...
Trainings of different kinds could be offered starting from AAI in local organizations up to management platforms for collaborative environments. The traing should investigate on those areas and provide the participant with hands-on information. how to set-up those AAI infrastructures.
Systems design
This training should provide insight to secure system design concepts. These could include some set if not all of the following concepts as well as including others important to the organization or stakeholders.
- Least Privilege - A subject/program should be given only the minimum set of privileges necessary to complete its task
- Fail-Safe Defaults - Unless a subject is given explicit access to an object, it should be denied access to that object
- Economy of Mechanism - Security mechanisms should be as simple as possible
- Complete Mediation - All accesses to objects must be checked to ensure that they are allowed
- Open Design - The security of a mechanism should not depend on the secrecy of its design or implementation
- Separation of Privilege - A system should not grant permission based on a single condition
- Least Common Mechanism - Mechanisms used to access resources should not be shared
- Psychological Acceptability - Security mechanisms should not make the resource more difficult to access than if the security mechanism were not present
- Multiple Lines of Defense – Increase odds that no single vulnerability is common to all functionality
Reference: http://web.mit.edu/Saltzer/www/publications/protection/index.html
IT security awareness for users
...