Fundamentals of Information Security
The “Fundamentals of Information Security” course is a crash course that provides a real-world-focused introduction into the fundamentals of information security. In this course, students will gain a working understanding of the ten core domains found in the security Common Body of Knowledge, with a focus on seeing how their job relates to the larger concerns of security, how IT audit plays a key role in security assurance, and how these principles can have an immediate impact in the workplace. This is not a CISSP® exam prep course, but a higher level overview that introduces students to how these knowledge areas apply to the student’s industry and their roles and responsibilities within their company.
Location: For details about the location of training and for a link to make hotel reservations under the group discount, please refer to a scheduled course link shown below.
Course Style: Course Style: 3 days - Instructor-led classroom. This is an intensive, three-day course that earns 21 CPEs based on the standard 50-minute hour calculation used by many professional organizations.
Audience: This course is designed for anyone who wants to increase their exposure and understanding of security. Typical attendees include, but are not limited to, technology, physical security, or access control administrators who may have exposure to one or more of the security domains but want a broader understanding of the security Common Body of Knowledge and the security industry as a whole.
Prerequisites: There are no prerequisites for this course, although having experience in at least 1 of the 10 domains of the Security Common Body of Knowledge is helpful.
Course Content: The following topics reflect the outline and description of the course content:
- Introduction – What is security? We will define security, go over what a security program might look like, and give introduction to 10 domains that follow. This sets the stage for the other sections, such as: Policy, Awareness, Access Controls, Assessment, Assurance, and Response.
- Domain 1 – Information Security and Risk Management – An introduction to risk management, and information security policies, procedures, guidelines and standards including: Core Security Principles, Security Awareness, Risk Assessment, Data Classification & Handling.
- Domain 2 – Access Control – An introduction to concepts and methodologies involved in granting and restricting access to resources including: Access Control Categories and Types, Access Control Threats, Access to Systems, Access to Data, etc.
- Domain 3 – Cryptography – A high level introduction to encryption. Encrypting data can be used to ensure authenticity, integrity, confidentiality, and non-repudiation. Topics include: Key Concepts, Definitions, and examples of uses.
- Domain 4 – Physical Security – An introduction to the threats, vulnerabilities and countermeasures involved in physically protecting an organization’s assets.
- Domain 5 – Security Architecture and Design – A high level introduction to the concepts, principles, structures and standards of security architecture and computing systems.
- Domain 6 – Business Continuity and Disaster Recover Planning – An introduction to principles of responding and recovering from disasters including: Organization Continuity, Threat Assessment, Risk Assessment, Business Impact Analysis, Plan Development and Implementation.
- Domain 7 – Telecommunications and Network Security – An introduction to the concepts of network security and designs for building security into data and voice infrastructures.
- Domain 8 – Application Security – A high level introduction to software development concepts and lifecycles including: Development and Programming Concepts, Audit and Assurance Mechanisms, Malicious Software (Malware), Database and Web Application Environment.
- Domain 9 – Operations Security – An introduction to concepts for management of hardware, media and operators of these resources including: Resource Protection, Continuity of Operations, Change Control Management.
- Domain 10 – Legal, Regulations, Compliance and Investigations – An introduction to the laws, regulations and legal systems surrounding information security including: Laws, Regulations, Incident Response, and Computer Forensics.
- Audit & You – The Role of IT Audit - An introduction to the interrelation between security and audit. This section is meant to give the students an understanding of how their day to day functions are critical from a security standpoint but also from an audit standpoint.
- Putting it All Together – Wrap up that ties all the components together. Meant to help the student see how the world of security is interrelated and how they fit into that relationship.
Materials Provided: The following materials are included as part of the course price:
- Hard copy of slide-deck with notes
- Recommended Resource List for Further Reading