Course Curriculum
and Syllabus
Module 1 - Welcome
- Instructor: Natalian Silva
Overview of CEC IAM Academy, highlighting its mission, objectives, and impact on the development of professionals specializing in information security.
Module 2 - General Guidelines
- Instructor: Natalian Silva
Presentation of the course objective, explaining the importance of Segregation of Duties to ensure security in organizations, prevent fraud, and improve regulatory compliance.
Module 3 - Fundamentals of Risk Management
- Instructor: Nathalia Carmo
- Instructor: Ana Pacholek
- Instructor: Cristiane Galina
We will explain the fundamental concepts of risk, the identification of threats and vulnerabilities, and how to manage these risks in the context of information security.
Presentation of the concept of the 3 lines of defense (3LoD) in risk management, their responsibilities, and how they contribute to the creation of the SoD Matrix.
Module 4 - Fundamentals of Identity and Access Management
- Instructor: Micaella Ribeiro
We will talk about the definition of the concept of Identity and Access Management (IAM), its evolution over the years, and its relevance to information security.
Historical review of Segregation of Duties, highlighting the importance of separating critical functions to mitigate the risks of fraud and human error.
Module 5 - Introduction to Segregation of Duties (SoD)
- Instructor: Micaella Ribeiro
Definition of Segregation of Duties and its practical application to separate critical activities within organizations, preventing conflicts of interest.
Exploration of widely used frameworks for implementing SoD, such as COBIT and COSO, and how they align with organizational objectives.
Discussion about the most common challenges in the implementation of SoD, such as organizational resistance, technological limitations, and lack of clarity in processes.
Module 6 - Phase 1 - Information Gathering
- Instructor: Nathalia Carmo
Guide to support the student in defining clear goals for the creation of the SoD matrix, focusing on the risks that must be mitigated.
Techniques for collecting data on departments, systems, user profiles, and critical processes that should be included in the matrix.
Approach for companies that do not have 3 lines of defense, using organizational policies and walkthroughs to create a functional matrix.
Simulation of a walkthrough meeting with internal stakeholders to gather data necessary for the SoD matrix.
Module 7 - Phase 2 - Construction of the Functional SoD Matrix
- Instructor: Nathalia Carmo
- Instructor: Micaella Ribeiro
- Instructor: Natalian Silva
Explanation of the concept and objective of a functional matrix, which organizes the functions within an organization to identify potential conflicts.
Practical activity for the student to build a functional matrix from scratch.
Additional practical exercise to reinforce the concepts and skills acquired.
Detailed correction of the practical exercise, with explanations about the decisions made.
Module 8 - Phase 3 - Construction of the Technical SoD Matrix
- Instructor: Natalian Silva
Definition of the technical matrix, which focuses on the access profiles to systems and how these profiles interact with the functions defined in the functional matrix.
Survey of the systems and user profiles that should be included in the technical matrix.
Practical activity of building the technical matrix from scratch.
Practical exercise of building the technical matrix based on simulated data.
Correction of the practical exercise, with detailed explanations.
Module 9 - Phase 4 - Conflict Correction and Resolution
- Instructor: Natalian Silva
Identification of user profiles that have conflicting access and the implications of this access. I have identified the identities that have conflicting access, now what?
Development of action plans to correct or mitigate the access conflicts found.
Module 10 - SoD Matrix Lifecycle
- Instructor: Natalian Silva
Strategies and processes to ensure that the SoD matrix is always updated with organizational and technological changes.
Recommendations for integrating SoD with other internal processes, such as audits, governance, and compliance.
Best practices and tips to ensure the continued success of SoD implementation.
Important
Informations
Recorded and asynchronous classes
In the Professional Course on Segregation of Duties, you will have the opportunity to learn interactively. The classes are recorded and conducted online, providing flexibility to participate from anywhere with internet access. In our community, you will be able to meet and exchange knowledge with other students.
12 months of access
All classes will be available for 12 months. This will allow you to watch the classes and complete the exercises at your own pace, calmly and without rushing.
During this period, if you have any questions or need assistance, our student support channels will be available to provide all the necessary support.
Practical exercises
You will have the opportunity to practice the concepts learned through exercises. In addition, we will have some exercise resolution classes, where we will explain in detail the step-by-step process to arrive at the expected result of each activity.
These practices are designed to reinforce your learning and ensure that you are well prepared to apply these concepts in your work environment.
Classes are released automatically after enrollment
Upon completing your enrollment, you can start studying immediately!
Course duration
Students will have access to the course for 12 months. The lessons total 30 hours, in addition to exercises to reinforce the content.
Only after completing all the content will the student be eligible to receive the course completion certificate.
