About the Program

The Enterprise Security 101 is our flagship Information Security orientation program for IT Managers and IT Infrastructure core team members. The 2-day program sets the context across Enterprise Security basics and orients the audience towards implementing baseline standards across Network and Host Level security controls.

Part 1 – An Introduction to the world of Information Security

The Evolution of Information Security
  • Evolution of IT – through the ages from Mainframe to Mobile Phone
  • Information Security through the ages
  • Popular hacks and attacks – Cap’n Crunch to enStage
  • Attack Techniques – An Evolution
  • Information Security – Current Day and Age
  • Challenges to Information Security today
  • Assignment – What do you think will be Enterprise Security Trends 5
  • Years from now?
Glimpses into Enterprise Security
  • Enterprise Security through the ages
  • Enterprise Security Dimensions and Paradigms
  • Defense-in-Depth and its application on Information Security
  • Case Studies in Enterprise Security
  • Assignment – Design a Defense-in-Depth Framework for a Small Company
Risk Management Essentials
  • Concepts of Risk and Risk Management
  • Risk Measurement and Impact Evaluation
  • Risk Assessment
  • Risk Assessment Concepts
  • Methodologies
  • Assignment: Perform a Risk Assessment for any company of your choice

Part 2 – Information Security Paradigms

Network Security
  • Introduction to Networks – The OSI Model and TCP/IP Stack
  • IP Addressing and CIDR Block Information
  • Protocol Exploration – Perspectives of popular network protocols
  • Routers and Switches – Concept Focus
  • Firewalls – Concept Focus
  • Intrusion Detection and Prevention Systems
  • Network Security Documentation
  • Introduction to Network Change Control
  • Network Security Attacks today
  • Hands On Exercises
Host and OS Security
  • Operating Systems – Organization
    • Windows
    • Unix/Linux Flavors
    • File System Organization
    • Specific Technology Areas – Windows and Unix
  • Operating System – Access Control (Technology and Frameworks)
  • Operating Systems Services Security
  • Operating System Cryptographic Concepts
  • Operating System – Logging and File Integrity Monitoring Practices
  • How to perform an effective Operating System Security Assessment
  • Hands On Exercises
Application Security
  • Web Application Security Challenges and Principles
  • Web Application Attacks and Defense Strategies:
  • Web Application Security Program Management
  • Designing Secure Web Application
  • Web Application Security Best Practices
  • Web Application Security Assessment
  • Hands On Exercises

Part 3 – Enterprise Security Track

  • Enterprise Security Management – Overview and Principles
  • Overview of popular Information Security Standards and Frameworks
  • ISO-27001 Implementation Overview
  • PCI-DSS and Implementation Overview
  • Enterprise Policy and Procedure Management
  • Enterprise Vulnerability Management
  • Change Management and Change Control Principles
  • Business Continuity Management
  • Enterprise Incident Management
  • Modern Enterprise Security Challenges – Overview and Implementation Strategies