Training and Education Services |
|---|
Education Services
Any successful security initiative requires a high level of knowledge and capabilities. Our goal is to help develop this knowledge internally through training and knowledge transfer. These classes may be provided as part if the implementation and after.
Three Classes are available:
- InterSOC Operations Training
- Security Operations Center (SOC) Training
- Secure Application Development
InterSOC Operations Training Course Description
The InterSOC training course is a (2) two day course designed to educate administrators how to manage and monitor security threats using InterSOC. This course was designed to be highly interactive and is tailored to empower InterSOC management personnel with the tools and knowledge of effective security management.
Who Should Take This Course?
This course is designed for security administrators, SOC personnel, and managers that have responsibility over InterSOC and the security infrastructure.
Course Objectives
- Identify and understand real world Security Threats using InterSOC
- Apply security methods of security monitoring
- Understand compliance including due-diligence and necessary procedure for effective security management
- Learn to utilize InterSOC to achieve effective SOC Metrics
- Learn to apply assessment and risk analysis
- Learn to apply and develop threat case profiling
- Learn how to apply processes and procedures around incident management
Key Topics
1. Reporting features
- Time Frame Selection
- Details pane
- Export of data to Excel and graphs to jpg
- Drill Down and Cross Drilling
- Filter Creation and Saving
2. Dashboards
Dashboard creation and saving
- Refresh options
- Typical SOC Setup, identifying popular reports for monitoring view and "watch" creation
3. User Management
- Company/Division Planning
- Account Creation and management
- Understanding InterSOC Roles vs Business Role
4. Incident Management
- Incident Creation
- User Assignment
- Incident Escalation
- Linking Data Events to an incident
- Measuring response time
5. Alert Signature Configuration
- Alert mail definition
- Throttle Configuration
- Signature Creation
6. Discard Signature Configuration
7. Assessment Policy Creation
8. Assessment Job Configuration
- Understanding Agent Load Balancing
- Recurring Job Scheduling
9. Analysis (Threat Modeling)
- Threat Model Creation
- Threat Model Testing
- Using Security Attributes to make effective threat models
Security Operation Center (SOC) Operations Training
Course Description
The SOC training course is a (2) two day course designed to educate security operation center personnel how to manage, monitor and respond to security threats. This course was designed to be highly interactive and is tailored to enable and kick-start personnel responsible for effective security operations.
Who Should Take This Course?
This course is designed for security administrators, SOC personnel, and managers that have responsibility over the security infrastructure.
Course Objectives
- Understand real world Security Threats
- Understand security methods of security monitoring
- Understand compliance including due-diligence and necessary procedure for effective security management
- Learn effective SOC Metrics
- Learn fundamentals of Assessment and risk analysis
- Learn fundamentals of threat case profiling
- Learn about processes and procedures around incident management
Key Topics
1. Operational Security Policy
- Understanding the necessary requirements and organizational goals of operational security.
- Setting standards that both are practical and meet compliances regarding the security lifecycle and ongoing security management.
2. Security Monitoring and Analysis
- Understanding IDS data and Signature Analysis
- Understanding anomaly detection
- Defining and recognizing an "incident" from "data"
- Identifying and preparing an activity "Watch"
- IDS Data Analysis Techniques
- Corroboration Policy and Strategy
- Effective Reporting and Monitoring for each type of data
- Effective Dash-boarding for an Operations Center
- Recognizing bypass and clandestine techniques
- Alert Policy and Configuration
- Availability Monitoring
3. Assessment & Fix Management
- Measuring Security Posture and Assessment
- Techniques for dealing with "unfixable" apps and servers
- Risk Analysis - Determining the actual "threat" to a considered vulnerability
- Prioritizing Fix Management
4. Incident Response and Escalation
- Metrics of Severity - Identifying the dimensions an incident must be measured in determining escalation
- Incident Response Knowledge base building
- Establishing Incident response policy
- Understanding research and investigative techniques
- Appropriate response actions
- Incident Response Policy Planning
5. Security Operation Metrics
- Understanding C-Level Security Operation Metrics
- Metrics and Reports for measuring the intangible "security performance"
- Reports and Graphs that must be provided to upper management regularly concerning security posture and threat
- Reports and Graphs related to compliance
Course: Secure Application Development
Course Description
The secure development course is a (3) three day course designed to educate development staff and management about application security and how it relates to their application architecture, designs, and techniques. This course was designed to be highly interactive and is tailored to meet the needs of participants regardless of language and platform.
This course includes exercises where management and developers address how security must be carried between architectural points and the importance of each of their roles. While including focus on how to write secure code, the course also teaches developers, managers, and auditors how to identify existing vulnerabilities, the business impact of vulnerabilities, as well as solutions to secure them.
The course also covers the security models of operating systems and equips developers with the knowledge to extend these models into real world applications. For architects, the program covers web and distributed security architectures and technologies for secure business development. For managers and architects, this course covers methods of evaluating vendor technologies and integration issues as they relate to security.
Who Should take this course?
This course is designed for software developers, web developers, system architects, application owners, and managers that have responsibility over any application or web development efforts, or have a internally developed applications.
Course Fee: $2695
Course Prerequisites
Programming skills, although beneficial, are not required
Course Objectives
Understand Security Models and how to extend them
Learn to recognize programming fallacies and their security impact
Learn to evaluate and design distributed architectures
Learn fundamentals of code auditing and architectural risk assessment
Learn to evaluate vendor technologies and integration issues
Key Topics
- Web Security Architectures
- Application Fallacies and Exploits
- Understanding Buffer Overflows
- Countermeasures and Practical Solutions
- Contrasting Security Models
- Understanding the Security Infrastructure
- Application Auditing Methodologies
- Security Segmentation
