Aspire Journeys

722 Information Systems Security Manager Intermediate KSAT Journey

58 Courses | 62h 54m 6s

Responsible for the cybersecurity of a program, organization, system, or enclave.

722 Information Systems Security Manager Intermediate

Responsible for the cybersecurity of a program, organization, system, or enclave.

58 Courses | 62h 54m 6s

COURSES INCLUDED

CompTIA Cloud+: Cloud Architecture & Models

The cloud has various deployment and service models that can help your organization design and create your very own cloud strategy based on needs. First, you'll learn about the available cloud deployment models such as public, private, hybrid, community, and virtual public clouds, as well as multi-cloud and multitenancy environments. Next, you'll examine cloud service models such as Infrastructure as a Service, Platform as a Service, and Software as a Service. Finally, you'll learn about advanced topics such as the Internet of Things, serverless computing, machine learning, artificial intelligence, and the shared responsibility model. This course is one of a collection of courses that prepares learners for the CompTIA Cloud+ (CV0-003) certification.

12 videos | 1h 10m Assessment Badge

CompTIA Cloud+: Cloud Disaster Recovery

Planning for disaster recovery is crucial to getting your cloud solution running and operational when a crisis occurs. In this course, you'll learn about how to plan for and the features of disaster recovery. First, you'll explore disaster recovery features such as failover, failback, backup restoration, and replication. Next, you'll examine the importance of network configuration, geographical data centers, restoration methods, and on-premise and cloud sites. Finally, you'll learn about the importance of the DR kit, playbook, network diagrams, RPOs, RTOs, SLAs, and corporate guidelines when planning for disaster recovery. This course is one of a collection of courses that prepares learners for the CompTIA Cloud+ (CV0-003) certification.

12 videos | 1h 26m Assessment Badge

Google Professional Cloud Architect: Designing for Google Cloud Compliance

Compliance is a significant concern for many organizations, and many have historically failed to protect data adequately. In this course you will explore how governance has come to protect data, such as health records, through legislation like HIPAA and COPPA. Then, discover how commercial interests have helped bolster financial stability by setting standards of protecting data via certifications like Personally Identifiable Information (PII) and Payment Card Industry Data Security Standard (PCI DSS) that allow customers and businesses to trust you. In addition, there are specific industry certifications that may need to be met depending on the function of the business you run, rather than the data you keep. You will also focus on the need to maintain careful auditing standards for the integrity of any legal disputes that might arise. Finally, you will focus on use cases that you can expect to encounter in an exam environment. This course is one of a collection that prepares learners for the Google Professional Cloud Architect exam.

12 videos | 59m Assessment Badge

Cloud Security Management: Legal & Compliance

It is important to understand the different cloud compliance procedures that should be followed by service providers and data owners. It's also vital to be familiar with the various cloud-specific legal compliance guidelines. In this course, you'll learn about international legislation conflicts, cloud-specific risks, legal controls, e-Discovery processes, and requirements for forensic analysis.

9 videos | 47m Assessment Badge

Cloud Security Administration: Infrastructure Planning

Cloud infrastructure consists of the physical location of the cloud data center. Depending on the data center location, there are different risks that are taken by the service provider and different methods used to tackle security issues. A secure cloud is created by using open source software and creating a technical support pool. Additionally, basic security concepts like protecting data in motion and in rest using encryption can be employed so that clients can only see their data. In this course, you'll learn about baselining cloud infrastructure, different components like hardware and software, and challenges faced in cloud environments.

13 videos | 55m Assessment Badge

Pen Testing for Software Development: The Penetration Testing Process

Penetration testing can identify both known and unknown vulnerabilities and help avoid security breaches. In this course, you'll learn the importance of penetration testing, what system hardening is, and the requirements of penetration testing. You'll then examine the differences between penetration testing and vulnerability assessments, as well as the various types, stages, and methods of penetration testing. Next, you'll learn about white box, black box, and gray box penetration testing, and the differences in penetration testing methodologies. You'll see the available tools for performing penetration testing, as well as the types of outputs resulting from penetration testing. Lastly, you'll learn about penetration testing best practices and how to perform a penetration test.

16 videos | 1h 26m Assessment Badge

CCSP 2022: Legal Requirements, Privacy Issues, & Risk Management in the Cloud

Cloud computing presents a number of unique risks and issues since it routinely crosses many geographic and political boundaries, and international legislation, regulations, and privacy requirements can conflict with one another. In this course, examine the legal and privacy issues that a Certified Cloud Security Professional can expect to face. Begin by investigating conflicting international laws, eDiscovery, and Cloud Security Alliance (CSA) guidance. Then, focus on personal privacy issues related to protected health information (PHI), personally identifiable information (PII), and privacy impact assessments (PIAs), and compare privacy requirements including ISO/IEC 27018, Generally Accepted Privacy Principles (GAPP), and General Data Protection Regulation (GDPR). Finally, explore risk management by assessing risk management programs and studying regulatory transparency requirements, including breach notification, Sarbanes-Oxley (SOX), and GDPR. This is one of a collection of courses that fully prepares the learner for the ISC2 Certified Cloud Security Professional (CCSP) 2022 exam.

10 videos | 25m Assessment Badge

CompTIA CASP+: Cryptography & PKI

Cryptography has long played a role in securing sensitive information. In this course, you'll begin with an overview of cryptography and how it can secure data at rest and data in motion. You'll then learn how to enable EFS and BitLocker to protect data at rest. You'll explore how to identify methods by which cryptography can protect data in transit and configure network security via IPsec. Finally, you'll examine how PKI uses certificates to secure IT systems through HTTPS, SSH remote management, and generating file system hashes. This course is one of a collection of courses that prepares learners for the CompTIA Advanced Security Practitioner (CASP+) CAS-004 exam.

17 videos | 1h 51m Assessment Badge

CRISC 2023: Data Privacy

Data privacy is a foremost concern for most organizations. Compliance with laws and regulations feeds into risk management. In this course, you will discover the characteristics of Personally Identifiable Information (PII) and techniques to prevent sensitive data leakage. Then you will explore data loss prevention (DLP) and learn how to implement DLP using Microsoft Purview. Next, you will examine various data privacy and security standards including International Organization for Standardization (ISO)/International Electrotechnical Commission (IEC) standards, General Data Protection Regulation (GDPR), the Federal Risk and Authorization Management Program (FedRAMP) and the Health Insurance Portability and Accountability Act (HIPAA). Finally, you will focus on the Payment Card Industry Data Security Standard (PCI DSS), Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and China's Personal Information Protection Law (PIPL). This course can be used to prepare for the ISACA(r) Certified in Risk and Information Systems Control (CRISC(r)) certification.

12 videos | 1h 7m Assessment Badge

CRISC 2023: Cryptography

Confidentiality, integrity, and availability are core pillars of IT security governance. Cybersecurity analysts can harden IT environments using various encryption and hashing techniques. In this course, examine how the CIA triad relates to IT security and how cryptography protects sensitive data. Next, discover how to configure Encrypting File System (EFS) file encryption and Microsoft BitLocker encryption, and use a customer-managed key to enable encryption for an Azure storage account. Then learn how to hash files in Linux and Windows. Finally, find out about hardware security modules (HSMs) and the Trusted Platform Module (TPM), how Transport Layer Security (TLS) supersedes the Secure Sockets Layer (SSL), and how to enable HTTPS. This course can be used to prepare for the ISACA(r) Certified in Risk and Information Systems Control (CRISC(r)) certification.

14 videos | 1h 18m Assessment Badge

CompTIA Cybersecurity Analyst+: Network Security Concepts

Cybersecurity policies often require detailed network configuration changes and additions. Technicians must be proficient with the configuration and management of various TCP/IP protocols. In this course, I will start by discussing the Open Systems Interconnection (OSI) model, network switching, and network access control. Next, I'll discuss the TCP/IP protocol suite as well as IPv4 and IPv6 addressing. I will then discuss network routing, dynamic host configuration protocol (DHCP), domain name system (DNS) and Wi-Fi authentication methods. Lastly, I will cover virtual private networks (VPNs), IP Security (IPsec) and network time synchronization. This course can be used to prepare for the CS0-003: CompTIA Cybersecurity Analyst+ (CySA+) exam.

14 videos | 1h 29m Assessment Badge

CompTIA Cybersecurity Analyst+: Managing Network Settings

Modern IT solutions communicate over various types of networks. Cybersecurity analysts must be able to configure and secure the ways that devices communicate over these networks. In this course, I will begin by creating on-premises and cloud-based virtual networks, followed by managing IP addressing on Linux, Windows, and in the cloud. Next, I will manage routing table entries in the cloud and implement domain name system (DNS) and Dynamic Host Configuration Protocol (DHCP) security. Lastly, I will harden a Wi-Fi router and configure IPsec in Windows. This course can be used to prepare for the CS0-003: CompTIA Cybersecurity Analyst+ (CySA+) exam.

11 videos | 59m Assessment Badge

CompTIA Cybersecurity Analyst+: Cloud Computing & Cybersecurity

Cloud computing is an integral part of IT solutions for individuals and organizations. A knowledge of how cloud computing services are deployed and managed is a requirement for securing cloud-based resources. In this course, I will start by discussing cloud computing deployment models, such as public and private clouds, followed by discussing various cloud computing service models. Next, I will cover a variety of cloud computing security solutions, and I will deploy Linux and Windows cloud-based virtual machines. I will then deploy a web application in the cloud, cover the Cloud Controls Matrix (CCM) security controls, and work with Microsoft Azure managed identities. Lastly, I will discuss and configure a content delivery network (CDN). This course can be used to prepare for the CS0-003: CompTIA Cybersecurity Analyst+ (CySA+) exam.

12 videos | 1h 10m Assessment Badge

CompTIA Cybersecurity Analyst+: Data Security Standards

To remain compliant with relevant data privacy laws and regulations, organizations must have a way of identifying sensitive data and implementing security controls to protect that data. In this course, explore how physical security is related to digital data security, examples of personally identifiable information (PII), and how data loss prevention (DLP) solutions can prevent data exfiltration. Next, learn about common data privacy regulations and standards, including GDPR, HIPAA, and PCI DSS. Finally, discover how to use Amazon Macie and File Server Resource Manager to discover and classify sensitive information and learn about the importance of service level objectives (SLOs) and service level agreements (SLAs). This course can be used to prepare for the CS0-003: CompTIA Cybersecurity Analyst+ (CySA+) exam.

11 videos | 1h 3m Assessment Badge

CompTIA Cybersecurity Analyst+: Threat Intelligence Information

Cybersecurity analysts and security tools can reference a variety of threat intelligence sources to keep up to date with the latest threats and mitigations. These can be used to help keep organization security policies as effective as possible. In this course, examine different threat intelligence sources, the common vulnerabilities and exposures (CVEs) website, and the MITRE ATT&CK knowledge base. Next, discover how the OWASP Top 10 can help harden vulnerable web applications, how advanced persistent threats (APTs) are executed, and common ISO/IEC standards. Finally, learn how to analyze CIS benchmark documents, the Common Vulnerability Scoring System (CVSS), common organization security policy structures, and how organizational culture relates to IT security. This course can be used to prepare for the CS0-003: CompTIA Cybersecurity Analyst+ (CySA+) exam.

12 videos | 1h 9m Assessment Badge

CompTIA Cybersecurity Analyst+: Business Continuity Planning

Organizations must prepare in advance for the inevitable disruption of business operations. This means proactive planning to not only prevent disruptions but also manage them to reduce their negative impact. In this course, you'll begin by exploring common characteristics of a business continuity plan (BCP) and how to conduct a business impact analysis (BIA). You will then consider disaster recovery and incident response plans and focus on incident response activities such as escalation, eradication, and containment. Next, discover the importance of lessons learned from past incidents in order to make future incident response more effective. Lastly, you will explore the cyber-attack kill chain and the diamond model of intrusion analysis. This course can be used to prepare for the CS0-003: CompTIA Cybersecurity Analyst+ (CySA+) exam.

12 videos | 1h 9m Assessment Badge

CompTIA Cybersecurity Analyst+: Cryptography

Confidentiality, integrity, and availability are core pillars of IT security governance. Cybersecurity analysts can harden IT environments using various encryption and hashing techniques. In this course, examine how the CIA triad relates to IT security and how cryptography protects sensitive data. Next, discover how to configure EFS file encryption and Microsoft BitLocker encryption, and use a customer-managed key to enable encryption for an Azure storage account. Finally, learn how to hash files in Linux and Windows, about hardware security modules (HSMs), and how TLS supersedes SSL. This course can be used to prepare for the CS0-003: CompTIA Cybersecurity Analyst+ exam.

12 videos | 1h 5m Assessment Badge

CompTIA Cybersecurity Analyst+: Hardening Techniques

Hardening refers to attack surface reduction in IT environments and can be applied to any type of device or software environment, including storage area networks (SANs). Firmware and software patches should be applied to ensure that potential security flaws in code have been addressed. In this course, I will begin by covering hardening techniques for a variety of IT environments, followed by using Microsoft Group Policy to configure security settings for Active Directory domain-joined computers. Next, I will discuss storage area networks and related security considerations. I will then remove the need for virtual machine (VM) public IP addresses by allowing remote access through Microsoft Azure Bastion. I will discuss the importance of applying hardware and software patches. Lastly, I will install and configure a Windows Server Update Services (WSUS) server and deploy updates to Microsoft Azure virtual machines. This course can be used to prepare for the CS0-003: CompTIA Cybersecurity Analyst+ exam.

10 videos | 56m Assessment Badge

CompTIA Cybersecurity Analyst+: Malicious Techniques & Procedures

Understanding the characteristics of various types of attacks goes a long way in helping cybersecurity analysts prevent and detect malicious activity. A knowledge of techniques and attacks such as buffer overflows and distributed denial-of-service (DDoS) attacks facilitates mitigation planning. In this course, I will begin by covering how SYN flood attacks from the 3-way Transmission Control Protocol (TCP) handshake. Next, I will detail various types of buffer overflow, cross-site scripting (XSS), and injection attacks. I will then execute a structured query language (SQL) injection attack followed by discussing potential extensible markup language (XML) vulnerabilities and DDoS attack mitigations. Moving on, I will run a denial-of-service (DoS), client web browser, and reverse shell attack. Lastly, I will spoof network traffic, crack Remote Desktop Protocol (RDP) passwords and discuss common Wi-Fi attacks. This course can be used to prepare for the CS0-003: CompTIA Cybersecurity Analyst+ exam.

15 videos | 1h 27m Assessment Badge

CompTIA Cybersecurity Analyst+: Secure Coding & Digital Forensics

Security must be included in all phases of IT system and software development designs. Continuous integration and continuous delivery/deployment (CI/CD) integrates development and ongoing management of IT solutions. Cybersecurity analysts must understand IT governance and digital forensics concepts. Begin this course by examining the role of security in the software development life cycle (SDLC). Then you will explore CI/CD and learn how Git is used for file version control. Next, you will discover how the Control Objectives for Information and Related Technologies (COBIT) framework applies to IT governance and you will investigate digital forensics. Finally, you will configure legal hold settings for a cloud storage account and list common digital forensics hardware and software solutions. This course can be used to prepare for the CS0-003: CompTIA Cybersecurity Analyst+ exam.

10 videos | 55m Assessment Badge

CompTIA Network+: The OSI Reference Model

The Open Systems Interconnection (OSI) model is used to describe how computer systems communicate with each other. The OSI model is split into seven abstract layers and is often used for troubleshooting network problems. In this course, learn about the purpose and features of the OSI model. Next, examine each OSI model layer, including the application, presentation, session, transport, network, data link, and physical layers. Finally, discover how human-readable information, such as emails and chat messages, are transferred over a network, as well as the path this information takes along the OSI model. This course is one of a collection that helps prepare learners for the CompTIA Network+ (N10-009) certification exam.

10 videos | 51m Assessment Badge

CompTIA Network+: Ports & Protocols

Understanding common networking protocols, ports, services, and traffic types is crucial for managing and securing networks. In this course, learn about the most commonly known protocols that are used today on computer networks, such as FTP, SMTP, DNS, HTTP/HTTPS, and more. Next, examine how HTTP enables computers to send and receive web-based communication messages and investigate other common key protocols and their ports. Finally, explore the Structured Query Language (SQL) programming language, common IP protocol types, and various traffic types. This course is one of a collection that helps prepare learners for the CompTIA Network+ (N10-009) certification exam.

21 videos | 2h 28m Assessment Badge

CompTIA Network+: Network Topologies, Architectures, & Types

Network architectures refer to the overall design and layout of a network, including how devices and components are organized and interconnected. In this course, explore wireless and wired networking standards, the features of key satellite and cellular technologies, and the differences between various types of wired transmission media. Next, compare Ethernet and fibre channel (FC) transceiver protocols and the differences between common network connector types. Finally, learn about common network topologies, architectures, and types, as well as use cases for a collapsed core architecture and network traffic flow. This course is one of a collection that helps prepare learners for the CompTIA Network+ (N10-009) certification exam.

15 videos | 1h 14m Assessment Badge

CompTIA Network+: Network Security Concepts & Solutions

Network security concepts encompass a range of practices, technologies, and policies designed to protect the integrity, confidentiality, and availability of data and resources within a computer network. In this course, explore logical security concepts, including encryption and identity and access management (IAM), as well as physical security controls. Next, learn about security deception technologies and common network security terminology, including confidentiality, integrity, and availability (CIA). Finally, examine network access control solutions, key management concepts, network security rules, and network security zones. This course is one of a collection that helps prepare learners for the CompTIA Network+ (N10-009) certification exam.

13 videos | 1h 8m Assessment Badge

CompTIA PenTest+: Professionalism & Integrity

Penetration testers must be ethical in order to avoid any illegal activities and to best serve clients. In this course, you'll learn how to develop and demonstrate an ethical hacking mindset by maintaining integrity and professionalism during penetration testing exercises. You'll explore the importance of performing background checks on penetration testing team members and adhering to the scope of engagement. You'll then examine how to identify, handle, and report on security breaches and potential findings of a criminal nature. You'll learn how to limit the use of tools for a particular engagement and invasiveness based on scope. Lastly, you'll learn the importance of maintaining data and information confidentiality of data and information and explore risks to penetration testing team members. This course is one of a collection that helps prepare learners for the CompTIA PenTest+ (PT0-002) certification exam.

10 videos | 1h 8m Assessment Badge

CompTIA PenTest+: Penetration Testing Tools

A penetration tester's toolkit should include a wide range of tools and may vary based on the penetration testing engagement requirements. In this course, you'll explore use cases of tools required during the different phases of a penetration test. You'll examine scanner tools such as Nikto, SQLmap, and WPScan, as well as credential testing tools and debuggers. You'll learn about open-source intelligence tools, as well as wireless and networking tools such as Wireshark. Next, you'll explore web application, social engineering, remote access tools, and other miscellaneous tools. Lastly, you'll learn about common steganography tools and cloud tools. This course is one of a collection that helps prepare learners for the CompTIA PenTest+ (PT0-002) certification exam.

16 videos | 1h 36m Assessment Badge

CompTIA Security+: Analyzing Application & Network Attacks

It is crucial that you be able to recognize various application and network attacks and be able to protect your infrastructure from them. In this course, you'll learn to analyze different application attacks such as privilege escalation, cross-site scripting, request forgery, injection, code, and APIs. You'll also look at other attacks like SSL stripping, pass the hash, and driver manipulation. Then, you'll move on to explore a variety of network attacks, including wireless, man-in-the-middle, Layer 2, DNS, DDoS, and malicious code or script execution. This course can be used in preparation for the CompTIA Security+ SY0-601 certification exam.

15 videos | 55m Assessment Badge

CompTIA Security+: Security Assessment & Penetration Testing Techniques

It is important for security professionals to be aware of various security assessment and penetration testing techniques and methods. In this course, explore key assessment techniques like intelligence fusion, threat hunting, threat feeds, advisories and bulletins, vulnerability scans, and false positives/false negatives. You will also examine the fundamentals of penetration testing including black/blue/gray box methodologies, lateral movement , privilege escalation, persistence, and pivoting. Other topics include passive and active reconnaissance as well as the different exercise teams. This course can be used in preparation for the CompTIA Security+ SY0-601 certification exam.

12 videos | 36m Assessment Badge

CompTIA Security+: Implementing Cybersecurity Resilience

In order to protect your enterprise assets, you should be familiar with and know how to apply key cybersecurity resiliency concepts. In this course, you'll learn about redundancy concepts like geographic dispersal, RAID, and NIC teaming. You'll explore replication methods like storage area networking and virtual machines. You'll move on to examine various backup types, including full, incremental, differential, and snapshot. Next, you'll look at non-persistence and high availability concepts. Finally, you'll learn about the order of restoration and diversity concepts. This course can be used in preparation for the CompTIA Security+ SY0-601 certification exam.

9 videos | 32m Assessment Badge

CompTIA Security+: Incident Response, Digital Forensics, & Supporting Investigations

To best support a digital forensic investigation, incident response teams need to be aware of the various incident response plans and processes available to them. In this CompTIA Security+ SYO-601 course, you'll start by exploring various incident response exercises, such as tabletop sessions, walkthroughs, and simulations. Then, you'll outline three fundamental attack frameworks: MITRE, The Diamond Model of Intrusion Analysis, and the Cyber Kill Chain. Next, you'll examine different incident response plans types, including communication plans, disaster recovery plans, business continuity plans, and continuity of operation planning (COOP). You'll then identify key aspects of digital forensics, such as documentation/evidence, acquisition and integrity maintenance, preservation, e-discovery, data recovery, non-repudiation, and strategic intelligence and counterintelligence. Lastly, you'll outline how to utilize appropriate digital forensic data sources to support an investigation.

9 videos | 44m Assessment Badge

CompTIA Server+: Server Components

Server technicians are now responsible for both on-premises and cloud-based servers. There are many factors to consider when managing these environments. Learn how to plan for server component configuration and environmental conditions in this thorough course. Explore how servers solve business problems. Examine server firmware components, such as Basic Input Output System (BIOS) settings and its successor, Unified Extensible Firmware Interface (UEFI). Then, practice configuring BIOS settings. Next, examine server form factors that help determine the space needed in an equipment rack. Study the roles that CPU, RAM, buses, and interfaces play in a server environment. Plan server power draw and server room HVAC and fire suppression. And learn how to prevent static charge damage to sensitive electronic components. Upon completion, you'll be able to better plan for specific server environments and requirements. You'll also be more prepared for the CompTIA Server+ SK0-005 certification exam.

14 videos | 1h 25m Assessment Badge

CompTIA Server+: Deploying Cloud PaaS & SaaS

Platform as a Service (PaaS) and Software as a Service (SaaS) are two popular and valuable cloud service models. Both play a unique role in managing certain aspects of cloud computing. If you're an IT professional working in server environments, you need to know what these two cloud service models entail. Take this course to learn all about PaaS and SaaS solutions. Furthermore, practice deploying databases in the AWS and Microsoft Azure clouds. Configure a SaaS cloud solution. Use an automation template to deploy a PaaS solution. And use several strategies and tools to keep cloud computing costs to a minimum. Upon course completion, you'll be able to deploy PaaS and SaaS solutions and control cloud computing costs. This course also helps prepare you for the CompTIA Server+ SK0-005 certification exam.

9 videos | 46m Assessment Badge

CompTIA Server+: Network Communications

Learning the various aspects of network communications hardware and software is vital to anyone working in a server environment. Use this theory and practice-based course to get a grip on configuring virtual networks and virtual network interface cards (NICs). Explore how network communications hardware and software map to the OSI model. Identify different types of communication networks such as LAN and VLAN. Then, learn how network switching and network routing work. Moving on, practice deploying a hypervisor virtual network. Next, practice configuring IP routing in the cloud and virtual network peering. Then, identify various types of NICs and cables. And finally, practice configuring on-premises and cloud-based virtual machine NICs. Upon completion, you'll be able to identify various network models and configure virtual networks and virtual NICs. You'll also be a step closer to being prepared for the CompTIA Server+ SK0-005 certification exam.

12 videos | 1h 12m Assessment Badge

CompTIA Server+: Working with TCP/IP

TCP/IP has become the standard software-based network protocol suite used globally. Those working in a server environment need to have a robust understanding of the protocols and services of TCP/IP and their configuration. Learn all about these configurations in this course. Explore IPv4 addressing and IP subnetting and practice configuring IPv4 manually. Next, learn about DHCP and deploying a Windows DHCP server. Then, examine how TCP and UDP transport protocols differ. Moving on, practice configuring IPv6 addresses manually and also configuring IP addresses in the cloud. Explore DNS and practice the deployment of a Windows DNS server and the configuration of DNS zones in the cloud. And finally, explore NTP and its configurations. When you're done, you'll be well versed in the configurations of the different TCP/IP services. You'll also be further prepared to sit the CompTIA Server+ SK0-005 certification exam.

16 videos | 1h 38m Assessment Badge

CompTIA Server+: Data Privacy & Protection

Data privacy has become engrained in laws and regulations all over the world. Server technicians must take the appropriate steps to secure sensitive data in alignment with applicable laws and regulations. Discover items that constitute personally identifiable information (PII) and protected health information (PHI) and identify common data security standards such as GDPR, HIPPAA, and PCI DSS. Differentiate between various types of malware and discover how the art of deception is practiced through social engineering. Next, examine data loss prevention (DLP) and implement data discovery and classification on-premises and in the cloud. Lastly, examine key storage media destruction techniques. Upon course completion, you'll be able secure data in alignment with applicable laws and regulations. You'll also be more prepared for the CompTIA Server+ SK0-005 certification exam.

11 videos | 1h 3m Assessment Badge

CompTIA Server+: Planning For The Worst

Keeping IT services running in the inevitable event of some kind of disruption is possible only with up-front planning for business continuity and disaster recovery procedures. Explore strategies for managing business continuity and disaster recovery and examine various options for alternate sites, including the cloud. Practice how to enable IT service high availability in a variety of ways. Finally, discover how to manage on-premises and cloud backups, cloud replication, and file versioning. Upon course completion, you'll be able to plan for continued IT service availability in the event of disruptions. You'll also be more prepared for the CompTIA Server+ SK0-005 certification exam.

10 videos | 53m Assessment Badge

Mitigating Security Risks: Cyber Security Risks

Effective cybersecurity risk management requires intricate knowledge of day-to-day IT security risks, network vulnerabilities, and cyber attacks. In this course, you'll detail several cybersecurity breaches and how best to prevent each one. You'll start with a general overview of what comprises security risks before categorizing different types into information, cloud, and data-related risks. Next, you'll explore cybercrime methods, the motivations behind them, and the security gaps that invite them in. You'll then use real-life examples to detail some commonplace cyberattacks and crimes. Moving on, you'll investigate what's meant by malware and outline best practices to manage worms, viruses, logic bombs, trojans, and rootkits. You'll also learn how to safeguard against malware, spyware, ransomware, adware, phishing, zero-day vulnerabilities, DoS, and backdoor attacks. By the end of the course, you'll be able to outline guidelines and best practices for securing against the most prevalent types of cybercrimes.

13 videos | 1h 16m Assessment Badge

Mitigating Security Risks: Information, Cloud, & Data Security Risk Considerations

To keep your organization's data secure, you need to know why your data is at risk and how to protect it using established principles and standards. In this course, you'll explore commonly used techniques to compromise data and how international best practices can help protect against these breaches. You'll start by examining three fundamental information security principles, which define information security policy and help identify risks. You'll then outline data breach methods and identify the targets of these threats. Next, you'll investigate what's meant by 'the human factor' and why it's key to any attack. You'll then study how technologies to secure data and information work under the hood. Moving on, you'll outline primary worldwide information security regulations and governance frameworks. Lastly, you'll examine why the ISO 27017 cloud security principles need to be considered when formulating a cloud security risk management plan.

11 videos | 55m Assessment Badge

Mitigating Security Risks: Information Security Governance

Adequate risk management requires the policies, procedures, standards, and guidelines that encompass effective information security governance are in place. This course shows you how to incorporate security governance as part of a robust security strategy. Examine the many security governance elements. Outline how to design, implement, and continually evaluate your strategy based on best practices. Define how security governance relates to the CIA Triad and distinguish between security governance and security management. Furthermore, investigate IT governance frameworks and compare centralized, decentralized, and hybrid structures. After taking this course, you'll recognize what's needed to implement a sound and robust information security governance strategy at your organization.

20 videos | 1h 23m Assessment Badge

Ethical Hacker: Incident Response

Ethical hacking is a means to avoid incidents and to discover them before they are realized. Often, ethical hacking is part of the response to an incident, so an understanding of incident handling is important for the ethical hacker. In this 10-video course, you will explore the foundational concepts of incident response, including incident classification, recovery and remediation, and after-action review. Key concepts covered in this course include incident response concepts that can be applied, whether a situation is a cyber incident, an insider issue, a physical disaster, or other type; learning to properly classify and describe different types of incidents; and learning to create a response plan for physical incidents. Learners continue by observing how to create a response plan for cyber incidents; how to apply basic incident response forensics including evidence handling and basic techniques; and how to apply basic incident response forensics, including imaging a drive and basic legal standards. Finally, learn to conduct recovery and remediation activities; and conduct an after-action review of incident response.

10 videos | 38m Assessment Badge

Ethical Hacker: Security Standards

Ethical hacking is not just random hacking attempts; it is a systematic testing of the target's security. For that reason, an understanding of security standards and formal testing methodologies is critical. Key concepts covered in this 11-video course include security standards such as NIST 800-115, a security standard which is integrally interconnected with ethical hacking and testing; and NIST 800-53, a security standard that can help users to professionalize and improve an ethical hacking test. Next, learn how to properly apply filtering and data validation; how to apply the NSA-IAM to ethical hacking to plan, execute, and report on your ethical hacking project; and how to apply the PTES to ethical hacking to plan, execute, and report on your ethical hacking project. Then learn about PCI-DSS standards and how to integrate them into ethical hacking; learn how to implement ISO 27001; and learn to interpret and apply NIST 800-12. Finally, learners observe how to employ NIST 800-26 standards to manage IT security; and learn about NIST 800-14 security protocols.

11 videos | 39m Assessment Badge

CISM 2022: Information Security Governance

The best way to improve the enterprise security stance is to align IT security solutions with business objectives. In this course, you will consider how information security must align with business strategies. You will explore the business model for information security and review the importance of identifying and classifying assets critical to a business. Next, you will learn about supply chain security, personnel management, and the components of an information security program. You will discover the relationship between service-level agreements (SLAs) and organizational objectives and discuss the relevance of change and configuration management. Then, consider how to develop organizational security policies. Lastly, explore expense types, chain of custody, organizational culture, and how the Control Objectives for Information Technologies (COBIT) framework applies to IT governance. This course can be used to prepare for the Certified Information Security Manager (CISM) exam.

16 videos | 1h 40m Assessment Badge

CISM 2022: Business Continuity & Security

Keeping business processes up and running is a priority for every type of business. Security plays an important role in the success of business continuity planning. In this course, you will discover the characteristics that define a business impact analysis (BIA) and explore disaster recovery plans (DRPs) and various data and IT security roles commonly present in an enterprise. Next, you will learn how contractual obligations can necessitate security compliance and audits. You will discover the importance of establishing performance and security baselines on-premises and in the cloud. Lastly, you will explore physical security and security control types with a slant on business process alignment. This course can be used to prepare for the Certified Information Security Manager (CISM) exam.

12 videos | 1h 13m Assessment Badge

CISM 2022: Incident Response

Incident response is initiated when a security incident is confirmed. Incident response plan participants must know their roles and plan details for effectively minimizing the impact of security incidents. In this course, you will explore the components that make up an incident response plan, including roles, escalation procedures, and communication plans. Next, focus on incident escalation where applicable, incident eradication according to planned procedures, and incident containment to prevent further incident damage. Then discover the importance of analyzing past incident responses in the spirit of constant improvement and the reduction of incident response times. Lastly, find out how incident detection and automated responses are possible in the cloud. This course can be used to prepare for the Certified Information Security Manager (CISM) exam.

8 videos | 41m Assessment Badge

CISM 2022: Security Standards

Global and local security standards, including laws and regulations, are an important input to determine how enterprises deploy and manage security controls. In this course, you will learn how the European Union's General Data Protection Regulation (GDPR) data privacy legislation applies to any organization world-wide handling private EU citizen data. Next, you will explore various International Organization for Standardization/International Electrotechnical Commission (ISO/IEC) standards for proper data governance, followed by American data privacy and cloud security standards such as Health Insurance Portability and Accountability Act (HIPAA) and Federal Risk and Authorization Management Program (FedRamp). Discover how to secure cardholder data as related to Payment Card Industry Data Security Standard (PCI DSS) international security standards and review other data privacy legislation including Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and China's Personal Information Protection Law (PIPL). Lastly, explore the importance of securing cloud service usage in alignment with the Cloud Controls Matrix (CCM). This course can be used to prepare for the Certified Information Security Manager (CISM) exam.

10 videos | 53m Assessment Badge

CISM 2022: Managing Risk

Residual risk remains after security controls are put in place to mitigate the impact of threats. The organizational appetite for risk determines what level of residual risk is acceptable. In this course, you will explore how risk management improves business operations by minimizing the impact of realized threats. You will learn how to calculate the cost of mitigating risk compared to the value of the protected asset and determine the cost-benefit analysis and return on investment when implementing security controls. Next, discover the importance of risk assessments, especially where there are changes to some aspect of the business or a specific business process. You will then explore how various risk approaches, such as risk acceptance, avoidance, transfer, and reduction, apply to an organization's tolerance of residual risk. Lastly, discover how risk heat maps are an effective method for communicating various degrees of risk. This course can be used to prepare for the Certified Information Security Manager (CISM) exam.

9 videos | 49m Assessment Badge

CISM 2022: Data Privacy

Enterprises must comply with relevant laws and regulations related to data privacy. This requires recognizing applicable laws and regulations and implementing the appropriate security controls. In this course, you will explore examples of personally identifiable information (PII) and protected health information (PHI) and learn about data residency implications related to the physical storage location of sensitive data. Next, learn how to reduce the possibility of data exfiltration through data loss protection policies and how to discover and classify data using Amazon Macie and Microsoft Purview governance. Then you will learn to configure data classification on the Microsoft Windows server platform and tag cloud resources for classification purposes. Lastly, explore how to configure Microsoft Azure storage account encryption using a customer-managed key. This course can be used to prepare for the Certified Information Security Manager (CISM) exam.

10 videos | 56m Assessment Badge

CISM 2022: Assessing Risk

Assessing risk is a crucial activity that enables organizations to evaluate risk exposure for business processes and assets. In this course, you will begin by exploring how to conduct vulnerability assessments and how the results can shed light on security control deficiencies. Next, you will learn how to perform a network vulnerability assessment and review the results, followed by scanning a web application for web app-specific vulnerabilities. You will discover how to conduct a gap analysis to determine the current security posture compared to a desired security posture. Then, you will explore the important aspects of when and how to run penetration tests. Lastly, you will see how to configure Microsoft Azure Policy assignments to determine cloud resource configuration compliance. This course can be used to prepare for the Certified Information Security Manager (CISM) exam.

8 videos | 45m Assessment Badge

CISM 2022: Network Security

Organizations should secure resource access while remaining compliant with relevant laws and regulations. One of the many ways to do this is to ensure proper network security controls are in place and reviewed regularly. In this course, examine the OSI model layers and their relevance to network security controls, as well as the security aspects of network switching and network access control. Next, explore DHCP and DNS security issues and Wi-Fi authentication methods, and discover how to harden a DHCP and DNS deployment on Windows Server. Finally, learn the importance of using honeypots and honeynets, and how to implement a honeypot and analyze captured network traffic. This course can be used to prepare for the Certified Information Security Manager (CISM) exam.

11 videos | 1h 10m Assessment Badge

CISM 2022: Network Attack Mitigation

To effectively defend against common network attacks, organizations must truly understand how they are executed. Thereafter, information security managers can implement and manage security controls to address network security control objectives. In this course, explore firewall types, configure the built-in Windows Defender Firewall, and adjust firewall rules on a Linux host. Next, learn how to manage Azure cloud network security groups to control virtual network subnet and interface traffic and how forward and reverse proxy servers can enable inbound and outbound network security. Finally, examine the relevance of intrusion detection placement and prevention configurations and configure the open-source Snort IDS tool to detect suspicious traffic. This course can be used to prepare for the Certified Information Security Manager (CISM) exam.

10 videos | 1h 2m Assessment Badge

CISM 2022: Common Network Security Threats

Some security controls are very specific to the threat that they address. Information security managers must be well versed in common network security threats in order to minimize the impact of realized threats on business processes. In this course, you will start by exploring various types of threat actors and their motivation for attacking networks. You will review industry standards related to categorizing threats, including common vulnerabilities and exposures (CVEs), the MITRE ATT&CK knowledge base, and the OWASP Top 10 web application security attacks. Next, you will learn how bug bounties are paid by companies to ensure the utmost in security for their products, which can influence customer choices. You will discover how various types of network attacks are executed including Wi-Fi attacks, SYN flood attacks, buffer overflow attacks, advanced persistent threats (APTs), and distributed denial-of-service (DDoS) attacks. Lastly, you will see how VPN anonymizer solutions and the Tor web browser can be used for anonymous network connectivity for legitimate as well as illegal purposes. This course can be used to prepare for the Certified Information Security Manager (CISM) exam.

13 videos | 1h 14m Assessment Badge

CISM 2022: Common Network Security Attacks

Security technicians can benefit significantly by executing network security attacks in a controlled environment. This allows for an in-depth periodic review of security control efficacy related to IT networks. In this course, you will discover how networks can be scanned by attackers seeking potentially vulnerable services using free tools such as Nmap. You will then explore how attackers can compromise a user web browser, how SQL injection attacks can reveal more information than intended by the app designer, and how to configure a reverse shell where the compromised station reaches out to the attacker station, often defeating standard firewall rule sets. Next, you will learn how to spoof network traffic and execute a distributed denial-of-service (DDoS) attack. Lastly, you will discover how to brute force a Windows remote desktop protocol (RDP) connection to gain access to a Windows host. This course can be used to prepare for the Certified Information Security Manager (CISM) exam.

9 videos | 49m Assessment Badge

CISM 2022: Cloud Computing & Coding

The use of cloud services is a form of outsourcing of IT service which also introduces an element of risk. Software developers can use on-premises as well as cloud-based services to create, test, and deploy software solutions. In this course, you will explore cloud deployment models including public, private, hybrid, and community clouds. You will then cover cloud computing service models, such as Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS), including where the security responsibility lies in each model. Next, you will explore various cloud-based security controls addressing a wide variety of cloud computing security needs. You will discover how to deploy a repeatable compliant cloud-based sandbox environment using Microsoft Azure Blueprints. Next, explore how security must be included in each software development life cycle (SDLC) phase as opposed to post-implementation. Finally, discover the importance of secure coding practices and how security must integrate with software development, testing, deployment, and patching. This course can be used to prepare for the Certified Information Security Manager (CISM) exam.

9 videos | 49m Assessment Badge

CISM 2022: Data Protection with Cryptography

Cryptography provides solutions for ensuring data privacy and integrity. Various firmware and software solutions protect data in transit and data at rest. In this course, you will explore the CIA security triad and how it relates to the organization's security program. You will then review various cryptography solutions and discuss data integrity to assure that tampering has not occurred. Next, you will learn how Hardware Security Module (HSM) appliances and Trusted Platform Module (TPM) firmware provide cryptographic services. You will see how Transport Layer Security (TLS) supersedes the deprecated Secure Sockets Layer (SSL) network security protocol suite followed by discussing virtual private network (VPN) encrypted network tunnels, and the IP Security (IPsec) network security protocol suite. Lastly, you will explore the PKI hierarchy and how public key infrastructure (PKI) certificates are used for digital security throughout the certificate life cycle. This course can be used to prepare for the Certified Information Security Manager (CISM) exam.

12 videos | 1h 5m Assessment Badge

SSCP 2021: Business Continuity Planning

When dealing with security, preparation is key. A variety of disasters could happen to most organizations at any moment, and the impact that could have on data and systems could be detrimental. There are many measures and processes to help recover from a disaster. Use this course to learn a handful of them. Explore the main elements of business continuity planning (BCP), also called continuity of operations (COOP). See what's involved in business impact analysis and disaster recovery planning. And examine various backup and restore methods. Upon course completion, you'll know several strategies to ensure a business continues to function after a disaster. This course's objectives line up with those in Domain 4: Incident Response and Recovery of the SSCP CBK and will help you prepare for the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 exam.

7 videos | 36m Assessment Badge

SSCP 2021: Fundamental Networking Concepts

Historically speaking, the vast majority of security practitioners, technicians, engineers, and architects come from the field of local and wide area networking. This factor, as well as the importance of protecting data-in-transit, makes networking a critical knowledge area. Use this course to get to grips with several networking concepts and methodologies. Learn to distinguish between the OSI and TCP/IP reference models. Explore network topologies, relationships, and media types. See what's meant by software-defined networking (SDN), Remote Authentication Dial-In User Service (RADIUS), and terminal access controller access-control system plus (TACACS+), among other terms. Examine commonly used ports and protocols. And look into remote access connectivity and virtual private networks (VPNs). Upon course completion, you'll be familiar with several fundamental networking concepts and network access control methodologies. You'll also be further prepared for the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 exam.

9 videos | 50m Assessment Badge

SRE Emergency & Incident Response: Incident Response

A well-prepared and organized approach is key to addressing and managing the aftermath of a system failure, security breach, or cyberattack. In this course, you'll explore the fundamental principles an SRE needs to be familiar with when responding to and managing incidents. You'll identify the goals, requirements, best practices, and key players involved in incident management. You'll learn how to deal with managed and unmanaged incidents and what's involved in an incident response plan. You'll identify incident response roles and responsibilities, and how to use incident metrics to manage incidents at scale. You'll outline what's involved in establishing a computer security incident response team (CSIRT), including each key team member's roles and responsibilities. Lastly, you'll examine what goes into an incident response policy.

17 videos | 1h 24m Assessment Badge

OS Deployment Strategies: Deploying Modern Systems

Cloud services are rapidly changing the nature of how technology services are implemented, and migrating toward a cloud-based model can provide many benefits to an organization. In this course, you'll explore the various cloud computing deployment models to understand the flexibility, speed, and infrastructure benefits of moving to a cloud solution. You'll also discover the benefits of cloud services models such as Infrastructure as a Service, Platform as a Service, Software as a Service, as well as Identity as a Service and Network as a Service.

12 videos | 43m Assessment Badge

FREE ACCESS

EARN A DIGITAL BADGE WHEN YOU COMPLETE THESE TRACKS

Skillsoft is providing you the opportunity to earn a digital badge upon successful completion on some of our courses, which can be shared on any social network or business platform.

Digital badges are yours to keep, forever.

Journey 722 Information Systems Security Manager Intermediate Certification Journey

(2)

Journey 722 Information Systems Security Manager Advanced Certification Journey

(2)

Journey 722 Information Systems Security Manager Basic KSAT Journey

(1)

Get Started

Sharpen your skills. Upgrade your career. Find the right learning path for you, based on your role and skills. Take part in hands-on practice, study for a certification, and much more - all personalized for you.

*Not included: Compliance, Leadership Development Program content, and Engineering books

Your content + our content + our platform = a path to learning success

Using our learning experience platform, Percipio, your learners can engage in custom learning paths that can feature curated content from all sources.

Learn More

Aspire to something bigger

Aspire Journeys are guided learning paths that set you in motion for career success.

Browse Aspire Journeys

Explore a world of live learning with Global Knowledge

Choose from convenient delivery formats to get the training you and your team need - where, when and how you want it.

Browse Live Learning

IT Skills and Salary Report

ESG Impact Report

722 Information Systems Security Manager Intermediate KSAT Journey

722 Information Systems Security Manager Intermediate

COURSES INCLUDED

EARN A DIGITAL BADGE WHEN YOU COMPLETE THESE TRACKS

YOU MIGHT ALSO LIKE