Introduction to Computer and Network Security

This course builds the foundation of understanding you need to comprehend the threats and secure the networked systems of today and tomorrow.

Designed for those new to the field, for those who never had a formal class in security though they may be experienced in the area, or for those who might not be security practitioners but need an overview of underlying principles. The emphasis is on IT security as it supports the business, relating information systems security goals and objectives to organizational mission performance. You will gain a solid understanding of the principles of IT security, and learn to appreciate the breadth of issues and technologies that an accomplished practitioner must address. You'll go back to your organization with suggestions and ideas that can be used today and in the future to augment and balance the security of all your systems.

DAY ONE

Reasons for Concern — We'll analyze the conflicting priorities and business environment factors that have brought security concerns to the forefront of management attention. Learn what other factors are driving the need for better security of systems and information. Relation to Mission Performance — We'll examine the relationship between productivity and security, identifying sources of error and penetration threats. You'll learn computer security principles and ways of addressing exposures that tie, as they must, to organizational culture

Program Organization —You'll learn the elements of an effective security program, starting with the foundation of policies and procedures. Tie security planning to organizational goals and objectives. We'll examine how risk analysis, training and awareness, audit and monitoring, and handling incidents relate to each other in an effective program. Pin down responsibilities for security throughout the organization.

Jargon and Terminology — You'll learn the terminology used in general information systems security, encryption and network security, with an eye toward understanding the underlying principles and technology.

DAY TWO

Network Security — We'll start by identifying the unique security challenges of networked systems, defining the three basic goals of network security and how to achieve them. What are the major vulnerabilities in your current networks and what are the countermeasures you can take to successfully combat them? You'll also learn how to identify areas of future concern

Internet Security — We examine the Internet from a security perspective. Is there any inherent protection? What are the primary threats? Learn about firewalls: what they are, why they are necessary but not sufficient for the protection of valuable resources. We'll look at ways to effectively control inbound and outbound traffic on the Net. We'll identify resources to help you with Internet security, and explain why most security problems on the Internet are not really Internet problems. Intrusion Detection —We'll analyze some high-profile incidents to help identify different types of attack that you must defend against. You'll learn how to detect trouble and what to look for in an intrusion detection product.

Personnel Security — Learn the value of background checks and the necessity of linking with Human Resources. Understand why violations of security rules must be dealt with quickly and consistently, with possible consequences. Determine proper procedures for information security in the event of personnel terminations.