Cyber Security Fundamentals

Cyber Security Fundamentals

Overview: This course offers a broad overview of information security. Topics include terminology, history, and security systems development and implementation. Students will also cover the legal, ethical, and professional issues in information security.


Course Outline

Module One: (Introduction to Information and Information Security)

  • What is Information
  • The relationship between Information and Business
  • Understanding the different business missions
    1. Government
    2. Commercial
    3. Not for profit
    4. Military
  • What is the role of information in today’s economy
    1. Knowledge
    2. Intellectual Property
    3. Customer Service
    4. Future trends
  • What is Information Security
  • What are transactions
  • What is the difference between Systems Protection and Information Security
  • How to describe security (case study/discussion)
  • Security metrics (measuring success and security planning)
  • Making security simple
  • What is Risk and how does it relate to Information Security
  • How to measure risk
  • What are controls
    1. Management
    2. Technical
    3. Physical

Module Two: (The Core Fundamentals of Information Security)

  • Key Security Principles
  • Need to know
  • Least privilege
  • Separation of Duties
  • Layered Defense (defense in depth)
  • Eleven Major Security Areas of ISO 27002 (introduce only)
  • Security Policy
  • Organizing Information Security
  • Asset Management
  • Human Resources Security
  • Physical and Environmental Security
  • Communications and Operations Management
  • Access Control
  • Information Systems Acquisition, Development and Maintenance
  • Information Security Incident Management
  • Business Continuity Management
  • Compliance

Module Three: (Designing and Implementing Security)

  • Defining Security Requirements
  • Systems and Data Ownership
  • Information Classification (case study/discussion)
  • Critical versus Sensitive Systems/Information
  • Policy and Oversight
  • Accountability
  • Building Security in to Systems and Business Processes
  • Security versus Productivity
  • Access Controls
  • Business Continuity and Resilience
  • Training and Educating the Security Advocate
  • Detecting and Preventing Social Engineering
    1. Intimidation
    2. Name-Dropping
    3. Appealing for assistance
    4. Technical

Module Four: (Assurance and Compliance)

  • Monitoring, Logs and Audit trails
  • Incident Management