Day 1
Module
1
Human Factors of Security
The human factors that make implementing
security difficult; Primary personality types
encountered and their motivations for (or
against) security initiatives; how social awareness can help
corporate security efforts succeed.
Module
2
Objectives of Security
The Active Defense approach to security;
“Defense in Depth” model; Interaction between
written and electronic policy; Layered approach to security
including Perimeter Security, Network Security, Host Based
Security, and Human Awareness.
Module
3
What The Hackers
Know
Information on some of the quick and easy tools available
for finding information that can be used in a more coordinated
attack by hackers; Some common tools that identify network
assets; How to show both technical and business managers the
amount of information that is exposed via the network
Module
4
Enemies and Their Motivation
The most common hacker personality types; The reasons they
participate in these activities; Common targets for these
individuals
Module
5
Objectives of Risk Management
Identifying specific areas where safeguards are needed to
prevent deliberate or inadvertent unauthorized disclosure,
modification, or nauthorized
use of information, and denial of service
|
Day 2
Module
6
Defining Security Policy
Developing computer security policies and procedures for Corporations
that have systems connected to the Internet. Provide practical
guidance to administrators trying to secure their information
and services.
Module
7
Developing Electronic Policy
Security tools by and large require that you create electronic
policies from the written security policy in order to enforce
compliance on the network we examine e-policies, often referred
to as electronic or enforceable policies, and how they are
used.
Module
8
Justifying the Cost of Security
A business case is made for Return of Security Investment
by showing some areas where security saves money on labor
and other items.
Module
9
Incident Investigation Methods
Incident investigation: the process, tools, and methods
- Avoiding “contaminating”
evidence
- Definitions of common response
terms
- Identification of business and
legal
considerations
- Understanding of the time sensitivity
of
response
Module
10
Security Planning for Electronic Business
Overview of the considerations necessary to securely and successfully
implement electronic business over the Internet. Identifying
the business structure required for conducting electronic
business, identifying and minimizing the threats to electronic
commerce, including threats that may involve electronic commerce
‘partners.’ |
