search menu icon-carat-right cmu-wordmark

Managing Enterprise Information Security: A Practical Approach for Achieving Defense-in-Depth

This three-day course begins with a brief review of the conceptual foundations of information security. Next, students will be introduced to the CERT Defense-in-Depth Framework: eight operationally focused and interdependent management components which will be synergistically applied to a fictitious organization's Information Technology (IT) enterprise (see "Topics" below). Through lectures, demonstrations, scenario-based exercises, small group activities, and open discussions, students will learn high-level best practices for effectively integrating each of these eight components into all aspects of IT operations. Further, the course scenario is used extensively to reinforce these best practices with technical information security implementations.

This course is designed for individuals charged with implementing information security throughout the IT enterprise. Therefore, this course is an ideal pursuit for IT and Security managers, and/or system administrators and IT security personnel who would like to step up to the management level.

Audience

Technical staff members who manage or support networked information systems and have

  • two years of practical experience with networked systems or equivalent training/education
  • some degree of specific familiarity with the ISO/OSI 7- layered reference model as well as Ethernet, TCP/IP, and major network operating systems such as Windows NT/2000/ XP and Unix

Objectives

Successful completion of this course will enable participants to

  • describe the CERT Defense-in-Depth framework and its components
  • holistically examine IT operations for IA threats and vulnerabilities
  • apply the framework to improve the overall security posture of IT operations

Topics

  • Foundations of Information Assurance
  • The CERT Defense-in-Depth Framework
  • Components of Defense-in-Depth
    • Compliance Management
    • Risk Management
    • Identity Management
    • Authorization Management
    • Accountability Management
    • Availability Management
    • Configuration Management
    • Incident Management

Materials

Participants will receive a course notebook and a downloadable copy of course materials.

Prerequisites

This course has no prerequisites.

Inquire About This Course

IMPORTANT NOTICE:

Carnegie Mellon University/Software Engineering Institute offices will be closed for winter break, December 22, 2018-January 1, 2019.  SEI course registrations received during this period will be confirmed and enrollment completed upon our return, on January 2, 2019.

Schedule

This three-day course meets at the following times:

Days 1 & 2: 9:00 a.m.-5:00 p.m.
Day 3: 9:00 a.m. - 2:30 p.m.

This course may be offered by special arrangement at customer sites. For details, please email course-info@sei.cmu.edu or telephone at +1 412-268-1817.




Course Questions?

Email: course-info@sei.cmu.edu
Phone: 412-268-7388
FAX: 412-268-7401

Related Courses

  • Information Security for Technical Staff

    5 - Day Course

    This five-day course is designed to provide participants with practical techniques for protecting the security of an organization's information assets and resources, beginning with concepts and proceeding on to technical implementations. The course focuses on understanding and applying the concept of survivability through the effective management...

    Learn More

Training courses provided by the SEI are not academic courses for academic credit toward a degree. Any certificates provided are evidence of the completion of the courses and are not official academic credentials. For more information about SEI training courses, see Registration Terms and Conditions and Confidentiality of Course Records.