621 Software Developer Advanced KSAT Journey

There are several cloud computing fundamental definitions, characteristics, and building block technologies each CCSP candidate should know. Learn about these and other core cloud computing concepts in this CCSP course. Explore the core fundamentals, core concepts, and technologies of cloud computing, such as cloud roles and responsibilities, broad network access, virtualization, and others. Next, study cloud computing's shared considerations and value propositions, including interoperability, agility, security, resiliency, performance, and more. Finally, examine the impact of cloud and related technologies like data science, artificial intelligence (AI), the Internet of Things (IoT), DevSecOps, and others. This is one of a collection of courses that fully prepares the learner for the (ISC)² Certified Cloud Security Professional (CCSP) 2022 exam.

Systems planning, testing, integration, and delivery are key elements of ensuring the timely delivery of system changes or entirely novel solutions. In this course, you will explore the phases of the system development life cycle (SDLC) and IT project management. Next, you will examine continuous integration and delivery (CI/CD) and process improvement, including advantages and common methodologies. Then you will discover infrastructure deployment, system migration and data conversion, and cloud migration assessments. Finally, you will learn about the post-implementation review process and post-implementation activities and best practices. This course helps prepare learners for the ISACA certification exam, Certified Information Systems Auditor (CISA).

Any IT environment requires a firm understanding of data privacy. Privacy laws and regulations, combined with industry practices, form the basis for effective information protection. In this course, you'll explore data privacy, beginning with the CIA Triad, personally identifiable information (PII), and Protected Health Information (PHI). You will learn about the General Data Protection Regulation (GDPR), Payment Card Industry Data Security Standard (PCI DSS), compliance with GDPR and PCI DSS, the Health Insurance Portability and Accountability Act (HIPAA), and Federal Risk and Authorization Management Program (FedRAMP). Finally, you'll dig into assets and risks, annualized loss expectancy (ALE), and network inventories. This course helps prepare learners for the ISACA certification exam, Certified Information Systems Auditor (CISA).

Information is a primary asset of most organizations today. It has a real value and, if compromised, could have real implications for the enterprise. In this course, you will explore considerations for protecting information assets, beginning with cryptography, asymmetric and symmetric encryption, Windows Encrypting File System, and Windows BitLocker. Then, you will learn about file integrity, the public key infrastructure (PKI) hierarchy, the PKI certificate life cycle, and private certificate authorities (CAs). Finally, you will discover certificate templates, manual certificate issuance, securing network traffic, disabling SSLv3, enabling an HTTPS website, and client Secure Sockets Layer (SSL)/Transport Layer Security (TLS) certificates. This course helps prepare learners for the ISACA certification exam, Certified Information Systems Auditor (CISA).

Digital asset protection is a key concern for the modern enterprise. As most organizations rely heavily on information systems in their day-to-day operations, protecting these valuable assets is of paramount importance. In this course, you'll learn about digital asset protection principles, beginning with organizational security policies, security and the OSI model, password security, and endpoint security. Then, you'll explore data loss prevention (DLP), Internet of Things (IoT) devices, IoT device vulnerability, and IoT security. Finally, you'll dig into mobile device access control, mobile device hardening, mobile device policies, and malicious app store apps. This course helps prepare learners for the ISACA certification exam, Certified Information Systems Auditor (CISA).

Systems development and vulnerability testing often go hand in hand to ensure the timely delivery of system changes or entire new solutions. In this course, you'll learn about system development and vulnerability testing, beginning with secure coding, security testing types, vulnerability scanning, and how to perform a vulnerability scan. Then you'll explore comparing network scans, penetration testing, packet forgery, and web application vulnerability scans. Finally, you'll dig into IPsec network traffic, jump boxes, and honeypots. This course helps prepare learners for the ISACA certification exam, Certified Information Systems Auditor (CISA).

Regardless of the guidance that one is following as a security professional, one common theme is that architects must be held to a high ethical standard based on their responsibility to manage risk to all assets. In this course, you will explore the International Information System Security Certification Consortium (ISC2) Code of Professional Ethics. Then you will discover organizational codes of ethics, which establish an integral aspect of a mission and model adopted by an organization. Finally, you will focus on the Five Pillars of information security - confidentiality, integrity, availability, authenticity, and non-repudiation. This course helps prepare learners for the Certified Information Systems Security Professional (CISSP) exam.

Security risk management involves the continual process of identifying security risks and implementing strategy and tactics to mitigate them. It is a vital component of any organization's strategy to protect its assets, ensure regulatory compliance, maintain operational continuity, and safeguard its reputation. Begin this course by exploring threat and vulnerability identification, as well as risk analysis, assessment, and response. Next, you will discover control categories, types, and assessments. Then you will investigate continuous monitoring and measurement and risk management reporting. Finally, you will examine continuous improvement and risk frameworks as you gain the essential skills to protect and secure your organization's critical resources. This course helps prepare learners for the Certified Information Systems Security Professional (CISSP) exam.

A security vulnerability is a weakness, flaw, or error found within a security element that has the potential to be leveraged by a threat agent in order to compromise a secure network, system, or application. The goal of this course is to prepare the CISSP candidate to assess and mitigate the vulnerabilities of security architectures, designs, and solution elements. In this course, you will begin by considering the potential vulnerabilities of various systems including client-based, server-based, database, cryptographic, industrial control (ICS), embedded, virtualized, cloud-based, and distributed systems and how you might mitigate these issues. Next, you will walk through ways to lessen vulnerabilities in Internet of Things (IoT) devices and discover how to assess and mitigate vulnerabilities in containerized systems and microservices including application programming interface (API) calls. You will also look at the potential weaknesses in serverless technologies, high-performance computing, and edge computing and how to alleviate these issues. Finally, you will explore the security capabilities of Information Systems like memory protection, Trusted Platform Module (TPM), and encryption/decryption.

Cryptology is the science of securing all communications. Cryptography generates messages with hidden meaning whereas cryptanalysis is the science of breaking those encrypted messages to recover their meaning. In this course, we will begin by defining several cryptographic methods such as symmetric, asymmetric, elliptic curves, and quantum and explore the cryptographic life cycle. Next, we will compare key management practices like generation and rotation and look at digital signatures and digital certificates for non-repudiation and integrity. We will then explore public key infrastructure (PKI), including quantum key distribution, and compare several types of brute force attacks. Finally, we will delve into implementation attacks, side-channel attacks, Kerberos exploitation, and ransomware attacks. This course helps prepare learners for the Certified Information Systems Security Professional (CISSP) exam.

According to Amazon Web Services (AWS), the Software Development Life Cycle (SDLC) is a cost-effective and time-efficient development team process used to design and build high-quality software. The goal of the SDLC is minimizing project risks through forward planning so software during production and beyond meets customer expectations. In this course, explore various development methodologies and maturity models and DevOps operations, maintenance, and change management concepts. Next, explore integrated product teams (IPTs), apply security controls in various scenarios, and work with integrated development environments (IDEs) and toolsets. Finally, learn how to apply security controls in CI/CD and code repositories, software configuration management (SCM) benefits, and application security testing techniques. This course helps prepare learners for the Certified Information Systems Security Professional (CISSP) exam.

It is one thing to implement application security controls, managed services, and cloud services; it is another thing to assess the ongoing success and failure of those initiatives. In the course, learn how to assess the auditing and logging of changes, risk analysis and mitigation, acquired software, managed services, and cloud services with the CCM. Next, explore source code security weaknesses and vulnerabilities at the source code level and how to secure application programming interfaces (API) with the 2023 OWASP Top 10. Finally, examine secure coding practices and software-defined security (SDS). This course helps prepare learners for the Certified Information Systems Security Professional (CISSP) exam.