Online Class: Information Security Myths -
What Are the Real Threats?
Cost: $150.00
Time: 160 minutes
Instructor: Darrin Mourer

This class is presented in four modules:

Section A (71 minutes) deals with external threats: patch application and awareness, firewall protection, web and database applications, and remote user protection.
Section B (32 minutes) addresses internal risk: unnecessary file and access permissions, backup protection, and network and packet sniffing. It also relates external threats to internal risk.
Section C (25 minutes) addresses bilateral threats: social engineering, physical security, and host level intrusion detection methodology.
The Topic Review (32 minutes) integrates all the above information.
Each session is tailored for management and staff with a focus on industry best practices, approaches and methods, issues and criteria, and common pitfalls to avoid.
Focus and Features:
This series of five modules addresses:

The most common myths related to information security;

The most common vulnerabilities and methods used to penetrate your network;

What can be gained from each point of an attack, and

Ways you can mitigate the risks associated with each entry point.

The course is organized into an Overview, three in-depth sections, and a Topic Review.

The FREE Overview (22 minutes) surveys recent changes in the business IT security environment and sets the scene and establishes the rationale for the technical sessions.

Section A (71 minutes) deals with external threats: patch application and awareness, firewall protection, web and database applications, and remote user protection.

Section B (32 minutes) addresses internal risk: unnecessary file and access permissions, backup protection, and network and packet sniffing. It also relates external threats to internal risk.

Section C (25 minutes) addresses bilateral threats: social engineering, physical security, and host level intrusion detection methodology.

The Topic Review (32 minutes) integrates all the above information.

Each session is tailored for management and staff with a focus on industry best practices, approaches and methods, issues and criteria, and common pitfalls to avoid.

Prerequisites:
You should have a good grasp of computer networking fundamentals, a basic understanding of network services, and a basic understanding of TCP/IP Communications protocols.

Learning Level:
Advanced technical concepts discussed

Who Should Attend:
Network and system administrators,

Security administrators or engineers,

Information Security Management and

Executive IT Management

What You Will Learn:
Darrin Mourer uses the “most common myths” related to information security as a tool for describing the vulnerabilities and methods used to penetrate your network. Here, you will learn about the best practices that are being used by other companies to create, develop and validate the IT security approach for the organization.

This comprehensive and systematic approach to information technology security in businesses provides a detailed illustration of security attacks, what can be gained from each point of an attack, and ways you can mitigate the risks associated with each attack.

Countering these “myths” leads you to best practices in information security:

Section A: External Threats

Myth #1 – I will patch my systems when I get around to it
Myth #2 – A firewall can offer me complete protection at the gateway.
Myth #3 – It is the responsibility of development to ensure our web site is secure.
Myth #4 – My home/remote users are outside the office. Therefore, I don’t need to protect them.

Section B: Internal Threats

Myth #5 – I can give my users and systems general level access to network resources.
Myth #6 – Backup Security is trivial
Myth #7 – My users are not savvy enough to install and run network and packet sniffing software.

Section C: Bilateral Threats

Myth #8 – My users are smart enough not to fall for social engineering tactics
Myth #9 – Physical Security Planning and Responsibility is the job of the facility manager.
Myth #10 – Network intrusion detection systems are sufficient to secure my network

Topic Review:

Summarizes and integrates how selecting the right business critical elements, and integrating the physical, operational, and informational security aspects are required for the enterprise security plan to succeed. This section also tells you where you can find help for your organization. It will help you understand the key items for each business critical element to reduce the risk of failure and to improve the ROI on security.