Skip to main content
Information Security in Corporate Security

Information Security in Corporate Security

$199.00
When you get access:
Course access is prepared after purchase and delivered via email
Toolkit Included:
Includes a practical, ready-to-use toolkit containing implementation templates, worksheets, checklists, and decision-support materials used to accelerate real-world application and reduce setup time.
Who trusts this:
Trusted by professionals in 160+ countries
Your guarantee:
30-day money-back guarantee — no questions asked
How you learn:
Self-paced • Lifetime updates
Adding to cart… The item has been added

This curriculum spans the design and operational execution of enterprise security programs, comparable in scope to a multi-phase advisory engagement covering governance, technical controls, and human factors across complex organisational environments.

Module 1: Security Governance and Risk Management Frameworks

  • Establishing a risk register aligned with ISO/IEC 27005 and NIST SP 800-30, including asset valuation and threat likelihood scoring.
  • Defining board-level reporting metrics for security posture, such as mean time to detect (MTTD) and percentage of critical systems under continuous monitoring.
  • Conducting third-party risk assessments for vendors with access to sensitive data, including contract clauses for audit rights and breach notification timelines.
  • Implementing a formal risk acceptance process requiring documented sign-off from business owners and CISO for exceptions to security policy.
  • Aligning security controls with business objectives by mapping control implementation to operational impact and regulatory requirements.
  • Designing an information classification schema (e.g., Public, Internal, Confidential, Restricted) and enforcing labeling and handling procedures across departments.

Module 2: Identity and Access Management (IAM) Architecture

  • Deploying role-based access control (RBAC) with periodic access reviews, including automated deprovisioning for terminated employees.
  • Integrating privileged access management (PAM) solutions for just-in-time elevation and session recording of administrative accounts.
  • Implementing multi-factor authentication (MFA) across all remote access points, with fallback mechanisms for high-availability systems.
  • Designing federated identity systems using SAML or OIDC for secure cross-domain access with partners and cloud providers.
  • Enforcing least privilege by analyzing user entitlements and removing excessive permissions through access certification campaigns.
  • Managing service account lifecycle, including rotation of credentials and monitoring for anomalous usage patterns.

Module 4: Network and Endpoint Security Deployment

  • Segmenting corporate networks using VLANs and firewalls to isolate critical systems (e.g., HR, finance) from general user traffic.
  • Deploying next-generation firewalls with deep packet inspection and application-aware rules to block command-and-control traffic.
  • Enforcing device compliance through endpoint detection and response (EDR) agents, including real-time threat hunting capabilities.
  • Configuring host-based firewalls and disabling unnecessary services on workstations and servers according to CIS benchmarks.
  • Implementing DNS filtering to prevent access to known malicious domains and phishing sites at the resolver level.
  • Managing secure remote access via zero trust network access (ZTNA) instead of traditional VPNs for contractor and third-party access.

Module 5: Incident Response and Threat Intelligence Operations

  • Developing and maintaining a cyber incident response plan with defined roles, communication trees, and escalation paths.
  • Conducting tabletop exercises simulating ransomware, data exfiltration, and insider threat scenarios with legal and PR stakeholders.
  • Integrating threat intelligence feeds (e.g., STIX/TAXII) into SIEM systems to enrich alerts with contextual indicators of compromise.
  • Establishing a secure evidence chain for forensic data collection, including disk imaging and memory dumps under legal hold procedures.
  • Coordinating with law enforcement and regulatory bodies during active breaches, including timely reporting under GDPR or HIPAA.
  • Performing root cause analysis post-incident and updating controls to prevent recurrence, documented in a formal after-action report.

Module 6: Data Protection and Encryption Strategies

  • Implementing data loss prevention (DLP) systems to monitor and block unauthorized transfers of sensitive data via email, web, or USB.
  • Deploying full-disk encryption on all corporate laptops and enforcing pre-boot authentication with recovery key escrow.
  • Using tokenization or masking for production data used in non-production environments to prevent exposure during testing.
  • Applying application-layer encryption for sensitive fields (e.g., SSNs, credit card numbers) in databases and APIs.
  • Managing cryptographic key lifecycle using hardware security modules (HSMs) with separation of duties for key generation and access.
  • Classifying data at rest and in transit to determine appropriate encryption standards (e.g., AES-256, TLS 1.3) based on sensitivity.

Module 7: Security Awareness and Insider Threat Programs

  • Designing role-specific security training content for executives, developers, and finance teams based on risk exposure.
  • Conducting simulated phishing campaigns with follow-up coaching for users who fail, tracked over time for improvement.
  • Monitoring privileged user activity for anomalies using UEBA tools to detect potential data exfiltration or sabotage.
  • Establishing a confidential reporting channel for employees to report suspicious behavior without fear of retaliation.
  • Integrating HR offboarding procedures with IT to ensure immediate revocation of access upon termination.
  • Assessing organizational culture factors that may contribute to insider threats, such as employee dissatisfaction or burnout.

Module 8: Compliance, Audits, and Continuous Monitoring

  • Preparing for external audits (e.g., SOC 2, ISO 27001) by maintaining documented evidence of control implementation and testing.
  • Configuring SIEM systems to aggregate logs from critical systems and generate alerts based on correlation rules for suspicious activity.
  • Performing regular vulnerability scans and prioritizing remediation based on exploitability and asset criticality.
  • Implementing file integrity monitoring (FIM) on system-critical files and configuration files to detect unauthorized changes.
  • Conducting internal compliance assessments to validate adherence to internal policies and regulatory mandates.
  • Establishing a continuous improvement cycle for security controls using metrics such as patch latency and control coverage gaps.
!