Security Architecture Design and Assessment Training

Learn the essentials of Enterprise Security Design for security engineering with this hands on information security course. This course will bring you up to speed on the latest security-specific architecture.

Award Winning Training

For 17 years InfoSec has been one of the most awarded and trusted IT training vendors - 42 industry awards!

Analysts Recommended

IDC lists Infosec as Major Player in their Security Training Vendor Assessment.

Security Architecture and Assessment Outline

Learn the essentials of Enterprise Security Design for security engineering with this hands on information security course. This course will bring you up to speed on the latest security-specific architecture.

Most importantly, Enterprise Security Architecture and Design shows you to implement the myriad of security technologies available on the market today in an effective and cost efficient manner.

A detailed outline of this course follows:

Day 1

Module 1 – Human Factors of Security 

The human factors that make implementing security difficult; Primary personality types encountered and their motivations for (or against) security initiatives; how social awareness can help corporate security efforts succeed.

Module 2 – Objectives of Security

The Active Defense approach to security; “Defense in Depth” model; Interaction between written and electronic policy; Layered approach to security including Perimeter Security, Network Security, Host Based Security, and Human Awareness

Module 3 – What The Hackers Know

Information on some of the quick and easy tools available for finding information that can be used in a more coordinated attack by hackers; Some common tools that identify network assets; How to show both technical and business managers the amount of information that is  exposed via the network Lab—CHEOPS, Site TelePort Pro, NTOP, NmapFE, KMAP

Module 4 – Enemies and Their Motivation

The most common hacker personality types; The reasons they participate in these activities; Common targets for these individuals

Day 2

Module 5 – Assessing Vulnerabilities

Practical application of risk assessment to an organization; Basic understanding of vulnerability categories; Conducting an assessment; Commonly found weak links in an assessment; Reviewing how ‘breaking’ into your own network can be a practical way to get an accurate assessment of your risk Lab – Vulnerability Assessment, exploit usage and windows password weaknesses

Module 6 – Objectives of Risk Management

Identifying specific areas where safeguards are needed to prevent deliberate or inadvertent unauthorized disclosure, modification, or unauthorized use of information, and denial of service • How much protection is required • How much exists • The most economical way of providing it • Reducing the identified risk to an acceptable level Lab – Risk Assessment and Costs

Module 7 – Defining Security Policy

Developing computer security policies and procedures for Corporations that have systems connected to the Internet. Provide practical guidance to administrators trying to secure their information and services.

Module 8 – Developing Electronic Policy

Security tools by and large require that you create electronic policies from the written security policy in order to enforce compliance on the network we examine e-policies, often referred to as electronic or enforceable policies, and how they are used. Lab – Translate Written Policy into E-Policy

Day 3

Module 9 – Policy Enforcement with Technology

Keeping the organization in compliance with their policies; Training and awareness programs; Enforcement using technical tools, Checking compliance and enforcing policy Lab – Responding to CERT Alerts

Module 10 – Electronic Policy Baselines for Systems

Developing good security through system baselines; Using scripts to automate baseline implementation; Tools for detecting system changes Lab – Security Configuration Manager

Module 11 – Structured Monitoring

Identifying policy and procedures; Log procedures using the Defense in Depth model; Identifying Critical and Weak link systems; Centralized, Remote, and Decentralized Monitoring; Hardening the Monitoring Stations; Minimizing Management Consoles

Day 4

Module 12 – Intrusion Detection and Centralized Monitoring

Setup of a centralized monitoring system for a corporation; Identify cost effective placement of monitoring devices; Remote administration of monitoring systems Lab – Snort & Packet Analysis

Module 13 – Overcoming Difficulty in Monitoring

Intrusion Detection: Differentiation of what is relevant to the Intrusion sequence, what is not relevant, and what is not part of the sequence. Lab – Analyzing Attacks

Module 14 – Identifying Attack Signatures

Identifying signature by category of attack • Identifying normal attack flow • Identifying inspection and evasion of IDS • Identifying potential false positives of IDS • Identifying limitations in IDS monitoring Lab – Integrity verification and log monitoring

Day 5

Module 15 – Justifying the Cost of Security

A business case is made for Return of Security Investment by showing some areas where security saves money on labor and other items.

Module 16 – Incident Investigation Methods

Incident investigation: the process, tools, and methods • Avoiding “contaminating” evidence • Definitions of common response terms • Identification of business and legal considerations • Understanding of the time sensitivity of response

Module 17 – Understanding the Logs

Tools and methods for identifying critical information contained in the log files Lab—IIS Log Analysis

Module 18 – Security Planning for Electronic Business

Overview of the considerations necessary to securely and successfully implement electronic business over the Internet, including: identifying the business structure required for conducting electronic business, identifying and minimizing the threats to electronic commerce, including threats that may involve electronic commerce ‘partners’.

Award-winning training that you can trust.

G2 Crowd High Performer

Technical Skills Development Software

Outstanding Partnership Award

Gold Winner

Best Cybersecurity Education Provider

Publisher's Choice

Security Training for Infosec Professionals

Top 20 Company

IT Training

View Pricing

We will never share any of your information, spam you or annoy you with pushy sales pitches.

Book your course

    Our Major Clients

    What Our Students Are Saying

    Without any question, InfoSec has the most gifted individual instructors. Our instructor for this class was both an excellent educator and a premier/world class security expert. He was able to clearly explain and impart to the students, the most complicated security techniques I have ever heard of or imagined. I simply can not find the words to recommend him and Infosec security training more highly.

    John Hollan GE

    Advanced Ethical Hacking Training Boot Camp

    Career Tracks

    • IT Audit Track

      The IT Audit track goes through all aspects of IT Auditing. Our goals with this set of courses is to create the most complete Security Auditor an organization could wish for.
    • Security Pro Track

      The Security Pro Track goes through all aspects of Information Security. Our goals with this set of courses is to create the most complete Security Specialist an organization could wish for.
    Ready to get started? Get instant pricing for this award-winning boot camp. View course pricing
    View instant course pricing