Information Security Awareness Training

1 Day Workshop

INTRODUCTION:

The goals of this one-day workshop are to inform participants of the information security risks present in every organization today and to explain the regulatory and technology requirements to bring order and compliance from all the security noise and chaos. Awareness of the risks and available safeguards is the first line of defense for the security of information systems and networks.

The methods that will most effectively minimize the ability of intruders to compromise information security are comprehensive user training and education.” Kevin Mitnick, security consultant, author and hacker.

Recent high profile security events have highlighted that a considerable number of end-users are unaware of their organization’s exposure to security risks. With the rising level of security breaches, it is more critical than ever that organizations raise security awareness by turning users into their first line of defense.

Organizations in both the private sector and government need to comply with standards and regulations in order to operate in a safe and secure manner to protect their information and/or the information of their clients, customers or constituents. Failure to comply can result on expensive lawsuits or embarrassing security incidents.

Information security awareness training is intended simply to focus attention on security. Awareness training provides individuals with the ability to recognize IT security risks and respond accordingly.

INTENDED AUDIENCE:

This information security awareness workshop is intended for people in senior management, IT management, and IT operations management. Organizations whose management teams and staff are well informed and aware of information security risks and best practices will significantly improve their information security program’s effectiveness.

BENEFITS:

  • Establishes a standard of best practices to promote in the organization
  • Offers a solutions-orientation, not specialization, based on the broader understanding of the information security proces
  • Makes personnel aware of important security information resources readily available
  • Provides a business and technology orientation to risk management

COURSE OUTLINE:

  • Information Security Today
    • The Threat Landscape
    • CIA Triad
    • Authentication and Authorization
    • Access Control
  • Information Security Governance & Risk Management
    • Legal, Regulations & Compliance
    • What do FISMA, HIPAA, NIST, and PCI DSS have to do with security?
    • Security Costs
    • Managing Security
  • Sample Methods of Attack
    • Social Engineering
    • Table Poising – DNS
    • Buffer Overflows
    • Cross Site Scripting
    • Malware
    • Viruses and Worms
    • Advanced Persistent Threats
    • Man-in-the-Middle
    • Spoofing
  • Network Security
    • Firewalls
    • Intrusion Prevention
    • Network Access Control
    • Device Management
  • End-Point Security
  • Cryptography
  • Security Consideration in Cloud Computing
  • Incidents
    • Response Team & Resources
    • Investigations
    • Business Continuity & Backups
  • Software Development Security
    • Testing & Quality Assurance
    • Outsourcing & Legal Protection
    • Databases
    • Web Site Security
  • Continuous Monitoring
    • Discovery Assessments
    • Vulnerability Assessments
    • Penetration Testing
    • Logging and Monitoring

COURSE PREREQUISITE:

None.