Is your website secure? What are the security risks for web applications? How do you design for web security? What are the top ten security vulnerabilities and how do you mitigate them? If you need answers to these questions, this course provides the starting point.

This course presents the foundational principles of information and web security in the context of the systems development and security life cycle process. The focus is on both managerial as well as technical aspects. This course covers security principles; security needs, threats, and attacks; legal, ethical and professional issues; security technology including firewalls, VPNs, intrusion detection, access control; cryptography; physical security; security implementation; security maintenance and change management. The course is platform independent and supports the CISSP certification.

Course Objectives: at the completion of this course, you will:

• Understand security concepts, security professional roles, and security resources in the context of systems and security development life cycle
• Understand applicable laws, legal issues and ethical issues regarding computer crime
• Understand the business need for security, threats, attacks, top ten security vulnerabilities, and secure software development
• Understand risk management concepts, risk identification and assessment, risk control strategies, quantitative and qualitative risk control practices, risk management and risk control practices
• Understand information security policies, standards and practices, the information security blueprint
• Understand the use of firewall and VPN technologies in physical design
• Understand the use of intrusion detection, access control and other security tools in physical design
• Understand cryptography concepts, algorithms, and digital signatures used to protect information
• Understand the concepts and techniques for establishing physical security
• Understand how to implement and execute the information security blueprint
• Understand the information security function within the organization, HR and staffing issues, security credentials, and privacy
• Understand security maintenance issues, the use of security management models, and the use of digital forensics

Applicable Job Roles: web project manager, web programmers, and web application developers.

• Security and its history
• NSTISSC Security Model
• Information system components
• Balancing security with access
• Security implementation
• System and Security Development Life Cycles
• Law and Ethics
• Relevant U.S. laws
• International laws
• Ethics and Codes of Ethics

• Business needs
• Threats
• Attacks
• Top ten security vulnerabilities
• Secure software development

• Risk management overview
• Risk identification
• Quantitative and qualitative risk control
• Risk management
• Risk control practice
• Risk assessment
• Risk control strategies and selection

• Security policy, standards and practices
• Information security blueprint
• Security education, training and awareness
• Continuity strategies

• Physical design
• Firewalls
• Protecting remote connections
• Intrusion detection and prevention systems
• Honey pots, honey nets and padded cell systems
• Scanning and analysis tools, access control devices

• Cryptography Foundations
• Cipher methods
• Cryptographic algorithms
• Cryptographic tools
• Protocols for secure communications
• Attacks on cryptosystems

• Physical access controls
• Fire security and safety
• Supporting utility failure and structural collapse
• Data interception
• Mobile and portable systems
• Special considerations for physical security threats
• Project management
• Technical implementation topics
• Nontechnical implementation topics
• Certification and accreditation

• Positioning and staffing
• Information security professional credentials
• Employment policies and practices
• Security for nonemployees
• Internal control strategies
• Privacy and security of personnel data
• Security management models
• Maintenance model
• Digital forensics