Boston Professional Events List


Information Security Boot Camp - ISG291


Date
Apr 03, 2017 - 07:00 AM - Apr 07, 10:00 PM
Organizer
MISTI
Location
TBD-Boston Boston, MA 02108 United States,

Boston,
MA ,
US,
ZIP: 02108
Phone: (508) 879-7999

"Great overview of Info Sec concepts and initial prep for CISSP."
-Senior Auditor, Salesforce.com

Increasing reports of targeted hacker attacks. Data leakage in all directions. Viruses, worms, and other forms of computer crime. Heightened attention to corporate governance. Today’s organizations are under increasing pressure to ensure the effectiveness of their information security efforts while using virtualization and cloud computing and as a result, information security has become a priority business issue. Yet in spite of their far-reaching strategic business implications, security threats and vulnerabilities are still often misunderstood and underestimated by line and IT management. To further add to the confusion, this vital function is often viewed mostly as a technology issue. 
 
In this information-packed five-day seminar, attendees will cover the essential areas needed to construct or audit a comprehensive information security framework. You will gain a business-oriented, architectural perspective that defines how to organize and oversee a risk-based enterprise information security program, blending best management practices with key physical and information technology safeguards. We will cover security policies, awareness, administration, models, mechanisms, and architectures; secure application design and assurance; backup, recovery, fault tolerance, and business continuity planning; user authentication; cryptography; network concepts and security; and much more. 
 
To ensure that you gain proper familiarity with industry best practices, legislation, and professional standards for information security, key references and yardsticks for the material you will learn include but are not limited to: ISO-27001/27002, Common Body of Knowledge (CBK), Payment Card Industry Data Security Standard (PCI DSS), Common Criteria, Information Technology Infrastructure Library (ITIL), and a wide array of IT and security-related publications from the Internet Engineering Task Force (IETF), Institute of Electrical and Electronics Engineers (IEEE), Federal Financial Institutions Examination Council (FFIEC), US National Institute of Standards and Technology (NIST), Defense Information Systems Agency (DISA), US National Security Agency (NSA), and leading IT suppliers. 
 
To reinforce what you learn in the course and to aid anyone preparing for prominent information security certification examinations, you will be provided with unit and course review exercises. Come prepared for five days of intensive learning and return to your office with the foundation of knowledge and know-how needed to guide your organization as it develops or revises its information security program. 

 
Prerequisite: IT Auditing and Controls (ITG101), IT Audit School (ITG121), or equivalent experience. 
Advance Preparation: None
Learning Level: Intermediate

Delivery Method: Group-Live
Field: Specialized Knowledge and Application 


 

"Great overview of Info Sec concepts and initial prep for CISSP"
- Senior Auditor, Salesforce.com

This class will help information security practitioners prepare for the CISSP CBK exam, CISM, CISA, or other formal exams in information security or IT controls. It is also relevant for audit staff who validate and verify core IT systems and risk-related personnel who rely on IT for maintaining corporate and customer systems. 

In this intense, information-packed five-day seminar, attendees will learn aspects of the ISC2 Common Body of Knowledge (CBK) in conjunction with evaluating methods and tools required for essential elements needed to construct or audit a comprehensive information security framework. Attendees will gain a business-oriented, architectural perspective that defines how to organize and oversee a risk-based enterprise information security program, blending both theories and best management practices with key physical and information technology safeguards. To ensure attendees gain proper familiarity with industry leading practices, legislation and professional standards for information security, key references and yardsticks will be provided, including: (ISC)²2 Common Body of Knowledge (CBK), ISO-27001/27002, Payment Card Industry Data Security Standard (PCI DSS), Common Criteria, Information Technology Infrastructure Library (ITIL) and a wide array of IT and security-related publications from the Internet Engineering Task Force (IETF), Institute of Electrical and Electronics Engineers (IEEE), Federal Financial Institutions Examination Council (FFIEC), US National Institute of Standards and Technology (NIST), Defense Information Systems Agency (DISA), US National Security Agency (NSA) and leading IT suppliers. 

To reinforce what you learn in the course and to aid anyone preparing for prominent information security certification examinations, attendees will be provided with unit and course review exercises. Come prepared for five days of intensive learning and return to your office with the foundation of knowledge and know-how needed to take the CISSP exam (or similar), but even more importantly, to help guide your organization as it develops or revises its information security program.

The MISTI instructors for this class have worked closely with one or more of the information security certification organizations (such as (ISC)²).


Prerequisite: IT Auditing and Controls (ITG101)​IT Audit School (ITG121)​ or equivalent experience
Advance Preparation: None
Learning Level: Intermediate
Field: Specialized Knowledge and Application



Agenda


What You Will Learn:

1. Information Security Concepts and Management Practices
• fundamental principles of information security
• making the business case for information security
• information security management objectives
• risk analysis: threats, vulnerabilities, risks, and countermeasures
• policies, standards, procedures, and guidelines
• information classification
• security awareness

2. Laws and Standards Affecting Information Security and IT Audit
• computer crimes, investigations, evidence, forensics
• laws, directives and regulations
- types of laws
- privacy issues and legislation
- intellectual property, copyright laws and software piracy
- European Union Data Protection Act
- prominent US and international laws
• information security and auditing standards

3. Security Models, Mechanisms and Architectures
• enterprise information security architecture
• computer architectures
• operating system security
• virtualization: operational and security considerations
• security models
• access control models, techniques and technologies, and methods
• open and closed systems
• security design standards and criteria: “Rainbow Series”, ITSEC, Common Criteria
• certification and accreditation

4. Network Concepts 
• defining a 3-layer simplified network protocol model
• Open Systems Interconnection (OSI) model
• Transmission Control Protocol/Internet Protocol (TCP/IP): IPv4, IPv6
• network addresses and applications
• LAN and WAN technologies, topologies and protocols
• wiring: copper, fiber optics
• wireless networks technologies, protocols and security
• voice over IP (VoIP)
• network interconnection devices: functionality, risks and safeguards
• directory services: LDAP, DNS
• network management tools: packet sniffers, SNMP, network utility and diagnostic software

5. Cryptography
• demystifying the language of cryptography
• key management: asymmetric, symmetric
• encryption algorithms and hashing functions
• digital signatures
• Certificate Authorities (CAs) and Public Key Infrastructure (PKI)
• applications of cryptography
• cryptography vs. steganography

6. User Authentication
• authentication mechanism: passwords, tokens, smart cards, biometrics
• point-to-point protocol (PPP) authentication: PAP, CHAP
• extensible authentication protocol: EAP
• enterprise authentication systems: RADIUS, TACACS+, Diameter
• single/reduced sign-on (SSO): Kerberos, Web-based SSO

7. Network Security
• network security vulnerabilities, threats, risks and countermeasures
• hacker probing and attack techniques
• firewalls and proxy servers
• intrusion detection/prevention systems
• VPNs and related Internet security protocols: SSL/TLS, IPSec, SSH
• network discovery, vulnerability and penetration testing

8. Business Application and Development Security
• system development life cycle methodologies
• configuration management and change control
• application development tools and methodologies
• client server and middleware security
• data types and structures
• database management systems
• Web application security architecture: control points, attacks and defenses
• mobile code security risks: Java, ActiveX, JavaScript, VBScript
• malicious software and hacker attacks

9. Physical, Human Resources and Environmental Security
• computing center location, construction and management
• physical security threats, vulnerabilities, risks and countermeasures
• perimeter security, boundary protection and facilities access controls
• electrical, temperature, water, and other environmental controls
• fire detection, prevention and suppression
• information storage media protection, sanitization and disposal
• emergency procedures
• human resources security: hiring practices, badges, terminations and transfers

10. Availability, Backup, Recovery and Business Continuity Planning
• business continuity planning requirements
• business impact analysis
• redundancy and fault tolerance
• backup procedures: on-site and offsite
• backup resources: processing sites, storage, offices, utilities, equipment and supplies
• recovery testing procedures
• emergency response procedures

11. Wrap-up Discussion


Event Categories
Keywords: fun, administration , architecture , architectures, business , class , design , Engineering , Financial , framework




Comments








Events Calendar

SunMonTueWedThuFriSat
26 27 28 29 30 31 1
2 3 4 5 6 7 8
9 10 11 12 13 14 15
16 17 18 19 20 21 22
23 24 25 26 27 28 29
30 1 2 3 4 5 6

Tag Cloud

Event Location

Newsletters

Subscribe
VIP Life Time Subscription to our Newsletters!
$399.99
$299.99