212 Cyber Defense Forensics Analyst Advanced KSAT Journey

Network anomalies are behaviors or activities that deviate from the norm. It is important that security professionals learn to monitor these anomalies in network traffic because the traffic could be malicious. In this 11-video course, you will explore roles that network and security professionals play in detecting and addressing anomalies. Begin by looking at different types of anomalies or outliers, such as configuration faults or a malicious presence; then take a look at benefits of anomaly detection, such as early response and planning for the unexpected. Learners will also examine the limitations of traditional approaches to anomaly detection, such as chasing false positives; learn how to differentiate between manual and automated detection techniques; and view the importance of building a profile of what is normal, such as user activity, before looking at multimodel attributes and how they relate to anomaly detection. Furthermore, you will explore differences between least frequency of occurrence and baselining; view the benefits of machine learning; and finally, learn how to recognize benefits of auto-periodicity to aid in identifying anomalies.

In this 14-video course, learners can explore best practices for anomaly detection for network forensics with topics such as network behavior anomaly detection (NBAD), frequency analysis, identifying beaconing activity, and recognizing signs of brute force attacks. Also discover protocol and population analysis, HTTPS and SSH (Secure Shell) attacks, as well as triage methods. Begin with a look at concepts and applications of NBAD, then discover how to implement frequency analysis. Learn how to identify beaconing activity, and how to recognize the signs of a brute force attack. Next, learners examine protocol analysis approaches and techniques, and learn about HTTPS attacks, deducing the activity of encrypted web traffic. Analyze SSH authentication behavior; take an overview of population analysis; explore techniques used to reveal hidden connections with behavioral analysis; and learn how to differentiate between different NBAD triage methods. In the final tutorials, discover methods and techniques for performing network anomaly analysis and the benefits of anomaly detection, and examine how network forensics can be used to protect mission critical areas of business.

Any IT environment requires a firm understanding of data privacy. Privacy laws and regulations, combined with industry practices, form the basis for effective information protection. In this course, you'll explore data privacy, beginning with the CIA Triad, personally identifiable information (PII), and Protected Health Information (PHI). You will learn about the General Data Protection Regulation (GDPR), Payment Card Industry Data Security Standard (PCI DSS), compliance with GDPR and PCI DSS, the Health Insurance Portability and Accountability Act (HIPAA), and Federal Risk and Authorization Management Program (FedRAMP). Finally, you'll dig into assets and risks, annualized loss expectancy (ALE), and network inventories. This course helps prepare learners for the ISACA certification exam, Certified Information Systems Auditor (CISA).

Information is a primary asset of most organizations today. It has a real value and, if compromised, could have real implications for the enterprise. In this course, you will explore considerations for protecting information assets, beginning with cryptography, asymmetric and symmetric encryption, Windows Encrypting File System, and Windows BitLocker. Then, you will learn about file integrity, the public key infrastructure (PKI) hierarchy, the PKI certificate life cycle, and private certificate authorities (CAs). Finally, you will discover certificate templates, manual certificate issuance, securing network traffic, disabling SSLv3, enabling an HTTPS website, and client Secure Sockets Layer (SSL)/Transport Layer Security (TLS) certificates. This course helps prepare learners for the ISACA certification exam, Certified Information Systems Auditor (CISA).

Digital asset protection is a key concern for the modern enterprise. As most organizations rely heavily on information systems in their day-to-day operations, protecting these valuable assets is of paramount importance. In this course, you'll learn about digital asset protection principles, beginning with organizational security policies, security and the OSI model, password security, and endpoint security. Then, you'll explore data loss prevention (DLP), Internet of Things (IoT) devices, IoT device vulnerability, and IoT security. Finally, you'll dig into mobile device access control, mobile device hardening, mobile device policies, and malicious app store apps. This course helps prepare learners for the ISACA certification exam, Certified Information Systems Auditor (CISA).

Data storage and malware get their fair share of attention when considering data, information, and privacy. Rightly so, as they represent key concerns for the security-minded information technology manager. In this course, explore data storage and malware, beginning with an overview of data vs. information, big data and data analytics, and storage area network (SAN) security. Next, learn how to secure an iSCSI SAN and about cloud storage security, storage media disposal, database security, and database availability. Finally, examine data backup and restore strategies, cloud-based data backups, social engineering, and security awareness training. This course helps prepare learners for the ISACA certification exam, Certified Information Systems Auditor (CISA).

Regardless of the guidance that one is following as a security professional, one common theme is that architects must be held to a high ethical standard based on their responsibility to manage risk to all assets. In this course, you will explore the International Information System Security Certification Consortium (ISC2) Code of Professional Ethics. Then you will discover organizational codes of ethics, which establish an integral aspect of a mission and model adopted by an organization. Finally, you will focus on the Five Pillars of information security - confidentiality, integrity, availability, authenticity, and non-repudiation. This course helps prepare learners for the Certified Information Systems Security Professional (CISSP) exam.

Security risk management involves the continual process of identifying security risks and implementing strategy and tactics to mitigate them. It is a vital component of any organization's strategy to protect its assets, ensure regulatory compliance, maintain operational continuity, and safeguard its reputation. Begin this course by exploring threat and vulnerability identification, as well as risk analysis, assessment, and response. Next, you will discover control categories, types, and assessments. Then you will investigate continuous monitoring and measurement and risk management reporting. Finally, you will examine continuous improvement and risk frameworks as you gain the essential skills to protect and secure your organization's critical resources. This course helps prepare learners for the Certified Information Systems Security Professional (CISSP) exam.

For the CISSP exam, one must be able to understand a variety of security design principles and practices. The topics in this course cover the following Domain 3 objectives: research, implement, and manage engineering processes using secure design principles and understand the fundamental concepts of security models. Begin by exploring the importance of least privilege and defense in depth to create multi-layered security defenses and restrict access to sensitive information. You will then look at concepts of segregation of duties (SOD), keeping it simple and small, and privacy by default and design. Next, you will consider how the shared responsibility model is crucial for participants to grasp the roles and accountability in cloud and collaborative environments. You will also explore threat modeling techniques to identify, evaluate, and mitigate potential security threats. Finally, you will compare zero trust vs. trust, explore the secure access service edge (SASE) framework, and consider the fundamental concepts of security models such as Bell-LaPadula, Biba, Star, and Clark-Wilson. This course helps prepare learners for the Certified Information Systems Security Professional (CISSP) exam.

Physical security consists of tested practices for protecting building sites and equipment (and all information and software contained therein) from theft, vandalism, natural disaster, human-caused catastrophes, and accidental damage, thereby maintaining overall organizational security. Begin this course by exploring site and facility security design principles, as well as perimeter and internal security controls to gain insights into safeguarding both the outer and inner layers of infrastructure. Then you will investigate security concerns for wiring closets, distribution frames, server rooms, data centers, and media and evidence storage facilities. Next, you will examine security issues for restricted and work areas, utilities, and heating, ventilation, and air conditioning (HVAC) systems. Additionally, you will focus on environmental topics, including fire prevention, detection, and suppression. Finally, you will discover power issues and controls, including redundancy and backup, and personnel safety concerns including insider threats, social media impacts, two-factor authentication (2FA) fatigue, emergency management, and duress. This course helps prepare learners for the Certified Information Systems Security Professional (CISSP) exam.