Access Control, Authentication, And Public Key Infrastructure Training

In three days learn the components of access control,  an implementation framework, and the legal requirements that impact access control programs.

Course Overview

Our 3-day, instructor-led, Access Control, Authentication, and Public Key Infrastructure Training course is designed for cyber security professionals. It will teach you:

  • How to protect resources against unauthorized viewing, tampering or destruction
  • How to ensure privacy, confidentiality, and prevention of unauthorized disclosure
  • The components of access control, a business framework for implementation, and the legal requirements that impact access control
  • The risks, threats, and vulnerabilities prevalent in information systems and IT infrastructures

There are no prerequisites for this course. However, you should have some experience in the IT security field prior to taking this course.


Currently, there are no public classes scheduled. Please contact a Phoenix TS Training Consultant to discuss hosting a private class at 240-667-7757.


Not seeing a good fit?

Let us know. Our team of instructional designers, curriculum developers, and subject matter experts can create a custom course for you.

Contact Us

Learn more about custom training

Course Outline

Access Control Framework

  • Access and access control
  • Principal components of access control
  • Access control process
  • Logical access controls
  • Authentication factors

Assessing Risk and Its Impact on Control

  • Definitions and concepts
  • Threats and vulnerabilities
  • Risk assessment
  • Value, situation and liability
  • Case studies and examples

Business Drivers for Access Control

  • Business requirements for asset protection
  • Classification of information
  • Competitive use of information
  • Business drivers
  • Controlling access and protecting value
  • Examples of access control successes and failures in business

Access Control Policies , Standards, Procedures, and Guidelines

  • U.S. compliance laws and regulations
  • Access control security policy best practices
  • IT security policy framework
  • Examples of access control policies, standards procedures and guidelines

Security Breaches and the Law

  • Laws to deter information theft
  • Cost of inadequate front-door and first-layer access controls
  • Access control failures
  • Security breaches

Mapping Business Challenges to Access Control Types

  • Access controls to meet business needs
  • Solving business challenges with access control strategies
  • Case studies and examples

Human Nature and Organizational Behavior

  • The human element
  • Organizational structure and access control strategy
  • Job rotation and position sensitivity
  • Requirement for periodic vacation
  • Separation of duties
  • Responsibilities of access owners
  • Training employees
  • Ethics
  • Best practices for handling human nature and organizational behavior
  • Case studies and examples

Access Control for Information Systems

  • Access control for data
  • Access control for file systems
  • Access control for executables
  • Microsoft Windows workstations and servers
  • UNIX and Linux
  • Supervisory Control and Data Acquisition (SCADA) and process control systems
  • Best practices for access control for information systems
  • Case studies and examples

Physical Security and Access Control

  • Physical security
  • Designing a comprehensive plan
  • Biometric access control systems
  • Technology-related access control solutions
  • Outsourcing physical security – pros and cons
  • Best practices for physical access control
  • Case studies and examples

Access Control in the Enterprise

  • Access Control Lists (ACLs) and Access Control Entries (ACEs)
  • Access control models
  • Authentication factors
  • Kerberos
  • Network access control
  • Wireless IEEE 802.11 LANs
  • Single Sign-On (SSO)
  • Best practices for handling access controls in an enterprise organization
  • Case studies and examples

Access Control System Implementations

  • Transforming access control policies and standards into procedures and guidelines
  • Identity management and access control
  • Size and distribution of staff and assets
  • Multilayered access control implementations
  • Access controls for employees, remote employees, customers and business partners
  • Best practices for access control implementations
  • Case studies and examples

Access Control Solutions for Remote Workers

  • Growth in the mobile work force
  • Remote access methods and techniques
  • Access protocols to minimize risk
  • Remote authentication protocols
  • Virtual Private Networks (VPNs)
  • Web authentication
  • Best practices for remote access controls to support remote workers
  • Case studies and examples

Public Key Infrastructure and Encryption

  • Public Key Infrastructure (PKI)
  • Ensuring integrity, confidentiality, authentication and non-repudiation
  • What PKI is and what it is not
  • What are the potentials risks associated with PKI?
  • Implementations of business cryptography
  • Certificate Authorities (CA)
  • Best practices for PKI use within large enterprises and organizations
  • Case studies and examples

Testing Access and Control Systems

  • Purpose of testing access control systems
  • Software development life cycle and the need for testing software
  • Security development life cycle and the need for testing security systems
  • Information security activities
  • Performing the access control system penetration test
  • Preparing the final test report

Access Control Assurance

  • What is the information assurance>
  • How can information assurance be applied to access control systems?
  • What are the goals of access control system monitoring and reporting?
  • What checks and balances can be implemented?
  • Audit trail and audit log management and parsing
  • Audit trail and audit log reporting issues and concerns
  • Security Information and Event Management (SIEM)
  • Best practices for performing ongoing access control system assurance
  • Case studies and examples

Access Control, Authentication And Public Key Infrastructure Training FAQs

Who should take the Access Control, Authentication and PKI course?

IT Auditors
IT Managers
Information Security Analysts
Information Security Managers
System Administrators

Are there labs associated with this course?

Yes! The following labs are included in this course.

Configuring an active directory domain controller
Managing Windows accounts and organizational units
Configuring Windows file system permissions
Managing group policy objects in active directory
Configuring Windows firewall
Managing Linux accounts
Configuring Linux file system permissions
Encrypting and decrypting files with PKI
Authenticating security communications with digital signatures
Encrypting and decrypting web traffic with HTTPS

What do students say about the Access Control, Authentication, and Public Key Infrastructure Training?

“LOTS of information, but the instructor helped break it down into a palatable and easily consumable format. The class delved into areas that are relevant to my work, although I don’t always have to engage in the level of detail. It was helpful to understand the background knowledge of these elements so that I can have a full scope of this aspect of security. ” Student from September 2019

“[The instructor] was very instrumental in providing solutions to myself to take back and implement. Highly interactive discussions, which kept us all involved. ” Student from September 2019


Subscribe now

Get new class alerts, promotions, and blog posts