NORTH AMERICA EMEA ASIA
All programs BankAudit 2013 InfoSec World Conference & Expo 2013 SuperStrategies Conference & Expo 2013 The Conference on Big Data Security
All programs The Audit Directors & Managers Symposium The MIS Audit Leadership Institute The MIS CAE Master's Program
ABOUT MIS INTERNAL AUDIT IT AUDIT INFO SECURITY IN-HOUSE TRAINING  
 
     Conferences            >      Seminars            >      Symposia            >      Webinars      Online Self Study      Training Weeks      In-House Training      Certificate Programs>      Exhibiting Info      Ways to Save      Request Info      Event Downloads      White Papers      Call for Instructors      Contact MIS      Site Map
Internal Audit IT Audit Info Security
Internal Audit IT Audit Info Security
Information Security Boot Camp - ISG291 
A Five-Day Study Guide to Information Security Programs and Auditing
Learning Level: Intermediate
CPEs: 40 Fee: $2,895.00
Focus and Features Who Should Attend Agenda Register
Agenda

What You Will Learn
1. Information Security Concepts and Management Practices
- fundamental principles of information security
- making the business case for information security
- information security management objectives
- risk analysis: threats, vulnerabilities, risks, and countermeasures
- policies, standards, procedures, and guidelines
- information classification
- security awareness

2. Laws and Standards Affecting Information Security and IT Audit
- computer crimes, investigations, evidence, forensics
- laws, directives, and regulations
-- types of laws
-- privacy issues and legislation
-- intellectual property, copyright laws, and software piracy
-- European Union Data Protection Act
-- prominent US and international laws
- information security and auditing standards

3. Security Models, Mechanisms, and Architectures
- enterprise information security architecture
- computer architectures
- operating system security
- virtualization: operational and security considerations
- security models
- access control models, techniques and technologies, and methods
- open and closed systems
- security design standards and criteria: “Rainbow Series”, ITSEC, Common Criteria
- certification and accreditation

4. Network Concepts
- defining a 3-layer simplified network protocol model
- Open Systems Interconnection (OSI) model
- Transmission Control Protocol/Internet Protocol (TCP/IP): IPv4, IPv6 
- network addresses and applications
- LAN and WAN technologies, topologies and protocols
- wiring: copper, fiber optics
- wireless networks technologies, protocols, and security
- voice over IP (VoIP)
- network interconnection devices: functionality, risks, and safeguards
- directory services: LDAP, DNS
- network management tools: packet sniffers, SNMP, network utility and diagnostic software

5. Cryptography
- demystifying the language of cryptography
- key management: asymmetric, symmetric
- encryption algorithms and hashing functions
- digital signatures
- Certificate Authorities (CAs) and Public Key Infrastructure (PKI)
- applications of cryptography
- cryptography vs. steganography

6. User Authentication
- authentication mechanism: passwords, tokens, smart cards, biometrics
- point-to-point protocol (PPP) authentication: PAP, CHAP
- extensible authentication protocol: EAP
- enterprise authentication systems: RADIUS, TACACS+, Diameter
- single/reduced sign-on (SSO): Kerberos, Web-based SSO

7. Network Security
- network security vulnerabilities, threats, risks, and countermeasures
- hacker probing and attack techniques
- firewalls and proxy servers
- intrusion detection/prevention systems
- VPNs and related Internet security protocols: SSL/TLS, IPSec, SSH
- network discovery, vulnerability and penetration testing

8. Business Application and Development Security
- system development life cycle methodologies
- configuration management and change control
- application development tools and methodologies
- client server and middleware security
- data types and structures
- database management systems
- Web application security architecture: control points, attacks, and defenses
- mobile code security risks: Java, ActiveX, JavaScript, VBScript
- malicious software and hacker attacks

9. Physical, Human Resources, and Environmental Security
- computing center location, construction, and management
- physical security threats, vulnerabilities, risks, and countermeasures
- perimeter security, boundary protection, and facilities access controls
- electrical, temperature, water, and other environmental controls
- fire detection, prevention, and suppression
- information storage media protection, sanitization, and disposal
- emergency procedures
- human resources security: hiring practices, badges, terminations and transfers

10. Availability, Backup, Recovery, and Business Continuity Planning
- business continuity planning requirements
- business impact analysis
- redundancy and fault tolerance
- backup procedures: on-site and offsite
- backup resources: processing sites, storage, offices, utilities, equipment and supplies
- recovery testing procedures
- emergency response procedures

11. Wrap-up Discussion

 

 

 

 
REGISTRATION QUESTIONS?
For questions about your registration, government and team discounts, or multiple registrations, please call Linda Ronconi at (508) 879-7999, ext. 501 or e-mail mis@misti.com.

IN-HOUSE SEMINARS
This seminar is available in-house. For more information about bringing this or other MIS seminars to your organization, please call Mimi Hatch at (410) 692-2465 or e-mail mhatch@misti.com.

 


Dates/Locations
March 18 - 22, 2013
Chicago
July 22 - 26, 2013
Boston
October 21 - 25, 2013
New York