Skip Navigation
(ISC)² Security Congress 2019

(ISC)² Security Congress 2019

 

Security Architecture Development



Course Description

Security Architecture Development is designed for information security professionals involved with enterprise-wide security planning or acquisition of systems and software that contain information security components. This course is designed to deliver an understanding of key security architecture concepts and implementation. This course overlaps with the Information Systems Security Architecture Professional (ISSAP) certification; however, the focus does not fully align with the certification syllabus.

Presentation: The facilitator will explain content to participants using PowerPoint to guide the presentation. Multiple examples will be used to clarify points.

Short Lecture/Discussion: The facilitator will engage participants in conversation by asking questions and encouraging them to respond. Participants will be encouraged to provide examples from their experience.

Individual/Group Activity: Participants will work in small teams or individually to study example problems and develop solutions based on course content. The facilitator will debrief with the entire class at the end of the activity.

Course Objectives

After completing this workshop, participants will be able to:

    1. Understand the value of enterprise architecture and security architecture to the enterprise security posture and security investment strategy.

    2. Identify and understand the benefits and limitations of common enterprise and security architecture frameworks.

    3. Identify security-relevant functions within information technology systems and relationships between security functions resident within multiple systems in the environment.

    4. Understand and execute security requirement generation and allocation between multiple systems or system components for security-relevant functions.

    5. Understand enterprise-level threat modeling and risk analysis and relate organizational risk to investments in security systems or functions.

    6. Understand critical organizational and engineering processes to control the implemented security architecture and verify that it is consistent with the design architecture.


Course Outline

Day 1: Security Architecture Unraveled:

  • Module 1: Introduction to Security Architecture

  • Module 2: Enterprise Architecture Frameworks

  • Module 3: Security Architecture Frameworks

  • Module 4: Activity: Defining Relationships Using Architectural Descriptions

  • Module 5: Threat Modeling and Risk Analysis

  • Module 6: Security Requirements Generation

  • Module 7: Organizational Analysis

  • Module 8: Activity: Defining the Problem and Scoping a Solution


Day 2: Systems Security Engineering Phases
  • Module 1: Case Studies

  • Module 2: System, Service, and Function Discovery

  • Module 3: Allocating Security Functions and Requirements

  • Module 4: Activity: Allocating Security Requirements Across the Enterprise

  • Module 5: Controlling Critical Functional Relationships

  • Module 6: Constructing the Security Architecture

  • Module 7: Activity: Putting It All Together



Who should attend?

Information system security professionals or developers involved with IT systems resourcing, requirements, design, or development. The focus of this course is targeted towards the chief information officer (CIO) or their staff, the chief information security officer (CISO) or their staff, enterprise architects, security architects, and security engineers. Participants should include individuals managing multiple IT systems or information security systems.

Requisite Skills

The ideal candidate should have experience, skills, or knowledge in: 

  • Information risk management

  • System or software design

  • System or software development

  • Enterprise IT acquisition




Instructor:

Kevin StoffellKevin Stoffell, CISSP-ISSAP, ISSEP, ISSMP, CCSP, CAP

Title: Authorized (ISC)² Instructor

Professional Profile: Mr. Stoffell is currently a Cyber Security Architect with the Cyber Architecture and Advisory Services division of the Cyber Innovation Unit at the Battelle Memorial Institute. He has over 20 years of experience in information systems operations and information systems security in academia, military, and commercial environments. Mr. Stoffell assists both Federal and commercial clients with the evaluation, design, and implementation of effective Cyber Security Architectures and the characterization of Cyber-related risk based on both specific and general threat scenarios. He also performs architecture analysis and security auditing functions for a diverse set of clients Mr. Stoffell has been an Authorized (ISC)² Instructor since 2009 and incorporates his experience as an active security practitioner into his instructional delivery.

Education and Credentials:

  • M.S. Electrical Engineering, Naval Postgraduate School
  • B.S. Computer Engineering, University of South Carolina
  • Certified Information System Security Professional
  • Information System Security Architecture Professional
  • Information System Security Engineering Professional
  • Information System Security Management Professional
  • Certified Cloud Security Professional
  • Certified Authorization Professional



Outlook Outlook
iCal iCal
Google Google
Yahoo! Yahoo!
MSN MSN

Exhibits & Sponsors

Event Sponsors

Become a Sponsor

Downloads & Media

Videos

Blog

 
(ISC)²
Copyright © 2019. (ISC)², Inc. All Rights Reserved.

Top