E-Business Security

 

 

Course Description:

In this course you will explore the security technique fundamentals involved in minimizing E-Business security risks. This course introduces you to concepts such as securing Web clients, servers, and communications. It also investigates the use of firewalls and digital certificates, and concludes with a look at legal issues including how to respond when security has been breached

Who Should Attend:
Anyone who are interested in learning about security in e-Business framework.

Duration:

60 Hours
Certification:

The e-Business certification exam will be conducted at the last day of the training. Students need to pass the online Prometric exam to receive the CEA certification

Course Outline V2:

Module 1: Introduction to Information Security  

	Understand what information security is and how it came to mean what it does today.
	Comprehend the history of computer security and how it evolved into information security.
	Understand the key terms and critical concepts of information security as presented in the chapter.
	Outline the phases of the security systems development life cycle.
	Understand the role professionals involved in information security in an organizational structure

Module II - The Need for Security  

	Understand the business need for information security.
	Understand a successful information security program is the responsibility of an organization’s general management and IT management.
	Understand the threats posed to information security and the more common attacks associated with those threats.
	Differentiate threats to information systems from attacks against information systems

Module III - Legal, Ethical & Professional Issues in Information Security

	Use this chapter as a guide for future reference on laws, regulations, and professional organizations.
	Differentiate between laws and ethics.
	Identify major national laws that relate to the practice of information security.
	Understand the role of culture as it applies to ethics in information security.

Module IV - Risk Management: Identifying and Assessing Risk

	Define risk management and its role in the SecSDLC
	Understand how risk is identified
	Assess risk based on the likelihood of occurrence and impact on an organization
	Grasp the fundamental aspects of documenting risk identification and assessment

Module V - Risk Management: Assessing and Controlling Risk

	Recognize why risk control is needed in today’s organizations
	Know the risk mitigation strategy options for controlling risks
	Identify the categories that can be used to classify controls
	Be aware of the conceptual frameworks that exist for evaluating risk controls, and be able to formulate a cost benefit analysis when required
	Understand how to maintain and perpetuate risk controls

Module VI - Blueprint for Security.

	Understand management’s responsibilities and role in the development, maintenance, and enforcement of information security policy, standards, practices, procedures, and guidelines
	Understand the differences between the organization’s general information security policy and the requirements and objectives of the various issue-specific and system-specific policies.
	Know what an information security blueprint is and what its major components are.
	Understand how an organization institutionalizes its policies, standards, and practices using education, training, and awareness programs.
	Become familiar with what viable information security architecture is, what it includes, and how it is used

Module VII - Planning for Continuity

	Know what contingency planning is and how incident response planning, disaster recovery planning, and business continuity plans are related to contingency planning.
	Understand the elements that comprise a business impact analysis and the information that is collected for the attack profile.
	Recognize the components of an incident response plan

Module VIII - Security Technology

	Define and identify the various types of firewalls.
	Discuss the approaches to firewall implementation.
	Discuss the approaches to dial-up access and protection.
	Identify and describe the two categories of intrusion detection systems.
	Discuss the two strategies behind intrusion detection systems

Module IX - Physical Security

	Understand the conceptual need for physical security.
	Identify threats to information security that are unique to physical security.
	Describe the key physical security considerations for selecting a facility site.
	Identify physical security monitoring components.
	Grasp the essential elements of access control within the scope of facilities management.
	Understand the criticality of fire safety programs to all physical security programs

Module X - Implementing Security

	Understand how the organization’s security blueprint becomes a project plan.
	Understand the numerous organizational considerations that must be addressed by the project plan.
	Grasp the significant role and importance of the project manager in the success of an information security project.
	Understand the need for professional project management for complex projects.
	Take in the technical strategies and models for implementing the project plan.
	Grasp the nontechnical problems that organizations face in times of rapid change

Module XI - Implementing SecurityInformation Security Maintenance

• 	Understand the need for the ongoing maintenance of the information security program.
  	Become familiar with recommended security management models.
  	Understand a model for a full maintenance program.
  	Understand key factors for monitoring the external and internal environment.
  	Learn how planning and risk assessment tie into information security maintenance.
  	Understand how vulnerability assessment and remediation tie into information security maintenance.
  	Learn how to build readiness and review procedures into information security maintenance.

Module 12: Security and Personnel

	Understand where and how the information security function is positioned within organizations.
	Understand the issues and concerns about staffing the information security function.
	Recognize how an organization’s employment policies and practices can support the information security effort.
	Understand the special security precautions necessary for non employees.
	Recognize the need for the separation of duties.
	Understand the special requirements needed for the privacy of personnel data.

Course Fee:
Module 1 : Rs. 1500.00