Security Awareness

Duration 1 days

Price £495.00 plus VAT

Edinburgh 17th July

London 15th July

Course Description
Aimed at a wide audience that may include people with little or no technical knowledge, this course makes extensive use of analogies, demonstrations, illustrative examples, and workshops to build a sophisticated insight into information security.

Who should attend? 
This course will significantly benefit Directors, Senior managers, auditors, and others with responsibily for information security.

Prerequisites: Basic IT literacy

Delivery Method: Instructor-led, classroom-delivery

Course Contents

Current Security Issues

  • Internal and external threats
  • Typical external breaches
  • Typical internal breaches
  • Physical security
  • Social engineering
  • Computer misuse?

Information Security

  • The Importance of Information Security
  • Positive reasons for implementing security
  • Legal obligations

Improving Security

  • How to improve security
  • Bottom-up approach
  • Top-down approach

Information Security concepts

  • Confidentiality
  • Integrity
  • Availability
  • Accountability
  • Auditing
  • Risk Management
  • Business impact analysis
  • Business continuity planning and security

ISO 17799

  • Overview of ISO 17799
  • Government requirements

Information Security and the Law

  • Introduction to Copyright
  • Copyright laws and how they affect the council
  • Computer Misuse Act (UK)
  • What constitutes computer misuse?
  • Data Protection Act 1998 (UK)
  • Examples of breaches
  • Data Protection Objectives
  • The Eight Principles
  • Council policy on Data Protection
  • Compliance with law
  • Typical policies on privacy

Security Policies

  • Policies, procedures, standards and controls
  • Why are policies important?
  • Email and Internet Policies
  • Risk factors
  • Malicious Code Statistics
  • Cookies And Security
  • Macro Viruses
  • Active Content. ActiveX, Java, Javascript
  • Why Are Viruses Able To Pass Through Firewalls
  • Polymorphic Viruses
  • Mail Viruses
  • Worms
  • Trojans
  • Dealing With An Infection
  • Malicious Code Statistics
  • Securing the Client
  • Email risk factors
  • Spam
  • Junk mail
  • Hoaxes
  • Attachments
  • Embedded web pages
  • Email etiquette
  • Detailed review of Electronic Mail and Internet Usage Policy

Access Control

  • Information assets
  • Information flow
  • Responsibilities of Data owners, custodians and users
  • Access control
  • Password policies
  • Secure passwords
  • How to create secure passwords that are easily remembered
  • Description and analysis of password policy

Remote Access And Mobile Users

  • VPNs and remote user security
  • Remote Access Servers
  • Laptop Security
  • DHCP

Overview security infrastructures

  • Firewalls
  • Firewall Capabilities
  • Intrusion detection
  • Network security controls

Monitoring auditing and policy enforcement

  • Content filtering
  • Email monitoring
  • Virus protection
  • Firewall logs
  • Server logs

Incident response

  • Types of incident
  • Virus and Malicious code infection
  • Viewing or distributing offensive material
  • Initial response policies and procedures
  • Forensic examination
  • Evidence handling
  • Chain of custody
  • Policies and procedures

Where do you go from here?

  • Spreading the word