Overview:
Learn how to integrate principles of business, risk management, information technology and security, and engineering to achieve tangible results in increasing the security of your organization’s information. Master the use of risk assessment to quantify critical information security (InfoSec) issues in
your practice and company. Once the issues have been identified, best-practice countermeasures can be applied to prevent and/or mitigate the risk of InfoSec events, e.g., denial of service attacks. InfoSec methods increase security, reduce overall costs, enhance quality, support operational excellence
and increase organizational resilience. By completing this course, you will be equipped to support and champion the implementation of sound InfoSec practices in your organization. Participants who pass the course exam will receive IISE’s Information Security Certification.
What you will learn:
At the conclusion of the course, participants will be able to:
- Use concepts and terminology of InfoSec or Information Security
- Discuss the history of InfoSec, risk management and security operations
- Align InfoSec with major standards and frameworks, e.g., the NIST Cybersecurity Framework
- Utilize fundamental methods of InfoSec, including risk assessment, testing and operations monitoring
- Identify and describe roles on an InfoSec implementation
Course Content:
- Information security (InfoSec) concepts, terms and structure
- InfoSec history
- Engineering and technology underpinnings of InfoSec
- Infrastructure of InfoSec, e.g., networks, Internet protocols, databases, Internet of Things (IoT)
- InfoSec and business processes
- Teamwork, structural roles, and organizational factors in implementing InfoSec
- Current InfoSec issues and challenges, e.g., business, government, social, and digital identity
- InfoSec standards and regulations, e.g., HIPAA
- InfoSec industry segmentation, e.g., energy, finance, health, infrastructure, and manufacturing
- Risk management methods in InfoSec, e.g., risk assessment, prioritization, and mitigation
- Best practices and frameworks, e.g., from NIST
- Statistical methods for InfoSec, e.g., process monitoring, analytics and user studies
- Design for InfoSec effectiveness
- InfoSec mischief and evil, e.g., hacking, malware, denial of service, phishing, and ransomware
- Dark web
- InfoSec scales, e.g., individual, local or wireless area network, Intranet and Internet
- InfoSec operations and monitoring
- InfoSec events, e.g., detection, defense, isolation, communication, and recovery
- InfoSec and ergonomics, human factors and safety, e.g., passwords, backups and safe surfing
- InfoSec testing and exercises, e.g., hackathons, cyber-ranges, and password poka-yoke
- Firewalls and malware scanners for InfoSec
- InfoSec and resilience
- InfoSec case studies