What is the IEM?

The INFOSEC Evaluation Methodology (IEM) is a hands-on methodology for conducting evaluations of customer networks utilizing common technical evaluation tools. Students can expect to learn an easily repeatable methodology that provides each customer a roadmap for addressing their security concerns and increasing their security posture. This course is a follow on course to the popular INFOSEC Assessment Methodology (IAM) and will result in a certificate for those students meeting the appropriate qualifications.

The IEM covers the steps involved in a comprehensive evaluation of a customer's technical components, beginning with customer coordination and the definition of applicable scope for each project. Students will learn how the information defined during the IAM process will be used to create customized roadmaps for increased security posture. Hands-on experience with recognized security tools is included as part of the training in order to increase each student's familiarity with commonly used evaluation software. The course ends with instruction in the techniques utilized to create the System Criticality Vulnerability Matrices and even provides important information on the creation of a reusable metric to measure customer security posture increase or decrease via trending mechanisms. The IEM is a 2 day technical course and most students will benefit from a prior understanding of basic networking concepts. Multiple exercises are included in this course to reinforce the key concepts and activities within the methodology. Formal comprehension of the IAM is required to understand how the IAM & IEM work together to provide a complete security assessment. Students do not need their own laptop for this course. Each student will receive all relevant course documentation and will be provided with a laptop computer for use during the IEM course exercises.

Students wishing the certificate must have completed the IAM certificate class and demonstrate at least 6 months of security evaluation tool usage by filling out the application for the course. This course is also open to non-IAM certified individuals on a non-certification basis.