Practitioner Certificate in Information Assurance Architecture, PCIAA
Course Style
Live Instructor Led. Face-to-Face or Attend-From-Any-Where
What is included?
- 5 days of training
- Course material/Slides
- Examination Fees
- 97.9% Certification Success in First Attempt
- Classroom training Or Attend-From-Any-Where
- Training delivered by Professionals with enormous industry experience
- Total comprehensive exam preparation
What you will Learn?
Upon completion of this module, candidates will be able to:
- Understand the skills, including those of communication and influencing required by an IA architect is to provide a framework within which complexity can be managed successfully.
- Describe the business environment, the risks that apply to it, and the impact of Security in improving its governance.
- Identify information risks that arise from potential solution architectures.
- Develop and implement architectures that mitigate the risks posed by modern technologies and business practices
- Use the concept of architecture to integrate solutions to a diverse range of complex needs, and to manage that complexity.
- Apply ‘standard’ security techniques and architectural reference models to mitigate security risks.
- Provide consultancy and advice to explain Information Assurance and architectural problems.
- Securely configure ICT systems in compliance with their approved security architectures.
Who should attend?
This course is suitable for security professionals interested in the technical and business aspects of the profession or anyone looking to work in the field of security architecture. They could be either within a dedicated security team or as part of a more general Enterprise Architecture (EA) team.
Course Outline
- The Basics of Information Assurance (IA) Architecture
1.1 Describe the concepts of IA and cyber security, the role of the IA architect and the concepts of security architectures.
1.2 Describe the knowledge, skills and experience an IA architect must possess.
1.3 Explain the concepts and design principles used by IA architects when designing and assuring systems.
1.4 Describe security architectures at a high level using appropriate contextual terms and architectural concepts related to security concerns.
1.5 Explain the importance of design patterns and conceptual architectures.
1.6 Describe the methods and techniques used for risk assessment, business impact analysis, and establishing countermeasures and contingency plans.
- Innovation and Business Improvement
2.1 Evaluate the security implications and governance of business transitions.
2.2 Explain the nature of organisational risk, culture, appetite and risk tolerance.
2.3 Evaluate how security is a business enabler.
2.4 Describe continuous improvement as a philosophy.
2.5 Apply the techniques that can be used to measure security maturity levels.
- Advanced Security Architecture Concepts
3.1 Evaluate available security monitoring, response solutions and security services.
3.2 Describe the role of directories and how they can be used in authentication and authorisation.
3.3 Demonstrate the functions of security management within the organisation.
3.4 Evaluate the main network technologies, associated security controls and the threats they counter.
3.5 Illustrate the main methods for resilience, recovery capabilities and techniques.
3.6 Illustrate the main characteristics of virtualisation, cloud platforms and their security aspects.
3.7 Illustrate the threats to Industrial Control Systems and appropriate countermeasures
3.8 Demonstrate the purpose of Digital Right Managements (DRM), Data Loss Prevention (DLP), and their main standards and technologies.
3.9 Illustrate the threats to an organisation when implementing and managing microprocessor-controlled devices.
3.10 Evaluate common mobile platforms and technologies, their management, and their potential risks.
3.11 Apply appropriate security mechanisms for a given scenario or organisation.
3.12 Implement application security measures and adhere to appropriate frameworks to secure them.
3.13 Apply appropriate cryptographic mechanisms and techniques
3.14 Evaluate the use of threat modelling techniques.
3.15 Illustrate security design patterns, common threats, and security controls that can be used to counter them
3.16 Evaluate supplier assurance frameworks and how supplier services can be securely acquired and managed.
3.17 Evaluate the main authentication, authorisation, and accounting (AAA) techniques and how to implement them.
3.18 Demonstrate how new and emerging technologies impact on security.
3.19 Analyse how operational changes can be managed, controlled and assured.
- Information Assurance Methodologies
4.1 Apply the main information assurance and enterprise architecture methodologies and frameworks.
4.2 Evaluate methods, tools and techniques for identifying potential vulnerabilities.
4.3 Evaluate methods, tools and techniques used for penetration testing.
4.4 Analyse vulnerability and penetration testing programs.
4.5 Analyse frameworks and tools that can be used to secure code.
4.6 Demonstrate an understanding of product evaluation and maturity models.
4.7 Demonstrate an understanding of cryptographic assurance frameworks and standards.
- Security Across the Lifecycle
5.1 Explain the roles and responsibilities related to Information Assurance Architecture development.
5.2 Illustrate the importance of embedding security throughout the development process.
5.3 Demonstrate the main concepts and techniques of auditability and traceability.
5.4 Explain the core types of design artefacts at the conceptual, logical and physical layers.
5.5 Evaluate the security issues associated with commercial systems, applications and products.
5.6 Demonstrate the importance of systems hardening.
5.7 Explain the role and value of information security architecture within the overall business process.
Prerequisites
None.
Career, certification and Salary
There are many articles available about Career, certification and Salary in relation to Crest Registered Tester (CRT). Firstly, you have to know what advantages this course offers you and after that, what is a CRT. The course can be led by an instructor, face to face, or you can attend it from anywhere. And that’s cool, isn’t it? Another cool thing is that we guarantee you the exam pass and even if you don’t pass from the first attempt, you can try it later for free. If you are not satisfied with this course, you can join another one. Also, you will learn a lot of skills and get a great certification. Our offer includes 5 days of training, examination fees, slides or course material, a classroom training (or you can attend from anywhere) and a training with skilled specialists. Now we want to tell you more about what Crest CRT means. CRT is a Crest registered tester or a Penetration Tester.
A Penetration test or a pen test is an approved simulated cyberattack on a computer system, executed to test the safety of the system. This is not the same thing as a vulnerability evaluation. The test is played to detect vulnerabilities, including the chance for unauthorized parties to reach system data or strengths, providing a complete risk assessment. Why do you need to know if you want to join a Penetration Tester course? The fact that you should have a good knowledge of computer operating systems and in this course you will learn a lot of new and interesting facts.
Pen testing can imply a wanted breaching for many application systems in order to reveal the weak points, like inputs that are exposed to code attacks. The results delivered by the penetration test can be applied to fine-tune your WAF security policies and repair identified issues. A Penetration Tester training allows you to learn about the five stages of a pen testing.
These five important stages are: planning and observation, scanning, gaining access, maintaining access and analysis and WAF configuration. In the first stage, the planning and the observation, you have to establish the goals of a test, including the systems to be examined and to check the best methods you should use. As a Penetration tester you must collect intelligence (like a mail server or domain names), so you can find out how a target acts and what weak spots can occur.
The second stage is called scanning, an important stage when you have to figure out how the target application will respond to different intrusion attempts. The analysis can be also static or dynamic. The static analysis refers to studying application’s code so you can evaluate the mode it acts while operating. And the dynamic one means that you must analyse an application’s code in a running state, so the second type of analyse offers a real-time outlook into an application’s execution. Gaining access is another stage of a pen testing, in which you may try and utilise these vulnerabilities, usually by stealing data, intercepting traffic, to find out the problem they can produce.
Maintaining access has the goal to check if the problem can be used to fulfil a lasting existence in the exploited system. The objective is to simulate complex and persistent threats, which frequently stand in a system for a long time in order to grab an organization’s confidential information. The last stage or step is the configuration, in which you make a report with important results, like the exploited vulnerabilities, the confidential data accessed and how many times the Pen Tester was allowed to stay in the system unobserved.
A Penetration testing has many significant methods, like internal testing, external testing, targeted testing, blind testing and double-blind testing. Within an internal testing, a pen tester has to fake an outbreak by a harmful insider. Of course, he can break through an application behind its firewall.
External penetration tests point the resources of a company that are noticeable on the internet, like the web application, email or domain name servers (DNS). The main purpose is to enter and obtain precious information. When we speak about targeted testing, you should know that is a team work, because the tester and security personnel work together and support one another. This is a valued practice exercise that generates a security team with realtime response from a hacker’s position.
Blind testing means that a pen tester has only the name of the targeted company. The security employees have now a clear look into how application attack performs. The last method for a Penetration testing is the double-blind testing. Now security staff can’t anticipate the simulated attack. Just like in reality, they don’t have the time to prepare a defence before an unexpected attack.
Let’s talk now about the skills required for a penetration tester. What do you should know and what skills or competencies do you must own? First of all, you must own very good spoken and written communication so you can point out your methods to a technical and non-technical public. Secondly, you have to be capable to design and perform tests while taking into account the customer’s preferences. Another important skill which you have to take into account is the capacity to be creative and to have good time management and managerial aptitudes to meet customer deadlines and of course, wishes.
Careers and certification, training courses is population for System administrators, law enforcement officers, detectives, aspiring information security personnel who wants to be part of a Pen Test team or who is considering a career in Penetration Testing. The salary for a Pen Tester is amongst some of the very best, you can get, because you have to think outside the box and you must commit to permanently upgrading your technical information base. So be prepared to enter the fascinating world of testing and find out new things that will help you develop professionally. Penetration Tester course is created especially for you and if you think you’re ready, we expect you in our team!