Intermediate: CSSLP

This track contains Certified Secure Software Lifecycle Professional (CSSLP) content.

20 Courses | 13h 8m 12s

Intermediate: Security+

This track contains Security+ content.

20 Courses | 12h 28m 8s

COURSES INCLUDED

Certified Secure Software Lifecycle Professional (CSSLP) 2019: Core Concepts

This course examines information needed to earn the (ISC)2 CSSLP (Certified Secure Software Lifecycle Professional) certification and to prepare for the CSSLP exam. These security professionals are well versed in how to incorporate key security practices into all lifecycle stages of software development. This course covers secure software concepts such as covert, overt, and encryption. You will examine the secure software concepts of confidentiality, integrity, and availability (collectively, CIA) and examine concepts that support the concepts, such as authentication, authorization, accountability, and non-repudiation. Learn the difference between various integrity concepts such as hashing, digital signatures, code signing, reliability, alterations, and authenticity. You will also learn about authentication concepts, such as multifactor authentication, identity and access management, single sign-on, and federated identity management. Learn when to use different authorization concepts, such as access controls and entitlements. Finally, the course covers accountability concepts, such as auditing and logging, and describe non-repudiation concepts, such as public key infrastructure (PKI) and digital signatures.

9 videos | 24m Assessment Badge

Certified Secure Software Lifecycle Professional (CSSLP) 2019: Security Design Principles

This course explores the design principles that help to ensure key security practices are incorporated into the software development lifecycle, and it prepares you for the (ISC)2 CSSLP (Certified Secure Software Lifecycle Professional) exam. The design principles you will learn include least privilege, to provide the lowest level of rights and permissions for a user to perform current tasks and separation of duties. This course covers the principles of defense in depth, to include multiple overlapping defenses such as layered controls, input validation, and security zones that work together collectively as a series of defenses. You will learn the concepts of fail-safe principles, including exception handling, and denied by default. Next, learn to design a complete mediation so that authorization is verified every time access is requested. Also covered is a less common design issue is psychological acceptability, such as password complexity and screen layouts, to ensure the design is psychologically acceptable to users. Finally, this course examines the separation of duties principles, including multiparty control, secret sharing and splitting.

13 videos | 34m Assessment Badge

Certified Secure Software Lifecycle Professional (CSSLP) 2019: Security Requirements

This course explores the security requirements needed in all stages of the software development lifecycle. Learners first examine the functional requirements, and learn that these requirements start as business requirements that are translated into functional requirements. You will then learn the characteristics or properties of nonfunctional requirements, which include security, maintainability, costs, accuracy, reliability, and performance. This 7-video course then covers how security requirements are aligned with functional and nonfunctional requirements. Next, learn that policies are defined by the National Institute of Standards and Technology (NIST), and are broken down to issue-specific policies, system-specific policies, and program policies. Learn how issue-specific policies address defined issues, while system-specific policies are directives geared towards achieving some technical outcome. Finally, this course examines the legal and regulatory requirements, and policy documents that define the security requirements. You will learn that there are several sources of industry-standard legal, compliance and policy standards. This course can be used in preparation for the (ISC)2 CSSLP: Certified Secure Software Lifecycle Professional certification exam.

7 videos | 20m Assessment Badge

Certified Secure Software Lifecycle Professional (CSSLP) 2019: Data Classification

This 12-video course explores the different roles played by data classification in the software development lifecycle. You will learn the differences between data owners and data custodians. While data remain the property of the enterprise or organization, data ownership is used to assign responsibility to the person who defines the requirements related to the data, and will manage the data day-to-day requirements. Data custodians are responsible for ensuring that security and access controls are configured and maintained properly. You will learn how labeling data adds extra data to describe the data being protected, which refers to metadata. This course focuses on two types of data, structured and unstructured, and the importance to the secure software lifecycle. Learners will recognize that data type is one of the key factors that determine how data should be secured. This course can be used in preparation for the (ISC)2 CSSLP: Certified Secure Software Lifecycle Professional certification exam.

6 videos | 21m Assessment Badge

Certified Secure Software Lifecycle Professional (CSSLP) 2019: Privacy

This course explores various issues related to privacy requirements, and their importance in determining how to provide security throughout the software development lifecycle. You will learn the software requirements used to help identify privacy requirements, including data anonymization, user consent, and data disposition. You will learn how an enterprise's high-level privacy policy influences its security responsibilities for the collection, storage, use, and transfer of personal information. This 7-video course examines how organizations collect personal information during their day-to-day business operations. Next, learn the legal importance of protecting PII (personally identifiable information), which is a legal term defined in a memorandum published by the US Office of Management and Budget. You will learn how the European Union (EU) views data protection by its data protection directive, known as EUDPD. Finally, learners will explore the importance of securing data during the process of disposal. This course can be used in preparation for the (ISC)2 CSSLP: Certified Secure Software Lifecycle Professional certification exam.

7 videos | 20m Assessment Badge

Certified Secure Software Lifecycle Professional (CSSLP) 2019: Abuse Cases & RTMs

This 6-video course explores numerous concepts important in developing secure software requirements. First, learn the purpose of use cases which is a powerful graphical technique for mapping out the functional requirements of a system, and how they can be designed for both developers and testers. The course then explores misuse/abuse cases to examine prohibited activities or a typical attack, and demonstrates an attack through specific misuse case scenarios. Learners examine the benefits of a traceability matrix, a table structure used for documenting and managing requirements, and learn to track implementation details and specifics. This course explores aspects of secure software, and reliable attributes common to all secure software. You will learn that in recovering data, secure software must be predictable and designed to limit damage. Then examine the importance of gathering of security requirements while gathering software requirements. Finally, you will learn how confidentiality requirements detail the ways in which a system must protect against unauthorized disclosure. This course may be used in preparation for the (ISC)2 CSSLP: Certified Secure Software Lifecycle Professional certification exam.

6 videos | 15m Assessment Badge

Certified Secure Software Lifecycle Professional (CSSLP) 2019: Threat Modeling

This 7-video course explores the concept of threat modeling and how to develop and use a threat model. You will examine common threats, such as advanced persistent threats (APTs), insider threats, common malware, and third party/supplier threats. You will learn how a development team creates the threat model by using five well-defined stages. Next, learn to develop a security objective which sets the foundation for the threat model development. You will examine six categories of common threats defined in STRIDE (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege). Then learn to model STRIDE attacks across trust boundaries, processes, external entities, and the like. This course covers attack surface software, an attack anywhere in the system code access by unauthorized party, and how to minimize it. You will learn about Microsoft's published list of attack surface elements associated with Windows. This course can be used in preparation for the (ISC)2 CSSLP: Certified Secure Software Lifecycle Professional certification exam.

7 videos | 22m Assessment Badge

Certified Secure Software Lifecycle Professional (CSSLP) 2019: Security Architecture

Explore security architecture considerations such as control identification and prioritization, distributed computing, cloud architectures, mobile applications, and hardware platform concerns in this 12-video course. First, learn to identify characteristics of control identification, or an organization's security controls in an enterprise setting and how to prioritize and enterprise's existing security controls. The course then examines the elements of distributed computing, a type of parallel computing in which software is divided into multiple tasks. Next, learners will explore service-oriented architecture, which is a collection of services that communicate with each other. You will learn about rich Internet web-based applications and pervasive computing, including the Internet of Things, wireless and sensor networks, embedded security architecture, cloud architectures, mobile app architectures, and hardware platforms. Finally, the course explores how an embedded system is designed to perform a specific operation as part of a larger hardware-based machine or system. This course can be used in preparation for the (ISC)2 CSSLP: Certified Secure Software Lifecycle Professional certification exam.

12 videos | 50m Assessment Badge

Certified Secure Software Lifecycle Professional (CSSLP) 2019: Architectural Risk & Modeling

This course explores the use of architectural risk assessment to identify flaws in software, and to determine risks. You will learn to use security management interfaces, and how to design and integrate the interfacing security functionality with existing software to meet an enterprise's security objectives. This 9-video course will examine upstream/downstream software development and compatibility, the types of design decisions when encountering interconnectivity with other applications, and any considerations concerning key sharing, single sign-on, token-based security, and delegation of trust. You will learn the two types of channels, message passing and shared memory channels, for communication between two entities. Next, learn how to do a proper architectural risk analysis by using vulnerability analysis, ambiguity analysis, and platform vulnerability analysis. Learners then use an engineering goal-oriented model to evaluate security, and learn how to use an NFR (nonfunctional requirements) framework. Finally, the course examines data classification. This course can be used in preparation for the (ISC)2 CSSLP: Certified Secure Software Lifecycle Professional certification exam.

9 videos | 30m Assessment Badge

Certified Secure Software Lifecycle Professional (CSSLP) 2019: Technologies

In this 13-video course, learners can explore best practices for securing commonly used architecture and technologies such as virtualization, databases, and the programming language environment. First, learn the three steps involved in authentication and identity management. Next, earn the principles of Credential Management and protecting credentials used for authentication, including passwords, tokens, biometrics, and certificates. Learners will then examine logging or recording a user's actions within a system, and data flow control methods. Next, learn about data loss prevention as an in-depth security strategy that encompasses many different technologies. Learn how virtualization allows for software to be hosted in a virtual environment. Learners will then examine digit rights management (DMR), which restricts access to content that is not local to secure digital content, and protect intellectual property. Finally, the course explores the basis of trusted computing-the hardware, software, and firmware components critical to securing a system which includes discussion of programming language and operating systems. This course may be used in preparation for the (ISC)2 CSSLP: Certified Secure Software Lifecycle Professional certification exam.

13 videos | 1h 1m Assessment Badge

Certified Secure Software Lifecycle Professional (CSSLP) 2019: Secure Design Principles

In this 6-video course, you will discover the basic issues involved in how to perform design security reviews, design secure assembly architecture for component-based systems, and use architecture and design tools that enhance security. First, learn to pay attention to the type of operational environment the software will be running under: is the software intended for public use via the Web, or is it only available within a stable, controlled network? Who will be the end users? Will you need to collaborate and coordinate testing, timing, and integration? Learn security patterns, and consider what security-enhancing architecture is available. Next, learn to distinguish between software appropriate for centralized and decentralized system; identify budgetary constraints, and consider available resources. Will new technologies need to be incorporated into the design at a later date? Your emphasis should be on the future-learning to build a flexible, modular system that can scale up and grow may be imperative. The course prepares learners for the (ISC)2 CSSLP: Certified Secure Software Lifecycle Professional certification exam.

6 videos | 22m Assessment Badge

Certified Secure Software Lifecycle Professional (CSSLP) 2019: Secure Coding Practices

In this 19-video course, learners will explore the intricate world of secure coding practices. Topics covered in detail include declarative versus imperative (programmatic) security-whether the security is part of the application or part of the container. Next, survey defensive coding practices and control such as secure configuration, error handling, and session management. Learners will also explore cryptography, input and output sanitization, error handling, input validation, logging and auditing, and session and exception management. You will learn important information about safe application programming interfaces (APIs), including those that offer different types of functionality, such as Microsoft's Crypto API and Python's pycrypto, which both provide cryptographic functions; popular social media platforms provide their own APIs that programmers can tap into while incorporating aspects of those services. Learn more about useful concepts such as concurrency, type safety, memory management, configuration parameter management, tokenizing, and sandboxing. The course may be used in preparation for the (ISC)2 CSSLP: Certified Secure Software Lifecycle Professional certification exam.

19 videos | 1h 11m Assessment Badge

Certified Secure Software Lifecycle Professional (CSSLP) 2019: Security Vulnerabilities

Explore how to identify and assess security vulnerabilities in this 20-video course, in which you will encounter essential secure coding techniques such as versioning, peer-based code reviews, code analysis, and anti-tampering techniques. First, become familiar with malicious practices and the threats outlined in the Open Web Application Security Project (OWASP) Top 10 list and the Common Weakness Enumeration (CWE) list of software weaknesses. You will soon be able to differentiate between CWE and Common Vulnerabilities and Exposure (CVE) lists. Next, learn to describe the characteristics of injection attacks, before watching demonstrations of input validation failures such as buffer overflows, canonical form, missing defense functions, and general programming failures. You will examine how to analyze reuse code for security vulnerabilities, identify malicious code, securely reuse third-party code, and securely integrate components. Finally, learners will hear discussions of defensive coding, side channels, social engineering attacks, source code and versioning. The course prepares learners for the (ISC)2 CSSLP: Certified Secure Software Lifecycle Professional certification exam.

20 videos | 1h 21m Assessment Badge

Certified Secure Software Lifecycle Professional (CSSLP) 2019: Testing Types

This 14-video course explores essential testing types-including penetration testing, scanning, simulation testing, failure testing, and cryptographic validation-and many of the best practices. You will also learn more about other types, such as fuzzing, regression testing, continuous testing, attack surface validation, and unit testing. Learn about certification testing-performed as part of a certification process, when load or stress testing determines how the system operates under heavy loads and what effect load has on the system. You will be introduced to ISECOM's Open Source Security Testing Methodology Manual, a comprehensive methodology related to penetration and security testing, security analysis, and measuring operational security. It includes test cases whose outcomes provide verified facts, amounting to actionable information that can tangibly and measurably improve operational security. Become familiar with how to perform an impact assessment, learn why defects discovered during testing must be addressed, and learn the meaning of Priority and Severity levels derived from the defect report. The course prepares learners for the (ISC)2 CSSLP: Certified Secure Software Lifecycle Professional certification exam.

14 videos | 41m Assessment Badge

Certified Secure Software Lifecycle Professional (CSSLP) 2019: Testing for Security & Quality Assurance

In this 13-video course, learners will explore best practices for testing for security and quality assurance. This includes testing artifacts, nonfunctional testing, functional testing, security testing, the testing environment, and bug tracking. Next, learn about the concepts of attack surface validation and test functionality. Other major topics covered include the ISO 9126 software quality model; the System Security Engineering Capability Maturity model and its five levels; the Open Source Security Testing Methodology Manual (OSSTMM); and the US Department of Defense Information Assurance Certification and Accreditation Process (DIACAP) standards, under which any Department of Defense owned or controlled information system must be certified, irrespective of classification or sensitivity level. Learn about data lifecycle management, a practice that describes the definition and the structure of the necessary steps that should be taken in order to optimize the useful life of an organization's data. The course helps to prepare learners for the (ISC)2 CSSLP: Certified Secure Software Lifecycle Professional certification exam.

13 videos | 50m Assessment Badge

Certified Secure Software Lifecycle Professional (CSSLP) 2019: Secure Software Testing

This 8-video course covers the use of secure software testing best practices, specifically exploring how to perform secure software testing by tracking security errors, developing securing test data, and verification and validation testing results. Learners will first explore undocumented features-an IT-related term developed to describe software bugs or defects-and how to resolve them, including by use of host-based intrusion prevention systems. Next, you will explore security implications of test results. In general, testing should be performed throughout the software development lifecycle by software testers, members of the quality assurance (QA) team responsible for testing and managing software testers. Artifacts-resources which support the development process-are created throughout the lifecycle process, including use cases and the test plan which identifies objectives of the software test. Learn how to perform secure software testing, to track security errors, and verify and validate the results. The course prepares learners for the (ISC)2 CSSLP: Certified Secure Software Lifecycle Professional certification exam.

8 videos | 23m Assessment Badge

Certified Secure Software Lifecycle Professional (CSSLP) 2019: Secure Lifecycle Management

Explore how to use the secure lifecycle management model in this 15-video course. First, learners will hear practical descriptions of secure configurations, inversion control, how to obtain security milestones, and secure software methodology. Then receive an overview of security standards and frameworks, and explore configuration management as it relates to source code version control. Next, the course discusses how to prepare proper security documentation, provides an overview of a security matrix, and describes end-of-life policies. Learners will then watch demonstrations of how to perform data destruction and how to perform credential removal. You will learn about concepts such as security metrics and governance, risk, and compliance (GRC). The course concludes with useful discussions of what acceptance is, including software qualification testing, planning hierarchy, what the characteristics of the pre-release testing process are, and the characteristics of a post-release plan; and how and when to report security status. The course prepares learners for the (ISC)2 CSSLP: Certified Secure Software Lifecycle Professional certification exam.

15 videos | 48m Assessment Badge

Certified Secure Software Lifecycle Professional (CSSLP) 2019: Governance, Risk, and Compliance

This 10-video course explores regulations and compliance considerations as they relate to governance, risk, and compliance (GRC). First, learners will identify legal factors, such as intellectual property and breach notifications, and learn about General Data Protection Regulations (GDPR), for which violations can result in significant financial penalties. Next, learn about standards and guidelines, including those from the International Organization for Standardization (ISO), the Payment Card Industry Data Security Standard, the National Institute for Standards and Technology (NIST), the Open Web Application Security Project (OWASP), the Software Assurance Forum for Excellence in Code, the Software Assurance Maturity Model, and Building Security In Maturity Model. You will then hear discussions of risk management and risk response. Explore common terminology, including threats, vulnerability, residual risk, controls, probability, and impact. Learn to differentiate between technical risk and business risk. The course concludes by exploring productive strategies, including mitigate, accept, transfer, and avoid. The course prepares learners for the (ISC)2 CSSLP: Certified Secure Software Lifecycle Professional certification exam.

10 videos | 36m Assessment Badge

Certified Secure Software Lifecycle Professional (CSSLP) 2019: Software Deployment & Management

In this 18-video course, learners can explore how to deploy and maintain software and operations. First, you will examine pre-release and post-release activities to address factors such as pre-release testing, completion criteria, risk analysis, incident response, and disaster recovery considerations. Next, examine pre-deployment and post-deployment security testing, security approval, security monitoring, incident response. Examine concepts such as secure activation, environment hardening, and disaster recovery, in which testing is critical to test software and data recoverability, often revealing problems with system availability and data accuracy and integrity. Learn to perform failover testing to ensure that the failover mechanism works as intended, and to consider simulated disasters as a strategy for testing recoverability. You will absorb the basic principles of problem and change management-a process guiding organizations when modifying software or performing upgrades or fixes on software applications-as well as patch and vulnerability management. Next, you will learn more about working with backups, archiving, and retention. The course prepares learners for the (ISC)2 CSSLP: Certified Secure Software Lifecycle Professional certification exam.

18 videos | 55m Assessment Badge

Certified Secure Software Lifecycle Professional (CSSLP) 2019: Supply Chain & Software Acquisition

This 20-video course examines a variety of best practices for supply chain and software acquisitions. Begin by watching demonstrations of how to analyze security for a third-party software and how to verify secure transfers. Then learn the steps involved in securely interconnecting and sharing systems; how to implement code repository security; how to build environment security; and how to work with digitally-signed components. Next, explore such important topics as compliance auditing, vulnerability response and reporting, supplier sourcing challenges, contractual integrity controls, and vendor technical integrity controls. Learn the basics of how to verify pedigree and provenance. The course also covers topics such as managed services controls, service level agreements (SLAs), support structure, and software development lifecycle approaches, as well as how to secure information systems, security track records, and product deployment. Finally, you will review the configuration identification scheme, a crucial tool in configuration management. The course prepares learners for the (ISC)2 CSSLP: Certified Secure Software Lifecycle Professional certification exam.

20 videos | 53m Assessment Badge

FREE ACCESS

COURSES INCLUDED

CompTIA Security+: Security Goals & Controls

Every long journey, including the path to Security+ certification, begins with a few steps and some fundamental practices. Security goals and controls are an important starting point for building your security skills. You will begin this course by familiarizing yourself with the four primary security goals of confidentiality, integrity, availability, and non-repudiation. You will then explore the concepts of authentication, authorization, and accounting (AAA) and how they relate to people, systems, and models. Finally, you will delve into security control categories and types. This course is part of a series that prepares you for the CompTIA Security+ (SY0-701) exam.

10 videos | 29m Assessment Badge

CompTIA Security+: Fundamental Security Concepts

The Security+ candidate must display competency in an assortment of core security concepts including the newer Zero Trust initiative and common physical security controls. In this course, the learner will explore gap analysis, Zero Trust control and data planes, deception technologies like honeynets, physical security controls, Change Management business processes and technical implications, and documentation and version control. This course is part of a series that prepares you for the CompTIA Security+ (SY0-701) exam.

11 videos | 33m Assessment Badge

CompTIA Security+: Practical Cryptography

Cryptography is at the heart of many security controls and countermeasures and as such, Security+ candidates must have a solid grasp of practical cryptography. In this course, you will discover symmetric and asymmetric cryptography and compare different encryption levels, including full disk and partition. Next, you will explore hashing, salting, hash-based message authentication codes (HMACs), and key exchange. Then you will examine digital signatures, certificates, and public key infrastructure (PKI), focusing on certificate authorities (CAs), certificate signing request (CSR) generation, and Online Certificate Status Protocol (OCSP). Finally, you will investigate cryptographic tools like Trusted Platform Module (TPM), hardware security module, and key management systems, and you will dive into blockchain technology. This course is part of a series that prepares you for the CompTIA Security+ (SY0-701) exam.

11 videos | 43m Assessment Badge

CompTIA Security+: Threat Actors & Vectors

One of the primary goals for an emerging security practitioner is to have a firm grasp of the present threatscape. The learner will build this vital knowledge base in this course. In this course, we will explore threat actor types, attributes, and motivations. Next, we will dive into the use of human vectors and social engineering as well as common attack surfaces. Then we will explore supply chain, application, and O/S and web-based vulnerabilities. Finally, we will cover hardware and virtualization vulnerabilities, cloud vulnerabilities, and mobile device vulnerabilities. This course is part of a series that prepares you for the CompTIA Security+ (SY0-701) exam.

12 videos | 34m Assessment Badge

CompTIA Security+: Survey of Malicious Activities

Malicious software, also known as malware, comes in a variety of attack vectors and characteristics. The ability to stay current with the different malware and variants is one of the biggest challenges for modern security professionals. Begin this course by exploring malware attacks like ransomware, trojan horses, and logic bombs. Then you will investigate physical and network attacks including brute force, denial-of-service, and credential replay attacks. Next, you will focus on application and cryptographic attacks, such as buffer overflow, privilege escalation, collision, and birthday attacks. Finally, you will take a look at password attacks and discover indicators of compromise, like concurrent session usage, blocked content, and impossible travel. This course is part of a series that prepares you for the CompTIA Security+ (SY0-701) exam.

9 videos | 35m Assessment Badge

CompTIA Security+: Mitigation Techniques

As a security professional, it is always better to be proactive with mitigation rather than purely reactive. Begin this course by exploring segmentation and isolation, access control mechanisms, and configuration and patch management. Next, you will investigate the principles of least privilege and separation of duties and find out how encryption technologies can shield private information from unauthorized users. Then you will examine the monitoring and visibility of access controls and learn the best practices for decommissioning and offboarding. Finally, you will focus on hardening techniques, including endpoint detection and response (EDR), host intrusion detection system (HIDS)/host intrusion prevention system (HIPS), disabling ports/protocols, default password changes, and removal of unnecessary software. This course is part of a series that prepares you for the CompTIA Security+ (SY0-701) exam.

10 videos | 29m Assessment Badge

CompTIA Security+: Architecture & Infrastructure Concepts

A physical structure that is built by engineers and architects needs solid design, construction, and ongoing maintenance. The same can be said for a networking and system environment. Begin this course by exploring fundamental security architectural considerations, including high availability, resilience, scalability, and responsiveness. Then, you will discover cloud computing, focusing on the cloud responsibility matrix, hybrid considerations, and third-party vendors. You will investigate Infrastructure as Code, compare serverless technologies, and learn about containers and microservices. Next, you will take a look at network infrastructure, centralized and decentralized design, and virtualization. Finally, you will examine industrial control systems (ICSs), Supervisory Control and Data Acquisition (SCADA) systems, and the Internet of Things. This course is part of a series that prepares you for the CompTIA Security+ (SY0-701) exam.

12 videos | 44m Assessment Badge

CompTIA Security+: Enterprise Infrastructure Security Principles

This course is a critical component of modern technical controls and countermeasures, as many of the technologies covered represent the daily technical activities of security practitioners, operators, and administrators. Begin by discovering various infrastructure security considerations like device placement, security zones, and failure modes. Then, you will compare network appliances and explore port security and firewalls. Next, you will examine virtual private networks (VPNs) and IP security (IPSec). Finally, you will investigate transport layer security (TLS), software-defined wide area networks (SD-WANs), and secure access service edge (SASE). This course is part of a series that prepares you for the CompTIA Security+ (SY0-701) exam.

10 videos | 43m Assessment Badge

CompTIA Security+: Data Protection Concepts & Strategies

It is an understatement to declare that society is rapidly becoming a data-driven and service-oriented. Data protection and security is a key aspect of modern IT security management. In this course, we will begin by exploring data states, classification, types, and lifecycles. Then we will examine considerations for securing data including geographic and cultural restrictions, encryptions, and hashing. Finally, we will look at masking, obfuscation, and tokenization as well as segmentation and compartmentalization. This course is part of a series that prepares you for the CompTIA Security+ (SY0-701) exam.

10 videos | 26m Assessment Badge

CompTIA Security+: Resilience & Recovery

Restoration and recovery is a vital part of a comprehensive backup plan. As a well-known axiom regarding backup strategy states, "a backup policy without tested restoration and recovery is no backup at all." In this course, we will examine restoration and recovery concepts, beginning with load balancing, clustering, and backup strategies. Next, we will explore continuity of operations, multicloud, and disaster recovery sites. We will then focus on capacity planning and testing techniques. Finally, we will look at power considerations. This course is part of a series that prepares you for the CompTIA Security+ (SY0-701) exam.

9 videos | 44m Assessment Badge

CompTIA Security+: Computing Resources Security Techniques

Today's security professional must contend with more types of computing systems and operating systems than ever before due to mobility, embedded, smart, and Internet of Things (IoT) devices. In this course, you will explore secure baselines and hardening targets. Then you will learn about wireless device installation issues, mobile device solutions, and connection methods. Next, you will investigate wireless security settings, cryptographic protocols, and authentication protocols. Finally, you will discover application security techniques and asset management tasks, including assignment/accounting, monitoring/asset tracking, enumeration, and disposal/decommissioning. This course is part of a series that prepares you for the CompTIA Security+ (SY0-701) exam.

9 videos | 35m Assessment Badge

CompTIA Security+: Vulnerability Management

Vulnerability management is an ongoing process designed to proactively protect computer systems, networks, and applications from cyberattacks and data breaches and is an integral part of your overall security system. Begin this course by exploring threat feeds like open-source intelligence (OSINT), Common Vulnerability Scoring System (CVSS), and Common Vulnerability Enumeration (CVE) to help gather information about potential threats or adversaries. Then you will investigate application vulnerability assessments for assigning severity levels, vulnerability scanning to identify known and unknown weaknesses, and penetration testing to simulate real-world attacks. Finally, you will discover vulnerability response and learn how to validate and report on remediation processes. This course is part of a series that prepares you for the CompTIA Security+ (SY0-701) exam.

8 videos | 26m Assessment Badge

CompTIA Security+: Security Monitoring & Alerting

Congratulations. You have convinced your steering committee to give you a huge budget, new hires, and broader access to deploy a ton of security controls at the new regional branch office. However, within weeks you will be brought back to report on the effectiveness of the new expensive toys. This is why solid monitoring and alerting are critical for success. In this course, you will explore security monitoring and alerting, beginning with monitoring computing resources, visibility, and agent-based and agentless monitoring. Then you will focus on monitoring activities like log aggregation, alert response, and validation. Next, you will discover the importance and benefits of Security Content Automation Protocol (SCAP), security information and event management (SIEM), and security orchestration, automation, and response (SOAR) systems. Finally, you will investigate antivirus and data loss prevention (DLP) systems, Simple Network Management Protocol (SNMP) traps, and NetFlow records. This course is part of a series that prepares you for the CompTIA Security+ (SY0-701) exam.

10 videos | 31m Assessment Badge

CompTIA Security+: Enterprise Security Capabilities

This course is a vital exploration of many of the day-to-day operational controls that the security professional is often involved with. This is what is referred to as the "due care" aspect of the job or ongoing continual maintenance. In other words, these are core "blue team" responsibilities. Topics presented to the learner include firewalls, intrusion detection system (IDS)/intrusion prevention system (IPS), web filtering, operating system security, implementing secure protocols, DNS filtering, email security, DomainKeys Identified Mail (DKIM), Sender Policy Framework (SPF), gateways, File Integrity Monitoring (FIM), data loss prevention (DLP), network access control (NAC), endpoint detection and response (EDR), Extended Detection and Response (XDR), and user behavior analytics (UBA). This course is part of a series that prepares you for the CompTIA Security+ (SY0-701) exam.

13 videos | 53m Assessment Badge

CompTIA Security+: Identity and Access Management

Hybrid and remote work are more common than ever, and employees need secure access to enterprise resources from wherever they are. This is where identity and access management (IAM) comes to the rescue. The organization's IT department needs to control what users can and can't access so that sensitive data and functions are restricted to only the people and resources that need to work with them. In this course, we will explore IAM tools beginning with provisioning and deprovisioning user accounts, and password concepts including password best practices, length, complexity, reuse, expiration, age, password managers, and passwordless solutions. Next, we will look at federation and single sign-on (SSO), Lightweight Directory Access Protocol (LDAP), Open Authorization (OAuth), Security Assertions Markup Language (SAML), interoperability, and attestation. We will then consider access control models including mandatory, discretionary, role-based, rule-based, attribute-based, time-of-day restrictions, and least privilege. Finally, we will explore multi-factor authentication (MFA), biometric authentication, and privileged access management tools (PAM). This course is part of a series that prepares you for the CompTIA Security+ (SY0-701) exam.

9 videos | 42m Assessment Badge

CompTIA Security+: Automation, Orchestration, & Incident Response

Automation offers many advantages to information technology including higher production rates and increased productivity, more efficient use of resources, both physical and logical, better product/service quality, and improved security and safety. In this course, the learner will tackle concepts such as automation and scripting use cases, continuous integration and testing, application programming interfaces (APIs), the benefits of automation, automation considerations, the incident response process, training, testing, tabletop exercises, simulations, threat hunting, root cause analysis, digital forensics, and investigation data sources. This course is part of a series that prepares you for the CompTIA Security+ (SY0-701) exam.

10 videos | 48m Assessment Badge

CompTIA Security+: Effective Security Governance

According to Gartner: "Security governance is a process for overseeing the cybersecurity teams who are responsible for mitigating business risks. Security governance leaders make the decisions that allow risks to be prioritized so that security efforts are focused on business priorities rather than their own." In this course, you will further define security governance and types of governance structures. Then you will discover security governance roles and responsibilities, such as owners, stewards, and officers, and external governance considerations. Next, you will explore guidance, best practices, standards, and policies like the software development life cycle (SDLC) and change management. Finally, you will investigate security governance procedures, including playbooks, monitoring, and revision. This course is part of a series that prepares you for the CompTIA Security+ (SY0-701) exam.

9 videos | 46m Assessment Badge

CompTIA Security+: Risk Management

Security risk management is the ongoing process of identifying security risks and implementing plans to address them. Most security professionals should have a solid foundation in this important cross-disciplinary initiative. In this course, you will take a deep dive into security risk management, including risk identification and assessment. Then you will explore risk analysis concepts like qualitative and quantitative analysis and impact/magnitude. Next, you will discover risk treatment and handling strategies, including transfer, acceptance, and exemption. You will examine risk registers and ledgers, key risk indicators, risk owners, and risk thresholds. Finally, you will investigate risk reporting techniques and business impact analysis (BIA) to predict the consequences of a disruption to a business and collect information needed to develop recovery strategies. This course is part of a series that prepares you for the CompTIA Security+ (SY0-701) exam.

9 videos | 38m Assessment Badge

CompTIA Security+: Security Compliance & Third-Party Risk

Security compliance management is the collection of policies, procedures, and other internal controls that an enterprise leverages to meet its regulatory requirements for data privacy and protection. In this course, you will explore compliance monitoring topics like due diligence, attestation, and compliance automation, as well as internal and external compliance reporting. Then you investigate the consequences of non-compliance, including fines, sanctions, and reputational damage. Next, you will examine privacy considerations for keeping information involving people confidential. Finally, you will assess vendor assessment and selection techniques like supply chain analysis and rules of engagement, and you will discover various agreement types, such as non-disclosure agreements (NDAs), service-level agreements (SLAs), and statements of work (SOWs). This course is part of a series that prepares you for the CompTIA Security+ (SY0-701) exam.

8 videos | 35m Assessment Badge

CompTIA Security+: Audits, Assessments, & Awareness

A security audit is a systematic and methodical examination of an organization's security infrastructure, policies, and procedures. The goal is to identify vulnerabilities, weaknesses, and potential threats to sensitive information assets, physical assets, and personnel. In this final course, the learner will be exposed to topics such as internal and external audit and attestation, penetration testing audits, user guidance and training, phishing campaigns, and security training monitoring and reporting. This course is part of a series that prepares you for the CompTIA Security+ (SY0-701) exam.

8 videos | 23m Assessment Badge

FREE ACCESS