Center for Qualified CyberSecurity Excellence & Mastery

Get Q/ualified!

Qualified Network Security Policy Administrator & SOA Security Architect

How to architect, implement and secure your infrastructure with new NetCentric security SOA architecture, technologies and security usage policies & strategies to raise the level of information security and assurance in your organization.

This 5-day class provides a step by step way to take separate, diverse parts of your security technologies e.g., vulnerability penetration testing, anti-virus and incident response, certificates and network identity, firewalls, IDS (intrusion detection systems) and Forensics' investigations together into a cohesive and effective security policy and awareness program.

Learn how to build a program to reduce the Human Security gap in your company. Today's security policies need to build awareness of the potential problems while minimizing the cost of security incidents. Learn how to build a repeatable security architecture for web services, and create users policies that are well developed and accepted by all to raise the level of information security awareness in your enterprise.

After completing the security polices its time to bring the whole network together and deliver a secure infrastructure. You'll merge today's security technologies into your network with the assurance that your layering defense tactics and providing early warning systems. Bring together the separate, tactical, diverse parts of your network with the services, mechanisms, and objects that reflect security policies, business functions, and technologies into a process involving risk assessment, policy, awareness, technology and security management, and audit functions. Building a security architecture involves close examination of current business processes, technical capability, information security documentation, and existing risk. Students will leave this class with a document template outlining a best practice for an information security soa architecture framework.

When you're through, you'll have a comprehensive, roadmap understanding of SOA network security architecture techniques, tactics and policies that will take your organization into the future… safely.

The result? Advanced security architecture and policies that are custom-tailored to your organization's needs — and fleshed out with everything from a management approval process to implementation manuals.

Key topics:
•  Goals of Netcentric Operations
•  Identify the Components of a Basic SOA
•  Define Services Capable of Contributing to an SOA
•  Define a Security Business Model for SOA Development
•  Map Security Requirements to Specific Functions of an SOA
•  Develop a SOA SSAA and Appendixes
• Determining your organization's needs and recurring structure
• ROI and policies
• Creating manuals for implementation
• Maintaining security awareness and compliance

Who should attend:
CIOs with responsibility over information security, Network Administrators, Information Security Architects, Auditors, Consultants, and all others seeking to plan, implement, and manage an advanced information security policy program

Course Fee: $2,995
Learning Level Beginner to Advanced
Time: 8:30am - 4pm
Location: Click here to view the course schedule
CPE Credits: 40
Prerequisites: Basic understanding of information security

Course agenda:

Security Architecture Component Review
•  Defining an information security architecture
•  Critical information security domains
•  Determining your organizational needs
•  People, policy, process, and technology
•  Component dependencies
•  Information security program layers
•  Technical architecture models

Advanced Security Architecture Discussion
•  Awareness and training
•  Governance, compliance, and audit
•  Perimeter protection and countermeasures
•  Authentication, authorization, and accounting
•  Systems audit and event monitoring
•  Data availability, integrity, and confidentiality
•  Incident escalation and response
•  Operations, administration, and maintenance security
•  Application development and integration security
•  Continuity and recovery planning

Building the Plan
•  Information collection and amalgamation
•  Baseline assessments
•  Conducting reviews of existing infrastructure and processes
•  Performing gap analysis and risk assessments
•  Understanding synergistic relationships — policy, procedures, standards, and guidelines
•  Creating the architecture framework designs — logical, physical, process flow
•  Creating an integration roadmap — budgets, scheduling

Security Policies

Phase I — Establishing the Basics
What you'll need to know, and the organizational needs and practices you'll need to consider, when developing your overall security strategy.
• Defining policies, standards, and procedures
• Managing an information security program
• Determining organizational needs
• Government and commercial publications available
• Organizing the process
• Creating workable information security policies
• ROI and policies
• Baseline assessments

Phase II — Beyond the Basics: Real Life
After mastering the basics of creating an information security policy, what comes next? Translating theory and strategy into workable programs, procedures, and standards that can stand up to the constantly changing demands of the real world.
• Policies, procedures, and standards in a changing environment
• Creating the Security Policies and Procedures Manual (SPPM)
• Creating the Security Administrator Manual (SAM) requirements outline
• Applying the principles: creating policy teams, writing and testing the policies, standards, and procedures
• Management approval process

Phase III — Advanced Awareness Programs
Even the best-laid information security policy isn't worth the paper it's printed on if no one pays attention to it. Learn how to ensure your policies are implemented from top to bottom, throughout your organization.
• Awareness, training, and the difference between them
• Getting the word out
• Changing behavior
• Finding allies
• Monitoring and maintaining the program

Phase IV
•  Goals of Netcentric Operations
•  Identify the Components of a Basic SOA
•  Define Services Capable of Contributing to an SOA
•  Identify Communications Types of an SOA
•  Understanding How Users Interact With a SOA
•  Define a Security Business Model for SOA Development
•  Map Security Requirements to Specific Functions of an SOA
•  Develop a SOA SSAA and Appendixes

In-Class Exercises
Special explorations designed to give you hands-on experience with the information security tools you'll need to achieve your goals.
• Defining the enterprise environment
• Determining organizational policy needs
• Creating organizational policies
• Security policies, standards, and procedures in a changing environment
• Developing an Advanced Awareness Program

Integration Strategies
•  Information security roles and responsibilities
•  Logistics planning
•  Technology vs. process
•  Effective change management practices
•  Executing pilot programs and proofs-of-concept
•  Business process reengineering
•  Establishing the continual information security program

In-Class Exercises
• Defining the “enterprise” environment
• Establishing a case-study enterprise and performing a gap analysis
• Creating a complete information security program for the enterprise
• Creating a technology comparison matrix
• Designing & configuring an advanced security architecture to match your technology

Recommeded reading:

Module 1: Fundamental SOA & Service-Oriented Computing (Exam S90.01)

Module 2: SOA Technology Concepts (Exam S90.02)

Module 3: SOA Design & Architecture (Exam S90.03)

Module 4: SOA Project Delivery & Methodology (Exam S90.04)

Module 5: SOA Technology Lab (Exam S90.05)

Module 6: Advanced SOA Analysis & Modeling (Exam S90.06)

Module 7: SOA Analysis & Modeling Lab (Exam S90.07)

Module 8: Advanced SOA Design & Architecture (Exam S90.08)

Module 9: SOA Design & Architecture Lab (Exam S90.09)

Module 10: Advanced Web-Based Service Technology (Exam S90.10)

Module 13: Service Development with .NET & Windows Azure (Exam S90.13)

Module 14: Service Development Lab for .NET & Windows Azure (Exam S90.14)

Module 15: Fundamental SOA Governance (Exam S90.15)

Module 16: Advanced SOA Governance (Exam S90.16)

Module 17: SOA Governance Lab (Exam S90.17)

Module 18: Fundamental SOA Security (Exam S90.18)

Module 19: Advanced SOA Security (Exam S90.19)

Module 20: SOA Security Lab (Exam S90.20)