SlideShare une entreprise Scribd logo

ISACA T&T Training Week Course Outline

T
tntsa1972

ISACA T&T Training Week Course Outline

FormationTechnologie
1  sur  5
Télécharger pour lire hors ligne
COURSE OUTLINE Training Week 2012 May 7-11 2012 Hyatt Regency Port of Spain, Trinidad, W.I.
FACILITATOR’S BIO John Tannahill, CA, CISM, CGEIT, CRISC is a management consultant specializing in information security and audit services. His current focus is on information security management and control in large information systems environments and networks. His specific areas of technical expertise inclu de UNIX and Windows operating system security, include network security, and Oracle and Microsoft SQL Server security. John is a frequent speaker in Canada, Europe and the US on the subject of information security and audit. He is a member of the Toronto ISACA Cha pter and has spoken at many ISACA Chapter Conferences and Chapter Events including ISACA Training Weeks; North America CACS; EuroCACS; Asia- Pacific CACS; International and Network and Information Security Conferences. John is the 2008 Recipient of the ISACA John KuyerBest Speaker/Best Conference Best Contributor Award. Prior speaking engagements include: ngagements  ISACA Chapter seminars (e.g. Toronto, Pittsburgh, Houston, Washington , Trinidad & Tobago)  ISACA Training Weeks (2001 present) (2001-  ISACA NACACS, EuroCACS, Asia -Pacific CACS Conferences  ISACA Information Security Management Conferences  ISACA International Conferences  CSI Annual Computer Security Conference (2009)  Presented many in-house 1 house 1-day – 5-day seminars 2 Page Training Week 2012. May 7-11 2012.Hyatt Regency Trinidad, W.I. Regency.
SESSION ABSTRACTS INTRODUCTION TO ETHICAL HACKING & FIREWALL SECURITY: 2 DAYS (HANDS-ON) This session will provide participants with a practical methodology and approach to performing ethical hacking assessments, and will include testing firewall security design and control. Detailed exercises and demonstrations of tools and techniques used will allow the participant to evaluate network vulnerabilities and identify key control recommendations that should be implemented to address the issues. SESSION HIGHLIGHTS  Hands-on environment used for  Sample assessment report outline demonstration & discussion purposes  Listing of reference material for ethical  Detailed discussion of output and results hacking assessment methodologies, obtained from each part of the assessment techniques and tools 1. NETWORK DISCOVERY AND FOOTPRINT  Network Address Spaces (DNS, IP Address  Information Gathering Tools (e.g. SNMP Blocks) information)  Ping Sweep Techniques; Firewalking etc.  Use of Search Engines such as Google and other Web-based resources 2. TCP/IP SERVICE IDENTIFICATION AND ENUMERATION  Port Scanning Techniques (tcp; udp and  Other Port Scanning, Fingerprinting and icmp scanning) Service Identification Tools such as amap (application fingerprinting) and netcat  Use of Nmap(including NSE – Nmap Scripting Engine)  Advanced scanning techniques and tools (including use of Hping and other packet crafting tools) 3. ETHICAL HACKING – IDENTIFY AND EXPLOITING VULNERABILITIES  Vulnerability identification tools and  Testing web applications techniques (including configuration and use of network testing tools such as OpenVAS)  Testing vulnerabilities in Unix and Windows operating systems using tailored scripts and  Use of NIST National Vulnerability Database OS-specific tools (NVD) and related resources  Using the Metasploit Framework  Testing firewalls including configuration and rules assessments  Effective reporting and risk-ranking of assessment results  Testing specific TCP/IP Services e.g. web 3 servers Page Training Week 2012.May 7-11 2012.Hyatt Regency. Trinidad, W.I.
UNDERSTANDING AND SECURING WINDOWS 2008: 2 DAYS (HANDS-ON) This session will focus on the audit and security issues related to the use of the Windows 2008 Server Operating System. SESSION HIGHLIGHTS  Understand Windows 2008 architecture and  Demonstration of Windows 2008 security security components and audit tools  Use of Windows 2008 server operating  Demonstration of Windows 2008 Server systems to demonstrate key security security features, including default security features settings, security hardening steps and use of the Group Policy 1. WINDOWS 2008 CONCEPTS  Overview of Windows 2008  Build and Deployment Processes  Server Versions  Configuration Management  Service Packs & Hotfixes  Patch Management 2. UNDERSTANDING WINDOWS 2008 SECURITY COMPONENTS  Active Directory Services (ADS)  Security Configuration  Group Policy Objects (GPO) 3. WINDOWS 2008 SECURITY AND CONTROL  Security Baselines  Privilege Management  Active Directory Security  Network Share Security  Windows 2008 Domains  Directory & File Permissions  Trust Relationship Mechanisms  Registry Security  Group Policy Objects (GPO)  Security Event Logs  User Accounts  Windows Services  Authentication Controls  Network Security  User Rights  Security Administration  Groups 4. AUDITING THE WINDOWS 2008 ENVIRONMENT  Audit Objectives  Automated Tools/ Scripts for Audit Testing  Auditing Domain Controllers  Approach to Windows 2008 Security Audit  Auditing Member Servers 5. SECURITY AND AUDIT TOOLS & TECHNIQUES  Windows 2008 Resource Kit  Demonstration of Windows 2008 Security & Audit Tools 4 Page Training Week 2012.May 7-11 2012.Hyatt Regency. Trinidad, W.I.
UNDERSTANDING AND SECURING WIRELESS & MOBILE TECHNOLOGIES: 1 DAY(SEMINAR) This seminar will focus on the audit and security issues related to the use of Wireless and Mobile Technologies. SESSION HIGHLIGHTS  Detailed discussion of Wireless Network  Demonstration and discussion of security Security Issues and audit tools and techniques  Live wireless LAN environment used in class to demonstrate key concepts and security/audit areas /steps 1. UNDERSTANDING WIRELE SS & MOBILE TECHNOLOGIES  Wireless LANs (WLAN)  Bluetooth Technology and Security (IEEE 802.15)  Wireless LAN standards and current implementations - IEEE 802.11g;  Other Wireless Technologies (e.g. Wi- 802.11n technologies and security Max – 802.16) mechanisms  Mobile Technologies – Blackberry;  Wi-Fi Protected Access (WPA/WPA2) iPhone; iPAD; Android; USB and removable media 2. UNDERSTANDING WIRELE SS & MOBILE TECHNOLOGY THREATS AND RISKS  WLAN Access Point Security  Fake Access Points  War Driving  Traffic Capture and Analysis  Unauthorized Network Access  Bluetooth Threats  Rogue Access Points  Theft / Loss of Client Devices 3. SECURING & AUDITING WIRELESS & MOBILE TE CHNOLOGIES  Authentication and Encryption  Wireless Security Policy and Standards  VPN, Firewall and IDS measures  Mobile Technology Security Standards  Wireless Security Assessment  Wireless & Mobile Technology Risk  Auditing a WLAN environment Assessment  Wireless Client Security  Secure Wireless Architecture, Design  Bluetooth Security Configuration and Deployment  Mobile Device Configuration Security  Access Point Security 4. SECURITY AND AUDIT TOOLS & TECHNIQUES  Demonstration of wireless security and audit tools and techniques, including Kismet, Aircrack; Bluetooth Assessment tools etc 5  Useful reference material Page Training Week 2012.May 7-11 2012.Hyatt Regency. Trinidad, W.I.

Recommandé

24 031030davidtillemanssecuresdlcpub-110325054740-phpapp02
24 031030davidtillemanssecuresdlcpub-110325054740-phpapp0224 031030davidtillemanssecuresdlcpub-110325054740-phpapp02
24 031030davidtillemanssecuresdlcpub-110325054740-phpapp02Smals
 
ОЛЬГА АКСЬОНЕНКО «Безпечна розробка програмного забезпечення в Agile проектах...
ОЛЬГА АКСЬОНЕНКО «Безпечна розробка програмного забезпечення в Agile проектах...ОЛЬГА АКСЬОНЕНКО «Безпечна розробка програмного забезпечення в Agile проектах...
ОЛЬГА АКСЬОНЕНКО «Безпечна розробка програмного забезпечення в Agile проектах...GoQA
 
Secure Web Servers Protecting Web Sites That Are Accessed By ...
Secure Web Servers Protecting Web Sites That Are Accessed By ...Secure Web Servers Protecting Web Sites That Are Accessed By ...
Secure Web Servers Protecting Web Sites That Are Accessed By ...webhostingguy
 
Security model-of-sip-d2-05 at kishore
Security model-of-sip-d2-05 at kishoreSecurity model-of-sip-d2-05 at kishore
Security model-of-sip-d2-05 at kishoreAT Kishore
 
TUD CS4105 | 2015 | Lecture 1
TUD CS4105 | 2015 | Lecture 1TUD CS4105 | 2015 | Lecture 1
TUD CS4105 | 2015 | Lecture 1Eelco Visser
 
Matteo Meucci Software Security in practice - Aiea torino - 30-10-2015
Matteo Meucci Software Security in practice - Aiea torino - 30-10-2015Matteo Meucci Software Security in practice - Aiea torino - 30-10-2015
Matteo Meucci Software Security in practice - Aiea torino - 30-10-2015Minded Security
 
Scada Industrial Control Systems Penetration Testing
Scada Industrial Control Systems Penetration Testing Scada Industrial Control Systems Penetration Testing
Scada Industrial Control Systems Penetration Testing Yehia Mamdouh
 
Luminus – CES 2012.mtg 11 10 11
Luminus – CES 2012.mtg 11 10 11Luminus – CES 2012.mtg 11 10 11
Luminus – CES 2012.mtg 11 10 11Cat Virca
 

Recommandé

24 031030davidtillemanssecuresdlcpub-110325054740-phpapp02
24 031030davidtillemanssecuresdlcpub-110325054740-phpapp0224 031030davidtillemanssecuresdlcpub-110325054740-phpapp02
24 031030davidtillemanssecuresdlcpub-110325054740-phpapp02Smals
 
ОЛЬГА АКСЬОНЕНКО «Безпечна розробка програмного забезпечення в Agile проектах...
ОЛЬГА АКСЬОНЕНКО «Безпечна розробка програмного забезпечення в Agile проектах...ОЛЬГА АКСЬОНЕНКО «Безпечна розробка програмного забезпечення в Agile проектах...
ОЛЬГА АКСЬОНЕНКО «Безпечна розробка програмного забезпечення в Agile проектах...GoQA
 
Secure Web Servers Protecting Web Sites That Are Accessed By ...
Secure Web Servers Protecting Web Sites That Are Accessed By ...Secure Web Servers Protecting Web Sites That Are Accessed By ...
Secure Web Servers Protecting Web Sites That Are Accessed By ...webhostingguy
 
Security model-of-sip-d2-05 at kishore
Security model-of-sip-d2-05 at kishoreSecurity model-of-sip-d2-05 at kishore
Security model-of-sip-d2-05 at kishoreAT Kishore
 
TUD CS4105 | 2015 | Lecture 1
TUD CS4105 | 2015 | Lecture 1TUD CS4105 | 2015 | Lecture 1
TUD CS4105 | 2015 | Lecture 1Eelco Visser
 
Matteo Meucci Software Security in practice - Aiea torino - 30-10-2015
Matteo Meucci Software Security in practice - Aiea torino - 30-10-2015Matteo Meucci Software Security in practice - Aiea torino - 30-10-2015
Matteo Meucci Software Security in practice - Aiea torino - 30-10-2015Minded Security
 
Scada Industrial Control Systems Penetration Testing
Scada Industrial Control Systems Penetration Testing Scada Industrial Control Systems Penetration Testing
Scada Industrial Control Systems Penetration Testing Yehia Mamdouh
 
Luminus – CES 2012.mtg 11 10 11
Luminus – CES 2012.mtg 11 10 11Luminus – CES 2012.mtg 11 10 11
Luminus – CES 2012.mtg 11 10 11Cat Virca
 
Azaz_Sharepoint & Security_Admin
Azaz_Sharepoint & Security_AdminAzaz_Sharepoint & Security_Admin
Azaz_Sharepoint & Security_AdminSun Infosystems Pvt. Ltd.
 
Secure Web Servers Protecting Web Sites That Are Accessed By ...
Secure Web Servers Protecting Web Sites That Are Accessed By ...Secure Web Servers Protecting Web Sites That Are Accessed By ...
Secure Web Servers Protecting Web Sites That Are Accessed By ...webhostingguy
 
WIRELESS COMPUTING AND IT ECOSYSTEMS
WIRELESS COMPUTING AND IT ECOSYSTEMSWIRELESS COMPUTING AND IT ECOSYSTEMS
WIRELESS COMPUTING AND IT ECOSYSTEMScscpconf
 
Session 1: Windows 8 with Gerry Tessier
Session 1: Windows 8 with Gerry TessierSession 1: Windows 8 with Gerry Tessier
Session 1: Windows 8 with Gerry TessierCTE Solutions Inc.
 
Best CCNP (ENCOR 350 - 701) Training at NS3EDU
Best CCNP (ENCOR 350 - 701) Training at NS3EDUBest CCNP (ENCOR 350 - 701) Training at NS3EDU
Best CCNP (ENCOR 350 - 701) Training at NS3EDUNs3Edu
 
Security+ Course Overview (2008)
Security+ Course Overview (2008)Security+ Course Overview (2008)
Security+ Course Overview (2008)GTS Learning, Inc.
 
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?PECB
 
Cloud Security vs Security in the Cloud
Cloud Security vs Security in the CloudCloud Security vs Security in the Cloud
Cloud Security vs Security in the CloudTjylen Veselyj
 
DoD IA Training Products, Tools Integration, and Operationalization
DoD IA Training Products, Tools Integration, and OperationalizationDoD IA Training Products, Tools Integration, and Operationalization
DoD IA Training Products, Tools Integration, and OperationalizationVICTOR MAESTRE RAMIREZ
 
102 Information security standards and specifications
102 Information security standards and specifications102 Information security standards and specifications
102 Information security standards and specificationsSsendiSamuel
 
New Horizons SCYBER Presentation
New Horizons SCYBER PresentationNew Horizons SCYBER Presentation
New Horizons SCYBER PresentationNew Horizons Computer Learning Centers / 5PE
 
2011 NASA Open Source Summit - Forge.mil
2011 NASA Open Source Summit - Forge.mil2011 NASA Open Source Summit - Forge.mil
2011 NASA Open Source Summit - Forge.milNASA Open Government Initiative
 
Saltzer principles.pptx
Saltzer principles.pptxSaltzer principles.pptx
Saltzer principles.pptxbekirm
 
Sudheendra
SudheendraSudheendra
SudheendraSudheendra P
 
Penetration testing dont just leave it to chance
Penetration testing dont just leave it to chancePenetration testing dont just leave it to chance
Penetration testing dont just leave it to chanceDr. Anish Cheriyan (PhD)
 
NSA and PT
NSA and PTNSA and PT
NSA and PTRahmat Suhatman
 
GridWise 2010 Cyber Security Update
GridWise 2010 Cyber Security UpdateGridWise 2010 Cyber Security Update
GridWise 2010 Cyber Security UpdateAndy Bochman
 
Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0Cloud Standards Customer Council
 
Server 2008 Project
Server 2008 ProjectServer 2008 Project
Server 2008 Projectwsolomoniv
 
Privacy audittalkfinal
Privacy audittalkfinalPrivacy audittalkfinal
Privacy audittalkfinalAlan Hartman
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfJayanti Pande
 
Disha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfDisha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfchloefrazer622
 

Contenu connexe

Similaire à ISACA T&T Training Week Course Outline

Secure Web Servers Protecting Web Sites That Are Accessed By ...
Secure Web Servers Protecting Web Sites That Are Accessed By ...Secure Web Servers Protecting Web Sites That Are Accessed By ...
Secure Web Servers Protecting Web Sites That Are Accessed By ...webhostingguy
 
WIRELESS COMPUTING AND IT ECOSYSTEMS
WIRELESS COMPUTING AND IT ECOSYSTEMSWIRELESS COMPUTING AND IT ECOSYSTEMS
WIRELESS COMPUTING AND IT ECOSYSTEMScscpconf
 
Session 1: Windows 8 with Gerry Tessier
Session 1: Windows 8 with Gerry TessierSession 1: Windows 8 with Gerry Tessier
Session 1: Windows 8 with Gerry TessierCTE Solutions Inc.
 
Best CCNP (ENCOR 350 - 701) Training at NS3EDU
Best CCNP (ENCOR 350 - 701) Training at NS3EDUBest CCNP (ENCOR 350 - 701) Training at NS3EDU
Best CCNP (ENCOR 350 - 701) Training at NS3EDUNs3Edu
 
Security+ Course Overview (2008)
Security+ Course Overview (2008)Security+ Course Overview (2008)
Security+ Course Overview (2008)GTS Learning, Inc.
 
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?PECB
 
Cloud Security vs Security in the Cloud
Cloud Security vs Security in the CloudCloud Security vs Security in the Cloud
Cloud Security vs Security in the CloudTjylen Veselyj
 
DoD IA Training Products, Tools Integration, and Operationalization
DoD IA Training Products, Tools Integration, and OperationalizationDoD IA Training Products, Tools Integration, and Operationalization
DoD IA Training Products, Tools Integration, and OperationalizationVICTOR MAESTRE RAMIREZ
 
102 Information security standards and specifications
102 Information security standards and specifications102 Information security standards and specifications
102 Information security standards and specificationsSsendiSamuel
 
Saltzer principles.pptx
Saltzer principles.pptxSaltzer principles.pptx
Saltzer principles.pptxbekirm
 
Penetration testing dont just leave it to chance
Penetration testing dont just leave it to chancePenetration testing dont just leave it to chance
Penetration testing dont just leave it to chanceDr. Anish Cheriyan (PhD)
 
GridWise 2010 Cyber Security Update
GridWise 2010 Cyber Security UpdateGridWise 2010 Cyber Security Update
GridWise 2010 Cyber Security UpdateAndy Bochman
 
Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0Cloud Standards Customer Council
 
Server 2008 Project
Server 2008 ProjectServer 2008 Project
Server 2008 Projectwsolomoniv
 
Privacy audittalkfinal
Privacy audittalkfinalPrivacy audittalkfinal
Privacy audittalkfinalAlan Hartman
 

Similaire à ISACA T&T Training Week Course Outline (20)

Azaz_Sharepoint & Security_Admin
Azaz_Sharepoint & Security_AdminAzaz_Sharepoint & Security_Admin
Azaz_Sharepoint & Security_Admin
 
Secure Web Servers Protecting Web Sites That Are Accessed By ...
Secure Web Servers Protecting Web Sites That Are Accessed By ...Secure Web Servers Protecting Web Sites That Are Accessed By ...
Secure Web Servers Protecting Web Sites That Are Accessed By ...
 
WIRELESS COMPUTING AND IT ECOSYSTEMS
WIRELESS COMPUTING AND IT ECOSYSTEMSWIRELESS COMPUTING AND IT ECOSYSTEMS
WIRELESS COMPUTING AND IT ECOSYSTEMS
 
Session 1: Windows 8 with Gerry Tessier
Session 1: Windows 8 with Gerry TessierSession 1: Windows 8 with Gerry Tessier
Session 1: Windows 8 with Gerry Tessier
 
Best CCNP (ENCOR 350 - 701) Training at NS3EDU
Best CCNP (ENCOR 350 - 701) Training at NS3EDUBest CCNP (ENCOR 350 - 701) Training at NS3EDU
Best CCNP (ENCOR 350 - 701) Training at NS3EDU
 
Security+ Course Overview (2008)
Security+ Course Overview (2008)Security+ Course Overview (2008)
Security+ Course Overview (2008)
 
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?
 
Cloud Security vs Security in the Cloud
Cloud Security vs Security in the CloudCloud Security vs Security in the Cloud
Cloud Security vs Security in the Cloud
 
DoD IA Training Products, Tools Integration, and Operationalization
DoD IA Training Products, Tools Integration, and OperationalizationDoD IA Training Products, Tools Integration, and Operationalization
DoD IA Training Products, Tools Integration, and Operationalization
 
102 Information security standards and specifications
102 Information security standards and specifications102 Information security standards and specifications
102 Information security standards and specifications
 
New Horizons SCYBER Presentation
New Horizons SCYBER PresentationNew Horizons SCYBER Presentation
New Horizons SCYBER Presentation
 
2011 NASA Open Source Summit - Forge.mil
2011 NASA Open Source Summit - Forge.mil2011 NASA Open Source Summit - Forge.mil
2011 NASA Open Source Summit - Forge.mil
 
Saltzer principles.pptx
Saltzer principles.pptxSaltzer principles.pptx
Saltzer principles.pptx
 
Sudheendra
SudheendraSudheendra
Sudheendra
 
Penetration testing dont just leave it to chance
Penetration testing dont just leave it to chancePenetration testing dont just leave it to chance
Penetration testing dont just leave it to chance
 
NSA and PT
NSA and PTNSA and PT
NSA and PT
 
GridWise 2010 Cyber Security Update
GridWise 2010 Cyber Security UpdateGridWise 2010 Cyber Security Update
GridWise 2010 Cyber Security Update
 
Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0
 
Server 2008 Project
Server 2008 ProjectServer 2008 Project
Server 2008 Project
 
Privacy audittalkfinal
Privacy audittalkfinalPrivacy audittalkfinal
Privacy audittalkfinal
 

Dernier

Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfJayanti Pande
 
Disha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfDisha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfchloefrazer622
 
9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room servicediscovermytutordmt
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Krashi Coaching
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeThiyagu K
 
fourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writingfourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writingTeacherCyreneCayanan
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpinRaunakKeshri1
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3JemimahLaneBuaron
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactPECB
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Sapana Sha
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfSoniaTolstoy
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhikauryashika82
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Celine George
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingTechSoup
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13Steve Thomason
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
social pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajansocial pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajanpragatimahajan3
 

Dernier (20)

Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdf
 
Disha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfDisha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdf
 
9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 
fourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writingfourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writing
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpin
 
Advance Mobile Application Development class 07
Advance Mobile Application Development class 07Advance Mobile Application Development class 07
Advance Mobile Application Development class 07
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
social pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajansocial pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajan
 

ISACA T&T Training Week Course Outline

  • 1. COURSE OUTLINE Training Week 2012 May 7-11 2012 Hyatt Regency Port of Spain, Trinidad, W.I.
  • 2. FACILITATOR’S BIO John Tannahill, CA, CISM, CGEIT, CRISC is a management consultant specializing in information security and audit services. His current focus is on information security management and control in large information systems environments and networks. His specific areas of technical expertise inclu de UNIX and Windows operating system security, include network security, and Oracle and Microsoft SQL Server security. John is a frequent speaker in Canada, Europe and the US on the subject of information security and audit. He is a member of the Toronto ISACA Cha pter and has spoken at many ISACA Chapter Conferences and Chapter Events including ISACA Training Weeks; North America CACS; EuroCACS; Asia- Pacific CACS; International and Network and Information Security Conferences. John is the 2008 Recipient of the ISACA John KuyerBest Speaker/Best Conference Best Contributor Award. Prior speaking engagements include: ngagements  ISACA Chapter seminars (e.g. Toronto, Pittsburgh, Houston, Washington , Trinidad & Tobago)  ISACA Training Weeks (2001 present) (2001-  ISACA NACACS, EuroCACS, Asia -Pacific CACS Conferences  ISACA Information Security Management Conferences  ISACA International Conferences  CSI Annual Computer Security Conference (2009)  Presented many in-house 1 house 1-day – 5-day seminars 2 Page Training Week 2012. May 7-11 2012.Hyatt Regency Trinidad, W.I. Regency.
  • 3. SESSION ABSTRACTS INTRODUCTION TO ETHICAL HACKING & FIREWALL SECURITY: 2 DAYS (HANDS-ON) This session will provide participants with a practical methodology and approach to performing ethical hacking assessments, and will include testing firewall security design and control. Detailed exercises and demonstrations of tools and techniques used will allow the participant to evaluate network vulnerabilities and identify key control recommendations that should be implemented to address the issues. SESSION HIGHLIGHTS  Hands-on environment used for  Sample assessment report outline demonstration & discussion purposes  Listing of reference material for ethical  Detailed discussion of output and results hacking assessment methodologies, obtained from each part of the assessment techniques and tools 1. NETWORK DISCOVERY AND FOOTPRINT  Network Address Spaces (DNS, IP Address  Information Gathering Tools (e.g. SNMP Blocks) information)  Ping Sweep Techniques; Firewalking etc.  Use of Search Engines such as Google and other Web-based resources 2. TCP/IP SERVICE IDENTIFICATION AND ENUMERATION  Port Scanning Techniques (tcp; udp and  Other Port Scanning, Fingerprinting and icmp scanning) Service Identification Tools such as amap (application fingerprinting) and netcat  Use of Nmap(including NSE – Nmap Scripting Engine)  Advanced scanning techniques and tools (including use of Hping and other packet crafting tools) 3. ETHICAL HACKING – IDENTIFY AND EXPLOITING VULNERABILITIES  Vulnerability identification tools and  Testing web applications techniques (including configuration and use of network testing tools such as OpenVAS)  Testing vulnerabilities in Unix and Windows operating systems using tailored scripts and  Use of NIST National Vulnerability Database OS-specific tools (NVD) and related resources  Using the Metasploit Framework  Testing firewalls including configuration and rules assessments  Effective reporting and risk-ranking of assessment results  Testing specific TCP/IP Services e.g. web 3 servers Page Training Week 2012.May 7-11 2012.Hyatt Regency. Trinidad, W.I.
  • 4. UNDERSTANDING AND SECURING WINDOWS 2008: 2 DAYS (HANDS-ON) This session will focus on the audit and security issues related to the use of the Windows 2008 Server Operating System. SESSION HIGHLIGHTS  Understand Windows 2008 architecture and  Demonstration of Windows 2008 security security components and audit tools  Use of Windows 2008 server operating  Demonstration of Windows 2008 Server systems to demonstrate key security security features, including default security features settings, security hardening steps and use of the Group Policy 1. WINDOWS 2008 CONCEPTS  Overview of Windows 2008  Build and Deployment Processes  Server Versions  Configuration Management  Service Packs & Hotfixes  Patch Management 2. UNDERSTANDING WINDOWS 2008 SECURITY COMPONENTS  Active Directory Services (ADS)  Security Configuration  Group Policy Objects (GPO) 3. WINDOWS 2008 SECURITY AND CONTROL  Security Baselines  Privilege Management  Active Directory Security  Network Share Security  Windows 2008 Domains  Directory & File Permissions  Trust Relationship Mechanisms  Registry Security  Group Policy Objects (GPO)  Security Event Logs  User Accounts  Windows Services  Authentication Controls  Network Security  User Rights  Security Administration  Groups 4. AUDITING THE WINDOWS 2008 ENVIRONMENT  Audit Objectives  Automated Tools/ Scripts for Audit Testing  Auditing Domain Controllers  Approach to Windows 2008 Security Audit  Auditing Member Servers 5. SECURITY AND AUDIT TOOLS & TECHNIQUES  Windows 2008 Resource Kit  Demonstration of Windows 2008 Security & Audit Tools 4 Page Training Week 2012.May 7-11 2012.Hyatt Regency. Trinidad, W.I.
  • 5. UNDERSTANDING AND SECURING WIRELESS & MOBILE TECHNOLOGIES: 1 DAY(SEMINAR) This seminar will focus on the audit and security issues related to the use of Wireless and Mobile Technologies. SESSION HIGHLIGHTS  Detailed discussion of Wireless Network  Demonstration and discussion of security Security Issues and audit tools and techniques  Live wireless LAN environment used in class to demonstrate key concepts and security/audit areas /steps 1. UNDERSTANDING WIRELE SS & MOBILE TECHNOLOGIES  Wireless LANs (WLAN)  Bluetooth Technology and Security (IEEE 802.15)  Wireless LAN standards and current implementations - IEEE 802.11g;  Other Wireless Technologies (e.g. Wi- 802.11n technologies and security Max – 802.16) mechanisms  Mobile Technologies – Blackberry;  Wi-Fi Protected Access (WPA/WPA2) iPhone; iPAD; Android; USB and removable media 2. UNDERSTANDING WIRELE SS & MOBILE TECHNOLOGY THREATS AND RISKS  WLAN Access Point Security  Fake Access Points  War Driving  Traffic Capture and Analysis  Unauthorized Network Access  Bluetooth Threats  Rogue Access Points  Theft / Loss of Client Devices 3. SECURING & AUDITING WIRELESS & MOBILE TE CHNOLOGIES  Authentication and Encryption  Wireless Security Policy and Standards  VPN, Firewall and IDS measures  Mobile Technology Security Standards  Wireless Security Assessment  Wireless & Mobile Technology Risk  Auditing a WLAN environment Assessment  Wireless Client Security  Secure Wireless Architecture, Design  Bluetooth Security Configuration and Deployment  Mobile Device Configuration Security  Access Point Security 4. SECURITY AND AUDIT TOOLS & TECHNIQUES  Demonstration of wireless security and audit tools and techniques, including Kismet, Aircrack; Bluetooth Assessment tools etc 5  Useful reference material Page Training Week 2012.May 7-11 2012.Hyatt Regency. Trinidad, W.I.