This course prepares the student for the BCS Practitioner Certificate in Information Assurance Architecture and includes the BCS examination which is taken on the final day of the course. Using presentations, discussions, group work, scenario exercises and technical demonstrations, the course provides an introduction to the skills and knowledge needed to become an IA Architect, and is not intended for experienced Security Architects.
Learn how to develop an architecture which fits business requirements, mitigates risks in a cost effective manner and conforms to relevant security policies and standards. The course content is aligned with the expertise and knowledge required for the CESG Certified Professional Information Assurance Architect role.
Select specific date to see price, venue and full details.
Learning Objectives
- Use security architecture frameworks, design principles and patterns
- Design systems incorporating cryptography, data protection, host security, network security, identity and access management, application security, and protective monitoring
- Select appropriate technical security controls to mitigate a broad range of risks including the OWASP top ten risks for web applications
- Identify methods for resilience, disaster recovery, separation of security domains, test and production systems
- Use Information Assurance Methodologies including frameworks, cryptographic, product and service assurance, vulnerability scanning and penetration testing
- Describe the security implications of business change, organisational culture and project lifecycle
Pre-Requisites
Delegates should have a broad understanding of Information Security and Information Assurance equivalent to the BCS Certificate in Information Security Management Principles (CISMP). This course is not designed for existing security architects.
The course is aimed at candidates wishing to gain the BCS IA Architecture certificate, and at security professionals or technical administrators seeking to become Information Assurance Architects, understand the importance of business context, and attain a greater expertise in a broad range of IA security controls.
Course Content
Module 1: The Basics of IA Architecture
- Architecture and types of Architect
- Enterprise Architecture
- Enterprise Architecture Frameworks
- Architectural Patterns
- IA and Security Architecture
- IA Architecture Design Principles
- Security Architecture Patterns
Module 2: Advanced Security Architecture Concepts
- Cryptography
- Data Protection
- Host Security
- Network Security
- Identity and Access Management
- Application Security
- Protective Monitoring
- Architecture Concepts
Module 3: Information Assurance Methodologies
- Information Assurance Frameworks
- Cryptographic Assurance
- Product and Service Assurance
- Vulnerability and Penetration Testing
Module 4: Innovation and Business Improvement
- Business Change, Security Metrics and ROI
- Risk, Security Postures and Security Culture
- Security as a Business Enabler
- IA Maturity Models
Module 5: Security across the Lifecycle
- Terms of reference for an IA Architect
- OWASP Top Ten
- Security across the lifecycle
- Importance of links with business process
Module 6: Preparation for IA Architecture Exam
- Format, structure and scoring of the exam
- Mock exam using the BCS sample paper
Technical Demonstrations
- CESG 'Walled Garden' architectural pattern
- Remote access IPSec VPN
- Cryptography including use of a Certificate Authority
- Firewall and network configuration
- Vulnerability scanning and use of penetration testing tools
- OWASP Top Ten with practical example attacks
Exams & Certification
Exam format
- Two hour multiple-choice 'closed book exam
- 85 questions - Section A contains 60 simple multiple choice questions and Section B contains 25 scenario based complex multiple choice questions
- Pass mark is 81/125 (65%)
