This course defines the components of access control, provides a business framework for implementation, and discusses legal requirements that impact access control programs. It looks at the risks, threats, and vulnerabilities prevalent in information systems and IT infrastructures and how to handle them. It provides learners a professional resource detailing how to put access control systems to work in addition to how to test and manage them.

In addition to premium instructional content from Jones & Bartlett Learning’s comprehensive Information Systems Security and Assurance (ISSA) curriculum, this course provides access to a customized “virtual sandbox” learning environment that aggregates an unparalleled spectrum of cybersecurity applications. Providing instant, unscheduled access to labs from the convenience of a web-browser, this course allows you to practice “white hat” hacking on a real IT infrastructure—these are not simulations. Winner of the “Security Training and Educational Programs” top prize at the prestigious 2013 Global Excellence Awards by Info Security Products Guide, the industry’s leading information security research and advisory guide, these labs provide valuable exposure to complex, real world challenges and over 200 hours of training exercises on how hackers and perpetrators use these applications and tools.

Certification:

This course covers content within the following industry certification exams:

  • System Security Certified Practitioner (SSCP) – two content domains covered
  •  Certified Information Systems Security Professional (CISSP) – four content domains covered
  •  Security + – one content domain covered
  •  National Institute of Standards and Technology (NIST) – five content domains covered
  •  8570.01 – two content domains covered

Course Duration:

5 days

What You’ll Learn

  • Define authorization and access to an IT infrastructure based on an access control policy framework
  • Mitigate risk to an IT infrastructure’s confidentiality, integrity, and availability with sound access controls
  • Analyze how a data classification standard impacts an IT infrastructure’s access control requirements and implementation
  • Develop an access control policy framework consisting of best practices for policies, standards, procedures, and guidelines to mitigate unauthorized access
  • Define proper security controls within the user domain to mitigate risks and threats caused by human behavior
  • Implement appropriate access controls for information systems within IT infrastructures
  • Design appropriate authentication solutions throughout an IT infrastructure based on user types and data classification standards
  • Implement a secure remote access solution
  • Implement PKI and encryption solutions to ensure the confidentiality of business communications
  • Mitigate risk from unauthorized access to IT systems through proper testing and reporting

 Who Needs to Attend

Information security analysts

Prerequisites

General knowledge of networking and management information systems

 Course Outline

1. The Need for Access Control Systems

  • Access Control Framework
  • Assessing Risk and Its Impact on Access Control
  • Business Drivers for Access Controls
  • Access Controls Law, Policies, and Standards
  • Security Breaches and the Law

2. Mitigating Risk with Access Control Systems, Authentication, and PKI

  • Mapping Business Challenges to Access Control Types
  • Human Nature and Organizational Behavior
  • Access Control for Information Systems
  • Physical Security and Access Control
  • Access Control in the Enterprise

3. Implementing, Testing, and Managing Access Control Systems

  • Access Control System Implementations
  • Access Control Solutions for Remote Workers
  • Public Key Infrastructure and Encryption
  • Testing Access Control Systems
  • Access Control Assurance

Labs

Lab 1: Assess the Impact on Access Controls for a Regulatory Case Study

Lab 2: Design Infrastructure Access Controls for a Network Diagram

Lab 3: Identify & Classify Data for Access Control Requirements

Lab 4: Implement Organizational-Wide Network and WLAN Access Controls

Lab 5: Enhance Security Controls for Access to Sensitive Data

Lab 6: Enhance Security Controls Leveraging Group Policy Objects

Lab 7: Design a Multi-factor Authentication Process

Lab 8: Align Appropriate PKI Solutions Based on Remote Access and Data Sensitivity

Lab 9: Apply Encryption to Mitigate Risk Exposure

Lab 10: Use Reconnaissance, Probing, & Scanning to Identify Servers and Hosts

Software used in these labs include:Microsoft Assessment and Planning (MAP) Toolkit, Microsoft users and Computers, Active Directory Users and Computers, Microsoft Group Policy Management Tool, Windows Firewall, and GNU Privacy Guard (GnuPG). Please note that software may be updated or changed to keep pace with new data in the field.