Aspire Journeys
612 Security Control Assessor Advanced Certification Journey
- 45 Courses | 38h 1m 56s
Security Control Assessor conduct independent comprehensive assessments of the management, operational, and technical security controls and control enhancements employed within or inherited by an information technology (IT) system to determine the overall effectiveness of the controls (as defined in NIST SP800-37).
COURSES INCLUDED
CompTIA Cybersecurity Analyst+: Network Security Concepts
Cybersecurity policies often require detailed network configuration changes and additions. Technicians must be proficient with the configuration and management of various TCP/IP protocols. In this course, I will start by discussing the Open Systems Interconnection (OSI) model, network switching, and network access control. Next, I'll discuss the TCP/IP protocol suite as well as IPv4 and IPv6 addressing. I will then discuss network routing, dynamic host configuration protocol (DHCP), domain name system (DNS) and Wi-Fi authentication methods. Lastly, I will cover virtual private networks (VPNs), IP Security (IPsec) and network time synchronization. This course can be used to prepare for the CS0-003: CompTIA Cybersecurity Analyst+ (CySA+) exam.
14 videos |
1h 29m
Assessment
Badge
CompTIA Cybersecurity Analyst+: Managing Network Settings
Modern IT solutions communicate over various types of networks. Cybersecurity analysts must be able to configure and secure the ways that devices communicate over these networks. In this course, I will begin by creating on-premises and cloud-based virtual networks, followed by managing IP addressing on Linux, Windows, and in the cloud. Next, I will manage routing table entries in the cloud and implement domain name system (DNS) and Dynamic Host Configuration Protocol (DHCP) security. Lastly, I will harden a Wi-Fi router and configure IPsec in Windows. This course can be used to prepare for the CS0-003: CompTIA Cybersecurity Analyst+ (CySA+) exam.
11 videos |
59m
Assessment
Badge
CompTIA Cybersecurity Analyst+: Cloud Computing & Cybersecurity
Cloud computing is an integral part of IT solutions for individuals and organizations. A knowledge of how cloud computing services are deployed and managed is a requirement for securing cloud-based resources. In this course, I will start by discussing cloud computing deployment models, such as public and private clouds, followed by discussing various cloud computing service models. Next, I will cover a variety of cloud computing security solutions, and I will deploy Linux and Windows cloud-based virtual machines. I will then deploy a web application in the cloud, cover the Cloud Controls Matrix (CCM) security controls, and work with Microsoft Azure managed identities. Lastly, I will discuss and configure a content delivery network (CDN). This course can be used to prepare for the CS0-003: CompTIA Cybersecurity Analyst+ (CySA+) exam.
12 videos |
1h 10m
Assessment
Badge
CompTIA Cybersecurity Analyst+: Virtualization & Container Security
Virtualization comes in a variety of forms, including operating system, application, and desktop virtualization. Cybersecurity analysts regularly manage and secure application containers and virtual machines on-premises and in the cloud. In this course, I will discuss the differences between operating systems, application, and desktop virtualization. I will then configure Microsoft Hyper-V. Next, I will cover application containerization concepts, install Docker on Linux, and manage application containers on Linux. Lastly, I will install Docker on Windows and manage application containers on Windows. This course can be used to prepare for the CS0-003: CompTIA Cybersecurity Analyst+ (CySA+) exam.
7 videos |
36m
Assessment
Badge
CompTIA Cybersecurity Analyst+: Data Security Standards
To remain compliant with relevant data privacy laws and regulations, organizations must have a way of identifying sensitive data and implementing security controls to protect that data. In this course, explore how physical security is related to digital data security, examples of personally identifiable information (PII), and how data loss prevention (DLP) solutions can prevent data exfiltration. Next, learn about common data privacy regulations and standards, including GDPR, HIPAA, and PCI DSS. Finally, discover how to use Amazon Macie and File Server Resource Manager to discover and classify sensitive information and learn about the importance of service level objectives (SLOs) and service level agreements (SLAs). This course can be used to prepare for the CS0-003: CompTIA Cybersecurity Analyst+ (CySA+) exam.
11 videos |
1h 3m
Assessment
Badge
CompTIA Cybersecurity Analyst+: Threat Intelligence
Cybersecurity analysts and security tools can reference a variety of threat intelligence sources to keep up to date with the latest threats and mitigations. These can be used to help keep organization security policies as effective as possible. In this course, examine different threat intelligence sources, the common vulnerabilities and exposures (CVEs) website, and the MITRE ATT&CK knowledge base. Next, discover how the OWASP Top 10 can help harden vulnerable web applications, how advanced persistent threats (APTs) are executed, and common ISO/IEC standards. Finally, learn how to analyze CIS benchmark documents, the Common Vulnerability Scoring System (CVSS), common organization security policy structures, and how organizational culture relates to IT security. This course can be used to prepare for the CS0-003: CompTIA Cybersecurity Analyst+ (CySA+) exam.
12 videos |
1h 9m
Assessment
Badge
CompTIA Cybersecurity Analyst+: Managing Risk
Risk is inevitable when relying on IT systems to manage data. Cybersecurity analysts can apply a variety of techniques to manage risk to an acceptable level. In this course, explore how risk management can minimize the impact of IT security events and discuss the relevance of recurring risk assessments and the use of a risk register. You will then consider risk treatments such as risk avoidance and risk transfer. Next, discover how to calculate the annual loss expectancy (ALE) and how this compares to the cost of security controls. Explore security control types such as preventative and compensating controls. Finally, you will look at how configuration management relates to IT security, how to establish security baselines and replicate cloud storage, and how to back up data to the cloud. This course can be used to prepare for the CS0-003: CompTIA Cybersecurity Analyst+ (CySA+) exam.
14 videos |
1h 19m
Assessment
Badge
CompTIA Cybersecurity Analyst+: Business Continuity
Organizations must prepare in advance for the inevitable disruption of business operations. This means proactive planning to not only prevent disruptions but also manage them to reduce their negative impact. In this course, you'll begin by exploring common characteristics of a business continuity plan (BCP) and how to conduct a business impact analysis (BIA). You will then consider disaster recovery and incident response plans and focus on incident response activities such as escalation, eradication, and containment. Next, discover the importance of lessons learned from past incidents in order to make future incident response more effective. Lastly, you will explore the cyber-attack kill chain and the diamond model of intrusion analysis. This course can be used to prepare for the CS0-003: CompTIA Cybersecurity Analyst+ (CySA+) exam.
12 videos |
1h 9m
Assessment
Badge
CompTIA Cybersecurity Analyst+: OS Process Management
Managing the running processes on Linux and Windows hosts not only improves performance but also impacts how secure those hosts are. Determining what an abnormal performance or activity is greatly facilitates comparisons to current activity to established baselines of normal performance and behavior. In this course, I will start by navigating through the Windows registry followed by exploring Linux hardware devices using the Linux command line. I will then use the Windows Device Manager tool to manage a hardware device. Next, I will create partitions and file systems on Linux and Windows hosts followed by covering how processes and daemons interact with the Linux OS. I will manage Linux and Windows processes and daemons, or services. Lastly, I will establish a normal performance baseline on a Windows Server using a data collector set. This course can be used to prepare for the CS0-003: CompTIA Cybersecurity Analyst+ (CySA+) exam.
11 videos |
59m
Assessment
Badge
CompTIA Cybersecurity Analyst+: Authentication
Hardening authentication processes makes it more difficult for attackers to compromise accounts. Managing users and groups allows for access to required resources. In this course, you will explore authentication methods, including passwordless login. Then you will learn how to manage Linux users and groups using the command line and how to enable Secure Shell (SSH) public key authentication. Next, you will install and configure a Lightweight Directory Access Protocol (LDAP) server and client, manage Windows and cloud users and groups, and examine dynamic membership cloud-based groups. Finally, you will configure multi-factor authentication (MFA) for AWS users, manage Windows password policies, and discover identity federation. This course can be used to prepare for the CS0-003: CompTIA Cybersecurity Analyst+ (CySA+) exam.
13 videos |
1h 19m
Assessment
Badge
CompTIA Cybersecurity Analyst+: Authorization
Strong authorization settings limit permissions to resources for authenticated entities. Cybersecurity analysts must be aware of how to not only configure resource permissions, but also how to evaluate existing permissions to ensure adherence to the principle of least privilege. In this course, you will discover how authorization is related to, but differs from, authentication. Then you will explore access control models, such as role-based access control (RBAC) and attribute-based access control (ABAC). Next, you will find out how to manage Linux and Windows file system permissions using the command lines. Finally, you will learn how to configure Windows dynamic access control, work with privileged access management in Linux using sudo, and manage RBAC permissions in the Microsoft Azure cloud. This course can be used to prepare for the CS0-003: CompTIA Cybersecurity Analyst+ exam.
9 videos |
52m
Assessment
Badge
CompTIA Cybersecurity Analyst+: Cryptography
Confidentiality, integrity, and availability are core pillars of IT security governance. Cybersecurity analysts can harden IT environments using various encryption and hashing techniques. In this course, examine how the CIA triad relates to IT security and how cryptography protects sensitive data. Next, discover how to configure EFS file encryption and Microsoft BitLocker encryption, and use a customer-managed key to enable encryption for an Azure storage account. Finally, learn how to hash files in Linux and Windows, about hardware security modules (HSMs), and how TLS supersedes SSL. This course can be used to prepare for the CS0-003: CompTIA Cybersecurity Analyst+ exam.
12 videos |
1h 5m
Assessment
Badge
CompTIA Cybersecurity Analyst+: Public Key Infrastructure
Public key infrastructure (PKI) certificates are used to secure IT environments in many different ways, such as through e-mail encryption and web server HTTPS bindings. Technicians must have an understanding of how PKI certificates are requested, issued, and used. In this course, I'll start by discussing the PKI hierarchy from certification authorities (CAs) down to issued certificates and explore the PKI certificate life cycle. Next, I will deploy a private CA on the Windows platform and demonstrate how to manage PKI certificate templates. Then, I will acquire PKI certificates and configure a web server HTTPS binding. Lastly, I will configure a website to allow access only from clients with trusted PKI certificates. This course can be used to prepare for the CS0-003: CompTIA Cybersecurity Analyst+ exam.
9 videos |
49m
Assessment
Badge
CompTIA Cybersecurity Analyst+: Firewalls & Intrusion Detection
Firewall solutions control which types of network traffic are allowed into, through, or to leave a host or network. Cybersecurity analysts must know which type of firewall is needed for a given requirement as well as the placement of the firewall solution on the network. In this course, you will begin with a comparison of firewall types such as packet filtering, next-generation, and web application firewalls and learn how to determine their placement on the network. Then you will configure Windows Defender and Linux firewall settings. Next, you will configure Azure network security group firewall rules and explore the role played by forward and reverse proxy servers. Finally, you will install the Squid proxy server on Linux, find out how intrusion detection and prevention systems can address security concerns, and install and configure the Snort IDS. This course can be used to prepare for the CS0-003: CompTIA Cybersecurity Analyst+ exam.
10 videos |
56m
Assessment
Badge
CompTIA Cybersecurity Analyst+: Hardening Techniques
Hardening refers to attack surface reduction in IT environments and can be applied to any type of device or software environment, including storage area networks (SANs). Firmware and software patches should be applied to ensure that potential security flaws in code have been addressed. In this course, I will begin by covering hardening techniques for a variety of IT environments, followed by using Microsoft Group Policy to configure security settings for Active Directory domain-joined computers. Next, I will discuss storage area networks and related security considerations. I will then remove the need for virtual machine (VM) public IP addresses by allowing remote access through Microsoft Azure Bastion. I will discuss the importance of applying hardware and software patches. Lastly, I will install and configure a Windows Server Update Services (WSUS) server and deploy updates to Microsoft Azure virtual machines. This course can be used to prepare for the CS0-003: CompTIA Cybersecurity Analyst+ exam.
10 videos |
56m
Assessment
Badge
CompTIA Cybersecurity Analyst+: Malware
Malicious actors are motivated and influenced by a variety of factors, and one of the most effective security mechanisms organizations can employ is user awareness and training on security threats. Cybersecurity analysts must be aware of various types of attacks and how scripting languages and tools are used to execute these attacks. In this course, learn about threat actor types and their motivations and how security baselines facilitate the identification of non-compliant devices. Next, explore examples of social engineering attacks and use the Social-Engineer Toolkit (SET) to execute such an attack. Finally, examine the characteristics of malware types, common scripting languages, and how to recognize potential indicators of malicious activity. This course can be used to prepare for the CS0-003: CompTIA Cybersecurity Analyst+ exam.
15 videos |
1h 33m
Assessment
Badge
CompTIA Cybersecurity Analyst+: Malicious Techniques & Procedures
Understanding the characteristics of various types of attacks goes a long way in helping cybersecurity analysts prevent and detect malicious activity. A knowledge of techniques and attacks such as buffer overflows and distributed denial-of-service (DDoS) attacks facilitates mitigation planning. In this course, I will begin by covering how SYN flood attacks from the 3-way Transmission Control Protocol (TCP) handshake. Next, I will detail various types of buffer overflow, cross-site scripting (XSS), and injection attacks. I will then execute a structured query language (SQL) injection attack followed by discussing potential extensible markup language (XML) vulnerabilities and DDoS attack mitigations. Moving on, I will run a denial-of-service (DoS), client web browser, and reverse shell attack. Lastly, I will spoof network traffic, crack Remote Desktop Protocol (RDP) passwords and discuss common Wi-Fi attacks. This course can be used to prepare for the CS0-003: CompTIA Cybersecurity Analyst+ exam.
15 videos |
1h 27m
Assessment
Badge
CompTIA Cybersecurity Analyst+: Analyzing Malicious Activity
Malware mitigation techniques include the deployment, configuration, and ongoing management of virus and threat endpoint protection. Online tools such as VirusTotal can be used to upload suspicious files that might contain malware. Cybersecurity technicians must be able to determine the authenticity of email messages as well as create sandbox environments for testing configurations. In this course, you will begin by configuring Windows virus and threat protection and uploading a potentially infected file to VirusTotal. Next, you will determine when to use cloud-based and on-premises malware analysis solutions like Joe Sandbox and Cuckoo Sandbox. Then you will view email details in an effort to determine message authenticity and you will create a repeatable compliant environment using Azure Blueprints. Finally, you will learn how to work with user virtual private networks (VPNs) and the Tor web browser and find out how bug bounties offer rewards for the identification of flaws in hardware and software. This course can be used to prepare for the CS0-003: CompTIA Cybersecurity Analyst+ exam.
9 videos |
43m
Assessment
Badge
CompTIA Cybersecurity Analyst+: Vulnerability & Penetration Testing
Vulnerability scanning identifies host and network vulnerabilities and must be an ongoing task. Penetration testing is an active security method by which there is an attempt to exploit discovered vulnerabilities. In this course, you will discover how to plan for, schedule, and execute vulnerability assessments, identify common vulnerability scanning tools, and conduct an nmap scan. Next, you will use Nessus and Zenmap to execute security scans and text web app security using the OWASP Zed Attack Proxy (ZAP) tool. Then you will explore penetration testing and the Metasploit framework and use the Burp Suite tool as an HTTP intermediary proxy. Finally, you will learn how to manage Azure policy, investigate potential indicators of compromise, and examine how IT security relates to industrial control systems. This course can be used to prepare for the CS0-003: CompTIA Cybersecurity Analyst+ exam.
14 videos |
1h 21m
Assessment
Badge
CompTIA Cybersecurity Analyst+: Secure Coding & Digital Forensics
Security must be included in all phases of IT system and software development designs. Continuous integration and continuous delivery/deployment (CI/CD) integrates development and ongoing management of IT solutions. Cybersecurity analysts must understand IT governance and digital forensics concepts. Begin this course by examining the role of security in the software development life cycle (SDLC). Then you will explore CI/CD and learn how Git is used for file version control. Next, you will discover how the Control Objectives for Information and Related Technologies (COBIT) framework applies to IT governance and you will investigate digital forensics. Finally, you will configure legal hold settings for a cloud storage account and list common digital forensics hardware and software solutions. This course can be used to prepare for the CS0-003: CompTIA Cybersecurity Analyst+ exam.
10 videos |
55m
Assessment
Badge
CompTIA Cybersecurity Analyst+: Logging & Monitoring
Logging and monitoring are crucial aspects of IT security governance. The ability to configure and centrally monitor logs to detect anomalies can prevent security incidents or minimize their impact. In this course, learn how to view Linux log files, configure log rotation for log retention, and configure Linux log forwarding to a central logging host. Next, work with Windows Event Viewer logs and configure Windows log forwarding. Finally, discover how tracking malicious actor activity is possible using honeypots and honeynets and how to implement a honeypot. This course can be used to prepare for the CS0-003: CompTIA Cybersecurity Analyst+ exam.
10 videos |
55m
Assessment
Badge
CompTIA Cybersecurity Analyst+: Security & Network Monitoring
SIEM solutions serve as centralized data ingestion and analysis engines that seek out potential security issues. Security incident response can be partially or fully automated using SOAR solutions. In this course, discover the benefits of security information and event management (SIEM) and security orchestration, automation, and response (SOAR) security incident monitoring and response solutions. Next, explore threat positives and negatives, followed by deploying the Splunk SIEM on Linux. Finally, learn how to configure a Splunk universal forwarder and use various tools to capture and analyze network traffic. This course can be used to prepare for the CS0-003: CompTIA Cybersecurity Analyst+ exam.
12 videos |
1h
Assessment
Badge
COURSES INCLUDED
CISSP 2024: Professional Ethics & Security Concepts
Regardless of the guidance that one is following as a security professional, one common theme is that architects must be held to a high ethical standard based on their responsibility to manage risk to all assets. In this course, you will explore the International Information System Security Certification Consortium (ISC2) Code of Professional Ethics. Then you will discover organizational codes of ethics, which establish an integral aspect of a mission and model adopted by an organization. Finally, you will focus on the Five Pillars of information security - confidentiality, integrity, availability, authenticity, and non-repudiation. This course helps prepare learners for the Certified Information Systems Security Professional (CISSP) exam.
9 videos |
18m
Assessment
Badge
CISSP 2024: Security Governance & Compliance Issues
Security governance is the set of practices exercised by executive management to offer strategic direction, ensuring that objectives are achieved, determining that risks are managed properly, and verifying that the organizations' resources are used responsibly. Begin this course by discovering how to align security governance with organizational goals and objectives. Then you will explore organizational processes like acquisitions, divestitures, and governance committees, as well as organizational roles and responsibilities. You will investigate security control frameworks like including the International Organization for Standardization (ISO), the National Institute of Standards and Technology (NIST) and learn about due diligence, due care, cybercrimes, and data breaches. Next, you will examine licensing and intellectual property requirements, import and export controls, transborder data flow, and privacy-related issues. Finally, you will focus on contractual, legal, industry standards and regulatory requirements. This course helps prepare learners for the Certified Information Systems Security Professional (CISSP) exam.
12 videos |
42m
Assessment
Badge
CISSP 2024: Investigations & Policies
Cybercrime investigation is a critical practice in a modern security landscape. In this field, skilled security professionals from agencies like the FBI use digital forensics to track, analyze, and dismantle various types of cybercrime and cyber threats. This course covers several CISSP exam objectives. You will begin by exploring the requirements for administrative, criminal, civil, regulatory, and industry investigations. You will then learn to develop, document, and implement security policy, standards, procedures, and guidelines. Finally, you will discover considerations for the enforcement of personnel security policies and procedures. This course helps prepare learners for the Certified Information Systems Security Professional (CISSP) exam.
7 videos |
32m
Assessment
Badge
CISSP 2024: Risk Management Concepts
Security risk management involves the continual process of identifying security risks and implementing strategy and tactics to mitigate them. It is a vital component of any organization's strategy to protect its assets, ensure regulatory compliance, maintain operational continuity, and safeguard its reputation. Begin this course by exploring threat and vulnerability identification, as well as risk analysis, assessment, and response. Next, you will discover control categories, types, and assessments. Then you will investigate continuous monitoring and measurement and risk management reporting. Finally, you will examine continuous improvement and risk frameworks as you gain the essential skills to protect and secure your organization's critical resources. This course helps prepare learners for the Certified Information Systems Security Professional (CISSP) exam.
11 videos |
45m
Assessment
Badge
CISSP 2024: Threat Modeling, SCRM, & Security Awareness
Threat modeling uses hypothetical scenarios, system and data flow diagrams, and testing to assist in securing systems, applications and data. In this course, the learner will explore threat modeling concepts and methodologies, supply chain risk management (SCRM) concepts, and ways to establish and maintain a security awareness, education, and training program. This course helps prepare learners for the Certified Information Systems Security Professional (CISSP) exam.
8 videos |
29m
Assessment
Badge
CISSP 2024: Asset Classification, Handling, & Provisioning
It is an established principle that before risk can be assessed and analyzed, an organization must know what physical and software resources they have. This enables businesses to categorize and allocate their assets effectively, thus mitigating risks, optimizing usage, and potentially saving costs. Begin this course by exploring general asset classification, types of assets, and restricted, confidential, internal, and public data. Then you will discover information and asset handling requirements and secure provisioning of assets. Next, you will investigate different use cases for asset ownership. Finally, you will examine tangible and intangible asset inventory and asset management per International Organization for Standardization (ISO) guidelines. This course helps prepare learners for the Certified Information Systems Security Professional (CISSP) exam.
9 videos |
23m
Assessment
Badge
CISSP 2024: Data Lifecycle, Controls, & Compliance
Data is one of the highest-priority assets that most organizations possess. For CISSP professionals, understanding the data lifecycle to ensure that security measures are applied at each stage to protect sensitive information, controls, and compliance is crucial. Together, these elements form the backbone of a robust security strategy, ensuring that data is managed securely throughout its lifecycle, mitigating risks through effective controls, and meeting legal and regulatory requirements. Begin this course by exploring various data roles like owner, controllers, and processors, as well as in use, in transit, and at rest data states. Then you will delve into the phases of the data lifecycle, including data collection, data location, data maintenance, data retention and remanence, and data destruction. Next, you will compare data scoping to data tailoring and learn how to select appropriate data security and privacy standards. Finally, you will focus on data protection methods, including digital rights management (DRM), data loss prevention (DLP), and cloud access security brokers (CASBs). This course helps prepare learners for the Certified Information Systems Security Professional (CISSP) exam.
12 videos |
34m
Assessment
Badge
CISSP 2024: Secure Design Principles & Models
For the CISSP exam, one must be able to understand a variety of security design principles and practices. The topics in this course cover the following Domain 3 objectives: research, implement, and manage engineering processes using secure design principles and understand the fundamental concepts of security models. Begin by exploring the importance of least privilege and defense in depth to create multi-layered security defenses and restrict access to sensitive information. You will then look at concepts of segregation of duties (SOD), keeping it simple and small, and privacy by default and design. Next, you will consider how the shared responsibility model is crucial for participants to grasp the roles and accountability in cloud and collaborative environments. You will also explore threat modeling techniques to identify, evaluate, and mitigate potential security threats. Finally, you will compare zero trust vs. trust, explore the secure access service edge (SASE) framework, and consider the fundamental concepts of security models such as Bell-LaPadula, Biba, Star, and Clark-Wilson. This course helps prepare learners for the Certified Information Systems Security Professional (CISSP) exam.
12 videos |
40m
Assessment
Badge
CISSP 2024: Vulnerabilities of Architectures, Designs, & Solution Elements
A security vulnerability is a weakness, flaw, or error found within a security element that has the potential to be leveraged by a threat agent in order to compromise a secure network, system, or application. The goal of this course is to prepare the CISSP candidate to assess and mitigate the vulnerabilities of security architectures, designs, and solution elements. In this course, you will begin by considering the potential vulnerabilities of various systems including client-based, server-based, database, cryptographic, industrial control (ICS), embedded, virtualized, cloud-based, and distributed systems and how you might mitigate these issues. Next, you will walk through ways to lessen vulnerabilities in Internet of Things (IoT) devices and discover how to assess and mitigate vulnerabilities in containerized systems and microservices including application programming interface (API) calls. You will also look at the potential weaknesses in serverless technologies, high-performance computing, and edge computing and how to alleviate these issues. Finally, you will explore the security capabilities of Information Systems like memory protection, Trusted Platform Module (TPM), and encryption/decryption.
14 videos |
55m
Assessment
Badge
CISSP 2024: Cryptographic Solutions & Cryptanalytic Attacks
Cryptology is the science of securing all communications. Cryptography generates messages with hidden meaning whereas cryptanalysis is the science of breaking those encrypted messages to recover their meaning. In this course, we will begin by defining several cryptographic methods such as symmetric, asymmetric, elliptic curves, and quantum and explore the cryptographic life cycle. Next, we will compare key management practices like generation and rotation and look at digital signatures and digital certificates for non-repudiation and integrity. We will then explore public key infrastructure (PKI), including quantum key distribution, and compare several types of brute force attacks. Finally, we will delve into implementation attacks, side-channel attacks, Kerberos exploitation, and ransomware attacks. This course helps prepare learners for the Certified Information Systems Security Professional (CISSP) exam.
12 videos |
48m
Assessment
Badge
CISSP 2024: Site & Facility Security
Physical security consists of tested practices for protecting building sites and equipment (and all information and software contained therein) from theft, vandalism, natural disaster, human-caused catastrophes, and accidental damage, thereby maintaining overall organizational security. Begin this course by exploring site and facility security design principles, as well as perimeter and internal security controls to gain insights into safeguarding both the outer and inner layers of infrastructure. Then you will investigate security concerns for wiring closets, distribution frames, server rooms, data centers, and media and evidence storage facilities. Next, you will examine security issues for restricted and work areas, utilities, and heating, ventilation, and air conditioning (HVAC) systems. Additionally, you will focus on environmental topics, including fire prevention, detection, and suppression. Finally, you will discover power issues and controls, including redundancy and backup, and personnel safety concerns including insider threats, social media impacts, two-factor authentication (2FA) fatigue, emergency management, and duress. This course helps prepare learners for the Certified Information Systems Security Professional (CISSP) exam.
13 videos |
46m
Assessment
Badge
CISSP 2024: Secure Design Principles in Network Architectures (Part 1)
In the digital era, understanding network protocols and their impact on performance is crucial for IT professionals tasked with maintaining robust and efficient communication systems. This course is the first of two courses that cover a large part of CISSP Domain 4. In this course the learner will focus on several aspects of secure design principles in network architectures including OSI and TCP/IP protocols for IPv4 and IPv6, secure protocols, multilayer protocol implications, converged protocols, transport architectures, performance metrics, and traffic flows. This course helps prepare learners for the Certified Information Systems Security Professional (CISSP) exam.
10 videos |
47m
Assessment
Badge
CISSP 2024: Secure Design Principles in Network Architectures (Part 2)
In today's increasingly complex threat landscape, securing physical sites and facilities is paramount for safeguarding assets, data, and personnel. This course covers secure design principles in network architectures beginning with an exploration of physical and logical segmentation and microsegmentation. Next you will dig into edge networks, including peering and ingress/egress. You will compare types of wireless networks and explore cellular and mobile networks. Next you will discover the roles of content distribution networks (CDNs), software-defined networks (SDNs), and virtual private clouds (VPCs) in security design. Finally, you will explore security monitoring and management. This course helps prepare learners for the Certified Information Systems Security Professional (CISSP) exam.
12 videos |
47m
Assessment
Badge
CISSP 2024: Securing Network Components & Communication Channels
Evaluate the best data communications solutions for your organizations based on factors such as reliability, cost, and security. In this course, you'll explore how to design and deploy infrastructure that meets the requirements of modern businesses. Learn how to evaluate infrastructure solutions based on factors such as reliability, scalability, and cost-effectiveness, explore the best practices for maintaining that infrastructure, and learn about the different types of transmission media, including physical security and signal propagation quality. Next, you'll discover different transmission media solutions, Network Access Control (NAC) systems, and gain an understanding of how to design and deploy NAC solutions that provide comprehensive security to network endpoints. Finally, explore the different types of data communications, including backhaul networks, satellite, and third-party connectivity such as telecom providers and hardware support. This course helps prepare learners for the Certified Information Systems Security Professional (CISSP) exam.
10 videos |
34m
Assessment
Badge
CISSP 2024: Controlling Asset Access, Device Identification, and Authentication
Traditionally, access control has been described as AAA services. Authentication, authorization, and accounting (AAA) is a security framework that controls access to computer resources, enforces policies, and audits usage. This course explores classic and evolving approaches to controlling asset access and device identification and authentication. Topics include physical and logical access, groups and roles, AAA services, session management, registration, proofing, identity, federated identity management (FIM), credential management systems, single sign-on (SSO), Just-In-Time (JIT), authentication systems, and federated identity. This course helps prepare learners for the Certified Information Systems Security Professional (CISSP) exam.
13 videos |
45m
Assessment
Badge
CISSP 2024: Authorization Mechanisms & Identity Management
While authentication is technically mandatory, authorization is optional, and if all principals had root or administrative access in a small organization, there would be no need for different access layers. This scenario, however, is quite rare and is a violation of modern identity management and zero-trust initiatives. In this course, learn about the implementation and management of authorization mechanisms and control of the identity and access provisioning lifecycle, including rule-based, role-based, discretionary, mandatory, attribute-based, and risk-based access controls. Next, compare attribute-based access control (ABAC) with RBAC and explore access policy enforcement, account access review, and provisioning/deprovisioning. Finally, examine role definitions and transitions, privilege escalation, and service accounts management. This course helps prepare learners for the Certified Information Systems Security Professional (CISSP) exam.
13 videos |
35m
Assessment
Badge
CISSP 2024: Security Audit & Controls Testing
A security audit is a comprehensive assessment of an organization's information systems. Typically, they measure the systems and applications against an audit checklist of industry best practices, externally established standards, and/or federal regulations. In this course, differentiate internal, external, and third-party auditing and learn about locations for auditing and controls testing, the purpose of a vulnerability assessment, and the basics of penetration testing. Next, explore log reviews and log data, code review and testing techniques, and compare synthetic transactions, benchmark, and misuse case testing. Finally, examine coverage analysis concepts, compare interface testing methods, and discover the purpose of compliance checks. This course helps prepare learners for the Certified Information Systems Security Professional (CISSP) exam.
12 videos |
34m
Assessment
Badge
CISSP 2024: Collecting & Analyzing Security Process Data
Collecting and analyzing security process data is a key aspect of maintaining and improving the overall security of a business or organization, and there is a vast array of sources and metrics that must be considered. In this course, learn about account management process data collection, management review and approval data collection, and key concepts of security management key performance indicators (KPI) and key risk indicators (KRIs). Next, examine data backup verification best practices, training and awareness process data, and disaster recovery (DR) and business continuity (BC) process data. Finally, discover how to analyze test output and generate reports, and explore best practices for proper security audit reporting. This course helps prepare learners for the Certified Information Systems Security Professional (CISSP) exam.
10 videos |
22m
Assessment
Badge
CISSP 2024: Logging, Monitoring, & Investigations
In the realm of cybersecurity, logging, monitoring, and investigations play a critical role in ensuring the integrity, confidentiality, and availability of information systems. These processes help to safeguard an organization's digital assets from potential threats. In this course, learn about log management, intrusion detection and prevention systems (IDPS), and compare security information and event management (SIEM) and security orchestration, automation, and response (SOAR). Next, explore continuous monitoring and tuning, threat intelligence and hunting concepts, and user and entity behavior analytics. Finally, examine cyber forensics collection and handling, the forensic analysis process and activities, and forensic reporting and documentation. This course helps prepare learners for the Certified Information Systems Security Professional (CISSP) exam.
12 videos |
33m
Assessment
Badge
CISSP 2024: Foundational Security Operations & Resource Protection
Different organizations have varying definitions of change management and configuration management in IT. In this course, learn the differences between IT change management and configuration management, compare need to know and least privilege, and explore segregation of duties (SoD) and privileged account management (PAM). Next, learn about job rotation, service-level agreements (SLAs), and how to apply resource protection for media management. Finally, examine the processes of the incident management life cycle, including preparation, detection, response, mitigation, reporting, recovery, remediation, and lessons learned. This course helps prepare learners for the Certified Information Systems Security Professional (CISSP) exam.
14 videos |
36m
Assessment
Badge
CISSP 2024: Operating Detection & Preventative Measures
A firewall system is designed to prevent fires from spreading from one zone or domain to another. Patch management, on the other hand, can stop a fire from ever starting. In this course, examine operating detection and preventative measures, including intrusion detection systems (IDS) and intrusion prevention systems (IPS) and whitelisting and blacklisting. Next, learn about third-party security services, sandboxing, and honeypots and honeynets. Finally, explore antimalware systems, machine learning (ML) and AI-based tools, and how to implement and support patch and vulnerability management. This course helps prepare learners for the Certified Information Systems Security Professional (CISSP) exam.
11 videos |
36m
Badge
CISSP 2024: Business Continuity Planning & Exercises
Business continuity planning is a systematic and comprehensive strategy and set of tactics for ensuring that an organization can prevent or quickly recover from a significant disruption to its operations at a pre-determined acceptable level. In this course, discover methods to identify, assess, prioritize, and implement business continuity requirements. Learn about the business continuity plan (BCP) and business impact analysis (BIA). Next, explore how to implement recovery strategies using backup storage and recovery sites. Finally, learn about the importance of system and design resilience, high availability, and fault tolerance. This course helps prepare learners for the Certified Information Systems Security Professional (CISSP) exam.
9 videos |
35m
Badge
CISSP 2024: Implement Disaster Recovery
Generally speaking, disaster recovery (DR) involves securely replicating and backing up critical data and workloads to another or multiple sites. In this course, learn about disaster recovery response, personnel involved in the disaster recovery process, communications methods for disaster recovery, and disaster recovery plan (DRP) assessments. Next, explore the restoration from disasters process, various methods for testing the disaster recovery plan, and documenting lessons learned in disaster recovery. Finally, examine how to communicate test results and best practices for training and awareness for disaster recovery planning. This course helps prepare learners for the Certified Information Systems Security Professional (CISSP) exam.
11 videos |
21m
Badge
CISSP 2024: Securing the SDLC & Software Development Ecosystems
According to Amazon Web Services (AWS), the Software Development Life Cycle (SDLC) is a cost-effective and time-efficient development team process used to design and build high-quality software. The goal of the SDLC is minimizing project risks through forward planning so software during production and beyond meets customer expectations. In this course, explore various development methodologies and maturity models and DevOps operations, maintenance, and change management concepts. Next, explore integrated product teams (IPTs), apply security controls in various scenarios, and work with integrated development environments (IDEs) and toolsets. Finally, learn how to apply security controls in CI/CD and code repositories, software configuration management (SCM) benefits, and application security testing techniques. This course helps prepare learners for the Certified Information Systems Security Professional (CISSP) exam.
12 videos |
42m
Assessment
Badge
EARN A DIGITAL BADGE WHEN YOU COMPLETE THESE TRACKS
Skillsoft is providing you the opportunity to earn a digital badge upon successful completion on some of our courses, which can be shared on any social network or business platform.
Digital badges are yours to keep, forever.YOU MIGHT ALSO LIKE
Rating 4.4 of 17 users
(17)
Rating 4.6 of 123 users
(123)