Free Webinar: ForgeRock Launches On Demand Training

closeClose

Practical Information Security Boot Camp

  • Tuition USD $2,195
  • Reviews star_rate star_rate star_rate star_rate star_half 853 Ratings
  • Course Code SECURITYBC
  • Duration 4 days
  • Available Formats Classroom, Virtual

This four-day information security training course teaches security professionals how to identify business requirements and turn those requirements into a highly functional, cost-effective information security management system. Led by an expert instructor, you will dive into the intricacies of managed security solutions. Examination of actual security incidents and real-word scenarios are used to understand how to apply those solutions and how to discover shortcomings within existing solutions. One of the greatest weaknesses many organizations have is their inability to identify and respond to security incidents. While learning how to avoid incidents, we will teach you how effective monitoring tools are used in concert with pre-planned security response solutions. Learn to trigger actions that minimize both immediate and long-term impacts of any security incident. Designed to teach security experts the business processes required to effectively govern a corporate security program, this course also teaches managers how to use information gathered through security technology tools such as an IPS, Firewall, or SIEM, to develop appropriate and timely responses to a security breach.

Skills Gained

  • Learn how to Identify and create Business Security Objectives
  • Integrate effective Security Governance in your organization
  • Examine and plan for regulatory compliance in 2015 and beyond and relate compliance requirements to your own business security objectives
  • Pinpoint and compare security performance metrics and tie them to security deficiencies and solutions
  • Learn to spot a CWE/SANS "Top 25" software security vulnerability in your company
  • Perform real-world Quantitative and Qualitative Risk Analysis and understand levels of acceptable risk within a corporation
  • Leverage and integrate different security control categories and types
  • Learn to define and manage Change and Configuration Management
  • Create an agile, effective incident response process for your own organization
  • Integrate practical Security Planning in your own organization

Who Can Benefit

  • IT Manager, Directors & Staff
  • Development Leads
  • Security Managers
  • System Administrators
  • Network Designers
  • Help Desk Professionals
  • Security Administrators
  • Any Security Staff
  • Business Analysts
  • Business Systems Analyst
  • Project Managers
  • Systems Architects/Designers
  • Systems or Application Developers
  • Systems Analysts or Testers
  • Managers & Team Leaders

Course Details

1. Introduction to Security Management

What is security? How do you achieve it? Is security defined by compliance with PCI, SOX, HIPAA, etc.? Is it possible to be "compliant" yet still vulnerable to attack? This introduction covers what it means to create a truly secure environment. Security is more than just compliance. We constantly hear about compliant companies getting hacked. You will learn to approach security through the lens of "Availability, Integrity, and Confidentiality." Companies are often confused by how to manage diverse mandatory regulations and the plethora of security frameworks available. We'll examine popular security frameworks and how they relate to both real world business requirements and regulatory compliance. You will learn how to discover business requirements and turn those into usable security objectives.

  • Compliance vs. Security – Why do compliant companies get hacked?
  • What is security – Availability, Integrity, Confidentiality
  • PCI DSS
  • HIPAA
  • SANS Critical Security Controls (CSC)
  • Security architectures
  • Security Frameworks
  • In-class discussion

2. Case Studies – Real-World Expert Analysis

Throughout the course, you will examine real-world case studies of companies who were compliant but not secure. You will learn from the mistakes made in the past in order to improve their security.

  • Target - What happened?
  • Neiman Marcus - What happened?
  • P.F. Chang's - What happened?
  • Experian - What happened?
  • Diginotar - What happened?

3. Business Needs Assessment & Implementing Security into Business Processes

You must tune security practices to meet the needs of the business. There are many things organizations have in common, such as Firewall protection or protecting yourself from malicious software. However, there are many more considerations when designing protection. Assessing the business and its needs allows a security analyst/architect to uncover these needs and address them properly.

  • What are the critical functional requirements for the business?
  • What are the critical security requirements for those functions
  • What problems do they create?
  • Risk Assessment – What is it worth? Should I fix it?
  • Technical, Physical, Administrative
  • Accept, Transfer, Mitigate (Reduce), Avoid
  • Capital Planning

4. Policy and Supporting Documents

After the specific needs of a business are uncovered it is necessary to begin crafting the businesses security posture beginning with the security policy. Your policy will drive all other aspects of security. From here, you will work your way through supporting documents and best practices.

  • Standards
  • Baselines
  • Procedures
  • Guidelines

5. Controls and Configuration

You will take a deep look at common security tools, such as an IDS, IPS, Firewalls and ACLs. More importantly, you will learn the critical security functions provided by these devices, why they are required, data produced by the devices, and how to use the information to protect, identify and respond to constantly changing security threats. Discover how information gathered from these devices can meet the business security objectives uncovered previously in the course.

  • "Now that I have a security architecture, how do I implement it?"
  • Technical
  • Administrative
  • Physical factors

6. Security Monitoring

"Ninety-seven percent of Fortune 500 companies have been hacked, and likely the other 3% have too, they just don't know it," says " says Peter W. Singer of the Brookings Institution. Threats are real, but often go unrecognized. This section teaches you how to reveal threats through monitoring, alerts, and correlation. We will also show you what to continuously monitor vs. what should be recorded for the inevitable post-incident assessment.

  • The importance of continuous monitoring
  • Vulnerability Assessment
  • Penetration Testing
  • SOC
  • Log Review
  • Event Correlation (SEIM)
  • Performance Measurements

7. Incident Response and Recovery

Effective incident response procedures are a requirement for any company who wants to avoid the reputation damage and public humiliation of being latest news story data breach. The difference between heavy damage and millions of dollars in post-incident cleanup versus a sustainable, controlled data breach is proper planning and immediate, methodical eradication of incidents.

  • Developing an IR program
  • Incident handling
  • Analysis and feedback
  • Backups and Restore

8. BCP

It is very important to protect ourselves from threats yet probably just as important, if not more so, is how do we survive outages, continuity problems or worse. Sony's playstation network or RIM's most recent outage are good examples of what we need to protect ourselves from. According to the Federal Emergency Management Agency 40% of businesses do not survive a disaster which could be as small as faulty sprinkler system. It is important to be prepared for interruptions so that a business can survive. In this section we will explore the importance of planning for these outages.

  • Importance of BCP/DRP/Contingency Plans
  • Policy

How do I enroll?

A comprehensive listing of ExitCertified courses can be found here. You can register directly for the required course/location when you select "register". If you have any questions or prefer to speak with an ExitCertified education consultant directly, please submit your query here. A representative will contact you shortly.

How do I pay for a class?

You can pay at the time of registration using credit card (Mastercard/Visa/American Express) cheque or PO.

What if I have training credits?

ExitCertified honors all savings programs from the partners we work with. ExitCertified also offers training credits across multiple partners through our FLEX Account.

When does class start/end?

Classes begin promptly at 9:00 am, and typically end at 5:00 pm.

Does the course schedule include a Lunchbreak?

Lunch is normally an hour long and begins at noon. Coffee, tea, hot chocolate and juice are available all day in the kitchen. Fruit, muffins and bagels are served each morning. There are numerous restaurants near each of our centers, and some popular ones are indicated on the Area Map in the Student Welcome Handbooks - these can be picked up in the lobby or requested from one of our ExitCertified staff.

How can someone reach me during class?

If someone should need to contact you while you are in class, please have them call the center telephone number and leave a message with the receptionist.

What languages are used to deliver training?

Most courses are conducted in English, unless otherwise specified. Some courses will have the word "FRENCH" marked in red beside the scheduled date(s) indicating the language of instruction.

What does GTR stand for?

GTR stands for Guaranteed to Run; if you see a course with this status, it means this event is confirmed to run. View our GTR page to see our full list of Guaranteed to Run courses.

Attended a Power BI class in McLean with this company. The instructor (Mike Staves) was very good and attentive to the groups' learning needs. The facility was very good and the staff was more than accommodating.

Excellent class overall! The Instructor and the course material were the best so far, and I have taken a few AWS classes. I highly recommend it- Architecting on AWS.

Very educational and enjoyable. Format was excellent; recommend to anyone who wants to get serious about learning AWS.

The instructor was proficient in his subject and overall, it was presented well

Very clean, great cafeteria and well sorted, very kind staff. The bathrooms have to be expanded as they might get crowded sometimes

27 options available

undo
  • Oct 26, 2020 Oct 28, 2020 (3 days)
    Location
    Virtual
    Language
    English
    Time
    11:30am 7:30pm EDT
    Enroll
    Enroll
  • Nov 16, 2020 Nov 18, 2020 (3 days)
    Location
    Virtual
    Language
    English
    Time
    10:30am 6:30pm EST
    Enroll
    Enroll
  • Dec 16, 2020 Dec 18, 2020 (3 days)
    Location
    Virtual
    Language
    English
    Time
    10:30am 6:30pm EST
    Enroll
    Enroll
  • Jan 11, 2021 Jan 13, 2021 (3 days)
    Location
    Virtual
    Language
    English
    Time
    8:30 AM 4:30 PM EST
    Enroll
    Enroll
  • Jan 26, 2021 Jan 28, 2021 (3 days)
    Location
    Reston, VA
    Language
    English
    Time
    8:30 AM 4:30 PM
    Enroll
    Enroll
  • Feb 10, 2021 Feb 12, 2021 (3 days)
    Location
    Chicago, IL
    Language
    English
    Time
    8:30 AM 4:30 PM
    Enroll
    Enroll
  • Feb 17, 2021 Feb 19, 2021 (3 days)
    Location
    Virtual
    Language
    English
    Time
    8:30 AM 4:30 PM EST
    Enroll
    Enroll
  • Mar 17, 2021 Mar 19, 2021 (3 days)
    Location
    Cary, NC
    Language
    English
    Time
    8:30 AM 4:30 PM
    Enroll
    Enroll
  • Mar 29, 2021 Mar 31, 2021 (3 days)
    Location
    Virtual
    Language
    English
    Time
    8:30 AM 4:30 PM EDT
    Enroll
    Enroll
  • Apr 12, 2021 Apr 14, 2021 (3 days)
    Location
    Virtual
    Language
    English
    Time
    8:30 AM 4:30 PM EDT
    Enroll
    Enroll
  • Apr 20, 2021 Apr 22, 2021 (3 days)
    Location
    Boston, MA
    Language
    English
    Time
    8:30 AM 4:30 PM
    Enroll
    Enroll
  • May 4, 2021 May 6, 2021 (3 days)
    Location
    Atlanta, GA
    Language
    English
    Time
    8:30 AM 4:30 PM
    Enroll
    Enroll
  • May 18, 2021 May 20, 2021 (3 days)
    Location
    Virtual
    Language
    English
    Time
    8:30 AM 4:30 PM EDT
    Enroll
    Enroll
  • Jun 9, 2021 Jun 11, 2021 (3 days)
    Location
    Virtual
    Language
    English
    Time
    8:30 AM 4:30 PM EDT
    Enroll
    Enroll
  • Jun 22, 2021 Jun 24, 2021 (3 days)
    Location
    San Mateo, CA
    Language
    English
    Time
    8:30 AM 4:30 PM
    Enroll
    Enroll
Contact Us 1-800-803-3948
Contact Us Live Chat
FAQ Get immediate answers to our most frequently asked qestions. View FAQs arrow_forward