Cyber Security - Quantification and Countermeasures
Course Description. This course introduces the participant to the topic of cyber security. It presents today's most critical cyber security vulnerabilities related to data center infrastructure, computer applications and electronic information, as well as principles for identifying and securing such vulnerabilities. The course also introduces best practices for designing application security during the Software Development Life-Cycle.
Topics covered
General Information
Quantifiable Computer Security
Trusted Computer System Evaluation Criteria (TCSEC)
how it applies to network, database, storage, JEE applications, Cloud Computing and the Semantic Web
Internet Security Model
Adjudication and Underwriting
Course Objectives
Upon completion of this course the participant will be able to:
describe discretionary access control.
describe mandatory access control.
given a system will quantify the security level.
identify vulnerabilities in a given system.
secure an operating system.
secure a database.
secure a network.
describe the difference between one-way SSL and two-way SSL.
General Security
W3C Information security assurance
Discretionary Access Control
Mandatory Access Control
Auditing
Identity assertions
Trust and provability
Application security
Aspect-Oriented Programming (AOP)
how interceptors affect security
JEE security
JAAS
SAML
Firewall and router IEEE standards
TCP wrappers
Encryption
Asymmetric/Symmetric
Performance
SSL (Secure Sockets Layer) – a model that works
2-way SSL
Adjudication
Attacks and Threats
Denial of Service (Dos) attacks
Firewall and router penetration
Spoofing
Repudiation
Course Prerequisites, Co-requisites, and/or Other Restrictions
Working knowledge of a programming language.. The class time is roughly 30% lab. Participants receive all class materials via the Internet. Attendees may be in class or via the Internet.