	United States United Kingdom \| Home Contact Customer Services

Course Profile

Network Security Assessment - NSA
Code : SEC700
Length : 3 Days
Course Schedule: CLICK HERE
Course Costs
$2,195.00 USA
$2,195.00 Canada
£1,400.00 UK

The NETalert Curriculum

Our curriculum has been developed upon actual penetration testing and assessment experience. It has been designed to allow us to teach Security Professionals the in depth methodologies, models, tools and techniques required to perform comprehensive Information Security Penetration Tests and assessments. Our curriculum, which includes our premier Applied Penetration Testing, Network Security Assessment and Framework for Information Security Testing, covers engagement management and planning in addition to testing in all modern infrastructures, operating systems and application environments. Our focus is not only on the technology but the identification of resources crucial to a successful assessment and test. It takes you into the culture of the Security Professional in which you receive an intensive learning experience.

Course Summary

This three day course provides attendees with in depth knowledge on the methodologies involved in a security assessment. Utilizing industry standard methodologies and procedures attendees will learn how to effectively evaluate a enterprise network and computing environments security and make effective decisions using risk management best practices. The course begins by addressing the concepts of information security, survivability, and risk management, including the layered approach to survivability and the elements of risk analysis and assessment.

Finally, the course provides a foundation in the life-cycle processes of configuration management and control: certification and accreditation, implementation, monitoring, testing and evaluation, coordination and communication, and documentation. The course also explores aspects of penetration testing and its position within Network Security Assessment

The course involves lecture/briefings, demonstrations, scenario-based exercises, and open discussion to help participants develop their understanding of the problems and strategies for ensuring the security of their organizations' critical assets.

Course Highlights

Step-by-step approach to assessing security
Determining needs of your client
Setting expectations
Legalities, regulations
Understand the language of Risk and vulnerability assessments
Understanding aspects of planning, performing, reporting on the risks to your IT infrastructure
Define patterns and parameters of a risk and vulnerability assessment

Learn how to effectively scope a project
Policy review
Locating security assessment resources
Use of tools to evaluate network risks.
Preparing a technical assessment plan.
Identify attack vectors
Prepare a network security assessment report
Post assessment analysis
Effectively writing the final report

Students are also provided with a CD containing tools used in the class.

Course Prerequisites

It is recommended that all students have at least a basic knowledge of TCP/IP as well as networking (as exhibited in Net+, CCNA®, CNA, or MCP) prior to enrolling in this
course.

Who should Attend

System and Network Administrators
Network Managers
Network Architects
Security and Firewall Administrators
Security Engineers
Professional Security Analysts
Chief Security Officers
Chief Intelligence Officers

Course Outline

Evaluation	Validating the Assessment Request The Formal Assessment Agreement Agreement Approval – Team / Customer
Assessment Expectations Objectives	Understanding Concerns Assessment Constraints Management Buy-in Establishing Points of Contract
Scoping the Assessment	Rules of Engagement Legal Principles Legal Standards relevant to Information Security Liability Legal Council Contracts
Building the Technical Assessment Plan	Purpose of the Technical Assessment Plan Building the Plan
Network vulnerability assessment	What security is and isn’t assessment Types Level I - Policy assessment Level II - Network Vulnerability Evaluations Level III - Penetration Testing Penetration testing types Procedures governing assessments Driving the Assessment Process Management of an Assessment Scheduling and Timelines
Fundamentals of Security	Roles and responsibilities Oversight Senior management Security officers Information security Strategy Security policies Security models Classification criteria Types of frameworks Defining policies Purpose, scope responsibility Policy framework Deployment Policy life-cycles
Risk Assessment Methodologies	Risk Assessment Terminology Risk management requirements Risk Assessment Requirements Risk Assessment Models Best Practices for Qualitative and Quantitative Models Selecting the Best Model for Your Organization
Risk Management	The importance of Risk Management Integration of Risk Management Key Roles Key Roles – Senior Management Risk Level Matrix Vulnerability Identification Security Requirements Checklist Management Security – Selection Criteria Technical Security – Selection Criteria Control Methods Impact Analysis Risk Mitigation Management Security Controls
Security Assessment Scope	Defining Scope of the Assessment Assessment Timeline Driving factors, concerns and Constraints The Assessment Management Team The Assessment Team Determining the Assessment Timeline Identifying Critical systems and information The Information Criticality Matrix The Systems Criticality Matrix
Risk Assessments	Assessment Drivers Laws and Mandates Risk Terminology Exploit Life-cycles Regulatory Compliance POCAB, COBIT and COSO Risk Assessment Goals and Objectives Risk Assessment Best Practices BCP – Business Continuity Planning Forensics and Forensic Analysis Incident Response Incident Response Teams SIRT BCM – Business Continuity Management COSO Components The BCM Model BCM Program Elements and Phases BCM Goals and Objectives
Performing an Assessment	The Assessment Process Level I Assessments Documentation Review NIST / IAM Information Security documentation INFOSEC Roles and Responsibilities Contingency Planning Configuration Management Change Management Technical Controls Identification and Authentication Auditing System Assurance Communication Security and Operational Control Common Policy Problems Organizational Guidelines and Controls
Level II Assessments	What is Vulnerability Scanning? Vulnerabilities Information Gathering Tools and Techniques Foot printing Document Grinding Vulnerability Scanning Tools Enumeration Tools Wireless Assessment Tools Automated Scanning Assessing what tools to employ
Level III Assessments	Vulnerability Exploitation Independent Diagnostic Tests Security Testing Standards Key Factors in Testing Security Testing and Outsourcing Penetration Testing Why Penetration Testing Penetration Testing Issues Rules of Engagement (ROE) Types of Penetration Testing Red Teams Blackbox / Whitebox Testing Internal Penetration Testing External Penetration Testing Post Testing Activities Security Testing Best Practices
Assessment Tools	Reconnaissance Enumeration Scanning Wireless Password Auditing Vulnerability Assessment Exploit Automated Exploit Frameworks
Post Assessment Analysis	Categorization and correlation Research Analyzing data Recommendations
Reporting	Compiling Data Creating the report Report Presentation Post Assessment Activities

"Through 2008, insiders, working alone or with outsiders, will account for the majority of financial losses from the unauthorized use of computers and networks."
Gartner Group