Learn: in:
» back to Search Results

Course rating of 0 Vendor rating of 4


The Advanced ISSO Boot camp provides 5 days of comprehensive, technical, professional training to achieve the fundamental knowledge, skills, & abilities necessary to facilitate & integrate requisite system-level security policies, processes, etc.


 
Course Outline
Summary

This advanced course expands upon the principles and concepts learned in the ISSO Boot Camp course. The course will explore the integration of technical and non-technical solutions for securing critical information infrastructures and establishing the standards necessary to help protect the confidentiality, maintain the integrity and ensure the availability of sensitive data and critical organizational computing resources.

The Advanced ISSO Boot camp provides five days of comprehensive, technical, professional training to achieve the fundamental knowledge, skills, and abilities necessary to facilitate and integrate requisite system-level security policies, processes, practices, procedures and protocols.

Audience
  • Anyone currently holding an ISSO position; those earmarked for current or planned ISSO billets; security managers (corporate or departmental security officer staff) responsible for IS security, chief informatics office (CIO) staff, including technical support, system managers, configuration managers, etc. who have collateral IS security responsibilities.
Course Objectives
  • Learn how to protect information systems against unauthorized access to or modification of information whether in storage, processing, or transit, and against denial of service to authorized users, including those measures necessary to detect, document, and counter such threats.
  • Learn how to provide security planning and administrative security procedures for systems that process sensitive, classified and national intelligence data.
  • Understand the implementation and enforcement of Information System
Security Policies and Practices
  • Know the concerns and requirements that determine the administration and management of physical, system and data access controls based on the sensitivity of the data processed and the corresponding authorization requirements.
  • Learn the identification, analysis, assessment and evaluation of information system threats and vulnerabilities and their impact on an organization's critical information infrastructures.
  • Be able to identify management, technical, personnel, operational, and physical security controls.     
  • Upon completion, understand the critical areas of knowledge required to step into any key information security position including Information Systems Security Officer.
Course Outline

I.  ISSO Boot Camp Review

a.  Security Basics
     * IT Security Foundational Principles and Concepts
     * Role of the Security Professional
     * Confidentiality, Integrity and Availability
     * Protection, Detection and Response
     * Threat Agents, Threats, Vulnerabilities and Assets

b.  Government Security Policies, Directives, Standards and Guidelines
     * GoC Policy on Government Security
     * CSEC ? Canada?s National Security Policy
     * DND Policies and Security Orders
     * Treasury Board MITS Operational Standard
     * Assets and Information Classification Processes (Sensitivity and Criticality)

c.  Understanding Common Criteria and Questions to Consider
     * Evaluation Methodologies including Common Criteria
     * Security Program Compliance processes

II. IT Security and Information Assurance

a.  Understanding Information Security
     * Physical Security
     * Personnel Security
     * Procedural Security
     * The different facets of Information Technology
     * Cryptographic Security
     * Network Security
     * Computer Security
     * Transmission Security
     * Emission Security (Tempest)
     * Shielded Enclosures
     * Emsec Zoning concepts

b.  Vulnerabilities and Exploits
     * Malicious Code
     * Hacker activity
     * Types of attacks
     * System Vulnerabilities
     * Types of exploits
     * Rootkits
     * Current Vulnerability concerns and prioritization

c.  The Threat and Risk Assessment Process (TRA)
     * TRA Methodology
     * Preparing for a TRA
     * Resources needed to conduct a TRA

d.  Gathering Threat information
     * Local
     * Internal threat agents
     * External threat agents
     * Deliberate threat events
     * Accidental threat events
     * The different Threat ratings
     * Assessing the severity of the different threat events

e.  Gathering Vulnerability information
     * Technical vs non-technical
     * Source of information
     * The different Vulnerability ratings
     * Assessing the severity of a vulnerability f.  Assessing risks
     * The different risk ratings
     * Determining Residual Risk
     * Making recommendations

III. Risk Management

a.  Overview of Risk Management for ISSO Officers
     * Risk Management Planning
     * Approach and execution of plan for risk management

b.  Risk Identification
     * Determining risks and identifying the characteristics of those risks

c.  Qualitative Risk Analysis
     * Prioritizing risks responses based on probability of occurrence and impact

d.  Quantitative Risk Analysis
     * Analyzing effect of risks should they come to fruition e.  Risk Response Planning
     * Developing options and actions to minimize risks and their effects

f.  Risk Monitoring & Control
     * Tracking risks
     * Monitoring residual risks
     * Identifying new risks
     * Executing risk response plans and evaluating effects of those plans

g.  Threats and Vulnerabilities

h.  Threat Risk Assessments and Harmonized TRA methodology


IV. Incident Management

a.  Incident Response and Handling Steps
     * How to Identify an Incident
     * Handling Incidents
     * Need for Incident Response
     * Goals of Incident Response
     * Incident Response Plan
     * Purpose of Incident Response Plan
     * Requirements of Incident Response Plan
     * Preparation

b.  Incident Response and Handling Steps
     * Identification
     * Incident Recording
     * Initial Response
     * Communicating the Incident
     * Containment
     * Formulating a Response Strategy
     * Incident Classification
     * Incident Investigation
     * Data Collection
     * Forensic Analysis
     * Evidence Protection
     * Notify External Agencies
     * Eradication
     * Systems Recovery
     * Incident Documentation
     * Incident Damage and Cost Assessment
     * Review and Update  the Response Policies

c.  Training and Awareness
     * Security Awareness and Training Checklist
     * Incident Management
     * Purpose of Incident Management
     * Incident Management Process
     * Incident Management Team
     * Incident Response Team
     * Incident Response Team Members
     * Incident Response Team Members Roles and Responsibilities
     * Developing Skills in Incident Response Personnel
     * Incident Response Team Structure
     * Incident Response Team Dependencies
     * Incident Response Team Services
     * Incident Response Best Practices
     * Incident Response Policy
     * Incident Response Plan Checklist

V.  Incident Reporting

a.  Incident Reporting
     * Why to Report an Incident
     * Why Organizations do not Report Computer Crimes
     * Whom to Report an Incident
     * How to Report an Incident


VI. Business Continuity Planning

a.  Configuration Management, Business Continuity Planning and Crisis Management
     * Business Continuity Management
     * Business Impact Assessment
     * Disaster Recovery
     * Off-site storage and backup
     * Understanding natural hazards, vulnerability and risk of disaster
     * Using disaster risk reduction techniques
     * Understanding of the crisis management implementation process
     * Responding by managing disasters
     * Practical Disaster Recovery Planning & Implementation
     * Introduction to Practical Operational Risk Management

VII. eDiscovery

a.  Introduction to E-Discovery
     * E-Discovery Process: Gather
     * E-Discovery Process: Filter
     * E-Discovery Process: Deliver

b.  Marketplace and Trends

VIII. Digital Forensic & Cyber Investigation

a.  Objectives of Forensics Analysis
     * Role of Forensics Analysis in Incident Response

b.  Forensic Readiness
     * Forensic Readiness And Business Continuity

c.  Types of Computer Forensics

d.  Computer Forensic Investigator
     * People Involved in Computer Forensics

e.  Computer Forensics Process

f.  Digital Evidence
     * Characteristics of Digital Evidence
     * Collecting Electronic Evidence
     * Challenging Aspects of Digital Evidence

g.  Forensic Policy

h.  Forensics in the Information System Life Cycle

i.  Forensic Analysis Guidelines

j.  Forensics Analysis Tools

IX. The Certification and Accreditation process
     * Identifying the key stakeholders
     * Certification evidence
     * Accreditation (Authority to process)
     * Interim Authority to Process
     * Security Testing and validation requirements
     * Security Concept of Operations


Prerequisites & Certificates
Pre-Requisites

Have taken course (ISSO) or have equivalent experience

Certificates offered

Certificate of Completion ** The student kit includes a comprehensive workbook and other necessary materials for this class


Cancellation Policy
10 business day cancellation policy. if the course is confirmed and the student cancels within 10 days of the course, then they get charged and apply a credit for future courses. If they cancel outside of 10 business days, then there are no charges at all.
Map & Reviews
CTE Solutions
[ View Provider's Profile ]

Reviews
 

This course has not yet been rated by one of our members.

If you have taken a course through this vendor please log into your account and leave feedback for this vendor. You will be helping ensure our members get directed to the best training facilities.

Here are some reviews of the training vendor.
I realize that we are constantly dealing with technology, but I still think for a registration fee of almost $3,000, that a hardcover book should be included. I know that the option to print the book on a one-time basis exists.
Reviewed by 2016
no
Reviewed by 2016
The instructor was very knowledgeable and answered all questions. Jarod did an excellent job presenting.
Reviewed by 2015
The room was cold. I had to sit next to the space heater. It would be good to tell future patrons to dress warmly AHEAD of time. No suprises.
Reviewed by 2015
He was great and offered his contact info for further questions.
Reviewed by 2015
Howard was a fantastic instructor and the course was exactly what I required.
Reviewed by 2014
The trainer was excellent - the course exceeded my expectations.
Reviewed by 2014
This course provides an excellent overview and a bit of practice on the various functions of SharePoint 2013. I was disappointed at the number of exceedingly long breaks given after each module. I would have preferred less break time and more content to the course. Having never taken a SharePoint course with another provider, I don't know if this is the norm with all providers of just this one in particular.
Reviewed by 2014
I ranked the "Use of Technology" low because for Users who were remote the VM's that were setup were a little wonky. Could be very slow at times and then sometimes they needed to be refreshed to work properly with the lab. In some instances we couldn't follow along as replication would not occur fast enough and we would have our lab cut short (for us remote Users).
Reviewed by 2014
The instructor was good at remembering to acknowledge the online students even though he was facing a classroom of students also.
Reviewed by 2014
Insructor was not so good with the live examples. Also the handouts was not so useful
Reviewed by 2013
The trainer was excellent, very knowledgeable and had a lot of valuable experience to share. The problem was that there were way too many workshops that took too long and interfered with getting the maximum benefit from the instructor and the course.
Reviewed by 2013
This was quite informative. It was a great opportunity to have ‘real life’ discussions with certified PMs. The instructor had excellent examples and was able to share his PM experiences with us with concrete examples. In addition, this was a great opportunity to network with private sector/public sector PMs and develop a better appreciation of PM on both sides of the fence. Cheers, CL
Reviewed by 2013
no
Reviewed by 2013
I did not like the video format
Reviewed by 2013
As a remote attendee, it appeared the instructor paid attention to the "Attendee" and "Chat" windows only a few times throughout the day, so I was not confident that he would see if I sent a message or raised my hand during the course.
Reviewed by 2013
The chairs were not very comfortable and the material contained spelling and grammatical error (a few but still)as well as repetition of words.
Reviewed by 2013
Was a bit slow the last 1/2 day. Of course, for some, this was the last of a 4 day course (not just 2 days).
Reviewed by 2013
I really enjoyed the course and I learned a lot. The pace was excellent.
Reviewed by 2013
good!
Reviewed by 2013
The room was excellent on its own - less distraction and no noise around you. There was no direction to the room when I walked in and therefore was not sure if I was heading in the right direction. We were not provided with the direction that there was coffee and fridge on the 3rd floor, and the bathroom floor was dirty.
Reviewed by 2012
This course was great, very informative, had Lionel as instructor and he was also very good.
Reviewed by 2012
Instructor was eager to assist but lacked subject matter expertise. Course time management was very poor. Content provided could have been delivered effectively in a one day course.
Reviewed by 2012
Good Course, good trainer. All questions addressed equally and in a timely professional manner.
Reviewed by 2011
The course content was interesting; however, the instructor didn't have enough knowledge about Microsoft Sharepoint 2010 Development and wasn't able to answer questions without google search. In the future CTE needs to make sure the instructors have real on-hands experience and are highly trained in the technologies they are supposed be teaching.
Reviewed by 2011
need-to-train-a-group-banner

This course currently does not have any dates scheduled. Please call 1-877-313-8881 to enquire about future dates or scheduling a private, in house course for your team.

This page has been viewed 938 times.