uCertify

Systems Security Engineering

(SLCC-SYSSEC-ENGG.AVB1) / ISBN : 979-8-90059-000-4
Lessons
Lab
AI Tutor (Add-on)
Get A Free Trial

Skills You’ll Get

Download Course Outline

1

The Meaning of Security

  • The Cultural Legacy: Business Prevention
  • Measuring and Prioritising Business Risk
  • Information Security as the Enabler of Business
  • Adding Value to the Core Product
  • Empowering the Customers
  • Protecting Relationships and Leveraging Trust
  • To Summarise: What Does ‘Security’ Mean?
2

The Meaning of Architecture

  • The Origins of Architecture
  • Managing Complexity
  • Information Systems Architecture
  • Enterprise Security Architecture
  • Why Architectures Sometimes Fail to Deliver Benefit – and How to Avoid that Fate
  • Security Architecture Needs a Holistic Approach
  • To Summarise: What Does Architecture Mean?
3

Security Architecture Model

  • The SABSA® Model
  • The Architect’s View
  • The Designer’s View
  • The Builder’s View
  • The Tradesman’s View
  • The Facilities Manager’s View
  • The Inspector’s View
  • The SABSA® Matrix
  • Detailed SABSA® Matrix for the Operational Layer
  • To Summarise: The Security Architecture Model
4

Case Study

  • Intergalactic Banking and Financial Services Inc
  • Interviews at IBFS
  • To Summarise: IBFS Inc
5

A Systems Approach

  • The Role of Systems Engineering
  • Why a Systems Approach?
  • What Does the Systems Approach Make You Do?
  • The Need for Systems Engineering in Security Architectures
  • Some Basic Concepts
  • The Control System Concept
  • Using the Systems Approach in Security Architecture
  • Case Study
  • Advanced Modelling Techniques
  • To Summarise: A Systems Approach
6

Measuring Return on Investment in Security Architecture

  • What Is Meant by ‘Return on Investment’?
  • Why Do You Need Metrics?
  • The Security Management Dashboard
  • The Balanced Scorecard Approach
  • Business Drivers and Traceability
  • Business Attributes and Metrics
  • Setting Up a Metrics Framework
  • Maturity Models Applied to Security Architecture
  • To Summarise: Measuring Return on Investment in Security Architecture?
7

Using This Course as a Practical Guide

  • Using the SABSA® Model to Define a Development Process
  • Strategy and Concept Phase
  • Design Phase
  • Implementation Phase
  • Manage and Measure Phase
  • To Summarise: How to Use This Course as a Practical Guide
8

Managing the Security Architecture Programme

  • Selling the Benefits of Security Architecture
  • Getting Sponsorship and Budget
  • Building the Team
  • Getting Started: Fast Track™ Workshops
  • Programme Planning and Management
  • Collecting the Information You Need
  • Getting Consensus on the Conceptual Architecture
  • Architecture Governance and Compliance
  • Architecture Maintenance
  • Long-Term Confidence of Senior Management
  • To Summarise: Managing the Security Architecture Programme
9

Contextual Security Architecture

  • Business Needs for Information Security
  • Security As a Business Enabler
  • Digital Business
  • Operational Continuity and Stability
  • Safety-Critical Dependencies
  • Business Goals, Success Factors and Operational Risks
  • Operational Risk Assessment
  • Business Processes and Their Need for Security
  • Organisation and Relationships Affecting Business Security-Needs
  • Location Dependence of Business Security Needs
  • Time Dependency of Business Security Needs
  • To Summarise: Contextual Security Architecture
10

Conceptual Security Architecture

  • Conceptual Thinking
  • Business Attributes Profile
  • Control Objectives
  • Security Strategies and Architectural Layering
  • Security Entity Model and Trust Framework
  • Security Domain Model
  • Security Lifetimes and Deadlines
  • Assessing the Current State of your Security Architecture
  • To Summarise: Conceptual Security Architecture
11

Logical Security Architecture

  • Business Information Model
  • Security Policies
  • Security Services
  • Application and System Security Services
  • Security Management Services
  • Entity Schema and Privilege Profiles
  • Security Domain Definitions and Associations
  • Security Processing Cycle
  • Security Improvements Programme
  • To Summarise: Logical Security Architecture
12

Physical Security Architecture

  • Business Data Model
  • Security Rules, Practices and Procedures
  • Security Mechanisms
  • User and Application Security
  • Platform and Network Infrastructure Security
  • Control Structure Execution
  • To Summarise: Physical Security Architecture
13

Component Security Architecture

  • Detailed Data Structures
  • Security Standards
  • Security Products and Tools
  • Identities, Functions, Actions and ACLs
  • Processes, Nodes, Addresses and Protocols
  • Security Step-Timing and Sequencing
  • To Summarise: Component Security Architecture
14

Security Policy Management

  • The Meaning of Security Policy
  • Structuring the Content of a Security Policy
  • Policy Hierarchy and Architecture
  • Corporate Security Policy
  • Policy Principles
  • CA and RA Security Policies
  • Application System Security Policies
  • Platform Security Policies
  • Network Security Policies
  • Other Infrastructure Security Policies
  • Security Organisation and Responsibilities
  • Security Culture Development
  • Outsourcing Strategy and Policy Management
  • To Summarise
15

Operational Risk Management

  • Introduction to Operational Risk Management
  • Regulatory Drivers for Operational Risk Management
  • The Complexity of Operational Risk Management
  • Approaches to Risk Assessment
  • Managing Operational Risk
  • Risk Mitigation
  • Risk-Based Security Reviews
  • Risk Financing
  • The Risk Management Dashboard
  • To Summarise
16

Assurance Management

  • Assurance of Operational Continuity
  • Organisational Security Audits
  • System Security Audits
  • System Assurance Strategy
  • Functional Testing
  • Penetration Testing
  • To Summarise
17

Security Administration and Operations

  • Introduction to Security Management and Administration
  • Managing the People
  • Managing Physical and Environmental Security
  • Managing ICT Operations and Support
  • Access Control Management
  • Compliance Management
  • Security-Specific Operations
  • Managed Security Services
  • Product Evaluation and Selection
  • Business Continuity Management
  • To Summarise
18

Introduction to Network Security

  • Introduction
  • The Basics of a Network
  • Basic Network Utilities
  • The OSI Model
  • What Does This Mean for Security?
  • Assessing Likely Threats to the Network
  • Classifications of Threats
  • Likely Attacks
  • Threat Assessment
  • Understanding Security Terminology
  • Choosing a Network Security Approach
  • Network Security and the Law
  • Using Security Resources
  • Summary
19

Types of Attacks

  • Introduction
  • Understanding Denial of Service Attacks
  • Defending Against Buffer Overflow Attacks
  • Defending Against IP Spoofing
  • Defending Against Session Hijacking
  • Blocking Virus and Trojan Horse Attacks
  • Summary
20

Fundamentals of Firewalls

  • Introduction
  • What Is a Firewall?
  • Implementing Firewalls
  • Firewall Deployment
  • Selecting and Using a Firewall
  • Using Proxy Servers
  • Summary
21

Firewall Practical Applications

  • Introduction
  • Using Single Machine Firewalls
  • Windows 10 Firewall
  • User Account Control
  • Linux Firewalls
  • Using Small Office/Home Office Firewalls
  • Using Medium-Sized Network Firewalls
  • Using Enterprise Firewalls
  • Summary
22

Intrusion-Detection Systems

  • Introduction
  • Understanding IDS Concepts
  • IDS Components and Processes
  • SIEM
  • Evasion Techniques
  • Understanding and Implementing IDSs
  • Understanding and Implementing Honeypots
  • Summary
23

Encryption Fundamentals

  • Introduction
  • The History of Encryption
  • Learning About Modern Encryption Methods
  • Identifying Good Encryption
  • Understanding Digital Signatures and Certificates
  • Understanding and Using Decryption
  • Cracking Passwords
  • Steganography
  • Steganalysis
  • Quantum Computing and Quantum Cryptography
  • Summary
24

Virtual Private Networks

  • Introduction
  • Basic VPN Technology
  • Using VPN Protocols for VPN Encryption
  • IPsec
  • SSL/TLS
  • Other VPN Protocols
  • Implementing VPN Solutions
  • Summary
25

Operating System Hardening

  • Introduction
  • Configuring Windows Properly
  • Configuring Linux Properly
  • Patching the Operating System
  • Configuring Browsers
  • Summary
26

Defending Against Virus Attacks

  • Introduction
  • Understanding Virus Attacks
  • Virus Scanners
  • Antivirus Policies and Procedures
  • Additional Methods for Defending Your System
  • What to Do If Your System Is Infected by a Virus
  • Summary
27

Defending Against Trojan Horses and Phishing

  • Introduction
  • Trojan Horses
  • Phishing
  • Summary
28

Security Policies

  • Introduction
  • ISO 27002
  • Important Standards
  • Defining User Policies
  • Defining System Administration Policies
  • Defining Access Control
  • Defining Developmental Policies
  • Disaster Recovery
  • Summary
29

Assessing System Security

  • Introduction
  • Risk Assessment Concepts
  • Evaluating the Security Risk
  • Conducting the Initial Assessment
  • Probing the Network
  • Vulnerabilities
  • McCumber Cube
  • Security Documentation
  • Summary
30

Security Standards

  • Introduction
  • COBIT
  • ISO Standards
  • NIST Standards
  • U.S. DoD Standards
  • Using the Common Criteria
  • Using Security Models
  • U.S. Federal Regulations, Guidelines, and Standards
  • Summary
31

Physical Security and Disaster Recovery

  • Introduction
  • Physical Security
  • Disaster Recovery
  • Ensuring Fault Tolerance
  • Summary
32

Techniques Used by Attackers

  • Introduction
  • Preparing to Hack
  • The Attack Phase
  • Session Hijacking
  • Wi-Fi Hacking
  • Bluetooth Hacking
  • Summary
33

Introduction to Forensics

  • Introduction
  • General Forensics Guidelines
  • FBI Forensics Guidelines
  • Imaging a Drive
  • Finding Evidence on the PC
  • Gathering Evidence from a Cell Phone
  • Forensic Tools to Use
  • Forensic Science
  • To Certify or Not to Certify?
  • Expert Witnesses
  • Additional Types of Forensics
  • Summary
34

Cyber Warfare and Terrorism

  • Introduction
  • Defending Against Computer-Based Espionage
  • Defending Against Computer-Based Terrorism
  • Choosing Defense Strategies
  • Summary

1

Logical Security Architecture

  • Setting Security Policies
  • Implementing Intrusion Detection and Prevention
2

Intrusion-Detection Systems

  • Performing IDS Configuration with Snort
3

Encryption Fundamentals

  • Examining Asymmetric Encryption
  • Creating PGP Certification
  • Adding a Digital Certificate
  • Hiding Text using Steganography
4

Operating System Hardening

  • Configuring a Account Lockout Policy
5

Assessing System Security

  • Conducting Vulnerability Scanning Using Nessus
  • Performing Vulnerability Scanning Using OpenVAS
  • Examining Open Source Security Testing Methodology Manual
6

Techniques Used by Attackers

  • Attacking a Website Using XSS Injection
  • Exploiting a Website Using SQL Injection
7

Cyber Warfare and Terrorism

  • Using BitLocker

Related Courses

All Courses