Visão Geral
Esta formação ensinará aos participantes os principais requisitos e conceitos de segurança da informação no âmbito da concepção e arquitetura. Após a conclusão deste curso, os alunos poderão exibir as suas competências e conhecimentos através de uma variedade de modelos e cenários. Esta formação ajudará os estudantes a passar com êxito o Exame CISSP-ISSAP. Os estudantes compreenderão os riscos para as redes de comunicações através de dados, multimídia e voz.
Conteúdo Programatico
Architect for Governance, Compliance and Risk Management
- Determine legal, regulatory, organizational and industry requirements
- Manage Risk
Security Architecture Modeling
- Identify security architecture approach
- Verify and validate design (e.g., Functional Acceptance Testing (FAT), regression)
Infrastructure Security Architecture
- Develop infrastructure security requirements
- Design defense-in-depth architecture
- Secure shared services (e.g., wireless, e-mail, Voice over Internet Protocol (VoIP), Unified Communications (UC), Domain Name System (DNS), Network Time Protocol (NTP))
- Integrate technical security controls
- Design and integrate infrastructure monitoring
- Design infrastructure cryptographic solutions
- Design secure network and communication infrastructure (e.g., Virtual Private Network (VPN), Internet Protocol Security (IPsec), Transport Layer Security (TLS))
- Evaluate physical and environmental security requirements
- Map physical security requirements to organizational needs (e.g., perimeter protection and internal zoning, fire suppression)
- Validate physical security controls
Identity and Access Management (IAM) Architecture
- Design identity management and lifecycle
- Design access control management and lifecycle
- Design identity and access solutions
Architect for Application Security
- Integrate Software Development Life Cycle (SDLC) with application security architecture (e.g., Requirements Traceability Matrix (RTM), security architecture documentation, secure coding)
- Determine application security capability requirements and strategy (e.g., open source, Cloud Service Providers (CSP), Software as a Service (SaaS)/Infrastructure as a Service (IaaS)/ Platform as a Service (PaaS) environments)
- Identify common proactive controls for applications (e.g., Open Web Application Security Project (OWASP)
Security Operations Architecture
- Gather security operations requirements (e.g., legal, compliance, organizational, and business requirements)
- Design information security monitoring (e.g., Security Information and Event Management (SIEM), insider threat, threat intelligence, user behavior analytics, Incident Response (IR) procedures)
- Design Business Continuity (BC) and resiliency solutions
- Validate Business Continuity Plan (BCP)/Disaster Recovery Plan (DRP) architecture
- Design Incident Response (IR) management