Frameworks, Life Cycles, and Architecture

Organizations require people with the skills to make decisions to secure information systems based on best practices, standards, and industry recommendations. Security architects fill this need. In this course, you'll learn about common IT life cycles and life cycle management, including the system development and security life cycles. You'll explore the importance of frameworks, including enterprise architecture frameworks. You'll then examine various stakeholders and the roles they play in architecture development. Next, you'll learn about the need for and types of security policies. Finally, you'll explore aspects of secure network architecture design, including network segmentation and components, applying industry best practices, and team member roles and responsibilities.

12 videos | 43m Assessment Badge

Secure Application and Data Architecture Design

Security architects design and implement secure architectures and translate business processes and risk into policy and implementation rules. In this course, you'll explore designing secure application and data architectures. First, you'll examine the history of development, the role of the application architect, and application architecture goals. Next, you'll learn about disciplines related to application architecture, as well as Service-oriented Architecture and its standards. You'll move on to learn about modular framework development, authentication, patching, and vulnerability testing. Next, you'll examine data architecture, data classification, data privacy, and database security. Finally, you'll learn about encryption and big data, as well as data architecture analysis and influences.

20 videos | 55m Assessment Badge

Access Control and Security Architecture Design

In this course, you'll learn about designing a secure access control architecture and updating a security architecture. First, you'll explore identity and access management, including the IAAA process and related entities. You'll move on to examine access control policies and models. You'll learn about centralized access control, as well as distributed access control, federated identity management frameworks, and supporting protocols. You'll explore the importance of access reviews, as well as access control considerations with bring your own device and Internet of Things. Next, you'll examine the impact of change on a security architecture and steps involved in life cycle management. Finally, you'll complete this course by learning about architecture change considerations and the importance of a change management policy.

13 videos | 46m Assessment Badge

Security Architecture Documentation and Alternative Architectures

In this course, you'll learn about documentation requirements for a security architecture and alternate architectures. First, you'll explore the types of documentation required to guide an architecture. You'll examine input documentation, including business requirements and objectives, standards and best practices, and laws and regulations. Next, you'll learn about architecture documentation, including how and what to document. You'll examine output documentation as well, including policies, procedures, and guidelines. You'll learn about the Security Requirements Traceability Matrix, including required fields. Finally, you'll learn about virtualization and how to evaluate cloud and hybrid cloud solutions, focusing on factors like shared responsibility, encryption, and key management.

12 videos | 38m Assessment Badge

FREE ACCESS

Frameworks, Life Cycles, and Architecture

Organizations require people with the skills to make decisions to secure information systems based on best practices, standards, and industry recommendations. Security architects fill this need. In this course, you'll learn about common IT life cycles and life cycle management, including the system development and security life cycles. You'll explore the importance of frameworks, including enterprise architecture frameworks. You'll then examine various stakeholders and the roles they play in architecture development. Next, you'll learn about the need for and types of security policies. Finally, you'll explore aspects of secure network architecture design, including network segmentation and components, applying industry best practices, and team member roles and responsibilities.

12 videos | 43m Assessment Badge

Secure Application and Data Architecture Design

Security architects design and implement secure architectures and translate business processes and risk into policy and implementation rules. In this course, you'll explore designing secure application and data architectures. First, you'll examine the history of development, the role of the application architect, and application architecture goals. Next, you'll learn about disciplines related to application architecture, as well as Service-oriented Architecture and its standards. You'll move on to learn about modular framework development, authentication, patching, and vulnerability testing. Next, you'll examine data architecture, data classification, data privacy, and database security. Finally, you'll learn about encryption and big data, as well as data architecture analysis and influences.

20 videos | 55m Assessment Badge

Access Control and Security Architecture Design

In this course, you'll learn about designing a secure access control architecture and updating a security architecture. First, you'll explore identity and access management, including the IAAA process and related entities. You'll move on to examine access control policies and models. You'll learn about centralized access control, as well as distributed access control, federated identity management frameworks, and supporting protocols. You'll explore the importance of access reviews, as well as access control considerations with bring your own device and Internet of Things. Next, you'll examine the impact of change on a security architecture and steps involved in life cycle management. Finally, you'll complete this course by learning about architecture change considerations and the importance of a change management policy.

13 videos | 46m Assessment Badge

Security Architecture Documentation and Alternative Architectures

In this course, you'll learn about documentation requirements for a security architecture and alternate architectures. First, you'll explore the types of documentation required to guide an architecture. You'll examine input documentation, including business requirements and objectives, standards and best practices, and laws and regulations. Next, you'll learn about architecture documentation, including how and what to document. You'll examine output documentation as well, including policies, procedures, and guidelines. You'll learn about the Security Requirements Traceability Matrix, including required fields. Finally, you'll learn about virtualization and how to evaluate cloud and hybrid cloud solutions, focusing on factors like shared responsibility, encryption, and key management.

12 videos | 38m Assessment Badge

Cybersecurity and Networking Fundamentals

The goal of cybersecurity is to protect systems, networks, data, and programs from digital attacks. As cyber-attacks continue to increase in frequency and sophistication, it is imperative that cybersecurity professionals learn how to quickly identify and mitigate vulnerabilities. In this course, you will learn common security terminology including threats, vulnerabilities, attacks, exploits, controls, and countermeasures. Discover the fundamentals of the confidentiality, integrity, and availability (CIA) triad, and explore the five elements of the AAA framework; identification, authentication, authorization, auditing, and accountability. You'll then explore risk considerations and management strategies, and discover how risks can be mitigated, accepted, transferred, and rejected. Lastly, explore core networking components and discover how information flow models are used to prevent unauthorized information flow in any direction. This course was originally created by Global Knowledge (GK).

13 videos | 42m Assessment Badge

Getting Started with Security Architecture

Security architecture can be defined as the specifications, processes, and standard operating procedures (SOPs) required to protect an organization's IT infrastructure. In order to improve network security and mitigate risks, a series of network devices can be used to control access to networks and resources. In this course, explore how security architectures can be used to enforce security at the network layer. Explore basic switching and routing devices, and discover core functions of a network intrusion detection systems (NIDS) and host-based intrusion detection systems (HIDS). Explore the characteristics and categories of firewall devices, and learn about networks, intranets, and demilitarized zones. Discover the benefits of network segmentation and learn how to segment networks. Lastly, discover how Network Address Translation (NAT) is used to map addresses, and explore how Network Access Control (NAC) can be used to verify compliance using security policies. This course was originally created by Global Knowledge (GK).

19 videos | 1h 11m Assessment Badge

Core Concepts of a Service-Oriented Architecture

A Service-Oriented architecture and microservices are different. Discover how a Service-Oriented architecture (SOA) differs from microservices and the advantages that SOA provides.

16 videos | 1h 17m Assessment Badge

Certified Information Systems Auditor (CISA) 2019: Testing & Vulnerability

This course covers material necessary to take the ISACA CISA (Certified Information Systems Auditor) exam, and explores auditor responsibilities such as identifying network and host weaknesses, reporting them to stakeholders, and suggesting recommendations to improve an organization's security. Learn to distinguish between white, black, and gray box testing, and then explore the benefits of periodic scans for identifying vulnerabilities. Learn how to use pen tests, and evaluate environmental and physical security controls. Next, learn how to use Nessus, a free remote security scanning tool. This course demonstrates how to forge TCP (transmission control protocol) network traffic by using the hping3 tool in Kali Linux. This course demonstrates the OWASP (open-source web application security scanner) ZAP (zed attack proxy) tool to identify web app vulnerabilities. You will learn how to secure traffic by using IPSec (internet security protocol), configure a cloud-based jump box, and about honey pots. Next, learn to secure assets with physical controls and the eavesdropping risk of drones. Finally, learners will be able to identify different types of fire suppression systems.

16 videos | 1h 4m Assessment Badge

Data Architecture Deep Dive - Design & Implementation

This 11-video Skillsoft Aspire course explores the numerous types of data architecture that can be used when working with big data; how to implement strategies by using NoSQL (not only structured query language); CAP theorem (consistency, availability, and partition tolerance); and partitioning to improve performance. Learners examine the core activities essential for data architectures: data security, privacy, integrity, quality, regulatory compliances, and governance. You will learn different methods of partitioning, and the criteria for implementing data partitioning. Next, you will install and explore MongoDB, a cross-platform document-oriented database system, and learn to read and write optimizations in MongoDB. You will learn to identify various important components of hybrid data architecture, and adapting it to your data needs. You will learn how to implement DAG (Directed Acyclic Graph) by using the Elasticsearch search engine. You evaluate your needs to determine whether to implement batch processing or stream processing. This course also covers process implementation by using serverless and Lambda architecture. Finally, you will examine types of data risk when implementing data modeling and design.

12 videos | 35m Assessment Badge

Data Architecture Getting Started

In this 12-video course, learners explore how to define data, its lifecycle, the importance of privacy, and SQL and NoSQL database solutions and key data management concepts as they relate to big data. First, look at the relationship between data, information, and analysis. Learn to recognize personally identifiable information (PII), protected health information (PHI), and common data privacy regulations. Then, study the data lifecycle's six phases. Compare and contrast SQL and NoSQL database solutions and look at using Visual Paradigm to create a relational database ERD (entity-relationship diagram). To implement an SQL solution, Microsoft SQL Server is deployed in the Amazon Web Services (AWS) cloud, and a NoSQL solution by deploying DynamoDB in the AWS cloud. Explore definitions of big data and governance. Learners will examine various types of data architecture, including TOGAF (The Open Group Architecture Framework) enterprise architecture. Finally, learners study data analytics and reporting, how organizations can derive value from data they have. The concluding exercise looks at implementing effective data management solutions.

13 videos | 1h 2m Assessment Badge

CISSP 2021: Identity and Access Management Principles

Identity and access management (IAM) is crucial for businesses in order to identify and mitigate security violations, define user identity, and manage access privileges and authorization. Gain a better understanding of critical concepts, terms, and models needed to build a strong foundation in IAM using this course. Explore different areas of physical and logical control and learn more about security models like Biba and Bell-LaPadula. You will also delve deeper into authorization mechanisms, such as MAC, RBAC, DAC, and ABAC. You will have a better understanding of authentication and authorization fundamentals after completing this course. Further, you can also use this course to prepare for the CISSP exam.

11 videos | 34m Assessment Badge

FREE ACCESS

Governance, Risk Management, and Compliance

In this course, you'll explore governance, risk management, and compliance - commonly known as GRC. You'll examine why it matters, what it is, and its increasing importance. You'll learn about who needs it and the role it plays for various parties. Next, you'll examine industry compliance, external authorities, non-compliance consequences, and reporting. You'll also learn about industry standards like PCI, laws and regulations, and compliance and company policy. Finally, you'll complete this course by learning about privacy compliance, including private data, how data architectures address privacy information, the Health Insurance Portability and Accountability Act, the Health Information Technology for Economic and Clinical Health act, the Gramm-Leach-Bliley Act, the General Data Protection Regulation, and privacy best practices.

13 videos | 1h 16m Assessment Badge

Risk Assessment and Management

Risk assessment allows you to identify and prioritize risk, while risk management allows you to analyze, mitigate, or accept risk. In this course, you'll explore risk assessment and management. You'll begin by examining the role Business Impact Analysis plays in risk management and what it accomplishes, before moving on to learn about various risk assessment and analysis approaches. Next, you'll explore the importance of risk mitigation and having a strategy for it, as well as how risk mitigation strategies fit into the risk management effort. You'll learn about the NIST SP 800-37 risk management framework and the steps involved, as well as the Risk Maturity Model and the associated five levels of risk management competency. Finally, you'll explore ongoing risk management, including what causes risk responses and acceptance to change, and the importance of patch management.

8 videos | 43m Assessment Badge

Governance and Corporate Culture

Corporate culture relates to the enterprise-wide attitudes towards security and risk. In this course, you'll learn about governance and corporate culture. First, you'll explore corporate security culture and associated concerns, before moving on to look at the concept of fear, uncertainty, and doubt and why it should be avoided. Next, you'll examine why enterprise-wide support is required, the differences between top-down and bottom-up, and various security roles. You'll learn about the importance of having an acceptable use policy, consequences of not having an appropriate policy in place, and having consequences for individuals who violate this policy. Finally, you'll examine methods of improving corporate culture and governance, like training, rewards and consequences, and hiring practices, and also learn about the importance of ongoing assessments.

5 videos | 21m Assessment Badge

FREE ACCESS

Governance, Risk Management, and Compliance

In this course, you'll explore governance, risk management, and compliance - commonly known as GRC. You'll examine why it matters, what it is, and its increasing importance. You'll learn about who needs it and the role it plays for various parties. Next, you'll examine industry compliance, external authorities, non-compliance consequences, and reporting. You'll also learn about industry standards like PCI, laws and regulations, and compliance and company policy. Finally, you'll complete this course by learning about privacy compliance, including private data, how data architectures address privacy information, the Health Insurance Portability and Accountability Act, the Health Information Technology for Economic and Clinical Health act, the Gramm-Leach-Bliley Act, the General Data Protection Regulation, and privacy best practices.

13 videos | 1h 16m Assessment Badge

Risk Assessment and Management

Risk assessment allows you to identify and prioritize risk, while risk management allows you to analyze, mitigate, or accept risk. In this course, you'll explore risk assessment and management. You'll begin by examining the role Business Impact Analysis plays in risk management and what it accomplishes, before moving on to learn about various risk assessment and analysis approaches. Next, you'll explore the importance of risk mitigation and having a strategy for it, as well as how risk mitigation strategies fit into the risk management effort. You'll learn about the NIST SP 800-37 risk management framework and the steps involved, as well as the Risk Maturity Model and the associated five levels of risk management competency. Finally, you'll explore ongoing risk management, including what causes risk responses and acceptance to change, and the importance of patch management.

8 videos | 43m Assessment Badge

Governance and Corporate Culture

Corporate culture relates to the enterprise-wide attitudes towards security and risk. In this course, you'll learn about governance and corporate culture. First, you'll explore corporate security culture and associated concerns, before moving on to look at the concept of fear, uncertainty, and doubt and why it should be avoided. Next, you'll examine why enterprise-wide support is required, the differences between top-down and bottom-up, and various security roles. You'll learn about the importance of having an acceptable use policy, consequences of not having an appropriate policy in place, and having consequences for individuals who violate this policy. Finally, you'll examine methods of improving corporate culture and governance, like training, rewards and consequences, and hiring practices, and also learn about the importance of ongoing assessments.

5 videos | 21m Assessment Badge

Security Program Regulatory Integration

In this 12-video course, learners will discover the importance of integrating regulations with organizational security policies. Explore security standards such as General Data Protection Regulation (GDPR); Health Insurance Portability and Accountability (HIPAA); and Federal Information Security Management Act (FISMA), as well as the International Organization for Standardization (ISO), and National Institute of Standard and Technology (NIST). To begin, determine how to establish the importance of building regulatory compliance into a company's IT security program. You will then examine Personally Identifiable Information (PII), and Protected Health Information (PHI). This leads into the subject of Payment Card Industry Data Security Standard (PCI DSS), and what it entails. You will learn how HIPAA protects medical information; how GDPR protects European Union citizen data, and how the Gramm-Leach-Bliley Act (GLBA), applies to financial institutions. You will also identify how FISMA strives to protect sensitive US Government information, and recognize both NIST and ISO security standards. To conclude the course, you will discover how the Sarbanes-Oxley Act (SOX), requires organizational financial transparency.

12 videos | 38m Assessment Badge

Risk Analysis: Security Risk Management

In this 14-video course, learners can explore security risk management concepts and discover how to assess, categorize, monitor, and respond to organizational risks. Examine key terms such as threats, vulnerabilities, impacts, and risks, and the steps involved in the National Institute of Standard and Technology (NIST), risk management framework (RMF). Begin by learning how risk relates to information systems, and look at the concepts of managing risks, differentiating between threats, vulnerabilities, impacts, and risks. Examine the first step of the NIST RMF, categorizing risk, and then the second RMF step, selecting security controls. Next, observe the third step, implementing security controls; the fourth step, assessing security control effectiveness; the fifth step, examining risk, and output of security controls assessment to determine whether or not the risk is acceptable; and the last step, monitoring controls. Recognize benefits of a control-focused risk management approach; the benefits of an event-focused risk management approach; and risk communication. Finally, explore risk response and remediation, and differentiating between different risk responses such as accepting, avoiding, mitigating, sharing, or transferring risk.

14 videos | 38m Assessment Badge

Policy & Governance: Incident Response

Learners can explore the creation, adoption, and use of an IRP (Incident Response Plan) in this 14-video course, which examines the purpose and objectives of an IPR, and how it incorporates the objectives of an organization. You will learn how to draft an IRP, and examine the six stages of incident response: preparation, identification, containment, eradication, recovery, and lessons learned. Next, you will examine several tools that are available for incident response strategies, including Sleuth Kit, Metasploit, Websense, and FireEye Security Orchestrator. You will explore the different types of CSIRTs (Computer Security Incident Response Teams), team roles, their purpose, and the benefits of an outsourced team. This course demonstrates an incident team response with two hypothetical scenarios. You will learn about compliance and regulatory requirements, and will examine the international standard, ISO 27001. You will examine governance policy to direct and control IT security. Finally, you will learn to use governance polices to create incident response policies, and you will learn the elements and best practices for creating a plan.

14 videos | 1h 9m Assessment Badge

Security Risks: Performing Security Risk Assessments

The categorization of security risks is essential for effectively assessing and managing risk. In this course, you'll explore the assessment, classification, and prioritization of security risks. You'll begin by outlining the concept of risk assessment and the advantages of different risk assessment techniques. You'll also investigate the features of security assessment methods, such as vulnerability assessment and penetration testing, and discover how to assess security vulnerability. Moving on, you'll recognize the significance of risk categorization and how to update a risk register in Microsoft Excel using a four-quadrant risk classification matrix. Finally, you'll identify the purpose and process of risk prioritization, and the role of a probability-impact matrix in determining risk levels. You'll then investigate how to use the matrix to prioritize risks on a security risk register.

13 videos | 1h 35m Assessment Badge

Cloud Security Management: Risk Management

Every organization needs to understand risk and be familiar with how to mitigate it. Cloud services have different stakeholders and projects, and for this reason having a good understanding of risk is important. In this course, you'll learn about different types of risk and how to properly manage them. In addition, you'll explore risk auditing, business continuity, and disaster recovery.

9 videos | 1h 4m Assessment Badge

CompTIA CASP+: Business Continuity

Business continuity measures ensure that business operations continue during disruptions. In this course, you'll learn how to identify common disaster recovery terms and techniques and plan how to respond to business disruptions. Next, you'll learn to identify how to use physical and logical redundancy, clustering and load balancing to increase system and application availability. Lastly, you'll explore cloud-based load balancing and backups including learning how to configure and deploy a Microsoft Azure Load Balancer as well as back up data using Microsoft Azure. This course is one of a collection of courses that prepares learners for the CompTIA Advanced Security Practitioner (CASP+) CAS-004 exam.

7 videos | 35m Assessment Badge

FREE ACCESS

SSCP 2021: Basic Security Concepts

Most candidates for the (ISC)² Systems Security Certified Practitioner (SSCP) exam will have the required one year of paid job experience. So the basic security concepts are most likely a review for most learners. However, simply defining the technology is not enough. Candidates must be able to grasp how the following principles are implemented: (ISC)² Code of Ethics, confidentiality, integrity, availability, accountability, privacy, non-repudiation, least privilege, and segregation of duties (SoD). Take this course to explore how you would apply these principles to your own daily security operations. Upon completion, you'll have a solid knowledge of the topics covered in Domain 1: Security Operations and Administration of the (ISC)² SSCP 2021 CBK, preparing you to take the exam.

11 videos | 28m Assessment Badge

SSCP 2021: Security Controls

When an organization decides to mitigate risk as part of a handling strategy, they will, in essence, raise the difficulty or resistance to threat actors using various security controls. If your role involves upholding the operational security of your organization's most coveted assets, you must be familiar with the many types of controls available. Use this course to become familiar with security control categories and the controls that fall within them. Among others, explore administrative controls, like security policies and procedures; technical controls, like device hardening and application firewalls; and physical controls, like surveillance equipment and security personnel. When you're done, you'll be able to decide the security controls you should implement in your organization. This course covers topics from Domain 1: Security Operations and Administration of the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 CBK.

10 videos | 21m Assessment Badge

SSCP 2021: Asset & Change Management Lifecycles

As a security practitioner, assessing risk and applying controls is a fundamental part of the job description. However, doing so becomes pretty challenging if you don't know the value and priority of all physical and logical assets. Solid comprehension of the well-established lifecycles and architectures involved in both asset and change management will help you implement all your security initiatives smartly. In this course, examine the processes and best practices involved in each of the asset and change management lifecycle phases. When you've finished, you'll know the best way to implement each of these phases within the context of your own business. This course explores topics from Domain 1: Security Operations and Administration of the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 CBK.

10 videos | 42m Assessment Badge

SSCP 2021: Physical Security Operations

Although on the surface, choosing physical controls may seem common sense and subjective, there are likely options and considerations you're unaware of. Furthermore, SSCP exam candidates must have a broad knowledge of these controls to pass the exam. Use this course to explore, in detail, the many categories and types of physical security controls, including barriers, such as gate types; surveillance, such as camera types; types of locks and sensors; secure areas, such as Faraday cages; and environmental controls, such as air gaps. Upon course completion, you'll be able to customize your physical security methods to suit your organization. This course covers subtopic 1.8 from Domain 1: Security Operations and Administration of the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 CBK.

10 videos | 30m Assessment Badge

SSCP 2021: Risk Management

If a threat agent exploits an IT asset's vulnerability, then the consequences for a business could be detrimental. In IT security terms, the likelihood of this happening and the potential impact if it did constitutes the concept of risk. Those responsible for the operational security of assets need to know how to reduce risk sufficiently. Use this course to learn the many ways to identify, assess, and manage risk related to IT infrastructure. Explore, in detail, various risk management techniques, such as risk visibility and reporting, threat modeling, and risk treatment. Examine legal and regulatory concerns when managing risk. And see how to implement organizational security awareness and training. Upon completion, you'll know how to bring risk magnitude down to a pre-defined acceptable level. You'll also be further prepared to sit the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 exam.

9 videos | 46m Assessment Badge

SSCP 2021: Network Attacks & Countermeasures

A critical aspect of risk and security management is having a clear picture of the present threatscape. This involves knowledge of threats actors, exploits, vulnerabilities, and malware along with countermeasures that include various technical, physical, and managerial controls. Take this course to learn to recognize several types of network attacks. Examine various methods for managing network security, from network device placement to configuring access control lists and using firewalls and proxies. Furthermore, learn how to secure network-based security devices as well as routers and switches. Then, delve into content delivery networking, cloud-based load balancers, and intrusion detection and prevention. Upon course completion, you'll know what's involved in both network attacks and countermeasures. You'll also be further prepared for the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 exam.

10 videos | 1h 5m Assessment Badge

SSCP 2021: Secure Wireless Communication

Network and communications security is part of the SSCP Domain 6 objectives and includes the important topic of securing wireless communication. Use this course to learn about the key features of wireless networking technologies and the security vulnerabilities you need to consider. Examine key aspects about the operation of wireless technologies on the network including common wireless 802.11 standards and their distinguishing characteristics, and explore cellular, Wi-Fi, Bluetooth, and Near-Field Communication (NFC). Learn about the role of authentication and encryption protocols like WPA, WPA2, WPA3, and Extensible Authentication Protocol (EAP) as used on the network. Finally, learn how to secure various Internet of Things (IoT) devices including embedded devices and software-on-a-chip technology. Upon course completion, you'll know what's involved in securing wireless communication and devices. You'll also be further prepared for the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 exam.

7 videos | 35m Assessment Badge

FREE ACCESS

SSCP 2021: Basic Security Concepts

Most candidates for the (ISC)² Systems Security Certified Practitioner (SSCP) exam will have the required one year of paid job experience. So the basic security concepts are most likely a review for most learners. However, simply defining the technology is not enough. Candidates must be able to grasp how the following principles are implemented: (ISC)² Code of Ethics, confidentiality, integrity, availability, accountability, privacy, non-repudiation, least privilege, and segregation of duties (SoD). Take this course to explore how you would apply these principles to your own daily security operations. Upon completion, you'll have a solid knowledge of the topics covered in Domain 1: Security Operations and Administration of the (ISC)² SSCP 2021 CBK, preparing you to take the exam.

11 videos | 28m Assessment Badge

SSCP 2021: Security Controls

When an organization decides to mitigate risk as part of a handling strategy, they will, in essence, raise the difficulty or resistance to threat actors using various security controls. If your role involves upholding the operational security of your organization's most coveted assets, you must be familiar with the many types of controls available. Use this course to become familiar with security control categories and the controls that fall within them. Among others, explore administrative controls, like security policies and procedures; technical controls, like device hardening and application firewalls; and physical controls, like surveillance equipment and security personnel. When you're done, you'll be able to decide the security controls you should implement in your organization. This course covers topics from Domain 1: Security Operations and Administration of the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 CBK.

10 videos | 21m Assessment Badge

SSCP 2021: Asset & Change Management Lifecycles

As a security practitioner, assessing risk and applying controls is a fundamental part of the job description. However, doing so becomes pretty challenging if you don't know the value and priority of all physical and logical assets. Solid comprehension of the well-established lifecycles and architectures involved in both asset and change management will help you implement all your security initiatives smartly. In this course, examine the processes and best practices involved in each of the asset and change management lifecycle phases. When you've finished, you'll know the best way to implement each of these phases within the context of your own business. This course explores topics from Domain 1: Security Operations and Administration of the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 CBK.

10 videos | 42m Assessment Badge

SSCP 2021: Physical Security Operations

Although on the surface, choosing physical controls may seem common sense and subjective, there are likely options and considerations you're unaware of. Furthermore, SSCP exam candidates must have a broad knowledge of these controls to pass the exam. Use this course to explore, in detail, the many categories and types of physical security controls, including barriers, such as gate types; surveillance, such as camera types; types of locks and sensors; secure areas, such as Faraday cages; and environmental controls, such as air gaps. Upon course completion, you'll be able to customize your physical security methods to suit your organization. This course covers subtopic 1.8 from Domain 1: Security Operations and Administration of the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 CBK.

10 videos | 30m Assessment Badge

SSCP 2021: Understanding & Applying Cryptography

Although cryptography isn't covered until domain 5 of the SSCP CBK, potential exam candidates and security professionals will benefit from foundational knowledge of cryptosystems early in their training. Use this course to grasp the reasons and requirements for cryptography in safe-guarding information, including regulations and governance. Investigate cryptographic techniques, such as hashing and salting, symmetric and asymmetric encryption, and elliptic curve cryptography. Discover what's involves in digital signatures and certificates. Explore cryptographic attacks, cryptanalysis, and countermeasures. And delve into advanced cryptosystems, such as quantum computing and blockchain. Upon course completion, you'll be aware of the various traditional and modern cryptology techniques used to protect data and communications. This course will help you in the lead-up to taking the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 exam.

10 videos | 41m Assessment Badge

SSCP 2021: Secure Protocols & Public Key Infrastructure (PKI)

Early on in the development of TCP/IP and the application layer protocols and services, it was decided not no build native security but rather to add new secure mechanisms and protocols. The aim was to maintain internetworking and interoperability without adding too much overhead. Knowing how these protocols work and how you can implement them will change how you protect your organization's information. Use this course to get abreast of some of the most vital secure protocols and their implementation along with other core services, such as key management, web of trust (WOT), and Public Key Infrastructure (PKI). Upon course completion, you'll be able to detail how and why these protocols and services are used. This course will help you in the lead-up to taking the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 exam.

8 videos | 38m Assessment Badge

SSCP 2021: Authentication & Trust Architectures

As a security professional, you'll likely have been exposed to the concept of origin authentication. However, in today's modern environment of mobile devices, the Internet of Things, and embedded systems, more robust authentication, authorization, and identity management methods are imperative. Use this course to comprehend how single and multi-factor authentication, single sign-on (SSO), device authentication, and federated access work. Examine the use of trust relationships between domains and what's meant by Zero Trust. And distinguish between various internetwork connections such as the Internet, intranets, and extranets. Upon course completion, you'll be able to detail how and why these authentication mechanisms and trust architectures are used. You'll also be one step closer to being prepared to take the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 exam.

7 videos | 33m Assessment Badge

SSCP 2021: Identity Management & Access Control Models

Whether you manage one or thousands of digital identities, the expectation for regulatory compliance, top-level security, and speedy access control will be the same. The importance of access control is reinforced by Domain 2 of the SSCP exam, representing 15% of the overall subject matter. Among other topics, this domain covers the identity management lifecycle and access control models. Use this course to gain a clear comprehension of the various aspects of identity management, namely authorization, proofing, provisioning, de-provisioning, maintenance, and entitlement. Furthermore, explore several types of access control models, including role-based and rule-based, and investigate the Bell-LaPadula and Biba mandatory access confidentiality and integrity models. Upon course completion, you'll recognize the identity management and access control techniques needed in your organization. You'll also be further prepared to sit the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 exam.

10 videos | 40m Assessment Badge

SSCP 2021: Risk Management

If a threat agent exploits an IT asset's vulnerability, then the consequences for a business could be detrimental. In IT security terms, the likelihood of this happening and the potential impact if it did constitutes the concept of risk. Those responsible for the operational security of assets need to know how to reduce risk sufficiently. Use this course to learn the many ways to identify, assess, and manage risk related to IT infrastructure. Explore, in detail, various risk management techniques, such as risk visibility and reporting, threat modeling, and risk treatment. Examine legal and regulatory concerns when managing risk. And see how to implement organizational security awareness and training. Upon completion, you'll know how to bring risk magnitude down to a pre-defined acceptable level. You'll also be further prepared to sit the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 exam.

9 videos | 46m Assessment Badge

SSCP 2021: Security & Vulnerability Assessment

Once you've assessed an organization's risks, you need to implement continuous visibility and reporting to understand risk evolution. Furthermore, once you've established security policies and controls, you need to test and evaluate them to confirm their efficacy. To meet these goals, security practitioners need to know how to uncover vulnerabilities, identify events of interest, monitor logs, and analyze metrics. Use this course to learn security and vulnerability assessment techniques and methodologies. Explore security testing, risk review, and vulnerability management. Examine data logging and event aggregation. Learn how to implement monitoring and event data analysis. And see how to document and communicate findings. Upon completion, you'll be able to identify, monitor, and analyze security risks. You'll also be further prepared to sit the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 exam.

8 videos | 30m Assessment Badge

SSCP 2021: Incident Response & Forensics

Unprecedented events such as the Y2K bug and terrorist attacks, along with increasing cybercrime pervasiveness and sophistication, have meant that since the early 2000s, a security team's ability to recover from a disaster has moved from a bonus to non-negotiable. There are several phases to incident response, from preparation to forensic investigations and beyond. A competent security professional needs to know all of them. Use this course to learn what's involved in the incident response lifecycle phases of preparation, detection, analysis, escalation, containment, eradication, recovery, and lessons learned. As you advance, explore essential aspects of cyber forensic investigations, such as handling evidence and reporting. Upon completion, you'll know the multiple facets of incident response and cyber forensics. You'll also be further prepared to sit the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 exam.

9 videos | 36m Assessment Badge

SSCP 2021: Business Continuity Planning

When dealing with security, preparation is key. A variety of disasters could happen to most organizations at any moment, and the impact that could have on data and systems could be detrimental. There are many measures and processes to help recover from a disaster. Use this course to learn a handful of them. Explore the main elements of business continuity planning (BCP), also called continuity of operations (COOP). See what's involved in business impact analysis and disaster recovery planning. And examine various backup and restore methods. Upon course completion, you'll know several strategies to ensure a business continues to function after a disaster. This course's objectives line up with those in Domain 4: Incident Response and Recovery of the SSCP CBK and will help you prepare for the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 exam.

7 videos | 36m Assessment Badge

SSCP 2021: Fundamental Networking Concepts

Historically speaking, the vast majority of security practitioners, technicians, engineers, and architects come from the field of local and wide area networking. This factor, as well as the importance of protecting data-in-transit, makes networking a critical knowledge area. Use this course to get to grips with several networking concepts and methodologies. Learn to distinguish between the OSI and TCP/IP reference models. Explore network topologies, relationships, and media types. See what's meant by software-defined networking (SDN), Remote Authentication Dial-In User Service (RADIUS), and terminal access controller access-control system plus (TACACS+), among other terms. Examine commonly used ports and protocols. And look into remote access connectivity and virtual private networks (VPNs). Upon course completion, you'll be familiar with several fundamental networking concepts and network access control methodologies. You'll also be further prepared for the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 exam.

9 videos | 50m Assessment Badge

SSCP 2021: Network Attacks & Countermeasures

A critical aspect of risk and security management is having a clear picture of the present threatscape. This involves knowledge of threats actors, exploits, vulnerabilities, and malware along with countermeasures that include various technical, physical, and managerial controls. Take this course to learn to recognize several types of network attacks. Examine various methods for managing network security, from network device placement to configuring access control lists and using firewalls and proxies. Furthermore, learn how to secure network-based security devices as well as routers and switches. Then, delve into content delivery networking, cloud-based load balancers, and intrusion detection and prevention. Upon course completion, you'll know what's involved in both network attacks and countermeasures. You'll also be further prepared for the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 exam.

10 videos | 1h 5m Assessment Badge

SSCP 2021: Secure Wireless Communication

Network and communications security is part of the SSCP Domain 6 objectives and includes the important topic of securing wireless communication. Use this course to learn about the key features of wireless networking technologies and the security vulnerabilities you need to consider. Examine key aspects about the operation of wireless technologies on the network including common wireless 802.11 standards and their distinguishing characteristics, and explore cellular, Wi-Fi, Bluetooth, and Near-Field Communication (NFC). Learn about the role of authentication and encryption protocols like WPA, WPA2, WPA3, and Extensible Authentication Protocol (EAP) as used on the network. Finally, learn how to secure various Internet of Things (IoT) devices including embedded devices and software-on-a-chip technology. Upon course completion, you'll know what's involved in securing wireless communication and devices. You'll also be further prepared for the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 exam.

7 videos | 35m Assessment Badge

SSCP 2021: Malware & Countermeasures

To secure systems and applications appropriately, security practitioners must first recognize the various types of malicious code and activity. After this, they need to execute the best measures to counter these exploits. Use this theory-based course to recognize multiple types of exploits and malware and their most common countermeasures. Explore malware variants, such as rootkits, spyware, scareware, and ransomware. Examine countermeasures involving scanners, antimalware, and code signing. Then, study malicious activities, such as insider threats, data theft, zero-day exploits, and advanced persistent threats (APTs). And discover their various countermeasures, such as system hardening, patching, and data loss prevention (DLP). Lastly, investigate advanced mitigation techniques that involve behavioral and data analytics, machine learning, and artificial intelligence. Upon completion, you'll be able to identify and analyze malicious code and activity. You'll also be further prepared for the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 exam.

7 videos | 36m Assessment Badge

SSCP 2021: Endpoint Protection & Mobile Device Management

The first decade of the 21st century saw an explosion in the use of various mobile devices and cloud service providers in the enterprise. With this came a new challenge for security professionals from which several techniques and tools were developed. Get to grips with the many terms and activities related to endpoint protection and mobile device management in this vocational course. Explore what's involved in host-based intrusion prevention systems (HIPS) and host-based intrusion detection systems (HIDS). Examine endpoint encryption, protection, detection, and response. And study mobile provisioning and mobile device and application management. Upon course completion, you'll be familiar with the best techniques for protecting various devices and systems. You'll also be further prepared for the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 exam.

8 videos | 33m Assessment Badge

SSCP 2021: Secure Virtual & Cloud Environments

The security landscape changes in tandem with the evolution of technology. As virtualization and cloud computing have emerged, so have associated security tools, techniques, and regulations. Ensure your security knowledge is up-to-date with this advanced exam preparatory course. Learn about hypervisors, virtual appliances, and containers. Examine continuity and resilience, attacks and countermeasures, and legal and regulatory concerns. Explore what's involved in shared and data storage, deployment and service models, processing, and transmission. Delve into third-party/outsourcing requirements, data portability, data destruction, and auditing. And finally, investigate the cloud computing shared responsibility model. When you're done, you'll know how to secure technologies related to virtualization and cloud computing. You'll also be further prepared for the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 exam.

8 videos | 41m Assessment Badge

FREE ACCESS

CISSP 2021: Risk Management

A security professional must be familiar with risk management concepts to be able to apply them effectively. Use this course to explore the management of risks to tangible and intangible assets. Get familiar with the details of vulnerability and risk assessment, countermeasure selection and implementation, and risk frameworks. This course will also help you examine the monitoring, measuring, and reporting of risk and delve further into threat modeling and supply chain risk management (SCRM). You'll have an understanding of risk management fundamentals and how to apply them after completing this course. Moreover, you can also use this course to prepare for the CISSP exam.

12 videos | 1h 3m Assessment Badge

Governance, Risk Management, and Compliance

In this course, you'll explore governance, risk management, and compliance - commonly known as GRC. You'll examine why it matters, what it is, and its increasing importance. You'll learn about who needs it and the role it plays for various parties. Next, you'll examine industry compliance, external authorities, non-compliance consequences, and reporting. You'll also learn about industry standards like PCI, laws and regulations, and compliance and company policy. Finally, you'll complete this course by learning about privacy compliance, including private data, how data architectures address privacy information, the Health Insurance Portability and Accountability Act, the Health Information Technology for Economic and Clinical Health act, the Gramm-Leach-Bliley Act, the General Data Protection Regulation, and privacy best practices.

13 videos | 1h 16m Assessment Badge

Risk Assessment and Management

Risk assessment allows you to identify and prioritize risk, while risk management allows you to analyze, mitigate, or accept risk. In this course, you'll explore risk assessment and management. You'll begin by examining the role Business Impact Analysis plays in risk management and what it accomplishes, before moving on to learn about various risk assessment and analysis approaches. Next, you'll explore the importance of risk mitigation and having a strategy for it, as well as how risk mitigation strategies fit into the risk management effort. You'll learn about the NIST SP 800-37 risk management framework and the steps involved, as well as the Risk Maturity Model and the associated five levels of risk management competency. Finally, you'll explore ongoing risk management, including what causes risk responses and acceptance to change, and the importance of patch management.

8 videos | 43m Assessment Badge

Risk Analysis: Security Risk Management

In this 14-video course, learners can explore security risk management concepts and discover how to assess, categorize, monitor, and respond to organizational risks. Examine key terms such as threats, vulnerabilities, impacts, and risks, and the steps involved in the National Institute of Standard and Technology (NIST), risk management framework (RMF). Begin by learning how risk relates to information systems, and look at the concepts of managing risks, differentiating between threats, vulnerabilities, impacts, and risks. Examine the first step of the NIST RMF, categorizing risk, and then the second RMF step, selecting security controls. Next, observe the third step, implementing security controls; the fourth step, assessing security control effectiveness; the fifth step, examining risk, and output of security controls assessment to determine whether or not the risk is acceptable; and the last step, monitoring controls. Recognize benefits of a control-focused risk management approach; the benefits of an event-focused risk management approach; and risk communication. Finally, explore risk response and remediation, and differentiating between different risk responses such as accepting, avoiding, mitigating, sharing, or transferring risk.

14 videos | 38m Assessment Badge

Session & Risk Management

A structured approach to security allows for the efficient management of security controls. In this 13-video course, you will explore assets, threats, vulnerabilities, risk management, user security and session management, data confidentiality, and encryption. Key concepts covered in this course include how to identify, assess, and prioritize risks; how to implement security controls to mitigate risk; and learning about account management actions that secure the environment. Next, learn how to use Group Policy to implement user account hardening and configure the appropriate password security settings for those accounts in accordance with organizational security policies; learn how HTTP session management can affect security; and observe how to harden web browsers and servers to use TLS (transport layer security). Then learn how centralized mobile device control can secure the environment; learn encryption techniques used to protect data; and observe how to configure a virtual private network (VPN) to protect data in motion. Finally, learn how to configure and implement file encryption to protect data at rest; and how to configure encryption and session management settings.

13 videos | 1h 8m Assessment Badge

FREE ACCESS

CISSP 2021: Risk Management

A security professional must be familiar with risk management concepts to be able to apply them effectively. Use this course to explore the management of risks to tangible and intangible assets. Get familiar with the details of vulnerability and risk assessment, countermeasure selection and implementation, and risk frameworks. This course will also help you examine the monitoring, measuring, and reporting of risk and delve further into threat modeling and supply chain risk management (SCRM). You'll have an understanding of risk management fundamentals and how to apply them after completing this course. Moreover, you can also use this course to prepare for the CISSP exam.

12 videos | 1h 3m Assessment Badge

Governance, Risk Management, and Compliance

In this course, you'll explore governance, risk management, and compliance - commonly known as GRC. You'll examine why it matters, what it is, and its increasing importance. You'll learn about who needs it and the role it plays for various parties. Next, you'll examine industry compliance, external authorities, non-compliance consequences, and reporting. You'll also learn about industry standards like PCI, laws and regulations, and compliance and company policy. Finally, you'll complete this course by learning about privacy compliance, including private data, how data architectures address privacy information, the Health Insurance Portability and Accountability Act, the Health Information Technology for Economic and Clinical Health act, the Gramm-Leach-Bliley Act, the General Data Protection Regulation, and privacy best practices.

13 videos | 1h 16m Assessment Badge

Risk Assessment and Management

Risk assessment allows you to identify and prioritize risk, while risk management allows you to analyze, mitigate, or accept risk. In this course, you'll explore risk assessment and management. You'll begin by examining the role Business Impact Analysis plays in risk management and what it accomplishes, before moving on to learn about various risk assessment and analysis approaches. Next, you'll explore the importance of risk mitigation and having a strategy for it, as well as how risk mitigation strategies fit into the risk management effort. You'll learn about the NIST SP 800-37 risk management framework and the steps involved, as well as the Risk Maturity Model and the associated five levels of risk management competency. Finally, you'll explore ongoing risk management, including what causes risk responses and acceptance to change, and the importance of patch management.

8 videos | 43m Assessment Badge

Risk Analysis: Security Risk Management

In this 14-video course, learners can explore security risk management concepts and discover how to assess, categorize, monitor, and respond to organizational risks. Examine key terms such as threats, vulnerabilities, impacts, and risks, and the steps involved in the National Institute of Standard and Technology (NIST), risk management framework (RMF). Begin by learning how risk relates to information systems, and look at the concepts of managing risks, differentiating between threats, vulnerabilities, impacts, and risks. Examine the first step of the NIST RMF, categorizing risk, and then the second RMF step, selecting security controls. Next, observe the third step, implementing security controls; the fourth step, assessing security control effectiveness; the fifth step, examining risk, and output of security controls assessment to determine whether or not the risk is acceptable; and the last step, monitoring controls. Recognize benefits of a control-focused risk management approach; the benefits of an event-focused risk management approach; and risk communication. Finally, explore risk response and remediation, and differentiating between different risk responses such as accepting, avoiding, mitigating, sharing, or transferring risk.

14 videos | 38m Assessment Badge

Session & Risk Management

A structured approach to security allows for the efficient management of security controls. In this 13-video course, you will explore assets, threats, vulnerabilities, risk management, user security and session management, data confidentiality, and encryption. Key concepts covered in this course include how to identify, assess, and prioritize risks; how to implement security controls to mitigate risk; and learning about account management actions that secure the environment. Next, learn how to use Group Policy to implement user account hardening and configure the appropriate password security settings for those accounts in accordance with organizational security policies; learn how HTTP session management can affect security; and observe how to harden web browsers and servers to use TLS (transport layer security). Then learn how centralized mobile device control can secure the environment; learn encryption techniques used to protect data; and observe how to configure a virtual private network (VPN) to protect data in motion. Finally, learn how to configure and implement file encryption to protect data at rest; and how to configure encryption and session management settings.

13 videos | 1h 8m Assessment Badge

Security Risks: Key Risk Terms & Concepts

Familiarity with key terms and concepts associated with security risk enables security leaders to identify, evaluate, and prioritize security risks. In this course, you'll get familiar with the terminologies, activities, and concepts associated with a security risk management process. You'll start by discovering the interdependence between assets, vulnerabilities, threats, and risks. You'll then investigate how to assess risk probability, measure the impact created by it, and the difference between risk appetite and risk tolerance. Next, you'll examine the components, benefits, and stages of a risk management process. You'll also identify different methods of treating risk and the importance of implementing controls as a part of a risk-based approach. Lastly, you'll recognize the standards for risk management and the advantages of managing and assessing security risk.

16 videos | 1h 52m Assessment Badge

Security Risks: Performing Security Risk Identification

Effective security risk management often begins with proper security risk identification. In this course, you'll examine various components of the risk identification process and different techniques used to identify risk. You'll begin by distinguishing between threat and risk. You'll then get familiar with other terminologies and concepts associated with risk identification. Moving on, you'll recognize the significance of risk identification in recognizing assets and services that are risk-prone. You'll also investigate different methods used to identify risk and best practices for the risk identification process. Later in the course, you'll outline common security-related risks and their impact on different components of an organization. Finally, you'll examine the features of a security risk register, its role in risk management, and how to create one in Microsoft Excel.

9 videos | 57m Assessment Badge

Security Risks: Performing Security Risk Assessments

The categorization of security risks is essential for effectively assessing and managing risk. In this course, you'll explore the assessment, classification, and prioritization of security risks. You'll begin by outlining the concept of risk assessment and the advantages of different risk assessment techniques. You'll also investigate the features of security assessment methods, such as vulnerability assessment and penetration testing, and discover how to assess security vulnerability. Moving on, you'll recognize the significance of risk categorization and how to update a risk register in Microsoft Excel using a four-quadrant risk classification matrix. Finally, you'll identify the purpose and process of risk prioritization, and the role of a probability-impact matrix in determining risk levels. You'll then investigate how to use the matrix to prioritize risks on a security risk register.

13 videos | 1h 35m Assessment Badge

Security Risks: Planning for Security Risk Management

Highly effective security leaders recognize that they must prioritize and focus their efforts on managing critical security risks. Therefore, once a security risk is identified, it must be carefully evaluated. In this course, you'll identify the activities involved in a risk management process, the importance of risk strategies in the context of work environments, and essential decisions required for managing security risks effectively. Moving on, you'll investigate the components of a risk management plan and how to improve a risk management strategy by increasing risk tolerance and risk appetite. You'll also outline the importance of mitigation plans and discover how to create one in Microsoft Word. Lastly, you'll recognize the role of risk monitoring and control measures in risk management planning and the factors that shape an organization's approach to making decisions in handling risks.

12 videos | 1h 26m Assessment Badge

FREE ACCESS

CRISC 2023: Risk Management

Proper IT governance consists of proper risk management. Risk management specialists can apply a variety of techniques to manage risk to an acceptable level. In this course, you will begin by exploring how risk management can minimize the impact of IT security events and discussing the relevance of recurring risk assessments and the use of a risk register. You will then consider risk treatments such as risk avoidance and risk transfer. Next, you will learn how to calculate the annual loss expectancy (ALE) and how this compares to the cost of security controls. You will explore security control types such as preventative and compensating controls. Finally, you will look at how configuration management relates to IT security, how to establish security baselines and replicate cloud storage, and how to back up data to the cloud. This course can be used to prepare for the ISACA(r) Certified in Risk and Information Systems Control (CRISC) certification.

13 videos | 1h 17m Assessment Badge

CRISC 2023: IT Governance

Managing risk properly can result in reducing risk to acceptable levels for business objectives. IT governance principles guide activities related to reducing risk. In this course, explore IT security governance, its relationship to organizational security programs and project management, and how the COBIT framework applies to IT governance. Next, learn about organizational security policies, organizational culture and its relationship to security, and the importance of performing a gap analysis. Finally, examine supply chain security, personnel management, configuration and change management, IT audits, SLOs and SLAs, and chain of custody. This course can be used to prepare for the ISACA(r) Certified in Risk and Information Systems Control (CRISC(r)) certification.

14 videos | 1h 22m Assessment Badge

CRISC 2023: Data Privacy

Data privacy is a foremost concern for most organizations. Compliance with laws and regulations feeds into risk management. In this course, you will discover the characteristics of Personally Identifiable Information (PII) and techniques to prevent sensitive data leakage. Then you will explore data loss prevention (DLP) and learn how to implement DLP using Microsoft Purview. Next, you will examine various data privacy and security standards including International Organization for Standardization (ISO)/International Electrotechnical Commission (IEC) standards, General Data Protection Regulation (GDPR), the Federal Risk and Authorization Management Program (FedRAMP) and the Health Insurance Portability and Accountability Act (HIPAA). Finally, you will focus on the Payment Card Industry Data Security Standard (PCI DSS), Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and China's Personal Information Protection Law (PIPL). This course can be used to prepare for the ISACA(r) Certified in Risk and Information Systems Control (CRISC(r)) certification.

12 videos | 1h 7m Assessment Badge

CRISC 2023: Network Security

Organizations should secure resource access while remaining compliant with relevant laws and regulations. One way to do this is to ensure proper network security controls are in place and reviewed regularly. In this course, learn about the OSI model layers, their relevance to network security controls, and the security aspects of network switching and network access control. Next, explore DHCP and DNS security issues, Wi-Fi authentication methods, and how to harden a DHCP and DNS deployment on Windows Server. Finally, discover the importance of honeypots and honeynets, how to implement a honeypot, how to analyze captured network traffic, and the purpose of an interconnection security agreement. This course can be used to prepare for the ISACA(r) Certified in Risk and Information Systems Control (CRISC(r)) certification.

15 videos | 1h 29m Assessment Badge

CRISC 2023: Business Continuity

Organizations must prepare in advance for the inevitable disruption of business operations. This means proactive planning to not only prevent disruptions but also manage them to reduce their negative impact. In this course, you will explore common characteristics of a business continuity plan (BCP) and learn how to conduct a business impact analysis (BIA). Then you will investigate disaster recovery plans (DRPs), including components, key considerations, and governance. Next, you will configure high availability for cloud storage accounts, virtual machines, and databases through replication. Finally, you will configure the backup of on-premises data to the cloud. This course can be used to prepare for the ISACA(r) Certified in Risk and Information Systems Control (CRISC(r)) certification.

8 videos | 44m Assessment Badge

FREE ACCESS

CRISC 2023: Risk Management

Proper IT governance consists of proper risk management. Risk management specialists can apply a variety of techniques to manage risk to an acceptable level. In this course, you will begin by exploring how risk management can minimize the impact of IT security events and discussing the relevance of recurring risk assessments and the use of a risk register. You will then consider risk treatments such as risk avoidance and risk transfer. Next, you will learn how to calculate the annual loss expectancy (ALE) and how this compares to the cost of security controls. You will explore security control types such as preventative and compensating controls. Finally, you will look at how configuration management relates to IT security, how to establish security baselines and replicate cloud storage, and how to back up data to the cloud. This course can be used to prepare for the ISACA(r) Certified in Risk and Information Systems Control (CRISC) certification.

13 videos | 1h 17m Assessment Badge

CRISC 2023: IT Governance

Managing risk properly can result in reducing risk to acceptable levels for business objectives. IT governance principles guide activities related to reducing risk. In this course, explore IT security governance, its relationship to organizational security programs and project management, and how the COBIT framework applies to IT governance. Next, learn about organizational security policies, organizational culture and its relationship to security, and the importance of performing a gap analysis. Finally, examine supply chain security, personnel management, configuration and change management, IT audits, SLOs and SLAs, and chain of custody. This course can be used to prepare for the ISACA(r) Certified in Risk and Information Systems Control (CRISC(r)) certification.

14 videos | 1h 22m Assessment Badge

CRISC 2023: Data Privacy

Data privacy is a foremost concern for most organizations. Compliance with laws and regulations feeds into risk management. In this course, you will discover the characteristics of Personally Identifiable Information (PII) and techniques to prevent sensitive data leakage. Then you will explore data loss prevention (DLP) and learn how to implement DLP using Microsoft Purview. Next, you will examine various data privacy and security standards including International Organization for Standardization (ISO)/International Electrotechnical Commission (IEC) standards, General Data Protection Regulation (GDPR), the Federal Risk and Authorization Management Program (FedRAMP) and the Health Insurance Portability and Accountability Act (HIPAA). Finally, you will focus on the Payment Card Industry Data Security Standard (PCI DSS), Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and China's Personal Information Protection Law (PIPL). This course can be used to prepare for the ISACA(r) Certified in Risk and Information Systems Control (CRISC(r)) certification.

12 videos | 1h 7m Assessment Badge

CRISC 2023: IT Baselines

Organizations must consider compliance with applicable laws and regulations through the management of security controls. IT systems and on-premises and cloud data can be secured, and compliance achieved using a variety of methods. In this course, explore various cloud provider compliance program details and how to use AWS conformance packs to track configuration compliance in the AWS cloud. Next, discover how security baselines are created and establish a performance baseline on the Windows Server platform and Azure Cloud. Finally, learn how to configure Azure Blueprints for a repeatable and compliant cloud environment and use Azure Policy to check resource configuration compliance. This course can be used to prepare for the ISACA(r) Certified in Risk and Information Systems Control (CRISC(r)) certification.

9 videos | 49m Assessment Badge

CRISC 2023: Data Classification

The need to comply with data privacy regulations and reduce risk to sensitive data applies to most organizations. Organizations must know which sensitive data they possess in order to secure it properly. In this course, I will begin by using tags, or metadata, to organize Microsoft Azure cloud resources. Next, I will use Amazon Macie to discover and classify data stored in Simple Storage Service (S3) buckets. I will then use Microsoft Purview governance to discover and classify data stored in storage accounts. I will also discover and classify data on the Windows Server platform using File Server Resource Manager (FSRM). Lastly, I will configure automated life cycle management for blobs in Microsoft Azure storage accounts. This course can be used to prepare for the ISACA(r) Certified in Risk and Information Systems Control (CRISC(r)) certification.

8 videos | 42m Assessment Badge

CRISC 2023: Authentication

Hardening authentication processes makes it more difficult for attackers to compromise accounts. Managing users and groups allows for access to required resources. In this course, you will explore authentication methods, including passwordless login. Then, you will learn how to manage Linux users and groups using the command line and how to enable Secure Shell (SSH) public key authentication. Next, you will manage Windows and cloud users and groups and examine dynamic membership cloud-based groups. Finally, you will configure multi-factor authentication (MFA) for users and explore identity federation. This course can be used to prepare for the ISACA(r) Certified in Risk and Information Systems Control (CRISC(r)) certification.

11 videos | 59m Assessment Badge

CRISC 2023: Authorization

Strong authorization settings limit permissions to resources for authenticated entities. Cybersecurity analysts must be aware of how to not only configure resource permissions, but also how to evaluate existing permissions to ensure adherence to the principle of least privilege. In this course, you will discover how authorization is related to, but differs from, authentication. Then, you will explore access control models, such as role-based access control (RBAC) and attribute-based access control (ABAC). Next, you will find out how to manage Linux and Windows file system permissions using the command lines. Finally, you will learn how to configure Windows dynamic access control, work with privileged access management in Linux using sudo, and manage RBAC permissions in the Microsoft Azure cloud. This course can be used to prepare for the ISACA(r) Certified in Risk and Information Systems Control (CRISC(r)) certification.

10 videos | 53m Assessment Badge

CRISC 2023: Cryptography

Confidentiality, integrity, and availability are core pillars of IT security governance. Cybersecurity analysts can harden IT environments using various encryption and hashing techniques. In this course, examine how the CIA triad relates to IT security and how cryptography protects sensitive data. Next, discover how to configure Encrypting File System (EFS) file encryption and Microsoft BitLocker encryption, and use a customer-managed key to enable encryption for an Azure storage account. Then learn how to hash files in Linux and Windows. Finally, find out about hardware security modules (HSMs) and the Trusted Platform Module (TPM), how Transport Layer Security (TLS) supersedes the Secure Sockets Layer (SSL), and how to enable HTTPS. This course can be used to prepare for the ISACA(r) Certified in Risk and Information Systems Control (CRISC(r)) certification.

14 videos | 1h 18m Assessment Badge

CRISC 2023: Public Key Infrastructure

Public key infrastructure (PKI) certificates are used to secure IT environments in many different ways, such as through email encryption and web server HTTPS bindings. Technicians must have an understanding of how PKI certificates are requested, issued, and used. In this course, you will explore the PKI hierarchy from certification authorities (CAs) down to issued certificates, as well as the PKI certificate life cycle. Next, you will learn how to deploy a private CA on the Windows platform and how to manage PKI certificate templates. Then, you will acquire PKI certificates and configure a web server HTTPS binding. Finally, you will configure a website to allow access only from clients with trusted PKI certificates. This course can be used to prepare for the ISACA(r) Certified in Risk and Information Systems Control (CRISC(r)) certification.

9 videos | 51m Assessment Badge

CRISC 2023: Network Security

Organizations should secure resource access while remaining compliant with relevant laws and regulations. One way to do this is to ensure proper network security controls are in place and reviewed regularly. In this course, learn about the OSI model layers, their relevance to network security controls, and the security aspects of network switching and network access control. Next, explore DHCP and DNS security issues, Wi-Fi authentication methods, and how to harden a DHCP and DNS deployment on Windows Server. Finally, discover the importance of honeypots and honeynets, how to implement a honeypot, how to analyze captured network traffic, and the purpose of an interconnection security agreement. This course can be used to prepare for the ISACA(r) Certified in Risk and Information Systems Control (CRISC(r)) certification.

15 videos | 1h 29m Assessment Badge

CRISC 2023: Security Controls

To protect assets, organizations must apply a structured approach to software development, as well as implement, manage, and monitor security controls. Organizations must also determine the appropriate cost to protect assets. In this course, learn about security control types, how physical security and digital data security relate, and how critical infrastructure should be protected. Next, explore the Cloud Controls Matrix (CCM), how to use the annual loss expectancy (ALE) formula, and security within the software development life cycle (SDLC). Finally, examine continuous integration and continuous deployment (CI/CD), Git version control, how to use the git CLI, and the benefits of the OWASP Enterprise Security API (ESAPI). This course can be used to prepare for the ISACA(r) Certified in Risk and Information Systems Control (CRISC(r)) certification.

12 videos | 1h 3m Assessment Badge

CRISC 2023: Virtualization & the Cloud

Virtualization has become a standard for on-premises and cloud-based IT deployments. Application container use is increasing, and both virtualization and application containers are used in cloud computing. In this course, learn about the different types of virtualization, virtualization security, and how to configure a VMware Workstation hypervisor. Next, explore application containers by learning how to install Docker on Linux, as well as how to manage and secure application containers and configure an isolated virtualization sandbox. Finally, examine cloud computing deployment and service models, as well as cloud-based security solutions. This course can be used to prepare for the ISACA(r) Certified in Risk and Information Systems Control (CRISC(r)) certification.

12 videos | 1h 7m Assessment Badge

CRISC 2023: Threat Intelligence

Risk analysts and security tools can reference a variety of threat intelligence sources to keep up to date with the latest threats and mitigations. These can be used to help keep organization security policies as effective as possible. In this course, you will examine different threat intelligence sources such as the common vulnerabilities and exposures (CVEs) website. Then you will explore how the Open Web Application Security Project (OWASP) Top 10 can help harden vulnerable web applications. You will discover how artificial intelligence (AI) and machine learning (ML) are used in threat hunting. Next, you will investigate threat positives and negatives, as well as how advanced persistent threats (APTs) are executed. Finally, you will focus on the Cyber Kill Chain and learn how to detect threats using Amazon GuardDuty. This course can be used to prepare for the ISACA(r) Certified in Risk and Information Systems Control (CRISC(r)) certification.

11 videos | 55m Assessment Badge

CRISC 2023: SIEM & SOAR

Security information and event management (SIEM) solutions serve as centralized data ingestion and analysis engines that seek out potential security issues. Security incident response can be partially or fully automated using security orchestration, automation, and response (SOAR) solutions. In this course, discover the benefits of SIEM and SOAR security incident monitoring and response solutions. Next, learn how to deploy the Splunk SIEM on Linux. Then, you will configure a Splunk universal forwarder. Finally, you will use various tools like Wireshark to capture and analyze industrial control system (ICS) network traffic. This course can be used to prepare for the ISACA(r) Certified in Risk and Information Systems Control (CRISC(r)) certification.

8 videos | 39m Assessment Badge

CRISC 2023: Firewalls

Security firewalls can determine what type of network traffic to allow or deny into and out of networks and hosts. Intrusion detection systems notify technicians of suspicious activity. Begin this course by discovering firewall types like next-generation firewall (NGFW) and web application firewall (WAF) and examining their use cases. Then you will configure Windows Defender Firewall and learn how to manage a Linux-based firewall solution. Next, you will manage a cloud-based firewall, explore proxy servers, and deploy the Squid proxy server on Linux. Finally, you will investigate intrusion detection and prevention and install Snort on Linux. This course can be used to prepare for the ISACA(r) Certified in Risk and Information Systems Control (CRISC(r)) certification.

10 videos | 51m Assessment Badge

CRISC 2023: Business Continuity

Organizations must prepare in advance for the inevitable disruption of business operations. This means proactive planning to not only prevent disruptions but also manage them to reduce their negative impact. In this course, you will explore common characteristics of a business continuity plan (BCP) and learn how to conduct a business impact analysis (BIA). Then you will investigate disaster recovery plans (DRPs), including components, key considerations, and governance. Next, you will configure high availability for cloud storage accounts, virtual machines, and databases through replication. Finally, you will configure the backup of on-premises data to the cloud. This course can be used to prepare for the ISACA(r) Certified in Risk and Information Systems Control (CRISC(r)) certification.

8 videos | 44m Assessment Badge

CRISC 2023: Malware

Threat actors use social engineering and exploit vulnerabilities to achieve their goals. Performance and security baselines can facilitate threat detection. In this course, I will begin by covering threat actor types. I will then explain the relationship between baselines and threat detection. Next, I will discuss indicators of malicious activity at the network, host and application levels. I will define how social engineering is a major threat and demonstrate how to execute a social engineering attack. Lastly, I will discuss common malware types, explore malware techniques, and analyze email messages. This course can be used to prepare for the ISACA(r) Certified in Risk and Information Systems Control (CRISC(r)) certification.

11 videos | 1h 5m Assessment Badge

CRISC 2023: Security Testing

Vulnerability scanning identifies host and network vulnerabilities and must be an ongoing task. Penetration testing is an active security method by which there is an attempt to exploit discovered vulnerabilities. In this course, you will begin by discovering how to plan for, schedule, and execute vulnerability assessments, identify common vulnerability scanning tools, and conduct an Nmap scan. Next, you will use Zenmap to execute a security scan and test web app security using the Open Worldwide Application Security Project (OWASP) Zed Attack Proxy (ZAP) tool. Then you will explore penetration testing and the Metasploit framework and use the Burp Suite tool as an HTTP intermediary proxy. Finally, you will view security alerts using Microsoft Defender for Cloud. This course can be used to prepare for the ISACA(r) Certified in Risk and Information Systems Control (CRISC(r)) certification.

12 videos | 1h 10m Assessment Badge

CRISC 2023: Hardening Techniques

Hardening refers to attack surface reduction in IT environments and can be applied to any type of device or software environment, including storage area networks (SANs). Firmware and software patches should be applied to ensure that potential security flaws in code have been addressed. In this course, you will begin by discovering hardening techniques for a variety of IT environments. Then you will find out how to use Microsoft Intune to centrally manage mobile devices. You will explore the importance of applying hardware and software patches and patch AWS virtual machines. Next, you will install and configure a Windows Server Update Services (WSUS) server and harden Windows computers using Group Policy. You will investigate SANs and related security considerations and you will manage virtual machines through Microsoft Azure Bastion. Finally, you will harden a Wi-Fi router and printer, enable Microsoft Azure VNet peering, and configure Azure private endpoints. This course can be used to prepare for the ISACA(r) Certified in Risk and Information Systems Control (CRISC(r)) certification.

13 videos | 1h 13m Assessment Badge

CRISC 2023: Attack Mitigations

Understanding the characteristics of various types of attacks goes a long way in helping cybersecurity analysts prevent and detect malicious activity. Knowledge of techniques and attacks, such as buffer overflows and distributed denial-of-service (DDoS) attacks, facilitates mitigation planning. In this course, you will begin by exploring SYN flood attacks and their relationship with the three-way Transmission Control Protocol (TCP) handshake. Next, you will spoof network traffic and discover different types of buffer overflow attacks. Then you will investigate DDoS attack mitigations and run a denial-of-service (DoS) attack against a website. Finally, you will compromise a client web browser, run a structured query language (SQL) injection and reverse shell attack, and crack Remote Desktop Protocol (RDP) passwords. This course can be used to prepare for the ISACA(r) Certified in Risk and Information Systems Control (CRISC(r)) certification.

11 videos | 55m Assessment Badge

CRISC 2023: IT Monitoring

Logging and monitoring are crucial aspects of IT security governance. The ability to configure and centrally monitor logs to detect anomalies can prevent security incidents or minimize their impact. In this course, I will cover how to view Linux log files, configure log rotation for log retention, and configure Linux log forwarding to a central logging host. Next, I will work with Windows Event Viewer logs. Lastly, I will configure Windows log forwarding. This course can be used to prepare for the ISACA(r) Certified in Risk and Information Systems Control (CRISC(r)) certification.

8 videos | 39m Assessment Badge

CRISC 2023: Incident Response

Organizations must prepare in advance for the inevitable disruption of business operations. This means proactive planning to not only prevent disruptions but also to manage them to reduce their negative impact. In this course, learn the importance of incident response plans (IRPs) and explore incident response activities such as escalation, eradication, and containment. Next, discover the value of lessons learned from past incidents and how to make future incident response more effective. Finally, examine how to apply incident response to a scenario. This course can be used to prepare for the ISACA(r) Certified in Risk and Information Systems Control (CRISC(r)) certification.

8 videos | 40m Assessment Badge

CRISC 2023: Risk Case Studies

The ability to effectively mitigate risk to levels acceptable to the organization is possible through risk management. Business leaders and technicians must apply risk management techniques to many levels of threats. In this course, I will begin with a risk management scenario related to a ransomware outbreak. I will then manage risk related customer data breaches, user account compromises, and Internet of Things (IoT) device usage. Lastly, I will apply risk management techniques to phishing scams. This course can be used to prepare for the ISACA(r) Certified in Risk and Information Systems Control (CRISC(r)) certification.

7 videos | 31m Assessment Badge

FREE ACCESS

IT Skills and Salary Report

ESG Impact Report

Cyber Specialist to CRISC

Cyber Architecture

Cyber Architecture On Demand

Cyber GRC

Cyber GRC On Demand

SSCP Certification

SSCP Certification On Demand

Risk Management

Risk Management On Demand

CRISC Certification

CRISC Certification On Demand

COURSES INCLUDED

COURSES INCLUDED

COURSES INCLUDED

COURSES INCLUDED

COURSES INCLUDED

COURSES INCLUDED

COURSES INCLUDED

COURSES INCLUDED

COURSES INCLUDED

COURSES INCLUDED

EARN A DIGITAL BADGE WHEN YOU COMPLETE THESE TRACKS

YOU MIGHT ALSO LIKE