CompTIA Advanced Security Practitioner (CASP) (Exam CAS-001)

Size: px
Start display at page:

Download "CompTIA Advanced Security Practitioner (CASP) (Exam CAS-001)"

Transcription

1 CompTIA Advanced Security Practitioner (CASP) (Exam CAS-001) Course Outline Course Introduction Course Introduction Lesson 01 - The Enterprise Security Architecture Topic A: The Basics of Enterprise Security The Enterprise Enterprise Security Business Goals and Security Common Enterprise Security Principles Enterprise Threat Intelligence What to Protect? Defense in Depth Common Components of an Enterprise Security Solutions Policies, Standards, and Procedures Enterprise Policy Types Topic B: The Enterprise Structure Organizational Structures The Management Team Network Administrator The DBA Programmers Stakeholders Finance Human Resources Physical Security and Facilities Roles Discipline Collaboration Topic C: Enterprise Security Requirements Legal Compliance PII Privacy Requirements Organizational Security Requirements Lesson 01 Review Lesson 02 - The Enterprise Security Technology Topic A: Common Network Security Components and Technologies Common Enterprise Security Components 3m 1h 29m 2h 45m

2 VoIP Integration IPv6 Migration and Integration VLAN Integration DNS Security Techniques Secure Directory Services NIDS NIPS The NIPS Process ESB The ESB Process DAM Topic B: Communications and Collaboration Security UC Security UC Attacks UC Components Traffic Prioritization (QoS) Security Solutions for Data Flow VoIP Security The VoIP Implementation Process VoIP Implementation Considerations Remote Access Security VPN Solutions External Communications Security Collaboration Platform Security Issues Demo - Least Privilege Common Mobile Devices Enterprise Security Methods for Mobile Devices Topic C: Cryptographic Tools and Techniques Cryptography in the Enterprise Considerations for Cryptography in the Enterprise Demo - File Encryption Cryptographic Methods and Design Basic Approaches to Encryption Transport Encryption Methods Security Implications for Encryption Digital Signature Techniques Advanced PKI Components Code Signing Attestation Entropy PRNG

3 PFS Confusion and Diffusion Topic D: Advanced Authentication Advanced Authentication Within the Enterprise Certificate-Based Authentication SAML SPML XACML SOAP WSS Lesson 02 Review Lesson 03 - Enterprise Resource Technology Topic A: Enterprise Storage Security Issues Common Enterprise Storage Technologies NAS Security Implications SAN Security Implications vsan Security Implications iscsi Security Implications FCoE Security Implications LUN LUN Masking in the Security Architecture Redundancy Additional Storage Security Implications Topic B: Distributed, Shared, and Virtualized Computing Why Virtualization? Advantages of Virtualization VLANs VMs VDI Terminal Services Virtualization Vulnerabilities Vulnerabilities of Hosting VMs for Multiple Companies Virtual Environment Security Methods Topic C: Cloud Computing and Security Cloud Computing Cloud Computing Service Models Cloud Storage Considerations Security Vulnerabilities of Cloud Computing Secure Use of Cloud Computing Within the Enterprise Lesson 03 Review 1h 2m

4 Lesson 04 - Security Design and Solutions Topic A: Network Security Design Network Design Types and Techniques Network Design Considerations Data Network Types A Data Network Topology Data Network Topology Types A Network Diagram Data Network Media Types Network Transmission Methodologies Physical Security Building Layout Facilities Management Hardware Attacks Environmental Threats and Vulnerabilities Network Attacks SCADA Secure Infrastructure Design Storage Integration Considerations Topic B: Conduct a Security Assessment Vulnerability Assessment Penetration Testing Hacking Steps Penetration Testing Techniques Fingerprinting Code Review Methods A Social Engineering Test Security Assessment Tools How to Conduct a Security Assessment Topic C: Host Security Host-Based Security Controls Host-Based Firewalls Firewall Rules Demo - Firewalls Trusted OS Endpoint Security Anti-Malware Software Host Hardening Operating System Security Host Hardening Action Steps Asset Management 2h 4m

5 HIDS HIPS Host Monitoring Lesson 04 Review Lesson 05 - Application Security Design Topic A: Application Security Basics Application Security Design Application Design Considerations Application Security Design Best Practices Application Security Vulnerabilities Vulnerability Testing Methods Application Sandboxing Application Security Frameworks Third-Party Applications The Application Life Cycle Secure Coding Standards Secure Coding Guidelines SOA Topic B: Web Application Security Cookie Security Hijacked Cookies Cookie Poisoning Cookies and XSRF XSRF Security Client Side vs. Server Side Processing Methods State Management State Management Vulnerabilities Client-Side Scripting Languages Common Application Based Security Threats and Controls Lesson 05 Review Lesson 06 - Managing Risk, Security Policies, and Security Procedures Topic A: Analyze Security Risk Risk Exposure ERM Risk Management Strategies Common Business Models and Strategies Business Model Types Internal and External Considerations De-perimeterization 51m 1h 22m

6 Risk Analysis Methods How to Analyze Security Risk Topic B: Implement Risk Mitigation Strategies and Controls Risk Scoring Risk Likelihood and Impact Risk Determination Elements of Risk Determination Risk Response Techniques Mitigation Strategies A Sample ESA Framework Continuous Monitoring How to Implement Risk Mitigation Strategies and Controls Topic C: Implement Enterprise-Level Security Policies and Procedures Security Policy Development Principles Security Policy Development Methods Security Procedures Security Procedure Development Methods Common Business Documents Common Security Policy Components Security Policy Collaboration Security Policy Collaboration Partners How to Implement Enterprise-Level Security Policies and Procedures Topic D: Prepare for Incident Response and Recovery Incident and Emergency Response The Emergency Response Team A Security Incident Data Breach Data Breach Types The Data Breach Response Process The E-Discovery Process E-Discovery Policies E-Discovery Components and Techniques SIEM Computer Forensics Incident Response System Design Considerations Incident Response Components How to Prepare for Incident Response and Recovery Lesson 06 Review Lesson 07 - Enterprise Security Integration Topic A: The Technology Life Cycle 44m

7 Technology Life Cycle Considerations Technology Life Cycle Phases End-to-End Solutions SDLC SDLC Phases SDLC Models SSDLC SRTM Topic B: Inter-Organizational Change Security and Organizational Change Change Management in the Enterprise Security Design Considerations Network Secure Segmentation Network Secure Delegation Product and Service Integration Third-Party Products Topic C: Integrate Enterprise Disciplines to Achieve Secure Solutions Enterprise Security Integration Strategies Security Process and Controls Support Security Process and Control Mechanisms Effective Collaboration Techniques Collaboration Across Disciplines How to Integrate Enterprise Disciplines to Achieve Secure Solutions Lesson 07 Review Lesson 08 - Security Research and Analysis Topic A: Perform an Industry Trends and Impact Analysis Industry Best Practices Demo - Security Research Research Methods Technology Evolution New Technologies, Security Systems, and Services New Security Technology Types Situational Awareness Situational Awareness Considerations Emerging Business Tools Social Media as an Emerging Business Tool Mobile Devices as Emerging Business Tools Emerging Security Issues The Global Impact Analysis Industry Security Requirements for Business Contracts 48m

8 How to Perform an Industry Trends Impact Analysis Topic B: Perform an Enterprise Security Analysis Benchmarking Network Traffic Analysis Types of Network Traffic Analysis Prototyping and Testing Cost-Benefit Analysis Security Analysis Strategies Security Solution Analysis Lessons Learned Review How to Perform an Enterprise Security Analysis Lesson 08 Review Lesson 09 - Disaster Recovery and Business Continuity Topic A: BCP Fundamentals BCPs BCP Development Phases NIST Contingency Planning Steps NFPA Business Planning Framework Disruptive Events BIA BIA Organizational Goals BIA Process Critical Business Process Vulnerability Assessments MTD RPO RTO RPO/RTO Optimization Topic B: BCP Implementation Program Coordinators Advisory Committee-BCP Team BCP Team Responsibilities BCP Contents Business Plan Evaluations Business Plan Testing Business Plan Maintenance Business Continuity Process Topic C: DRP Fundamentals DRP Disaster Recovery Strategy 54m

9 Disaster Recovery Priority Levels Disaster Recovery Response Approaches Backup Strategies Data Restoration Strategies Alternate Sites Topic D: DRP Implementation Recovery Team Salvage Team Disaster Recovery Evaluation and Maintenance Disaster Recovery Testing Disaster Recovery Process Lesson 09 Review Lesson 10 - Managing Risk in Projects Topic A: Create a Risk Management Plan Risk Project Buffer Classification of Risks Business Risk vs. Insurable Risk Risk Tolerance Probability Scale Impact Scale RBS Risk Management The Risk Management Plan Components of a Risk Management Plan How to Create a Risk Management Plan Topic B: Identify Risks and Their Causes Triggers Information Gathering Techniques Documentation Reviews SWOT Analysis Risk Analysis Risk Register Components of a Risk Register Risk Categories How to Identify Risks and Their Causes Topic C: Analyze Risks Qualitative Risk Analysis Quantitative Risk Analysis Risk Probability and Impact Assessment 54m

10 The Probability and Impact Risk Rating Matrix The Ongoing Risk Assessment Process Project Risk Ranking Data Collection and Representation Techniques Basics of Probability Probability Distribution Quantitative Analysis Methods Qualitative Analysis Methods Risk Data Quality Assessment Risk Urgency Assessment Simulation Monte Carlo Analysis How to Analyze Risks Topic D: Develop a Risk Response Plan Negative Risks Negative Risk Strategies Positive Risks Positive Risk Strategies Contingency Plan The BCP DRP Contingency Reserve Risk-Related Contract Decisions How to Develop a Risk Response Plan Lesson 10 Review Lesson 11 - Legal Issues Topic A: Computer Crime Laws and Regulations Common Law Statutory Law Types of Statutory Offenses Administrative Law Intellectual Property Law Information Privacy Law Computer Crime Law Compliance Liability Internal and External Audits Governmental Oversight Resources Topic B: Computer Crime Incident Response Computer Crime 35m

11 The Computer Criminal Incident Response Process The Evidence Life Cycle Evidence Collection Techniques Evidence Types Chain of Evidence Rules of Evidence Surveillance Techniques Search and Seizure Computer Forensics Lesson 11 Review Lesson 12 - Judgment and Decision-Making Topic A: Develop Critical Thinking Skills Intellectual Autonomy Humility Objectivity Focus on the Argument Clarity Defining Your Argument Intellectual Honesty Logical Fallacies Assessing Arguments Logically How to Employ Critical Thinking Skills Topic B: Determine the Root of a Problem Obstacles to Analysis Occam's Razor Techniques for Applying Occam's Razor Theme Analysis The Four Guidelines Technique How to Determine the Root of a Problem Topic C: Use Judgment to Make Sound Decisions Analyzing Problems Analytical vs. Creative Thinking Barriers to Creative Thinking Brainstorming Rules of Brainstorming Evaluating Brainstorming Ideas A Fishbone Diagram A Pareto Chart A Histogram A Cost-Benefit Analysis 40m

12 Phases in Cost-Benefit Analysis A Prioritization Matrix A Trade-Off Method A Decision Tree An Ease and Effect Matrix A PMI Analysis Table How to Use Judgment to Make Sound Decisions Lesson 12 Review Course Closure Total Duration: 14h 11m

CompTIA Advanced Security Practitioner (CASP) (Exam CAS-002)

CompTIA Advanced Security Practitioner (CASP) (Exam CAS-002) CompTIA Advanced Security Practitioner (CASP) (Exam CAS-002) Course Outline Course Introduction Course Introduction 4m Lesson 01 - The Enterprise Security Architecture Topic A: The Basics of Enterprise

More information

CASP CompTIA Advanced Security Practitioner Study Guide: (Exam CAS-001)

CASP CompTIA Advanced Security Practitioner Study Guide: (Exam CAS-001) CASP CompTIA Advanced Security Practitioner Study Guide: (Exam CAS-001) Gregg, Michael ISBN-13: 9781118083192 Table of Contents Foreword xxi Introduction xxvii Assessment Test xliv Chapter 1 Cryptographic

More information

CompTIA CASP (Advanced Security Practitioner)

CompTIA CASP (Advanced Security Practitioner) CompTIA CASP (Advanced Security Practitioner) Course Length: 5 days (virtual) Click here to view the current class schedule! Overview: The CompTIA Advanced Security Practitioner (CASP) Certification is

More information

"Charting the Course... Certified Information Systems Auditor (CISA) Course Summary

Charting the Course... Certified Information Systems Auditor (CISA) Course Summary Course Summary Description In this course, you will perform evaluations of organizational policies, procedures, and processes to ensure that an organization's information systems align with overall business

More information

CompTIA Security+ (Exam SY0-401)

CompTIA Security+ (Exam SY0-401) CompTIA Security+ (Exam SY0-401) Course Overview This course will prepare students to pass the current CompTIA Security+ SY0-401 certification exam. After taking this course, students will understand the

More information

Security+ SY0-501 Study Guide Table of Contents

Security+ SY0-501 Study Guide Table of Contents Security+ SY0-501 Study Guide Table of Contents Course Introduction Table of Contents About This Course About CompTIA Certifications Module 1 / Threats, Attacks, and Vulnerabilities Module 1 / Unit 1 Indicators

More information

CCISO Blueprint v1. EC-Council

CCISO Blueprint v1. EC-Council CCISO Blueprint v1 EC-Council Categories Topics Covered Weightage 1. Governance (Policy, Legal, & Compliance) & Risk Management 1.1 Define, implement, manage and maintain an information security governance

More information

Software Development & Education Center Security+ Certification

Software Development & Education Center Security+ Certification Software Development & Education Center Security+ Certification CompTIA Security+ Certification CompTIA Security+ certification designates knowledgeable professionals in the field of security, one of the

More information

Certified Information Systems Auditor (CISA)

Certified Information Systems Auditor (CISA) Certified Information Systems Auditor (CISA) 1. Domain 1 The Process of Auditing Information Systems Provide audit services in accordance with IT audit standards to assist the organization in protecting

More information

E-guide Getting your CISSP Certification

E-guide Getting your CISSP Certification Getting your CISSP Certification Intro to the 10 CISSP domains of the Common Body of Knowledge : The Security Professional (CISSP) is an information security certification that was developed by the International

More information

CND Exam Blueprint v2.0

CND Exam Blueprint v2.0 EC-Council C ND Certified Network Defende r CND Exam Blueprint v2.0 CND Exam Blueprint v2.0 1 Domains Objectives Weightage Number of Questions 1. Computer Network and Defense Fundamentals Understanding

More information

Course overview. CompTIA Security+ Certification (Exam SY0-501) Study Guide (G635eng v107)

Course overview. CompTIA Security+ Certification (Exam SY0-501) Study Guide (G635eng v107) Overview This course is intended for those wishing to qualify with CompTIA Security+. CompTIA's Security+ Certification is a foundation-level certificate designed for IT administrators with 2 years' experience

More information

CompTIA Exam CAS-002 CompTIA Advanced Security Practitioner (CASP) Version: 6.0 [ Total Questions: 532 ]

CompTIA Exam CAS-002 CompTIA Advanced Security Practitioner (CASP) Version: 6.0 [ Total Questions: 532 ] s@lm@n CompTIA Exam CAS-002 CompTIA Advanced Security Practitioner (CASP) Version: 6.0 [ Total Questions: 532 ] Topic break down Topic No. of Questions Topic 1: Volume A 117 Topic 2: Volume B 122 Topic

More information

Business continuity management and cyber resiliency

Business continuity management and cyber resiliency Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International. Business continuity management and cyber resiliency Introductions Eric Wunderlich,

More information

EC-Council Certified Network Defender (CND) Duration: 5 Days Method: Instructor-Led

EC-Council Certified Network Defender (CND) Duration: 5 Days Method: Instructor-Led EC-Council Certified Network Defender (CND) Duration: 5 Days Method: Instructor-Led Certification: Certified Network Defender Exam: 312-38 Course Description This course is a vendor-neutral, hands-on,

More information

Cybersecurity Auditing in an Unsecure World

Cybersecurity Auditing in an Unsecure World About This Course Cybersecurity Auditing in an Unsecure World Course Description $5.4 million that s the average cost of a data breach to a U.S.-based company. It s no surprise, then, that cybersecurity

More information

Course Outline. Pearson: CompTIA Advanced Security Practitioner (Course & Lab)

Course Outline. Pearson: CompTIA Advanced Security Practitioner (Course & Lab) Course Outline Pearson: CompTIA Advanced Security 23 Apr 2018 Contents 1. Course Objective 2. Pre-Assessment 3. Exercises, Quizzes, Flashcards & Glossary Number of Questions 4. Expert Instructor-Led Training

More information

CompTIA Security+ Study Guide (SY0-501)

CompTIA Security+ Study Guide (SY0-501) CompTIA Security+ Study Guide (SY0-501) Syllabus Session 1 At the end of this session, students will understand what risk is and the basics of what it means to have security in an organization. This includes

More information

The Common Controls Framework BY ADOBE

The Common Controls Framework BY ADOBE The Controls Framework BY ADOBE The following table contains the baseline security subset of control activities (derived from the Controls Framework by Adobe) that apply to Adobe s enterprise offerings.

More information

CompTIA CSA+ Cybersecurity Analyst

CompTIA CSA+ Cybersecurity Analyst CompTIA CSA+ Cybersecurity Analyst Duration: 5 Days Course Code: Target Audience: The CompTIA Cybersecurity Analyst (CSA+) examination is designed for IT security analysts, vulnerability analysts, or threat

More information

Syllabus: The syllabus is broadly structured as follows:

Syllabus: The syllabus is broadly structured as follows: Syllabus: The syllabus is broadly structured as follows: SR. NO. TOPICS SUBTOPICS 1 Foundations of Network Security Principles of Network Security Network Security Terminologies Network Security and Data

More information

CompTIA Cybersecurity Analyst+

CompTIA Cybersecurity Analyst+ CompTIA Cybersecurity Analyst+ Course CT-04 Five days Instructor-Led, Hands-on Introduction This five-day, instructor-led course is intended for those wishing to qualify with CompTIA CSA+ Cybersecurity

More information

Hacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK

Hacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK Hacker Academy Ltd COURSES CATALOGUE Hacker Academy Ltd. LONDON UK TABLE OF CONTENTS Basic Level Courses... 3 1. Information Security Awareness for End Users... 3 2. Information Security Awareness for

More information

Disaster Recovery and Business Continuity Planning (Mile2)

Disaster Recovery and Business Continuity Planning (Mile2) Disaster Recovery and Business Continuity Planning (Mile2) Course Number: DRBCP Length: 4 Day(s) Certification Exam This course will help you prepare for the following exams: ABCP: Associate Business Continuity

More information

CISA Training.

CISA Training. CISA Training www.austech.edu.au WHAT IS CISA TRAINING? The CISA, Certified Information Systems Auditor, is a professional designation which provides great benefits and increased influence for an individual

More information

IT SECURITY RISK ANALYSIS FOR MEANINGFUL USE STAGE I

IT SECURITY RISK ANALYSIS FOR MEANINGFUL USE STAGE I Standards Sections Checklist Section Security Management Process 164.308(a)(1) Information Security Program Risk Analysis (R) Assigned Security Responsibility 164.308(a)(2) Information Security Program

More information

Certification Exam Outline Effective Date: April 2018

Certification Exam Outline Effective Date: April 2018 Certification Exam Outline Effective Date: April 2018 About CISSP The Certified Information Systems Security Professional (CISSP) is the most globally recognized certification in the information security

More information

ISSMP is in compliance with the stringent requirements of ANSI/ISO/IEC Standard

ISSMP is in compliance with the stringent requirements of ANSI/ISO/IEC Standard Certification Exam Outline Effective Date: April 2013 About CISSP-ISSMP The Information Systems Security Management Professional (ISSMP) is a CISSP who specializes in establishing, presenting, and governing

More information

2017 Annual Meeting of Members and Board of Directors Meeting

2017 Annual Meeting of Members and Board of Directors Meeting 2017 Annual Meeting of Members and Board of Directors Meeting Dan Domagala; "Cybersecurity: An 8-Point Checklist for Protecting Your Assets" Join this interactive discussion about cybersecurity trends,

More information

locuz.com SOC Services

locuz.com SOC Services locuz.com SOC Services 1 Locuz IT Security Lifecycle services combine people, processes and technologies to provide secure access to business applications, over any network and from any device. Our security

More information

SECURITY & PRIVACY DOCUMENTATION

SECURITY & PRIVACY DOCUMENTATION Okta s Commitment to Security & Privacy SECURITY & PRIVACY DOCUMENTATION (last updated September 15, 2017) Okta is committed to achieving and preserving the trust of our customers, by providing a comprehensive

More information

Unit 3 Cyber security

Unit 3 Cyber security 2016 Suite Cambridge TECHNICALS LEVEL 3 IT Unit 3 Cyber security Y/507/5001 Guided learning hours: 60 Version 3 - revised September 2016 ocr.org.uk/it LEVEL 3 UNIT 3: Cyber security Y/507/5001 Guided learning

More information

20413B: Designing and Implementing a Server Infrastructure

20413B: Designing and Implementing a Server Infrastructure 20413B: Designing and Implementing a Server Infrastructure Course Outline Course Introduction Course Introduction Module 01 - Planning a Server Upgrade and Migration Lesson 1: Upgrade and Migration Considerations

More information

Security Issues and Best Practices for Water Facilities

Security Issues and Best Practices for Water Facilities Security Issues and Best Practices for Water Facilities Standards Certification Jeff Hayes Business Development Manager Beijer Electronics Education & Training Publishing Conferences & Exhibits 2013 ISA

More information

TestOut Network Pro - English 4.1.x COURSE OUTLINE. Modified

TestOut Network Pro - English 4.1.x COURSE OUTLINE. Modified TestOut Network Pro - English 4.1.x COURSE OUTLINE Modified 2017-07-06 TestOut Network Pro Outline - English 4.1.x Videos: 141 (18:42:14) Demonstrations: 81 (10:38:59) Simulations: 92 Fact Sheets: 145

More information

COURSE BROCHURE CISA TRAINING

COURSE BROCHURE CISA TRAINING COURSE BROCHURE CISA TRAINING What is CISA? The CISA, Certified Information Systems Auditor, is a professional designation which provides great benefits and increased influence for an individual within

More information

Cybersecurity Risk Mitigation: Protect Your Member Data. Introduction

Cybersecurity Risk Mitigation: Protect Your Member Data. Introduction Cybersecurity Risk Mitigation: Protect Your Member Data Presented by Matt Mitchell, CISSP Knowledge Consulting Group Introduction Matt Mitchell- Director Risk Assurance 17 years information security experience

More information

Certified Cyber Security Specialist

Certified Cyber Security Specialist Certified Cyber Security Specialist Page 1 of 7 Why Attend This course will provide participants with in-depth knowledge and practical skills to plan, deliver and monitor IT/cyber security to internal

More information

Security Monitoring Engineer / (NY or NC) Director, Information Security. New York, NY or Winston-Salem, NC. Location:

Security Monitoring Engineer / (NY or NC) Director, Information Security. New York, NY or Winston-Salem, NC. Location: Position: Reports to: Location: Security Monitoring Engineer / (NY or NC) Director, Information Security New York, NY or Winston-Salem, NC Position Summary: The Clearing House (TCH) Information Security

More information

No Country for Old Security Compliance in the Cloud. Joel Sloss, CDSA Board of Directors May 2017

No Country for Old Security Compliance in the Cloud. Joel Sloss, CDSA Board of Directors May 2017 No Country for Old Security Compliance in the Cloud Joel Sloss, CDSA Board of Directors May 2017 Emerging Threats Specific/sequential targeting Effective reconnaissance Practiced tool usage Sophisticated

More information

FRONT RUNNER DIPLOMA PROGRAM Version 8.0 INFORMATION SECURITY Detailed Course Curriculum Course Duration: 6 months

FRONT RUNNER DIPLOMA PROGRAM Version 8.0 INFORMATION SECURITY Detailed Course Curriculum Course Duration: 6 months FRONT RUNNER DIPLOMA PROGRAM Version 8.0 INFORMATION SECURITY Detailed Course Curriculum Course Duration: 6 months MODULE: INTRODUCTION TO INFORMATION SECURITY INFORMATION SECURITY ESSENTIAL TERMINOLOGIES

More information

Bachelor of Information Technology (Network Security)

Bachelor of Information Technology (Network Security) Course information for Bachelor of Information Technology (Network Security) Course Number HE20524 Location Meadowbank Course Design The Bachelor of Information Technology (Network Security) is a three-year

More information

Position Description IT Auditor

Position Description IT Auditor Position Title IT Auditor Position Number Portfolio Performance and IT Audit Location Victoria Supervisor s Title IT Audit Director Travel Required Yes FOR OAG HR USE ONLY: Approved Classification or Leadership

More information

Ingram Micro Cyber Security Portfolio

Ingram Micro Cyber Security Portfolio Ingram Micro Cyber Security Portfolio Ingram Micro Inc. 1 Ingram Micro Cyber Security Portfolio Services Trainings Vendors Technical Assessment General Training Consultancy Service Certification Training

More information

CompTIA Mobility+ Certification

CompTIA Mobility+ Certification CompTIA Mobility+ Certification Duration: 5 days Price: $4000 Certifications: CompTIA Mobility+ Exams: MB0-001 Course Overview The mobile age is upon us. More and more people are using tablets, smartphones,

More information

No IT Audit Staff? How to Hack an IT Audit. Presenters. Mark Bednarz, Partner-In-Charge, Risk Advisory PKF O Connor Davies, LLP

No IT Audit Staff? How to Hack an IT Audit. Presenters. Mark Bednarz, Partner-In-Charge, Risk Advisory PKF O Connor Davies, LLP No IT Audit Staff? How to Hack an IT Audit Presenters Mark Bednarz, Partner-In-Charge, Risk Advisory PKF O Connor Davies, LLP Learning Objectives After this session, participants will be able to: Devise

More information

Required Textbook and Materials. Course Objectives. Course Outline

Required Textbook and Materials. Course Objectives. Course Outline Information Technology Security (ITSY 1342) Credit: 3 semester credit hours (2 hours lecture, 4 hours lab) Prerequisite/Co-requisite: None Course Description Instruction in security for network hardware,

More information

TSC Business Continuity & Disaster Recovery Session

TSC Business Continuity & Disaster Recovery Session TSC Business Continuity & Disaster Recovery Session Mohamed Ashmawy Infrastructure Consulting Pursuit Hewlett-Packard Enterprise Saudi Arabia Mohamed.ashmawy@hpe.com Session Objectives and Outcomes Objectives

More information

Cybersecurity Session IIA Conference 2018

Cybersecurity Session IIA Conference 2018 www.pwc.com/me Cybersecurity Session IIA Conference 2018 Wael Fattouh Partner PwC Cybersecurity and Technology Risk PwC 2 There are only two types of companies: Those that have been hacked, and those that

More information

TEL2813/IS2820 Security Management

TEL2813/IS2820 Security Management TEL2813/IS2820 Security Management Security Management Models And Practices Lecture 6 Jan 27, 2005 Introduction To create or maintain a secure environment 1. Design working security plan 2. Implement management

More information

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited Technology Risk Management in Banking Industry Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited Change in Threat Landscape 2 Problem & Threats faced by Banking Industry

More information

Sample Exam Privacy & Data Protection Foundation

Sample Exam Privacy & Data Protection Foundation Sample Exam Sample Exam Privacy & Data Protection Foundation SECO-Institute issues the official Business Continuity courseware to accredited training centres where students are trained by accredited instructors.

More information

How to Prepare a Response to Cyber Attack for a Multinational Company.

How to Prepare a Response to Cyber Attack for a Multinational Company. You Have Been Breached! How to Prepare a Response to Cyber Attack for a Multinational Company. Chayan Chakravarti, MBA, CISM, PMP Patrick Enyart, CISA, CISM, CRISC Presenters Chayan Chakravarti Manager,

More information

University of Pittsburgh Security Assessment Questionnaire (v1.7)

University of Pittsburgh Security Assessment Questionnaire (v1.7) Technology Help Desk 412 624-HELP [4357] technology.pitt.edu University of Pittsburgh Security Assessment Questionnaire (v1.7) Directions and Instructions for completing this assessment The answers provided

More information

Certified Information Security Manager (CISM) Course Overview

Certified Information Security Manager (CISM) Course Overview Certified Information Security Manager (CISM) Course Overview This course teaches students about information security governance, information risk management, information security program development,

More information

BraindumpsVCE. Best vce braindumps-exam vce pdf free download

BraindumpsVCE.   Best vce braindumps-exam vce pdf free download BraindumpsVCE http://www.braindumpsvce.com Best vce braindumps-exam vce pdf free download Exam : SY0-501 Title : CompTIA Security+ Certification Exam Vendor : CompTIA Version : DEMO Get Latest & Valid

More information

K12 Cybersecurity Roadmap

K12 Cybersecurity Roadmap K12 Cybersecurity Roadmap Introduction Jason Brown, CISSP Chief Information Security Officer Merit Network, Inc jbrown@merit.edu @jasonbrown17 https://linkedin.com/in/jasonbrown17 2 Agenda 3 Why Use the

More information

OVERVIEW OF SUBJECT REQUIREMENTS

OVERVIEW OF SUBJECT REQUIREMENTS Course Bachelor of Information Technology (Network Security) Course Number HE20524 Location Meadowbank OVERVIEW OF SUBJECT REQUIREMENTS Note: This document is intended as a guide only. Enrolling students

More information

Security Incident Management in Microsoft Dynamics 365

Security Incident Management in Microsoft Dynamics 365 Security Incident Management in Microsoft Dynamics 365 Published: April 26, 2017 This document describes how Microsoft handles security incidents in Microsoft Dynamics 365 2017 Microsoft Corporation. All

More information

Designing and Building a Cybersecurity Program

Designing and Building a Cybersecurity Program Designing and Building a Cybersecurity Program Based on the NIST Cybersecurity Framework (CSF) Larry Wilson lwilson@umassp.edu ISACA Breakfast Meeting January, 2016 Designing & Building a Cybersecurity

More information

Online Services Security v2.1

Online Services Security v2.1 Online Services Security v2.1 Contents 1 Introduction... 2 2... 2 2.1... 2 2.2... 2 2.3... 3 3... 4 3.1... 4 3.2... 5 3.3... 6 4... 7 4.1... 7 4.2... 7 4.3... 7 4.4... 7 4.5... 8 4.6... 8 1 Introduction

More information

Integrating Cyber Security with Business Continuity Management to Build the Resilient Enterprise

Integrating Cyber Security with Business Continuity Management to Build the Resilient Enterprise February 11 14, 2018 Gaylord Opryland Resort and Convention Center, Nashville #DRI2018 Integrating Cyber Security with Business Continuity Management to Build the Resilient Enterprise Tejas Katwala CEO

More information

SOC-2 Requirement Solution Brief. EventTracker 8815 Centre Park Drive, Columbia MD SOC-2

SOC-2 Requirement Solution Brief. EventTracker 8815 Centre Park Drive, Columbia MD SOC-2 Requirement Solution Brief 8815 Centre Park Drive, Columbia MD 21045 About delivers business critical software and services that transform high-volume cryptic log data into actionable, prioritized intelligence

More information

NW NATURAL CYBER SECURITY 2016.JUNE.16

NW NATURAL CYBER SECURITY 2016.JUNE.16 NW NATURAL CYBER SECURITY 2016.JUNE.16 ADOPTED CYBER SECURITY FRAMEWORKS CYBER SECURITY TESTING SCADA TRANSPORT SECURITY AID AGREEMENTS CONCLUSION QUESTIONS ADOPTED CYBER SECURITY FRAMEWORKS THE FOLLOWING

More information

CSWAE Certified Secure Web Application Engineer

CSWAE Certified Secure Web Application Engineer CSWAE Certified Secure Web Application Engineer Overview Organizations and governments fall victim to internet based attacks every day. In many cases, web attacks could be thwarted but hackers, organized

More information

Canada Life Cyber Security Statement 2018

Canada Life Cyber Security Statement 2018 Canada Life Cyber Security Statement 2018 Governance Canada Life has implemented an Information Security framework which supports standards designed to establish a system of internal controls and accountability

More information

Certified Secure Web Application Engineer

Certified Secure Web Application Engineer Certified Secure Web Application Engineer ACCREDITATIONS EXAM INFORMATION The Certified Secure Web Application Engineer exam is taken online through Mile2 s Assessment and Certification System ( MACS ),

More information

Changing face of endpoint security

Changing face of endpoint security Changing face of endpoint security S A N T H O S H S R I N I V A S A N C I S S P, C I S M, C R I S C, C E H, C I S A, G S L C, C G E I T D I R E C T O R S H A R E D S E R V I C E S, H C L T E C H N O L

More information

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

Enhancing the Cybersecurity of Federal Information and Assets through CSIP TECH BRIEF How BeyondTrust Helps Government Agencies Address Privileged Access Management to Improve Security Contents Introduction... 2 Achieving CSIP Objectives... 2 Steps to improve protection... 3

More information

Security Management Models And Practices Feb 5, 2008

Security Management Models And Practices Feb 5, 2008 TEL2813/IS2820 Security Management Security Management Models And Practices Feb 5, 2008 Objectives Overview basic standards and best practices Overview of ISO 17799 Overview of NIST SP documents related

More information

Objectives of the Security Policy Project for the University of Cyprus

Objectives of the Security Policy Project for the University of Cyprus Objectives of the Security Policy Project for the University of Cyprus 1. Introduction 1.1. Objective The University of Cyprus intends to upgrade its Internet/Intranet security architecture. The University

More information

Data Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle

Data Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle Data Security and Privacy : Compliance to Stewardship Jignesh Patel Solution Consultant,Oracle Agenda Connected Government Security Threats and Risks Defense In Depth Approach Summary Connected Government

More information

TestOut Network Pro - English 5.0.x COURSE OUTLINE. Modified

TestOut Network Pro - English 5.0.x COURSE OUTLINE. Modified TestOut Network Pro - English 5.0.x COURSE OUTLINE Modified 2018-03-06 TestOut Network Pro Outline - English 5.0.x Videos: 130 (17:10:31) Demonstrations: 78 (8:46:15) Simulations: 88 Fact Sheets: 136 Exams:

More information

COMPUTER AND NETWORK SUPPORT TECHNICIAN PROGRAM

COMPUTER AND NETWORK SUPPORT TECHNICIAN PROGRAM Network + Networking NH5200 Fundamentals COURSE TITLE: Network+ Networking Fundamentals 104 Total Hours 66 Theory Hours 38 Laboratory Hours COURSE OVERVIEW: After completing this course, students will

More information

Cloud Computing. Faculty of Information Systems. Duc.NHM. nhmduc.wordpress.com

Cloud Computing. Faculty of Information Systems. Duc.NHM. nhmduc.wordpress.com Cloud Computing Faculty of Information Systems Duc.NHM nhmduc.wordpress.com Evaluating Cloud Security: An Information Security Framework Chapter 6 Cloud Computing Duc.NHM 2 1 Evaluating Cloud Security

More information

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Virus Outbreak

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Virus Outbreak Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security

More information

ISC2. Exam Questions CISSP. Certified Information Systems Security Professional (CISSP) Version:Demo

ISC2. Exam Questions CISSP. Certified Information Systems Security Professional (CISSP) Version:Demo ISC2 Exam Questions CISSP Certified Information Systems Security Professional (CISSP) Version:Demo 1. How can a forensic specialist exclude from examination a large percentage of operating system files

More information

Computer Information Systems (CIS) CIS 105 Current Operating Systems/Security CIS 101 Introduction to Computers

Computer Information Systems (CIS) CIS 105 Current Operating Systems/Security CIS 101 Introduction to Computers Computer Information Systems (CIS) CIS 101 Introduction to Computers This course provides an overview of the computing field and its typical applications. Key terminology and components of computer hardware,

More information

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Malware Outbreak

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Malware Outbreak Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security

More information

The NIST Cybersecurity Framework

The NIST Cybersecurity Framework The NIST Cybersecurity Framework U.S. German Standards Panel 2018 April 10, 2018 Adam.Sedgewick@nist.gov National Institute of Standards and Technology About NIST Agency of U.S. Department of Commerce

More information

IT Foundations Networking Specialist Certification with Exam

IT Foundations Networking Specialist Certification with Exam IT Foundations Networking Specialist Certification with Exam MSIT113 / 200 Hours / 12 Months / Self-Paced / Materials Included Course Overview: Gain hands-on expertise in CompTIA A+ certification exam

More information

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Data Theft

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Data Theft Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security

More information

Course Outline Topic 1: Current State Assessment, Security Operations Centers, and Security Architecture

Course Outline Topic 1: Current State Assessment, Security Operations Centers, and Security Architecture About this Course This course will best position your organization to analyse threats and detect anomalies that could indicate cybercriminal behaviour. The payoff for this new proactive approach would

More information

Advanced IT Risk, Security management and Cybercrime Prevention

Advanced IT Risk, Security management and Cybercrime Prevention Advanced IT Risk, Security management and Cybercrime Prevention Course Goal and Objectives Information technology has created a new category of criminality, as cybercrime offers hackers and other tech-savvy

More information

Introduction to Business continuity Planning

Introduction to Business continuity Planning Week - 06 Introduction to Business continuity Planning 1 Introduction The purpose of this lecture is to give an overview of what is Business Continuity Planning and provide some guidance and resources

More information

Financial CISM. Certified Information Security Manager (CISM) Download Full Version :

Financial CISM. Certified Information Security Manager (CISM) Download Full Version : Financial CISM Certified Information Security Manager (CISM) Download Full Version : http://killexams.com/pass4sure/exam-detail/cism required based on preliminary forensic investigation, but doing so as

More information

Stephanie Zierten Associate Counsel Federal Reserve Bank of Boston

Stephanie Zierten Associate Counsel Federal Reserve Bank of Boston Stephanie Zierten Associate Counsel Federal Reserve Bank of Boston Cybersecurity Landscape Major Data Breaches (e.g., OPM, IRS) Data Breach Notification Laws Directors Derivative Suits Federal Legislation

More information

Cyber Resilience. Think18. Felicity March IBM Corporation

Cyber Resilience. Think18. Felicity March IBM Corporation Cyber Resilience Think18 Felicity March 1 2018 IBM Corporation Cyber Resilience Cyber Resilience is the ability of an organisation to maintain its core purpose and integrity during and after a cyber attack

More information

L E C T U R E N O T E S : C O N T R O L T Y P E S A N D R I S K C A L C U L A T I O N

L E C T U R E N O T E S : C O N T R O L T Y P E S A N D R I S K C A L C U L A T I O N L E C T U R E N O T E S : C O N T R O L T Y P E S A N D R I S K C A L C U L A T I O N Revision Date: 7/31/2014 Time: 1 hour OBJECTIVES The following objectives are covered in this Lecture Note. These objectives

More information

Information Security in Corporation

Information Security in Corporation Information Security in Corporation System Vulnerability and Abuse Software Vulnerability Commercial software contains flaws that create security vulnerabilities. Hidden bugs (program code defects) Zero

More information

Criminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud

Criminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud Criminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud Introduction The Criminal Justice Information Security (CJIS) Policy is a publically accessible document that contains

More information

Table of Contents (CISSP 2012 Edition)

Table of Contents (CISSP 2012 Edition) Table of Contents (CISSP 2012 Edition) CONTENT UPDATES... 6 ABOUT THIS BOOK... 7 NETWORK INFRASTRUCTURE, PROTOCOLS AND TECHNOLOGIES... 8 OPEN SYSTEM INTERCONNECT... 8 LAN NETWORKING...10 ROUTING AND SWITCHING...13

More information

Bringing cyber to the Board of Directors & C-level and keeping it there. Dirk Lybaert, Proximus September 9 th 2016

Bringing cyber to the Board of Directors & C-level and keeping it there. Dirk Lybaert, Proximus September 9 th 2016 Bringing cyber to the Board of Directors & C-level and keeping it there Dirk Lybaert, Proximus September 9 th 2016 Dirk Lybaert Chief Group Corporate Affairs We constantly keep people connected to the

More information

CERT Development EFFECTIVE RESPONSE

CERT Development EFFECTIVE RESPONSE CERT Development EFFECTIVE RESPONSE CERT Development: EFFECTIVE RESPONSE 2 Effective Response Effective Response Well funded, organized attackers threaten your network IT attacks can result in: Loss of

More information

Security and Architecture SUZANNE GRAHAM

Security and Architecture SUZANNE GRAHAM Security and Architecture SUZANNE GRAHAM Why What How When Why Information Security Information Assurance has been more involved with assessing the overall risk of an organisation's technology and working

More information

Cybersecurity for Health Care Providers

Cybersecurity for Health Care Providers Cybersecurity for Health Care Providers Montgomery County Medical Society Provider Meeting February 28, 2017 T h e MARYLAND HEALTH CARE COMMISSION Overview Cybersecurity defined Cyber-Threats Today Impact

More information

Surprisingly Successful: What Really Works in Cyber Defense. John Pescatore, SANS

Surprisingly Successful: What Really Works in Cyber Defense. John Pescatore, SANS Surprisingly Successful: What Really Works in Cyber Defense John Pescatore, SANS 1 Largest Breach Ever 2 The Business Impact Equation All CEOs know stuff happens in business and in security The goal is

More information

DFARS Compliance. SLAIT Consulting SECURITY SERVICES. Mike D Arezzo Director of Security Services. SLAITCONSULTING.com

DFARS Compliance. SLAIT Consulting SECURITY SERVICES. Mike D Arezzo Director of Security Services. SLAITCONSULTING.com DFARS Compliance SLAIT Consulting SECURITY SERVICES Mike D Arezzo Director of Security Services Introduction 18+ year career in Information Technology and Security General Electric (GE) as Software Governance

More information

Contingency Planning

Contingency Planning Contingency Planning Introduction Planning for the unexpected event, when the use of technology is disrupted and business operations come close to a standstill Procedures are required that will permit

More information

Cybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016

Cybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016 Cybersecurity: Considerations for Internal Audit Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016 Agenda Key Risks Incorporating Internal Audit Resources Questions 2 San Francisco

More information