Scribd Logo
Hochladen

Willkommen bei Scribd!

  • Summary

    Hochgeladen von

    Yan Luo
    17 Ansichten8 Seiten
    This document summarizes the content covered in a 12-week information security course. The course covers topics such as the history and principles of information security, threats and vulnerabilities, risk management, security controls, access control, cryptography, physical security, security project implementation, personnel security, and maintaining a security program. It also provides an overview of the exam format which will include true/false questions, multiple choice, and long-form questions testing understanding of most chapters covered during the course.

    Originalbeschreibung:

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Verfügbare Formate

    PPTX, PDF, TXT oder online auf Scribd lesen

    Stufen Sie dieses Dokument als nützlich ein?

    Sind diese Inhalte unangemessen?

    Dieses Dokument melden
    This document summarizes the content covered in a 12-week information security course. The course covers topics such as the history and principles of information security, threats and vulnerabilities, risk management, security controls, access control, cryptography, physical security, security project implementation, personnel security, and maintaining a security program. It also provides an overview of the exam format which will include true/false questions, multiple choice, and long-form questions testing understanding of most chapters covered during the course.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Als PPTX, PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    17 Ansichten8 Seiten

    Summary

    Hochgeladen von

    Yan Luo
    This document summarizes the content covered in a 12-week information security course. The course covers topics such as the history and principles of information security, threats and vulnerabilities, risk management, security controls, access control, cryptography, physical security, security project implementation, personnel security, and maintaining a security program. It also provides an overview of the exam format which will include true/false questions, multiple choice, and long-form questions testing understanding of most chapters covered during the course.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Als PPTX, PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    von 8

    2/9/2012

    Course Summary

    Quick Review
     Week 12 Content is largely a summary of previous material (except digital forensics)  So instead, my highlights

    2/9/2012

    Week 1
     Where did modern Information security come from  Critical characteristics of IS  Balancing Security and access  Who does information security?  Art or Science?

    Week 2
     Threats to Information Security (categories and examples)  Attacks, threat agents & vulnerabilities: code, worms, viruses, backdoors, password cracking methods, spoofing, man-in-the-middle, SOCIAL ENGINEERING  Developing secure software know about buffers, command/sql injection etc.

    2/9/2012

    Week 3
     Liability, dues care, due diligence how do you do it? How do you prove you are doing it?  Policy Vs Law  Privacy, *awareness* of international law and standards  Ethics  Key law enforcement agencies

    Week 4
     Risk management - How do we assess, manage and control risk?  Prioritising risks  Risk assessment formula (p.139)  Controls (avoidance, transference, mitigation, acceptance)  Cost benefit analysis (CBA) (p.153)  Qualitative Vs Quantitative assessment and evaluation  Base-lining, benchmarking & best practice  Feasibility issues
    6

    2/9/2012

    Week 5
             Enterprise & issue specific policy Policy control/management The security blueprint Security models/architectures Defence-in-depth Education Continuity IRPs, DRPs, BCPs Involving the law
    7

    Week 6
           Firewall technology Packet filtering, NAT Stateful Vs stateless Hardware Vs Software (content filtering?) Firewall architectures Firewall rules VPNs

    2/9/2012

    Week 7
     Intrusion detection systems  NID(P)s Vs HID(P)s  Detection methods signature, statistical-anomaly, stateful protocol, log-file monitors  Responding/Strengths/Limitations  Deployment & locations  Honeypots  Scanning tools and Packet sniffers  Access control & authentiation
    9

    Week 8
            Crypto basics Ciphers (block Vs bit cipher methods) Hash functions Symmetric Vs Asymmetric Public key encryption Digital signatures Secure protocols SSL, SSH Wireless encryption WEP Vs WPA

    10

    2/9/2012

    Week 9
     Physical security and controls  Issues associated with computer rooms and securing facilities  Fire detection and response  Power management  Remote computing issues

    11

    Week 10
     Implementing the security blueprint project methodology issues  Project planning and estimation tracking & control  Cost, Time, Scope issues  Conversion/go-live strategies  Change management/people issues

    12

    2/9/2012

    Week 11
           How does information security affect hiring an firing? Info sec roles and job descriptions Certifications useful or not? Interviews, background checks and the grand tour Departures Hostile Vs Friendly Consultants, contractors and temps Separation of duties, controls and job rotation

    13

    Week 12
     Maintenance keeping the security program going  Helpdesk and change control  Monitoring data sources learning about new threats and controls  Governance (again), reviews, further risk assessments  Internet & Intranet, platform & wireless vulnerability assessments  Digital forensics (follows)

    14

    2/9/2012

    Exam
            2 hour Open book 65 marks (65%) Part A 12 T/F Part B 12 MC Part C 41 Marks 4 questions with three four parts each Limited coverage of Chapter 3 No mathematical/algorithmic questions for Chapter 8

    15

    Das könnte Ihnen auch gefallen