Course Details

Information and Systems Assurance in a Chaotic Environment

According to Infoworld, a staggering 959 new viruses and worms were discovered in May 2004 alone. The exponential growth in exploits has grown to crisis proportions. You must have a cost-effective yet systematic solution to consistently assess your IT resources, ensuring your controls work as intended. Your plan must be scalable and include in its execution the ability to carry out risk assessment on the impact of any new software applications or hardware devices as they are added to the network.

It's about Assessing Risk - not just Penetration Testing your Network

Assessing Network Vulnerabilities is about risk analysis. While many training classes have been developed to train individuals in risk evaluation, few have targeted the core of the problem in a structured approach. This two-day interactive workshop targets the core of the problem, providing a structured methodology for assessment that can be easily replicated, saves money, and can scale as your infrastructure grows.

And it's about the Methodology

This methodology gives you the skills and techniques necessary to determine the relationship between the value of your corporate information verses the cost involved to protect those assets. Secondly, it gives you a cost-effective, systematic approach to assess your network and ensure that no critical threats are overlooked. The result is a measure of protection that implements security mechanisms on the systems and processes you've determined need protection! Additionally, it allows for regular audits on those critical areas.

Real-World Techniques, Tools, Guidelines and Formulas

You will walk away from this course with the skills you need to successfully integrate the methodology you'll see. With our real-world data and tool-driven case studies, you gain the practical experience needed to successfully replicate what you've learned in class when dealing with your own network. Stop waiting until problems happen to react. Learn how to test and assess your network's information, process, and system controls in a systematic and consistent way. Be prepared and confident to handle today's onslaught of exploits and security attacks.

21 immediately useful benefits you receive from attending this course:

1. An overall approach for assessing the security of your enterprise's IT infrastructure
2. Free assessment tools, assessment element checklists, risk analysis spreadsheets, IT infrastructure documentation sheets, forms, and formulas you can use as the basis for conducting an assessment of your enterprise's IT infrastructure
   
3. Hands-on vulnerability assessment practice using real-world data in interactive group labs and learning activities.
   
4. Techniques to successfully perform assessments in a cost effective and systematic manner
   
5. 16 Continuing Professional Education (CPE) credits from (ISC)2 if you are a CISSP® or SSCP® certified professional by attending this seminar
6. Quantitative and Qualitative Risk Analysis skills
7. Detailed understanding of the differences between an assessment and an audit
8. List of freeware and commercial vulnerability assessment tools that can be used to assess your IT infrastructure
9. Demonstration of assessment tools including Nmap, Nessus, N-Stealth, and Core Impact
10. Process flow and documentation templates to help you plan your own vulnerability assessment
11. A methodology based on risk analysis allowing you to implement an assessment process based on a qualitative approach towards comparing the value of the asset versus the cost to protect it
12. An understanding of government mandates and laws on security assurance that impact your company
13. Skills needed to scope and develop the requirements for executing an assessment
14. Practical real-world vulnerability assessment documentation templates that will assist you in conducting or managing your own vulnerability assessment
15. Experience and step-by-step approach towards conducting your own vulnerability assessment within your IT infrastructure
16. The know-how to find the security risks during an assessment, learn how not to let critical threats go undetected
17. Practical real-world spreadsheets for calculating Annual Rate of Occurrence, Annual Loss Expectancy, and Single Loss Expectancy calculations
18. Documentation reporting templates that can be used to share your findings, assessments, and recommendations to executive management and decision makers
19. Assessment best practices; don't make the same mistakes others have -learn from shared experience
20. Experience and understanding of top-down and bottom-up vulnerability assessment procedures
21. Practical criticality matrices for evaluation and assessing your IT infrastructure assets
    

Who Should Attend:

This interactive, practicum-style course is ideal for IT professionals and IT security managers who are responsible for insuring the confidentiality, integrity, and availability of their enterprise's IT infrastructure. This is not a “Hacking Skills” class. It brings risk analysis, assessment, and recommendations to the forefront for an enterprise IT infrastructure. This course is a MUST for:

• IT Managers
  
• Security Managers
  
• Security Engineers
  
• CISSPs and SSCPs
  
• Systems Analysts
  
• Business Analysts
  
• Auditors
  
• Security and IT Consultants
  
• IT Professionals involved in the protection of enterprise networks
  

Whatever your level of IT security or assessment experience, you will leave this vulnerability assessment course with the necessary knowledge, skills, and tools to conduct your own internal vulnerability assessment on an enterprise's IT infrastructure.

Continuing Professional Education (CPE) Credits for CISSP® and SSCP® Professionals

The American Society of Professional Education and (ISC)2 have joined forces in an educational alliance. Individuals holding the Certified Information Systems Security Professional (CISSP®) or System Security Certified Practitioner (SSCP®) professional certification can earn 16 hours of CPE credits by attending this 2-Day Assessing IT Infrastructure Vulnerabilities course. Please e-mail us at info@aspetech.com if you have any questions or would like additional information.