Security Training for application development


Course Overview
Course Outline
Fee & Class Schedule

Course Overview

The course will focus in the following areas:

  • Security Management and Practices
  • Applications and Systems Development Security
  • Operations Security
  • Access Control Systems and Methodology

Course Outline

I.Security Management and Practices

  • Introduction
  • Defining Security Principles
    • CIA: Information Security’s Fundamental Principles
    • Privacy
    • Identification and Authentication
    • Non-repudiation
    • Accountability and Auditing
    • Documentation
  • Security Management Planning
  • Risk Management and Analysis
    • Risk Analysis
    • Identifying Threats and Vulnerabilities
    • Asset Valuation
    • Qualitative Risk Analysis
    • Countermeasure Selection and Evaluation
    • Tying It Together
  • Policies, Standards, Guidelines, and Procedures
    • Information Security Policies
    • Setting Standards
    • Creating Baselines
    • Guidelines
    • Setting and Implementing Procedures
  • Examining Roles and Responsibility
  • Management Responsibility
    • User Information Security Responsibilities
    • IT Roles and Responsibilities
    • Other Roles and Responsibilities
  • Understanding Protection Mechanisms
    • Layering
    • Abstraction
    • Data Hiding
    • Encryption
  • Classifying Data
    • Commercial Classification
    • Government Classification
    • Criteria
    • Creating Procedures for Classifying Data
  • Employment Policies and Practices
    • Background Checks and Security Clearances
    • Employment Agreements, Hiring, and Termination
    • Job Descriptions
    • Job Rotation
  • Managing Change Control
    • Hardware Change Control
    • Software Change Control
  • Security Awareness Training

II. Applications and Systems Development Security

  • Introduction
  • Software Applications and Issues
    • Challenges of Distributed and Non-distributed Environments
    • Database and Data Warehousing Issues
    • Storage and Storage Systems
    • Knowledge-Based Systems
    • Web Services and Other Examples of Edge Computing
  • Attacking Software
    • Attacks Against Password Databases
    • Denial-of-Service and Distributed Denial-of-Service Attacks
    • Spoofing
    • Miscellaneous Attacks
    • Illegitimate Use of Legitimate Software
    • Network Software
  • Understanding Malicious Code
    • So, Who’s a Hacker? What’s Malicious Code?
    • What Protection Does Antivirus Software Provide?
  • Implementing System Development Controls
    • System Development Lifecycle
    • Security Control Architecture
    • Best Practices
  • Using Coding Practices That Reduce System Vulnerability
    • Software Development Methodologies
    • Impacting Security Through Good Software Design and Coding

III. Operations Security

  • Introduction
  • Examining the Key Roles of Operations Security
    • Identify Resources to Be Protected
    • Identifying Privileges to Be Restricted
    • Identifying Available Controls and Their Types
    • Control Types
    • Describing the OPSEC Process
  • The Roles of Auditing and Monitoring
    • Using Logs to Audit Activity and Detect Intrusion
    • Detecting Intrusions
    • Penetration Testing Techniques
  • Developing Countermeasures to Threats
    • Risk Analysis
    • Threats
    • Countermeasures
    • Establishing Countermeasures for Employee-Related Threats
    • Including Countermeasures in Hiring and Firing/Exit Practices
    • Gruntling Program
    • Countermeasures for Common Internet-Based Threats
    • Countermeasures to Physical Threats
  • The Role of Administrative Management
  • Concepts and Best Practices
    • Privileged Operation Functions
    • Understanding Antiviral Controls
    • Protecting Sensitive Information and Media
    • Change Management Control

IV. Access Control Systems and Methodology

  • Introduction
  • Accountability
  • Access Control Techniques
    • Discretionary Access Control
    • Mandatory Access Control
    • Lattice-Based Access Control
    • Rule-Based Access Control
    • Role-Based Access Control
    • Access Control Lists
  • Access Control Administration
    • Account Administration
  • Identification and Authentication Techniques
    • Passwords
    • One-Time Passwords
    • Challenge Response
    • Biometrics
    • Tickets
    • Single Sign-On
  • Access Control Methodologies
    • Centralized/Remote Authentication Access Controls
    • Decentralized Access Control
  • Methods of Attacks
    • Brute-Force
    • Denial-of-Service
    • Spoofing
    • Sniffing
  • Monitoring
    • Intrusion Detection
    • Intrusion Prevention
    • How Intrusion Detection Works
  • Penetration Testing
    • Penetration Testing Versus Security Assessments
    • Ethical Issues
    • Performing a Penetration Test
    • Common Tools

Fee & Class Schedule

Fee:  
Class Schedule:  

Request for Course Information

Please send your enquiry to processis@processis.com