Practitioner Certificate in Information Assurance Architecture

By the end of this training, you will have learnt to consider, design, and implement architecture relevant to cyber security operations.

Intermediate-level information security practitioners who wish to learn the knowledge and skills required to apply suitable architectures to information security requirements. Example roles might include:

• System administrators and technical architects who wish to become security architects
• Information security consultants
• Cyber security practitioners
• Individuals who have information security and information assurance responsibilities.

• Describe the business environment and the information risks that apply to systems.
• Present and apply security design principles.
• Identify information risks that arise from potential solution architectures.
• Design alternate architectures or countermeasures to mitigate identified information risks.
• Ensure proposed architectures and countermeasures adequately mitigate identified information risks.
• Apply ‘standard’ security techniques and architectures to mitigate security risks.
• Develop new architectures that mitigate the risks posed by new technologies and business practices.
• Explain Information Assurance and architectural problems.
• Security configure ICT systems in compliance with their approved security architectures.

Ideally, experience of working in an information security or an information assurance role and have undertaken the BCS Certificate in Information Security Management Principles (CISMP) exam and/or training.

Knowledge of:

• Network components, their operation and appropriate network security controls and methods.
• Understanding of risk assessment, mitigation, and management methods.
• Principles of information security and privacy.
• Information security related threats and vulnerabilities.
• The likely operational impact on an organisation of information security breaches.
• Information security authentication, authorization, and access control methods.
• Vulnerabilities in applications and their likely impact.
• Capabilities and applications of network equipment.
• Computer programming principles.
• Cryptography and cryptographic key management concepts.
• Data administration and data standardization policies.
• Human-computer interaction principles.
• Information security and privacy principles as they apply to software development.
• Information security and privacy principles and organisational requirements.
• IT security principles and methods.
• Programming language structures and logic.
• Supply chain risk management standards, processes, and practices from an information security perspective.
• Network security architecture concepts.
• Information security architecture concepts and reference models.
• Industry standard security models and their effective application.
• System administration concepts for operating systems used by the organisation.
• Data security standards relating to personally identifiable information.
• Best practice IT risk management methodologies.
• An organisation’s information security data classification requirement.
• Information security vulnerabilities across a range of industry standard technologies.
• Access authentication methods.
• Network hardware devices and functions.
• Information security systems engineering principles and standards used by the organisation.
• System design tools, methods, and techniques, including automated systems analysis and design tools.
• Software related IT security principles and methods.
• Operating system structures and internals.
• Engineering concepts as applied to computer architecture and associated computer hardware/software.
• System software and organisational design standards, techniques, and methods.

This training can be tailored to an industry or for a defined audience, with various durations. Example topics typically include:

Introducing Enterprise Architecture

• Security Architecture in a Cloud Based Environment

Fundamentals of Information Assurance Architecture

• Role of the architect
• Relationship with enterprise architecture
• Architectural frameworks
• Design principles
• Architectural concepts and language
• Design patterns and concepts

Architectural Concepts

Security Services

• Core and extended tenets of security
• Multi-level security (MLS)
• Systems management
• Separation of systems
• Identification and authentication
• Access control
• Auditing and alerting
• Content control including antimalware and data loss prevention
• Cryptographic services

Security Mechanisms

• Functions of network technologies
• Countering threats (VLAN, Packet Filter, firewalls)
• Functions of network and host defense mechanisms
• Function of different directory services
• Functions of different cryptographic techniques
• Intent, problem, solution, and consequence: Initial Requirements

Security Design

• Virtualization, Cloud
• Industrial Control Systems (including Operational Technology)
• Threat modeling
• Mobile platforms
• Resilience and recovery
• Selection of security mechanisms
• Threat modelling and design patterns
• OWASP, PCI-DSS and other standards
• Diagrams and design concepts

Information Assurance Architecture

• Methodologies
• Importance of business needs, ensuring security aligns with business goals and objectives
• Security aspects of mergers, acquisitions, and divestments
• Organisational risk culture
• Requirements for continuous improvement
• IAA principles to modify levels of risk
• Maturity models
• Vulnerability assessment
• Penetration testing
• Interpretation of output report

Business Associations

• Change
• Risk and security metrics
• ROI, ROSI
• Inherent risks in software
• System hardening
• Code hardening and standards
• Maturity models
• Business links
• Terms of reference
• Communications
• Internal stakeholders (teams)
• Engineering teams
• Design
• Artefacts at conceptual, logical, physical layers
• Traceability
• Testing
• Audit
• Accountability
• Guidance sources
• Coding, and standards
• GOTS/COTS considerations

Practical

• Tools
• Using design tools

Exam Preparation