This course prepares the student for the BCS Practitioner Certificate in Information Assurance Architecture and includes the BCS examination which is taken on the final day of the course. Using presentations, discussions, group work, scenario exercises and technical demonstrations, the course provides an introduction to the skills and knowledge needed to become an IA Architect, and is not intended for experienced Security Architects.
Learn how to develop an architecture which fits business requirements, mitigates risks in a cost effective manner and conforms to relevant security policies and standards. The course content is aligned with the expertise and knowledge required for the CESG Certified Professional Information Assurance Architect role.
Learning Objectives
- Use security architecture frameworks, design principles and patterns
- Design systems incorporating cryptography, data protection, host security, network security, identity and access management, application security, and protective monitoring
- Select appropriate technical security controls to mitigate a broad range of risks including the OWASP top ten risks for web applications
- Identify methods for resilience, disaster recovery, separation of security domains, test and production systems
- Use Information Assurance Methodologies including frameworks, cryptographic, product and service assurance, vulnerability scanning and penetration testing
- Describe the security implications of business change, organisational culture and project lifecycle
Pre-Requisites
There are no formal entry requirements for candidates taking the examination for the Practitioner Certificate in Security Architect.
However, candidates will require a broad understanding of all aspects of Information Security and Information Assurance equivalent to the BCS Certificate in Information Security Management Principles (CISMP).
Candidates will also need practical experience of the areas of expertise covered within the syllabus.
Course Content
Module 1: The Basics of IA Architecture
- Architecture and types of Architect
- Enterprise Architecture
- Enterprise Architecture Frameworks
- Architectural Patterns
- IA and Security Architecture
- IA Architecture Design Principles
- Security Architecture Patterns
Module 2: Advanced Security Architecture Concepts
- Cryptography
- Data Protection
- Host Security
- Network Security
- Identity and Access Management
- Application Security
- Protective Monitoring
- Architecture Concepts
Module 3: Information Assurance Methodologies
- Information Assurance Frameworks
- Cryptographic Assurance
- Product and Service Assurance
- Vulnerability and Penetration Testing
Module 4: Innovation and Business Improvement
- Business Change, Security Metrics and ROI
- Risk, Security Postures and Security Culture
- Security as a Business Enabler
- IA Maturity Models
Module 5: Security across the Lifecycle
- Terms of reference for an IA Architect
- OWASP Top Ten
- Security across the lifecycle
- Importance of links with business process
Module 6: Preparation for IA Architecture Exam
- Format, structure and scoring of the exam
- Mock exam using the BCS sample paper
Technical Demonstrations
- CESG "Walled Garden" architectural pattern
- Remote access IPSec VPN
- Cryptography including use of a Certificate Authority
- Firewall and network configuration
- Vulnerability scanning and use of penetration testing tools
- OWASP Top Ten with practical example attacks
Exams & Certification
What format is the exam?
- Two hour ‘closed book’
- Two sections with 85 multiple choice questions (section A: 60 questions, section B: five scenarios, with five questions per scenario)
- Pass mark is 65% (81/125)
Related Courses
- BCS Information Security Management Principles CISMP
- BCS Int & Pract - Enterprise and Solution Architecture
- BCS Intermediate - Enterprise and Solution Architecture
- BCS Professional Certificate in Business Finance
- Foundation in Architecture Concepts
- ISO 27001 Information Security Management Foundation
Virtual Classroom
Virtual classrooms provide all the benefits of attending a classroom course without the need to arrange travel and accomodation. Please note that virtual courses are attended in real-time, commencing on a specified date.
