| Day 1 |
Introduction |
Security Management Practices
- Management Responsibilities
- Security Policies and their supporting counterparts
- Information Classification
- Roles and Responsibilities
- Risk management
- Security Awareness
|
Access Control
- Identification, authentication, authorization methods
- Authentication methods, models and techniques
- Discretionary, mandatory and non-discretionary access control
- Accountability, monitoring and auditing practices
- Possible threats to access control practices and technologies
|
Security Architecture
- Computer architecture and the items that fall within it
- Components within an operating system
- OSI Model
- Trusted computing base and security mechanisms
- Different security models used in software development
- Security criterion and ratings
- Certification and accreditation processes
|
| Day 2 |
|
Business Continuity Planning
- Business Continuity Planning
- Disaster Recovery Planning
- Possible Threats
- Business Impact Analysis
- Roles and Responsibilities
Backups and Off-site Facilities |
Cryptography
- History of cryptography
- Cryptography components and their relationships
- Government involvement in cryptography
- Symmetric and asymmetric key cryptosystems
- Public key infrastructure (PKI) concepts and mechanisms
- Hashing algorithms and uses
- Types of attacks on cryptosystems
|
Physical Security
- Administrative, technical and physical controls pertaining to physical security
- Facility location, construction and management
- Physical security risks, threats and countermeasures
- Electrical measures and countermeasures
- Fire prevention, detection and suppression
- Authenticating individuals and intrusion detection
|
| Day 3 |
|
Telecommunication, Network and Internet Security
- TCP/IP Suite
- Cabling and data transmission types
- LAN and WAN technologies
- Network devices and service
- Telecommunication protocols and devices
- Remote access methods and techniques
- Fault tolerance mechanisms
|
Law Investigations, Ethics
- Ethics, pertaining to security professionals and best practices
- Computer crimes and computer laws
- Motivations and profiles of attackers
- Computer crime investigation process and evidence collection
- Incident handling procedures
- Different handling procedures
- Different types of evidence
- Laws and acts put into effect to fight computer crime
|
| Day 4 |
|
Applications Security
- Different types of software controls and implementation
- Database concepts and security issues
- Data warehousing and data mining
- Software life cycle development processes
- Change control concepts
- Object-oriented programming components
- Expert systems and artificial intelligence
|
Operations Security
- Operations responsibilities
- Configuration management
- Media access protection
- System recovery
- Facsimile security
- Intrusion detection systems
- Attack types
Review of all ten domains
Practice Exam |
