Building Blocks Technologies

Training Services
Course Develsopment Services
Training Instruction Services Consulting Services

Services

Technology Training: Security: Operations Security & Security Management Practices

Course Objectives:

Upon completion of this course students will be able to:

  • Describe resources and privileges that require protection
  • Identify control mechanisms and access restriction
  • Define potential for abuse and principles of secure practice
  • Describe the planning, organisation and roles of individuals in identifying and securing an organizations information assets
  • Design employment agreements, hiring and termination practices
  • Explain the development of security policies, guidelines, standards and procedures
  • Maximize risk management practices and identify tools to rate and reduce the risk to specific resources

Course Type:

The course is taught in class with an instructor.

Prerequisite:

A general understanding of network operations or the Networking: Foundations course is recommended.

Audience:

Individuals that need to understand network security concepts related to day-to-day operations and those that need to understand security management concepts. Specifically; Operations Staff/Management, Network Administrators, Network Consultants, Security Planners, Security Administrators, Security Consultants, Human Resources & People Management, should attend this course

Course Description:

This course introduces the student to the controls over hardware, media and operations staff with access to privileged information or systems. Audit and monitoring mechanisms, tools and facilities will be discussed. This course also introduces identification of information assets and the development of documentation, implementation of policies, standards, procedures and guidelines to ensure confidentiality, integrity and availability. Data classification, risk assessment and risk analysis are also introduced

Course length

1 Day

Course Outline

Administrative Management

  • Role Specification
  • Background Checking
  • Separation of Duties
  • Least Privilege
  • Job Rotation
  • Vacations and Termination

Operational Concepts

  • Anti-Virus
  • Back-up
  • Due Care vs. Due Diligence
  • Data Sensitivity

Control Types and Operations

  • Directive, Preventative, Detective, Corrective and Recovery Controls
  • Privileged, Hardware, Media and Administrative Controls
  • Change Control Management
  • Trusted Recovery Process

Resource Protection

  • Communications Hardware and Software
  • Application Program and Source Code
  • OS and System Utilities
  • Directories and Address Tables

Auditing and Audit Trails

  • Accountability
  • Reconstruction of Events
  • Problem Identification and Resolution
  • Reporting Concepts and Mechanisms
  • Audit Logging
  • Protection

Monitoring Tools and Techniques

  • Event, Hardware and Software
  • Warning Banners
  • Traffic and Trend Analysis
  • Problem Identification and Resolution
  • Reporting Concepts and Mechanisms

Intrusion Detection

  • Prevention, Detection and Response
  • Pattern Recognition
  • Anomaly Identification
  • Signature identification

Penetration Testing

  • War Dialling
  • Sniffing
  • Eavesdropping
  • Radiation Monitoring
  • Dumpster Diving
  • Social Engineering

Inappropriate Activities

  • Fraud
  • Collusion
  • Sexual Harassment
  • Pornography
  • Waste
  • Abuse
  • Theft

Threats and Countermeasures

  • Errors and Omissions
  • Fraud and Theft
  • Employee Sabotage
  • Support Loss
  • Malicious Activity

Security Management Concept's and Principles

  • Privacy
  • Confidentiality
  • Integrity
  • Availability
  • Authorization
  • Identification and Authentication
  • Accountability
  • Non-repudiation
  • Documentation
  • Audit

Protection Mechanisms

  • Layering
  • Abstraction
  • Data Hiding
  • Encryption

Change Control and Management

  • Hardware Configuration
  • System and Application Software
  • Change Control Process

Data Classification

  • Classification Scheme
  • Classification Criteria
  • Commercial Data Classification
  • Government Data Classification

Employment Policies and Practices

  • Background Checks and Security Clearances
  • Employment Agreements
  • Hiring and termination Practices
  • Job Descriptions
  • Roles and Responsibilities
  • Separation of Duties
  • Job Rotations

Policies, Standards, Guidelines and Procedures

  • Risk Management
  • Threats and Vulnerabilities
  • Probability Determination
  • Asset Evaluation
  • Risk Assessment Tools and Techniques
  • Annual Loss Expectancy
  • Countermeasures
  • Risk Reduction, Assignment and Acceptance

Roles and Responsibilities

  • Management
  • Owner, Custodian and Users
  • IS/IT Function
  • Security Awareness Training
  • Security Management Planning