|
Security and Audit-Related Courses |
Peter
Davis+Associates is pleased to offer these audit and
security courses. We can develop and customize a course for your organization. Call
for more information. You can schedule an in-house course by contacting PDA at 416-907-4041 or by using the
contact link and sending a message for more information.
COBIT® Exam PrepSeminar Focus and Features
You will learn about IT governance issues that are affecting organizations globally and how COBIT® (Control Objectives for Information and Related Technology) addresses this need with a globally accepted IT control and governance framework. You will learn about the major components of an IT governance and management framework. You will learn how to identify the most important actions for management in achieving control over the IT processes; to define target levels of performance; and to measure whether an IT control process is meeting its objective. The objective of this session is to learn a methodology, using COBIT, for implementing and improving IT governance. Who Should AttendCFO; CIO; IT Managers; IT Auditors; Information Security Managers and Analysts; and Systems Administrators; and Information Technology professionals. What You Will Learn1. Understanding Governance
2. COBIT Framework
3. Summary
InstructorPeter T. Davis [Back to top] [To schedule course] Implementing IT Governance using COBIT, ITIL, ISO 27002 and Six SigmaSeminar Focus and FeaturesThis two-day seminar is designed to provide professionals with the information they need to effectively manage businesses processes and information systems. The seminar helps you to understand Enterprise and IT governance and the major frameworks and standards. You will learn about COSO, SOX, COBIT, ITIL, ISO27002, IT BSC, PMBOK and Six Sigma. It presents a practical approach for developing effective systems for organizations of any size. You will learn about the major components of an IT governance and management framework. You will learn how to identify the most important actions for management in achieving control over the IT processes; to define target levels of performance; and to measure whether an IT control process is meeting its objective. The objective of this session is to learn a methodology, using COBIT, for implementing and improving IT governance. Who Should AttendIS Auditors; Operational Auditors with a technical background; Network Administrators; Technical Support personnel; Consultants; and others responsible for security and controls associated with wired and wireless connections. What You Will Learn1. Understanding Governance
2. COBIT Framework
3. ITIL Framework
4. ISO 27002
4. Six Sigma
InstructorPeter T. Davis [Back to top] [To schedule course] Wireless LAN Security and AuditSeminar Focus and FeaturesThis two-day seminar is designed to provide professionals with the information and tools they need to protect their wireless local area networks (WLAN). The seminar helps you to understand WLAN threats. It presents a practical framework for developing effective WLAN security and audit programs for organizations of any size. Throughout this seminar, you will see demonstrations and samples of useful resources, services, hacker tricks, security tools, and audit techniques. You will cover security issues associated with the different wireless LAN infrastructure devices and the potential for undermining existing network infrastructure security. You will learn how to protect your organization from these vulnerabilities and exploits. In addition, you will learn how to evaluate built-in and add-on safeguards for WLANs: wired equivalent privacy (WEP), server set identifiers (SSIDs), authentication and association, cell sizing, multipathing, hidden node, near/far, and interference. Finally, you will learn how to define effective policies for the safe use of WLANs. Who Should AttendCFO; CIO; IT Managers; IT Auditors; Information Security Managers and Analysts; and Systems Administrators; and Information Technology professionals. IS Auditors; Operational Auditors with a technical background; Network Administrators; Technical Support personnel; Consultants; and others responsible for security and controls associated with wired and wireless connections. What You Will Learn1. Introducing Wireless Technology
2. Understanding RF Communications
3. Understanding WLAN Components
4. Understanding Wireless Security Weaknesses
5. Understanding Wireless Security Controls
6. Testing Your Wireless LAN
7. Developing a Security Action Plan
InstructorPeter T. Davis [Back to top] [To schedule course] Auditing Internet SecuritySeminar Focus and FeaturesIn this unique and timely seminar you will learn a systematic approach to auditing the major pressure points associated with your organization's connection to and use of the Internet. The audit tools and techniques you master here will equip you with the know-how you need to detect internal and external vulnerabilities in the Internet interface, ranging from improperly configured Unix and non-Unix TCP/IP hosts to weaknesses in flawed firewall configurations. You will examine the pros and cons of different Internet connections and learn proven techniques for bolstering their security. Organizations that view firewalls as their last line of Internet defense may still remain vulnerable to hacker attacks. You will leave this make-a-difference session with a tested game plan for identifying those vulnerabilities and for ensuring your organization's Internet connections are safe. Because of the technical nature of this course, attendees should have attended, The Security and Audit Practitioner's Guide to Cruising the Internet Securely or have equivalent Internet and TCP/IP knowledge. Who Should AttendIS Auditors; Operational Auditors with a technical background; Network Administrators; Technical Support personnel; Consultants; and others responsible for security and controls associated with Internet connections. What You Will Learn1. Measuring the Effectiveness of Your Organization's Internet Policies
2. Testing Your Network Security Through Penetration Audits and Other Hacker Simulations
3. Auditing Network Perimeter Security
4. Auditing Multi-User Network Unix Host Security
5. Auditing Non-Unix Servers and PC Desktop Workstations in a TCP/IP Network
InstructorPeter T. Davis [Back to top] [To schedule course] Building an Information Security Awareness ProgramSeminar Focus and FeaturesIn this two-day seminar you will go step-by-step through the design and implementation of a security awareness plan geared specifically to the new distributed computing environment. You will learn how to conduct a self-audit of your current security awareness program to determine if it is keeping pace with the new technologies in your organization. You will master proven techniques for raising the organization's collective consciousness about security and controls, and learn how to implement motivational strategies that make awareness effective. Who Should AttendNewly appointed Information Security Managers; other Information Security professionals who want to evaluate or update their current programs; System and Network Administrators; and others responsible for promoting security awareness. What You Will Learn1. A Self-Audit of Your Awareness Plan
2. Getting Management's Attention... and Commitment
3. Awareness Program Goals
4. Getting Started
5. Identifying the Awareness Tools That Work Best for Your Organization 6. Monitoring the Success of Your Program InstructorPeter T. Davis [Back to top] [To schedule course] Security and Audit of UNIXSeminar Focus and FeaturesUNIX developers never designed it as a secure system, this is evidenced by the very fact that UNIX frequently comes with its security features off by default. Since your vendor does not automatically enable all the security features at installation, you may find yourself vulnerable to a wide variety of threats. In this hands-on, three-day seminar you will go through the steps you need to take to analyze the security of an existing UNIX server. You will identify the weaknesses in UNIX-based operating systems and find out how to detect and prevent unauthorized access. You will learn how to evaluate user controls, examine standard system logs, analyze the effect of file and directory permissions, search for special files that allow users extended capabilities, and evaluate the risks of system processes. Finally, you will discover how to review UNIX network control files and evaluate the risks of selected common network services. Throughout this three-day interactive seminar you will participate in hands-on exercises that will reinforce what you learn with actual evidence you can evaluate to determine risk. You will return to your office with the know-how to set up, manage, and maintain an enforceable UNIX security policy, and with an audit approach for securing UNIX-based operating systems. Who Should AttendNewly appointed Information Security Managers; other Information Security professionals who want to evaluate or update their current programs; System and Network Administrators; and others responsible for promoting security awareness. What You Will Learn 1. UNIX Basics
2. UNIX Security Features
3. UNIX File Systems
4. Monitoring Access and Use
5. System Started Processes
6. UNIX Networking
7. File Transfer Services
8. Remote Access Services
9. Other Common Services
10. UNIX Audit and Security Techniques
InstructorPeter T. Davis [Back to top] [To schedule course] Security and Audit of Windows NTSeminar Focus and FeaturesIn this hands-on, three-day seminar you will learn user and group administration, user rights and privileges, and the relationships of local and global groups. You will create a number of functional users and groups, execute their proper relationships, and then create resources and control user access to them via permissions. You will implement auditing on your domain and learn how to safeguard the event log. You will discover how to edit the NT Registry safely in order to address existing vulnerabilities, and learn how to implement automated NT security System Policies with Security Configuration Manager. Who Should AttendIS Auditors; Operational Auditors with a technical background; Network Administrators; Technical Support personnel; Consultants; and others responsible for security and controls associated with Internet connections. What You Will Learn 1. Windows NT Basics
2. Domains and Trust Relationships
3. NT Authority
4. User Logon Control
5. Groups
6. Resource Access Controls
7. Network Access to Resources
8. NT Auditing
9. Remote Access Service
10. Windows NT Audit and Security Techniques
InstructorPeter T. Davis [Back to top] [To schedule course] Information Security Kick Start for LawyersSeminar Focus and FeaturesThis two-day seminar is designed to provide attorneys, executives, investigators and other interested professionals a general understanding of the legal risks and obligations of deploying and managing IT assets. The seminar helps you to understand threats to your organization. You will learn how to protect your organization from these vulnerabilities and exploits. Learn about the legal obligations relating to the use of IT assets in a heavily networked world. You will learn about civil and criminal remedies when things go wrong. Also, you will learn how to classify your data and resources based on legal requirements or consequences. Finally, you will learn how privacy, incident response, and downstream liability all play a part in surviving a breach of the confidentiality, integrity or availability of your infrastructure. Who Should AttendSenior executives; in-house legal counsel; practicing attorneys; provincial and federal crown attorneys; investigators; managers responsible for deploying, designing and supporting B2B and B2C infrastructures; information security managers; corporate and physical security practitioners in industry and government; new information technology professionals; application developers and IT auditors. What You Will Learn1. Information Security Concepts
2. Performing a High-Level Risk Analysis
3. Creating a Strong Foundation Through Policy
4. Detecting Computer Crime, Accidents, and Errors
5. Legislation and Standards
6. Computer Security Trends
InstructorPeter T. Davis [Back to top] [To schedule course] Deploying Intrusion Detection SystemsSeminar Focus and FeaturesYou do not create a good security program by buying a point product such as a firewall. You build a good security program by developing administrative and management processes. Tools provide the data to the process, but you must analyze the data to gather information about your security. In this timely session, you will learn about an effective tool to help manage your security processes—intrusion detection systems. These systems are the latest and most powerful tools for identifying and responding to network-and host-based intrusions.At the end of this hands-on course, you will understand the who, what, where, how and why of IDS. You learn to design, configure and deploy an IDS and analyze your current network security risks. You will learn how to:
Throughout this course, you gain extensive hands-on experience using IDS to identify and respond to intruder attacks. Labs, performed under the guidance of an expert instructor, include:
Who Should AttendThis course is valuable for those involved in maintaining network and system security: including Information Security Officers, Managers, Staff and Analysts; Network Administrators and Engineers; Consultants; Technology Planners; IT Managers and Auditors. You should have a working knowledge of TCP/IP protocols and their security implications. What You Will Learn1. The Role of an IDS
2. Determining Points of Attack
3. Mapping out the Territory
4. Detecting Probes and Scans with an IDS
5. How Buffer Overruns are Crafted
6. Detecting Denial of Service (DoS) Attacks
7. Protecting Against Misuse of Protocol Analyzers
8. Analyzing Specific Attacks
9. Selecting a Credentialed IDS
10. Selecting a Non-Credentialed IDS
11. Host-Based IDS
12. Network-Based IDS
13. Application-Based IDS
14. Target-Based IDS
15. Monitoring Traffic at the Network Border
16. Sensor Network Architecture
17. Analysis Issues
18. Automating Responses
19. New Directions in IDS
InstructorPeter T. Davis [Back to top] [To schedule course] Ethical Hacking for AuditorsSeminar Focus and FeaturesThis intensive, one-day seminar provides answers to organizations considering ethical hacks on their systems. As they say in football and war: the best defence is a good offence. This seminar takes over where other network security courses leave off. You will learn a repeatable and documentable methodology for ethical hacking and about the commercial and freely available software used by grey and white hat hackers. You will see how to assess and measure treats to your information assets to discover where your organization is at risk. You will learn about the wealth of resources available to protect your networks and servers. Throughout the seminar, demonstrations will highlight techniques and tools. You will find this fast-paced seminar packed with information on planning, performing and documenting your ethical hack. Who Should AttendIT Auditors and Managers, Information Security Managers, Analysts and Administrators; Web, LAN and Network Administrators; Information Technology Planners and Strategists. What You Will Learn1. Ethical Hacking Background
2. Planning and Preparation
3. Social Engineering
4. Foot Printing
5. Ping Sweeps
6. TCP Background
7. Port Scanning
8. War Dialing
9. Enumeration
10. Password Cracking
11. Linux Hacking
12. NetWare Hacking
13. Windows Hacking
14. Sniffers
15. Hacking Applications
16. Hacking Wireless
InstructorPeter T. Davis [Back to top] [To schedule course] CobiT and IT GovernanceSeminar Focus and FeaturesThis two-day seminar is designed to provide professionals with the information they need to effectively manage businesses processes and information systems. The seminar helps you to understand controls, CobiT and its implementation. It presents a practical framework for developing effective systems for organizations of any size. You will learn how to implement an IT governance and management framework using CobiT. You will learn how to identify the most important actions for management in achieving control over the IT processes; to define target levels of performance; and to measure whether an IT control process is meeting its objective. The objective of this session is to learn a methodology, using CobiT, for implementing and improving IT governance. Who Should AttendCFO; CIO; IT Managers; IT Auditors; Information Security Managers and Analysts; and Systems Administrators; and Information Technology professionals. What You Will Learn1. Understanding Governance
2. Management Guidelines 3. Starting Out 4. The Tools InstructorPeter T. Davis [Back to top] [To schedule course] Implementing SOX Using COSOSeminar Focus and FeaturesThis one-day seminar is designed to provide professionals with the information they need to effectively manage businesses processes and implement an integrated control framework. The seminar helps you to understand controls, COSO and its implementation. It presents a practical framework for compliance, operational and financial reporting for organizations of any size. You will learn how to implement a governance and management framework using COSO. The objective of this session is to learn a methodology, using COSO, for implementing and improving governance. You will also learn how the Sarbanes-Oxley Act affects entities covered by the U.S. securities laws. Sarbanes-Oxley affects their internal control systems, their corporate governance systems, their financial reporting, their independent auditors, attorneys, financial analysts, and others. The course includes a discussion of the relation of COSO and the Sarbanes-Oxley Act of 2002. The SEC has stated that COSO is—at this time—the only recognized criteria for evaluating the internal control system for compliance with Sarbanes-Oxley. Who Should AttendCFO; CIO; CRO; Accounting Managers and staff; Financial, Operational, and IT Auditors; and anyone concerned with corporate governance. What You Will Learn1. Understanding Governance
2. Control Objectives
3. Starting Out
InstructorPeter T. Davis [Back to top] [To schedule course] VoIP Security and AuditSeminar Focus and FeaturesThis one-day seminar is designed to provide professionals with the information and tools they need to protect their voice over internet protocol (VoIP) networks and traffic. The seminar helps you to understand VoIP threats. It presents a practical framework for developing effective VoIP security and audit programs for organizations of any size. Throughout this seminar, you will see demonstrations and samples of useful resources, services, hacker tricks, security tools, and audit techniques. You will cover security issues associated with the different infrastructure devices. You will learn how to protect your organization from these vulnerabilities and exploits. In addition, you will learn how to evaluate built-in and add-on safeguards for VoIP. Finally, you will learn how to define effective policies for the safe use of VoIP. Who Should AttendIT Auditors; IT security professionals; telecommunications staff; and anyone concerned with VoIP. What You Will Learn1. Introducing VoIP Technology
2. Understanding TCP/IP
3. Understanding Call Control
4. Understanding QoS networking protocols
5. Understanding Voice Encoding Standards
6. VoIP QoS Issues
7. VoIP Security Issues
8. Understanding VoIP Security Controls
9. Testing Your VoIP Security
InstructorPeter T. Davis [Back to top] [To schedule course] To schedule a coursePhone
Fax
|