Skip to main content

CERBERUS ISC INC.

Information Security Consulting
Site Map
Home
Our President
News
Partners
About Us
Seminars
Course Offerings
Course Descriptions Mgmt
Course Descriptions Tech
Resources
Security Books
Contact Us
Our Travel Photos

Mgmt100: Introduction to Information Security

Description: This two-day workshop will provide attendees with an overview of information security specifically designed for anyone new to the field. Geared to the new IT auditor, Security Manager or anyone thrust into this exciting area, it provides a comprehensive perspective, touching on all aspects of security and providing a sound basis for understanding what is involved in IT Security today.

The course will ensure that you gain an understanding and become conversational in the terminology of the security world. The seminar will focus on both technology and management practices, ensuring that you are aware of the full complement of elements necessary for a good security program.

Audience: This seminar is intended for managers, supervisors and anyone new to the field of Information Security.


Prerequisites: An interest in the field of information security.


Objectives: After completing this seminar, participants will be able to:

·Recognize the importance of security in any business

·Learn to manage a security program with appropriateemphasis

·Understand critical areas that are often ignored

·Describe the threats involved in inaccurate or inappropriate security decisions

·Understand the tools and techniques available to implement security

·Know accepted standards like ISO 27002 and CobiT

·Ensure an adequate understanding of the technical elements involved in order to direct and manage staff


Course Outline:

·Policies, Standards and Procedures

·Security Architecture/Model/Strategy

·Training and Security Awareness

·The Security Organization

·Understanding Cobit, ISO27002 and others

·Understanding and Using effective Risk Management

·Ethics and Investigations

·Physical Security

·Disaster Recovery and Business Continuity Planning

·Security Monitoring and Reports

·Network Security

·Access Controls and Operating Systems

·Database Security Controls

·Encryption

·Network Penetration, issues and controls



Lewis’ seminar will draw upon his book including Computer Security for Dummies and his almost 30 years of experience in the areas of information security in both industry and consulting as well as his expertise in leading seminars around the world for over 20 years.

 

Mgmt200: Introduction to Auditing Firewalls

Description: In this one-day seminar we provide an understanding of the concepts of firewall technology, the different types of firewalls and the key components of effective firewall architectures. This seminar will also provide you with a checklist that you can use for performing an actual audit of your firewall implementation. You will learn what a firewall consists of: its components, architecture, strengths and potential risks. Understanding how they work, what the major pieces consist of and how you can assess the implementation options and security parameters is a key focus of this seminar.

The course will ensure that you gain an understanding and become conversational in the terminology and concepts of a firewall. The seminar will focus on both the technology and the management practices, ensuring that you are able to discuss this topic with your peers or perform a high level audit.

Audience: This seminar is intended for managers, supervisors and new auditors.


Prerequisites: No prerequisites for this seminar though a basic understanding of network terminology would be helpful.


Objectives: After completing this seminar, participants will be able to:

·Recognize the importance of the firewall

·Learn to assess the appropriateness of the architecture in use

·Understand the different types of firewalls

·Describe the threats the firewall mitigates

·Understand the tools and techniques available to perform an audit


Course Outline:

·Understanding Firewall Concepts

·Recognizing the Different Architectures

·Evaluation Criteria for Comparing Firewalls

·An Effective Audit Approach

Lewis’ seminar will draw upon his almost 30 years of experience in the areas of information security in both industry and consulting as well as his expertise in leading seminars around the world for over 20 years.

 

Mgmt300: Introduction to Directory Services

Description: This half-day seminar introduces the attendee to the concept of directory services and leads you through the primary functions of this service. A good directory service allows you to easily manage your network resources and in this session you’ll learn how they accomplish that goal.

You’ll also learn about various implementations of such directories such as Novell’s NDS and Microsoft’s Active Directory. You’ll leave the session with a solid understanding of what directory services are, where they are used, and how they benefit your organization.

Audience: This seminar is intended for managers, supervisors, auditors and security personnel.


Prerequisites: No prerequisites for this seminar.


Objectives: After completing this seminar, participants will be able to:

·Discuss the history of the directory service

·Learn to assess the appropriateness of a directory

·Understand the different types of directories available

·Describe the components of a good directory service

·Understand where such a tool should exist in their organization


Course Outline:

·Understanding the name space, trees and nesting

·Recognizing the different directories

·Learning about the different protocols like LDAP (Lightweight Directory Access Protocol)

·Know how Microsoft’s AD is structured

·Looking for gaps where a directory would make sense



Lewis’ seminar will draw upon his almost 30 years of experience in the areas of information security in both industry and consulting as well as his expertise in leading seminars around the world for over 20 years.

Mgmt400: Introduction to Cloud Computing

 

Description: Cloud computing is the latest arena in our battle for effective governance of corporate data and resources. This two day session helps explain what cloud computing is and how it might impact your organization should the decision be made to utilize this service.  Understanding the types of service available and the risks involved is critical to ensuring adequate controls are in place. This seminar guides the attendee through a number of key areas enabling them to leverage their newly gained understanding into a solid understanding of Cloud Computing and an effective control program.

 

Audience: This session is of interest to auditors, IT managers, security staff, consultants and anyone interested in learning about this latest approach to Information Technology.

Prerequisites: There are no prerequisites for this session.

Objectives

  1. Understand the various cloud delivery models

  2. Recognize the key elements of Cloud Computing

  3. Know the various risks to using Cloud Computing

  4. Review key controls and how or when they differ

  5. Determine which infrastructure best suits your enterprise strategy

  6. Ascertain the possible benefits of using the cloud

  7. Explore sound security techniques for protecting information in the cloud

  8. Prepare a prescribed approach to ensuring security

Course Outline: In this informative and lively one or two day session we will explore the growing use of a new approach to computing called Cloud Computing.  Should it be used? What are the vendors really offering? Is there more benefit than risk? And finally, is your business ready for it?

The session begins with an overview of cloud computing and the various models in use. You will learn all about PaaS,  SaaS and IaaS (Platform/Software/Infrastructure as a Service) and how they differ. The audience will be encouraged to share their experiences and theorize on the future of this latest computing path.  Following the overview, the session quickly moves into the architectures in use and their pros and cons. You’ll learn to determine the risks involved and will be encouraged to weigh in on the potential dangers. Once risks are described and analyzed using key risk management techniques, effective controls are considered and here the session shows a variety of mechanisms you can use to help ensure security and control in the cloud.

Underscoring it all is the knowledge that organizations need to be ever more vigilant as their data moves farther afield. As we progress through the key controls, special emphasis will be placed on understanding each control within the context of the cloud. Audience participation will be encouraged as we formulate an effective audit and security program based on accepted practices such as COBIT and the ISO 27000 series. Class exercises will help reinforce what you learn and enable you to easily identify risks, controls and the various services.