Practitioner Certificate in Information Assurance Architecture (PCiIAA)
|
|
- Lenard Allen
- 7 years ago
- Views:
Transcription
1 Practitioner Certificate in Information Assurance Architecture (PCiIAA) 15 th August, 2015 v2.1
2 Course Introduction 1.1. Overview A Security Architect (SA) is a senior-level enterprise architect role, either within a dedicated security team or as part of a more general Enterprise Architecture (EA) team. This course prepares the student to challenge either the British Computer Society s Practitioner Certificate in Information Assurance Architecture (PCiIAA) exam or the CREST Registered Technical Security Architect (CRTSA) exam for Senior or Lead Practitioners. It has been designed to cover all learning objectives required of all domains covered in both certifications. PCiIAA explains what the role of a Security Architect is, covering responsibilities, as well as the business, technical, procedural and administrative requirements of the role. The role of the SA originates from a modern approach to IT in business, known as Enterprise Architecture, as explained by a variety of frameworks in use today, such as TOGAF, MODAF, DODAF and Zachman, all of which have their own views pertaining to security architecture. Definition: The term architecture is defined as, The fundamental organization of a system, embodied in its components, their relationships to each other and the environment, and the principles governing its design and evolution, (ISO/IEC 42010:2007). When attempting to build an architecture that is considered secure, the architect must first understand the business environment the systems need to provide for, as well as the technical controls that are available to the architect that can be called upon to address the threats against confidentiality, integrity and availability. These three main tenets of security confidentiality, integrity and availability sit at the heart of all IT security work, however, the job of the architect is as much aligned to the needs of the business as it is to the technical aspects of architecture. This is not suggesting that the SA should not be technical, as a technical person can often discharge the responsibilities of an SA, however, that person must first be aware of the bigger business picture prior to developing a technical solution. This is exactly what the PCiIAA course is all about explaining to the student what it takes to be an SA and how that differs from being a technical or administrative (non-technical, such as policy writing, risk assessments, etc.) security subject matter expert. Security architecture is not just about preventing specific attacks. Instead it is about providing a multi-layered set of defences against different kinds of attack by implementing the most appropriate and cost-effective security controls. This course is aimed at the following staff: Students who wish to gain the BCS PCiIAA or CREST's CRTSA certificate and qualify as a Practitioner, Senior Practitioner or Lead Practitioner in Security Architecture under the CESG Certified Professional (CCP) scheme. System administrators who wish to become security architects. Technical architects looking to move into the field of security architecture. Security professionals wanting to gain an appreciation of the technical and business aspects of their profession, or move into a more senior architecture role. The award of the PCiIAA or CRTSA Certificate provides part of the demonstration of competence at Practitioner, Senior or Lead Practitioner level of the CESG Certified Professional Scheme as outlined InfoSec Skills Limited All rights reserved. Page 2 of 8
3 in the Certification Framework for Information Assurance specialists developed by CESG, the UK National Technical Authority for Information Assurance. Certification as a CESG recognised IA Practitioner or Senior Practitioner against this framework requires demonstration of core skills equivalent to those covered by this syllabus, together with some specialist knowledge of UK Government security policies and procedures. To be certified as a CESG Certified Professional you will also need to complete a Written Submission and attend an Expert Interview with one of the accrediting bodies, the British Computer Society (BCS) or the Institute of Information Security Professionals (IISP) The Security Architect Role Based on a set of skills defined by the Institute of Information Security Professionals (IISP) the UK Government s GCHQ department, CESG, has defined a number of Information Assurance (IA) roles most commonly used across the UK public sector. One such job role is the IA Architect, which is also referred to in industry as the Security Architect (SA). CESG has developed a framework for certifying IA professionals who meet competency and skill requirements for these specified IA roles ( The British Computer Society (BCS) and CREST have worked closely with CESG to produce syllabi that reflect the learning objectives in support of training and certification of IA Architects. Achievement of this certificate demonstrates the candidate s competence to fulfil the role as a Practitioner, Senior Practitioner or Lead Practitioner Information Assurance Architect ( IA Architect ) under the CESG Certified Professional Scheme (CCP). An IA Architect must be able to drive beneficial security change into an organisation through the development or review of security architectures so that they: Fit business requirements for security. Mitigate identified risks and conform to relevant corporate security policies. Balance information risk against the cost of countermeasures. The Senior Security Architect role corresponds broadly to SFIA Responsibility Level 4 (enable) and Knowledge Level K4 (analyse). This course aligns to Level 3 (Skilful Application) competence as defined in the Skills Framework developed by the IISP. Note: This Practitioner Level Certificate is one of a series of certificates available from BCS or CREST in the area of Information Security and Information Assurance. A Foundation Level certificate, the Certificate in Information Security Management Principles (CISMP), is also available. Details of these other certifications are available from the BCS or CREST Web Sites: & Certification in Security Architecture Students that have successfully completed the final PCiIAA will be able to: Describe the business environment and the information risks that apply to systems. Describe and apply security design principles. Identify information risks that arise from potential solution architectures. Design alternate architectures or countermeasures to mitigate identified information risks. Ensure that proposed architectures and countermeasures adequately mitigate identified information risks. Apply standard ' security techniques and architectures to mitigate security risks. Develop new architectures that mitigate the risks posed by new technologies and business InfoSec Skills Limited All rights reserved. Page 3 of 8
4 practices. Provide consultancy and advice to explain Information Assurance and architectural problems. Securely configure ICT systems in compliance with their approved security architectures Prerequisites There are no formal entry requirements for candidates taking the examination for the Practitioner Certificate in Information Assurance Architecture. However, candidates will require a broad understanding of all aspects of Information Security and Information Assurance equivalent to the BCS Certificate in Information Security Management Principles (CISMP). Candidates will also need practical experience of the areas of expertise covered within the syllabus. Table 1 - Course Summary Module Number of Topics Time in Hours Module 1 The Basics of Security Architecture 4 6 Module 2 Advanced Security Architecture Concepts 3 14 Module 3 Information Assurance Methodologies 4 8 Module 4 Innovation and Business Improvement 4 6 Module 5 Security Across the Lifecycle 1 4 Module 6 Preparation for the PCiIAA and CRTSA Exams and Mock Exam 2 2 Totals Assessment At the end of each module the student is encouraged to undertake an assessment to assess their knowledge of the material provided in that module and to see if the objectives of the module have been met. Throughout the course quizzes are undertaken that enables a student to test their knowledge of the information covered in that topic. Both the BCS and CREST exam are based on the syllabus in this document. Both are closed book examination (no materials can be taken into the examination room) and consist of: A number of multiple choice single answer questions based on technical aspects of the syllabus. Scenario-based questions. Each scenario will be based around describing the threats, vulnerabilities and mitigations for that scenario. Candidates will need to read all scenarios carefully, and read and consider all questions and their implications before selecting answers. All aspects of the syllabus may be questioned. InfoSec Skills Limited All rights reserved. Page 4 of 8
5 Module 1 The Basics of Security Architecture This module takes 6 hours Introduction What is Security Architecture? This module lays down the foundation of understanding of what it means to be a security architect and what the basic principles of architecture are. It describes the relationship to Enterprise Architecture Frameworks and how some of these frameworks address security. Security architecture is at the heart of what it is to be a security architect. However, unlike technical architecture work, where components are added together to create an end-solution based on technical know-how, security architecture adopts a framework approach for deploying patterns of risk-reducing technology that provide varying levels of assurance depending on the underlying security requirements. Being an SA is a technical job, without doubt, but the key to success in these areas comes from detailed knowledge of what comprises security technology in terms of product assurance, network and technical design/development work (using secure development principles) and the trade off between physical, logical and procedural controls Module Learning Outcomes: Describe the role of the security architect and the concept of security architectures in context of enterprise architectures. Explain the skills, especially soft skills, an SA must possess. Explain the concepts and design principles used by security architects when designing systems. Design principles such as least privilege, segregation of duties are described. Describe security architectures at a high level using appropriate contextual terms and have enough knowledge to describe architectural concepts related to security concerns. Explain the importance of design patterns and conceptual architectures. Recognise separation of systems as a way to reduce risk Topics What is Security Architecture? The Role of a Security Architect. Security Design Principles. Conceptual Architectures. 2. Module 2 Advanced Security Architecture Concepts This module takes 14 hours Introduction This module builds on the Module 1, laying down the next level of detail for a variety of architectural concepts. It starts by describing security mechanisms, such as cryptographic mechanisms. It then goes on to describe a wide range of security services. Finally the module describes how the security services can be applied within a system and how design patterns are an important tool for a SA Module Learning Outcomes: Describe common methods for identification and authentication. Describe common methods for access control. Describe requirements and methods for auditing and alerting. Describe common methods for content control, such as anti-virus and data loss prevention. Describe common cryptographic based services, such as a public key infrastructure. InfoSec Skills Limited All rights reserved. Page 5 of 8
6 Describe intruder detection and prevention services and their placement in systems. Describe the role of directories in a system. Describe the functions of security management within a system. Describe a wide range of network security controls and the threats they counter. This includes layer 2 controls and the use of packet filtering and firewalls. Identify common methods for resilience and recognise different recovery capabilities and techniques, including back-up and audit trails. Identify security aspects of virtualisation. Describes the threats to Industrial Control Systems and appropriate countmeasures. Appreciate practicality as an issue in the selection of security mechanisms. Appreciate the need for correctness of input and on-going correctness of all stored data including parameters for all generalised software. Distinguish between different cryptographic mechanisms and techniques. Appreciate the use of threat modelling techniques to establish where security services should be positioned within a system. Describe a number of design patterns being able to explain the threats and security controls used to counter the threats Topics Core Security Mechanisms. Security Services, Part 1, Part 2 and Part 3. Security Design. 3. Module 3 Information Assurance Methodologies This module takes 8 hours Introduction This module goes into the various methodologies and techniques that can be used to assure the implementation of a system or a product. This includes the purpose of vulnerability and penetration testing Module Learning Outcomes: Explain a wide range of Information Assurance methodologies. Compare the benefits of using different methodologies. Describe how Information Assurance methodologies can reduce risk. Employ methods, tools and techniques for identifying potential vulnerabilities. Apply different testing strategies depending on the risk profile of a system. Recognise that business processes need to be tested and not just the ICT elements. Explain the role of vulnerability and penetration testing. Plan and manage a penetration test. Explain the typical structure of a penetration test report. Describe the typical findings of a penetration test report Topics Information Assurance Frameworks. Product and Service Assurance. Cryptographic Assurance. Vulnerability and Penetration Testing. InfoSec Skills Limited All rights reserved. Page 6 of 8
7 Module 4 Innovation and Business Improvement This module takes 6 hours Introduction This module explains how security can drive change and improve business functions when done properly. Different business scenarios and sectors can drive a wide variety of security architecture innovations and changes and it s important that the accomplished security architect has a good understanding of business practices, such as mergers, outsourcing and SaaS solutions Module Learning Outcomes: Discuss the security implications of business transition (mergers, de-mergers, in-sourcing and out-sourcing, etc.). Describe the nature of organisational risk culture and exposure. Recognise security as a business enabler. Describe continuous improvement as a philosophy. Propose security metrics. Describe a number of different IA maturity models Topics Business Change, Security Metrics and ROI. Risk, Security Postures and Security Culture. Security as a Business Enabler. IA Maturity Models. 4. Module 5 Security Across the Lifecycle This module takes 4 hours Introduction This final module introduces the Security Architect to the various security concerns and considerations when embarking on a new development project all the way to in-service support. It pulls together many of the previous points in the course. This module looks at auditing and traceability of solutions, building systems using COTS or bespoke code (and the complications of each choice), some aspects related to the business matters needing consideration when embarking on a secure development programme, and how systems are accepted as fit for purpose and put into an operational capacity Module Learning Outcomes: Describe the typical Terms of Reference of a SA. Explain why it is important to brief engineering teams at the start of a development process. Describe the concepts of audit and traceability. Describe the different types of design artefacts at the conceptual, logical and physical layers. Recognise the security issues associated with commercial off-the-shelf / outsourced / off shore systems / applications / products. Describe the role of hardening and coding standards in the development of a system and sources of guidance. Discuss the importance of links with the whole business process. Identify the benefits of separation of development, test and support from operational systems. Describe the processes for authorising business systems for use. InfoSec Skills Limited All rights reserved. Page 7 of 8
8 Recognise the benefits of independent certification that new or modified systems meet their security policy. Recognise the need for change control for systems under development to maintain software integrity. Describe procedures for the handling of security patches. Identify the reasons for escrow of source code. Identify common programming vulnerabilities. Describe the OWASP top ten risks. Discuss the need for development environment integrity Topics Security across the lifecycle. Module 6 Preparation for the PCiIAA and CRTSA Exams and Mock Exam This module takes 2 hours Introduction This final module will prepare the student for the PCiIAA or the CRTSA examinations to be undertaken during one of the public examinations conducted by the BCS or CREST Module Learning Outcomes: At the end of this module the student will: Understand the format and scoring of the examination Be prepared to take the PCiIAA examination and pass! Be prepared to take the CRTSA examination and pass! 4.6. Topics Format, structure and scoring of the PCiIAA examination Format, structure and scoring of the CRTSA examination Mock Examination, using the BCS sample paper InfoSec Skills Limited All rights reserved. Page 8 of 8
CESG Certification of Cyber Security Training Courses
CESG Certification of Cyber Security Training Courses Supporting Assessment Criteria for the CESG Certified Training (CCT) Scheme Portions of this work are copyright The Institute of Information Security
More informationApplication Guidance CCP Penetration Tester Role, Practitioner Level
August 2014 Issue No: 1.0 Application Guidance CCP Penetration Tester Role, Practitioner Level Application Guidance CCP Penetration Tester Role, Practitioner Level Issue No: 1.0 August 2014 This document
More informationApril 2015 Issue No:1.0. Application Guidance - CCP Security and Information Risk Advisor Role, Practitioner Level
April 2015 Issue No:1.0 Application Guidance - CCP Security and Information Risk Advisor Role, Practitioner Level Application Guidance CCP Security and Information Risk Advisor Role, Practitioner Level
More informationCyber Security Consultancy Standard. Version 0.2 Crown Copyright 2015 All Rights Reserved. Page 1 of 13
Cyber Security Consultancy Standard Version 0.2 Crown Copyright 2015 All Rights Reserved Page 1 of 13 Contents 1. Overview... 3 2. Assessment approach... 4 3. Requirements... 5 3.1 Service description...
More informationFebruary 2015 Issue No: 5.2. CESG Certification for IA Professionals
February 2015 Issue No: 5.2 CESG Certification for IA Professionals Issue No: 5.2 February 2015 The copyright of this document is reserved and vested in the Crown. This document may not be reproduced or
More informationCREST EXAMINATIONS. CREST (GB) Ltd 2016 All Rights Reserved
CREST EXAMINATIONS This document and any information therein are the property of CREST and without infringement neither the whole nor any extract may be disclosed, loaned, copied or used for manufacturing,
More informationBCS Certificate in Information Security Management Principles Syllabus
BCS Certificate in Information Security Management Principles Syllabus Version 7.6 March 2015 Contents Change History... 3 Background... 4 Aims and Objectives... 4 Objectives... 4 Target Group... 4 Prerequisite
More informationLogical Operations CyberSec First Responder: Threat Detection and Response (CFR) Exam CFR-110
Logical Operations CyberSec First Responder: Threat Detection and Response (CFR) Exam CFR-110 Exam Information Candidate Eligibility: The CyberSec First Responder: Threat Detection and Response (CFR) exam
More informationA Guide to the Cyber Essentials Scheme
A Guide to the Cyber Essentials Scheme Published by: CREST Tel: 0845 686-5542 Email: admin@crest-approved.org Web: http://www.crest-approved.org/ Principal Author Jane Frankland, Managing Director, Jane
More informationAUSTRALIAN GOVERNMENT INFORMATION MANAGEMENT OFFICE CYBER SECURITY CAPABILITY FRAMEWORK & MAPPING OF ISM ROLES
AUSTRALIAN GOVERNMENT INFORMATION MANAGEMENT OFFICE CYBER SECURITY CAPABILITY FRAMEWORK & MAPPING OF ISM ROLES Final Report Prepared by Dr Janet Tweedie & Dr Julie West June 2010 Produced for AGIMO by
More informationINTERMEDIATE QUALIFICATION
PROFESSIONAL QUALIFICATION SCHEME INTERMEDIATE QUALIFICATION SERVICE CAPABILITY PLANNING, PROTECTION AND OPTIMIZATION CERTIFICATE SYLLABUS The Swirl logo is a trade mark of the Cabinet Office ITIL is a
More informationInformation security controls. Briefing for clients on Experian information security controls
Information security controls Briefing for clients on Experian information security controls Introduction Security sits at the core of Experian s operations. The vast majority of modern organisations face
More informationWhy compromise on the quality of your cyber security training? How APMG, CESG and QA accreditations ensure the highest possible training standards
Why compromise on the quality of your cyber security training? How APMG, CESG and QA accreditations ensure the highest possible training standards Cyber Security CESG Certified Training // 2 Contents 3
More information3.5 IPv6 Forum Certified Security Course, Engineer, Trainer & Certification (GOLD)
3.5 IPv6 Forum Certified Security Course, Engineer, Trainer & Certification (GOLD) The IPv6 Forum Certified Security Program (Security Course, Security Engineer, Security Trainer and Security Degree Exams
More informationGrowth Through Excellence
Growth Through Excellence Public/Private Cloud Services Service Definition Document G- Cloud 5 REFERENCE NUMBER RM1557v Table of Contents Table of Contents... 3 Executive Summary... 4 About the Company...
More informationService Definition Document
Service Definition Document QinetiQ Secure Cloud Protective Monitoring Service (AWARE) QinetiQ Secure Cloud Protective Monitoring Service (DETER) Secure Multi-Tenant Protective Monitoring Service (AWARE)
More informationCYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility
CYBER SECURITY AND RISK MANAGEMENT An Executive level responsibility Cyberspace poses risks as well as opportunities Cyber security risks are a constantly evolving threat to an organisation s ability to
More informationBCS Specialist Certificate in Business Relationship Management Syllabus. Version 1.9 March 2015
BCS Specialist Certificate in Business Relationship Management Syllabus Version 1.9 March 2015 BCS Specialist Certificate in Business Relationship Management Syllabus Contents Change History... 2 Rationale...
More informationWe are Passionate about Total Security Management Architecture & Infrastructure Optimisation Review
We are Passionate about Total Security Management Architecture & Infrastructure Optimisation Review The security threat landscape is constantly changing and it is important to periodically review a business
More informationInformation Technology Engineers Examination. Information Security Specialist Examination. (Level 4) Syllabus
Information Technology Engineers Examination Information Security Specialist Examination (Level 4) Syllabus Details of Knowledge and Skills Required for the Information Technology Engineers Examination
More informationIBM Security in the Software Development Lifecycle
IBM Security in the Software Development Lifecycle Service Definition 1 1. Summary 1.1 Service Description This offering is provided by IBM Global Technology Services, Security and Privacy, for the design
More informationBuild (develop) and document Acceptance Transition to production (installation) Operations and maintenance support (postinstallation)
It is a well-known fact in computer security that security problems are very often a direct result of software bugs. That leads security researches to pay lots of attention to software engineering. The
More informationCESG Certified Professional
CESG Certified Professional Verify your skills and competence in information assurance Now open to cyber security professionals working in UK industry CONTENTS 1. Introduction 2. IA in Context: Why Professionalism
More informationIT Heath Check Scoping guidance ALPHA DRAFT
IT Heath Check Scoping guidance ALPHA DRAFT Version 0.1 November 2014 Document Information Project Name: ITHC Guidance Prepared By: Mark Brett CLAS Consultant Document Version No: 0.1 Title: ITHC Guidance
More informationJanuary 2015 Issue No: 2.1. Guidance to CESG Certification for IA Professionals
January 2015 Issue No: 2.1 Guidance to Issue No: 2.1 January 2015 The copyright of this document is reserved and vested in the Crown. This document may not be reproduced or copied without specific permission
More informationensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster
Security Standards Symantec shall maintain administrative, technical, and physical safeguards for the Symantec Network designed to (i) protect the security and integrity of the Symantec Network, and (ii)
More informationISSECO Syllabus Public Version v1.0
ISSECO Syllabus Public Version v1.0 ISSECO Certified Professional for Secure Software Engineering Date: October 16th, 2009 This document was produced by the ISSECO Working Party Syllabus Introduction to
More informationIT Security. Securing Your Business Investments
Securing Your Business Investments IT Security NCS GROUP OFFICES Australia Bahrain China Hong Kong SAR India Korea Malaysia Philippines Singapore Sri Lanka Securing Your Business Investments! Information
More informationARCHITECTURE SERVICES. G-CLOUD SERVICE DEFINITION.
ARCHITECTURE SERVICES. G-CLOUD SERVICE DEFINITION. Table of contents 1 Introduction...3 2 Architecture Services...4 2.1 Enterprise Architecture Services...5 2.2 Solution Architecture Services...6 2.3 Service
More informationPractitioner Certificate Software Asset Management Syllabus. Version 2.0
Practitioner Certificate Software Asset Management Syllabus Version 2.0 June 2010 Practitioner Certificate in Software Asset Management The ISEB Practitioner Certificate in Software Asset Management (SAM)
More informationCESG CIR SCHEME AND CREST CSIR SCHEME FREQUENTLY ASKED QUESTIONS
CESG CIR SCHEME AND CREST CSIR SCHEME FREQUENTLY ASKED QUESTIONS QUESTION General What is the Cyber Security Incident Response (CSIR) Scheme? What is the Cyber Incident Response (CIR) scheme? Why have
More informationSRA International Managed Information Systems Internal Audit Report
SRA International Managed Information Systems Internal Audit Report Report #2014-03 June 18, 2014 Table of Contents Executive Summary... 3 Background Information... 4 Background... 4 Audit Objectives...
More informationG-Cloud III Services Service Definition Accenture Cloud Security Services
G-Cloud III Services Service Definition Accenture Cloud Security Services 1 Table of contents 1. Scope of our services... 3 2. Approach... 3 3. Assets and tools... 4 4. Outcomes... 5 5. Pricing... 5 6.
More informationA Decision Maker s Guide to Securing an IT Infrastructure
A Decision Maker s Guide to Securing an IT Infrastructure A Rackspace White Paper Spring 2010 Summary With so many malicious attacks taking place now, securing an IT infrastructure is vital. The purpose
More informationCloud Security Specialist Certification Self-Study Kit Bundle
Cloud Security Specialist Certification Bundle CloudSchool.com CLOUD CERTIFIED Technology Professional This certification bundle provides you with the self-study materials you need to prepare for the exams
More informationSytorus Information Security Assessment Overview
Sytorus Information Assessment Overview Contents Contents 2 Section 1: Our Understanding of the challenge 3 1 The Challenge 4 Section 2: IT-CMF 5 2 The IT-CMF 6 Section 3: Information Management (ISM)
More informationBCS Specialist Certificate in Service Desk & Incident Management Syllabus
BCS Specialist Certificate in Service Desk & Incident Management Syllabus Version 1.8 March 2015 BCS Specialist Certificate in Service Desk & Incident Management Syllabus Contents Change History... 2 Rationale...
More informationHead of Information & Communications Technology Responsible work team: ICT Security. Key point summary... 2
Policy Procedure Information security policy Policy number: 442 Old instruction number: MAN:F005:a1 Issue date: 24 August 2006 Reviewed as current: 11 July 2014 Owner: Head of Information & Communications
More informationProtecting Malaysia in the Connected world
Protecting Malaysia in the Connected world cyber Security Company of the Year (Cybersecurity Malaysia, 2014) Most innovative information security company in Malaysia (Cybersecurity Malaysia, 2012) BAE
More informationCBEST FAQ February 2015
CBEST Frequently Asked Questions: February 2015 At this time, the UK Financial Authorities have only made CBEST available to firms and FMIs which they consider to be core to the UK financial system. Those
More informationEffective Software Security Management
Effective Software Security Management choosing the right drivers for applying application security Author: Dharmesh M Mehta dharmeshmm@mastek.com / dharmeshmm@owasp.org Table of Contents Abstract... 1
More informationICT and Information Security Resources
Methods GCloud Service Definition ICT and Information Security Resources HEAD OFFICE: 125 Shaftesbury Avenue, London WC2H 8AD Scottish Office: Exchange Place 2, 5 Semple Street, Edinburgh, EH3 8BL t: +44
More informationESKISP6054.01 Conduct security testing, under supervision
Overview This standard covers the competencies required to conduct security testing under supervision. In order to contribute to the determination of the level of resilience of an information system to
More informationDIGITAL FORENSICS AND CYBER INCIDENT RESPONSE SERVICES
G Cloud IV Framework Lot 4 DIGITAL FORENSICS AND CYBER INCIDENT RESPONSE SERVICES Service Description - ANSEC IA Limited CONTENTS 1 Company Profile. 2 The ANSEC Effect 3 Qualifications 4 Service Description..
More informationDeveloping the Corporate Security Architecture. www.avient.ca Alex Woda July 22, 2009
Developing the Corporate Security Architecture www.avient.ca Alex Woda July 22, 2009 Avient Solutions Group Avient Solutions Group is based in Markham and is a professional services firm specializing in
More informationOverview TECHIS60341. Carry out security architecture and operations activities
Overview The protection of information, services and systems relies on a range of technical and procedural activities, often grouped in a framework. The framework will contain technical and logical, physical
More informationThe International Institute for Business Analysis
The International Institute for Business Analysis IIBA UK Chapter Skills and Career Paths Business Analysis Conference London September 2010 Visit our chapter website at http://uk.theiiba.org Your Starting
More informationEnterprise Security Architecture for Cyber Security. M.M.Veeraragaloo 5 th September 2013
Enterprise Security Architecture for Cyber Security M.M.Veeraragaloo 5 th September 2013 Outline Cyber Security Overview TOGAF and Sherwood Applied Business Security Architecture (SABSA) o o Overview of
More informationProcuring Penetration Testing Services
Procuring Penetration Testing Services Introduction Organisations like yours have the evolving task of securing complex IT environments whilst delivering their business and brand objectives. The threat
More informationCYBER SECURITY TRAINING SAFE AND SECURE
CYBER SECURITY TRAINING KEEPING YOU SAFE AND SECURE Experts in Cyber Security training. Hardly a day goes by without a cyber attack being reported. With this ever-increasing threat there is a growing need
More informationdeveloping your potential Cyber Security Training
developing your potential Cyber Security Training The benefits of cyber security awareness The cost of a single cyber security incident can easily reach six-figure sums and any damage or loss to a company
More informationIT Security Testing Services
Context Information Security T +44 (0)207 537 7515 W www.contextis.com E gcloud@contextis.co.uk IT Security Testing Services Context Information Security Contents 1 Introduction to Context Information
More informationSpecialist Certificate in Business Relationship Management Syllabus. Version 1.2
Specialist Certificate in Business Relationship Management Syllabus Version 1.2 August 2010 Specialist Certificate in Business Relationship Management Syllabus Contents Rationale...2 Aims and Objectives...2
More informationISO 27001 Information Security Management Services (Lot 4)
ISO 27001 Information Security Management Services (Lot 4) CONTENTS 1. WHY LEICESTERSHIRE HEALTH INFORMATICS SERVICE?... 3 2. LHIS TECHNICAL ASSURANCE SERVICES... 3 3. SERVICE OVERVIEW... 4 4. EXPERIENCE...
More informationThales Service Definition for PSN Secure Email Gateway Service for Cloud Services
Thales Definition for PSN Secure Email Gateway Thales Definition for PSN Secure Email Gateway for Cloud s April 2014 Page 1 of 12 Thales Definition for PSN Secure Email Gateway CONTENT Page No. Introduction...
More informationCommittees Date: Subject: Public Report of: For Information Summary
Committees Audit & Risk Management Committee Finance Committee Subject: Cyber Security Risks Report of: Chamberlain Date: 17 September 2015 22 September 2015 Public For Information Summary Cyber security
More informationG-Cloud IV Services Service Definition Accenture Cloud Security Services
G-Cloud IV Services Service Definition Accenture Cloud Security Services 1 Table of contents 1. Scope of our services... 3 2. Approach... 3 3. Assets and tools... 4 4. Capabilities... 5 5. Expected Outcomes...
More informationCareer Paths in Information Security v6.0
Career Paths in Information Security v6.0 Have you ever considered a career in computer security but didn t know how to get started? The Information Security industry is an exciting and diverse place to
More informationIT Professional Standards. Information Security Discipline. Sub-discipline 605 Information Security Testing and Information Assurance Methodologies
IT Professional Standards Information Security Discipline Sub-discipline 605 Information Security Testing and Information Assurance Methodologies December 2012 Draft Version 0.6 DOCUMENT REVIEW Document
More informationIBM Hosted Application Scanning
IBM Hosted Application Scanning Service Definition IBM Hosted Application Scanning 1 1. Summary 1.1 Service Description IBM Hosted Application Security Services Production Application Scanning Service
More informationFedVTE Training Catalog SPRING 2015. advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov
FedVTE Training Catalog SPRING 2015 advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov If you need any assistance please contact the FedVTE Help Desk here or email the
More informationHow To Help Your Business Succeed
G Cloud III Framework Lot 4 (SCS) CHECK Accredited Penetration Testing Services Contents Executive Summary 3 CHECK Accredited Penetration Testing Services 4 Why Deloitte? 5 Package Cost 7 Contact 9 Service
More informationUKAS Guidance for bodies operating certification of Trust Service Providers seeking approval under tscheme
CIS 3 EDITION 2 February 2014 UKAS Guidance for bodies operating certification of Trust Service Providers seeking approval under tscheme CONTENTS SECTION PAGE 1 Introduction 2 2 Requirements for Certification
More informationEA-ISP-012-Network Management Policy
Technology & Information Services EA-ISP-012-Network Management Policy Owner: Adrian Hollister Author: Paul Ferrier Date: 01/04/2015 Document Security Level: PUBLIC Document Version: 1.00 Document Ref:
More informationCYBER SECURITY Audit, Test & Compliance
www.thalescyberassurance.com CYBER SECURITY Audit, Test & Compliance 02 The Threat 03 About Thales 03 Our Approach 04 Cyber Consulting 05 Vulnerability Assessment 06 Penetration Testing 07 Holistic Audit
More informationG-CLOUD SPECIALIST CLOUD SERVICES
ITSUS CONSULTING G-CLOUD SPECIALIST CLOUD SERVICES Page 1 of 13 SPECIALIST CLOUD SERVICES ITSUS is a specialist network consultancy which delivers that crucial combination of security and efficiency, both
More informationInformation Technology Engineers Examination
Information Technology Engineers Examination Outline of ITEE Ver 2.1 November 30, 2015 The company and products names in this report are trademarks or registered trademarks of the respective companies.
More informationSpecialist Cloud Services. Acumin Cloud Security Resourcing
Specialist Cloud Services Acumin Cloud Security Resourcing DOCUMENT: FRAMEWORK: STATUS Cloud Security Resourcing Service Definition G-Cloud Released VERSION: 1.0 CLASSIFICATION: CloudStore Acumin Consulting
More informationPENETRATION TESTING GUIDE. www.tbgsecurity.com 1
PENETRATION TESTING GUIDE www.tbgsecurity.com 1 Table of Contents What is a... 3 What is the difference between Ethical Hacking and other types of hackers and testing I ve heard about?... 3 How does a
More informationEnsuring security the last barrier to Cloud adoption
Ensuring security the last barrier to Cloud adoption Publication date: March 2011 Ensuring security the last barrier to Cloud adoption Cloud computing has powerful attractions for the organisation. It
More informationDomain 1 The Process of Auditing Information Systems
Certified Information Systems Auditor (CISA ) Certification Course Description Our 5-day ISACA Certified Information Systems Auditor (CISA) training course equips information professionals with the knowledge
More informationSOA: The missing link between Enterprise Architecture and Solution Architecture
SOA: The missing link between Enterprise Architecture and Solution Architecture Jaidip Banerjee and Sohel Aziz Enterprise Architecture (EA) is increasingly being acknowledged as the way to maximize existing
More informationHP Certified Professional
Securing HP ProCurve Networks Exam HP0-Y24 Exam Preparation Guide Purpose The intent of this guide is to set expectations about the context of the exam and to help candidates prepare for it. Recommended
More informationProcurement Policy Note Use of Cyber Essentials Scheme certification
Procurement Policy Note Use of Cyber Essentials Scheme certification Action Note 09/14 25 September 2014 Issue 1. Government is taking steps to further reduce the levels of cyber security risk in its supply
More informationCyber Resilience Implementing the Right Strategy. Grant Brown Security specialist, CISSP @TheGrantBrown
Cyber Resilience Implementing the Right Strategy Grant Brown specialist, CISSP @TheGrantBrown 1 2 Network + Technology + Customers = $$ 3 Perfect Storm? 1) Increase in Bandwidth (extended reach) 2) Available
More informationITIL V3 Service Operation Certification Program
ITIL V3 Service Operation Certification Program 3 Days Program Overview The ITIL Intermediate Qualification: Service Operation (SO) Certificate, although a stand alone qualification, yet is also part of
More informationISEB MANAGER S CERTIFICATE IN ITIL INFRASTRUCTURE MANAGEMENT. Guidelines for candidates who are taking the ICT Infrastructure Examination
ISEB MANAGER S CERTIFICATE IN ITIL INFRASTRUCTURE MANAGEMENT Guidelines for candidates who are taking the ICT Infrastructure Examination This qualification is based on ITIL Infrastructure Management as
More informationKenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data
Kenna Platform Security A technical overview of the comprehensive security measures Kenna uses to protect your data V2.0, JULY 2015 Multiple Layers of Protection Overview Password Salted-Hash Thank you
More informationC015 Certification Report
C015 Certification Report NexCode National Security Suite Release 3 File name: Version: v1a Date of document: 15 June 2011 Document classification: For general inquiry about us or our services, please
More informationData Protection Act 1998. Guidance on the use of cloud computing
Data Protection Act 1998 Guidance on the use of cloud computing Contents Overview... 2 Introduction... 2 What is cloud computing?... 3 Definitions... 3 Deployment models... 4 Service models... 5 Layered
More informationHP Security Framework. Jakub Andrle
HP Security Framework Jakub Andrle Hewlett-Packard 11.place in Fortune Magazine chart In fiscal year 2007 we achieved $7bilions growth CEO HP - Mark Hurd, company residence - Palo Alto, California, USA
More informationCisco Advanced Services for Network Security
Data Sheet Cisco Advanced Services for Network Security IP Communications networking the convergence of data, voice, and video onto a single network offers opportunities for reducing communication costs
More informationHigher Certificate in Information Systems (Network Engineering) * (1 year full-time, 2½ years part-time)
Higher Certificate in Information Systems (Network Engineering) * (1 year full-time, 2½ years part-time) Module: Computer Literacy Knowing how to use a computer has become a necessity for many people.
More informationHOSTING. Managed Security Solutions. Managed Security. ECSC Solutions
Managed Security Managed Security MANAGED SECURITY SOLUTIONS I would highly recommend for your company s network review... were by far the best company IT Manager, Credit Management Agency Presenting IT
More informationUK Government IA Recent Changes and Update
UK Government IA Recent Changes and Update INTRODUCTION Agenda Part 1 Government IA and Cyber Security Background Quick Threat Update UK Government Cyber Security Initiative Government Asset Control in
More informationCloud Security: An Independent Assessent
Cloud Security: An Independent Assessent A Quantix White Paper Dec 2010 Call us on: 0115 983 6200 Visit us on-line at: www.quantix-uk.com E-mail us at : enquiries@quantix-uk.com Why are people concerned
More informationFedVTE Training Catalog SUMMER 2015. advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov
FedVTE Training Catalog SUMMER 2015 advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov Access FedVTE online at: fedvte.usalearning.gov If you need any assistance please
More informationReducing the Cyber Risk in 10 Critical Areas
Reducing the Cyber Risk in 10 Critical Areas Information Risk Management Regime Establish a governance framework Enable and support risk management across the organisation. Determine your risk appetite
More informationBusiness Operations. Module Db. Capita s Combined Offer for Business & Enforcement Operations delivers many overarching benefits for TfL:
Module Db Technical Solution Capita s Combined Offer for Business & Enforcement Operations delivers many overarching benefits for TfL: Cost is reduced through greater economies of scale, removal of duplication
More informationG-Cloud Definition of Services Security Penetration Testing
G-Cloud Definition of Services Security Penetration Testing Commercial in Confidence G-Cloud Services An Overview Inner Security is a leading CREST registered information security services provider. We
More informationTHE EVOLUTION OF INFORMATION SECURITY GOALS
THE EVOLUTION OF INFORMATION SECURITY GOALS FROM THE 1960S TO TODAY Yulia Cherdantseva 1 Jeremy Hilton 2 1 Cardiff University y.v.cherdantseva@cs.cardiff.ac.uk 2 Cranfield University j.c.hilton@cranfield.ac.uk
More informationCloud Virtualization Specialist Certification Self-Study Kit Bundle
Cloud Virtualization Specialist Certification Bundle A Certified Cloud Virtualization Specialist has proven knowledge and proficiency with the technologies, mechanisms, platforms, and practices based upon
More information¼ããÀ ããè¾ã ¹ãÆãä ã¼ãîãä ã ããõà ãäìããä ã½ã¾ã ºããñ à Securities and Exchange Board of India
CIRCULAR CIR/MRD/DP/13/2015 July 06, 2015 To, All Stock Exchanges, Clearing Corporation and Depositories. Dear Sir / Madam, Subject: Cyber Security and Cyber Resilience framework of Stock Exchanges, Clearing
More informationThe Information Assurance Process: Charting a Path Towards Compliance
The Information Assurance Process: Charting a Path Towards Compliance A white paper on a collaborative approach to the process and activities necessary to attain compliance with information assurance standards.
More informationLINUX / INFORMATION SECURITY
LINUX / INFORMATION SECURITY CERTIFICATE IN LINUX SYSTEM ADMINISTRATION The Linux open source operating system offers a wide range of graphical and command line tools that can be used to implement a high-performance,
More informationHP Cyber Security Control Cyber Insight & Defence
HP Cyber Security Control Cyber Insight & Defence Security awareness at board level Security leadership is under immense pressure Cyber threat Extended supply chain Financial loss Reputation damage Cost
More informationJOB DESCRIPTION CONTRACTUAL POSITION
Ref #: IT/P /01 JOB DESCRIPTION CONTRACTUAL POSITION JOB TITLE: INFORMATION AND COMMUNICATIONS TECHNOLOGY (ICT) SECURITY SPECIALIST JOB SUMMARY: The incumbent is required to provide specialized technical
More informationEnterprise Security Architecture Concepts and Practice
Enterprise Architecture Concepts and Practice Jim Whitmore whitmore@us.ibm.com Presentation to Open Group Oct 22, 2003 Enterprise Architecture Abstract In the early 90 s IBM Global Services created a Consultancy
More informationDCA metrics for the approval of Auditing Firms for Certifications Scheme VERSION 1.0
DCA metrics for the approval of Auditing Firms for Certifications Scheme VERSION 1.0 2013, Data Centre Alliance Limited (www.datacentrealliance.org). All rights reserved. This publication may not be reproduced
More informationCyber Essentials Scheme. Summary
Cyber Essentials Scheme Summary June 2014 Introduction... 3 Background... 4 Scope... 4 Assurance Framework... 5 Next steps... 6 Questions about the scheme?... 7 2 Introduction The Cyber Essentials scheme
More information