The System Security Planning Course expands on the one-day workshop to help you create specific security arrangements for your business. We cover the asset identification/risk assessment and treatment process to create the outline spreadsheet covered in the workshop but go into much more detail of the different security techniques and practices.

Successful delegates come through:

• With a good understanding of how to define system security requirements, and a good understanding of a variety of generic security threats and vulnerabilities, and be able to identify and analyse particular security problems for a given application.
• Being able to prioritise requirements, and match requirements to solutions and countermeasures commensurate with associated risks.
• Having a good understanding of the correlation of business processes to technology in relation to security requirements.
• Being familiar with the relevant industry security standards and the regulation, and their application.
• Appreciating the application of security techniques and technologies in solving real-life security problems in practical systems.

After the course, you have a month to complete a system security plan for one of two case studies - one a for network, one for an application.

The plan has to cover:

• System objectives (Purpose, Information life cycle and classification. Relevant topics for compliance, Regulation, Standards, Responsibilities)
• An asset register, risk assessment, treatment and countermeasures
• Business continuity and disaster recovery
• User training and awareness
• Quality assurance regime

The syllabus takes in:

The need for information assurance:

• Security Breaches
• Introduction to business continuity
• System Lifecycles
• Trust

Introduction to standards

• Plan-do-check-act lifecycles
• Overview of Information security management standards

Information security management

• Security Policy
• Security Organisation
• Asset Classification and Control
• Personnel Security
• Physical and Environmental Security
• Communications and Operations Management
• Access Control
• System Development and Maintenance
• Incident management
• Business Continuity Management
• Compliance

Risk management

Vulnerabilities

Solutions and countermeasures

• Entity authentication
• Message security
• Intrusion detection/prevention
• Firewalls
• Anti-virus software
• Virtual Private Networks (VPN)

Active security

• Audits, reviews, vulnerability scanners, and penetration testing
• Computer forensics