Information security was first studied in the early 1970s; today, this has evolved into an imperative and highly complex domain. This course provides a broad overview of information security. Information security (IS) is designed to protect the confidentiality, integrity and availability of computer system data from malicious intentions. Information security is a method designed to secure the sensitive information from unauthorised access, use, deletion, or modification.
MODULE 1: INTRODUCTION TO INFORMATION SECURITY
Definition of information security, Evolution of information security; Basics principles of information security; Critical concepts of information security; Components of the information system; Balancing information security and access; Implementing IT security, The system development life cycle, Security professional in the organisation.
MODULE 2: THE NEED FOR IT SECURITY
Business needs-protecting the functionality, Enabling the safe operations, Protecting the data, Safe guarding the technology assets; Threats-compromises to intellectual property, Deliberate software attacks, Espionage and trespass, Sabotage and vandalism; Attacks-malicious codes, Back doors, Denial of service and distributed denial of service, Spoofing, Sniffing, Spam, Social engineering.
MODULE 3: RISK MANAGEMENT
Definition of risk management, Risk identification and risk control, Identifying and accessing risk, Assessing risk based on probability of occurrence and likely impact, The fundamental aspects of documenting risk via the process of risk assessment, The various risk mitigation strategy options, The categories that can be used to classify controls.
MODULE 4: NETWORK INFRASTRUCTURE SECURITY AND CONNECTIVITY
Understanding infrastructure security - Device based security, Media-based security, Monitoring and diagnosing; Monitoring network - firewall, Intrusion detection system, Intrusion prevention system; OS and network hardening, Application hardening; Physical and network security - Policies, Standards and guidelines
After completing this course and successfully passing the certification examination, the student will be awarded the “Information Security Fundamentals” certification.
If a learner chooses not to take up the examination, they will still get a 'Participation Certificate'.