Breaches, cyberattacks and looming regulations have thrust Chief Information Security Officers into the spotlight.
No one can escape cyber attacks. The increasing number and impact of security incidents, and difficulty in finding trusted experts in this new art of war, has driven the demand for security professionals to an all-time high. Most organizations are devoting significant resources to the constant and ongoing vigilance necessary to protect their infrastructure and data. The growth of AI has compounded the conundrum. The courses in this Certificate prepare candidates to manage, lead, and support strategic, tactical, and operational, security initiatives.
Information technology security has been among the top ten management concerns since the 1980’s. 75% of the world is covered under privacy laws. Technologies such as computer networks, PCs, the web, and more recently SMAC (Social, Mobile, Analytics, Cloud) along with SCADA/Internet of Things, Blockchain, AI, Robotics, etc., continually bring new security considerations and challenges to organizations.
Today’s security teams face many challenges that enable sophisticated cyber attackers with an expanding attack surface, an explosion of data, the use of AI, and growing infrastructure complexity. These all impact security teams’ ability to safeguard data, manage user access, and quickly detect and respond to security threats.
AI-powered solutions are available to optimize analysts’ time by accelerating threat detection, expediting responses, and protecting user identity and datasets, while keeping cybersecurity teams in the loop and in charge.
These technologies in concert with changes in regulations, especially in light of the growth of valuable and sensitive information assets stored by organizations (e.g., individuals’ taxes, financial assets, medical records, job performance reviews, trade secrets, new product developments, and customer data), demand a strong focus on security management; the protection of data/information/knowledge.
The purpose of this certificate is to help organizations meet the increasing demand for information security professionals by preparing attendees via a comprehensive practical set of courses addressing the entire IT infrastructure (e.g., data, network, web, applications, systems), as well as the essential management, organizational, and legal considerations.
Select at least 4 courses from the following:
(All courses are available
face-to-face
,
online, blended/hybrid
)
Prior to taking any of these courses, candidates should have taken Fundamentals of Information Technology Management or its equivalent.
This 24 hour introduction to information security provides the foundation for understanding the planning and implementation of policies and procedures for protecting information assets, determining the levels of protection and response to security threats and incidents, and designing an appropriate information security system. It provides the foundation for all other courses in this certificate. Candidates will gain an overview of the field of information security and assurance, and will also learn the necessary knowledge to engage in information assurance activities and procedures. Coverage will include inspection and protection of information assets, detection of and reaction to threats to information assets, examination of pre- and post-incident procedures, technical and managerial responses, ransomware, and an overview of the information security planning and staffing functions. Instructors will also introduce the role of the Chief Information Security Management Officer (CISMO).
Candidates will also master risk management, security planning, and security policy enforcement and auditing activities. Candidates will learn about security guidelines, regulation and legal implications, and standards that apply in information security management, as well as information confidentiality, data integrity, and system availability. The course also presents related concepts such as privacy and business continuity planning. While emphasis is placed on managerial and operational security controls, the course also provides an overview of the current and emerging technical security controls (including AI) applied to access control, operating systems, applications, networks/web, cryptographic solutions, intrusion detection systems, physical security, wireless security, VPNs, digital forensics, and related topics.
The primary objectives of the course are to:
This prerequisite course or its equivalent is required prior to taking any of the other courses in this Certificate.
This 40 hour course offers a comprehensive guide for ethical hacking. An ethical hacker is defined as someone who uses the same methods as criminal attackers use to exploit vulnerabilities in a network accessible to them. The difference is that an ethical hacker performs these “attacks” in order to document whether a network can be breached by known vulnerabilities in order to mitigate the attack vector they expose.
Topics covered include:
This 40 hour course presents a detailed and methodological approach to computer forensics and evidence analysis. This will enable candidates to understand the often complex issues associated with investigating cyber-crimes, handling of digital evidence, detection methods and proof, in a variety of digital forensic contexts, including computers, networks and portable digital devices. Each module will build upon the knowledge gained from previous modules. This course will introduce cutting edge technologies and methodologies, alongside fundamental building blocks, allowing candidates to simultaneously understand the theory and practical aspects in dealing with digital investigations.
The primary topics covered in the course are intended to prepare candidates to:
This 40 hour course provides an in-depth understanding of how to effectively protect computers and computer networks. Candidates will learn the tools and penetration testing methodologies used by penetration testers. In addition, the course provides a thorough discussion of what and who a penetration tester is and how important they are in protecting corporate and government data from cyber-attacks. Candidates will learn updated computer security resources that describe new vulnerabilities and innovative methods to protect networks. Also covered is a thorough update of federal and state computer crime laws, as well as changes in penalties for illegal computer hacking.
The primary objectives of the course are to ensure candidates understand how:
The purpose of this 30 hour course (including either the .Net or Java course) is to provide candidates with a comprehensive understanding of what a Secure Development Process is. The candidates will learn secure programming concepts and techniques; learn how to identify key characteristics of secure code; learn how to use design patterns for secure code; learn how to build in a secure requirement process in the software life cycle from the beginning to the end; and learn how to write, test, and debug programs using secure programming techniques. Topics will include design principles, code snippets, and a simple explanation of each step as you work your way through the course.
The primary objectives of the course are to:
Security Considerations for Programming Language Courses
(select 1 of the following 2 courses to be included with the Security Programming course):
a. .Net
b. Java
This 24 hour course examines detailed aspects of incident response and contingency planning consisting of incident response planning, disaster recovery planning, and business continuity planning. Developing and executing plans to deal with incidents in the organization is a critical function in information security. This course focuses on the planning processes for all three areas of contingency planning, incident response, disaster recovery and business continuity, and the execution of response to human and non-human incidents in compliance with these policies.
Topics covered include:
This 40 hour course provides an understanding of the various methods in identifying business and technology vulnerabilities. In addition, this course outlines the appropriate countermeasures to mitigate risks and prevent failure. This course is designed to develop a solid foundation to various disaster recovery and business continuity principles, including the assessment of risks, the preparation of a disaster recovery plan, the development of policies and procedures, and an understanding of the roles and relationships within an organization that are recovering from a disaster and the implementation of a plan.
As an important part of a flexible and highly efficient disaster recovery plan, this course addresses the use of virtualization techniques that will assist in the development of an enterprise approach for disaster recovery and business continuity. An introduction to these techniques will be covered, as well as the importance of securing the virtual environments.
The approach used in this course is enterprise-wide and provides the methods for developing a quality and efficient disaster recovery and business continuity plan including the creation and management a secure network environment, establishing procedures and policies and how to restore that network in the unfortunate event of a disaster.
The primary objectives of the course are:
This 40 hour course offers a comprehensive guide for understanding information systems network security management. It provides an introduction to the fundamentals of network security, including compliance and operational security; threats and vulnerabilities; application, data, and host security; access control and identity management; and cryptography. The course covers new topics in network security as well, including psychological approaches to social engineering attacks, Web application attacks, penetration testing, data loss prevention, cloud computing security, and application programming development security.
Topics covered include:
IT organizations must be able to leverage new technologies. This course focuses on how organizations can effectively and efficiently assess trends and emerging SMAC (Social, Mobile, Analytics, Cloud), AI, and security technologies. Participants will learn how to help their organization define, select, and adopt new information technologies, while understanding the respective security implications. This course will introduce candidates to new directions in information systems and effective approaches for evaluating their relevance and applicability to their business environments as well as the new challenges and problems that they present, especially as they pertain to security. Candidates will learn about emerging technologies and the latest design trends in data and knowledge, networks and applications in terms of what issues they address and in particular, how organizations can exploit them for competitive advantage.
Topics include: Creating a business case for an emerging information technology, identifying factors affecting the successful adoption of new information technologies, identifying the key attributes, business benefits, risks, security implications, and cost factors of a new technology, knowing how to effectively use advanced search and selection metrics for identifying and selecting new technology, describing technology trends that presently drive or are expected to drive the selection of new technologies over the next decade and providing organizational structures and frameworks that guide the enhanced adoption and capitalization related to what new technologies and approaches can offer.
For candidates interested in IT management considerations and/or becoming a Certified Information Systems Auditor (CISA), this course, along with 4 security/auditing courses selected from the above courses, focuses on preparing experts skilled at assessing, securing and controlling strategic, tactical, and operational business and IT frameworks for an organization.
CISA Certification provides participants with a lifelong differentiator for security, IT and non-IT executives who wish to advance in their careers. This is an ideal path for those looking at a senior position in Information Systems auditing and security. This CISA course is highly recommended for IS/IT auditors, IT managers, Audit Managers, Security Managers, System Analysts, Consultants, CIOs, CTOs, and non-IT professionals.
As organizations engage in the digital transformation and focus their investments in leveraging information technology for competitive advantage and performance improvements, it is essential to understand how to effectively and efficiently manage their information technology resources. There are numerous choices to be made about managing IT resources and it is essential to ensure IT and non-IT executives across the firm work in harmony.
Experience has made it clear that firms need well-thought out organizational structures, skills, processes, and decision rights to ensure that the decisions about how to leverage IT investments are well thought out and integrated across the enterprise. This course will help candidates understand the fundamental decisions related to the management of IT resources and the types of organizational structures, sourcing, governance, and processes that will help effectively and efficiently attain value to the enterprise. It concentrates on developing the candidates’ competency in current/emerging issues in creating and coordinating the key activities necessary to manage the day-to-day tactical and operational IT functions of an enterprise, as IT becomes ingrained in all aspects of the business.
Topics include:
AI and machine learning are providing significant contributions to the efficiency and effectiveness of auditing (e.g., security, accounting, finance). This course, for both IT and auditing professionals, focuses on the application of AI to the essential practices employed by auditors to identify irregularities. Leveraging these AI auditing tools is enhancing the forensic analysis procedures used throughout every business and industry. Working with these tools enable auditors to select and analyze the right data to identify abnormalities. This course will prepare candidates on using Computer Aided Audit Tools (CAATs) such as ACL Robotics, Machine Learning, and Python to automate the auditing process. To visualize the results, visualization tools such as Tableau will also be covered.
This course focuses on the analysis and management of the information security infrastructure. Information security infrastructure consist of the organizational, process, and technology (e.g., data, applications, network, web, systems, operations) domains. The integration and effective management of the IT architecture is essential to appropriately respond to technical risk dynamics. The course will focus on evaluating the architectural domains and their integration. The course will rely on management research on information security, risk, IT strategic planning, and distributed computing. Candidates will learn the relationships between business requirements, technical requirements, and technical risk, and how to make the appropriate choices for risk mitigation. The course will provide insights on the continuous management of the information security function in organizations.
Candidates will understand the most important issues and topics in the huge area of infrastructure security. Topics include: Web and Internet security; Firewalls and IDS; application and database servers; input validation; session management; URL hacking; cyber graffiti; e-shoplifting; session hijacking; impersonation, buffer overflows; virus and worm attacks; Encryption techniques, (DES, AES, Contemporary Symmetric Ciphers, Public Key Cryptography and RSA); message authentication and hash functions; digital signatures and authentication protocols; IP security (IPsec); SNMP; e-mail security; secure socket layer (SSL) and transport layer security; intruder management; malicious software; authentication, authorization, access, and integrity; important security technologies such as cryptographic algorithms (symmetric and asymmetric encryption), SCADA, PKI, and digital certificates.
The course focuses on the management issues of security policies and security administration and describes how various security technologies and approaches can be applied to cybersecurity.
Recent natural, environmental, and “man-made” events have increased the need for organizations to develop strategies for mitigating, preparing for, responding to, and recovering from small and large scale emergencies (e.g., hurricanes, tsunamis, earthquakes, terrorism, unethical acts). In the context of a highly integrated global economy, nearly every business is likely to feel the effects of emergencies around the world, and in the face of intense competition, it is crucial that all businesses have a plan for continuing operations before, during, and after emergencies of all types.
This course presents the important considerations for business continuity and disaster recovery planning. It includes a comprehensive advanced business continuity planning and management workshop which is designed to teach practical methods to develop, test, and maintain a business continuity plan. This course is based on industry best practices and guidelines for business continuity, disaster recovery, and emergency management.
The purpose of this course is to provide an overview of the security initiatives (legal, ethical, and compliance) required by the existing and emerging computing environment while evaluating the controls in place or planned for meeting those requirements. This course examines every major aspect of the relationship between information security and the law at a level suitable for information security specialists and senior managers who supervise information security operations.
The course focuses on the substantive legal principles relating to information security with regard to both industry and government perspectives. It explores information security considerations as the repository of information that may be at issue in legal proceedings. In the United States the government requires that all federal systems have a customized security plan. In addition, the National Training Standard for Information Systems Security (INFOSEC) Professionals requires programs that meet this standard to produce security professionals capable of developing and supporting a security plan.
This course provides an introduction to security planning as recommended by NIST guidelines for developing security plans. Candidates are required to conduct a case study where a security plan is developed for their organization.
This 1-day business simulation focuses on deriving an information risk management strategy to protect against predators like Oceans99! The story is about a large exhibition in the Tokyo Museum. An important Bank is sponsoring this challenging event. During the preparation of this exhibition there is a rumor Oceans99 has made plans to steal the precious objects. We don’t know how Oceans99 wants to do this but the challenge for the team is to analyze possible risks, protect against threats, and to make the exhibition a success. Participants are part of the international team that will transport the objects from Amsterdam, London, and Las Vegas to the local airports, then fly the objects to Tokyo and transport them to the Tokyo museum were the objects will be exhibited for 4 months. During the preparation the team will develop an information security strategy/policy. This document will define the objectives, the risks/threats, the measures, and activities to manage the protection of the objects against theft. The plans will be implemented and maintained to keep the assurance levels. Would Oceans99 be able to execute their plans?
As organizations accelerate their digital transformation initiatives, they are focusing their investments in leveraging emerging information technologies for competitive advantage. It has become essential to understand how to effectively and efficiently manage an organization’s security resources, to reach these objectives. There are numerous strategic, tactical, and operational choices to be made about managing security resources and it is essential to ensure that IT and non-IT executives across the organization work in harmony.
Experience has made it clear that organizations need well-conceived organizational structures, skills, processes, and decision rights to ensure that information technologies and assets are appropriately secure as they are leveraged across the organization, especially when considering the impact that emerging information technologies is having.
This course prepares executives/professionals by providing a comprehensive understanding of the fundamental decisions related to cyber security. The course will also provide an overview of current and future relevant security related considerations and technologies, and the importance they play in organizations and associated stakeholders.
The course is designed to be delivered live/synchronously (face-to-face or online) with a total of twenty (20) contact hours. While the schedule is flexible, it is usually delivered in approximately ten (10) 2-hour modules/lectures/sessions.
The security topics include: