0345 4506120

Cyber Security: Accessibility and Quality

Help your organization produce a comprehensive security posture by developing generally accepted practices. In this training course, you learn how perform security breaches with techniques from the FISMA Risk Management Framework, utilize protocol analyzers to track live attacks, analyze the effectiveness of security controls, and recommend improvements to block attacks.

Learning Objectives

You Will Learn How To

  • Protect assets by selecting and managing effective security controls
  • Evaluate the thoroughness and quality of security controls
  • Do more than just "security theater"
  • Provide and monitor a comprehensive, strong defence
  • Integrate accessibility into services and environments

Pre-Requisites

Recommended Experience:

  • Previous experience in networking and TCP/IP protocol stack
  • Technical background in networking and security terms

Course Content

Course Outline

Introduction

  • Applying defence in depth: tools, techniques and people
  • Comprehending FISMA and OMB oversight
  • Assimilating Risk Management Framework Security Life Cycle

Risk Management Framework

Multi-tiered risk management

  • Organisation: Strategic risk management
  • Mission/Business: Tactical approach to risk
  • Information Systems

Defining roles and responsibilities

  • Distinguishing hierarchy and key roles of risk management
  • Defining responsibilities assigned to specific roles
  • Separating roles and areas of responsibility

Phases of risk management

  • Categorising information systems
  • Selecting security controls
  • Implementing security controls
  • Assessing security controls
  • Authorising information systems
  • Monitoring security controls

Information Assurance

Introducing information assurance

  • Assuring security throughout the data life cycle
  • Integrating information assurance into software development
  • Building in "secure by design"
  • Implementing information assurance best practices
  • Ensuring component security

Penetration testing and vulnerability assessments

  • Validating security functions and configuration
  • Finding weaknesses within systems before the attacker does

Keeping current with information assurance

  • Full disclosure vs. responsible disclosure
  • Exploring vulnerability databases

Information Systems and Network Security

Modularisation (the OSI 7 Layer Model)

  • Networking principles powering the Internet
  • Modelling a packet

Confidentiality, integrity and availability across the network

  • Encrypting for confidentiality
  • Sniffing the network and protocol analysis
  • Modifying data via man-in-the-middle attacks

Networking services and security

  • Poisoning the DNS cache
  • Incorporating core services including DHCP, ICMP, and ARP
  • Hardening the TCP/IP stack

Authentication and Access Control

Authenticating users

  • Managing factors of authentication (something you know, have or are)
  • Attacking passwords
  • Comprehending PKI and public key authentication systems
  • Evaluating the suitability of biometrics
  • Integrating multi-factor authentication

Authenticating hosts

  • Incorporating ARP, DHCP, DNS and protocol insecurities
  • Performing and detecting MAC and IP address spoofing
  • Achieving strong host authentication
  • Analysing Kerberos and IPSec

Cryptography

Encrypting and exercising integrity functions

  • Capitalising on asymmetric or Public Key cryptography
  • Applying symmetric cryptography
  • Exercising message digest functions for integrity

Certificates and Certification Authorities

  • Clarifying PKI and certificate fields
  • Publishing certificate revocation and certificate security

Digital signatures

  • Digitally signing for strong authentication
  • Proving authentication, integrity and non-repudiation

Accessibility

  • Promoting open data policies
  • Removing barriers to enhance accessibility for people
  • Enabling IT accessibility

Exams & Certification

This course is approved by CompTIA for continuing education units (CEUs).

Privacy Notice

In order to provide you with the service requested we will need to retain and use your contact information in accordance with our Privacy Notice. If you choose to provide us with this information you explicitly consent to us using the information as necessary to provide the request service to you. If you do not agree please do not proceed to request the service from us.

Marketing Permissions

Would you like to receive our newsletter and other information on products and services which we think will be of interest to you by email. We will always treat your information with care and in accordance with our Privacy Notice. You are free to withdraw this permission at any time.

 

Online Courses

You may prefer an online course if you are looking for a flexible and cost-effective solution. Online courses allow you to study at your own pace, at a time that suits you.

We have the following eLearning options available:

Virtual Classroom

Virtual classrooms provide all the benefits of attending a classroom course without the need to arrange travel and accomodation. Please note that virtual courses are attended in real-time, commencing on a specified date.

Virtual Course Dates

Our Customers Include