Safe Operation of Applications
Protecting Data Collected by Organizations
Safeguarding Technology Assets
Threat Analysis
Security Investigation Phase
Attack Analysis
International Laws and Legal Bodies
Policy Versus Law
Ethical Concepts in Information Security
Organizational Liability and the Need for Counsel
Mini Case Exercise

Security Analysis

Risk Management
Risk Identification
Risk Assessment
Determining Results of Risk Assessment
Risk Control Strategies
Risk Mitigation Strategy selection
Controls
Recommended Practices in Controlling Risk

Logical Design

Blueprint for Security
Information Security Policies, Standards, and Procedures
NIST Security Models
Design of Security Architecture
Planning for Continuity
Business Impact Analysis
Incident Response Planning
Incident Reaction
Incident Recovery
Disaster Recovery Planning
Business Continuity Planning
Incident Management Case Exercise

Physical Design

Security Technology
Physical Design of the SecSDLC
Firewalls
Dial-up Protection
Intrusion Detection Systems
Scanning and Analysis Tools
Content Filters
Cryptography and Encryption-based Controls
Access Control Devices
Physical Security

Implementation

Implementing Security
Access Controls
Fire Safety
Interception of Data
Remote Computing Security
Evaluating Physical Security Threats
Mini Case Exercise

Maintenance and Change

Staffing the Security Function
Credentials of Security Professionals
Employment Policies and Practices
Security Considerations for Non-employees
Separation of Duties and Collusion
Privacy and Security of Personal Data
Information Security Maintenance
Mini Case Exercise

Dr. Marcella's seminar will draw upon his 29 years of field experience in the areas of corporate, data, IT and physical security and his roll as a Board of Director member for the Saint Louis community InfraGard project, a Board of Governor member for the Saint Louis Institute of Internal Auditors and as a member of the Saint Louis Cyber-Terrorism Task Force.

Back to training courses.

IT Management Consulting, Training Services, and Audit & Security Reviews Since 1984