Security Architecture

Content on this page requires a newer version of Adobe Flash Player.

Get Adobe Flash player

Security Training

We prepare training materials and provide training on a variety of security topics, with experience in online and face-to-face course delivery models. Our practioners have worked in both university and professional training settings, and we can work with you to provide tailored, focused training ranging from half-day subject overviews to multi-day, in-depth topic coverage.

Our areas of expertise include security management, and the application of security control frameworks relevant to both private and public sector organizations; security policy development, implementation, and enforcement; layered security architecture and defense-in-depth practices; enterprise risk managment; and security and privacy compliance. Representative training materials include:

Information Security Management in Government Designed to be delivered in a two-day lecture format, this course provides an overview of FISMA and other security drivers relevant for U.S. federal government agencies, and provides step-by-step instructions for complying with security management requirements. The course refers to and incorporates guidance from NIST and OMB, distilling down the basics of important security and privacy processes such as security planning, risk assessment, and certification and accreditation.
Security Management Frameworks This presentation includes an overview of major security architecture and security control frameworks commonly used in both private and public sector organizations. It provides a full description of control hierarchies contained in both ISO/IEC 27001 and 27002 and NIST Special Publication 800-53. This material also serves as the basis for a module in a graduate-level course in information assurance taught at University of Maryland, University College.
Layered Security Architecture This presentation explains the core information assurance principle of "defense in depth" – also frequently referred to as "layered security architecture" – and addresses some of the basic considerations in addressing authentication, authorization, and accountability for information systems.
Risk Management Overview This course offers an introduction to the discipline of risk management, including detailed descriptions of key processes such as quantitative and qualitative risk analysis. It covers the full risk management lifecycle, from identification of threats and vulnerabilities to business impact analysis to risk mitigation strategies.
Security Policy Structured to be covered in either a one-day lecture format or two-day interactive workshop, this course presents a comprehensive treatment of information security and privacy policy, including its role in overall security management as well as detailed instruction on designing and writing effective policies.

If you are interested in any of our training services, please contact us.

Training for Security Certifications

When seeking training in order to meet security and privacy certification requirements and to prepare for and successfully pass certification exams, tailored courses are often available from the certifying organizations themselves. There are also many third-party sources of security training that provide instruction not only for certification test preparation, but also in the fundamentals of security (which typically underlie the relevant certifications) and education in detailed technical and practical knowledge that can only be gained through hands-on exposure.

  • International Information Systems Security Certification Consortium (ISC)2 — maintains the common body of knowledge for the Certified Information Systems Security Professional (CISSP) and offers training related to the CISSP, its three specializations (ISSAP, ISSEP, ISSMP), and other certifications including the SSCP and CAP.
  • Information Systems Audit and Control Association (ISACA) — perhaps best known in the IT industry as the source for the Control Objectives for Information and related Technology (COBIT) IT management framework, ISACA provides training for available certifications in auditing (CISA), security management (CISM), and IT governance (CGEIT).
  • The SANS (SysAdmin, Audit, Network, Security) Institute — offers a broad range of security training and certification programs, ranging in skill and experience level from basic to advanced. Under its flagship Global Information Assurance Certification, the SANS Institute emphasizes advanced technical training with a number of very narrowly focused certifications. It also has training in specific domains related to security, including information systems, audit, management, operations, legal, and software.
  • International Association of Privacy Professionals (IAPP) — wholly focused on the domain of information privacy, the IAPP offers education on privacy laws and regulations worldwide, with training in support of its Certified Information Privacy Professional (CIPP) and its variations (CIPP/C, CIPP/G, CIPP/IT).
  • Security University — with a strong emphasis on hands-on training using a wide range of tools and technologies, this CNSS-approved third party training organization offers multiple technical certifications in support of its Qualified Information Securtiy Professional (Q/ISP) and Qualifed Information Assurance Professional (Q/IAP) certification programs.
Copyright © 2009 Security Architecture – All Rights Reserved