Highlights
- Help focus on preparation for CISM Certification
- Protecting your resources using access control methods and cryptography
- Planning a secure environment
- Security objectives
- Compliance requirements and standard
- Operational security best practice
- Business continuity techniques
- Prevention and recovery from attack
Course Details
Security and Risk Management
Aligning security to organisational objectives
Employing fundamental security principles
Managing security policies, standards and procedures
Applying risk management concepts
Assessing threats and vulnerabilities
Performing risk analysis and control
Preserving the business
Adhering to Business Continuity Management Code of Practice and Specifications
Performing a business impact analysis
Investigating legal measures and techniques
Reviewing intellectual property, liability and laws
Differentiating traditional and computer crime
Addressing ethical behaviour and compliance
Security Engineering
Examining security models and frameworks
The Information Security Triad and multi-level models
Investigating industry standards: ISO 27001/27002
Exploring system and component security concepts
System design principles, capabilities, and limitations
Certification and accreditation criteria and models
Protecting information by applying cryptography
Detailing symmetric and asymmetric encryption systems
Ensuring message integrity through hashing
Uncovering threats to cryptographic systems
Safeguarding physical resources
Designing environments to resist hostile acts and threats
Denying unauthorised access
Asset Security
Identifying, categorising and prioritising assets
Applying security controls to assets
Protecting data through proper handling
Communication and Network Security
Defining a secure network architecture
TCP/IP and other protocol models
Protecting from network attacks
Examining secure networks and components
Identifying wired and wireless technologies
Implementing firewalls, proxies and tunnels
Identity and Access Management
Controlling access to protect assets
Defining administrative, technical and physical controls
Implementing centralised and decentralised approaches
Investigating biometric and multi-factor authentication
Identifying common threats
Security Assessment and Testing
Designing and conducting security assessment strategies
Leveraging the role of testing and auditing to analyse the effectiveness of security controls
Differentiating detection and protection systems
Conducting logging and monitoring activities
Distinguishing between the roles of internal and external audits
Defining secure account management
Security Operations
Maintaining operational resilience
Managing security services effectively
Leveraging and supporting investigations and incident response
Differentiating detection and protection systems
Developing a recovery strategy
Designing a disaster recovery plan
Implementing test and maintenance processes
Software Development Security
Securing the software development life cycle
Applying software development methods and security controls
Highlighting threats: Cross-Site Scripting (XSS), JavaScript attacks and Buffer Overflow
Addressing database security concepts and issues
Who should attend
Feedback
4.8 out of 5 average
"Our tailored course provided a well rounded introduction and also covered some intermediate level topics that we needed to know. Clive gave us some best practice ideas and tips to take away. Fast paced but the instructor never lost any of the delegates"
Brian Leek, Data Analyst, May 2022
“JBI did a great job of customizing their syllabus to suit our business needs and also bringing our team up to speed on the current best practices. Our teams varied widely in terms of experience and the Instructor handled this particularly well - very impressive”
Brian F, Team Lead, RBS, Data Analysis Course, 20 April 2022