SlideShare una empresa de Scribd logo
1 de 5
Descargar para leer sin conexión
COURSE OUTLINE

    Training Week 2012
       May 7-11 2012


       Hyatt Regency
Port of Spain, Trinidad, W.I.
FACILITATOR’S BIO



                   John Tannahill, CA, CISM, CGEIT, CRISC is a management
                   consultant specializing in information security and audit
                   services. His current focus is on information security
                   management and control in large information systems
                   environments and networks. His specific areas of technical
                   expertise inclu de UNIX and Windows operating system security,
                             include
                   network security, and Oracle and Microsoft SQL Server security.
John is a frequent speaker in Canada, Europe and the US on the subject of
information security and audit.

He is a member of the Toronto ISACA Cha pter and has spoken at many ISACA
                                      Chapter
Conferences and Chapter Events including ISACA Training Weeks; North America
CACS; EuroCACS; Asia- Pacific CACS; International and Network and Information
Security Conferences.

John is the 2008 Recipient of the ISACA John KuyerBest Speaker/Best Conference
                                                  Best
Contributor Award.

Prior speaking engagements include:
                ngagements

   ISACA Chapter seminars (e.g. Toronto, Pittsburgh, Houston, Washington ,
    Trinidad & Tobago)
   ISACA Training Weeks (2001 present)
                          (2001-
   ISACA NACACS, EuroCACS, Asia -Pacific CACS Conferences
   ISACA Information Security Management Conferences
   ISACA International Conferences
   CSI Annual Computer Security Conference (2009)
   Presented many in-house 1
                       house 1-day – 5-day seminars
                                                                                              2
                                                                                              Page




                             Training Week 2012. May 7-11 2012.Hyatt Regency Trinidad, W.I.
                                                                     Regency.
SESSION ABSTRACTS

INTRODUCTION TO ETHICAL HACKING & FIREWALL SECURITY:                              2 DAYS (HANDS-ON)

This session will provide participants with a practical methodology and approach to performing ethical
hacking assessments, and will include testing firewall security design and control. Detailed exercises and
demonstrations of tools and techniques used will allow the participant to evaluate network vulnerabilities
and identify key control recommendations that should be implemented to address the issues.

                                        SESSION HIGHLIGHTS


 Hands-on environment used for                           Sample assessment report outline
  demonstration & discussion purposes                     Listing of reference material for ethical
 Detailed discussion of output and results                hacking assessment methodologies,
  obtained from each part of the assessment                techniques and tools

1. NETWORK DISCOVERY AND FOOTPRINT

 Network Address Spaces (DNS, IP Address                 Information Gathering Tools (e.g. SNMP
  Blocks)                                                  information)
 Ping Sweep Techniques; Firewalking etc.                 Use of Search Engines such as Google and
                                                           other Web-based resources

2. TCP/IP SERVICE IDENTIFICATION AND ENUMERATION

 Port Scanning Techniques (tcp; udp and                  Other Port Scanning, Fingerprinting and
  icmp scanning)                                           Service Identification Tools such as amap
                                                           (application fingerprinting) and netcat
 Use of Nmap(including NSE – Nmap
  Scripting Engine)                                       Advanced scanning techniques and tools
                                                           (including use of Hping and other packet
                                                           crafting tools)

3. ETHICAL HACKING – IDENTIFY AND EXPLOITING VULNERABILITIES

 Vulnerability identification tools and                  Testing web applications
  techniques (including configuration and use
  of network testing tools such as OpenVAS)               Testing vulnerabilities in Unix and Windows
                                                           operating systems using tailored scripts and
 Use of NIST National Vulnerability Database              OS-specific tools
  (NVD) and related resources
                                                          Using the Metasploit Framework
 Testing firewalls including configuration and
  rules assessments                                       Effective reporting and risk-ranking of
                                                           assessment results
 Testing specific TCP/IP Services e.g. web
                                                                                                             3



  servers
                                                                                                             Page




                                      Training Week 2012.May 7-11 2012.Hyatt Regency. Trinidad, W.I.
UNDERSTANDING AND SECURING WINDOWS 2008:                                         2 DAYS (HANDS-ON)

This session will focus on the audit and security issues related to the use of the Windows 2008 Server
Operating System.

                                        SESSION HIGHLIGHTS
 Understand Windows 2008 architecture and               Demonstration of Windows 2008 security
  security components                                     and audit tools
 Use of Windows 2008 server operating                   Demonstration of Windows 2008 Server
  systems to demonstrate key security                     security features, including default security
  features                                                settings, security hardening steps and use of
                                                          the Group Policy


1. WINDOWS 2008 CONCEPTS

 Overview of Windows 2008                               Build and Deployment Processes
 Server Versions                                        Configuration Management
 Service Packs & Hotfixes                               Patch Management

2. UNDERSTANDING WINDOWS 2008 SECURITY COMPONENTS
 Active Directory Services (ADS)                        Security Configuration
 Group Policy Objects (GPO)

3. WINDOWS 2008 SECURITY AND CONTROL
   Security Baselines                                      Privilege Management
   Active Directory Security                               Network Share Security
   Windows 2008 Domains                                    Directory & File Permissions
   Trust Relationship Mechanisms                           Registry Security
   Group Policy Objects (GPO)                              Security Event Logs
   User Accounts                                           Windows Services
   Authentication Controls                                 Network Security
   User Rights                                             Security Administration
   Groups

4. AUDITING THE WINDOWS 2008 ENVIRONMENT
 Audit Objectives                                       Automated Tools/ Scripts for Audit Testing
 Auditing Domain Controllers                            Approach to Windows 2008 Security Audit
 Auditing Member Servers

5. SECURITY AND AUDIT TOOLS & TECHNIQUES
                                                         Windows 2008 Resource Kit
 Demonstration of Windows 2008 Security &
  Audit Tools
                                                                                                          4
                                                                                                          Page




                                     Training Week 2012.May 7-11 2012.Hyatt Regency. Trinidad, W.I.
UNDERSTANDING AND SECURING WIRELESS & MOBILE TECHNOLOGIES: 1 DAY(SEMINAR)

This seminar will focus on the audit and security issues related to the use of Wireless and Mobile
Technologies.

                                        SESSION HIGHLIGHTS
 Detailed discussion of Wireless Network                 Demonstration and discussion of security
  Security Issues                                          and audit tools and techniques

 Live wireless LAN environment used in class
  to demonstrate key concepts and
  security/audit areas /steps

1. UNDERSTANDING WIRELE SS & MOBILE TECHNOLOGIES

    Wireless LANs (WLAN)                                     Bluetooth Technology and Security
                                                               (IEEE 802.15)
    Wireless LAN standards and current
     implementations - IEEE 802.11g;                          Other Wireless Technologies (e.g. Wi-
     802.11n technologies and security                         Max – 802.16)
     mechanisms
                                                              Mobile Technologies – Blackberry;
    Wi-Fi Protected Access (WPA/WPA2)                         iPhone; iPAD; Android; USB and
                                                               removable media

2. UNDERSTANDING WIRELE SS & MOBILE TECHNOLOGY THREATS AND RISKS

       WLAN Access Point Security                              Fake Access Points
       War Driving                                             Traffic Capture and Analysis
       Unauthorized Network Access                             Bluetooth Threats
       Rogue Access Points                                     Theft / Loss of Client Devices

3. SECURING & AUDITING WIRELESS & MOBILE TE CHNOLOGIES

                                                                Authentication and Encryption
    Wireless Security Policy and Standards                     VPN, Firewall and IDS measures
    Mobile Technology Security Standards                       Wireless Security Assessment
    Wireless & Mobile Technology Risk                          Auditing a WLAN environment
     Assessment                                                 Wireless Client Security
    Secure Wireless Architecture, Design                       Bluetooth Security Configuration
     and Deployment                                             Mobile Device Configuration Security
    Access Point Security

4. SECURITY AND AUDIT TOOLS & TECHNIQUES

    Demonstration of wireless security and audit tools and techniques, including Kismet, Aircrack;
     Bluetooth Assessment tools etc
                                                                                                        5




    Useful reference material
                                                                                                        Page




                                      Training Week 2012.May 7-11 2012.Hyatt Regency. Trinidad, W.I.

Más contenido relacionado

Similar a ISACA T&T Training Week Course Outline

Secure Web Servers Protecting Web Sites That Are Accessed By ...
Secure Web Servers Protecting Web Sites That Are Accessed By ...Secure Web Servers Protecting Web Sites That Are Accessed By ...
Secure Web Servers Protecting Web Sites That Are Accessed By ...webhostingguy
 
WIRELESS COMPUTING AND IT ECOSYSTEMS
WIRELESS COMPUTING AND IT ECOSYSTEMSWIRELESS COMPUTING AND IT ECOSYSTEMS
WIRELESS COMPUTING AND IT ECOSYSTEMScscpconf
 
Session 1: Windows 8 with Gerry Tessier
Session 1: Windows 8 with Gerry TessierSession 1: Windows 8 with Gerry Tessier
Session 1: Windows 8 with Gerry TessierCTE Solutions Inc.
 
Best CCNP (ENCOR 350 - 701) Training at NS3EDU
Best CCNP (ENCOR 350 - 701) Training at NS3EDUBest CCNP (ENCOR 350 - 701) Training at NS3EDU
Best CCNP (ENCOR 350 - 701) Training at NS3EDUNs3Edu
 
Security+ Course Overview (2008)
Security+ Course Overview (2008)Security+ Course Overview (2008)
Security+ Course Overview (2008)GTS Learning, Inc.
 
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?PECB
 
Cloud Security vs Security in the Cloud
Cloud Security vs Security in the CloudCloud Security vs Security in the Cloud
Cloud Security vs Security in the CloudTjylen Veselyj
 
DoD IA Training Products, Tools Integration, and Operationalization
DoD IA Training Products, Tools Integration, and OperationalizationDoD IA Training Products, Tools Integration, and Operationalization
DoD IA Training Products, Tools Integration, and OperationalizationVICTOR MAESTRE RAMIREZ
 
102 Information security standards and specifications
102 Information security standards and specifications102 Information security standards and specifications
102 Information security standards and specificationsSsendiSamuel
 
Saltzer principles.pptx
Saltzer principles.pptxSaltzer principles.pptx
Saltzer principles.pptxbekirm
 
Penetration testing dont just leave it to chance
Penetration testing dont just leave it to chancePenetration testing dont just leave it to chance
Penetration testing dont just leave it to chanceDr. Anish Cheriyan (PhD)
 
GridWise 2010 Cyber Security Update
GridWise 2010 Cyber Security UpdateGridWise 2010 Cyber Security Update
GridWise 2010 Cyber Security UpdateAndy Bochman
 
Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0Cloud Standards Customer Council
 
Server 2008 Project
Server 2008 ProjectServer 2008 Project
Server 2008 Projectwsolomoniv
 
Privacy audittalkfinal
Privacy audittalkfinalPrivacy audittalkfinal
Privacy audittalkfinalAlan Hartman
 

Similar a ISACA T&T Training Week Course Outline (20)

Azaz_Sharepoint & Security_Admin
Azaz_Sharepoint & Security_AdminAzaz_Sharepoint & Security_Admin
Azaz_Sharepoint & Security_Admin
 
Secure Web Servers Protecting Web Sites That Are Accessed By ...
Secure Web Servers Protecting Web Sites That Are Accessed By ...Secure Web Servers Protecting Web Sites That Are Accessed By ...
Secure Web Servers Protecting Web Sites That Are Accessed By ...
 
WIRELESS COMPUTING AND IT ECOSYSTEMS
WIRELESS COMPUTING AND IT ECOSYSTEMSWIRELESS COMPUTING AND IT ECOSYSTEMS
WIRELESS COMPUTING AND IT ECOSYSTEMS
 
Session 1: Windows 8 with Gerry Tessier
Session 1: Windows 8 with Gerry TessierSession 1: Windows 8 with Gerry Tessier
Session 1: Windows 8 with Gerry Tessier
 
Best CCNP (ENCOR 350 - 701) Training at NS3EDU
Best CCNP (ENCOR 350 - 701) Training at NS3EDUBest CCNP (ENCOR 350 - 701) Training at NS3EDU
Best CCNP (ENCOR 350 - 701) Training at NS3EDU
 
Security+ Course Overview (2008)
Security+ Course Overview (2008)Security+ Course Overview (2008)
Security+ Course Overview (2008)
 
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?
 
Cloud Security vs Security in the Cloud
Cloud Security vs Security in the CloudCloud Security vs Security in the Cloud
Cloud Security vs Security in the Cloud
 
DoD IA Training Products, Tools Integration, and Operationalization
DoD IA Training Products, Tools Integration, and OperationalizationDoD IA Training Products, Tools Integration, and Operationalization
DoD IA Training Products, Tools Integration, and Operationalization
 
102 Information security standards and specifications
102 Information security standards and specifications102 Information security standards and specifications
102 Information security standards and specifications
 
New Horizons SCYBER Presentation
New Horizons SCYBER PresentationNew Horizons SCYBER Presentation
New Horizons SCYBER Presentation
 
2011 NASA Open Source Summit - Forge.mil
2011 NASA Open Source Summit - Forge.mil2011 NASA Open Source Summit - Forge.mil
2011 NASA Open Source Summit - Forge.mil
 
Saltzer principles.pptx
Saltzer principles.pptxSaltzer principles.pptx
Saltzer principles.pptx
 
Sudheendra
SudheendraSudheendra
Sudheendra
 
Penetration testing dont just leave it to chance
Penetration testing dont just leave it to chancePenetration testing dont just leave it to chance
Penetration testing dont just leave it to chance
 
NSA and PT
NSA and PTNSA and PT
NSA and PT
 
GridWise 2010 Cyber Security Update
GridWise 2010 Cyber Security UpdateGridWise 2010 Cyber Security Update
GridWise 2010 Cyber Security Update
 
Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0
 
Server 2008 Project
Server 2008 ProjectServer 2008 Project
Server 2008 Project
 
Privacy audittalkfinal
Privacy audittalkfinalPrivacy audittalkfinal
Privacy audittalkfinal
 

Último

Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104misteraugie
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK  LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK  LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfSoniaTolstoy
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Sapana Sha
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfchloefrazer622
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions  for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions  for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxNirmalaLoungPoorunde1
 
Privatization and Disinvestment - Meaning, Objectives, Advantages and Disadva...
Privatization and Disinvestment - Meaning, Objectives, Advantages and Disadva...Privatization and Disinvestment - Meaning, Objectives, Advantages and Disadva...
Privatization and Disinvestment - Meaning, Objectives, Advantages and Disadva...RKavithamani
 
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991RKavithamani
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 -  Danh muc Sach Giao Khoa 10 . pdf1029 -  Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdfQucHHunhnh
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactPECB
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxSayali Powar
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactdawncurless
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13Steve Thomason
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxGaneshChakor2
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionSafetyChain Software
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphThiyagu K
 

Último (20)

Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
 
Staff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSDStaff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSD
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK  LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK  LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdf
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions  for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions  for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptx
 
Privatization and Disinvestment - Meaning, Objectives, Advantages and Disadva...
Privatization and Disinvestment - Meaning, Objectives, Advantages and Disadva...Privatization and Disinvestment - Meaning, Objectives, Advantages and Disadva...
Privatization and Disinvestment - Meaning, Objectives, Advantages and Disadva...
 
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 -  Danh muc Sach Giao Khoa 10 . pdf1029 -  Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptx
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory Inspection
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot Graph
 

ISACA T&T Training Week Course Outline

  • 1. COURSE OUTLINE Training Week 2012 May 7-11 2012 Hyatt Regency Port of Spain, Trinidad, W.I.
  • 2. FACILITATOR’S BIO John Tannahill, CA, CISM, CGEIT, CRISC is a management consultant specializing in information security and audit services. His current focus is on information security management and control in large information systems environments and networks. His specific areas of technical expertise inclu de UNIX and Windows operating system security, include network security, and Oracle and Microsoft SQL Server security. John is a frequent speaker in Canada, Europe and the US on the subject of information security and audit. He is a member of the Toronto ISACA Cha pter and has spoken at many ISACA Chapter Conferences and Chapter Events including ISACA Training Weeks; North America CACS; EuroCACS; Asia- Pacific CACS; International and Network and Information Security Conferences. John is the 2008 Recipient of the ISACA John KuyerBest Speaker/Best Conference Best Contributor Award. Prior speaking engagements include: ngagements  ISACA Chapter seminars (e.g. Toronto, Pittsburgh, Houston, Washington , Trinidad & Tobago)  ISACA Training Weeks (2001 present) (2001-  ISACA NACACS, EuroCACS, Asia -Pacific CACS Conferences  ISACA Information Security Management Conferences  ISACA International Conferences  CSI Annual Computer Security Conference (2009)  Presented many in-house 1 house 1-day – 5-day seminars 2 Page Training Week 2012. May 7-11 2012.Hyatt Regency Trinidad, W.I. Regency.
  • 3. SESSION ABSTRACTS INTRODUCTION TO ETHICAL HACKING & FIREWALL SECURITY: 2 DAYS (HANDS-ON) This session will provide participants with a practical methodology and approach to performing ethical hacking assessments, and will include testing firewall security design and control. Detailed exercises and demonstrations of tools and techniques used will allow the participant to evaluate network vulnerabilities and identify key control recommendations that should be implemented to address the issues. SESSION HIGHLIGHTS  Hands-on environment used for  Sample assessment report outline demonstration & discussion purposes  Listing of reference material for ethical  Detailed discussion of output and results hacking assessment methodologies, obtained from each part of the assessment techniques and tools 1. NETWORK DISCOVERY AND FOOTPRINT  Network Address Spaces (DNS, IP Address  Information Gathering Tools (e.g. SNMP Blocks) information)  Ping Sweep Techniques; Firewalking etc.  Use of Search Engines such as Google and other Web-based resources 2. TCP/IP SERVICE IDENTIFICATION AND ENUMERATION  Port Scanning Techniques (tcp; udp and  Other Port Scanning, Fingerprinting and icmp scanning) Service Identification Tools such as amap (application fingerprinting) and netcat  Use of Nmap(including NSE – Nmap Scripting Engine)  Advanced scanning techniques and tools (including use of Hping and other packet crafting tools) 3. ETHICAL HACKING – IDENTIFY AND EXPLOITING VULNERABILITIES  Vulnerability identification tools and  Testing web applications techniques (including configuration and use of network testing tools such as OpenVAS)  Testing vulnerabilities in Unix and Windows operating systems using tailored scripts and  Use of NIST National Vulnerability Database OS-specific tools (NVD) and related resources  Using the Metasploit Framework  Testing firewalls including configuration and rules assessments  Effective reporting and risk-ranking of assessment results  Testing specific TCP/IP Services e.g. web 3 servers Page Training Week 2012.May 7-11 2012.Hyatt Regency. Trinidad, W.I.
  • 4. UNDERSTANDING AND SECURING WINDOWS 2008: 2 DAYS (HANDS-ON) This session will focus on the audit and security issues related to the use of the Windows 2008 Server Operating System. SESSION HIGHLIGHTS  Understand Windows 2008 architecture and  Demonstration of Windows 2008 security security components and audit tools  Use of Windows 2008 server operating  Demonstration of Windows 2008 Server systems to demonstrate key security security features, including default security features settings, security hardening steps and use of the Group Policy 1. WINDOWS 2008 CONCEPTS  Overview of Windows 2008  Build and Deployment Processes  Server Versions  Configuration Management  Service Packs & Hotfixes  Patch Management 2. UNDERSTANDING WINDOWS 2008 SECURITY COMPONENTS  Active Directory Services (ADS)  Security Configuration  Group Policy Objects (GPO) 3. WINDOWS 2008 SECURITY AND CONTROL  Security Baselines  Privilege Management  Active Directory Security  Network Share Security  Windows 2008 Domains  Directory & File Permissions  Trust Relationship Mechanisms  Registry Security  Group Policy Objects (GPO)  Security Event Logs  User Accounts  Windows Services  Authentication Controls  Network Security  User Rights  Security Administration  Groups 4. AUDITING THE WINDOWS 2008 ENVIRONMENT  Audit Objectives  Automated Tools/ Scripts for Audit Testing  Auditing Domain Controllers  Approach to Windows 2008 Security Audit  Auditing Member Servers 5. SECURITY AND AUDIT TOOLS & TECHNIQUES  Windows 2008 Resource Kit  Demonstration of Windows 2008 Security & Audit Tools 4 Page Training Week 2012.May 7-11 2012.Hyatt Regency. Trinidad, W.I.
  • 5. UNDERSTANDING AND SECURING WIRELESS & MOBILE TECHNOLOGIES: 1 DAY(SEMINAR) This seminar will focus on the audit and security issues related to the use of Wireless and Mobile Technologies. SESSION HIGHLIGHTS  Detailed discussion of Wireless Network  Demonstration and discussion of security Security Issues and audit tools and techniques  Live wireless LAN environment used in class to demonstrate key concepts and security/audit areas /steps 1. UNDERSTANDING WIRELE SS & MOBILE TECHNOLOGIES  Wireless LANs (WLAN)  Bluetooth Technology and Security (IEEE 802.15)  Wireless LAN standards and current implementations - IEEE 802.11g;  Other Wireless Technologies (e.g. Wi- 802.11n technologies and security Max – 802.16) mechanisms  Mobile Technologies – Blackberry;  Wi-Fi Protected Access (WPA/WPA2) iPhone; iPAD; Android; USB and removable media 2. UNDERSTANDING WIRELE SS & MOBILE TECHNOLOGY THREATS AND RISKS  WLAN Access Point Security  Fake Access Points  War Driving  Traffic Capture and Analysis  Unauthorized Network Access  Bluetooth Threats  Rogue Access Points  Theft / Loss of Client Devices 3. SECURING & AUDITING WIRELESS & MOBILE TE CHNOLOGIES  Authentication and Encryption  Wireless Security Policy and Standards  VPN, Firewall and IDS measures  Mobile Technology Security Standards  Wireless Security Assessment  Wireless & Mobile Technology Risk  Auditing a WLAN environment Assessment  Wireless Client Security  Secure Wireless Architecture, Design  Bluetooth Security Configuration and Deployment  Mobile Device Configuration Security  Access Point Security 4. SECURITY AND AUDIT TOOLS & TECHNIQUES  Demonstration of wireless security and audit tools and techniques, including Kismet, Aircrack; Bluetooth Assessment tools etc 5  Useful reference material Page Training Week 2012.May 7-11 2012.Hyatt Regency. Trinidad, W.I.