Security Core Fundamentals

Security is centered on people, but it is much more than just passwords and firewalls. This 2-day course will explain the function of security operations and how to prevent incidents and respond effectively, if an incident occurs.

Appropriate for non-security people, this course explains the elements of Information Security in a practical, understandable, and enjoyable manner, and is specifically designed to help you to incorporate good security practices into your daily operations—this course is both educational and practical.

You will leave this course with a greater appreciation for the alignment of security with your business objectives and will see how to mesh reliable and cost-effective security with business operations.

You will learn the language of security and the significance of terms, tools, and controls that are commonly and typically used.

Module One: Introduction to Information and Information Security

  • What is Information?
  • The relationship between Information and Business
  • Understanding security within different business missions
  • Government
  • Commercial
  • Not for Profit
  • Military
  • What is the role of information in today’s economy?
  • Knowledge
  • Intellectual Property
  • Customer Service
  • Future Trends
  • What is Information Security?
  • What are transactions?
  • What is the difference between Systems Protection and Information Security?
  • How to describe security (case study/discussion)
  • Security metrics (measuring success and security planning)
  • Making security simple
  • What is Risk and how does it relate to Information Security?
  • How to measure risk
  • What are controls? (Management/Technical/Physical)

Module Two: The Core Fundamentals of Information Security

  • Key Security Principles
  • Need to know
  • Least privilege
  • Separation of Duties
  • Layered Defence (defence in depth)
  • Eleven Major Security Areas of ISO 27002 (introduction only)
  • Security Policy
  • Organizing Information Security
  • Asset Management
  • Human Resources Security
  • Physical and Environmental Security
  • Communications and Operations Management
  • Access Control
  • Information Systems Acquisition, Development, and Maintenance
  • Information Security Incident Management
  • Business Continuity Management
  • Compliance

Module Three: Designing and Implementing Security

  • Defining Security Requirements
  • Systems and Data Ownership
  • Information Classification (case study/discussion)
  • Critical versus Sensitive Systems/Information
  • Policy and Oversight
  • Accountability
  • Building Security in to Systems and Business Processes
  • Security versus Productivity
  • Access Controls
  • Business Continuity and Resilience
  • Training and Educating the Security Advocate
  • Detecting and Preventing Social Engineering
  • Intimidation/Name-Dropping/Appealing for assistance/Technical

Module Four: Assurance and Compliance

  • Monitoring, Logs, and Audit trails
  • Incident Management
  • Preventing Incidents
  • Feedback and Improvement
  • Reporting to Management
  • Technical Countermeasures
  • Effective use of Tools (firewall, IDS, etc.)
  • Scans and Penetration Tests
  • Stopping the Hacker (case study/examples)
  • Understanding why Breaches Happen (risky behavior/shortcuts and curious)
  • Simple Security Solutions
  • Portable Media
  • Destruction of old Media
  • Secure Passwords
  • Asset Management

This course provides a core foundation of IT security knowledge. It is suitable for any member of the business and IT community, from the newest member of the team to the most experienced professional.

Illustrating the core fundamentals of information security in an interesting and relevant manner, the course describes the close alignment of information security with ever-changing business requirements and enables you to effectively understand information security concepts and build them into business processes and design.

The course is presented as Instructor-led training, in an interactive lecture style, with presentation slides and notes, incorporating various learning exercises (case studies and review questions), with an examination at the end of the program.

The lead trainers for this course are Kevin Henry and Leo Thrush.

This training can be delivered on-site in your company. The benefits are clear: together we will focus on your specific circumstances and questions. At the end of the training you will have written the basic outline for you company specific protocol! Please contact us, for more information about organising this training on-site!

This training is also offered at various locations around the world as an open enrolment training. To check if this training is organised near you anytime soon, please check our calendar!