EC-Council

E-BUSINESS SECURITY
http://www.eccouncil.org

E-BUSINESS SECURITY
Authorized Training Center

telkom professional development center

Jl. Ir. H. Juanda (Dago) No.94 Bandung 40132 Indonesia Tlp. (022)2514008, 2514009, Fax : (022) 2514010 e-mail : info@telkompdc.com www.telkompdc.com

Get the e-Business training you need from the most qualified source, Authorized Training Center (ATC).

E-BUSINESS SECURITY
Introduction
Mergers, acquisitions, and multi-company collaboration are increasing the need to secure c r i t i c a l i n t e g ra t e d a p p l i c a t i o n s f r o m unauthorized use, both from external and internal sources. Todays e-business applications that support remote work forces, wireless access, corporate partnership programs, and CRM systems, among many others, are doing more than ever to increase effi ciency and improve relationships with partners and customers. Unfortunately, increasing the availability of corporate information also signifi cantly increases security risks. Find out what you can do to protect your infrastructure, without hindering your e-business efforts.

Course Outline
Module 1: Introduction to Information Security Understand what information security is and how it came to mean what it does today. Comprehend the history of computer security and how it evolved into information security. Understand the key terms and critical concepts of information security as presented in the chapter. Outline the phases of the security systems development life cycle. Understand the role professionals involved in information security in an organizational structure.

Course Details
Course Description In this course you will explore the security technique fundamentals involved in minimizing Ebusiness security risks. This course introduces you to concepts such as securing Web clients, servers, and communications. It also investigates the use of fi rewalls and digital certifi cates, and concludes with a look at legal issues including how to respond when security has been breached.

Module 2: The Need for Security Understand the business need for information security. Understand a successful information security program is the responsibility of an organizations general management and IT management. Understand the threats posed to information security and the more common attacks associated with those threats. Differentiate threats to information systems from attacks against information systems.

Who Should Attend Anyone who are interested in learning about security in e-Business framework.

Duration: 3 days (9:00AM 5:00PM)

Certifi cation This comprehensive course provides the knowledge and skills you need to pass the ECCouncil e-Business Security Exam 212-25. The 120minute examination will be conducted on the last day of the class at the training facility (Prometric registration is included).

Module 3: Legal, Ethical & Professional Issues in Information Security Use this chapter as a guide for future reference on laws, regulations, and professional organizations. Differentiate between laws and ethics. Identify major national laws that relate to the practice of information security. Understand the role of culture as it applies to ethics in information security.

Module 4: Risk Management: Identifying and Assessing Risk Defi ne risk management and its role in the SecSDLC. Understand how risk is identified. Assess risk based on the likelihood of occurrenc and impact on an organization. Grasp the fundamental aspects of documenting risk identifi cation and assessment.

Become familiar with what viable information security architecture is, what it includes, and how it is used.

Module 5: Risk Management: Assessing and Controlling Risk Recognize why risk control is needed in todays organizations. Know the risk mitigation strategy options for controlling risks. Identify the categories that can be used to classify controls. Be aware of the conceptual frameworks that exist for evaluating risk controls, and be able to formulate a cost benefit analysis when required. Understand how to maintain and perpetuate risk controls.

Module 7: Planning for Continuity Know what contingency planning is and how incident response planning, disaster recovery planning, and business continuity plans are related to contingency planning. Understand the elements that comprise a business impact analysis and the information that is collected for the attack profile. Recognize the components of an incident response plan.

Module 6: Blueprint for Security Understand managements responsibilities and role in the development, maintenance, and enforcement of information security policy, standards, practices, procedures, and guidelines. Understand the differences between the organizations general information security policy and the requirements and objectives of the various issue-specific and system-specific policies. Know what an information security blueprint is and what its major components are. Understand how an organization institutionalizes its policies, standards, and practices using education, training, and awareness programs.

Module 8: Security Technology Define and identify the various types of firewalls. D i s c u s s t h e a p p ro a c h e s t o f i re wa l l implementation. Discuss the approaches to dial-up access and protection. Identify and describe the two categories of intrusion detection systems. Discuss the two strategies behind intrusion detection systems.

Module 9: Physical Security Understand the conceptual need for physical security. Identify threats to information security that are unique to physical security. D e s c r i b e t h e ke y p h y s i c a l s e c u r i t y considerations for selecting a facility site. Identify physical security monitoring components. Grasp the essential elements of access control within the scope of facilities management. Understand the criticality of fire safety programs to all physical security programs.

Module 10: Implementing Security Understand how the organizations security blueprint becomes a project plan. Understand the numerous organizational considerations that must be addressed by the project plan. Grasp the significant role and importance of the project manager in the success of an information security project. Understand the need for professional project management for complex projects. Take in the technical strategies and models for implementing the project plan. Grasp the nontechnical problems that organizations face in times of rapid change.

Module 11: Information Security Maintenance Understand the need for the ongoing maintenance of the information security program. Become familiar with recommended security management models. Understand a model for a full maintenance program. Understand key factors for monitoring the external and internal environment. Learn how planning and risk assessment tie into information security maintenance. Understand how vulnerability assessment and remediation tie into information security maintenance. Learn how to build readiness and review procedures into information security maintenance.

What is a substantial tax nexus? What is a mail-order transaction? What is the Commerce Clause test for state tax purposes? What constitutes state tax jurisdiction? Physical Presence Nexus Test for ECommerce Tax Purposes. Renting an office or a warehouse in the taxing state. Nexus by attribution trade shows where employees or agents take orders from customers in the taxing state. Web merchants server. Maintaining inventory in a taxing state taxation of digital products. Software licensing by an out-of-state licensor to licensee in a state with a sales tax. Web merchants agent in the foreign state. Market maintenance theory. Internet Tax Freedom Act of 1998. Purpose of the act. Advisory Commission on Electronic Commerce. International Internet Taxation. Organization of Economic Cooperation and Development Initiatives Committee on Fiscal Affairs Report, 1998. Neutrality. Efficiency. Effectiveness and fairness. Flexibility. Certainty and simplicity. The permanent establishment problem. OECD guidelines on defining permanent establishment. National initiatives defining permanent establishment. Germany. India. United Kingdom. European Union Value Added Tax (VAT) on Internet sales.