CODE

SESI

TITLE

SECURITY OF INFORMATION SYSTEMS

DURATION

1 day

CONTENT OVERVIEW

C01  Aspects and stakes of the security

o        Definitions.

o        Various aspects of the security. Typology of risks.

o        Examples in each category of the typology.

o        Stakes and issues of security.

o        Identifying the risks.

o        Ensuring availability. Ensuring integrity. Ensuring continuity. Ensuring control of evidence and non-repudiation of transactions.

C02  Costs and modes of action

o        Costs.

o        Action plan. The role of the ISSM.

o        Standards: ISO 2700x.

o        Trends.

C03  Disaster Recovery Plan and Business Continuity Plan

o        Key processes in security.

o        Disaster recovery Plan.

o        Business Continuity Plan.

o        Case Study: Flooding in Goodwater.

C04  Security and e-commerce

o        The need for security.

o        Payment security. SET and 3-D Secure. Electronic purse.

o        Trends.

C05  Cryptography and cryptanalysis

o        Definitions, theory and practice.

o        Evolution of legislation.

C06  Security architectures

o        Private key encryption.

o        Public key encryption. 

o        PGP

o        Implementation of a PKI architecture.

C07  Networks security

o        Network vulnerability and IS security.

o        Modes of attack.

o        Defences.

o        Standard procedures for a Windows 200x network

o        Evolution. Example of the Cisco SAFE architecture.

C08  Personal behaviour

o        Fundamentals.

o        Best practices.

C09 Appraisal and perspectives.

REFERENCES

It is regularly taught in the framework of the Executive MBA « Leadership, innovation and managing people ». This MBA was built up in partnership by the IAE of Aix-en-Provence, the Institute of Social Management, Telecom SudParis -Telecom Management School and Ecole Nationale Supérieure des Arts et Métiers. 

OBJECTIVES

The business activity is inherently risky. Some risks, endogenous, are in the nature of the business. Others are exogenous factors that are disruptive to the smooth running of business. The effect of such events is accentuated by the new management practices that emphasize interdependence and the minimization of safety fences in space (stocks) and time (lead times).

These reductions were made possible by the ability to have accessible and continuously updated information in real time. The reliability of the information system has therefore become a key element.

This course aims to educate IT professionals and users to the concern of security of information systems. At the end of the training, each trainee should:

·        have identified the main risks threatening the smooth operation of an information system;

·        have identified the various modes of possible actions to reduce risk, mitigate their impact and remedy their consequences.

WHO IS THIS COURSE FOR?

Vocational professional training :

·        Managers in charge of the prescription, design, development, deployment, implementation and evaluation or audit of information systems, faced with the security dimension of these systems.

·        Project managers having to provide appropriate solutions for security and business continuity in the scope of the IS projects they are responsible.

Initial training:

·         Students from « Grandes Ecoles » (Engineering, commerce and management ;

·        Students with a master's degree embarked into university studies addressing the issues of information systems and/or computing sciences.