Course Outline

Domain 1 Governance and Risk Management

1. Define, Implement, Manage, and Maintain an Information Security Governance Program

  • 1.1. Form of Business Organization
  • 1.2. Industry
  • 1.3. Organizational Maturity

2. Information Security Drivers

3. Establishing an information security management structure

  • 3.1. Organizational Structure
  • 3.2. Where does the CISO fit within the organizational structure
  • 3.3. The Executive CISO
  • 3.4. Nonexecutive CISO

4. Laws/Regulations/Standards as drivers of Organizational Policy/Standards/Procedures

5. Managing an enterprise information security compliance program

  • 5.1. Security Policy
  • 5.1.1. Necessity of a Security Policy
  • 5.1.2. Security Policy Challenges
  • 5.2. Policy Content
  • 5.2.1. Types of Policies
  • 5.2.2. Policy Implementation
  • 5.3. Reporting Structure
  • 5.4. Standards and best practices
  • 5.5. Leadership and Ethics
  • 5.6. EC-Council Code of Ethics

6. Introduction to Risk Management

  • 3.1. Organizational Structure
  • 3.2. Where does the CISO fit within the organizational structure
  • 3.3. The Executive CISO
  • 3.4. Nonexecutive CISO

Domain 2 Information Security Controls, Compliance, and Audit Management

1. Information Security Controls

  • 1.1. Identifying the Organization’s Information Security Needs
  • 1.1.1. Identifying the Optimum Information Security Framework
  • 1.1.2. Designing Security Controls
  • 1.1.3. Control Lifecycle Management
  • 1.1.4. Control Classification
  • 1.1.5. Control Selection and Implementation
  • 1.1.6. Control Catalog
  • 1.1.7. Control Maturity
  • 1.1.8. Monitoring Security Controls
  • 1.1.9. Remediating Control Deficiencies
  • 1.1.10. Maintaining Security Controls
  • 1.1.11. Reporting Controls
  • 1.1.12. Information Security Service Catalog

2. Compliance Management

  • 2.1. Acts, Laws, and Statutes
  • 2.1.1. FISMA
  • 2.2. Regulations
  • 2.2.1. GDPR
  • 2.3. Standards
  • 2.3.1. ASD—Information Security Manual
  • 2.3.2. Basel III
  • 2.3.3. FFIEC
  • 2.3.4. ISO 00 Family of Standards
  • 2.3.5. NERC-CIP
  • 2.3.6. PCI DSS
  • 2.3.7. NIST Special Publications
  • 2.3.8. Statement on Standards for Attestation Engagements No. 16 (SSAE 16)

3. Guidelines, Good and Best Practices

  • 3.1. CIS
  • 3.1.1. OWASP

4. Audit Management

  • 4.1. Audit Expectations and Outcomes
  • 4.2. IS Audit Practices
  • 4.2.1. ISO/IEC Audit Guidance
  • 4.2.2. Internal versus External Audits
  • 4.2.3. Partnering with the Audit Organization
  • 4.2.4. Audit Process
  • 4.2.5. General Audit Standards
  • 4.2.6. Compliance-Based Audits
  • 4.2.7. Risk-Based Audits
  • 4.2.8. Managing and Protecting Audit Documentation
  • 4.2.9. Performing an Audit
  • 4.2.10. Evaluating Audit Results and Report
  • 4.2.11. Remediating Audit Findings
  • 4.2.12. Leverage GRC Software to Support Audits

5. Summary

Domain 3 Security Program Management & Operations

1. Program Management

  • 1.1. Defining a Security Charter, Objectives, Requirements, Stakeholders, and Strategies
  • 1.1.1. Security Program Charter
  • 1.1.2. Security Program Objectives
  • 1.1.3. Security Program Requirements
  • 1.1.4. Security Program Stakeholders
  • 1.1.5. Security Program Strategy Development
  • 1.2. Executing an Information Security Program
  • 1.3. Defining and Developing, Managing and Monitoring the Information Security Program
  • 1.3.1. Defining an Information Security Program Budget
  • 1.3.2. Developing an Information Security Program Budget
  • 1.3.3. Managing an Information Security Program Budget
  • 1.3.4. Monitoring an Information Security Program Budget
  • 1.4. Defining and Developing Information Security Program Staffing Requirements
  • 1.5. Managing the People of a Security Program
  • 1.5.1. Resolving Personnel and Teamwork Issues
  • 1.5.2. Managing Training and Certification of Security Team Members
  • 1.5.3. Clearly Defined Career Path
  • 1.5.4. Designing and Implementing a User Awareness Program
  • 1.6. Managing the Architecture and Roadmap of the Security Program
  • 1.6.1. Information Security Program Architecture
  • 1.6.2. Information Security Program Roadmap
  • 1.7. Program Management and Governance
  • 1.7.1. Understanding Project Management Practices
  • 1.7.2. Identifying and Managing Project Stakeholders
  • 1.7.3. Measuring the Effectives of Projects
  • 1.8. Business Continuity Management (BCM) and Disaster Recovery Planning (DRP)
  • 1.9. Data Backup and Recovery
  • 1.10. Backup Strategy
  • 1.11. ISO BCM Standards
  • 1.11.1. Business Continuity Management (BCM)
  • 1.11.2. Disaster Recovery Planning (DRP)
  • 1.12. Continuity of Security Operations
  • 1.12.1. Integrating the Confidentiality, Integrity and Availability (CIA) Model
  • 1.13. BCM Plan Testing
  • 1.14. DRP Testing
  • 1.15. Contingency Planning, Operations, and Testing Programs to Mitigate Risk and Meet Service Level Agreements (SLAs)
  • 1.16. Computer Incident Response
  • 1.16.1. Incident Response Tools
  • 1.16.2. Incident Response Management
  • 1.16.3. Incident Response Communications
  • 1.16.4. Post-Incident Analysis
  • 1.16.5. Testing Incident Response Procedures
  • 1.17. Digital Forensics
  • 1.17.1. Crisis Management
  • 1.17.2. Digital Forensics Life Cycle

2. Operations Management

  • 2.1. Establishing and Operating a Security Operations (SecOps) Capability
  • 2.2. Security Monitoring and Security Information and Event Management (SIEM)
  • 2.3. Event Management
  • 2.4. Incident Response Model
  • 2.4.1. Developing Specific Incident Response Scenarios
  • 2.5. Threat Management
  • 2.6. Threat Intelligence
  • 2.6.1. Information Sharing and Analysis Centers (ISAC)
  • 2.7. Vulnerability Management
  • 2.7.1. Vulnerability Assessments
  • 2.7.2. Vulnerability Management in Practice
  • 2.7.3. Penetration Testing
  • 2.7.4. Security Testing Teams
  • 2.7.5. Remediation
  • 2.8. Threat Hunting

3. Summary

Domain 4 Information Security Core Competencies

1. Access Control

  • 1.1. Authentication, Authorization, and Auditing
  • 1.2. Authentication
  • 1.3. Authorization
  • 1.4. Auditing
  • 1.5. User Access Control Restrictions
  • 1.6. User Access Behavior Management
  • 1.7. Types of Access Control Models
  • 1.8. Designing an Access Control Plan
  • 1.9. Access Administration

2. Physical Security

  • 2.1. Designing, Implementing, and Managing Physical Security Program
  • 2.1.1. Physical Risk Assessment
  • 2.2. Physical Location Considerations
  • 2.3. Obstacles and Prevention
  • 2.4. Secure Facility Design
  • 2.4.1. Security Operations Center
  • 2.4.2. Sensitive Compartmented Information Facility
  • 2.4.3. Digital Forensics Lab
  • 2.4.4. Datacenter
  • 2.5. Preparing for Physical Security Audits

3. Network Security

  • 3.1. Network Security Assessments and Planning
  • 3.2. Network Security Architecture Challenges
  • 3.3. Network Security Design
  • 3.4. Network Standards, Protocols, and Controls
  • 3.4.1. Network Security Standards
  • 3.4.2. Protocols

4. Certified Chief

  • 4.1.1. Network Security Controls
  • 4.2. Wireless (Wi-Fi) Security
  • 4.2.1. Wireless Risks
  • 4.2.2. Wireless Controls
  • 4.3. Voice over IP Security

5. Endpoint Protection

  • 5.1. Endpoint Threats
  • 5.2. Endpoint Vulnerabilities
  • 5.3. End User Security Awareness
  • 5.4. Endpoint Device Hardening
  • 5.5. Endpoint Device Logging
  • 5.6. Mobile Device Security
  • 5.6.1. Mobile Device Risks
  • 5.6.2. Mobile Device Security Controls
  • 5.7. Internet of Things Security (IoT)
  • 5.7.1. Protecting IoT Devices

6. Application Security

  • 6.1. Secure SDLC Model
  • 6.2. Separation of Development, Test, and Production Environments
  • 6.3. Application Security Testing Approaches
  • 6.4. DevSecOps
  • 6.5. Waterfall Methodology and Security
  • 6.6. Agile Methodology and Security
  • 6.7. Other Application Development Approaches
  • 6.8. Application Hardening
  • 6.9. Application Security Technologies
  • 6.10. Version Control and Patch Management
  • 6.11. Database Security
  • 6.12. Database Hardening
  • 6.13. Secure Coding Practices

7. Encryption Technologies

  • 7.1. Encryption and Decryption
  • 7.2. Cryptosystems
  • 7.2.1. Blockchain
  • 7.2.2. Digital Signatures and Certificates
  • 7.2.3. PKI
  • 7.2.4. Key Management
  • 7.3. Hashing
  • 7.4. Encryption Algorithms
  • 7.5. Encryption Strategy Development
  • 7.5.1. Determining Critical Data Location and Type
  • 7.5.2. Deciding What to Encrypt
  • 7.5.3. Determining Encryption Requirements
  • 7.5.4. Selecting, Integrating, and Managing Encryption Technologies

8. Virtualization Security

  • 8.1. Virtualization Overview
  • 8.2. Virtualization Risks
  • 8.3. Virtualization Security Concerns
  • 8.4. Virtualization Security Controls
  • 8.5. Virtualization Security Reference Model

9. Cloud Computing Security

  • 9.1. Overview of Cloud Computing
  • 9.2. Security and Resiliency Cloud Services
  • 9.3. Cloud Security Concerns
  • 9.4. Cloud Security Controls
  • 9.5. Cloud Computing Protection Considerations

10. Transformative Technologies

  • 10.1. Artificial Intelligence
  • 10.2. Augmented Reality
  • 10.3. Autonomous SOC
  • 10.4. Dynamic Deception
  • 10.5. Software-Defined Cybersecurity

11. Summary

Domain 5 Strategic Planning, Finance, Procurement, and Vendor Management

1. Strategic Planning

  • 1.1. Understanding the Organization
  • 1.1.1. Understanding the Business Structure
  • 1.1.2. Determining and Aligning Business and Information Security Goals
  • 1.1.3. Identifying Key Sponsors, Stakeholders, and Influencers
  • 1.1.4. Understanding Organizational Financials
  • 1.2. Creating an Information Security Strategic Plan
  • 1.2.1. Strategic Planning Basics
  • 1.2.2. Alignment to Organizational Strategy and Goals
  • 1.2.3. Defining Tactical Short, Medium, and Long-Term Information Security Goals
  • 1.2.4. Information Security Strategy Communication
  • 1.2.5. Creating a Culture of Security

2. Designing, Developing, and Maintaining an Enterprise Information Security Program

  • 2.1. Ensuring a Sound Program Foundation
  • 2.2. Architectural Views
  • 2.3. Creating Measurements and Metrics
  • 2.4. Balanced Scorecard
  • 2.5. Continuous Monitoring and Reporting Outcomes
  • 2.6. Continuous Improvement
  • 2.7. Information Technology Infrastructure Library (ITIL) Continual Service Improvement (CSI)

3. Understanding the Enterprise Architecture (EA)

  • 3.1. EA Types
  • 3.1.1. The Zachman Framework
  • 3.1.2. The Open Group Architecture Framework (TOGAF)
  • 3.1.3. Sherwood Applied Business Security Architecture (SABSA)
  • 3.1.4. Federal Enterprise Architecture Framework (FEAF)

4. Finance

  • 4.1. Understanding Security Program Funding
  • 4.2. Analyzing, Forecasting, and Developing a Security Budget
  • 4.2.1. Resource Requirements
  • 4.2.2. Define Financial Metrics
  • 4.2.3. Technology Refresh
  • 4.2.4. New Project Funding
  • 4.2.5. Contingency Funding
  • 4.3. Managing the information Security Budget
  • 4.3.1. Obtain Financial Resources
  • 4.3.2. Allocate Financial Resources
  • 4.3.3. Monitor and Oversight of Information Security Budget
  • 4.3.4. Report Metrics to Sponsors and Stakeholders
  • 4.3.5. Balancing the Information Security Budget

5. Procurement

  • 5.1. Procurement Program Terms and Concepts
  • 5.1.1. Statement of Objectives (SOO)
  • 5.1.2. Statement of Work (SOW)
  • 5.1.3. Total Cost of Ownership (TCO)
  • 5.1.4. Request for Information (RFI)
  • 5.1.5. Request for Proposal (RFP)
  • 5.1.6. Master Service Agreement (MSA)
  • 5.1.7. Service Level Agreement (SLA)
  • 5.1.8. Terms and Conditions (T&C)
  • 5.2. Understanding the Organization’s Procurement Program
  • 5.2.1. Internal Policies, Processes, and Requirements
  • 5.2.2. External or Regulatory Requirements
  • 5.2.3. Local Versus Global Requirements
  • 5.3. Procurement Risk Management
  • 5.3.1. Standard Contract Language

6. Vendor Management

  • 6.1. Understanding the Organization’s Acquisition Policies and Procedures
  • 6.1.1. Procurement Life cycle
  • 6.2. Applying Cost-Benefit Analysis (CBA) During the Procurement Process5
  • 6.3. Vendor Management Policies
  • 6.4. Contract Administration Policies
  • 6.4.1. Service and Contract Delivery Metrics
  • 6.4.2. Contract Delivery Reporting
  • 6.4.3. Change Requests
  • 6.4.4. Contract Renewal
  • 6.4.5. Contract Closure
  • 6.5. Delivery Assurance
  • 6.5.1. Validation of Meeting Contractual Requirements
  • 6.5.2. Formal Delivery Audits
  • 6.5.3. Periodic Random Delivery Audits
  • 6.5.4. Third-Party Attestation Services (TPRM)

7. Summary

 35 Hours

Need help picking the right course?

Testimonials (5)

Overview of Risk topics and preparing for exam

Leszek - EY GLOBAL SERVICES (POLAND) SP Z O O
Course - CRISC - Certified in Risk and Information Systems Control

Instructor delivery of information; At the end of the day it was Gaurav who pulled off this topic focusing on building strong fundamentals and devising a methodology to be retained with us

Raheal Akhtar - Dubai Government Human Resources Department
Course - Certified Ethical Hacker

Experience of the trainor and interaction

Michael Angelo - Metropolitan Bank and Trust Company
Course - Cisco CCNA Syllabus in 5 Days

The trainer is so well informed and engaging.

Elias - Armscor
Course - Cisco ASA/Pix Operation

Ease and ease of conducting training.

Jarosław - Politechnika Wrocławska
Course - SIP protocol in VoIP

Machine Translated

Related Courses

CRISC - Certified in Risk and Information Systems Control

21 Hours

Description:

This class is intended as intense and hard core exam preparation for ISACA’s Certified Information Systems Auditor (CRISC) Examination. The latest four (4) domains of ISACA’s CRISC syllabus will be covered with a big focus on the Examination. The Official ISACA CRISC Review Manual and Question, Answer and Explanation, (Q,A&E), supplements will ALSO be provided when attending. The Q,A&E is exceptional in helping delegates understand the ISACA style of questions, the type of answers ISACA are looking for and it helps rapid memory assimilation of the material.

The technical skills and practices that ISACA promotes and evaluates within the CRISC certification are the building blocks of success in the field. Possessing the CRISC certification demonstrates your skill within the profession. With a growing demand for professionals holding risk and control expertise, ISACA’s CRISC has positioned itself to be the preferred certification program by individuals and enterprises around the world. The CRISC certification signifies commitment to serving an enterprise and the chosen profession with distinction.

Objectives:

  • To help you pass the CRISC examination first time.
  • Possessing this certification will signify your commitment to serving an enterprise with distinction.
  • The growing demand for professionals with risk and control skills will allow holders of this certification to command better positions and salary.

You will learn:

  • To help enterprises accomplish business objectives by designing, implementing, monitoring and maintaining risk-based, efficient and effective IS controls.
  • The technical skills and practices that CRISC promotes, which are the building blocks of success in the field.
Read more...

CEH - Certified Ethical Hacker v12

35 Hours

The CEH program covers a variety of topics that center around the Tactics and Procedures required to be a tactical cybersecurity professional. Focusing on the entire kill-chain process, CEH covers a variety of topics from foot printing and reconnaissance, to scanning, gaining access, maintaining access, and covering your tracks. This 5-phase ethical hacking process applies to a variety of scenarios including traditional on-premises networks, cloud, hybrid, IoT systems, and stretches across a variety of topologies and application environments. Students will learn a variety of tools and techniques across this evaluation process as well as how hackers will utilize the same TTPs to hack into organizations.

Read more...

Incident Response

21 Hours

Format of the Course

  • Interactive lecture and discussion.
  • Lots of exercises and practice.
  • Hands-on implementation in a live-lab environment.

Course Customization Options

  • To request a customized training for this course, please contact us to arrange.
Read more...

Threat Hunting

21 Hours

Format of the Course

  • Interactive lecture and discussion.
  • Lots of exercises and practice.
  • Hands-on implementation in a live-lab environment.

Course Customization Options

  • To request a customized training for this course, please contact us to arrange.
Read more...

EC-COUNCIL CERTIFIED INCIDENT HANDLER (ECIH)

21 Hours

It is a comprehensive specialist level program, that imparts knowledge and skills on how organisations can effectively handle post breach consequences by reducing the impact of the incident, both financially and reputationally. The learning objectives are emphasised through practical learning with 40% of this course covering hands-on experience of the latest incident handling and response tools, techniques, methodologies, frameworks, etc.

Read more...

Certified Penetration Testing Professional - CPENT

35 Hours

The Certified Penetration Testing Professional (CPENT) certification is a globally-recognized validation of an individual's knowledge and skills in the field of penetration testing or ethical hacking. CPENT-certified professionals demonstrate their ability to identify, assess and manage security vulnerabilities within a network infrastructure. The certification entails mastery of penetration testing methodologies, understanding of legal and regulatory concerns, and technical knowledge of attack vectors and countermeasures. Industries often require CPENT-certified professionals to safeguard their systems against malicious intruders. Thus, the CPENT certification serves as an assurance of a candidate's expert skill in securing networks and systems, crucial in a continually evolving cybersecurity landscape.

Read more...

CISA - Certified Information Systems Auditor

28 Hours

Description:

CISA® is the world-renowned and most popular certification for professionals working in the field of IS audit and IT risk consulting.

Our CISA course is an intense, very competitive and exam focused training course. With experience of delivering more than 150+ CISA trainings in Europe and around the world and training more than 1200+ CISA delegates, the Net Security CISA training material has been developed in house with the top priority of ensuring CISA delegates pass the ISACA CISA® Exam. The training methodology focuses on understanding the CISA IS auditing concepts and practicing large number of ISACA released question banks from the last three years. Over a period, CISA holders have been in huge demand with renowned accountings firms, global banks, advisory, assurance, and internal audit departments.

Delegates may have years of experience in IT auditing but perspective towards solving CISA questionnaires will solely depend on their understanding to globally accepted IT assurance practices. CISA exam is very challenging because the chance of a very tight clash between two possible answers exists and that is where ISACA tests you on your understanding in global IT auditing practices. To address these exam challenges, we always provide the best trainers who have extensive experience in delivering CISA training around the world.

The Net Security CISA manual covers all exam-relevant concepts, case studies, Q&A's across CISA five domains. Further, the Trainer shares the key CISA supporting material like relevant CISA notes, question banks, CISA glossary, videos, revision documents, exam tips, and CISA mind maps during the course.

Goal:

The ultimate goal is to pass your CISA examination first time.

Objectives:

  • Use the knowledge gained in a practical manner beneficial to your organisation
  • Provide audit services in accordance with IT audit standards
  • Provide assurance on leadership and organizational structure and processes
  • Provide assurance on acquisition/ development, testing and implementation of IT assets
  • Provide assurance on IT operations including service operations and third party
  • Provide assurance on organization’s security policies, standards, procedures, and controls to ensure confidentiality, integrity, and availability of information assets.

Target Audience:

Finance/CPA professionals, I.T. professionals, Internal & External auditors, Information security, and risk consulting professionals.

Read more...

Business Continuity Management

35 Hours

Description:

This is a 'Practitioner' course and leans heavily on practical exercises designed to reinforce the concepts being taught and to build the delegates' confidence in implementing business continuity management. The course is also designed to encourage debate, and the sharing of knowledge and experience between students.
Delegates will benefit from the practical and extensive experiences of ours trainers who are practicing business continuity management and ISO 22301:2019 specialists.

Delegates will learn how to:

  • Explain the need for business continuity management (BCM) in all organisations
  • Define the business continuity lifecycle
  • Conducting business continuity programme management
  • Understand their organisation sufficiently to identify mission-critical impact areas
  • Determine their organisation's business continuity strategy
  • Establish a business continuity response
  • Exercise, maintain and review plans
  • Embed business continuity in an organisation
  • Define terms and definitions appropriate to business continuity

By the end of the course, delegates will have a detailed understanding of all the key components of business continuity management and be able to return to their work, making a significant contribution to the business continuity management process.

Read more...

Building up information security according to ISO 27005

21 Hours

This course will give you the skills to build up information security according to ISO 27005, which is dedicated to information security risk management based on ISO 27001.

Read more...

HiTrust Common Security Framework Compliance

14 Hours

This instructor-led, live training in Saudi Arabia (online or onsite) is aimed at developers and administrators who wish to produce software and products that are HiTRUST compliant.

By the end of this training, participants will be able to:

  • Understand the key concepts of the HiTrust CSF (Common Security Framework).
  • Identify the HITRUST CSF administrative and security control domains.
  • Learn about the different types of HiTrust assessments and scoring.
  • Understand the certification process and requirements for HiTrust compliance.
  • Know the best practices and tips for adopting the HiTrust approach.
Read more...

Open Data Risk Analysis and Management

21 Hours

This instructor-led, live training in Saudi Arabia (online or onsite) focuses on analyzing the risks of Open Data while reducing vulnerability to disaster or data loss.

By the end of this training, participants will be able to:

  • Understand the concepts and benefits of Open Data.
  • Identify the different types of data.
  • Understand the risks of Open Data and how to mitigate them.
  • Learn how to manage Open Data risks and create a contingency plan.
  • Implement Open Data risk mitigation strategies to reduce disaster risk.
Read more...

Snyk

14 Hours

This instructor-led, live training in Saudi Arabia (online or onsite) is aimed at developers who wish to integrate Snyk into their development tools to find and fix security issues in their code.

By the end of this training, participants will be able to:

  • Understand the features and structure of Snyk.
  • Use Snyk to find and fix code security issues.
  • Integrate Snyk in a software development lifecycle.
Read more...

Cisco CCNA Syllabus in 5 Days

35 Hours

A 5 day practical networking course designed to familiarise students with Cisco IOS (version 12). The course details the key commands used to configure and secure Cisco routers and switches, and covers the CCNA syllabus - including wired and wireless LAN access.

Students will inter-connect networks by implementing static routes, distance-vector and link-state based dynamic routing protocols.

The devices will be configured to route traffic across LAN/VLAN//WAN boundaries, by encapsulating datagrams across serial data links using various WAN protocols, such as HDLC, Frame Relay, ISDN and PPP (with CHAP authentication). VLAN encapsulation/tagging will be via IEEE802.1Q/P.

Standard and Extended Access Control Lists will be configured and applied to router interfaces to filter traffic based on IP address and/or traffic type.

Students will configure static and dynamic NAT to route between private and public networks and cover the theory of Virtual Private Networks (VPN's)

Students will copy router configurations and IOS images to/from a TFTP Server. Privileged commands will be used to debug TCP/IP protocols to ensure proper operation of the routers. Students will also perform password recovery operations.

The course is primarily aimed at IP v4 but does give an overview of IP v6 addressing and covers migration from an IP v4 to an IP v6 network. Other protocols and technologies (VPN's / Wireless) may be demonstrated if time permits.

Course can be customised to precise requirements of customer.

Audience:

This course is suitable for anyone looking for a basic understanding of internetworking with Cisco devices and covers the CCNA syllabus.

Course is approximately 50% practical

Read more...

Cisco ASA/Pix Operation

28 Hours

A 4 day instructor-led practical course designed to familiarise delegates with the Cisco ASA Firewall CLI and ASDM. The course details the key commands used to configure and secure networks using the ASA Firewall with v8 of the operating system and version 6 of the ASDM.

Delegates will configure the ASA using the console port, TFTP server, telnet and SSH using local and RADIUS authentication. The device will be configured to utilise Syslog and SNMP.

ASA Firewalls will also be configured to use Access-Lists, Network Address Translation and VPN's utilising IPSec protocols. The course will cover the theory of Public/Private Keys, shared secret keys and their use in forming Site to site VPN's between ASA Firewalls using IKE and IPSec. Students will configure the units to create site to site VPN's, remote access VPN's using the Cisco Secure VPN Client and Web VPN's. The course will cover the theory of failover and delegates will configure Active/Standby failover on the ASA.

Privileged commands and protocol analyser traces will be used, where necessary, to debug protocols and ensure proper operation of the ASA Firewall. Students will also perform password recovery operations.

This course will involve interfacing the ASA with other network equipment, such as routers and switches, as would be expected in a network environment.

Audience:

Course is suitable for anyone involved in ASA firewall configuration and network security

Course is approximately 50% practical

Read more...

SIP protocol in VoIP

21 Hours

The course consists of two complementary parts – a theoretical and a practical one. The first is a one day introduction covering motivation, philosophy, fundamentals and rules of operation of the SIP protocol and ways it is used to implement telecom services with focus on IP telephony and VoIP. The second two-day part enables participants to learn practical aspects of service operation within a framework of hand-on laboratory exercises giving detailed insight into configuration of components of SIP telephony architecture, SIP signalling at both message sequence chart and internal message structure levels, and assists in understanding of typical problems and troubleshooting including security and telecom fraud aspects. The trainers will share their experience in launching, operation and management of SIP telephony covering also virtualization and cloud based solutions. Practical part is presented using both SIP hardphones and softphones and IP telephony servers (Asterisk and Freeswitch). Participants can take advantage of the fact trainers have got rich technical and business experience in IP telephony and submit their own problems and questions. They will be included in the agenda at wrap-up as a supplement to the training to meet current urgent needs of clients. Training is addressed to participants with basic knowledge and experience in telecom services – specifically in VoIP and IP networking.

Read more...

Related Categories

Image for Cisco category
Cisco
Image for Information Security Risk category
Information Security Risk
Image for EC-Council category
EC-Council