Lessons

COURSE OVERVIEW

Organizations require people with the skills to make decisions to secure information systems based on best practices, standards, and industry recommendations. Security architects fill this need. These skilled cybersecurity professionals design and implement secure architectures and translate business processes and risk into policy and implementation rules.

Cybersecurity Specialization: Architecture and Policy provides an overview for designing and deploying a security architecture. In this course, you will integrate security policies across network, application, information, and access control architectures as well as cloud and hybrid cloud models. You will review and implement industry standard best practices and policies (NIST, etc.), along with standard architecture framework models.

The course uses a challenge-based design that focuses on what a learner should be able to do at the end of the course and back on the job. The practice opportunities and challenge activities resemble—as much as possible—tasks the learner would be asked to perform in a real-life situation.

WHAT YOU'LL LEARN

• Security architect’s role in the security lifecycle
• Use recognized frameworks to support controls and reduce risk
• Capture security requirements for network, application, data, and access control architectures
• Design appropriate access controls based on the mission of the organization including role based, task based, or other access controls
• Verify compliance to standards for an architecture
• Update an architecture to mitigate risk in response to a security auditor’s list of findings
• Establish security policy creation and management
• Design secure virtualized environments
• Identify components and concerns that might impact a cloud migration
• Examine options for incorporating key management into your architecture
• Document an architecture in an appropriate format representing requirements and domains

OUTLINE

Frameworks and the Lifecycles

• IT lifecycle management
• Frameworks
• Stakeholders
• Security policies

Design a Network Security Architecture

• Network segmentation
• Network components
• Practice: Identify network flows
• Industry best practices
• Roles and responsibilities

Design a Secure Application Architecture

• History of development
• The application architect
• Application architecture goals
• Service-oriented architecture (SOA)
• Modular framework development
• Authentication
• Patching
• Vulnerability testing

Design a Data Security Architecture

• Data architecture
• Classification of data
• Privacy
• Database security
• Encryption
• Big data
• Data architecture analysis
• Data architecture influences

Design an Access Control Security Architecture

• Identity and access management
• Access control policy
• Access control models
• Centralized access control
• Bring your own device
• Access reviews

Update a Security Architecture

• Impact of change
• Life cycle management
• Architecture changes

Document a Security Architecture

• Documentation life cycle
• Input documentation
• Architecture documentation
• Output documentation
• Security requirements traceability matrix (RTM)

Examine Alternative Architectures

• Virtualization
• Cloud security architecture
• Shared responsibility
• Encryption
• Key management for cloud

Course Look Around

• Look back at what you learned
• Look ahead
• Consider additional training

LABS

Virtual Classroom Live Labs

• Challenge: Design a network security architecture
• Challenge: Design a secure application architecture
• Challenge: Design a data security architecture
• Challenge: Design an access control security architecture
• Challenge: Update a security architecture
• Challenge: Document a security architecture
• Challenge: Examine alternative architectures

WHO SHOULD ATTEND

Any mid-career or intermediate level person with an interest in security architecture and who has been in a cybersecurity role or organization for at least 2 years.

While security architect is typically a senior role in many organizations, Cybersecurity Specialization: Architecture and Policy is a mid-level course focused on building the skills a security architect will use on the job.

As such, the ideal candidate for this course will already have strong technical skills and experience in more than one technical area (for example, network infrastructure configuration, web services, and identity and access management), but may have more limited experience in cybersecurity.

They may have an interest in security architecture but no experience, or they may be performing some architecture tasks already as part of their job.

Cancellation Policy

We require 16 calendar days notice to reschedule or cancel any registration. Failure to provide the required notification will result in 100% charge of the course. If a student does not attend a scheduled course without prior notification it will result in full forfeiture of the funds and no reschedule will be allowed. Within the required notification period, only student substitutions will be permitted. Reschedules are permitted at anytime with 16 or more calendar days notice. Enrollments must be rescheduled within six months of the cancel date or funds on account will be forfeited.

Training Location

Online Classroom
your office

your city, your province
your country