Course Descriptions 130 - Introduction to Information Technology Security (ITS) (2 days) This informative two-day course will help you understand and apply the basic concepts and principles of Information Technology Security (ITS) and will identify current and future ITS initiatives. Outline: Overview of Information Technology Security (ITS) including confidentiality, integrity, availability, accountability, and assurance. The objective and scope of the Government Security Policy. Introduction to Threat/Risk Assessments (TRA). Threat scenarios and demonstrations. ITS fundamentals and principles such as security policy, LAN and WAN security, Internet security, Cryptography and key management. Overview of firewalls and network security. Current and future ITS initiatives such as the Public Key Infrastructure (PKI), and Electronic Authorization and Authentication (EAA). Audience: Persons responsible for security in the development, operation or maintenance of information technology, as well as staff members with more general security roles, such as ITS coordinators and security officers. Prerequisite: None Fees: $375 - Federal Sector $475 - Non-federal Sector Instructors: CSE ITS Staff APPLICATION FORM | 97/98 SCHEDULE | GENERAL INFO 210 - STU-III Keying Concepts and Key Ordering (1 day) Uncover the concepts of STU-III keying, key ordering procedures and other services provided by the Canadian Key Management System (CKMS) at CSE. Outline: Overview of the Canadian Key Management System (CKMS). STU-III keying concepts. Roles and responsibilities of the Key Management Authority (KMA). Preparation and submission of key orders to the CKMS. Rekeying. Visit to the CKMS facility. Audience: Representatives from federal government departments and agencies who perform the duties of the COMSEC Custodian, STU-III User Representative, or STU-III Key Management Authority. Prerequisite: Department or Agency must have a COMSEC account. Fees: None Instructors: CSE ITS Staff Note: This course is only available to Government of Canada employees. APPLICATION FORM | 97/98 SCHEDULE | GENERAL INFO 220 - Use of a STU-III (1 day) In this hands-on session you will learn how to program and use a STU-III. You will also acquire sufficient knowledge to return to your organization and train your departmental users of the STU-III. Outline: Installation of the Motorola STU-III Sectel 1500 or the AT&T STU-III 1100. Programming of either the Motorola or AT&T STU-III. Operation of the Motorola or AT&T STU-III. Audience: Representatives from federal government departments and agencies whose duties include COMSEC Custodian, Key Management Authority, or STU-III User Representative. Prerequisite: None Fees: None Instructors: CSE ITS Staff Note: This course is only available to Government of Canada employees. APPLICATION FORM | 97/98 SCHEDULE | GENERAL INFO 230 - COMSEC Custodian (2 days) In two intensive days you will develop and sharpen the appropriate skills and knowledge required to perform your custodial duties. Outline: COMSEC material accounting and control procedures. Roles and responsibilities of custodial personnel. Awareness of the COMSEC environment. COMSEC terminology, concepts and policies. Overview of COMSEC material packaging and handling policies and procedures. Audience: Representatives from federal government departments and agencies who are COMSEC Custodians, Alternate COMSEC Custodians, Designated COMSEC Authorities and other interested staff. Prerequisite: STU-III Keying Concepts (course 210) and Department or Agency must have a COMSEC account. Fees: None Instructors: CSE ITS Staff Note: This course is only available to Government of Canada employees. APPLICATION FORM | 97/98 SCHEDULE | GENERAL INFO 320 - Network Security ( 3 days - 3rd day is optional) This course will provide you with a solid foundation in the fundamentals of network security, including familiarization with the security services available in network operating systems, communication protocols and network applications. The optional third day will assist you with the application of a risk management methodology in the network context. Outline: Definition of network security and requirements for security. How to achieve confidentiality, integrity, availability, and accountability in a network environment. Discussion of the security services and mechanisms available in Novell NetWare 4.1, Windows NT 4, and Banyan Vines 6. Entrust: An example of application level security. Description of secure remote access approaches. X.500 security and how it is used in public key infrastructures. Security in TCP/IP based communications (SSL, PCT, IPv6, Kerberos and SNMP). Audience: Network Administrators or managers who recommend, manage and/or implement network security. Prerequisite: Basic technical understanding of network functionality and operation or equivalent knowledge on the subject. Fees: $475 for all 3 days, if only first 2 days are taken cost will be $375 - Federal Sector $575 for all 3 days, if only first 2 days are taken cost will be $475 - Non-federal Sector Instructors: CSE ITS Staff APPLICATION FORM | 97/98 SCHEDULE | GENERAL INFO 330 - Introduction to Internet Security (1 day) Interested in connecting to the Internet? This one-day course will provide you with an awareness of computer and network security in an Internet environment and provide you with an understanding of some of the security impacts of connecting to the Internet. Outline: Common Internet based applications and protocols (mail, ftp, WWW and ICMP) are discussed and some security weaknesses and vulnerabilities are highlighted and demonstrated. Common Internet available security tools and applications (firewalls, SATAN, COPS and sniffers) are discussed and demonstrated. Demonstrations of system and protocol limitations and vulnerabilities. Audience: Employees or managers with an interest in computer and/or network security. Prerequisite: None Fees: $250 - Federal Sector $325 - Non-federal Sector Instructors: CSE ITS Staff Note: On Janurary 13, 1998 this course is offered in English with simultaneous interpretation. APPLICATION FORM | 97/98 SCHEDULE | GENERAL INFO 340 - Internet Security Protocols and Firewalls (1 day) This leading-edge course uses a combination of exercises and discussion to assist you in understanding some of the security protocols and tools currently in use within the Internet community. Outline: Group exercises and course materials are used to discuss potential solutions to some known Internet security weaknesses. Security protocols (PEM, S/MIME, SSL), security applications (ENTRUST, PGP) , and firewalls are discussed. Audience: Recommended for technical people with an interest in computer, network, or Internet security. Prerequisite: Introduction to Internet Security (course #330) or equivalent knowledge. Fees: $250 - Federal Sector $325 - Non-federal Sector Instructors: CSE ITS Staff Note: On Janurary 14, 1998 this course is offered in English with simultaneous interpretation. APPLICATION FORM | 97/98 SCHEDULE | GENERAL INFO 410 - Introduction to Cryptography and its Applications (1 day) In one day, this course covers the basic concepts of cryptography and key management systems and demonstrates how cryptography is used to protect information. Outline: Why do we need cryptography? Basic concepts of cryptography including private key and public key systems. Review of various algorithms such as DES and RSA. Key management. Uses for cryptography including e-mail, telephone, digital signature etc. Available systems and their uses. Audience: Information Technology (IT) practitioners who have a basic understanding of Information Technology Security. Prerequisite: None Fees: $250 - Federal Sector $325 - Non-federal Sector Instructors: CSE ITS Staff APPLICATION FORM | 97/98 SCHEDULE | GENERAL INFO 420 - Government of Canada Public Key Infrastructure (1 day) This intensive one-day course is designed to give you a solid grasp of the basic concepts and principles of the Government of Canada (GOC) Public Key Infrastructure (PKI); describe the architecture of the GOC PKI and the various security services supported by the GOC PKI; and demonstrate the benefits of the GOC PKI. Outline: Description of where we are today and where we need to be in the future with regards to a PKI. Detailed description of certificates, Certificate Revocation Lists, Authority Revocation Lists. Detailed description of Certificate Policies, Certification Practice Statements, and Cross Certification. Role of GOC PKI in support of security services such as confidentiality, integrity, access control, authentication and non-repudiation. Role of GOC PKI in support of Electronic Authorization and Authentication. Detailed description of the GOC PKI model including the Policy Management Authority, Canadian Central Facility, Management Node and Local Registration Authority and the role of X.500 Directories in support of the GOC PKI. Detailed description of the system characteristics of the Canadian Central Facility, Management Nodes and Local Registration Agents to the sub-system level. Description of the related commercial and Government PKI initiatives worldwide. Highlights of the legal issues. Brief description of CSE's role as the implementation authority for the inter-departmental GOC PKI project. Audience: Information Technology Security practitioners who need to know more about PKI or have a role to play in applying, implementing, operating, managing, certifying or accrediting their part of the GOC PKI in their organization. Prerequisite: Introduction to Cryptography and its Applications (course #410) or an understanding of basic cryptographic techniques such as symmetric and asymmetric cryptography and digital signature is required. Fees: $250 - Federal Sector $325 - Non-federal Sector Instructors: CSE ITS Staff APPLICATION FORM | 97/98 SCHEDULE | GENERAL INFO 430 - Electronic Authorization and Authentication (1 day) This informative one-day course will provide you with the basic concepts of Electronic Authorization and Authentication (EAA) and when finished, you should have a good understanding as to what EAA is, what the legal issues surrounding EAA are, what a digital signature is and what the Government of Canada's policy is with respect to EAA. Outline: Definition of EAA. Detailed description of private and public key systems. What is the difference between an electronic signature and digital signature. What constitutes a "business transaction". Description of the EAA process. Legal requirements for EAA. Legal challenges for EAA. The Government of Canada's policy on EAA. Description of CSE's role and services we provide related to EAA. Audience: Public sector employees who are members of the financial community, system developers and /or security personnel who need to know more about EAA or who have a role to play in applying, implementing, operating, managing, or designing an EAA system for their organization. Prerequisite: None Fees: $250 - Federal Sector $325 - Non federal Sector Instructors: CSE ITS Staff APPLICATION FORM | 97/98 SCHEDULE | GENERAL INFO