Learn: in:
» back to Search Results

Course rating of 0 Vendor rating of 4


The Advanced ISSO Boot camp provides 5 days of comprehensive, technical, professional training to achieve the fundamental knowledge, skills, & abilities necessary to facilitate & integrate requisite system-level security policies, processes, etc.


 
Course Outline
Summary

This advanced course expands upon the principles and concepts learned in the ISSO Boot Camp course. The course will explore the integration of technical and non-technical solutions for securing critical information infrastructures and establishing the standards necessary to help protect the confidentiality, maintain the integrity and ensure the availability of sensitive data and critical organizational computing resources.

The Advanced ISSO Boot camp provides five days of comprehensive, technical, professional training to achieve the fundamental knowledge, skills, and abilities necessary to facilitate and integrate requisite system-level security policies, processes, practices, procedures and protocols.

Audience
  • Anyone currently holding an ISSO position; those earmarked for current or planned ISSO billets; security managers (corporate or departmental security officer staff) responsible for IS security, chief informatics office (CIO) staff, including technical support, system managers, configuration managers, etc. who have collateral IS security responsibilities.
Course Objectives
  • Learn how to protect information systems against unauthorized access to or modification of information whether in storage, processing, or transit, and against denial of service to authorized users, including those measures necessary to detect, document, and counter such threats.
  • Learn how to provide security planning and administrative security procedures for systems that process sensitive, classified and national intelligence data.
  • Understand the implementation and enforcement of Information System
Security Policies and Practices
  • Know the concerns and requirements that determine the administration and management of physical, system and data access controls based on the sensitivity of the data processed and the corresponding authorization requirements.
  • Learn the identification, analysis, assessment and evaluation of information system threats and vulnerabilities and their impact on an organization's critical information infrastructures.
  • Be able to identify management, technical, personnel, operational, and physical security controls.     
  • Upon completion, understand the critical areas of knowledge required to step into any key information security position including Information Systems Security Officer.
Course Outline

I.  ISSO Boot Camp Review

a.  Security Basics
     * IT Security Foundational Principles and Concepts
     * Role of the Security Professional
     * Confidentiality, Integrity and Availability
     * Protection, Detection and Response
     * Threat Agents, Threats, Vulnerabilities and Assets

b.  Government Security Policies, Directives, Standards and Guidelines
     * GoC Policy on Government Security
     * CSEC ? Canada?s National Security Policy
     * DND Policies and Security Orders
     * Treasury Board MITS Operational Standard
     * Assets and Information Classification Processes (Sensitivity and Criticality)

c.  Understanding Common Criteria and Questions to Consider
     * Evaluation Methodologies including Common Criteria
     * Security Program Compliance processes

II. IT Security and Information Assurance

a.  Understanding Information Security
     * Physical Security
     * Personnel Security
     * Procedural Security
     * The different facets of Information Technology
     * Cryptographic Security
     * Network Security
     * Computer Security
     * Transmission Security
     * Emission Security (Tempest)
     * Shielded Enclosures
     * Emsec Zoning concepts

b.  Vulnerabilities and Exploits
     * Malicious Code
     * Hacker activity
     * Types of attacks
     * System Vulnerabilities
     * Types of exploits
     * Rootkits
     * Current Vulnerability concerns and prioritization

c.  The Threat and Risk Assessment Process (TRA)
     * TRA Methodology
     * Preparing for a TRA
     * Resources needed to conduct a TRA

d.  Gathering Threat information
     * Local
     * Internal threat agents
     * External threat agents
     * Deliberate threat events
     * Accidental threat events
     * The different Threat ratings
     * Assessing the severity of the different threat events

e.  Gathering Vulnerability information
     * Technical vs non-technical
     * Source of information
     * The different Vulnerability ratings
     * Assessing the severity of a vulnerability f.  Assessing risks
     * The different risk ratings
     * Determining Residual Risk
     * Making recommendations

III. Risk Management

a.  Overview of Risk Management for ISSO Officers
     * Risk Management Planning
     * Approach and execution of plan for risk management

b.  Risk Identification
     * Determining risks and identifying the characteristics of those risks

c.  Qualitative Risk Analysis
     * Prioritizing risks responses based on probability of occurrence and impact

d.  Quantitative Risk Analysis
     * Analyzing effect of risks should they come to fruition e.  Risk Response Planning
     * Developing options and actions to minimize risks and their effects

f.  Risk Monitoring & Control
     * Tracking risks
     * Monitoring residual risks
     * Identifying new risks
     * Executing risk response plans and evaluating effects of those plans

g.  Threats and Vulnerabilities

h.  Threat Risk Assessments and Harmonized TRA methodology


IV. Incident Management

a.  Incident Response and Handling Steps
     * How to Identify an Incident
     * Handling Incidents
     * Need for Incident Response
     * Goals of Incident Response
     * Incident Response Plan
     * Purpose of Incident Response Plan
     * Requirements of Incident Response Plan
     * Preparation

b.  Incident Response and Handling Steps
     * Identification
     * Incident Recording
     * Initial Response
     * Communicating the Incident
     * Containment
     * Formulating a Response Strategy
     * Incident Classification
     * Incident Investigation
     * Data Collection
     * Forensic Analysis
     * Evidence Protection
     * Notify External Agencies
     * Eradication
     * Systems Recovery
     * Incident Documentation
     * Incident Damage and Cost Assessment
     * Review and Update  the Response Policies

c.  Training and Awareness
     * Security Awareness and Training Checklist
     * Incident Management
     * Purpose of Incident Management
     * Incident Management Process
     * Incident Management Team
     * Incident Response Team
     * Incident Response Team Members
     * Incident Response Team Members Roles and Responsibilities
     * Developing Skills in Incident Response Personnel
     * Incident Response Team Structure
     * Incident Response Team Dependencies
     * Incident Response Team Services
     * Incident Response Best Practices
     * Incident Response Policy
     * Incident Response Plan Checklist

V.  Incident Reporting

a.  Incident Reporting
     * Why to Report an Incident
     * Why Organizations do not Report Computer Crimes
     * Whom to Report an Incident
     * How to Report an Incident


VI. Business Continuity Planning

a.  Configuration Management, Business Continuity Planning and Crisis Management
     * Business Continuity Management
     * Business Impact Assessment
     * Disaster Recovery
     * Off-site storage and backup
     * Understanding natural hazards, vulnerability and risk of disaster
     * Using disaster risk reduction techniques
     * Understanding of the crisis management implementation process
     * Responding by managing disasters
     * Practical Disaster Recovery Planning & Implementation
     * Introduction to Practical Operational Risk Management

VII. eDiscovery

a.  Introduction to E-Discovery
     * E-Discovery Process: Gather
     * E-Discovery Process: Filter
     * E-Discovery Process: Deliver

b.  Marketplace and Trends

VIII. Digital Forensic & Cyber Investigation

a.  Objectives of Forensics Analysis
     * Role of Forensics Analysis in Incident Response

b.  Forensic Readiness
     * Forensic Readiness And Business Continuity

c.  Types of Computer Forensics

d.  Computer Forensic Investigator
     * People Involved in Computer Forensics

e.  Computer Forensics Process

f.  Digital Evidence
     * Characteristics of Digital Evidence
     * Collecting Electronic Evidence
     * Challenging Aspects of Digital Evidence

g.  Forensic Policy

h.  Forensics in the Information System Life Cycle

i.  Forensic Analysis Guidelines

j.  Forensics Analysis Tools

IX. The Certification and Accreditation process
     * Identifying the key stakeholders
     * Certification evidence
     * Accreditation (Authority to process)
     * Interim Authority to Process
     * Security Testing and validation requirements
     * Security Concept of Operations


Additional Details
Pre-Requisites

Have taken course (ISSO) or have equivalent experience

Certificates offered

Certificate of Completion ** The student kit includes a comprehensive workbook and other necessary materials for this class


Cancellation Policy

Map & Reviews
CTE Solutions
[ View Provider's Profile ]

Reviews
 

This course has not yet been rated by one of our members.

If you have taken a course through this vendor please log into your account and leave feedback for this vendor. You will be helping ensure our members get directed to the best training facilities.

Here are some reviews of the training vendor.
This course was great, very informative, had Lionel as instructor and he was also very good.
Reviewed by 2012
Instructor was eager to assist but lacked subject matter expertise. Course time management was very poor. Content provided could have been delivered effectively in a one day course.
Reviewed by 2012
Good Course, good trainer. All questions addressed equally and in a timely professional manner.
Reviewed by 2011
The course content was interesting; however, the instructor didn't have enough knowledge about Microsoft Sharepoint 2010 Development and wasn't able to answer questions without google search. In the future CTE needs to make sure the instructors have real on-hands experience and are highly trained in the technologies they are supposed be teaching.
Reviewed by 2011

This course currently does not have any dates scheduled. Please call 1-877-313-8881 to enquire about future dates.

 

This page has been viewed 198 times.