Traditionally,
Information Security has been considered an afterthought and a
road-block when it comes to implementing a project – IT
or otherwise. More recently, however, entities in the private
and public sectors alike have been paying more attention to security.
This has largely been due to laws and regulations that require
a solid information assurance program as part of the project lifecycle.
Some companies adopt a security-friendly stance because of having
been on the receiving end of a hack attack. And sometimes management
realizes that security is simply a good idea. With the increased
need for Information Security, it is important to be aware of
not just encryption basics or what FISMA requires from federal
entities. Instead, a holistic view of Information Security is
paramount to surviving the next attack.
By the end of this class, participants will have a general understanding
of Information Security as defined by (ISC)2’s Common Body
of Knowledge (CBK), which divides Information Security into the
following ten domains:
• Access Control Systems and Methodology
• Telecommunications and Network Security
• Security Management Practices
• Applications and Systems Development Security
• Cryptography
• Security Architecture and Models
• Operations Security
• Business Continuity and Disaster Recovery Planning (BCP/DRP)
• Law, Investigations, and Ethics
• Physical Security
This course is not intended to prepare participants for the Certified
Information Systems Security Professional (CISSP) exam. However,
it will impart a general understanding of information security
concepts that will be invaluable during audit efforts in the private
and public sectors.
