|
Management Summary
The OPSE course is based on the Open Source Security Testing Methodology Manual (OSSTMM). OSSTMM is the international standard for testing and measuring operational IT security. Furthermore, OSSTMM is used in addition to international standards like BS7799, SOX and BSI.
In the OPSE course the students will be familiarised with the content and functioning mode of the OSSTMM methodology so as to understand how to use it within projects. At the end of the OPSE course, the participants will know how OSSTMM audits are carried out and will be qualified for the management of larger OSSTMM projects. In addition, students will learn about the use of the OSSTMM methodology during the design phase of projects so as to be able to incorporate security measures in projects from the beginning. The OPSE course gives students an overview of the major security standards (ISO 17799-2000, BS7799, BSI, SOX) and they learn about the current trends and challenges in the field of IT security.
The course is carried out in cooperation with the company Dreamlab Technologies AG (www.dreamlab.ch).
Objective
The students will be prepared for the official OPSE certificate exam. This exam is recognised by the Institute for Security and Open Methodologies (ISECOM) and the University of La Salle in Barcelona. Unlike the OPST and OPSA exams it is not an open book exam.
- Security Consultants
- Project managers
- Decision makers and management staff
- General overview on information security
- The OSSTMM methodology
- The six sections of OSSTMM (with many practical examples)
- International best practices and standards
- OSSTMM rules of engagement
- Security governance
- Security policies
- A large number of practically orientated cases of security relevant errors
- Basics of security testing and consulting
- OSSTMM application
- Ethics and legal aspects in the field of IT Security Testing
- Risk assessment strategies
- Legal conditions and data protection
- Verification und validity of security tests
- Basics of security measurement
- OSSTMM Risk Assessment Values (RAV)
- Security project management
- Steps involved in OSSTMM projects and project management
- The OSSTMM project roles OPST, OPSA und OPSE
- Calculation and controlling of OSSTMM project plans, OSSTMM rules of thumb
- Basics of OSSTMM project
- OSSTMM reporting
- Basic knowledge in the use of computers and the functioning mode of networks
- Knowledge of standard services such as email, Web and collaborative tools in the corporate environment
- Interest in technicaI interferences and their impact on IT security
5 days
Course language:
The course language is usually german. If it is a common wish of participants, the course can be given in English or French (e.g. for company-internal courses.)
Documentation:
The participants receive a comprehensive documentation (official ISECOM courseware).
Agenda:
5 days
Monday to Friday 8 am to 12 am and 1.30 pm to 6 pm
The official OPSE exam will take place on the last afternoon of the course.
Certification Exam:
The exam to become «Certified OSSTMM Professional Security Expert» (OPSE) accredited by ISECOM is part of the course.
Exam: The exam lasts four hours and candidates will not be allowed to use any help resources. The purpose of the exam is to check the acquired theoretical knowledge on the subject.
Course form:
The course is carried out as a combination of presentation and workshop. The individual modules are initiated by an introductory presentation. They are then extended by a various "live" demonstrations / exercises.
Course fee:
The course fees include the documentation, as well as refreshment during intervals and lunch.
The course can also be carried out as an On-Site course on the premises of your company !
|
