Overview
Course Overview
The vendor neutral Certified Security Leadership Officer certification course was designed for mid and upper level managers as well as any engineers who seek to increase their knowledge in the security arena. The C)SLO course was designed to give management an essential understanding of current security issues, best practices, and technology. Because a security officer or manager understands the value of security, he or she is prepared to manage the security component of an information technology security projects.
A C)SLO candidate can be seen as the bridge between the cyber security team and operations as well as business management. Essentials topics covered in this management track are extremely detailed and include the following: Network Fundamentals and Applications, Hardware Architecture, Information Assurance Foundations, Computer Security Policies, Contingency and Continuity Planning, Business Impact Analysis, Incident Handling, Architect Approaches to Defense in Depth, Cyber Attacks, Vulnerability Assessment and Management, Security Policies, Web Security, Offensive and Defensive Information Warfare, culminating with Management Practicum.
Key Data
Course Name: Certified Security Leadership Officer
Duration: 5 days
Language: English
Format:
Instructor-led
Live Virtual Training
Prerequisites:
- A minimum of 12 months’ professional experience in an IT or management
Student Materials:
- Student Workbook
- Student Prep Guide
CEU’s: 40
Who Should Attend?
- C – Level Managers
- IT Managers
- Cybersecurity Engineers
- Information Owners
- ISSO’s
- CISSP students
- ISO’s
Upon Completion
Upon completion, the Certified Security Leadership Officer candidate will not only be able to competently take the CSLO exam but will also be versed in implementing strong security controls and managing an organization with an industry acceptable security posture.
Exam Information
The Certified Security Leadership Officer exam is taken online through Mile2’s Assessment and Certification System (“MACS”), which is accessible on your mile2.com account. The exam will take 2 hours and consist of 100 multiple choice questions. The cost is $400 USD and must be purchased from Mile2.com.
Description
Module 1 – Security Management
The Role of the CSLO
Business Goals and Objectives
Vision
Overview of Governance
Importance of Information Security
The First Priority for the CSLO
Outcomes of Governance
Performance and Governance
Organization of IT Security
Developing a Security Strategy
Elements of a Strategy
Objectives of Security Strategy
The Goal of Information Security
Defining Security Objectives
Business Linkages
Business Case Development
Security Budget
Valuations
Security Program Priorities
What is Security?
Security Integration
Security Program
Architecture
Information Security Frameworks
Using a Framework
The Desired State of Security
Using the Balanced Scorecard
Align with Security Framework
ISO/IEC 27001 – The ISMS
Integration
Suitable for Organizations of all Sizes
COBIT 4.1
COBIT 4.1 Phases
Deming and Quality
Ethics
Fraud
Good to Great
Hiring and Employment
Employment
Culture
Marketing
Negotiating
Intellectual Property
Protecting IP
Attacks on IP
OECD Privacy Principles
PII and PHI
Awareness Training
Purpose of Awareness Training
Summary
Module 2 – Risk Management
Risk
Risk Management
Define a Risk Assessment Approach
Risk Factors
Enterprise Risk Management
Risk
Risk Assessment
Risk Analysis
Quantitative Risk
Qualitative Risk
What Is the Value of an Asset?
What Is a Threat Source/Agent?
What Is a Threat?
What Is a Vulnerability?
Assess and Evaluate Risk
Result of Risk Assessment
Inputs to Risk Treatment
Risk Definitions
Risk Treatment
Risk Acceptance
Definition of Controls
Control Types
“Soft” Controls
Technical or
Logical Controls
Physical Controls
Control Usage
Comparing Cost and Benefit
Cost of a Countermeasure
Appropriate Controls
Documentation
Statement of Applicability
Summary
Module 3 – Encryption
Encryption
Secrecy of the Key
Cryptographic Functions
XOR Function
Symmetric Encryption
Asymmetric Algorithms
Hashing Algorithms
Digital Signatures
Digital Envelope
Public Key Infrastructure (PKI)
Certificates
Uses of Encryption in Communications
Auditing Encryption Implementations
Steganography
Cryptographic Attacks
Summary
Module 4 – Information Security Access Control Concepts
Information Security Concepts (Agenda)
Information Asset Classification
Information Classification Considerations
Criticality
Sensitivity
Regulations and Legislation
Asset Valuation
Valuation Process
Information Protection
Storing, Retrieving, Transporting and Disposing of Confidential Information
Information Asset Protection
Access Control
Identification
Authentication
Password Policy
Password Cracking
Biometrics
Authorization
Authorization Best Practices
Accounting/Auditability
Trust Models
Centralized Administration
Discretionary Access Control
Mandatory Access Control
Role Based Access Control
Technologies – Access Control Lists
Summary
Module 5 – Incident Handling and Evidence
Definition
Goals of Incident Management and Response
History of Incidents
Security Incident Handling and Response
Evidence Handling
Best Evidence
What is an Incident – Intentional
What is an Incident – Unintentional
Malware
Attack Vectors
Information Warfare
Incident Management and Response
Developing Response and Recovery Plans
Incident Management and Response
Importance of Incident Management and Response
Incident Response Functions
Incident Management Technologies
Responsibilities of the CSLO
Crisis Communications
Challenges in Developing an Incident Management Plan
When an Incident Occurs
During an Incident
Containment Strategies
The Battle Box
Evidence Identification and Preservation
Post Event Reviews
Disaster Recovery Planning (DRP) and Business Recovery Processes
Development of BCP and DRP
Plan Development
Recovery Strategies
Basis for Recovery Strategy Selections
Disaster Recovery Sites
Recovery of Communications
Plan Maintenance Activities
BCP and DRP Training
Techniques for Testing Security
Vulnerability Assessments
Penetration Testing
Module 6 – Operations Security
Operations Security
Administrator Access
Operational Assurance
Some Threats to Computer Operations
Specific Operations Tasks
Data Leakage – Object Reuse
Object Reuse
Records Management
Change Control
Controlling How Changes Take Place
Change Control Steps
Trusted Recovery
Redundant Array of Independent Disks (RAID)
Phases of Plan
BCP Risk Analysis
Identify Vulnerabilities and Threats
Interdependencies
Identifying Functions’ Resources
Calculating MTD
Recovery Point Objective
Facility Backups – Hot Site
Facility Backups – Warm Site
Facility Backups – Cold Site
Other Offsite Approaches
Priorities
OWASP Top Ten (2013)
Common Gateway Interface
How CGI Scripts Work
Cookies
Virtualization – Type 1
Virtualization – Type 2
Technologies – Databases and DBMS
Facilities
Facilities Security
Environmental Security
Physical Access Issues and Exposures
Physical Access Issues and Exposures
Physical Access Controls
Controls for Environmental Exposures
Controls for Environmental Exposures cont.
Controls for Environmental Exposures cont.
Electrical Problems
Summary
Module 7 – Network Security
Network Topologies– Physical Layer
OSI Model
An Older Model
Data Encapsulation
Protocols at Each Layer
Devices Work at Different Layers
Technology-based Security
Technologies
Security Management Report Tools
Security in Technical Components cont.
Defense in Depth
Repeater
Switch
Virtual LAN
Router
Gateway
Bastion Host
Network Security Architecture
Firewalls
Whitelisting vs. Blacklisting
Firewall Issues
Firewalls
Firewall – First line of defense
Firewall Types – Packet Filtering
Firewall Types – Proxy Firewalls
Firewall Types – Circuit-Level Proxy Firewall
Firewall Types – Application-Layer Proxy
Firewall Types – Stateful
Firewall Placement
Firewall Architecture Types – Screened Host
Firewall Architecture Types – Multi- or Dual-Homed
Firewall Architecture Types – Screened Subnet
Intrusion Detection and Prevention Systems
IDS – Second line of defense
IPS – Last line of defense?
IDS/IPS Components
IDS/IPS Features
IDS/IPS
Intrusion Detection Policies and Processes
HIPS
Unified Threat Management (UTM)
UTM Product Criteria
TCP/IP Suite
Port and Protocol Relationship
UDP versus TCP
Protocols – ARP
Protocols – ICMP
Protocols – FTP, TFTP, Telnet
Protocols – SNMP
Network Service – DNS
nslookup
IP Addressing
Network Service – NAT
Recommended NAT Addresses
Technologies – SPAM
Filtering and Content Management
Emerging Technologies
Security of Portable Media
Mobile Device Security
LAN Security Issues
Network Infrastructure Security
Client-server Security
Internet Threats and Security
Causes of Internet Attacks
Honeypots and Honeynets
LaBrea Tarpit
Voice-Over IP (VoIP)
Auditing Network Infrastructure Security
IPSec – Network Layer Protection
IPSec
IPSec
SSL/TLS
Wireless Technologies– Access Point
Standards Comparison
Wi-Fi Network Types
Wireless Technologies – Access Point
802.11i – WPA2
Wireless Security Threats
Kismet
Bluetooth
Summary
