Overview
This course offers a details overview of managed security solutions and familiarizes participants to identifying business requirements and build cost-effective, highly functional cybersecurity solutions. The course examines actual security incidents and real-world scenarios to help participants understand how to apply various cybersecurity solutions and how to discover shortcomings within existing solutions. The course discusses how effective monitoring tools can be used in concert with pre-planned security response solutions and how to trigger actions hat minimize both immediate and long term impacts of any security incident. Designed to teach security experts the business processes required to effectively govern a corporate security program, this course also teaches managers how to use information gathered through security technology tools such as an IPS, Firewall, or SIEM, to develop appropriate and timely responses to a security breach.
What You'll Learn
- Learn how to Identify and create Business Security Objectives
- Integrate effective Security Governance in your organization
- Examine and plan for regulatory compliance in 2019 and beyond and relate compliance requirements to your own business security objectives
- Pinpoint and compare security performance metrics and tie them to security deficiencies and solutions
- Learn to spot a CWE/SANS “Top 25” software security vulnerability in your company
- Perform real-world Quantitative and Qualitative Risk Analysis and understand levels of acceptable risk within a corporation
- Leverage and integrate different security control categories and types
- Learn to define and manage Change and Configuration Management
- Create an agile, effective incident response process for your own organization
- Integrate practical Security Planning in your own organization
Curriculum
- Compliance vs. Security – Why do compliant companies get hacked?
- What is security – Availability, Integrity, Confidentiality
- PCI DSS
- HIPAA
- SANS Critical Security Controls (CSC)
- Security architectures
- PDCA
- Identify – protect – detect – respond – recover
- PPDIOO: Plan – Prepare – Design – Implement – Operate – Optimize
- Identify – Assess – Protect – Monitor
- Security Frameworks
- ISO 27001/2
- ITIL
- SABSA
- TOGAF
- Cybersecurity Framework
- Target – What happened?
- Neiman Marcus – What happened?
- F. Chang’s – What happened?
- Experian – What happened?
- Diginotar – What happened?
- What are the critical functional requirements for the business?
- What are the critical security requirements for those functions
- What are the possible solutions?
- What are the security implications of those solutions?
- What problems do these solutions fix?
- What problems do they create?
- Risk Assessment – What is it worth? Should I fix it?
- Risk is uncovered through Impact and Likelihood
- How would I discover my weaknesses?
- Quantitative
- Qualitative
- What are the solutions?
- Technical, Physical, Administrative
- Accept, Transfer, Mitigate (Reduce), Avoid
- Capital Planning
- Spend money wisely
- Standards
- How does something become a standard?
- How do you create a standard?
- Baselines
- What is a baseline and why is it important
- How does something become a baseline?
- Procedures
- What should be detailed? How?
- Guidelines
- What is the purpose of guidelines?
- Why have them if they are optional?
- When would I use a baseline?
- Best Practices
- Employees
- Job Descriptions
- Skills assessment
- Awareness training
- Getting Security Buy-In from your teams
- The anatomy of buy-in: a critical success factor
- Practical engagement strategies
- Least Privilege
- Separation of Duties, Job Rotation, and Mandatory Vacations
- Getting Security Buy-In from your teams
- “Now that I have a security architecture, how do I implement it?”
- Technical
- IDS – what it can do, what it cannot do, and common mistakes
- IPS – what it can do, what it cannot do, and common mistakes
- Using IDS / IPS in a complementary fashion
- Firewall
- Cryptography – criticality to regulations/laws/compliance
- Access Control
- Regulations/laws/compliance
- What should I control access to?
- Role-Based
- ACL
- Administrative
- Configuration management
- Change management
- Certification and Accreditation policy
- Patch Management
- Access Control Policy
- Connection Management
- Physical factors
- Locks
- CCTV
- The importance of continuous monitoring
- Vulnerability Assessment
- Penetration Testing
- SOC
- Log Review
- Event Correlation (SEIM)
- Performance Measurements
- Specific and Measurable
- What to measure, and what do measurements mean?
- Developing an IR program
- Policy / plans / procedures
- Teams
- Models
- Personnel & skills
- Incident handling
- Hacking incidents
- DOS Incidents
- Malware incidents
- Users being users incidents
- Complex incidents
- Forensics and evidence gathering/handling
- Incident documentation
- Analysis and feedback
- Lessons learned
- Root cause analysis – detecting weakness in management controls
- Backups and Restore
- Importance of BCP/DRP/Contingency Plans
- Policy
Who should attend
- IT managers and directors
- Development leads
- Security managers
- System administrators
- Network designers
- Help desk professionals
- Security administrators
- Business analysts
- Business system analysts
- Project managers
- System architects and designers
- System or application developers
- Systems analysts and testers
- Managers and team leaders