ESM Course Information - Objectives
There are 11 exams covering these topics and objectives, a final exam and a hands-on performance final. Upon completion of these modules, students will be able to perform tasks related to:
- Contingency Planning: : In this topic, you will take a look at various types of disasters that can befall an organization and put it out of business—unless the organization has implemented some form of business continuity planning. You will look at how such plans can be developed and tested.
- Identify disaster types, examine issues relate to contingency planning, and consider the role of security policies as part of an overall contingency planning strategy.
- Analyze contingency planning goals, and review the testing of such plans.
- Study the effect of electrical power loss for networks and the backup planning required to prevent such events.
- Examine data-backup strategies for various operating systems and perform tasks related to backups.
- Performing a Risk Analysis: In this topic, you will be introduced to the concepts and issues surrounding one of the more debated areas of security – Risk Analysis. You will see different methods of risk analysis, different standards, and different techniques to minimize risk. All of these issues, concepts, and techniques lead up to the same goal, to perform a risk analysis.
- Define the concepts of risk analysis.
- Examine the methods of risk analysis.
- Describe the process of risk analysis.
- Describe the techniques available to minimize risk.
- Examine the principles of performing a continuous risk assessment.
- Creating a Security Policy: In this topic, you will examine the concepts of security policies and their implementation. You will be introduced to different methods of policy creation and implementation, and you will create a policy document. You will also examine the methods of security response and how response is related to policy.
- Describe the concepts of security policies.
- Examine the standards of security policy design.
- Describe the individual policies in a security policy.
- Examine a detailed, complete policy template.
- Describe the policy procedures for incident handling and escalation.
- Define the common procedures for strategic partner connections in a security policy.
- Create a scenario-based security policy document.
- Certification and Accreditation: In this topic, you will examine the certification and accreditation process of information systems as outlined for the federal government. You will study in detail the four phases of the process used and the duties and responsibilities of the key participants. You will also explore applications of the certification and accreditation process for non-government organizations.
- Examine and understand the background information for the Certification and Accreditation Process.
- Identify the laws and regulations governing the Certification and Accreditation Process.
- List the phases of the Certification and Accreditation Process and give a definition for each of those phases and their associated activities and tasks.
- List and define the roles and responsibilities of the individuals involved in the Certification and Accreditation Process.
- Understand the System Security Authorization Agreement (SSAA) and practice using tools and templates used in the Certification and Accreditation process.
- Examine the NIST Special Publication 800-37 “Guide for the Security Certification and Accreditation of Federal Information Systems”. Compare the NIST SP 800-37 methodology to the DITSCAP and DIACAP processes and identify the differences.
- Introduction to Trusted Networks: In this topic, you will be introduced to the fundamental concepts of building trusted networks and the Public Key Infrastructure.
- Define the need to develop trusted networks.
- Identify the function of both authentication and identification.
- Examine the components of a Public Key Infrastructure (PKI).
- Identify the applications of PKI.
- Cryptography and Data Security: In this topic, you will be introduced to the concepts of cryptography and its function in data security. You will examine how cryptography has evolved, encryption and decryption systems, private key and public key algorithms, and key lengths.
- Describe the history of cryptography.
- Describe the function of math in cryptography.
- Describe the process of private key cryptography.
- Describe the process of public key cryptography.
- Identify the function of message authentication.
- Law and Legislation: In this topic, you will be introduced to the common laws and pertinent legislation regarding information security, computing, and network technologies. You will be exposed to laws and legislation, and although the concepts in this topic are global, every state and/or country has different laws and regulations; those in this topic are primarily from the United States regarding security, computers, and network technologies.
- Examine the concepts of intellectual properties.
- Identify the primary categories of law.
- Examine the process of handling evidence for a trail.
- Examine computer-related laws and legislation.
- Biometrics "Who You Are": In this topic, you will examine the process of biometrics, their accuracy, and their application. You will determine the characteristics of common biometrics, and examine methods of compromising biometric systems.
- Describe the core concepts of biometrics.
- Examine the accuracy of biometrics.
- Identify applications of biometrics.
- Implement and examine fingerprint scanning.
- Examine facial scanning.
- Implement and examine iris and retinal scanning.
- Implement and examine vocal scanning.
- Examine uncommon biometrics.
- Examine methods of compromising biometrics.
- Strong Authentication: In this topic, you will learn about strong authentication. You will step through examples of authentication solutions, such as tokens and biometrics.
- Describe strong authentication.
- Examine authentication tokens.
- Implement an authentication token system.
- Examine smart cards.
- Digital Certificates: In this topic, you will examine various ways we establish our identity in the real world, examine an important document recognized internationally, review various tamper-proofing methods and mechanisms for such documents, and look at the electronic equivalents for such documents.
- Examine the various ways that identities are established in the world.
- Examine the role of an authority that thoroughly examines applications and then issues some form of identity document, such as a certificate.
- Examine issues surrounding the protection of the sanctity of a Certificate Authority.
- Distinguish between the purposes of certificates issued in the physical world versus the digital world.
- Examine key standards specified for digital certificates.
- Examine the X.509 authentication standard as defined by the ITU and the information contained in an X.509 certificate.
- Perform a case study of one of the leading Certification Authorities.
- Digital Signatures: In this topic, you will work with message digest and symmetric-key encryption algorithms to define the structure of digital signatures.
- Compare digital signatures with real world signatures.
- Examine the features of digital signatures and their requirements for use in e-commerce.
- Describe how digital signatures function.
- Examine the various types and emerging standards for digital signatures.
- Examine the digital signature applications and protocols used.