GIAC - Firebrand's training for GIAC's Security Leadership | GSLC

Curriculum

802.11

Understand the misconceptions and risks of 802.11 wireless networks and how to secure them.

Access Control and Password Management

Build knowledge of the fundamental theory of access control and the role of passwords in controlling access to systems.

Building a Security Awareness Program

Gain an understanding of the critical elements of creating and managing a Security Awareness Program.

Business Situational Awareness

Familiarise yourself with the concept of situational awareness and the fundamental sources of information that lead to business situational awareness.

Change Management and Security

Develop the skills to identify the signs of poor change management, understand the risks to the organisation, and develop a program to improve operations.

Computer and Network Addressing

Get an understanding of how computers have a variety of names and addresses on a network and this must be managed.

Cryptography Algorithms and Concepts

Learn and understand several crypto algorithms and the concepts behind secure ciphers.

Cryptography Applications, VPNs and IPSec

Learn how cryptography can be used to secure a network and how Pretty Good Privacy (PGP) works, and be introduced to VPNs, IPSec and Public Key Infrastructure (PKI).

Cryptography Fundamentals

Build a basic understanding of the fundamental terminology and concepts of cryptography.

Defense-in-Depth

Understand the terminology and concepts of Risk and Defense-in-Depth, including threats and vulnerabilities.

Defensive OPSEC

Learn what OPSEC is and the techniques used in defensive Operational Security.

Disaster Recovery / Contingency Planning

Develop the skills to lead the BCP/DRP team and realistically plan for Business Continuity and Disaster Recovery.

DNS

Learn how the Domain Name System (DNS) works, common attacks against DNS, and what can be done to defend against those attacks.

Endpoint Security

Understand the issues related to defending Windows desktops and laptops.

Facilities and Physical Security

Develop the ability to articulate the needs of the information technology and security program to the parts of the organisation responsible for facilities and physical security.

General Types of Cryptosystems

Get an understanding of the three general types of cryptosystems.

Honeypots, Honeynets, Honeytokens, Tarpits

Build knowledge of basic honeypot techniques and common tools used to set up honeypots.

Incident Handling and the Legal System

Learn basic legal issues in incident and evidence handling.

Incident Handling Foundations

Understand the concepts of incident handling and the six-step incident handling process.

Information Warfare

Develop familiarity with the theory and techniques of information warfare.

IP Terminology and Concepts

Understand the terminology and concepts of IP protocols and how they support the Internet.

Logging

Gain an understanding of how logging works, options for collection and processing and the uses for correlation technology.

Malicious Software

Learn to articulate what malicious code is, the common types of malicious code, how it propagates, and why it is such an expensive problem.

Manager's Guide to Assessing Network Engineer

Assess the ability of a network engineer to understand network traffic.

Managerial Wisdom

Build a working knowledge of the most effective business techniques from the most acclaimed books.

Managing Ethics

Develop a familiarity with ethical issues and guidelines pertaining to IT security.

Managing Intellectual Property

Learn to identify and protect intellectual property and intangible assets.

Managing IT Business and Program Growth in a Globalised Marketplace

Develop knowledge of the key factors affecting globalisation and the fundamental principles to managing an IT business and achieving sustainable growth

Managing Legal Liability

Learn how to use due diligence to manage an organisation's legal liability with emphasis on fraud and IT issues.

Managing Negotiations

Gain familiarity with guidelines for sound negotiation practices.

Managing PDA Infrastructure

Understand the critical issues related to data stored on Personal Digital Assistant devices.

Managing Privacy

Gain an understanding of the privacy concerns that customers typically have and solutions that can be used to maintain privacy of data.

Managing Security Policy

Develop the skills to assess current policy, identify overall security posture of organisation, ensure that existing policy is applicable to organisation's needs and modify policy as required.

Managing Software Security

Learn to build security into the software development process.

Managing Technical People

Practice techniques that can be used to communicate with and manage technical staff.

Managing the Mission

Understand how mission statements and policy keep organisations on track and how security relates to the mission.

Managing the Procurement Process

Gain knowledge of the management responsibility for vendor selection through the primary phrases of the procurement process and learn how to provide oversight into requirements analysis, price paid, and analysis of ROI.

Managing the Total Cost of Ownership

Understand how to apply TCO to analyse proposed solutions over their entire life cycle as well as be able to identify main areas of cost for a given project.

Methods of Attack

Get an introductory understanding of the most common attack methods and the basic strategies used to mitigate those threats.

Offensive OPSEC

Gain an understanding of OPSEC principles and offensive OPSEC techniques.

Project Management For Security Leaders

Familiarise yourself with the terminology, concepts and five phases of project management and the role of a Project Management Office in IT/IT Security.

Quality

Learn the basics of continuous product improvement and Deming's 14 points.

Risk Management and Auditing

Learn the skills to evaluate and manage risk.

Safety

Develop the ability to articulate the needs of the information technology and security program to the parts of the organisation responsible for safety.

Security and Organisational Structure

Gain an understanding of how security integrates into organisational structure and be familiar with guidelines for recruiting and hiring IT staff.

Security Frameworks

Get to grips with the basic structure and approach to implementation of COBIT and ISO 27002 as well as practical tools to help implement the standards.

Selling Security

Learn how to promote security improvements to other managers within their organisation.

Steganography

Understand the concepts and techniques behind steganography, steganographic tools and defensive techniques.

The Intelligent Network

Develop an understanding of the differences between a typical traditional network design and the new components that are part of an intelligent network.

The Network Infrastructure

You will develop the ability to communicate the fundamental technologies and concepts that describe LAN and WAN network infrastructure.

Vulnerability Management - Inside View

Learn common approaches used to gather network intelligence from organisations using commonly available tools and methods directly from the system.

Vulnerability Management - Outside View

Understand the common approaches used to gather network intelligence from organisations using commonly available tools and methods across a network.

Vulnerability Management - User View

Learn to factor in the impact the user can have on an organisation's risk posture.

Web Communications and Security

An introduction to web application communications, security issues, and defenses.

Wireless Advantages and Bluetooth

Understand the advantages that make wireless technology ubiquitous and be introduced to Bluetooth wireless technology.