Intermediate: Cloud+

This track contains Cloud+ content.

20 Courses | 25h 11m 12s
1 Lab | 28h 45m

Advanced: CISM

This track contains Certified Information Security Manager (CISM) content.

20 Courses | 21h 27m 41s

Advanced: CISSP

This track contains CISSP content.

10 Courses | 6h 10m 12s

COURSES INCLUDED

CompTIA Cloud+: Cloud Architecture & Models

The cloud has various deployment and service models that can help your organization design and create your very own cloud strategy based on needs. First, you'll learn about the available cloud deployment models such as public, private, hybrid, community, and virtual public clouds, as well as multi-cloud and multitenancy environments. Next, you'll examine cloud service models such as Infrastructure as a Service, Platform as a Service, and Software as a Service. Finally, you'll learn about advanced topics such as the Internet of Things, serverless computing, machine learning, artificial intelligence, and the shared responsibility model. This course is one of a collection of courses that prepares learners for the CompTIA Cloud+ (CV0-003) certification.

12 videos | 1h 10m Assessment Badge

CompTIA Cloud+: Cloud Capacity Planning

Capacity planning is an important factor to consider when creating a Cloud Strategy. This course will describe the important factors to consider when performing capacity planning. First, you will learn about the technical and business factors to consider when performing capacity planning. Next, you will learn about using standard templates, licensing considerations, user density and system load. You then learn how to use captured metrics to perform trend analysis and how to do performance capacity planning. Finally, you'll learn how to create a cloud-based database and how cloud features can be scaled to meet capacity demands. This course is one of a collection of courses that prepares learners for the CompTIA Cloud+ (CV0-003) certification.

12 videos | 1h 8m Assessment Badge

CompTIA Cloud+ : Cloud High Availability & Scaling

High availability of cloud systems and resources is extremely important to ensure that a system is there when you need it. Cloud environments have many options and features to ensure that the goal of high availability is achieved. First, you will learn the concepts of affinity and anti-affinity and how it related to hypervisors. Next, you will learn about the benefits of oversubscription of compute, network and storage resources, using regions and zones, cloud applications, and using containers in the cloud environment. Next, you will learn how to configure network resources such as switches, routers, load balancers, and firewalls for high availability. Finally, you will learn about using cloud clusters, identifying single points of failure, and the benefits of using auto-scaling, horizontal scaling, vertical scaling and cloud bursting. This course is one of a collection of courses that prepares learners for the CompTIA Cloud+ (CV0-003) certification.

12 videos | 1h 13m Assessment Badge

CompTIA Cloud+: Cloud Solution Design

Developing new software systems can be costly and time consuming. Cloud-based solutions can help get your system online quickly and cost-effectively and help to meet all your business requirements. In this course, you'll learn how to analyze the cloud solution design in support of business requirements. First, you'll explore how to analyze the solution design while considering requirements for software, hardware, system integration, security, network, disaster recovery, budgeting, service level agreements, and compliance. Next, you'll learn about the benefits of using multiple environments for development, quality assurance, staging, and production. You'll also examine the advantages of performing blue-green deployments. Finally, you'll learn about software development testing techniques such as performance, regression, functional, usability, vulnerability, and penetration testing. This course is one of a collection of courses that prepares learners for the CompTIA Cloud+ (CV0-003) certification.

12 videos | 1h 13m Assessment Badge

CompTIA Cloud+: Cloud Identity & Access Management

Identity and access management is crucial to securing resources and ensuring the resources are used by the correct people. In this course, you'll learn about some of the security resources that are available for performing and enforcing identity and access management. First, you'll examine identity and access management, including user identification, authorization, and privileged access management. You'll learn how to use the Lightweight Directory Access Protocol to manage access to resources. Next, you'll explore how identity federation can be used to manage user identities and how certificate management can be performed using certificate authorities, registration authorities, certificate databases, certificate stores, and key archival servers. You'll then move on to learn about multi-factor authentication, single sign-on, Public Key Infrastructure, as well as secret and key management. Finally, you'll learn about the components that can be used to perform incident response preparation and incident response procedures such as evidence acquisition, chain of custody, and root cause analysis. This course is one of a collection of courses that prepares learners for the CompTIA Cloud+ (CV0-003) certification.

12 videos | 1h 13m Assessment Badge

CompTIA Cloud+: Cloud Network Security

Having a secure cloud environment is crucial for ensuring system and data integrity and security. Cloud environments have numerous methods for meeting these security needs. In this course, you'll learn how to secure a network in a cloud environment using network segmentation, network protocols, and network services. Next, you'll learn how to monitor the security of a network environment using log and event monitoring and how to harden the network environment. Then, you'll move on to examine the available network security tools that can be used to perform network penetration tests, such as vulnerability scanners and port scanners. You'll also explore how to use these security tools to perform vulnerability assessments. Finally, you'll learn about the purpose of a risk register and how to prioritize the deployment and installation of security patches. This course is one of a collection of courses that prepares learners for the CompTIA Cloud+ (CV0-003) certification.

13 videos | 1h 21m Assessment Badge

CompTIA Cloud+: Cloud Security Controls

Ensuring the security of your operating systems and applications is a key component of keeping your cloud environment secure. There are several key steps that can be taken to ensure your cloud system is secure. In this course, you will learn about cloud security policies and managing cloud user permissions. Next, you will learn about anti-virus and anti-malware tools, firewalls, intrusion detection and intrusion prevention tools that can be used to detect and prevent cybersecurity attacks. Next, you will learn about hardening your cloud environment and using encryption to increase data security. Finally, you will learn about configuration management and how to monitor the system and event logs. This course is one of a collection of courses that prepares learners for the CompTIA Cloud+ (CV0-003) certification.

12 videos | 1h 9m Assessment Badge

CompTIA Cloud+: Data Security & Compliance Controls

There may be several ramifications for failing to secure your organization's data in the cloud environment. This could also mean failing to comply with regulatory compliances. In this course, you will learn how mandatory access controls are used to secure cloud services. First, you will learn encryption, hashing algorithms, digital signatures, the access security broker and file integrity monitoring can be used to ensure data security and regulatory compliance. Next, you will learn how data classification, network and access control can be used to secure data. Next, you will learn about data security laws and regulations and the legal requirements for securely storing data. Finally, you will learn about data loss prevention and the components of records management systems including versioning, retention, destruction and write once/read many. This course is one of a collection of courses that prepares learners for the CompTIA Cloud+ (CV0-003) certification.

12 videos | 1h 17m Assessment Badge

CompTIA Cloud+: Cloud Component Integration

Cloud environments provide many key components that can be incorporated into your cloud solution. In this course, you'll learn about the available cloud components. First, you'll learn about subscription services such as file, communication, e-mail, VoIP, messaging and collaboration, and the virtual desktop infrastructure, as well as directory and identity services. Next, you'll explore cloud service models such as IaaS, PaaS, and SaaS and how to provision and integrate compute, storage, and network resources for a cloud solution. Next, you'll examine how to integrate serverless applications, deploy and integrate virtual machines, and use OS and solution templates to provision and integrate resources into a cloud solution. Finally, you'll learn to integrate identity management and containers and perform autoscaling and post-deployment validation of cloud solutions. This course is one of a collection of courses that prepares learners for the CompTIA Cloud+ (CV0-003) certification.

12 videos | 1h 10m Assessment Badge

CompTIA Cloud+: Provisioning Cloud Storage

Storage in the cloud is a crucial component of any cloud-based solution. In this course, you'll learn about the types of cloud storage you can use in your solutions and their features. First, you'll explore how to provision and measure the performance of block, file, object, and flash storage. Next, you'll learn about the different types of RAID arrays and the purpose of user quotas. You'll then move on to examine the protocols used with cloud storage. You'll learn about the features of hyperconverged storage, hyperconverged infrastructures, and software-defined storage. Finally, you'll explore how to create and use an Azure container. This course is one of a collection of courses that prepares learners for the CompTIA Cloud+ (CV0-003) certification.

12 videos | 1h 23m Assessment Badge

CompTIA Cloud+: Cloud Network Deployments

Deploying cloud-based solutions efficiently and securely requires that the network be configured correctly. In this course, you'll learn about the network services that need to be considered when deploying cloud solutions. First, you'll explore the role of network services such as DHCP, DNS, CDN, IPAM, as well as VPNs. You'll learn about the features of virtual routing including dynamic and static routing. Next, you'll examine virtual network interface controllers and the features of network appliances such as load balancers, firewalls, and virtual private clouds. Finally, you'll learn about the features of virtual LANs, single root input/output virtualization, and software-defined networks. This course is one of a collection of courses that prepares learners for the CompTIA Cloud+ (CV0-003) certification.

12 videos | 1h 18m Assessment Badge

CompTIA Cloud+: Cloud Migrations

For a cloud-based solution to run efficiently and cost-effectively, the appropriate sizing of resources is essential. In this course, you'll learn to configure the correct compute sizing for a deployment, as well as how to perform cloud migrations. First, you'll explore the features of virtualization such as hypervisors and how to compute. Next, you'll learn about the features of and how to correctly size CPUs, vCPUs, and GPUs. You'll explore memory allocation and the features of a hyperconverged infrastructure. You'll then learn about cloud migrations such as storage migrations, database migrations, physical to virtual migrations, virtual to virtual migrations, and cloud-to-cloud migrations. Finally, you'll examine cloud migration implications for access control lists, firewalls, and vendor lock-in. This course is one of a collection of courses that prepares learners for the CompTIA Cloud+ (CV0-003) certification.

12 videos | 1h 7m Assessment Badge

CompTIA Cloud+: Cloud Logging, Monitoring, Alerting & Optimization

Logging and monitoring is essential to ensure that your cloud environment is running efficiently and securely. In this course, you will learn to configure logging, monitoring and alerting services in the cloud and optimize cloud environments. First, you will learn about the available cloud features for logging such as collectors, SNMP, syslog, audits, log types, access and authentication, and automation. Next, you will learn about the features of system monitoring such as baselines, thresholds, tagging, and performance monitoring, resource utilization, availability, and SLA-defined uptime. Next, you will learn about the features of alerting such as common messaging methods, maintenance mode and appropriate responses. Finally, you will learn how to optimize cloud resources including placement, computing, storage, networks, and device drivers and firmware. This course is one of a collection of courses that prepares learners for the CompTIA Cloud+ (CV0-003) certification.

12 videos | 1h Assessment Badge

CompTIA Cloud+: Cloud Operations Management

Maintaining a stable cloud environment is important to ensure the health of the cloud system. In this course you will learn how to maintain efficient operation of a cloud environment. First, you will learn how to perform life cycle management, and perform change management. Next, you will learn about the configuration management database and why it is important. Next, you will learn about using dashboards and the impacts of process improvements, upgrade methods, and performance reporting. Lastly, you will learn about the options for performing patching and the types of backups and available backup objects, and to confirm the completion of backups. This course is one of a collection of courses that prepares learners for the CompTIA Cloud+ (CV0-003) certification.

12 videos | 1h 16m Assessment Badge

CompTIA Cloud+: Cloud Automation & Orchestration

In order for cloud environments to operate efficiently you need to use automation and orchestration to keep things running smoothly. In this course, you will learn about the components and features of cloud automation and orchestration. First, you will learn about the features of infrastructure as code, continuous integration and continuous deployment. Next, you will learn about version control and configuration management and how it relates to orchestration and automation. Next, you will learn about the features of containers, cloud automation activities, secure scripting and orchestration sequencing. Finally, you will learn about backup and restore policies as well as backup targets. This course is one of a collection of courses that prepares learners for the CompTIA Cloud+ (CV0-003) certification.

12 videos | 1h 8m Assessment Badge

CompTIA Cloud+: Cloud Disaster Recovery

Planning for disaster recovery is crucial to getting your cloud solution running and operational when a crisis occurs. In this course, you'll learn about how to plan for and the features of disaster recovery. First, you'll explore disaster recovery features such as failover, failback, backup restoration, and replication. Next, you'll examine the importance of network configuration, geographical data centers, restoration methods, and on-premise and cloud sites. Finally, you'll learn about the importance of the DR kit, playbook, network diagrams, RPOs, RTOs, SLAs, and corporate guidelines when planning for disaster recovery. This course is one of a collection of courses that prepares learners for the CompTIA Cloud+ (CV0-003) certification.

12 videos | 1h 26m Assessment Badge

CompTIA Cloud+: Cloud Troubleshooting Methodologies

Being able to troubleshoot cloud and network issues is important when trying to resolve failures or operational difficulties. In this course, you'll learn to use troubleshooting methodologies to resolve common cloud issues. First, you'll examine how to resolve cloud related issues using the troubleshooting methodology. Next, you'll explore how to resolve network security group misconfigurations issues and network connectivity issues. You'll then move on to learn about resolving network routing and firewall connectivity issues. You'll learn about the tools that you can use to troubleshoot and resolve network issues. Finally, you'll learn resource utilization, application performance, and load balancing performance tuning. This course is one of a collection of courses that prepares learners for the CompTIA Cloud+ (CV0-003) certification.

12 videos | 1h 22m Assessment Badge

CompTIA Cloud+: Troubleshooting Cloud Security Issues

Being able to troubleshoot security issues is essential to ensuring fully functional systems in the cloud. In this course, you'll examine some of the common causes of security issues. First, you'll learn to troubleshoot security issues due to missing or incomplete privileges, authentication or authorization issues, or network and directory security group issues. Next, you'll explore how to troubleshoot security issues due to expired, revoked, compromised, or misconfigured keys and certificates or due to misconfigured or misapplied policies. You'll then move on to learn how to troubleshoot and identify security concerns due to unencrypted data, data breaches, misclassification of data, lack of protocol encryption, and insecure ciphers. Finally, you'll also learn to troubleshoot and identify security concerns due to exposed endpoints, misconfigured security appliances, and unsupported protocols, as well as how to deal with internal or external attacks. This course is one of a collection of courses that prepares learners for the CompTIA Cloud+ (CV0-003) certification.

12 videos | 1h 12m Assessment Badge

CompTIA Cloud+: Troubleshooting Cloud Deployments

Being able to troubleshoot issues during the deployment process is essential to ensuring full functionality in the cloud. In this course, you'll examine some of the common causes of deployment issues. First, you'll learn about some of the causes of service outages and the need for a disaster recovery plan. You'll explore how to troubleshoot performance and degradation issues and how these issues can relate to capacity planning. Next, you'll learn how automation scripts can be the cause of deployment issues and how good scripts validate and perform rollbacks on failure. You'll then move on to examine how to troubleshoot issues with applications in containers, how to validate deployment templates, and how insufficient resource capacity can cause degradation and latency issues. Finally, you'll learn how to troubleshoot licensing and vendor-related issues. This course is one of a collection of courses that prepares learners for the CompTIA Cloud+ (CV0-003) certification.

12 videos | 1h 28m Assessment Badge

CompTIA Cloud+: Troubleshooting Automation and Orchestration Issues

Being able to troubleshoot issues during cloud automation and orchestration is important to ensuring smooth and efficient deployments in a cloud environment. In this course you will examine some of the causes of these issues. First, you'll explore automation and orchestration issues that occur due to user account or service account permission issues, change management process miscommunications, and DNS and server name changes. Next, you'll learn about automation and orchestration issues that occur due to IP address scheme changes, changed availability zones, third-party versioning issues, and tool incompatibility issues. Finally, you'll examine how to validate change management processes and that patches installed correctly. This course is one of a collection of courses that prepares learners for the CompTIA Cloud+ (CV0-003) certification.

12 videos | 1h 7m Assessment Badge

FREE ACCESS

COURSES INCLUDED

CISM 2022: Information Security Governance

The best way to improve the enterprise security stance is to align IT security solutions with business objectives. In this course, you will consider how information security must align with business strategies. You will explore the business model for information security and review the importance of identifying and classifying assets critical to a business. Next, you will learn about supply chain security, personnel management, and the components of an information security program. You will discover the relationship between service-level agreements (SLAs) and organizational objectives and discuss the relevance of change and configuration management. Then, consider how to develop organizational security policies. Lastly, explore expense types, chain of custody, organizational culture, and how the Control Objectives for Information Technologies (COBIT) framework applies to IT governance. This course can be used to prepare for the Certified Information Security Manager (CISM) exam.

16 videos | 1h 40m Assessment Badge

CISM 2022: Business Continuity & Security

Keeping business processes up and running is a priority for every type of business. Security plays an important role in the success of business continuity planning. In this course, you will discover the characteristics that define a business impact analysis (BIA) and explore disaster recovery plans (DRPs) and various data and IT security roles commonly present in an enterprise. Next, you will learn how contractual obligations can necessitate security compliance and audits. You will discover the importance of establishing performance and security baselines on-premises and in the cloud. Lastly, you will explore physical security and security control types with a slant on business process alignment. This course can be used to prepare for the Certified Information Security Manager (CISM) exam.

12 videos | 1h 13m Assessment Badge

CISM 2022: Incident Response

Incident response is initiated when a security incident is confirmed. Incident response plan participants must know their roles and plan details for effectively minimizing the impact of security incidents. In this course, you will explore the components that make up an incident response plan, including roles, escalation procedures, and communication plans. Next, focus on incident escalation where applicable, incident eradication according to planned procedures, and incident containment to prevent further incident damage. Then discover the importance of analyzing past incident responses in the spirit of constant improvement and the reduction of incident response times. Lastly, find out how incident detection and automated responses are possible in the cloud. This course can be used to prepare for the Certified Information Security Manager (CISM) exam.

8 videos | 41m Assessment Badge

CISM 2022: Security Standards

Global and local security standards, including laws and regulations, are an important input to determine how enterprises deploy and manage security controls. In this course, you will learn how the European Union's General Data Protection Regulation (GDPR) data privacy legislation applies to any organization world-wide handling private EU citizen data. Next, you will explore various International Organization for Standardization/International Electrotechnical Commission (ISO/IEC) standards for proper data governance, followed by American data privacy and cloud security standards such as Health Insurance Portability and Accountability Act (HIPAA) and Federal Risk and Authorization Management Program (FedRamp). Discover how to secure cardholder data as related to Payment Card Industry Data Security Standard (PCI DSS) international security standards and review other data privacy legislation including Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and China's Personal Information Protection Law (PIPL). Lastly, explore the importance of securing cloud service usage in alignment with the Cloud Controls Matrix (CCM). This course can be used to prepare for the Certified Information Security Manager (CISM) exam.

10 videos | 53m Assessment Badge

CISM 2022: Managing Risk

Residual risk remains after security controls are put in place to mitigate the impact of threats. The organizational appetite for risk determines what level of residual risk is acceptable. In this course, you will explore how risk management improves business operations by minimizing the impact of realized threats. You will learn how to calculate the cost of mitigating risk compared to the value of the protected asset and determine the cost-benefit analysis and return on investment when implementing security controls. Next, discover the importance of risk assessments, especially where there are changes to some aspect of the business or a specific business process. You will then explore how various risk approaches, such as risk acceptance, avoidance, transfer, and reduction, apply to an organization's tolerance of residual risk. Lastly, discover how risk heat maps are an effective method for communicating various degrees of risk. This course can be used to prepare for the Certified Information Security Manager (CISM) exam.

9 videos | 49m Assessment Badge

CISM 2022: Data Privacy

Enterprises must comply with relevant laws and regulations related to data privacy. This requires recognizing applicable laws and regulations and implementing the appropriate security controls. In this course, you will explore examples of personally identifiable information (PII) and protected health information (PHI) and learn about data residency implications related to the physical storage location of sensitive data. Next, learn how to reduce the possibility of data exfiltration through data loss protection policies and how to discover and classify data using Amazon Macie and Microsoft Purview governance. Then you will learn to configure data classification on the Microsoft Windows server platform and tag cloud resources for classification purposes. Lastly, explore how to configure Microsoft Azure storage account encryption using a customer-managed key. This course can be used to prepare for the Certified Information Security Manager (CISM) exam.

10 videos | 56m Assessment Badge

CISM 2022: Assessing Risk

Assessing risk is a crucial activity that enables organizations to evaluate risk exposure for business processes and assets. In this course, you will begin by exploring how to conduct vulnerability assessments and how the results can shed light on security control deficiencies. Next, you will learn how to perform a network vulnerability assessment and review the results, followed by scanning a web application for web app-specific vulnerabilities. You will discover how to conduct a gap analysis to determine the current security posture compared to a desired security posture. Then, you will explore the important aspects of when and how to run penetration tests. Lastly, you will see how to configure Microsoft Azure Policy assignments to determine cloud resource configuration compliance. This course can be used to prepare for the Certified Information Security Manager (CISM) exam.

8 videos | 45m Assessment Badge

CISM 2022: Managing Authentication

Strong authentication, such as with multi-factor authentication (MFA), ensures that devices, software, and users get legitimate access to resources. The omission of strong authentication configurations may result in successful brute force credential attacks. In this course, you will begin with a discussion of authentication categories and how they strengthen device, software, and user sign-in procedures. Next, you will learn to manage Amazon Web Services (AWS) and Microsoft Azure users and groups in the cloud followed by managing on-premises users and groups on the Windows and Linux platforms. You will then configure MFA for an AWS Identity and Access Management (IAM) user account and test MFA login. Lastly, you will learn how to harden user login security through password policies and how identity federation works. This course can be used to prepare for the Certified Information Security Manager (CISM) exam.

10 videos | 53m Assessment Badge

CISM 2022: Implementing Access Control

Authorization allows limited access to resources only after successful authentication. Resources can include IT services such as applications, databases, files, and folders, among others. In this course, explore the role authorization plays in allowing resource access and the various access control models used to ensure least privilege. Next, learn how to configure ABAC through Microsoft Dynamic Access Control, create an Azure dynamic group in the cloud, and use RBAC to grant permissions to Azure cloud resources. Finally, discover how to manage permissions for Windows and Linux-based file systems, handle Windows NTFS file system auditing, and configure Microsoft Active Directory delegated administration. This course can be used to prepare for the Certified Information Security Manager (CISM) exam.

11 videos | 1h 2m Assessment Badge

CISM 2022: Network Security

Organizations should secure resource access while remaining compliant with relevant laws and regulations. One of the many ways to do this is to ensure proper network security controls are in place and reviewed regularly. In this course, examine the OSI model layers and their relevance to network security controls, as well as the security aspects of network switching and network access control. Next, explore DHCP and DNS security issues and Wi-Fi authentication methods, and discover how to harden a DHCP and DNS deployment on Windows Server. Finally, learn the importance of using honeypots and honeynets, and how to implement a honeypot and analyze captured network traffic. This course can be used to prepare for the Certified Information Security Manager (CISM) exam.

11 videos | 1h 10m Assessment Badge

CISM 2022: Network Attack Mitigation

To effectively defend against common network attacks, organizations must truly understand how they are executed. Thereafter, information security managers can implement and manage security controls to address network security control objectives. In this course, explore firewall types, configure the built-in Windows Defender Firewall, and adjust firewall rules on a Linux host. Next, learn how to manage Azure cloud network security groups to control virtual network subnet and interface traffic and how forward and reverse proxy servers can enable inbound and outbound network security. Finally, examine the relevance of intrusion detection placement and prevention configurations and configure the open-source Snort IDS tool to detect suspicious traffic. This course can be used to prepare for the Certified Information Security Manager (CISM) exam.

10 videos | 1h 2m Assessment Badge

CISM 2022: IT Service & Data Availability

Ensuring IT service and data high availability can reduce downtime and increase business productivity. The configurations put in place to achieve high availability align with standard business continuity requirements. In this course, you will discover the importance of high availability as it relates to business objectives. Begin by exploring load balancing as a method of optimizing application performance and availability. Next, you will learn how to deploy a cloud-based application load balancing solution. Examine various backup types such as differential and incremental, in order to adhere to the Recovery Point Objective (RPO). Then configure backup for Windows Server and for Microsoft Azure resources and find out how redundant array of inexpensive disks (RAID) levels apply to data availability and resiliency to disk failures. Finally, configure software RAID on the Windows and Linux platforms and enable availability in the cloud by enabling storage account and virtual machine replication. This course can be used to prepare for the Certified Information Security Manager (CISM) exam.

13 videos | 1h 16m Assessment Badge

CISM 2022: Common Network Security Threats

Some security controls are very specific to the threat that they address. Information security managers must be well versed in common network security threats in order to minimize the impact of realized threats on business processes. In this course, you will start by exploring various types of threat actors and their motivation for attacking networks. You will review industry standards related to categorizing threats, including common vulnerabilities and exposures (CVEs), the MITRE ATT&CK knowledge base, and the OWASP Top 10 web application security attacks. Next, you will learn how bug bounties are paid by companies to ensure the utmost in security for their products, which can influence customer choices. You will discover how various types of network attacks are executed including Wi-Fi attacks, SYN flood attacks, buffer overflow attacks, advanced persistent threats (APTs), and distributed denial-of-service (DDoS) attacks. Lastly, you will see how VPN anonymizer solutions and the Tor web browser can be used for anonymous network connectivity for legitimate as well as illegal purposes. This course can be used to prepare for the Certified Information Security Manager (CISM) exam.

13 videos | 1h 14m Assessment Badge

CISM 2022: Common Network Security Attacks

Security technicians can benefit significantly by executing network security attacks in a controlled environment. This allows for an in-depth periodic review of security control efficacy related to IT networks. In this course, you will discover how networks can be scanned by attackers seeking potentially vulnerable services using free tools such as Nmap. You will then explore how attackers can compromise a user web browser, how SQL injection attacks can reveal more information than intended by the app designer, and how to configure a reverse shell where the compromised station reaches out to the attacker station, often defeating standard firewall rule sets. Next, you will learn how to spoof network traffic and execute a distributed denial-of-service (DDoS) attack. Lastly, you will discover how to brute force a Windows remote desktop protocol (RDP) connection to gain access to a Windows host. This course can be used to prepare for the Certified Information Security Manager (CISM) exam.

9 videos | 49m Assessment Badge

CISM 2022: Cloud Computing & Coding

The use of cloud services is a form of outsourcing of IT service which also introduces an element of risk. Software developers can use on-premises as well as cloud-based services to create, test, and deploy software solutions. In this course, you will explore cloud deployment models including public, private, hybrid, and community clouds. You will then cover cloud computing service models, such as Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS), including where the security responsibility lies in each model. Next, you will explore various cloud-based security controls addressing a wide variety of cloud computing security needs. You will discover how to deploy a repeatable compliant cloud-based sandbox environment using Microsoft Azure Blueprints. Next, explore how security must be included in each software development life cycle (SDLC) phase as opposed to post-implementation. Finally, discover the importance of secure coding practices and how security must integrate with software development, testing, deployment, and patching. This course can be used to prepare for the Certified Information Security Manager (CISM) exam.

9 videos | 49m Assessment Badge

CISM 2022: Data Protection with Cryptography

Cryptography provides solutions for ensuring data privacy and integrity. Various firmware and software solutions protect data in transit and data at rest. In this course, you will explore the CIA security triad and how it relates to the organization's security program. You will then review various cryptography solutions and discuss data integrity to assure that tampering has not occurred. Next, you will learn how Hardware Security Module (HSM) appliances and Trusted Platform Module (TPM) firmware provide cryptographic services. You will see how Transport Layer Security (TLS) supersedes the deprecated Secure Sockets Layer (SSL) network security protocol suite followed by discussing virtual private network (VPN) encrypted network tunnels, and the IP Security (IPsec) network security protocol suite. Lastly, you will explore the PKI hierarchy and how public key infrastructure (PKI) certificates are used for digital security throughout the certificate life cycle. This course can be used to prepare for the Certified Information Security Manager (CISM) exam.

12 videos | 1h 5m Assessment Badge

CISM 2022: Applied Cryptography

The periodic evaluation of the efficacy of cryptographic solutions is possible only with an understanding of how cryptography secures digital environments. In this course, you will explore data integrity by hashing files on the Linux and Windows platforms in an effort to detect unauthorized changes. You will configure a web application HTTPS binding to secure network communications to and from the web application. Then you will deploy a private certificate authority (CA), manage certificate templates, and deploy public key infrastructure (PKI) certificates. Next, you will configure a web application to require trusted client certificates. Finally, you will encrypt data at rest on Linux, on Windows with Encrypting File System (EFS), and Microsoft Bitlocker, and you will configure a cloud VPN connection and implement IPsec on Windows. This course can be used to prepare for the Certified Information Security Manager (CISM) exam.

14 videos | 1h 16m Assessment Badge

CISM 2022: Secure Device & OS Management

IT departments must work in conjunction with higher-level management to determine when and how to securely use technological solutions that support the business strategy. In this course, begin by exploring how mobile device usage in a business environment can introduce risk and how that risk can be managed with centralized remote wipe capabilities. Then find out how Microsoft Intune can be used to centrally manage devices and how to securely wipe a disk partition. Learn how to harden Windows computers using Group Policy and disable the deprecated SSL network security protocol on Windows hosts. Next, investigate common digital forensics hardware and software solutions, as well as the storage area network (SAN) security and jump box solutions to manage hosts securely and remotely. Finally, discover how to manage Azure resources permissions using managed identities, examine device and OS hardening techniques, and investigate the importance of firmware and software patching. This course can be used to prepare for the Certified Information Security Manager (CISM) exam.

16 videos | 1h 38m Assessment Badge

CISM 2022: Social Engineering & Malware

Modern day IT device users must have an awareness of the deception by malicious actors through their devices. Recurring security awareness training in an organization is by far the most effective way to minimize realized threats against business assets. In this course, you will explore social engineering in its various forms, focusing on malware types like viruses, trojans, and ransomware. Then you will review various examples of phishing email messages and find out how to detect that they are fraudulent. Next, you will use the Metasploit Framework's Social-Engineer Toolkit (SET) to execute a social engineering attack, discover how botnets work, and learn how their function can be mitigated. You will configure a Microsoft Windows virus and threat protection. Finally, you will upload an infected file to an online service for malware scanning. This course can be used to prepare for the Certified Information Security Manager (CISM) exam.

8 videos | 42m Assessment Badge

CISM 2022: Security Monitoring

Because today's business computing environments can contain a dizzying array of device types, centralized data ingestion, and analysis, looking for anomalies is a critical part of defending against technological threats. In this course, you will begin by reviewing Microsoft Defender for Cloud security recommendations in the Microsoft Azure cloud and monitoring the performance of Windows hosts. Then you will review, search, and filter Windows Event Viewer logs, configure Windows log forwarding to a second Windows host, and monitor the performance of a Linux host. Next, you will view various Linux logs, enable Linux log forwarding using syslog-ng, review web server logs, and monitor the performance of cloud services. Finally, you will learn how to decipher threat positives and negatives, how security information and event management (SIEM) and security orchestration, automation, and response (SOAR) can detect and remediate security incidents, and how to configure the Microsoft Sentinel SIEM. This course can be used to prepare for the Certified Information Security Manager (CISM) exam.

15 videos | 1h 24m Assessment Badge

FREE ACCESS

COURSES INCLUDED

CISSP 2024: Professional Ethics & Security Concepts

Regardless of the guidance that one is following as a security professional, one common theme is that architects must be held to a high ethical standard based on their responsibility to manage risk to all assets. In this course, you will explore the International Information System Security Certification Consortium (ISC2) Code of Professional Ethics. Then you will discover organizational codes of ethics, which establish an integral aspect of a mission and model adopted by an organization. Finally, you will focus on the Five Pillars of information security - confidentiality, integrity, availability, authenticity, and non-repudiation. This course helps prepare learners for the Certified Information Systems Security Professional (CISSP) exam.

9 videos | 18m Assessment Badge

CISSP 2024: Security Governance & Compliance Issues

Security governance is the set of practices exercised by executive management to offer strategic direction, ensuring that objectives are achieved, determining that risks are managed properly, and verifying that the organizations' resources are used responsibly. Begin this course by discovering how to align security governance with organizational goals and objectives. Then you will explore organizational processes like acquisitions, divestitures, and governance committees, as well as organizational roles and responsibilities. You will investigate security control frameworks like including the International Organization for Standardization (ISO), the National Institute of Standards and Technology (NIST) and learn about due diligence, due care, cybercrimes, and data breaches. Next, you will examine licensing and intellectual property requirements, import and export controls, transborder data flow, and privacy-related issues. Finally, you will focus on contractual, legal, industry standards and regulatory requirements. This course helps prepare learners for the Certified Information Systems Security Professional (CISSP) exam.

12 videos | 42m Assessment Badge

CISSP 2024: Investigations & Policies

Cybercrime investigation is a critical practice in a modern security landscape. In this field, skilled security professionals from agencies like the FBI use digital forensics to track, analyze, and dismantle various types of cybercrime and cyber threats. This course covers several CISSP exam objectives. You will begin by exploring the requirements for administrative, criminal, civil, regulatory, and industry investigations. You will then learn to develop, document, and implement security policy, standards, procedures, and guidelines. Finally, you will discover considerations for the enforcement of personnel security policies and procedures. This course helps prepare learners for the Certified Information Systems Security Professional (CISSP) exam.

7 videos | 32m Assessment Badge

CISSP 2024: Risk Management Concepts

Security risk management involves the continual process of identifying security risks and implementing strategy and tactics to mitigate them. It is a vital component of any organization's strategy to protect its assets, ensure regulatory compliance, maintain operational continuity, and safeguard its reputation. Begin this course by exploring threat and vulnerability identification, as well as risk analysis, assessment, and response. Next, you will discover control categories, types, and assessments. Then you will investigate continuous monitoring and measurement and risk management reporting. Finally, you will examine continuous improvement and risk frameworks as you gain the essential skills to protect and secure your organization's critical resources. This course helps prepare learners for the Certified Information Systems Security Professional (CISSP) exam.

11 videos | 45m Assessment Badge

CISSP 2024: Threat Modeling, SCRM, & Security Awareness

Threat modeling uses hypothetical scenarios, system and data flow diagrams, and testing to assist in securing systems, applications and data. In this course, the learner will explore threat modeling concepts and methodologies, supply chain risk management (SCRM) concepts, and ways to establish and maintain a security awareness, education, and training program. This course helps prepare learners for the Certified Information Systems Security Professional (CISSP) exam.

8 videos | 29m Assessment Badge

CISSP 2024: Asset Classification, Handling, & Provisioning

It is an established principle that before risk can be assessed and analyzed, an organization must know what physical and software resources they have. This enables businesses to categorize and allocate their assets effectively, thus mitigating risks, optimizing usage, and potentially saving costs. Begin this course by exploring general asset classification, types of assets, and restricted, confidential, internal, and public data. Then you will discover information and asset handling requirements and secure provisioning of assets. Next, you will investigate different use cases for asset ownership. Finally, you will examine tangible and intangible asset inventory and asset management per International Organization for Standardization (ISO) guidelines. This course helps prepare learners for the Certified Information Systems Security Professional (CISSP) exam.

9 videos | 23m Assessment Badge

CISSP 2024: Data Lifecycle, Controls, & Compliance

Data is one of the highest-priority assets that most organizations possess. For CISSP professionals, understanding the data lifecycle to ensure that security measures are applied at each stage to protect sensitive information, controls, and compliance is crucial. Together, these elements form the backbone of a robust security strategy, ensuring that data is managed securely throughout its lifecycle, mitigating risks through effective controls, and meeting legal and regulatory requirements. Begin this course by exploring various data roles like owner, controllers, and processors, as well as in use, in transit, and at rest data states. Then you will delve into the phases of the data lifecycle, including data collection, data location, data maintenance, data retention and remanence, and data destruction. Next, you will compare data scoping to data tailoring and learn how to select appropriate data security and privacy standards. Finally, you will focus on data protection methods, including digital rights management (DRM), data loss prevention (DLP), and cloud access security brokers (CASBs). This course helps prepare learners for the Certified Information Systems Security Professional (CISSP) exam.

12 videos | 34m Assessment Badge

CISSP 2024: Secure Design Principles & Models

For the CISSP exam, one must be able to understand a variety of security design principles and practices. The topics in this course cover the following Domain 3 objectives: research, implement, and manage engineering processes using secure design principles and understand the fundamental concepts of security models. Begin by exploring the importance of least privilege and defense in depth to create multi-layered security defenses and restrict access to sensitive information. You will then look at concepts of segregation of duties (SOD), keeping it simple and small, and privacy by default and design. Next, you will consider how the shared responsibility model is crucial for participants to grasp the roles and accountability in cloud and collaborative environments. You will also explore threat modeling techniques to identify, evaluate, and mitigate potential security threats. Finally, you will compare zero trust vs. trust, explore the secure access service edge (SASE) framework, and consider the fundamental concepts of security models such as Bell-LaPadula, Biba, Star, and Clark-Wilson. This course helps prepare learners for the Certified Information Systems Security Professional (CISSP) exam.

12 videos | 40m Badge

CISSP 2024: Vulnerabilities of Architectures, Designs, & Solution Elements

A security vulnerability is a weakness, flaw, or error found within a security element that has the potential to be leveraged by a threat agent in order to compromise a secure network, system, or application. The goal of this course is to prepare the CISSP candidate to assess and mitigate the vulnerabilities of security architectures, designs, and solution elements. In this course, you will begin by considering the potential vulnerabilities of various systems including client-based, server-based, database, cryptographic, industrial control (ICS), embedded, virtualized, cloud-based, and distributed systems and how you might mitigate these issues. Next, you will walk through ways to lessen vulnerabilities in Internet of Things (IoT) devices and discover how to assess and mitigate vulnerabilities in containerized systems and microservices including application programming interface (API) calls. You will also look at the potential weaknesses in serverless technologies, high-performance computing, and edge computing and how to alleviate these issues. Finally, you will explore the security capabilities of Information Systems like memory protection, Trusted Platform Module (TPM), and encryption/decryption.

14 videos | 55m Badge

CISSP 2024: Cryptographic Solutions & Cryptanalytic Attacks

Cryptology is the science of securing all communications. Cryptography generates messages with hidden meaning whereas cryptanalysis is the science of breaking those encrypted messages to recover their meaning. In this course, we will begin by defining several cryptographic methods such as symmetric, asymmetric, elliptic curves, and quantum and explore the cryptographic life cycle. Next, we will compare key management practices like generation and rotation and look at digital signatures and digital certificates for non-repudiation and integrity. We will then explore public key infrastructure (PKI), including quantum key distribution, and compare several types of brute force attacks. Finally, we will delve into implementation attacks, side-channel attacks, Kerberos exploitation, and ransomware attacks. This course helps prepare learners for the Certified Information Systems Security Professional (CISSP) exam.

12 videos | 48m Badge

FREE ACCESS