Topic A: The Basics of Enterprise Security
The Enterprise
Enterprise Security
Business Goals and Security
Common Enterprise Security Principles
Enterprise Threat Intelligence
What to Protect?
Defense in Depth
Common Components of an Enterprise Security Solutions
Policies, Standards, and Procedures
Enterprise Policy Types
Topic B: The Enterprise Structure
Organizational Structures
The Management Team
Network Administrator
The DBA
Programmers
Stakeholders
Finance
Human Resources
Physical Security and Facilities Roles
Discipline Collaboration
Topic C: Enterprise Security Requirements
Legal Compliance
PII
Privacy Requirements
Organizational Security Requirements
Topic A: Common Network Security Components and Technologies
Common Enterprise Security Components
VoIP Integration
IPv6 Migration and Integration
VLAN Integration
DNS Security Techniques
Secure Directory Services
NIDS
NIPS
The NIPS Process
ESB
The ESB Process
DAM
Topic B: Communications and Collaboration Security
UC Security
UC Attacks
UC Components
Traffic Prioritization (QoS)
Security Solutions for Data Flow
VoIP Security
The VoIP Implementation Process
VoIP Implementation Considerations
Remote Access Security
VPN Solutions
External Communications Security
Collaboration Platform Security Issues
Demo - Least Privilege
Common Mobile Devices
Enterprise Security Methods for Mobile Devices
Topic C: Cryptographic Tools and Techniques
Cryptography in the Enterprise
Considerations for Cryptography in the Enterprise
Demo - File Encryption
Cryptographic Methods and Design
Basic Approaches to Encryption
Transport Encryption Methods
Security Implications for Encryption
Digital Signature Techniques
Advanced PKI Components
Code Signing
Attestation
Entropy
PRNG
PFS
Confusion and Diffusion
Topic D: Advanced Authentication
Advanced Authentication Within the Enterprise
Certificate-Based Authentication
SAML
SPML
XACML
SOAP
WSS
Topic A: Enterprise Storage Security Issues
Common Enterprise Storage Technologies
NAS Security Implications
SAN Security Implications
vSAN Security Implications
iSCSI Security Implications
FCoE Security Implications
LUN
LUN Masking in the Security Architecture
Redundancy
Additional Storage Security Implications
Topic B: Distributed, Shared, and Virtualized Computing
Why Virtualization?
Advantages of Virtualization
VLANs
VMs
VDI
Terminal Services
Virtualization Vulnerabilities
Vulnerabilities of Hosting VMs for Multiple Companies
Virtual Environment Security Methods
Topic C: Cloud Computing and Security
Cloud Computing
Cloud Computing Service Models
Cloud Storage Considerations
Security Vulnerabilities of Cloud Computing
Secure Use of Cloud Computing Within the Enterprise
Topic A: Network Security Design
Network Design Types and Techniques
Network Design Considerations
Data Network Types
A Data Network Topology
Data Network Topology Types
A Network Diagram
Data Network Media Types
Network Transmission Methodologies
Physical Security
Building Layout
Facilities Management
Hardware Attacks
Environmental Threats and Vulnerabilities
Network Attacks
SCADA
Secure Infrastructure Design
Storage Integration Considerations
Topic B: Conduct a Security Assessment
Vulnerability Assessment
Penetration Testing
Hacking Steps
Penetration Testing Techniques
Fingerprinting
Code Review Methods
A Social Engineering Test
Security Assessment Tools
How to Conduct a Security Assessment
Topic C: Host Security
Host-Based Security Controls
Host-Based Firewalls
Firewall Rules
Demo - Firewalls
Trusted OS
Endpoint Security
Anti-Malware Software
Host Hardening
Operating System Security
Host Hardening Action Steps
Asset Management
HIDS
HIPS
Host Monitoring
Topic A: Application Security Basics
Application Security Design
Application Design Considerations
Application Security Design Best Practices
Application Security Vulnerabilities
Vulnerability Testing Methods
Application Sandboxing
Application Security Frameworks
Third-Party Applications
The Application Life Cycle
Secure Coding Standards
Secure Coding Guidelines
SOA
Topic B: Web Application Security
Cookie Security
Hijacked Cookies
Cookie Poisoning
Cookies and XSRF
XSRF Security
Client Side vs. Server Side Processing Methods
State Management
State Management Vulnerabilities
Client-Side Scripting Languages
Common Application Based Security Threats and Controls
Topic A: Analyze Security Risk
Risk Exposure
ERM
Risk Management Strategies
Common Business Models and Strategies
Business Model Types
Internal and External Considerations
De-perimeterization
Risk Analysis Methods
How to Analyze Security Risk
Topic B: Implement Risk Mitigation Strategies and Controls
Risk Scoring
Risk Likelihood and Impact
Risk Determination
Elements of Risk Determination
Risk Response Techniques
Mitigation Strategies
A Sample ESA Framework
Continuous Monitoring
How to Implement Risk Mitigation Strategies and Controls
Topic C: Implement Enterprise-Level Security Policies and Procedures
Security Policy Development Principles
Security Policy Development Methods
Security Procedures
Security Procedure Development Methods
Common Business Documents
Common Security Policy Components
Security Policy Collaboration
Security Policy Collaboration Partners
How to Implement Enterprise-Level Security Policies and Procedures
Topic D: Prepare for Incident Response and Recovery
Incident and Emergency Response
The Emergency Response Team
A Security Incident
Data Breach
Data Breach Types
The Data Breach Response Process
The E-Discovery Process
E-Discovery Policies
E-Discovery Components and Techniques
SIEM
Computer Forensics
Incident Response System Design Considerations
Incident Response Components
How to Prepare for Incident Response and Recovery
Topic A: The Technology Life Cycle
Technology Life Cycle Considerations
Technology Life Cycle Phases
End-to-End Solutions
SDLC
SDLC Phases
SDLC Models
SSDLC
SRTM
Topic B: Inter-Organizational Change
Security and Organizational Change
Change Management in the Enterprise
Security Design Considerations
Network Secure Segmentation
Network Secure Delegation
Product and Service Integration
Third-Party Products
Topic C: Integrate Enterprise Disciplines to Achieve Secure Solutions
Enterprise Security Integration Strategies
Security Process and Controls Support
Security Process and Control Mechanisms
Effective Collaboration Techniques
Collaboration Across Disciplines
How to Integrate Enterprise Disciplines to Achieve Secure Solutions
Topic A: Perform an Industry Trends and Impact Analysis
Industry Best Practices
Demo - Security Research
Research Methods
Technology Evolution
New Technologies, Security Systems, and Services
New Security Technology Types
Situational Awareness
Situational Awareness Considerations
Emerging Business Tools
Social Media as an Emerging Business Tool
Mobile Devices as Emerging Business Tools
Emerging Security Issues
The Global Impact Analysis Industry
Security Requirements for Business Contracts
How to Perform an Industry Trends Impact Analysis
Topic B: Perform an Enterprise Security Analysis
Benchmarking
Network Traffic Analysis
Types of Network Traffic Analysis
Prototyping and Testing
Cost-Benefit Analysis
Security Analysis Strategies
Security Solution Analysis
Lessons Learned Review
How to Perform an Enterprise Security Analysis
Topic A: BCP Fundamentals
BCPs
BCP Development Phases
NIST Contingency Planning Steps
NFPA Business Planning Framework
Disruptive Events
BIA
BIA Organizational Goals
BIA Process
Critical Business Process
Vulnerability Assessments
MTD
RPO
RTO
RPO/RTO Optimization
Topic B: BCP Implementation
Program Coordinators
Advisory Committee-BCP Team
BCP Team Responsibilities
BCP Contents
Business Plan Evaluations
Business Plan Testing
Business Plan Maintenance
Business Continuity Process
Topic C: DRP Fundamentals
DRP
Disaster Recovery Strategy
Disaster Recovery Priority Levels
Disaster Recovery Response Approaches
Backup Strategies
Data Restoration Strategies
Alternate Sites
Topic D: DRP Implementation
Recovery Team
Salvage Team
Disaster Recovery Evaluation and Maintenance
Disaster Recovery Testing
Disaster Recovery Process
Topic A: Create a Risk Management Plan
Risk
Project Buffer
Classification of Risks
Business Risk vs. Insurable Risk
Risk Tolerance
Probability Scale
Impact Scale
RBS
Risk Management
The Risk Management Plan
Components of a Risk Management Plan
How to Create a Risk Management Plan
Topic B: Identify Risks and Their Causes
Triggers
Information Gathering Techniques
Documentation Reviews
SWOT Analysis
Risk Analysis
Risk Register
Components of a Risk Register
Risk Categories
How to Identify Risks and Their Causes
Topic C: Analyze Risks
Qualitative Risk Analysis
Quantitative Risk Analysis
Risk Probability and Impact Assessment
The Probability and Impact Risk Rating Matrix
The Ongoing Risk Assessment Process
Project Risk Ranking
Data Collection and Representation Techniques
Basics of Probability
Probability Distribution
Quantitative Analysis Methods
Qualitative Analysis Methods
Risk Data Quality Assessment
Risk Urgency Assessment
Simulation
Monte Carlo Analysis
How to Analyze Risks
Topic D: Develop a Risk Response Plan
Negative Risks
Negative Risk Strategies
Positive Risks
Positive Risk Strategies
Contingency Plan
The BCP
DRP
Contingency Reserve
Risk-Related Contract Decisions
How to Develop a Risk Response Plan
Topic A: Computer Crime Laws and Regulations
Common Law
Statutory Law
Types of Statutory Offenses
Administrative Law
Intellectual Property Law
Information Privacy Law
Computer Crime Law
Compliance
Liability
Internal and External Audits
Governmental Oversight Resources
Topic B: Computer Crime Incident Response
Computer Crime
The Computer Criminal Incident Response Process
The Evidence Life Cycle
Evidence Collection Techniques
Evidence Types
Chain of Evidence
Rules of Evidence
Surveillance Techniques
Search and Seizure
Computer Forensics
Topic A: Develop Critical Thinking Skills
Intellectual Autonomy
Humility
Objectivity
Focus on the Argument
Clarity
Defining Your Argument
Intellectual Honesty
Logical Fallacies
Assessing Arguments Logically
How to Employ Critical Thinking Skills
Topic B: Determine the Root of a Problem
Obstacles to Analysis
Occam's Razor
Techniques for Applying Occam's Razor
Theme Analysis
The Four Guidelines Technique
How to Determine the Root of a Problem
Topic C: Use Judgment to Make Sound Decisions
Analyzing Problems
Analytical vs. Creative Thinking
Barriers to Creative Thinking
Brainstorming
Rules of Brainstorming
Evaluating Brainstorming Ideas
A Fishbone Diagram
A Pareto Chart
A Histogram
A Cost-Benefit Analysis
Phases in Cost-Benefit Analysis
A Prioritization Matrix
A Trade-Off Method
A Decision Tree
An Ease and Effect Matrix
A PMI Analysis Table
How to Use Judgment to Make Sound Decisions
Lesson 12 Review
Course Closure