Summary

The following security courses developed and delivered by Sharp Innovation Solutions are offered through Building Blocks Technology.
- Information System Security Officer (ISSO) Orientation
- ISSO Lab Course
- Certified Information System Security Professional (CISSP) Boot Camp

ISSO Orientation

Dates and Registration
Ottawa
Monday, Feb 12-16, 2018 Register
Monday, May 7-11, 2018 Register

Duration:

5 days

Price:

$1,595

Audience:

This course is intended for officials in government or private industry working in the area of Information Security, wishing to become Information System Security Officer, or needing to advance their skills and knowledge in managing systems and organization security.

Overview:

This five-day overview program is based upon the National Security Agency’s Directive for National Training Standard. This standard is issued by the Committee on National Security Systems (CNSS) as specified in CNSSI No. 4014; Information System Security Officer (ISSO).

This course addresses the entry level standards which cover the fundamentals of Information Systems from a top- down approach. Various topics addressed in the course include IT Governance, certification and accreditation, public key infrastructures, configuration management, intrusion detection and incident response. Given a series of system security breaches, the ISSO will identify system vulnerabilities and recommend security solutions required to return the system to an operational level of assurance.

Participants will be able to:

  • Explain the importance of IT governance as part of the role of the ISSO responsibility.
  • Define Confidentiality, Integrity and Availability for Information Systems Security.
  • Describe the certification and accreditation and explain their importance for an organization and the ISSO.
  • Describe the necessities in implementing a site Security Policy and its importance to the Department of National Defence and to other organizations.
  • Explain the importance of reporting the status of site security for the ISSO.

Topics:

1. Introduction to ISSO

  • Introductions
  • Security Experience
  • Course Format
  • Security Mindset
  • Security References

2. Setting the Foundation

  • Security Concepts
  • Security Practices
  • Security Policies

3. Understanding your Role

  • ISSO Defined
  • Common Responsibilities
  • Types of ISSO
  • Type-specific Responsibilities

4. Understanding Site Security

  • Confidentiality, Integrity and Availability for Sites
  • Site Security Principles
  • The Role of Site Security Policy
  • Site Security Policies

5. Site Security Implementation and Operations

  • Plans and Procedures
  • Facility Approval
  • Operational Management
  • Access Control
  • Incident Response

6. Understanding System Security

  • Confidentiality, Integrity and Availability for Systems
  • System Security Principles
  • The Role of System Security Policy
  • System Security Policies

7. System Security Implementation and Operations

  • Know Your Enemy
  • Security Breach Impacts
  • Plans and Procedures
  • Security Mechanisms and Methods
  • Access Control
  • Operational Management
  • Media Handling
  • Policy Integration
  • Incident Response

8. System Development Life Cycle Basics

  • System Development Lifecycle Methodology
  • Threats and Vulnerabilities
  • Software Protection Mechanisms

9. Cryptography Basics

  • Types of Cryptography Systems
  • Symmetric and Asymmetric Cryptography
  • PKI and Key Management Issues
  • Crypto Attacks

10. Understanding Site and System Reporting

  • Report Categories
  • Measurement
  • Reporting Roles and Responsibilities
  • Reporting Audiences

11. Developing Incident and Continuous Reporting

  • Report Planning
  • Reporting Formats and Conventions
  • Reporting to Management
  • Legal Considerations

12. Achieving a Security Certification and Accreditation Posture

  • Certification and Accreditation
  • Certification Practices
  • Certification Elements
  • Personnel Accreditation
  • Systems Accreditation (Type Accreditation)
  • Accreditation Activities

Instruction Methodology:

The course is usually taught live in class but can also be taught remotely online via videoconference.

Participant Testimonials:

“Well done, very good overview!”

“In general course provided excellent information. the DND/CAF section actually put everything in perspective as for what my responsibilities are. Thank you for all the information.”

“All aspects were covered well and information all pertinent to subject.”

“Excellent knowledge base. The book will be a great reference!”

“Modules relating to DND/CAF information, regulations were well done.”

“Overall very good intro to the ISSO world.”

“Great course to raise our awareness of vulnerability of IT systems and provide good material to sensibilize our co-worker.”

“Glen is a very pleasent instructor who creates a casual, comfortable learning environment. He has a lot of relevent experience that benefits the learning of the material.”

“Well structured material presented in a logical manner.”

“Glen is knowledgable, effective at pointing out the necessary information about security and data privacy evolution.”

“Looking forward to attending future courses.”

“This course provides a very good overview of what the world of security entails.”

ISSO Lab Course

Dates and Registration
Ottawa
Monday, Mar 6-9, 2018 Register
Monday, May 28-31, 2018 Register

Duration:

4 days

Price:

$1,595.00

Audience:

Unit ISSO’s who have completed introductory training regarding information security principles and practices; experienced ISSO’s seeking an intermediate level of instruction, exercises, and hands-on experience with security tools; or for those needing to advance their skills and knowledge in managing site and/or system security at the Junior to Intermediate level of experience in IT Security.

Overview:

This four day intermediate level Information Systems Security Officer (ISSO) course expands upon the principles and concepts learned in the ISSO Orientation course by delving deeper into detail regarding the people, process and technology aspects of an ISSO’s role. This course sets the stage with an accelerated review of entry level security principles and concepts that quickly moves to more detailed security topics, discussions, demos, and hands-on exercises utilizing open source security tools.

Lecture material is further reinforced via individual and group exercises that include using tools that will demonstrate the capability of popular open source security tools used by many security professional today as a function of their role.

Topics:

ISSO Foundations Review

  1. Course Introduction
  2. The ISSO Role
  3. Disclaimer
  4. ISSO Readiness Recommendations
  5. IT Security Foundational Principles and Concepts
  6. Information Security Trends You Need to Know
  7. IT Governance and the Security Program
  8. Physical and Logical Security Controls and Safeguards

Overview of Government Security Policies, Directives, Standards and Guidelines

  1. GoC Policy on Government Security
  2. CSEC – Canada’s National Security Policy
  3. DND Policies and Security Orders
  4. Treasury Board MITS Operational Standard
  5. Assets and Information Classification Processes (Sensitivity and Criticality)
  6. Group exercise

Evaluation Methodologies Overview

  1. Understanding Common Criteria and Questions to Consider
  2. Evaluation Methodologies including Common Criteria
  3. Security Program Compliance processes
  4. Group exercise

Network Security Need to Know

  1. What you need to know and why
  2. Network Primer, Models, and Layers
  3. OSI Model
  4. TCPIP Architecture
  5. Defense in Depth (Prevention, Detection, Reaction, Recovery)
  6. Access Controls, Method and Procedures
  7. Hands-On activities using security tools

Media Security and Handling

  1. Counter Measures and Labeling
  2. Hardcopy Media
  3. Fax, Phone and Voicemail, Printers
  4. Magnetic Media
  5. Optical Media
  6. Communications Media
  7. Copper
  8. Fibre
  9. RF Wireless communications
  10. Demo on Wireless Sniffing and information reconnaissance

Risk Management

  1. Overview of Risk Management for ISSO Officers
  2. Risk Management Methodologies
  3. Threats and Vulnerabilities
  4. Threat Agents, Vectors and Exploits
  5. Threat Risk Assessments and the TBS Harmonized TRA methodology
  6. Group exercise

Incident Management, eDiscovery and Forensics

  1. Procedures for Incident Handling
  2. Incident Handling and Investigations
  3. Security breaches and high technology crimes
  4. Information Warfare and National Security
  5. Computer Crimes
  6. Criminal activity preparedness
  7. Hands-on exercise

Configuration Management, Business Continuity Planning and Crisis Management

  1. Definitions of CM, BCP and Crisis Management
  2. Configuration and Change Management
  3. Continuous Risk Services and Continuity of Critical Assets
  4. Nature and Human-Made Crises and Availability of Critical Services
  5. Group exercise

Certification and Accreditation

A Walk-Through of a service’s Certification and Accreditation Process - condensed (Group exercise)

  • Understand the importance of understanding the needs of the business to effectively implement reasonable and effective security controls and safeguards
  • Understand the importance of security policy and associated documents and practices that support an effective security program
  • Understand the relationship between people, process and technology processes supporting security implementations at the administrative, technical and physical perspectives
  • Understand the importance of layering security implementations of controls and safeguards that support preventive, detective, response and recovery processes
  • Make use of some of the security tools via demo’s, and hands-on exercises to reinforce the presentation of information during class

Participant Testimonials:

"The lectures were excellent."

"Very well done for background system hacking."

"Excellent instructor. I have enjoyed both this and the ISSO Orientation course."

CISSP Boot Camp

Dates and Registration
Ottawa
Monday, Mar 19-23, 2018 Register
Monday, Apr 30-May 4, 2018 Register
Monday, June 11-15, 2018 Register

Duration:

5 days

Price:

$2,495

Audience:

The CISSP certification is relevant for middle to senior level Managers, and network engineers, security planners, administrators, and practitioners in the security field, seeking a higher understanding regarding the theory and models of information security and the relationship to effective, practical security implementations.

Overview:

This intensive 5-day course provides students with an understanding of the 8 domains of security represented by the ISC2 CISSP Common Body of Knowledge regarding Information, Infrastructure, and Physical security.

These 8 domains represent a vendor neutral overview of the Information Technology spectrum related to security management practices. Through a series of lectures, discussions and practice quizzes, the student will gain knowledge of these concepts and gain an understanding of the areas of study required prior to taking the CISSP exam.

Topics:

CISSP® Domains

The CISSP domains are drawn from various information security topics within the (ISC)2 CBK. The CISSP CBK consists of the following 8 domains:

Security and Risk Management

(Security, Risk, Compliance, Law, Regulations, and Business Continuity)

  • Confidentiality, integrity, and availability concepts Security governance principles Compliance
  • Legal and regulatory issues Professional ethic Security policies, standards, procedures and guidelines

Asset Security

(Protecting Security of Assets)

  • Information and asset classification
  • Ownership (e.g. data owners, system owners)
  • Protect privacy
  • Appropriate retention
  • Data security controls
  • Handling requirements (e.g. markings, labels, storage)

Security Engineering

  • (Engineering and Management of Security)
  • Engineering processes using secure design principles
  • Security models fundamental concepts
  • Security evaluation models
  • Security capabilities of information systems
  • Security architectures, designs, and solution elements vulnerabilities
  • Web-based systems vulnerabilities
  • Mobile systems vulnerabilities
  • Embedded devices and cyber-physical systems vulnerabilities
  • Cryptography Site and facility design secure principles
  • Physical security

Communication and Network Security

(Designing and Protecting Network Security)

  • Secure network architecture design (e.g. IP & non-IP protocols, segmentation)
  • Secure network components
  • Secure communication channels
  • Network attacks

Identity and Access Management

(Controlling Access and Managing Identity)

  • Physical and logical assets control
  • Identification and authentication of people and devices
  • Identity as a service (e.g. cloud identity)
  • Third-party identity services (e.g. on-premise)
  • Access control attacks
  • Identity and access provisioning lifecycle (e.g. provisioning review)

Security Assessment and Testing

(Designing, Performing, and Analyzing Security Testing)

  • Assessment and test strategies
  • Security process data (e.g. management and operational controls)
  • Security control testing Test outputs (e.g. automated, manual)
  • Security architectures vulnerabilities

Security Operations

(Foundational Concepts, Investigations, Incident Management, and Disaster Recovery)

  • Investigations support and requirements
  • Logging and monitoring activities
  • Provisioning of resources
  • Foundational security operations concepts
  • Resource protection techniques
  • Incident management
  • Preventative measures
  • Patch and vulnerability management
  • Change management processes
  • Recovery strategies
  • Disaster recovery processes and plans
  • Business continuity planning and exercises
  • Physical security
  • Personnel safety concerns

Software Development Security

(Understanding, Applying, and Enforcing Software Security)

  • Security in the software development lifecycle
  • Development environment security controls
  • Software security effectiveness
  • Acquired software security impact

Instruction Methodology:

This is an exam preparation course taught in class with an instructor via lecture, discussion, and practice quizzes.

Skills Taught:

Upon completion of this course, participants will be able to:

  • Understand information security and risk management concepts and practices and their relationship to the needs of the business
  • Differentiate between the tools available for the protection of information
  • Explain the mechanisms required to provide assurance of information security controls
  • Understand the threats and vulnerabilities to information technology

Participant Testimonials:

"The reference material provided was excellent"

"[The instructor] was fantastic. Very engaging by using real life examples. Well done!!!"

"Building Blocks Technologies catered to the class very well by going above and beyond the call of duty!"

"I did enjoy very much the course, the refreshments were very yummy!"

"Appreciated course. Head start for my personal study. Very relaxing and friendly interactions/discussions."

© 2008-2022 Sharp Innovation Solutions Inc. Contact Me