IT security audit
about  |  news  |  services  |  careers  |  contacts  |  clients  |  partners Russian version  |  Site map

Contacts

Belarus: Tel: +(375 17) 2169118
UAE: Tel: +(971 26) 457670
Switzerland: Tel: +(412 27) 432087
E-mail: Send message



Web audit

E-Business Security

Course Description

In this course you will explore the security technique fundamentals involved in minimizing E-Business security risks. This course introduces you to concepts such as securing Web clients, servers, and communications. It also investigates the use of firewalls and digital certificates, and concludes with a look at legal issues including how to respond when security has been breached.

Who Should Attend

Anyone who are interested in learning about security in e-Business framework.

Duration:

3 days

Certification

The e-Business certification exam will be conducted at the last day of the training. Students need to pass the online Prometric exam to receive the CEP certification.

Module 1: Introduction to Information Security

  • Understand what information security is and how it came to mean what it does today.
  • Comprehend the history of computer security and how it evolved into information security.
  • Understand the key terms and critical concepts of information security as presented in the chapter.
  • Outline the phases of the security systems development life cycle.
  • Understand the role professionals involved in information security in an organizational structure.

Module 2: The Need for Security

  • Understand the business need for information security.
  • Understand a successful information security program is the responsibility of an organization’s general management and IT management.
  • Understand the threats posed to information security and the more common attacks associated with those threats.
  • Differentiate threats to information systems from attacks against information systems.

Module 3: Legal, Ethical & Professional Issues in Information Security

  • Use this chapter as a guide for future reference on laws, regulations, and professional organizations.
  • Differentiate between laws and ethics.
  • Identify major national laws that relate to the practice of information security.
  • Understand the role of culture as it applies to ethics in information security.

Module 4: Risk Management: Identifying and Assessing Risk

  • Define risk management and its role in the SecSDLC
  • Understand how risk is identified
  • Assess risk based on the likelihood of occurrence and impact on an organization
  • Grasp the fundamental aspects of documenting risk identification and assessment

Module 5: Risk Management: Assessing and Controlling Risk

  • Recognize why risk control is needed in today’s organizations
  • Know the risk mitigation strategy options for controlling risks
  • Identify the categories that can be used to classify controls
  • Be aware of the conceptual frameworks that exist for evaluating risk controls, and be able to formulate a cost benefit analysis when required
  • Understand how to maintain and perpetuate risk controls

Module 6: Blueprint for Security

  • Understand management’s responsibilities and role in the development, maintenance, and enforcement of information security policy, standards, practices, procedures, and guidelines
  • Understand the differences between the organization’s general information security policy and the requirements and objectives of the various issue-specific and system-specific policies.
  • Know what an information security blueprint is and what its major components are.
  • Understand how an organization institutionalizes its policies, standards, and practices using education, training, and awareness programs.
  • Become familiar with what viable information security architecture is, what it includes, and how it is used.

Module 7: Planning for Continuity

  • Know what contingency planning is and how incident response planning, disaster recovery planning, and business continuity plans are related to contingency planning.
  • Understand the elements that comprise a business impact analysis and the information that is collected for the attack profile.
  • Recognize the components of an incident response plan.

Module 8: Security Technology

  • Define and identify the various types of firewalls.
  • Discuss the approaches to firewall implementation.
  • Discuss the approaches to dial-up access and protection.
  • Identify and describe the two categories of intrusion detection systems.
  • Discuss the two strategies behind intrusion detection systems.

Module 9: Physical Security

  • Understand the conceptual need for physical security.
  • Identify threats to information security that are unique to physical security.
  • Describe the key physical security considerations for selecting a facility site.
  • Identify physical security monitoring components.
  • Grasp the essential elements of access control within the scope of facilities management.
  • Understand the criticality of fire safety programs to all physical security programs.

Module 10: Implementing Security

  • Understand how the organization’s security blueprint becomes a project plan.
  • Understand the numerous organizational considerations that must be addressed by the project plan.
  • Grasp the significant role and importance of the project manager in the success of an information security project.
  • Understand the need for professional project management for complex projects.
  • Take in the technical strategies and models for implementing the project plan.
  • Grasp the nontechnical problems that organizations face in times of rapid change.

Module 11: Information Security Maintenance

  • Understand the need for the ongoing maintenance of the information security program.
  • Become familiar with recommended security management models.
  • Understand a model for a full maintenance program.
  • Understand key factors for monitoring the external and internal environment.
  • Learn how planning and risk assessment tie into information security maintenance.
  • Understand how vulnerability assessment and remediation tie into information security maintenance.
  • Learn how to build readiness and review procedures into information security maintenance.

Module 12: Security and Personnel

  • Understand where and how the information security function is positioned within organizations.
  • Understand the issues and concerns about staffing the information security function.
  • Know about the credentials that professionals in the information security field can acquire.
  • Recognize how an organization’s employment policies and practices can support the information security effort.
  • Understand the special security precautions necessary for nonemployees.
  • Recognize the need for the separation of duties.
  • Understand the special requirements needed for the privacy of personnel data.






Education Affiliate Provider

© 2006-2008 JLLC Belsec - IT-Security audit