BONUS! Cyber Phoenix Subscription Included: All Phoenix TS students receive complimentary ninety (90) day access to the Cyber Phoenix learning platform, which hosts hundreds of expert asynchronous training courses in Cybersecurity, IT, Soft Skills, and Management and more!
Course Overview
Our 3-day, instructor-led, Access Control, Authentication, and Public Key Infrastructure Training course is designed for cyber security professionals. It will teach you:
- How to protect resources against unauthorized viewing, tampering or destruction
- How to ensure privacy, confidentiality, and prevention of unauthorized disclosure
- The components of access control, a business framework for implementation, and the legal requirements that impact access control
- The risks, threats, and vulnerabilities prevalent in information systems and IT infrastructures
There are no prerequisites for this course. However, you should have some experience in the IT security field prior to taking this course.
Schedule
Currently, there are no public classes scheduled. Please contact a Phoenix TS Training Consultant to discuss hosting a private class at 301-258-8200.
![[image]](http://13.64.56.230/wp-content/themes/phoenixts-com/assets/images/temp/image-9@2x.jpg)
Not seeing a good fit?
Let us know. Our team of instructional designers, curriculum developers, and subject matter experts can create a custom course for you.
Learn more about custom training
Course Outline
Access Control Framework
- Access and access control
- Principal components of access control
- Access control process
- Logical access controls
- Authentication factors
Assessing Risk and Its Impact on Control
- Definitions and concepts
- Threats and vulnerabilities
- Risk assessment
- Value, situation and liability
- Case studies and examples
Business Drivers for Access Control
- Business requirements for asset protection
- Classification of information
- Competitive use of information
- Business drivers
- Controlling access and protecting value
- Examples of access control successes and failures in business
Access Control Policies , Standards, Procedures, and Guidelines
- U.S. compliance laws and regulations
- Access control security policy best practices
- IT security policy framework
- Examples of access control policies, standards procedures and guidelines
Security Breaches and the Law
- Laws to deter information theft
- Cost of inadequate front-door and first-layer access controls
- Access control failures
- Security breaches
Mapping Business Challenges to Access Control Types
- Access controls to meet business needs
- Solving business challenges with access control strategies
- Case studies and examples
Human Nature and Organizational Behavior
- The human element
- Organizational structure and access control strategy
- Job rotation and position sensitivity
- Requirement for periodic vacation
- Separation of duties
- Responsibilities of access owners
- Training employees
- Ethics
- Best practices for handling human nature and organizational behavior
- Case studies and examples
Access Control for Information Systems
- Access control for data
- Access control for file systems
- Access control for executables
- Microsoft Windows workstations and servers
- UNIX and Linux
- Supervisory Control and Data Acquisition (SCADA) and process control systems
- Best practices for access control for information systems
- Case studies and examples
Physical Security and Access Control
- Physical security
- Designing a comprehensive plan
- Biometric access control systems
- Technology-related access control solutions
- Outsourcing physical security – pros and cons
- Best practices for physical access control
- Case studies and examples
Access Control in the Enterprise
- Access Control Lists (ACLs) and Access Control Entries (ACEs)
- Access control models
- Authentication factors
- Kerberos
- Network access control
- Wireless IEEE 802.11 LANs
- Single Sign-On (SSO)
- Best practices for handling access controls in an enterprise organization
- Case studies and examples
Access Control System Implementations
- Transforming access control policies and standards into procedures and guidelines
- Identity management and access control
- Size and distribution of staff and assets
- Multilayered access control implementations
- Access controls for employees, remote employees, customers and business partners
- Best practices for access control implementations
- Case studies and examples
Access Control Solutions for Remote Workers
- Growth in the mobile work force
- Remote access methods and techniques
- Access protocols to minimize risk
- Remote authentication protocols
- Virtual Private Networks (VPNs)
- Web authentication
- Best practices for remote access controls to support remote workers
- Case studies and examples
Public Key Infrastructure and Encryption
- Public Key Infrastructure (PKI)
- Ensuring integrity, confidentiality, authentication and non-repudiation
- What PKI is and what it is not
- What are the potentials risks associated with PKI?
- Implementations of business cryptography
- Certificate Authorities (CA)
- Best practices for PKI use within large enterprises and organizations
- Case studies and examples
Testing Access and Control Systems
- Purpose of testing access control systems
- Software development life cycle and the need for testing software
- Security development life cycle and the need for testing security systems
- Information security activities
- Performing the access control system penetration test
- Preparing the final test report
Access Control Assurance
- What is the information assurance>
- How can information assurance be applied to access control systems?
- What are the goals of access control system monitoring and reporting?
- What checks and balances can be implemented?
- Audit trail and audit log management and parsing
- Audit trail and audit log reporting issues and concerns
- Security Information and Event Management (SIEM)
- Best practices for performing ongoing access control system assurance
- Case studies and examples
Access Control, Authentication And Public Key Infrastructure Training FAQs
IT Auditors
IT Managers
Information Security Analysts
Information Security Managers
System Administrators
Yes! The following labs are included in this course.
Configuring an active directory domain controller
Managing Windows accounts and organizational units
Configuring Windows file system permissions
Managing group policy objects in active directory
Configuring Windows firewall
Managing Linux accounts
Configuring Linux file system permissions
Encrypting and decrypting files with PKI
Authenticating security communications with digital signatures
Encrypting and decrypting web traffic with HTTPS
“LOTS of information, but the instructor helped break it down into a palatable and easily consumable format. The class delved into areas that are relevant to my work, although I don’t always have to engage in the level of detail. It was helpful to understand the background knowledge of these elements so that I can have a full scope of this aspect of security. ” Student from September 2019
“[The instructor] was very instrumental in providing solutions to myself to take back and implement. Highly interactive discussions, which kept us all involved. ” Student from September 2019
BONUS! Cyber Phoenix Subscription Included: All Phoenix TS students receive complimentary ninety (90) day access to the Cyber Phoenix learning platform, which hosts hundreds of expert asynchronous training courses in Cybersecurity, IT, Soft Skills, and Management and more!
Phoenix TS is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints re-garding registered sponsors may be submitted to the National Registry of CPE Sponsors through its web site: www.nasbaregistry.org
![[GSA LOGO]](http://13.64.56.230/wp-content/themes/phoenixts-com/assets/images/gsa-logo-black.png){kind=logo}
