Course Overview

The Security of computer, data and networks is now a matter of importance to everyone who uses them.  Computers connected to a network, whether local or wide area, are exposed to many threats against their effective operation and the safety and privacy of the data they hold.  This course aims to provide an overview of the security aspects of computer networks from the managerial perspective and focuses on prevention through effective policy and procedures.  This is supported by an opportunity for delegates to discuss issues with their peers and the course facilitator.

Topics Covered

• Examples of computer misuse and some classifications of hackers
• How hackers work and the weaknesses that they exploit
• The work of CSIRTs and how they can help sites
• The legal situation with respect to computer misuse and how different Acts impact on the security situation
• What should go into an institution's policy, sources of information, policy enforcement
• Encryption technology and what it can do for an institution's security
• Steps which can be taken to secure the computers on an organisation's site
• The use of firewalls to enhance security
• The integration of all components into an operational whole, the steps and their order
• Other sources of information and where to go from here

Learning Outcomes

On completion of this course, delegates will be able to;

• Describe some of the incidents of network security breaches
• Explain the types and motivations of people/groups that carry out this sort of intrusion
• Describe how an intruder might gain information on security weaknesses and describe some of the tools that might be used to capitalise on those weaknesses
• Explain how Denial of Service attacks are carried out and analyse the potential threat to their organisation from these types of intruders
• Describe the characteristics of a security response team and evaluate the need for such a team within their organisation or if such a team exists evaluate its correct effectiveness.
• Analyse the potential impact on their organisation of infringement of regulations
• Make informed recommendations on necessary changes to practice or procedure or explain why no such changes are necessary.
• Evaluate the need for changes to existing security policies and procedures
• Identify the relevant JANET policies that will effect local policies
• Apply the knowledge gained to create a plan for implementing new or updated procedures.
• Describe the four main areas of data security
• Identify the difference between symmetric crypto and asymmetric crypto
• Review existing procedures to identify improvements and where appropriate apply these improvements
• Describe the role of a firewall and its potential functions and analyse the pros and cons of this form of security and its appropriateness to their organisation.

Audience & Prerequisites

This course will be of benefit to any managerial staff responsible for their organisations information security.  Delegates should also have an understanding of telecommunication networks and their organisations LAN as well as basic system administration of clients and servers.

What to Expect

This course will be a mixture of presentation and group discussion.  All delegates will receive a specifically written course workbook.  This will include a course CD that containing copy of all course materials, examples, and links to support materials.  Each delegate will also receive a copy of the UCISA Information Security Toolkit document.

 Timetable

The course will run between 1000 and 1630.  The timetable during the day will be adjusted to allow discussion of areas of particular interest to the audience.

Course Facilitator