uCertify

Information security: Principles and practices

(INFO-SEC) / ISBN : 978-1-61691-845-3
Lessons
316 Reviews
Get A Free Trial

Skills You’ll Get

Download Course Outline

1

Why Study Information Security?

  • Introduction
  • The Growing Importance of IT Security and New Career Opportunities
  • Becoming an Information Security Specialist
  • Contextualizing Information Security
  • Summary
  • Test Your Skills
2

Information Security Principles of Success

  • Introduction
  • Principle 1: There Is No Such Thing As Absolute Security
  • Principle 2: The Three Security Goals Are Confidentiality, Integrity, and Availability
  • Principle 3: Defense in Depth as Strategy
  • Principle 4: When Left on Their Own, People Tend to Make the Worst Security Decisions
  • Principle 5: Computer Security Depends on Two Types of Requirements: Functional and Assurance
  • Principle 6: Security Through Obscurity Is Not an Answer
  • Principle 7: Security = Risk Management
  • Principle 8: The Three Types of Security Controls Are Preventative, Detective, and Responsive
  • Principle 9: Complexity Is the Enemy of Security
  • Principle 10: Fear, Uncertainty, and Doubt Do Not Work in Selling Security
  • Principle 11: People, Process, and Technology Ar...Needed to Adequately Secure a System or Facility
  • Principle 12: Open Disclosure of Vulnerabilities Is Good for Security!
  • Summary
  • Test Your Skills
3

Certification Programs and the Common Body of Knowledge

  • Introduction
  • Certification and Information Security
  • International Information Systems Security Certifications Consortium (ISC)2
  • The Information Security Common Body of Knowledge
  • Other Certificate Programs in the IT Security Industry
  • Summary
  • Test Your Skills
4

Governance and Risk Management

  • Introduction
  • Security Policies Set the Stage for Success
  • Understanding the Four Types of Policies
  • Developing and Managing Security Policies
  • Providing Policy Support Documents
  • Suggested Standards Taxonomy
  • Who Is Responsible for Security?
  • Summary
  • Test Your Skills
5

Security Architecture and Design

  • Introduction
  • Defining the Trusted Computing Base
  • Protection Mechanisms in a TCB
  • System Security Assurance Concepts
  • The Trusted Computer Security Evaluation Criteria
  • The Canadian Trusted Computer Product Evaluation Criteria
  • The Federal Criteria for Information Technology Security
  • The Common Criteria
  • The Common Evaluation Methodology
  • Confidentiality and Integrity Models
  • Summary
  • Test Your Skills
6

Business Continuity Planning and Disaster Recovery Planning

  • Introduction
  • Overview of the Business Continuity Plan and Disaster Recovery Plan
  • Disaster Recovery Planning
  • Summary
  • Test Your Skills
7

Law, Investigations, and Ethics

  • Introduction
  • Types of Computer Crime
  • How Cybercriminals Commit Crimes
  • The Computer and the Law
  • Intellectual Property Law
  • Privacy and the Law
  • Computer Forensics
  • The Information Security Professional’s Code of Ethics
  • Other Ethics Standards
  • Summary
  • Test Your Skills
8

Physical Security Control

  • Introduction
  • Understanding the Physical Security Domain
  • Summary
  • Test Your Skills
9

Operations Security

  • Introduction
  • Operations Security Principles
  • Operations Security Process Controls
  • Operations Security Controls in Action
  • Summary
  • Test Your Skills
10

Access Control Systems and Methodology

  • Introduction
  • Terms and Concepts
  • Principles of Authentication
  • Biometrics
  • Single Sign-On
  • Remote User Access and Authentication
  • Summary
  • Test Your Skills
11

Cryptography

  • Introduction
  • Applying Cryptography to Information Systems
  • Basic Terms and Concepts
  • Strength of Cryptosystems
  • Putting the Pieces to Work
  • Examining Digital Cryptography
  • Summary
  • Test Your Skills
12

Telecommunications, Network, and Internet Security

  • Introduction
  • An Overview of Network and Telecommunications Security
  • Network Security in Context
  • The Open Systems Interconnection Reference Model
  • Data Network Types
  • Protecting TCP/IP Networks
  • Virtual Private Networks
  • IPSec
  • Cloud Computing
  • Summary
  • Test Your Skills
13

Software Development Security

  • Introduction
  • The Practice of Software Engineering
  • Software Development Life Cycles
  • Don’t Bolt Security On—Build It In
  • Design Reviews
  • Measuring the Secure Development Program
  • Summary
  • Test Your Skills
14

Securing the Future

  • Introduction
  • Operation Eligible Receiver
  • Carders, Account Takeover, and Identity Theft
  • The Rosy Future for InfoSec Specialists
  • Summary
  • Test Your Skills
A

Appendix A: Common Body of Knowledge

  • Access Control
  • Telecommunications and Network Security
  • Information Security Governance and Risk Management
  • Software Development Security
  • Cryptography
  • Security Architecture and Design
  • Operations Security
  • Business Continuity and Disaster Recovery Planning
  • Legal Regulations, Investigations, and Compliance
  • Physical (Environmental) Security
B

Appendix B: Security Policy and Standards Taxonomy

C

Appendix C: Sample Policies

  • Sample Computer Acceptable Use Policy
  • Sample Email Use Policy
  • Sample Password Policy
  • Sample Wireless (WiFi) Use Policy
D

Appendix D: HIPAA Security Rule Standards

  • HIPAA Security Standards
  • Administrative Procedures
  • Physical Safeguards
  • Technical Security Services
  • Technical Security Mechanisms

Related Courses

All Courses