Category: Other Courses

[button color=”#000000″ background=”#ff9900″ size=”large” src=”./call-schedule”]Register Now![/button]

Course Description

This class will immerse the student into an interactive environment where they will be shown how to scan, test, hack and secure their own systems. The lab intensive environment gives each student in-depth knowledge and practical experience with the current essential security systems. Students will begin by understanding how perimeter defenses work and then be lead into scanning and attacking their own networks, no real network is harmed. Students then learn how intruders escalate privileges and what steps can be taken to secure a system. Students will also learn about Intrusion Detection, Policy Creation, Social Engineering, DDoS Attacks, Buffer Overflows and Virus Creation. When a student leaves this intensive 5-day class they will have hands-on understanding and experience in Ethical Hacking.

Who Should Attend?

This course will significantly benefit security officers, auditors, security professionals, site administrators, and anyone who is concerned about the integrity of the network infrastructure.

Course Length

5 days

Course Outline

• Introduction to Ethical Hacking
• Footprinting and Reconnaissance
• Scanning Networks
• Enumeration
• System Hacking
• Trojans and Backdoors
• Viruses and Worms
• Sniffers
• Social Engineering
• Denial of Service
• Session Hijacking
• Hacking Webservers
• Hacking Web Applications
• SQL Injection
• Hacking Wireless Networks
• Hacking Mobile Platforms
• Evading IDS, Firewalls, and Honeypots
• Buffer Overflow
• Cryptography
• Penetration Testing

Course Director

Patrick von Schlag
Mr. von Schlag has more than 25 years of real-world experience managing IT and business organizations. He has served as a consultant, facilitator, and instructor in support of more than 200 ITSM program deployments, with a focus on practical benefits. He holds all 11 ITIL 2011 certifications and runs an accredited learning consultancy focused on Making ITIL Work ™ in real organizations. His customer list includes The Walt Disney Company, Microsoft, Nike, Sears, US Marine Corps, US Army, US Air Force, 2nd and 5th Fleet US Navy, DISA, IRS, Federal Reserve, The Hartford, Citigroup, Amgen, Los Angeles County, Port of Long Beach, GDIT, Accenture, Serco, Deloitte, and hundreds of other market-leading companies.

[button color=”#000000″ background=”#ff9900″ size=”large” src=”./call-schedule”]Register Now![/button]

[button color=”#000000″ background=”#ff9900″ size=”large” src=”./call-schedule”]Register Now![/button]

Course Description

In this course, students will analyze a wide range of information systems security subjects that are organized into 10 domains for CISSP exam certification.

Who Should Attend?

This course is intended for experienced IT security-related practitioners, auditors, consultants, investigators, or instructors, including network or security analysts and engineers, network administrators, information security specialists, and risk management professionals, who are pursuing CISSP training and certification to acquire the credibility and mobility to advance within their current computer security careers or to migrate to a related career. Through the study of all 10 CISSP CBK domains, students will validate their knowledge by meeting the necessary preparation requirements to qualify to sit for the CISSP certification exam. The CISSP exam is intentionally difficult and should not be taken lightly. Even students with years of security experience should assume that they will have additional study time after class. Because the domains are so varied, it is unlikely that any one student will have experience in all 10 domains.

Course Length

5 days

Course Outline

Lesson 1: Information Systems Access Control

• Data Access Principles
• System Access and Authentication
• Penetration Tests

Lesson 2: Security Architecture and Design

• Security Models
• Security Modes
• System Assurance

Lesson 3: Network and Telecommunications Security

• Data Network Design
• Remote Data Access
• Data Network Security
• Data Network Management

Lesson 4: Information Security Management Goals

• Organizational Security
• The Application of Security Concepts

Lesson 5: Information Security Classification and Program Development

• Information Classification
• Security Program Development

Lesson 6: Risk Management and Ethics

• Risk Management
• Ethics

Lesson 7: Software Development Security

• Software Configuration Management
• Software Controls
• Database System Security

Lesson 8: Cryptography

• Ciphers and Cryptography
• Symmetric-Key Cryptography
• Asymmetric-Key Cryptography
• Hashing and Message Digests
• Email, Internet, and Wireless Security
• Cryptographic Weaknesses

Lesson 9: Physical Security

• Physical Access Control
• Physical Access Monitoring
• Physical Security Methods
• Facilities Security

Lesson 10: Operations Security

• Operations Security Control
• Operations Security Auditing and Monitoring
• Operational Threats and Violations

Lesson 11: Business Continuity and Disaster Recovery Planning

• Business Continuity Plan Fundamentals
• Business Continuity Plan Implementation
• Disaster Recovery Plan Fundamentals
• Disaster Recovery Plan Implementation

Lesson 12: Legal, Regulations, Compliance, and Investigations

• Computer Crime Laws and Regulations
• Computer Crime Incident Response

Prerequisites

It is highly recommended that students have certifications in Network+ or Security+, or possess equivalent professional experience upon entering CISSP training. It will be beneficial if students have one or more of the following security-related or technology-related certifications or equivalent industry experience: MCSE, MCTS, MCITP, SCNP, CCNP, RHCE, LCE, CNE, SSCP®, GIAC, CISA™, or CISM®. It is highly recommended that students have certifications in Network+ or Security+, or possess equivalent professional experience upon entering CISSP training. It will be beneficial if students have one or more of the following security-related or technology-related certifications or equivalent industry experience: MCSE, MCTS, MCITP, SCNP, CCNP, RHCE, LCE, CNE, SSCP®, GIAC, CISA™, or CISM®.

Course Director

Patrick von Schlag
Mr. von Schlag has more than 25 years of real-world experience managing IT and business organizations. He has served as a consultant, facilitator, and instructor in support of more than 200 ITSM program deployments, with a focus on practical benefits. He holds all 11 ITIL 2011 certifications and runs an accredited learning consultancy focused on Making ITIL Work ™ in real organizations. His customer list includes The Walt Disney Company, Microsoft, Nike, Sears, US Marine Corps, US Army, US Air Force, 2nd and 5th Fleet US Navy, DISA, IRS, Federal Reserve, The Hartford, Citigroup, Amgen, Los Angeles County, Port of Long Beach, GDIT, Accenture, Serco, Deloitte, and hundreds of other market-leading companies.

[button color=”#000000″ background=”#ff9900″ size=”large” src=”./call-schedule”]Register Now![/button]

[button color=”#000000″ background=”#ff9900″ size=”large” src=”./call-schedule”]Register Now![/button]

Course Description

The focus of this course is in-depth coverage of the four domains required to pass the CISM exam:

• Information Security Governance
• Information Risk Management and Compliance
• Information Security Program Development and Management
• Information Security Incident Management

Who Should Attend?

Experienced information security managers and those who have information security management responsibilities, including IT consultants, auditors, managers, security policy writers, privacy officers, information security officers, network administrators, security device administrators, and security engineers.

Course Outline

Testing-Taking Tips and Study Techniques

• Preparation for the CISM exam
• Submitting Required Paperwork
• Resources and Study Aids
• Passing the Exam the First Time

Information Security Governance

• Asset Identification
• Risk Assessment
• Vulnerability Assessments
• Asset Management

Information Risk Management

• Asset Classification and Ownership
• Structured Information Risk Assessment Process
• Business Impact Assessments
• Change Management

Information Security Program Development

• Information Security Strategy
• Program Alignment of Other Assurance Functions
• Development of Information Security Architectures
• Security Awareness, Training, and Education
• Communication and Maintenance of Standards, Procedures, and Other Documentation
• Change Control
• Lifecycle Activities
• Security Metrics

Information Security Program Management

• Security Program Management Overview
• Planning
• Security Baselines
• Business Processes
• Security Program Infrastructure
• Lifecycle Methodologies
• Security Impact on Users
• Accountability
• Security Metrics
• Managing Resources

Incident Management and Response

• Response Management Overview
• Importance of Response Management
• Performing a Business Impact Analysis
• Developing Response and Recovery Plans
• The Incident Response Process
• Implementing Response and Recovery Plans
• Response Documentation
• Post-Event Reviews

Review and Q&A Session

• Final Review and Test Prep

Prerequisites

Five years of experience with audit, IT systems, and security of information systems; systems administration experience; familiarity with TCP/IP; and an understanding of UNIX, Linux, and Windows. This advanced course also requires intermediate-level knowledge of the security concepts covered in our Security+ course.

Exam

The CISM exam is offered three times a year (June, September and December) and consists of 200 multiple-choice questions. The CISM exam is focused on the four domains defined by Information Systems Audit and Control Association (ISACA).

Course Director

Patrick von Schlag
Mr. von Schlag has more than 25 years of real-world experience managing IT and business organizations. He has served as a consultant, facilitator, and instructor in support of more than 200 ITSM program deployments, with a focus on practical benefits. He holds all 11 ITIL 2011 certifications and runs an accredited learning consultancy focused on Making ITIL Work ™ in real organizations. His customer list includes The Walt Disney Company, Microsoft, Nike, Sears, US Marine Corps, US Army, US Air Force, 2nd and 5th Fleet US Navy, DISA, IRS, Federal Reserve, The Hartford, Citigroup, Amgen, Los Angeles County, Port of Long Beach, GDIT, Accenture, Serco, Deloitte, and hundreds of other market-leading companies.

[button color=”#000000″ background=”#ff9900″ size=”large” src=”./call-schedule”]Register Now![/button]

[button color=”#000000″ background=”#ff9900″ size=”large” src=”./call-schedule”]Register Now![/button]

Course Description

The field of information systems is growing and changing at an increasingly fast pace. Organizations are investing in and relying on a secure and efficient IT infrastructure to maintain business and meet business goals and objectives. Information systems auditing plays a crucial role in developing and maintaining this business environment. The information systems auditor is responsible for evaluating security in all aspects of the infrastructure and to also guide business leaders in maintaining a secure organization. This course can enable you to evaluate the security and controls of the organization’s business structure and governance methods; the policies, procedures, and guidelines used; and the overall security of the business environment. In addition, this course will help you in your preparation if you plan to pursue the ISACA® CISA® certification examination. The intended audience for this course is information systems security professionals and internal review auditors and other individuals who have an interest in aspects of information systems audit, controls, and security. While this course will help prepare candidates for the CISA exam, it is not the only preparation that should be used. ISACA requires that the successful CISA candidate have at least five years of professional experience; because of this, the CISA exam will draw on material and experience that is beyond the scope of any single training course, most notably covering database administration, network components and theory, software and operating systems, and hardware devices. Candidates who wish to solidify their understanding of this material might choose to take additional training in these areas if they don’t feel their professional experience is sufficient.

In this course, you will perform evaluations of organizational policies, procedures, and processes to ensure that an organization’s information systems align with overall business goals and objectives.

Course Length

20 hours

Course Outline

The Information Systems Audit Process
Lesson Introduction
ISACA Information Systems Auditing Standards and Guidelines
Develop and Implement an Information Systems Audit Strategy
Plan an Audit
Conduct an Audit
The Evidence Lifecycle
Communicate Issues, Risks, and Audit Results
Support the Implementation of Risk Management and Control Practices
Lesson Lab
Lesson Follow Up

IT Governance
Lesson Introduction
Evaluate the Effectiveness of IT Governance
Evaluate the IT Organizational Structure
Evaluate the IT Strategy
Evaluate IT Policies, Standards, and Procedures for Compliance
Ensure Organizational Compliance
IT Resource Investment, Use, and Allocation Practices
Evaluate IT Contracting Strategies and Policies
Evaluate Risk Management Practices
Performance Monitoring and Assurance Practices
Lesson Lab
Lesson Follow Up

Systems and Infrastructure Lifecycle Management
Lesson Introduction
Determine the Business Case for Change
Evaluate Project Management Frameworks and Governance Practices
Perform Periodic Project Reviews
Evaluate Control Mechanisms for Systems
Evaluate Development and Testing Processes
Evaluate Implementation Readiness
Evaluate a System Migration
Lesson Lab
Lesson Follow Up

Systems and Infrastructure Lifecycle Maintenance
Lesson Introduction
Perform a Post-Implementation System Review
Perform Periodic System Reviews
Evaluate the Maintenance Process
Evaluate the Disposal Process
Lesson Lab
Lesson Follow Up

IT Service Delivery and Support
Lesson Introduction
Evaluate Service Level Management Practices
Evaluate Operations Management
Evaluate Data Administration Practices
Evaluate the Use of Capacity and Performance Monitoring Methods
Evaluate Change, Configuration, and Release Management Practices
Evaluate Problem and Incident Management Practices
Evaluate the Functionality of the IT Infrastructure
Lesson Lab
Lesson Follow Up

Protection of Information Assets
Lesson Introduction
Information Security Design
Encryption Basics
Evaluate the Design, Implementation, and Monitoring of Logical Access Controls
Evaluate the Design, Implementation, and Monitoring of Physical Access Controls
Evaluate the Design, Implementation, and Monitoring of Environmental Controls
Evaluate Network Infrastructure Security
Evaluate the Confidential Information Processes and Procedures
Lesson Lab
Lesson Follow Up

Business Continuity and Disaster Recovery
Lesson Introduction
Evaluate the Adequacy of Backup and Restore
Evaluate the BCP and DRP
Lesson Lab
Lesson Follow Up

Course Director

Patrick von Schlag
Mr. von Schlag has more than 25 years of real-world experience managing IT and business organizations. He has served as a consultant, facilitator, and instructor in support of more than 200 ITSM program deployments, with a focus on practical benefits. He holds all 11 ITIL 2011 certifications and runs an accredited learning consultancy focused on Making ITIL Work ™ in real organizations. His customer list includes The Walt Disney Company, Microsoft, Nike, Sears, US Marine Corps, US Army, US Air Force, 2nd and 5th Fleet US Navy, DISA, IRS, Federal Reserve, The Hartford, Citigroup, Amgen, Los Angeles County, Port of Long Beach, GDIT, Accenture, Serco, Deloitte, and hundreds of other market-leading companies.

[button color=”#000000″ background=”#ff9900″ size=”large” src=”./call-schedule”]Register Now![/button]

[button color=”#000000″ background=”#ff9900″ size=”large” src=”./call-schedule”]Register Now![/button]

Course Description

You will implement and monitor security on networks, applications, and operating systems, and respond to security breaches.

Course Objectives
Upon successful completion of this course, students will be able to:

• Identify the fundamental concepts of computer security.
• Identify security threats and vulnerabilities.
• Examine network security.
• Manage application, data, and host security.
• Identify access control and account management security measures.
• Manage certificates.
• Identify compliance and operational security measures.
• Manage risk.
• Manage security incidents.
• Develop a BCP and DRP.

Who Should Attend?

This course is targeted toward the information technology (IT) professional who has networking and administrative skills in Windows®-based Transmission Control Protocol/Internet Protocol (TCP/IP) networks and familiarity with other operating systems, such as Mac OS® X, Unix, or Linux, and who wants to further a career in IT by acquiring a foundational knowledge of security topics; prepare for the CompTIA Security+ Certification examination; or use Security+ as the foundation for advanced security certifications or career roles.

Course Length

5 days

Course Outline

Security Fundamentals

• The Information Security Cycle
• Information Security Controls
• Authentication Methods
• Cryptography Fundamentals
• Security Policy Fundamentals

Security Threats and Vulnerabilities

•  Social Engineering
• Physical Threats and Vulnerabilities
• Network-Based Threats
• Wireless Threats and Vulnerabilities
• Software-Based Threats

Network Security

• Network Devices and Technologies
• Network Design Elements and Components
• Implement Networking Protocols
• Apply Network Security Administration Principles
• Secure Wireless Traffic

Managing Application, Data, and Host Security

• Establish Device/Host Security
• Application Security
• Data Security
• Mobile Security

Access Control, Authentication, and Account Management

• Access Control and Authentication Services
• Implement Account Management Security Controls

Managing Certificates

• Install a CA Hierarchy
• Enroll Certificates
• Secure Network Traffic by Using Certificates
• Renew Certificates
•  Revoke Certificates
• Back Up and Restore Certificates and Private Keys

Compliance and Operational Security

• Physical Security
• Legal Compliance
• Security Awareness and Training

Risk Management

• Risk Analysis
• Implement Vulnerability Assessment Tools and Techniques
• Scan for Vulnerabilities
• Mitigation and Deterrent Techniques

Managing Security Incidents

• Respond to Security Incidents
• Recover from a Security Incident

Business Continuity and Disaster Recovery Planning

• Business Continuity
• Plan for Disaster Recovery
• Execute DRPs and Procedures

Mapping Course Content to the CompTIA® Security+® (Exam SY0-301) Objectives

Prerequisites

Basic Windows skills and a fundamental understanding of computer and networking concepts are required. Students can obtain this level of skill and knowledge by taking the following Element K courses: Introduction to Networks and the Internet and any one or more of the following:

• Introduction to Personal Computers: Using Windows 7
• Microsoft® Windows® 7: Level 1

CompTIA A+ and Network+ certifications, or equivalent knowledge, and six to nine months experience in networking, including experience configuring and managing TCP/IP, are strongly recommended. Students can obtain this level of skill and knowledge by taking any of the following courses:

• CompTIA® A+® Certification: A Comprehensive Approach for all 2009 Exam Objectives (Windows® 7)
• CompTIA® Network+® Certification (2009 Objectives)

Additional introductory courses or work experience in application development and programming or in network and operating system administration for any software platform or system are helpful but not required.

Exam

Students who wish to take the Security+ Certification exam must schedule and pay for the exam on their own through Pearson Vue (a Comptia testing partner).

Course Director

Patrick von Schlag
Mr. von Schlag has more than 25 years of real-world experience managing IT and business organizations. He has served as a consultant, facilitator, and instructor in support of more than 200 ITSM program deployments, with a focus on practical benefits. He holds all 11 ITIL 2011 certifications and runs an accredited learning consultancy focused on Making ITIL Work ™ in real organizations. His customer list includes The Walt Disney Company, Microsoft, Nike, Sears, US Marine Corps, US Army, US Air Force, 2nd and 5th Fleet US Navy, DISA, IRS, Federal Reserve, The Hartford, Citigroup, Amgen, Los Angeles County, Port of Long Beach, GDIT, Accenture, Serco, Deloitte, and hundreds of other market-leading companies.

[button color=”#000000″ background=”#ff9900″ size=”large” src=”./call-schedule”]Register Now![/button]