|
Week - 1 |
What is security infrastructure? Differences between security management and auditing. Information security principles (confidentiality, integrity, availability). |
|
Week - 2 |
Introduction to corporate security policies, ISO 27001 and other information security standards. Policy creation processes. |
|
Week - 3 |
Inventory of IT assets, identification of critical assets, basic risk analysis methods. |
|
Week - 4 |
Audit types (internal/external), audit planning, checklists and reporting processes. |
|
Week - 5 |
Control of network devices (routers, switches, firewalls). Network segmentation, control of IDS/IPS systems. |
|
Week - 6 |
Review of security settings of operating systems and servers, log analysis. |
|
Week - 7 |
Authorization and authentication controls. LDAP, Active Directory and IAM solutions. |
|
Week - 8 |
Checking that systems are up to date. Use and follow-up of automated patch management tools. |
|
Week - 9 |
Assessment of the security status of clients. Control of antivirus and EDR solutions. |
|
Week - 10 |
Physical access control, data center security, CCTV, fire and environmental threats. |
|
Week - 11 |
SIEM systems, log collection, correlation and security breach notification processes. |
|
Week - 12 |
Backup strategies, testing, auditing of disaster recovery scenarios. |
|
Week - 13 |
Employee safety, social engineering audits, awareness trainings. |
|
Week - 14 |
Holistic implementation of the topics covered in all weeks through a real corporate scenario, sample reporting study. |
Eskisehir Technical University Info Package