CareerVision Training

Systems Security Certified Practitioner (SSCP)

CareerVision Training
Distancia

£ 360 - ($ 7.275)
+ IVA

Información importante

  • Training
  • Beginner
  • A distancia
  • Duración:
    Flexible
  • Cuándo:
    A definir
Descripción

The following course, offered by Career vision, will help you improve your skills and achieve your professional goals. During the program you will study different subjects which are deemed to be useful for those who want to enhance their professional career. Sign up for more information!

Información importante
Sedes

Dónde se enseña y en qué fechas

inicio Ubicación
A definir
Distance Learning

¿Qué aprendés en este curso?

Security
IT
systems
IT Security

Temario

PACKAGE INCLUDES
  • 12 Months Online Subscription to instructor-led classroom sessions with full audio, video and demonstration components by Shon Harris
  • Printable Study Guides
  • Focused on practical solutions to real-world development problems
  • Free 1 Year Upgrade Policy
  • Certificate of Completion

COURSE INTRODUCTIONThe 6-day SSCP course provides comprehensive training in all 10 domains of the Common Body of Knowledge (CBK). The curriculum has been designed to meet a strict set of criteria covering all critical elements necessary for security today. It is aimed at professionals with at least four years of experience in the information security field or three years of experience and a college degree (or equivalent life experience).The SSCP certification is seen as a requirement for many technical and management positions.

The Shon Harris SSCP course teaches security policy development, secure software development procedures, network vulnerabilities, attack types and corresponding countermeasures, cryptography concepts and their uses, disaster recovery plans and procedures, risk analysis, crucial laws and regulations, forensics, computer crime investigation procedures, physical security, and more. Further, students will explore the contents and concepts that make up the diverse domains and learn how they work together to provide true in-depth defense.


COURSE OUTLINE Domain 1 - Access Controls
Access Controls
Definitions
Access Control Mechanism Examples
Technical Controls
Administrative Controls
Access Control Characteristics
Preventive Controls
Preventive - Administrative Controls
Preventive - Physical Controls
Preventive - Technical Controls
Control Combinations
Detective - Administrative Control
Detective Examples
Administrating Access Control (1)
OS, Application, Database
Administrating Access Control (2)
Authorization Creep
Accountability and Access Control
Trusted Path
Fake Login Pages Look Convincing
Who Are You?
Identification Issues
Authentication Mechanisms Characteristics
Strong Authentication
Fraud Controls
Internal Control Tool: Separation of Duties
Authentication Mechanisms in Use Today
Biometrics Technology
Biometric Devices
Example (1)
Verification Steps
What a Person Is
Why Use Biometrics?
Biometric Type
Identification or Authentication?
Iris Sampling
Iris
Finger Scan
Hand Geometry
Facial Recognition
Comparison
Biometrics Verification
Issues
Downfalls to Biometric Use
Biometrics Error Types
Crossover Error Rate
Biometric System Types
Passwords
Password Generators
Password "Shoulds"
Support Issues
Password Attacks
Attack Steps
Many Tools to Break Your Password
Rainbow Table
Passwords Should NOT Contain.
What's Left?
Countermeasures for Password Cracking
Cognitive Passwords
One-Time Password Authentication
Synchronous Token
One Type of Solution
Synchronous Steps
Administrator Configures
Challenge Response Authentication (1)
Asynchronous Token Device
Asynchronous Steps
Challenge Response Authentication (2)
Cryptographic Keys
Passphrase Authentication
Key Protection
Memory Cards
Memory Card Characteristics
Smart Card
Characteristics
Card Types
Smart Card Attacks
Software Attack
Side Channel Attack
Side Channel Data Collection
Microprobing
Identity Management
How Are These Entities Controlled?
Some Current Issues
Management
Typical Chaos
Different Identities
Identity Management Technologies
Directory Component
Enterprise Directory (1)
Directory Responsibilities
Authoritative Sources
Meta Directory
Directory Interactions
Web Access Management
Web Access
Password Management
Legacy Single Sign-On
Account Management Systems
Provisioning Component
Provisioning
Not Just Computers
Profile Update
Working Together
Enterprise Directory (2)
Identity Management Solution Components
Right for Your Company
What you need to know
Federated Identity
Identity Theft
Fake Login Tools
How Do These Attacks Work?
Attempts to Get Your Credentials
How Do These Work?
Instructional Emails
Knowing What You Are Disposing of Is Important
Other Examples
Another Danger to Be Aware of. Spyware
Is Someone Watching You?
What Does This Have to Do with My Computer?
Sometimes You Know that Software Is Installing on Your System
New Spyware Is Being Identified Every Week
Spyware Comes in Many Different Forms
How to Prevent Spyware
Different Technologies
Single Sign-on Technology
Single Sign-on
Directory Services as a Single Sign-on Technology
Active Directory
Some Technologies Can Combine Services
Security Domain
Domains of Trust
Domain Illustration
Thin Clients
Example (2)
Kerberos as a Single Sign-on Technology
Kerberos Components Working Together
Pieces and Parts
More Components of Kerberos
KDC Components
Kerberos Steps
Tickets
Ticket Components
Authenticators
Steps of Validation
Kerberos Security
Why Go Through All of this Trouble?
Issues Pertaining to Kerberos
Kerberos Issues
SESAME as a Single Sign-on Technology
SESAME Steps for Authentication
Combo
Models for Access
Access Control Models (1)
Discretionary Access Control Model
ACL Access
File Permissions
Enforcing a DAC Policy
Security Issues
Mandatory Access Control Model
MAC Enforcement Mechanism - Labels
Formal Model
Software and Hardware
Software and Hardware Guards
Where Are They Used?
SELinux
MAC Versus DAC
Role-Based Access Control
RBAC Hierarchy
RBAC and SoD
Acquiring Rights and Permissions
Rule-Based Access Control
Firewall Example
Access Control Matrix (1)
Capability Tables
User Capability Tables
Temporal Access Control
Access Control Administration
Access Control Methods
Centralized Approach
Remote Centralized Administration
RADIUS
RADIUS Steps
RADIUS Characteristics
TACACS+ Characteristics
Diameter Characteristics
Diameter Protocol
Mobile IP
Diameter Architecture
Two Pieces
AVP
Decentralized Access Control Administration
Controlling Access to Sensitive Data
Protecting Access to System Logs
Accountability = Auditing Events
Access Control Models (2)
Policy versus Model
State Machine
Information Flow
Information Flow Model
Bell-LaPadula
Rules of Bell-LaPadula
Rules Clarified
Tranquility Types
Biba
Definition of Integrity
Biba Access Rules
Clark-Wilson
Goals of Model
Clark Wilson Components
Clark-Wilson (Cont.)
Clark-Wilson Model
Non-Interference Model
Lattice-Based Access Control
Lattice Approach
Understanding Lattice
Access Control Matrix Model
Access Control Matrix (2)
Brewer and Nash Model - Chinese Wall
Brewer and Nash
Take-Grant Model
Graham-Denning Model
Domain 1 Review

Domain 2 - Security Operations and Administration
Security Operations and Administration
Mainframe Days
In the Good Old Days - Who Knew?
Today's Environment
Security Definitions
Vulnerabilities
Examples of Some Vulnerabilities that Are Not Always Obvious
Risk - What Does It Really Mean?
Relationships
Who Deals with Risk?
Overall Business Risk
Who?
AIC Triad
Availability
Integrity
Confidentiality
Who Is Watching?
Social Engineering
What Security People Are Really Thinking
Security Concepts
Security?
The Bad Guys Are Motivated
If Not Obscurity - Then What?
Open Standards
Common Open Standards
Without Standards
"Soft" Controls
Logical Controls
Physical Controls
Are There Gaps?
Understanding Drivers
Holistic Security
Not Always So Easy
What Is First?
Different Types of Law
How Is Liability Determined?
Examples of Due Diligence
Examples of Due Care
Prudent Person Rule
Prudent Person
Taking the Right Steps
Components of Security Program
A Layered Approach
In Security, You Never Want Any Surprises
Building Foundation (1)
Security Roadmap
Functional and Assurance Requirements
Building Foundation (2)
Most Organizations
Silo Security Structure
Islands of Security Needs and Tools
Get Out of a Silo Approach
Security Is a Process
Approach to Security Management
Result of Battling Management
Industry Best Practices Standards
ISO/IEC 17799
Pieces and Parts
Numbering
New ISO Standards
COBIT
Inside of COBIT
COBIT - Control Objectives
Measurements
Information Technology Infrastructure Library
Security Governance
Security Program Components
Policy Framework
Policy Types
Organizational Policy
Policy Approved - Now What?
Issue-Specific Policies
ASP Policy Example
System-Specific Policies
Standards
Standard Example
Baseline (1)
Data Collection for Metrics (1)
Guidelines
Procedures
Tying Them Together
Program Support
Entity Relationships
Senior Management's Role
Security Roles
Custodian
Auditor
Access
Information Classification
Information Classification Program
Data Leakage
Do You Want to End Up in the News?
Types of Classification Levels
Data Protection Levels
Classification Program Steps
Information Classification Components
Procedures and Guidelines
Classification Levels
Information Classification Criteria
Criteria Example
Or Not
Information Owner Requirements
Clearly Labeled
Testing Classification Program
Who Is Always Causing Problems?
Employee Management
Employee Position and Management
Hiring and Firing Issues
A Few More Items
Unfriendly Termination
Security Awareness and Training
Training Characteristics
Awareness
Security Enforcement Issues
Computer Operations
Operations Security Involves
What Do We Have?
Hardware Protection
Licensing Issues
Software Installation
ITIL - Problem Management
Problem Management
Areas of Problem Management
Problem Management Procedures for Processing Problems
Higher Level Look
Data Output Controls
Administrative Controls Personnel Controls
Non-Employees
Security Operations Personnel
Change Control
Configuration Management (1)
Another Example
Agenda 1
Resource Protection
Library Maintenance
Media Labels
Media Controls
Software Escrow
Media Reuse
Weak Link
Liabilities of Insecure Disposal of Information
Devastating to the Company
Results of Data Leakage
Object Reuse
Safe Disposal
Degaussing
Zeroization
Physical Destruction
Remaining Data
Purging
Why Not Just Delete the Files?
Formatting Media
Mainframes
Agenda 2
Different Types of Backups
Backups
HSM
Off-Line
Backup Types Incremental Backup
Incremental
Differential Backup
Differential
Backup Protection
Continuous Threat
Agenda 3
Devices Will Fail
Mean Time Between Failure
Mean Time to Repair
Single Point of Failure
Countermeasures
Redundant and Fault Tolerance
Mirroring Data
Disk Duplexing
Direct Access Storage Device
Redundant Array of Independent Disks
Massive Array of Inactive Disks (MAID)
Redundant Array of Independent Tapes (RAIT)
Serial Advanced Technology Architecture
SAN
Fault Tolerance
Network Redundancy
Mesh Network
Redundancy Mechanism
Backup Configuration Files
Some Threats to Computer Operations
Trusted Recovery of Software
After System Crash
Security Concerns
Agenda 4
Contingency Planning
Agenda 5
Remote Access Security
Authentication
Remote Access
Administering Systems Remotely
Facsimile Security
Securing Data in Motion
Support Systems
Configuration Management (2)
Change Control Roles in CM
CCB Charter
Configuration Management Plan
Change Control-Security Environment
Process of Change Management
Baseline (2)
Data Collection for Metrics (2)
Risk-based Cost Effective Controls
Software Programming
Security Considered at Each Phase
Waterfall Model
WaterFall Stages
Requirement Analysis
Design
Development
Verification
Operation and Maintenance
Iterative Development Model
Exploratory Model
Rapid Application Development (RAD) Model
Spiral Model
Reuse Model
Computer Aided Software Engineering Model (CASE)
Extreme Programming
Trusted Computer System Evaluation Criteria (TCSEC)
TCSEC
TCSEC Rating Breakdown
Evaluation Criteria - ITSEC
ITSEC Ratings
ITSEC - Good and Bad
Common Criteria
Common Criteria Standard
Security Functional Requirements
Security Assurance Requirements
Common Criteria Components
Common Criteria Requirements
Package Ratings
Common Criteria Outline
Certification Versus Accreditation
Security Levels
MAC Modes
Modes of Operation
MAC Modes (Cont.)
Sets of Ethics
(ISC)2
Computer Ethics Institute
Internet Architecture Board
Domain 2 Review

Domain 3 - Risk, Response and Recovery
Risk, Response and Recovery
Risk Management
Why Is Risk Management Difficult?
Necessary Level of Protection Is Different for Each Organization
Security Team/Committee
Risk Management Process
Planning Stage - Team
Analysis Paralysis
Planning Stage - Scope
Planning Stage - Analysis Method
Risk Management Tools
Defining Acceptable Levels
Acceptable Risk Level
Collecting and Analyzing Data Methods
What Is a Company Asset?
Data Collection - Identify Assets
Data Collection - Assigning Values
Asset Value
Data Collection - Identify Threats
Data Collection - Calculate Risks
Scenario Based - Qualitative
Risk Approach (1)
Qualitative Analysis Steps
Want Real Answers?
Qualitative Risk Analysis Ratings
Qualitative Risks
Quantitative Analysis Steps
Quantitative Analysis (1)
How Often Will This Happen?
ARO Values and Their Meaning
Calculate ALE
ALE Value Uses
Relationships
Calculate Risks - ALE Example
Your Turn!
ALE Calculation
Can a Purely Quantitative Analysis Be Accomplished?
Risk Types
Examples of Types of Losses
Delayed Loss
Cost/Benefit Analysis
Cost of a Countermeasure
Cost/Benefit Analysis Countermeasure Criteria
Calculating Cost/Benefit
Controls
Control Selection Requirements
Quantitative Analysis (2)
Quantitative Analysis Disadvantages
Qualitative Analysis Approach
Qualitative Analysis Disadvantages
Can You Get Rid of All Risk?
Calculating Residual Risk
Uncertainty Analysis
Dealing with Risk
Management's Response to Identified Risks
Risk Acceptance
Risk Analysis Process Summary
Needs for BCP
Is Your Organization Prepared?
Is Your Company Prepared?
9/11 Changed Mentalities About BCP
Disaster affected Many
America is Rebuilding
Partial FEMA Disaster List for 2005
Do We have a Plan?
DRP Focus
BCP Focus
Comparing the Two
What is the Purpose of a BCP?
More Reasons to have Plans in Place
Framework
BCP is a Core Component of Every Security Program
Steps of BCP Process
Different BCP Model
Documentation
Documentation and Approval
BCP Policy Outlines
BCP Policy Sample
Who is In Charge and Who Can We Blame?
What's Needed in a Team?
BCP Development Team
Project Sizing
Properly Determining Scope is Important
BCP Risk Analysis Steps
BIA Steps
Data Gathering
Information from Different Sources
Analysis
Critical Functions
How to Identify the Most Critical Company Functions
Interdependencies
Well, of course an Organization Knows How it Works!
Business Silos
Understanding the Enterprise
BIA Steps (Cont.)
Identifying Functions' Resources
Who Connects to Who?
BIA Steps (Cont..)
Maximum Tolerable Downtime
MTD
Example
MTD Definitions
BIA Steps (Cont...)
Range of Threats to Consider
Thinking Outside of the Box What if..
Biological Threats
BIA Steps (Cont..)
Potential Disasters
Risk Approach (2)
Ranking by Risk Level
Potential Losses
Include all RISK Components
What Have We Completed Up to Now?
BIA Steps (Cont...)
Recovery Strategies
Alternate Business Process Procedures
Business Process Reconstruction
Recovery Strategies (Cont.)
Facility Recovery
Facility Backups - Hot Site
Facility Backups - Warm Site
Facility Backups - Cold Site
Compatibility Issues with Offsite Facility
Tertiary Sites
Subscription Costs
Multiple Processing Centers
Location, Location, Location
Choosing Site Location
Other Offsite Approaches
Security does Not Stop
More Options
Rolling Hot Site
Recovery Strategies (Cont..)
Supply and Technology Recovery
VoIP
Equipment Replacement
What Items Need to Be Considered?
Priorities
Anything Else?
Replacements
Executive Succession Planning
Recovery Strategies (Cont...)
User Environment Recovery
Recovery Strategies (Cont..)
Data Recovery Technologies
Co-Location
Data Recovery
Backup Redundancy
Recovering Data
Automated Backup Technologies
Tape Vaulting
Data Recovery (Cont.)
Clustering for Fault Tolerance
Clustering
Disk or Database Shadowing
Which Option to Use
Cost Effective Measures
Resources, Time, Solutions
Determining Recovery Solutions
Cost and Recovery Times
Proactive
BIA Steps (Cont....)
Recovery Solutions
Preventative Measures
Reviewing Insurance
Results from the BIA
Now Ready to Develop the Plan
Basic Structure of BCP
Products That Can Help
Plan Components
Teams to Be Developed
External Groups
Policy Components
Activation Phase
Damage Assessment
Notifying Personnel
Plan Activation
Emergency Response
Policy Components (Cont.)
Next Phases
Recovery Procedures
Documentation of Recovery Steps
Policy Components (Cont..)
Reconstitution Phase
Reconstitution Items
Returning to Original Facility
Who goes First?
Disaster Hit -...