How to set up information security (including application, network and physical) framework for your organization
What you’ll learn
- The course covers the main concepts related to information security.
- What information needs to be secured?
- How to evaluate your information assets? How to make risk assessment? What is the difference between risk assessment and audit?
- How to protect information and make balance between availability, confidentiality and integrity of information?
- What are the regulations and standards in information security domain?
- How to run security operations?
- How to handle disasters and security incidents?
- What are ethical consideration in information security domain?
- What are available techniques from network, application, and physical security perspective?
- How to utilize bot offensive (penetration testing) and defensive security for the benefits of the information security of your orgaization
In this course you will learn basics of information security and how to apply information security principles to your organization, regardless of its size.
Information security, sometimes shortened to infosec, is the practice of protecting information by mitigating information risks. It is part of information risk management. It typically involves preventing or at least reducing the probability of unauthorized/inappropriate access, use, disclosure, disruption, deletion/destruction, corruption, modification, inspection, recording or devaluation, although it may also involve reducing the adverse impacts of incidents.
This course is following the content of CISSP (Certified Information Security Systems Professional) certification.
In this course you will learn about:
- Motivation for having information security framework
- Types of information security controls (application, network, physical security)
- How to evaluate information assets of your organization
- How to do risk assessment and where to include information security controls
- How to perform audits and when
- How to manage security operation of a certain organization
- What are and how to respond to information security incidents
- How to handle disaster recovery
- Ethics of information security
- What laws and regulations are in place (this may be specific to UK and EU, as it includes talks about GDPR but tries to generalize)
- Security standards in information security (ISO27001, ISO27003, ISO27005)
- History and main algorithms used for information security
- How to establish access control
- Basics of network security
- Basics of application security
- Basics of physical security
The tools that the course will be utilizing will be all open sources (such as SNORT or OSSEC).
Who this course is for:
- This course is for anyone who wants to become an expert in cyber-security and information security. This volume covers the required foundation building blocks of that skillset.
- For anyone who would love to gain a practical skillset in mitigating the risk from various kinds of information security threats and would like to learn about managing information in the organization.
- For beginners and intermediate information security enthusiasts who are interested in security, safety, and privacy.
- This course is designed for personal and corporate information security.
The content of this course were delivered also in the University settings.