Practical Cybersecurity Boot Camp

Learn how to identify business requirements and build effective cybersecurity management systems

Course Code : 1930
Practical Cybersecurity Boot Camp 0 5 0

$2495

Overview

This course offers a details overview of managed security solutions and familiarizes participants to identifying business requirements and build cost-effective, highly functional cybersecurity solutions. The course examines actual security incidents and real-world scenarios to help participants understand how to apply various cybersecurity solutions and how to discover shortcomings within existing solutions. The course discusses how effective monitoring tools can be used in concert with pre-planned security response solutions and how to trigger actions hat minimize both immediate and long term impacts of any security incident. Designed to teach security experts the business processes required to effectively govern a corporate security program, this course also teaches managers how to use information gathered through security technology tools such as an IPS, Firewall, or SIEM, to develop appropriate and timely responses to a security breach.

Schedule Classes

Delivery Format
Starting Date
Starting Time
Duration
Location

Live Classroom
Monday, 16 December 2019
8:30 AM - 4:30 PM EST
3 Days
Columbia, MD

$2495 Add to cart

Looking for more sessions of this class?

Course Delivery

This course is available in the following formats:

Live Classroom
Duration: 3 days

Live Virtual Classroom
Duration: 3 days

What You'll learn

  • Learn how to Identify and create Business Security Objectives
  • Integrate effective Security Governance in your organization
  • Examine and plan for regulatory compliance in 2019 and beyond and relate compliance requirements to your own business security objectives
  • Pinpoint and compare security performance metrics and tie them to security deficiencies and solutions
  • Learn to spot a CWE/SANS “Top 25” software security vulnerability in your company
  • Perform real-world Quantitative and Qualitative Risk Analysis and understand levels of acceptable risk within a corporation
  • Leverage and integrate different security control categories and types
  • Learn to define and manage Change and Configuration Management
  • Create an agile, effective incident response process for your own organization
  • Integrate practical Security Planning in your own organization

Outline

  • Compliance vs. Security – Why do compliant companies get hacked?
  • What is security – Availability, Integrity, Confidentiality
  • PCI DSS
  • HIPAA
  • SANS Critical Security Controls (CSC)
  • Security architectures
    • PDCA
    • Identify – protect – detect – respond – recover
    • PPDIOO: Plan – Prepare – Design – Implement – Operate – Optimize
    • Identify – Assess – Protect – Monitor
  • Security Frameworks
    • ISO 27001/2
    • ITIL
    • SABSA
    • TOGAF
    • Cybersecurity Framework
  • Target – What happened?
  • Neiman Marcus – What happened?
  • F. Chang’s – What happened?
  • Experian – What happened?
  • Diginotar – What happened?
  • What are the critical functional requirements for the business?
  • What are the critical security requirements for those functions
    • What are the possible solutions?
    • What are the security implications of those solutions?
    • What problems do these solutions fix?
      • What problems do they create?
    • Risk Assessment – What is it worth? Should I fix it?
      • Risk is uncovered through Impact and Likelihood
      • How would I discover my weaknesses?
      • Quantitative
      • Qualitative
      • What are the solutions?
        • Technical, Physical, Administrative
        • Accept, Transfer, Mitigate (Reduce), Avoid
      • Capital Planning
        • Spend money wisely
  • Standards
    • How does something become a standard?
    • How do you create a standard?
  • Baselines
    • What is a baseline and why is it important
    • How does something become a baseline?
  • Procedures
    • What should be detailed? How?
  • Guidelines
    • What is the purpose of guidelines?
    • Why have them if they are optional?
    • When would I use a baseline?
    • Best Practices
      • Employees
      • Job Descriptions
      • Skills assessment
      • Awareness training
        • Getting Security Buy-In from your teams
          • The anatomy of buy-in: a critical success factor
          • Practical engagement strategies
        • Least Privilege
        • Separation of Duties, Job Rotation, and Mandatory Vacations
  • “Now that I have a security architecture, how do I implement it?”
  • Technical
    • IDS – what it can do, what it cannot do, and common mistakes
    • IPS – what it can do, what it cannot do, and common mistakes
      • Using IDS / IPS in a complementary fashion
    • Firewall
    • Cryptography – criticality to regulations/laws/compliance
    • Access Control
      • Regulations/laws/compliance
      • What should I control access to?
      • Role-Based
      • ACL
    • Administrative
      • Configuration management
      • Change management
      • Certification and Accreditation policy
      • Patch Management
      • Access Control Policy
        • Connection Management
      • Physical factors
        • Locks
        • CCTV
  • The importance of continuous monitoring
  • Vulnerability Assessment
  • Penetration Testing
  • SOC
  • Log Review
  • Event Correlation (SEIM)
  • Performance Measurements
    • Specific and Measurable
    • What to measure, and what do measurements mean?
  • Developing an IR program
    • Policy / plans / procedures
    • Teams
      • Models
      • Personnel & skills
    • Incident handling
      • Hacking incidents
      • DOS Incidents
      • Malware incidents
      • Users being users incidents
      • Complex incidents
      • Forensics and evidence gathering/handling
      • Incident documentation
    • Analysis and feedback
      • Lessons learned
      • Root cause analysis – detecting weakness in management controls
    • Backups and Restore
  • Importance of BCP/DRP/Contingency Plans
  • Policy
View More

Prerequisites

There are no prerequisites for this course.

Who Should Attend

  • IT managers and directors
  • Development leads
  • Security managers
  • System administrators
  • Network designers
  • Help desk professionals
  • Security administrators
  • Business analysts
  • Business system analysts
  • Project managers
  • System architects and designers
  • System or application developers
  • Systems analysts and testers
  • Managers and team leaders

Interested in this course? Let’s connect!

Customer Reviews

Name
Email
Review Title
Rating
Review Content

No reviews yet