InfoSec Architecture Course

Overview

This course leads the participants through the various information protection technologies and techniques. This course also provides its participants with the methodology and guidelines to adequately implement security technologies in a variety of information infrastructure topologies. Applying this methodology, results in layers of protection known collectively as the Defense-in-Depth Strategy, which relies on people, operations and technology to accomplish the desired level of protection.

The course is designed according to the SOC (See-Security Official Curriculum). The SOC ensures that every module uses the basic guidelines and building blocks which have been designed by technical specialists in a way to pass the knowledge and experience onto the student in the best and most effective fashion.

Curriculum:

1. Certificate and Security Overview

• Certificate overview
• Information Security Matrix
• Security Overview
• Information Security Risk Management & Prioritize Approach
• Security Plan and Preparation

2. Methods of Information Security
(The Technical Landscape)

• Confidentiality
• Integrity
• Availability
• Authenticity
• Non-Repudiation

3. Threats

• Definition
• Threat Classification
• Threat Model
• Threat agents
• Threat Communities
• Threat Analysis
• Threat Management

4. Vulnerabilities

• DefinitionVulnerabilities
• Classification
• Vulnerabilities Causes
• CVE & CVSS

5. Controls

• Definition
• Preventive
• Detective
• Corrective
• Common Countermeasures

6. Security Processes

• Establishing a process catalog
• Process maturity
• Quality of a process
• Program maturity (as a process)

7. Attack and Defense Techniques

8. Defense in Depth

9. Secured Network Architecture

• Network Secure Design
• Secured Network Components

10. Physical Security

• Standards
• Environmental design
• Mechanical, Electronic and Procedural Access Control
• Intrusion Detection
• Video Monitoring

11. Identity and Access Management

• Access Control
• What is Access control
• Identification and authentication (I&A)
• Authorization and AC Models
• Centralized Access Control Methodologies
• 3 IDM Paradigm
• IAM processIdentity Management Systems
• Data ProtectionIdentity Theft
• Privacy
• Planning & configuring an Authenticating & Authorization Strategy (Lab) 

12. Cryptography

• Introduction to cryptography
• Classic cryptography to Modern Cryptography
• Basics of Modern Cryptography
• Symmetric Key Algorithms
• Block Ciphers Modes of Operation
• Stream ciphers
• Key Management
• Public Key Cryptography
• Message Integrity and Authentication Controls
• Public Key Infrastructure
• Installing Configuring & Maintaining Certification Authorities
• Configuring, Deploying & Maintaining Certificates, EFS

13. Smart Cards/Tokens Security and Applications

• Smart Cards
• Tokens
• Biometric

14. Wireless Security

• Wireless Technologies
• Wireless Encryption Methods
• Vulnerabilities & Countermeasures

15. Mobile Security

• Mobile Device Management (MDM)

16. Social Networks

• Sociology
• Social Network analysis
• Social Network as a Business
• Biology and Social Networks
• Business Information Analysis

17. Software Security

• OWASP
• WASC Application
• Threats and Attacks
• SDLC

18. Database Security

• Access Control
• Auditing
• Authentication
• Encryption
• Integrity Controls
• Database Activity Monitoring (DAM)

19. Cloud Computing Security

• Security & Privacy
• Compliance
• Legal and Contractual Issues

20. Detection and Response

• The Need for Detection Systems
• IDPS Systems Capabilities
• Implementation & Management
• Security Information & Event Management
• Log Retention And Management
• Organizing a SIEM Project

21. Information Warfare

• Tools and Techniques
• Information Operation
• Non-Military