651 Enterprise Architect Advanced KSAT Journey

There are several cloud computing fundamental definitions, characteristics, and building block technologies each CCSP candidate should know. Learn about these and other core cloud computing concepts in this CCSP course. Explore the core fundamentals, core concepts, and technologies of cloud computing, such as cloud roles and responsibilities, broad network access, virtualization, and others. Next, study cloud computing's shared considerations and value propositions, including interoperability, agility, security, resiliency, performance, and more. Finally, examine the impact of cloud and related technologies like data science, artificial intelligence (AI), the Internet of Things (IoT), DevSecOps, and others. This is one of a collection of courses that fully prepares the learner for the (ISC)² Certified Cloud Security Professional (CCSP) 2022 exam.

IT management frameworks provide a structured approach to managing and auditing IT assets. Regulations and standards are put in place to ensure that organizations have guidelines to follow for how they deal with information systems. In this course, you will explore IT management frameworks, regulations, and standards, beginning with an overview of IT and data governance, and standards, policies, and procedures. Then you will learn about Control Objectives for Information and Related Technologies (COBIT), IT Infrastructure Library (ITIL), and International Organization for Standardization (ISO)/International Electrotechnical Commission (IEC) standards. Next, you will discover risk management and risk treatment. Finally, you will dig into IT maturity models, the Business Model for Information Security (BMIS), the Information Technology Assurance Framework (ITAF), and IT balanced scorecards. This course helps prepare learners for the ISACA certification exam, Certified Information Systems Auditor (CISA).

Project governance, management, system development, and testing play key roles in information systems. In this course, you will begin by exploring project governance and management, project governance best practices, business cases, and feasibility studies. Then, you will dig into system development methodologies and control identification and design. Finally, you will learn about testing methodologies, beginning with an overview of software testing, unit testing, regression testing, acceptance testing, integration testing, performance testing, and fuzzing. This course helps prepare learners for the ISACA certification exam, Certified Information Systems Auditor (CISA).

Systems planning, testing, integration, and delivery are key elements of ensuring the timely delivery of system changes or entirely novel solutions. In this course, you will explore the phases of the system development life cycle (SDLC) and IT project management. Next, you will examine continuous integration and delivery (CI/CD) and process improvement, including advantages and common methodologies. Then you will discover infrastructure deployment, system migration and data conversion, and cloud migration assessments. Finally, you will learn about the post-implementation review process and post-implementation activities and best practices. This course helps prepare learners for the ISACA certification exam, Certified Information Systems Auditor (CISA).

Information is a primary asset of most organizations today. It has a real value and, if compromised, could have real implications for the enterprise. In this course, you will explore considerations for protecting information assets, beginning with cryptography, asymmetric and symmetric encryption, Windows Encrypting File System, and Windows BitLocker. Then, you will learn about file integrity, the public key infrastructure (PKI) hierarchy, the PKI certificate life cycle, and private certificate authorities (CAs). Finally, you will discover certificate templates, manual certificate issuance, securing network traffic, disabling SSLv3, enabling an HTTPS website, and client Secure Sockets Layer (SSL)/Transport Layer Security (TLS) certificates. This course helps prepare learners for the ISACA certification exam, Certified Information Systems Auditor (CISA).

Regardless of the guidance that one is following as a security professional, one common theme is that architects must be held to a high ethical standard based on their responsibility to manage risk to all assets. In this course, you will explore the International Information System Security Certification Consortium (ISC2) Code of Professional Ethics. Then you will discover organizational codes of ethics, which establish an integral aspect of a mission and model adopted by an organization. Finally, you will focus on the Five Pillars of information security - confidentiality, integrity, availability, authenticity, and non-repudiation. This course helps prepare learners for the Certified Information Systems Security Professional (CISSP) exam.

Security risk management involves the continual process of identifying security risks and implementing strategy and tactics to mitigate them. It is a vital component of any organization's strategy to protect its assets, ensure regulatory compliance, maintain operational continuity, and safeguard its reputation. Begin this course by exploring threat and vulnerability identification, as well as risk analysis, assessment, and response. Next, you will discover control categories, types, and assessments. Then you will investigate continuous monitoring and measurement and risk management reporting. Finally, you will examine continuous improvement and risk frameworks as you gain the essential skills to protect and secure your organization's critical resources. This course helps prepare learners for the Certified Information Systems Security Professional (CISSP) exam.

A security vulnerability is a weakness, flaw, or error found within a security element that has the potential to be leveraged by a threat agent in order to compromise a secure network, system, or application. The goal of this course is to prepare the CISSP candidate to assess and mitigate the vulnerabilities of security architectures, designs, and solution elements. In this course, you will begin by considering the potential vulnerabilities of various systems including client-based, server-based, database, cryptographic, industrial control (ICS), embedded, virtualized, cloud-based, and distributed systems and how you might mitigate these issues. Next, you will walk through ways to lessen vulnerabilities in Internet of Things (IoT) devices and discover how to assess and mitigate vulnerabilities in containerized systems and microservices including application programming interface (API) calls. You will also look at the potential weaknesses in serverless technologies, high-performance computing, and edge computing and how to alleviate these issues. Finally, you will explore the security capabilities of Information Systems like memory protection, Trusted Platform Module (TPM), and encryption/decryption.

Cryptology is the science of securing all communications. Cryptography generates messages with hidden meaning whereas cryptanalysis is the science of breaking those encrypted messages to recover their meaning. In this course, we will begin by defining several cryptographic methods such as symmetric, asymmetric, elliptic curves, and quantum and explore the cryptographic life cycle. Next, we will compare key management practices like generation and rotation and look at digital signatures and digital certificates for non-repudiation and integrity. We will then explore public key infrastructure (PKI), including quantum key distribution, and compare several types of brute force attacks. Finally, we will delve into implementation attacks, side-channel attacks, Kerberos exploitation, and ransomware attacks. This course helps prepare learners for the Certified Information Systems Security Professional (CISSP) exam.

Physical security consists of tested practices for protecting building sites and equipment (and all information and software contained therein) from theft, vandalism, natural disaster, human-caused catastrophes, and accidental damage, thereby maintaining overall organizational security. Begin this course by exploring site and facility security design principles, as well as perimeter and internal security controls to gain insights into safeguarding both the outer and inner layers of infrastructure. Then you will investigate security concerns for wiring closets, distribution frames, server rooms, data centers, and media and evidence storage facilities. Next, you will examine security issues for restricted and work areas, utilities, and heating, ventilation, and air conditioning (HVAC) systems. Additionally, you will focus on environmental topics, including fire prevention, detection, and suppression. Finally, you will discover power issues and controls, including redundancy and backup, and personnel safety concerns including insider threats, social media impacts, two-factor authentication (2FA) fatigue, emergency management, and duress. This course helps prepare learners for the Certified Information Systems Security Professional (CISSP) exam.

In the digital era, understanding network protocols and their impact on performance is crucial for IT professionals tasked with maintaining robust and efficient communication systems. This course is the first of two courses that cover a large part of CISSP Domain 4. In this course the learner will focus on several aspects of secure design principles in network architectures including OSI and TCP/IP protocols for IPv4 and IPv6, secure protocols, multilayer protocol implications, converged protocols, transport architectures, performance metrics, and traffic flows. This course helps prepare learners for the Certified Information Systems Security Professional (CISSP) exam.

In today's increasingly complex threat landscape, securing physical sites and facilities is paramount for safeguarding assets, data, and personnel. This course covers secure design principles in network architectures beginning with an exploration of physical and logical segmentation and microsegmentation. Next you will dig into edge networks, including peering and ingress/egress. You will compare types of wireless networks and explore cellular and mobile networks. Next you will discover the roles of content distribution networks (CDNs), software-defined networks (SDNs), and virtual private clouds (VPCs) in security design. Finally, you will explore security monitoring and management. This course helps prepare learners for the Certified Information Systems Security Professional (CISSP) exam.

A security audit is a comprehensive assessment of an organization's information systems. Typically, they measure the systems and applications against an audit checklist of industry best practices, externally established standards, and/or federal regulations. In this course, differentiate internal, external, and third-party auditing and learn about locations for auditing and controls testing, the purpose of a vulnerability assessment, and the basics of penetration testing. Next, explore log reviews and log data, code review and testing techniques, and compare synthetic transactions, benchmark, and misuse case testing. Finally, examine coverage analysis concepts, compare interface testing methods, and discover the purpose of compliance checks. This course helps prepare learners for the Certified Information Systems Security Professional (CISSP) exam.

According to Amazon Web Services (AWS), the Software Development Life Cycle (SDLC) is a cost-effective and time-efficient development team process used to design and build high-quality software. The goal of the SDLC is minimizing project risks through forward planning so software during production and beyond meets customer expectations. In this course, explore various development methodologies and maturity models and DevOps operations, maintenance, and change management concepts. Next, explore integrated product teams (IPTs), apply security controls in various scenarios, and work with integrated development environments (IDEs) and toolsets. Finally, learn how to apply security controls in CI/CD and code repositories, software configuration management (SCM) benefits, and application security testing techniques. This course helps prepare learners for the Certified Information Systems Security Professional (CISSP) exam.

It is one thing to implement application security controls, managed services, and cloud services; it is another thing to assess the ongoing success and failure of those initiatives. In the course, learn how to assess the auditing and logging of changes, risk analysis and mitigation, acquired software, managed services, and cloud services with the CCM. Next, explore source code security weaknesses and vulnerabilities at the source code level and how to secure application programming interfaces (API) with the 2023 OWASP Top 10. Finally, examine secure coding practices and software-defined security (SDS). This course helps prepare learners for the Certified Information Systems Security Professional (CISSP) exam.