Preferred method of contact:

FAC-P/PM-IT: Security, Accessibility and Quality

COURSE TYPE

Intermediate

Course Number

U212

Duration

4 Days
Request Team Training

PDF Add to WishList

This course is right for anyone tasked with selecting, implementing and evaluating information system security controls. Mature frameworks and generally accepted practices aid in producing a strong, comprehensive security posture. This FAC-P/PM-IT course is helpful for federal agencies seeking FISMA compliance, but is beneficial anyone seeking a comprehensive Risk Management Framework.

Learning Tree’s FAC-P/PM-IT training has been fully verified by the Federal Acquisition Institute (FAI).

You Will Learn How To:

  • Protect information systems by ensuring availability, authentication, confidentiality and integrity
  • Evaluate system features and requirements, and recommend changes to improve information security
  • Develop information security plans to prevent information systems vulnerabilities
  • Apply system performance measures and other methods to assess the effectiveness of IT systems
  • Assist individuals with disabilities to use computer equipment and software

Course Outline

  • Introduction
  • Applying defense in depth: tools, techniques and people
  • Comprehending FISMA and OMB oversight
  • Assimilating Risk Management Framework Security Life Cycle
  • Risk Management Framework

Multi-tiered risk management

  • Organization: Strategic risk management
  • Mission/Business: Tactical approach to risk
  • Information Systems

Defining roles and responsibilities

  • Distinguishing hierarchy and key roles of risk management
  • Defining responsibilities assigned to specific roles
  • Separating roles and areas of responsibility

Phases of risk management

  • Categorizing information systems
  • Selecting security controls
  • Implementing security controls
  • Assessing security controls
  • Authorizing information systems
  • Monitoring security controls
  • Information Assurance

Introducing information assurance

  • Assuring security throughout the data life cycle
  • Integrating information assurance into software development
  • Building in “secure by design”
  • Implementing information assurance best practices
  • Ensuring component security

Penetration testing and vulnerability assessments

  • Validating security functions and configuration
  • Finding weaknesses within systems before the attacker does

Keeping current with information assurance

  • Full disclosure vs. responsible disclosure
  • Exploring vulnerability databases
  • Information Systems and Network Security

Modularization (the OSI 7 Layer Model)

  • Networking principles powering the Internet
  • Modeling a packet

Confidentiality, integrity and availability across the network

  • Encrypting for confidentiality
  • Sniffing the network and protocol analysis
  • Modifying data via man-in-the-middle attacks

Networking services and security

  • Poisoning the DNS cache
  • Incorporating core services including DHCP, ICMP and ARP
  • Hardening the TCP/IP stack
  • Authentication and Access Control

Authenticating users

  • Managing factors of authentication (something you know, have, or are)
  • Attacking passwords
  • Comprehending PKI and public key authentication systems
  • Evaluating the suitability of biometrics
  • Integrating multi-factor authentication

Authenticating hosts

  • Incorporating ARP, DHCP, DNS and protocol insecurities
  • Performing and detecting MAC and IP address spoofing
  • Achieving strong host authentication
  • Analyzing Kerberos and IPSec
  • Cryptography

Encrypting and exercising integrity functions

  • Caplitalizing on asymmetric or Public Key cryptography
  • Applying symmetric cryptography
  • Exercising message digest functions for integrity

Certificates and Certification Authorities

  • Clarifying PKI and certificate fields
  • Publishing certificate revocation and certificate security

Digital signatures

  • Digitally signing for strong authentication
  • Proving authentication, integrity and non-repudiation
  • Accessibility
  • Promoting open data policies
  • Removing barriers to enhance accessibility for people
  • Enabling IT accessibility
Show complete outline
Show Less

Exclusive Private Team Training Course

Enhance your team's effectiveness and boost productivity with this course, delivered privately to your organization or to any preferred location, including options for hybrid or all-virtual delivery via AnyWare.

This training course could be customized, and combined with other courses, to meet the specific needs of your team's training.

Preferred method of contact:

Attendee Benefits

After-Course Instructor Coaching
When you return to work, you are entitled to schedule a free coaching session with your instructor for help and guidance as you apply your new skills.

Free Course Exam
You can take your Learning Tree course exam on the last day of your course or online at any time after class and receive a Certificate of Achievement with the designation "Awarded with Distinction."

Prev
Next
}

- ,

Prev
Next
Chat Now

Please Choose a Language

Canada - English

Canada - Français