Detailed Course Outline
Module 1. Security and Risk Management
Aligning security and risk to organisational objectives
- Evaluate and apply security governance principles
- Implement policies, standards and procedures
- Applying compliance
Applying risk management concepts
- Assessing threats and vulnerabilities
- Performing risk analysis and control
- Defining qualitative and quantitative analysis
Preserving the business
- Adhering to Business Continuity Management Code of Practise and Specifications
- Performing a business impact analysis
Investigating legal measures and techniques
- Reviewing intellectual property, liability and law, and compliance
- Differentiating traditional computer crime
- Establish information and asset handling requirements
Module 2. Asset Security
Examining security models and frameworks
- The Information Security Triad and multi-level models
- Investigating industry standards: ISO 27001/27002
- Evaluating security model fundamental concepts
Exploring system and component security concepts
- Certification and accreditation criteria and models
- Reviewing mobile system/cloud/IoT vulnerabilities
Protecting information by applying cryptography
- Detailing symmetric and asymmetric encryption systems
- Ensuring message integrity through hashing
- Uncovering threats to cryptographic systems
Safeguarding physical resources
- Designing environments to resist hostile acts and threats
- Designing environments to resist hostile acts and threats
Module 3. Communication & Network Security
Defining a secure network architecture
- TCP/IP and other protocol models
- Protecting from network attacks
- Reviewing secure network components and communication channels
Examining secure networks and components
- Identifying wired and wireless technologies
- Implementing firewalls, secure communications, proxies, and tunnels
Module 4. Identity & Access Management
Controlling access to protect assets
- Defining administrative, technical and physical controls
- Implementing centralised and decentralised approaches
- Investigating biometric and multi-factor authentication
- Identifying common threats
- Manage the identity and access provisioning lifecyle
Module 6. Security Assessment & Testing
Designing and conducting security assessment strategies
- Leveraging the role of testing and auditing to analyse the effectiveness of security controls
- Differentiating detection and protection systems
Conducting logging and monitoring activities
- Distinguishing between the roles of internal and external audits
- Conduct or facilitate security audits
Module 7. Security Operations
Maintaining operational resilience
- Managing security services effectively
- Leveraging and supporting investigations and incident response
- Differentiating detection and protection systems
- Securely provisioning resources
Developing a recovery strategy
- Designing a disaster recovery plan
- Implementing test and maintenance processes
- Provisioning of resources
Module 8. Software Security Development
Securing the software development life cycle
- Applying software development methods and security controls
- Addressing database security concepts and issues
- Define and apply secure coding guidelines and standards
- Reviewing software security effectiveness and security impact