Description

Make known the risks and consequences of a user action affecting the security of the information system. Explain and justify the security constraints imposed by the security policy. Discover and understand the main solutions put in place in the company.

Who is this training for ?

For whom ?

All users having access to the information system via a computer station.

Prerequisites

Training objectives

Understand the typology of risks linked to IS security and the possible consequences

Identify measures to protect information and secure your workstation

Foster the conduct of the company's IS security policy

Training program

• IT security: understanding the threats and risks
  • Introduction: General framework, what do we mean by IT security (threats, risks, protection)? How negligence can create a disaster.
  • Some examples.
  • Responsibility.
  • The components of an IS and their vulnerabilities.
  • Client and server operating systems.
  • Service networks enterprise (premises, site-to-site, Internet access).
  • Wireless networks and mobility.
  • Applications at risk: Web, messaging.
  • Basic data and file system.
  • Threats and risks.
  • Sociology of hackers.
  • Underground networks.
  • Motivations.
  • Typology of risks.
  • Cybercrime in France.
  • Vocabulary (sniffing, spoofing, smurfing, hijacking.
  • ).
• Information protection and workplace security
  • Vocabulary.
  • Confidentiality, signature and integrity.
  • Understand the constraints linked to encryption.
  • General diagram of cryptographic elements.
  • Windows, Linux or MAC OS: which is more secure? Management of sensitive data.
  • The problem with laptops.
  • What threat to the client computer? Understand what malicious code is.
  • How to manage security vulnerabilities? The USB port.
  • The role of the client firewall.
• User authentication and external access
  • Access controls: authentication and authorization.
  • Why is authentication essential? The traditional password.
  • Authentication by certificates and token.
  • Remote access via the Internet.
  • Understanding VPNs.
  • The benefits of strong authentication.
• How to get involved in IT security
  • Analysis of risks, vulnerabilities and threats.
  • Regulatory and legal constraints.
  • Why my organization must comply with these security requirements.
  • The key people in security: understanding the role of the CISO and the Risk manager.
  • Acting for better security: Social and legal aspects.
  • The CNIL, the legislation.
  • Cybersurveillance and the protection of privacy.
  • The charter for the use of IT resources.
  • Everyday security.
  • Good reflexes.
  • Conclusion.