Information Management
Standards exam preparation
Define standard and standardization and explain their important in today’s international
environment
Name and describe the most prevalent information security standards and information
security models
Implement security governance in a corporate environment based on good practice
Understand and be able to apply standard concepts and principles that security operations
should follow
Describe the main elements of resource protection and employ resource protection in a
corporate environment
Manage incident response
Name, describe and decide on preventative measures against attacks
Week 1 Information Management Standards
Define what a standard is and what is standardization
Explain the importance of standardization nowadays
Give a short description of the TCSEC and name tis fundamental objectives and requirements
Describe the security mechanisms that are applied through the different TCSEC levels.
Give a short description of ITSEC
Name and describe the key concepts introduced by the Common Criteria
Name the main areas of concern of the ISO 27001:2013 standard
Describe the PDCA cycle introduced by the ISO 27001:2005 standard
Name and explain the principles of COBIT 5
Describe BiSL
Name the rules of the Bell-LaPadula, Biba, and Chinese Wall security models
Describe the four main entities of the Clark-Wilson integrity model
Week 2 Information Security Governance
Apply security governance in a given setting
Name and apply the main suggestions by ITGI (IT Governance Institute) concerning security
Name and describe the organizational processes that impact security
Explain the concerns of the security professionals when the aforementioned organizational
processes occur
Describe the various users’ roles within the context of the organization and their security
responsibilities
Name the main benefits from establishing clear and unambiguous security roles
Explain the relationship between legislative and regulatory compliance with the security
professional
Understand when privacy requirements compliance is desired and name the control
frameworks that support meeting these requirements
Explain what is due care and what due diligence
Week 3 Security Operations Concepts
Name and describe the key themes related to the concepts of Security Operations
, Explain which are the main processes and procedures, where Security Operations plays a
vital role
Understand how security operations are controlling privileged accounts, and explain what is
identity management and access management
Describe the need-to-know concept
Describe the least privilege concept
Explain the notion of Role Based Access Control (RBAC)
Name and describe the different types of privileged user accounts
Explain the principle of Separation of Duties and how it can be applied in practice when
assigning responsibilities in a corporate environment
Describe what is a clearance and what is its relation to background checks
Explain what is Job Rotation and which purposes it serves in a corporate environment
Name the different stages of the sensitive information lifecycle
Define declassification
Week 4 Employ Resource Protection
Discern between tangible and intangible assets, and identify combinations thereof
Critically examine whether a physical or non-physical asset needs to be protected and to
which extend
Name the main facilities systems and controls that support the IT operation
Explain how and why hardware should be physically protected
Name and describe the main protection measure for storage media
Explain what is software licensing and what is its relevance to security in a corporate
environment
Name the most important elements of a secure removable media solution
Explain the difference between backups and archives
Describe the security related considerations concerning backups and archives
Explain what makes media disposal important, and name the three main means of media
disposal or reuse
Describe the equipment lifecycle and the relation of each phase to security
Week 5 Manage Incident Response
Define the term Incident Response Management
Name the key actors in an incident management program and their characteristics, that
make the program successful
Identify the relation between the incident management process and measurements, metrics,
and reporting
Determine the measures that are important in a given incident scenario, so as to facilitate
successful security operations
Name and describe the most prevalent boundary controls and detection mechanisms
Identify the advantages and disadvantages of each detection approach and decide on the
most adequate mechanisms in a given setting
Name the most important aspects of Incidence Response and devise a step-by-step
procedure of response in a given scenario
Identify and answer all the questions relevant to the incident reporting procedure, that
should be included in the formal policies or procedures of an organization
Explain what is the added value of reviews and audits for an organization
Week 6 Preventative Measures against Attacks
Name and describe the common threats against the CIA (Confidentiality, Integrity,
Availability) triad of security requirements
Standards exam preparation
Define standard and standardization and explain their important in today’s international
environment
Name and describe the most prevalent information security standards and information
security models
Implement security governance in a corporate environment based on good practice
Understand and be able to apply standard concepts and principles that security operations
should follow
Describe the main elements of resource protection and employ resource protection in a
corporate environment
Manage incident response
Name, describe and decide on preventative measures against attacks
Week 1 Information Management Standards
Define what a standard is and what is standardization
Explain the importance of standardization nowadays
Give a short description of the TCSEC and name tis fundamental objectives and requirements
Describe the security mechanisms that are applied through the different TCSEC levels.
Give a short description of ITSEC
Name and describe the key concepts introduced by the Common Criteria
Name the main areas of concern of the ISO 27001:2013 standard
Describe the PDCA cycle introduced by the ISO 27001:2005 standard
Name and explain the principles of COBIT 5
Describe BiSL
Name the rules of the Bell-LaPadula, Biba, and Chinese Wall security models
Describe the four main entities of the Clark-Wilson integrity model
Week 2 Information Security Governance
Apply security governance in a given setting
Name and apply the main suggestions by ITGI (IT Governance Institute) concerning security
Name and describe the organizational processes that impact security
Explain the concerns of the security professionals when the aforementioned organizational
processes occur
Describe the various users’ roles within the context of the organization and their security
responsibilities
Name the main benefits from establishing clear and unambiguous security roles
Explain the relationship between legislative and regulatory compliance with the security
professional
Understand when privacy requirements compliance is desired and name the control
frameworks that support meeting these requirements
Explain what is due care and what due diligence
Week 3 Security Operations Concepts
Name and describe the key themes related to the concepts of Security Operations
, Explain which are the main processes and procedures, where Security Operations plays a
vital role
Understand how security operations are controlling privileged accounts, and explain what is
identity management and access management
Describe the need-to-know concept
Describe the least privilege concept
Explain the notion of Role Based Access Control (RBAC)
Name and describe the different types of privileged user accounts
Explain the principle of Separation of Duties and how it can be applied in practice when
assigning responsibilities in a corporate environment
Describe what is a clearance and what is its relation to background checks
Explain what is Job Rotation and which purposes it serves in a corporate environment
Name the different stages of the sensitive information lifecycle
Define declassification
Week 4 Employ Resource Protection
Discern between tangible and intangible assets, and identify combinations thereof
Critically examine whether a physical or non-physical asset needs to be protected and to
which extend
Name the main facilities systems and controls that support the IT operation
Explain how and why hardware should be physically protected
Name and describe the main protection measure for storage media
Explain what is software licensing and what is its relevance to security in a corporate
environment
Name the most important elements of a secure removable media solution
Explain the difference between backups and archives
Describe the security related considerations concerning backups and archives
Explain what makes media disposal important, and name the three main means of media
disposal or reuse
Describe the equipment lifecycle and the relation of each phase to security
Week 5 Manage Incident Response
Define the term Incident Response Management
Name the key actors in an incident management program and their characteristics, that
make the program successful
Identify the relation between the incident management process and measurements, metrics,
and reporting
Determine the measures that are important in a given incident scenario, so as to facilitate
successful security operations
Name and describe the most prevalent boundary controls and detection mechanisms
Identify the advantages and disadvantages of each detection approach and decide on the
most adequate mechanisms in a given setting
Name the most important aspects of Incidence Response and devise a step-by-step
procedure of response in a given scenario
Identify and answer all the questions relevant to the incident reporting procedure, that
should be included in the formal policies or procedures of an organization
Explain what is the added value of reviews and audits for an organization
Week 6 Preventative Measures against Attacks
Name and describe the common threats against the CIA (Confidentiality, Integrity,
Availability) triad of security requirements
