Architecting on AWS covers the fundamentals of building IT infrastructure on AWS. The course is designed to teach solutions architects how to optimise the use of the AWS Cloud by understanding AWS services and how these services fit into cloud-based solutions. This course emphasises AWS Cloud best practices and recommended design patterns to help students think through the process of architecting optimal IT solutions on AWS. It also presents case studies throughout the course that showcase how some AWS customers have designed their infrastructures and the strategies and services they implemented. Opportunities to build a variety of infrastructures via a guided, hands-on approach are also provided.
This course teaches you how to:
- Make architectural decisions based on the AWS-recommended architectural principles and best practices
- Leverage AWS services to make your infrastructure scalable, reliable, and highly available
- Leverage AWS-managed services to enable greater flexibility and resiliency in an infrastructure
- Make an AWS-based infrastructure more efficient in order to increase performance and reduce costs
- Use the Well-Architected Framework to improve architectures with AWS solutions
This course is intended for:
- Solutions architects
- Solution design engineers
- Core AWS Concepts
- Core AWS Knowledge
- Core AWS Services
- Designing Your Environment
- Making Your Environment Highly Available
- Forklifting an Existing Application onto AWS
- Event-Driven Scaling
- Build a New Environment
- Well-Architected Framework
- Troubleshooting YourEnvironment
- Large-Scale Design Patterns and Case Studies
Training materials: AWS digital kit, iLabs.
Certificate of ettendence: AWS Certificate
The “IT AUDIT” trainings will allow participants to gain a wide set of knowledge to plan, perform IT audits and manage IT audit enterprise programs.
You will have all required skills to face the most difficult problems, which include:
- audit planning and reporting
- business continuity audit
- software development and system implementation lifecycle audit
- operating systems, databases, network equipment configuration audit
This is solely practical training! You immediately will work. The training adopted for an audience which represents students with completely different background. If you just a novice, you will be solving simple tasks. If you’re professional, you will have a set of very sophisticated tasks.
The obtained experience will mandatory increase your value for employees and customers, and bring a tremendous level of a professional confidence to you personally.
We recommend this training for:
- IT auditors
- IT security specialists
- IT quality specialists
- IT managers
Section 1: IT audit
- IT assurance framework (ITAF).
- Audit charter/mandate for the audit.
- Auditor independence.
- Professional due care.
- Audit assertions.
- Audit criteria.
- ISACA audit programs.
- IIA audit guidelines.
- Trust services principles and criteria
- Cobit 5
- Other sources of criteria
- Audit planning. Risk-based planning.
- Audit performance.
- Materiality of audit findings.
- Audit evidence.
- Evidence collection methods
- Audit sampling.
- Using the work of other experts.
- Handling illegal acts.
- Audit follow-up.
- Control environment
- Control design
- Control effectiveness
- Control monitoring
- Practical workshop.
Section 2: IT governance and management
- IT strategy
- IT architecture
- IT metrics
- IT organization
- IT service management
- Service catalog
- Incident management
- Change management
- Release management
- Problem management
- IT investments
- IT risks
- End-user computing.
- Shadow IT
- Cloud IT
- IT outsourcing
- Practical workshop.
Section 3: Information systems development and implementation
- System implementation and development lifecycle.
- Project management control frameworks.
- System development methodologies.
- Project business case.
- Feasibility study.
- Requirements specification.
- Design and Architecture.
- Procurement process.
- Handover to production.
- Operational support.
- Project closure.
- Practical workshop.
Section 4: IT operations
- Inventory and asset management.
- Patch management.
- Hardware maintenance.
- Capacity planning.
- Performance and availability monitoring.
- Datacenter management
- Network physical infrastructure
- Practical workshop.
Section 5: Business continuity and disaster recovery
- Business continuity management
- Business continuity project initiation and management.
- Business impact assessment.
- Recovery strategies.
- Business continuity plan testing.
- Disaster phases:
- Initial response
- Post-incident activities
- Practical workshop.
Section 6: Information security assurance
- Information security policies, standards and procedures
- Information security roles and organizational structures.
- Human resource security
- Data classification and handling
- Key processes.
- Information security risk management.
- Incident handling.
- Awareness programs.
- Identity and access management.
- 802.11x, NAP and network access control
- Remote access and teleworking risks
- Rights management
- Antimalware solutions
- Physical security controls
- Fraud controls
- Practical workshop.
Section 7: Audit considerations
- ERP audit
- CRM audit
- Practical workshop.
- Windows audit
- Linux audit
- Networking, VPN and Firewall audit
- PKI audit
- Database audit (MySQL and Oracle)
- Web application audit (PHP)
- Mobile application audit (android)
- The Process of Auditing Information Systems
- Risk Based Auditing
- Audit Planning and Performance
- Reporting on Audit
- IT Governance and Management
- Strategic Planning and Models
- Resource Management
- Business Continuity Planning
- Systems Acquisition, Development and Implementation
- Systems Development Models
- Types of Specialized Business Applications
- Application Controls
- Information Systems Operations, Maintenance and Support
- System and Communications
CompTIA Security+ (Exam SY0-501) is the primary course you will need to take if your job responsibilities include securing network services, devices, and traffic in your organization. You can also take this course to prepare for the CompTIA Security+ certification examination. In this course, you will build on your knowledge of and professional experience with security fundamentals, networks, and organizational security as you acquire the specific skills required to implement basic security services on any type of computer network.
This course can benefit you in two ways. If you intend to pass the CompTIA Security+ (Exam SY0-501) certification examination, this course can be a significant part of your preparation. But certification is not the only key to professional success in the field of computer security. Today’s job market demands individuals with demonstrable skills, and the information and activities in this course can help you build your computer security skill set so that you can confidently perform your duties in any security-related role.
This course is targeted toward the information technology (IT) professional who has networking and administrative skills in Windows-based Transmission Control Protocol/Internet Protocol (TCP/IP) networks; familiarity with other operating systems, such as mac OS, Unix, or Linux; and who wants to further a career in IT by acquiring foundational knowledge of security topics; preparing for the CompTIA Security+ certification examination; or using Security+ as the foundation for advanced security certifications or career roles.
Domain 1:Security and Risk Management
1.1 Understand and apply concepts of confidentiality, integrity and availability
1.2 Apply security governance principles through:
– Legislative and regulatory compliance
– Privacy requirements compliance
1.4 Understand legal and regulatory issues that pertain to information security in a global context
1.5 Understand professional ethics
– Exercise (ISC)² Code of Professional Ethics
– Support organization’s code of ethics
1.6 Develop and implement documented security policy, standards, procedures, and guidelines
1.7 Understand business continuity requirements
– Develop and document project scope and plan
– Conduct business impact analysis
– Alignment of security function to strategy, goals, mission, and objectives (e.g., business case, budget and resources)
– Organizational processes (e.g., acquisitions,divestitures, governance committees)
– Security roles and responsibilities
– Control frameworks
– Due care
– Due diligence
– Computer crimes
– Licensing and intellectual property (e.g., copyright, trademark, digital-rights management)
– Import/export controls
– Trans-border data flow
– Data breaches
1.8 Contribute to personnel security policies
1.9 Understand and apply risk management concepts
1.10 Understand and apply threat modeling
1.11 Integrate security risk considerations into acquisition strategy and practice
1.12 Establish and manage information security education, training, and awareness
– Appropriate levels of awareness, training, and education required within organization
– Periodic reviews for content relevancy
– Employment candidate screening (e.g., reference checks, education verification)
– Employment agreements and policies
– Employment termination processes
– Vendor, consultant, and contractor controls
– Identify threats and vulnerabilities
– Risk assessment/analysis (qualitative, quantitative,hybrid)
– Risk assignment/acceptance (e.g., system authorization)
– Countermeasure selection
– Types of controls (preventive, detective, corrective, etc.)
– Control assessment
– Monitoring and measurement
– Asset valuation
– Continuous improvement
– Risk frameworks
– Identifying threats (e.g., adversaries, contractors, employees, trusted partners)
– Determining and diagramming potential attacks (e.g., social engineering, spoofing)
– Performing reduction analysis
– Technologies and processes to remediate threats (e.g., software architecture and operations)
– Hardware, software, and services
– Third-party assessment and monitoring (e.g., onsite assessment, document exchange and review, process/policy review)
– Minimum security requirements
– Service-level requirements
Domain 2:Asset Security
2.1 Classify information and supporting assets (e.g., sensitivity, criticality)
2.2 Determine and maintain ownership (e.g., data owners, system owners, business/mission owners)
2.3 Protect privacy
2.4 Ensure appropriate retention (e.g., media, hardware, personnel)
2.5 Determine data security controls (e.g., data at rest, data in transit)
2.6 Establish handling requirements (markings, labels, storage, destruction of sensitive information)
– Data owners
– Data processers
– Data remanence
– Collection limitation
– Scoping and tailoring
– Standards selection
Domain 3:Security Engineering
3.1 Implement and manage engineering processes using secure design principles
3.2 Understand the fundamental concepts of security models (e.g., Confidentiality, Integrity, and Multi-level Models)
3.3 Select controls and countermeasures based upon systems security evaluation models 3.4 Understand security capabilities of information systems (e.g., memory protection, virtualization, trusted platform module, interfaces, fault tolerance)
3.5 Assess and mitigate the vulnerabilities of security architectures, designs, and solution elements
3.6 Assess and mitigate vulnerabilities in web-based systems (e.g., XML, OWASP)
3.7 Assess and mitigate vulnerabilities in mobile systems
3.8 Assess and mitigate vulnerabilities in embedded devices and cyber-physical systems (e.g., network-enabled devices, Internet of things (loT))
3.9 Apply cryptography
– Client-based (e.g., applets, local caches)
– Server-based (e.g., data flow control)
– Database security (e.g., inference, aggregation, data mining, data analytics, warehousing)
– Large-scale parallel data systems
– Distributed systems (e.g., cloud computing, grid computing, peer to peer)
– Cryptographic systems
– Industrial control systems (e.g., SCADA)
– Cryptographic life cycle (e.g., cryptographic limitations, algorithm/protocol governance)
– Cryptographic types (e.g., symmetric, asymmetric, elliptic curves)
– Public Key Infrastructure (PKI)
– Key management practices
– Digital signatures
– Digital rights management
– Integrity (hashing and salting)
– Methods of cryptanalytic attacks (e.g., brute force, cipher-text only, known plaintext)
3.10 Apply secure principles to site and facility design
3.11 Design and implement physical security
– Wiring closets
– Server rooms
– Media storage facilities
– Evidence storage
– Restricted and work area security (e.g., operations centers)
– Data center security
– Utilities and HVAC considerations
– Water issues (e.g., leakage, flooding)
– Fire prevention, detection and suppression
Domain 4:Communications and Network Security
4.1 Apply secure design principles to network architecture (e.g., IP & non-IP protocols, segmentation)
4.2 Secure network components
4.3 Design and establish secure communication channels
4.4 Prevent or mitigate network attacks
– OSI and TCP/IP models
– IP networking
– Implications of multilayer protocols (e.g., DNP3)
– Converged protocols (e.g., FCoE, MPLS, VoIP, iSCSI)
– Software-defined networks
– Wireless networks
– Cryptography used to maintain communication security
– Operation of hardware (e.g., modems, switches, routers, wireless access points, mobile devices)
– Transmission media (e.g., wired, wireless, fiber)
– Network access control devices (e.g., firewalls, proxies)
– Endpoint security
– Content-distribution networks
– Physical devices
– Multimedia collaboration (e.g., remote meeting technology, instant messaging)
– Remote access (e.g., VPN, screen scraper, virtual application/desktop, telecommuting)
– Data communications (e.g., VLAN, TLS/SSL)
– Virtualized networks (e.g., SDN, virtual SAN, guest operating systems, port isolation)
Domain 5:Identity and Access Management
5.1 Control physical and logical access to assets
5.2 Manage identification and authentication of people and devices
5.3 Integrate identity as a service (e.g., cloud identity)
5.4 Integrate third-party identity services (e.g., on-premise)
5.5 Implement and manage authorization mechanisms
– Role-Based Access Control (RBAC) methods
– Rule-based access control methods
– Mandatory Access Control (MAC)
– Discretionary Access Control (DAC)
5.6 Prevent or mitigate access control attacks
5.7 Manage the identity and access provisioning lifecycle (e.g., provisioning, review)
– Identity management implementation (e.g., SSO, LDAP)
– Single/multi-factor authentication (e.g., factors, strength, errors)
– Session management (e.g., timeouts, screensavers)
– Registration and proofing of identity
– Federated identity management (e.g., SAML)
– Credential management systems
Domain 6:Security Assessment and Testing
6.1 Design and validate assessment and test strategies
6.2 Conduct security control testing
6.3 Collect security process data (e.g., management and operational controls)
6.4 Analyze and report test outputs (e.g., automated, manual)
6.5 Conduct or facilitate internal and third party audits
– Vulnerability assessment
– Penetration testing
– Log reviews
– Synthetic transactions
– Code review and testing (e.g., manual, dynamic, static, fuzz)
– Misuse case testing
– Test coverage analysis
– Interface testing (e.g., API, UI, physical)
– Account management (e.g., escalation, revocation)
– Management review
– Key performance and risk indicators
– Backup verification data
– Training and awareness
– Disaster recovery and business continuity
Domain 7:Security Operations
7.1 Understand and support investigations
7.2 Understand requirements for investigation types
7.3 Conduct logging and monitoring activities
7.4 Secure the provisioning of resources
7.5 Understand and apply foundational security operations concepts
7.6 Employ resource protection techniques
– Media management
– Hardware and software asset management
– Evidence collection and handling (e.g., chain of custody, interviewing)
– Reporting and documenting
– Investigative techniques (e.g., root-cause analysis, incident handling)
– Digital forensics (e.g., media, network, software, and embedded devices)
– Intrusion detection and prevention
– Security information and event management
– Continuous monitoring
– Egress monitoring (e.g., data loss prevention, steganography, watermarking)
– Asset inventory (e.g., hardware, software)
– Configuration management
– Physical assets
– Virtual assets (e.g., software-defined network, virtual SAN, guest operating systems)
– Cloud assets (e.g., services, VMs, storage, networks)
– Applications (e.g., workloads or private clouds, web services, software as a service)
– Need-to-know/least privilege (e.g., entitlement, aggregation, transitive trust)
– Separation of duties and responsibilities
– Monitor special privileges (e.g., operators, administrators)
– Job rotation
– Information lifecycle
– Service-level agreements
– Electronic discovery (eDiscovery)
7.7 Conduct incident management
7.8 Operate and maintain preventative measures
7.9 Implement and support patch and vulnerability management
7.10 Participate in and understand change management processes (e.g., versioning, baselining, security impact analysis)
7.11 Implement recovery strategies
7.12 Implement disaster recovery processes
7.13 Test disaster recovery plans
7.14 Participate in business continuity planning and exercises
7.15 Implement and manage physical security
– Perimeter (e.g., access control and monitoring)
– Internal security (e.g., escort requirements/visitor control, keys and locks)
7.16 Participate in addressing personnel safety concerns (e.g., duress, travel, monitoring)
– Lessons learned
– Intrusion detection and prevention systems
– Third-party security services
– Backup storage strategies (e.g., offsite storage, electronic vaulting, tape rotation)
– Recovery site strategies
– Multiple processing sites (e.g., operationally redundant systems)
– System resilience, high availability, quality of service, and fault tolerance
– Training and awareness
– Full interruption
Domain 8:Software Development Security
8.1 Understand and apply security in the software development lifecycle
8.2 Enforce security controls in development environments
8.3 Assess the effectiveness of software security
– Auditing and logging of changes
– Risk analysis and mitigation
– Acceptance testing
8.4 Assess security impact of acquired software