CISSP 2021: Secure Design Principles

IN THIS COURSE

• 1.  Course Overview
  1m 37s
  This course introduces you to secure design principles that will help you design any security mechanism for a system. Learn to prevent security flaws and block unwanted access. Study security concepts and principles, such as defense in depth, least privilege, and zero trust. FREE ACCESS
• 2.  Least Privilege Principle
  4m 49s
  In this video, we examine the security principle of least privilege and provide real-world examples. Learn about Authentication Authorization Accounting (AAA), Identity and Access Management (IAM), and hypervisors. FREE ACCESS
• 3.  Defense in Depth (DiD) Principle
  7m 34s
  This video examines the security principle of Defense in Depth (DiD), and provides real-world examples. Learn about supply chain risk management, de-perimeterization, monitoring and response operations, prevention, policy management, and endpoint security. FREE ACCESS
• 4.  Separation of Duties (SoD) Principle
  6m 51s
  This video explores the security principle of separation of duties (SoD) and provides real-world examples. Review separation of duties in Agile, Spiral. and CI/CD development. Consider dual operator principles, rotation of duties, and other security strategies. FREE ACCESS
• 5.  Keeping It Simple
  3m 4s
  In this video, we see what it means to "keep it simple" in the context of a security principle with real-world examples. Learn how to find the delicate balance between security and protecting data, applications, and systems, while still maintaining user productivity. FREE ACCESS
• 6.  Zero Trust
  4m 44s
  In this video, we define the characteristics of the Zero Trust (ZT) principle and of zero trust architecture (ZTA). We examine ZT from a management standpoint, a security management perspective, and an information security administration point of view. FREE ACCESS
• 7.  Secure Defaults
  3m 3s
  In this video, we examine secure design principles and use cases of secure defaults. We compare the strategies of security by design, security by deployment, security by default, and security through obscurity. FREE ACCESS
• 8.  Fail Securely
  2m 46s
  In this video, we review the characteristics of secure failure, and differentiate between fail open and fail closed systems, such as firewalls or other appliances. We then compare the benefits and risks of both security approaches. FREE ACCESS
• 9.  Privacy by Design Principle
  3m 37s
  In this video, we look at the security principle of privacy by design, and provide real-world examples. We will use the NIST Privacy Framework as our prototype. The NIST Privacy Framework is a tool to improve privacy through Enterprise Risk Management. FREE ACCESS
• 10.  Trust but Verify Principle
  1m 35s
  In this video, we list use cases for the Trust but Verify security principle. Trust but Verify is not a "zero trust" approach to security, however, it does introduce stronger identification mechanisms, such as multi-factor authentication (MFA). FREE ACCESS
• 11.  Course Summary
  44s
  In this course, we examined secure design principles that are useful to any security mechanism for a system. We observed how to prevent security flaws and block unwanted access. We discussed security concepts and principles, such as defense in depth, least privilege, and zero trust. FREE ACCESS