Information Security Operations: SSCP 2021 intermediate
Tech:
Expertise:
- 9 Courses | 8h 38m 33s
- 5 Books | 36h 10m
- 15 Courses | 13h 59m 41s
- 7 Books | 65h 23m
- 18 Courses | 11h 28m 17s
- 8 Courses | 12h 4m 17s
- 23 Courses | 22h 29m 12s
- 1 Book | 5h 38m
- 13 Courses | 11h 27m 38s
- 8 Books | 72h 32m
- Includes Lab
- 18 Courses | 12h 20m 25s
- 1 Book | 5h 21m
- 25 Courses | 15h 18m 42s
Information security is of paramount importance to individuals and organizations. Explore the fascinating world of data and systems protection.
GETTING STARTED
System Security Certified Practitioner (SSCP 2018): Network Fundamentals
-
1m 29s
-
4m 2s
GETTING STARTED
Information Security for Leaders: An Introduction to InfoSec
-
1m 5s
-
6m 15s
GETTING STARTED
CISSP 2024: Professional Ethics & Security Concepts
-
36s
-
2m 19s
COURSES INCLUDED
Access Controls
Access controls determine the level of access that a security principal has to a network and its resources. Explore authentication mechanisms, trust architectures, the identity management life cycle, and specific access controls.
18 videos |
56m
Assessment
Badge
Security Operations
Enterprise computer systems require a solid understanding of security practices. Explore codes of ethics, confidentiality, integrity, and availability, privacy, accountability, and non-repudiation, and security best practices.
16 videos |
45m
Assessment
Badge
Security Administration
IT asset management is a critical element of IT security administration approach. Explore hardware, software, and data asset management best practices, compliance, change management, security awareness and training in the enterprise.
14 videos |
49m
Assessment
Badge
SSCP: Risk Management
Identifying, evaluating, and prioritizing threats are critical for proper IT systems security. Explore risk assessment, treatment, and assessment; best practices for monitoring systems; and security analytics, metrics, and trends.
15 videos |
48m
Assessment
Badge
Incident Response & Recovery
Despite your best efforts, security incidents will happen. Explore incident handling best practices, including discovery, escalation, reporting, and response; countermeasures and continuity practices; and forensic investigation.
15 videos |
52m
Assessment
Badge
SSCP: Cryptography
Enterprise assets, including data, must be protected at all times. Explore cryptography best practices, including hashing, salting, encryption, digital signatures, regulatory requirements, PKI, and Web of Trust.
16 videos |
55m
Assessment
Badge
Network & Communications Security
Enterprise networks and telecommunications come with unique security challenges. Explore network security best practices for OSI and TCP/IP models, common communication network attacks and countermeasures, and network access control.
20 videos |
1h 34m
Assessment
Badge
Systems & Application Security
Malicious attacks on systems and applications are an everyday problem. Discover how to identify and analyze malicious activity, including malicious code and countermeasures, and best practices for endpoint device security.
20 videos |
1h 30m
Assessment
Badge
Configuring Cloud Security
Systems and applications running in the cloud are subject to malicious attacks. Explore best practices for cloud security, including operation and service models, virtualization, legal and privacy concerns, data storage, and outsourcing.
6 videos |
26m
Assessment
Badge
SHOW MORE
FREE ACCESS
COURSES INCLUDED
System Security Certified Practitioner (SSCP 2018): Network Fundamentals
This 14-video course helps prepare for the Systems Security Certified Practitioner (SSCP) certification exam by exploring network concepts, including packet switching, the OSI (open systems interconnect) and TCP/IP (transmission control protocol/Internet protocol) models, network topologies, network infrastructure devices, and wireless router configuration. You will learn the differences between circuit switching and packet switching. You will examine the seven-layer OSI model that is used to describe communications hardware and software, including Layer 3 switch, and the Layer 7 firewall appliance. Continue by examining the TCP/IP model, a conceptual 4-layer model, and the TCP/IP protocol suite. This course then examines types of network interface cards, cable types, including coaxial and twisted pair copper, and connector types. Watch demonstrations of how to configure a wireless router, and how to configure NLB (network load balancing). You will learn to use a physical device or virtual appliance network load balancer, on-premises or in the cloud. Finally, this course shows learners how to configure a network load balancer by using AWS (Amazon Web Services).
14 videos |
57m
Assessment
Badge
System Security Certified Practitioner (SSCP 2018): Security Concepts
Learners can explore the ISC squared (International Information System Security Certification Consortium) and its Code of Ethics when performing security work in this course, which prepares for the Systems Security Certified Practitioner (SSCP) certification exam. In its 14 videos, you will examine the four canons of Ethics: 1) to protect society and infrastructure; 2) to act honorably, honestly, justly, responsibly, and legally; 3) to provide diligent and competent service to principals; and 4) to advance and protect the profession. Examine the CIA (confidentiality, integrity, and availability) triad for security controls; then examine restricting access or protecting data through encryption. You will learn how to provide data assurances, and how to use MS Windows Power Shell and Linux to generate file hashes, and digital signatures. Learners will explore availability, and the importance to assuring business processes can run uninterrupted. Next, explore how accountability and data access can be used to track users, devices, or software. Finally, you will learn how to enable file system auditing.
14 videos |
56m
Assessment
Badge
System Security Certified Practitioner (SSCP 2018): Risk Management
This 12-video course explores risk management when engaging in business activities supported by IT solutions. Prepare for the Systems Security Certified Practitioner (SSCP) certification exam as you examine risk classification, and learn how to identify digital assets and threats, including natural disasters such as floods, fires, or storms; manmade disasters, arson, terrorism; and identity theft. This course demonstrates threat modeling, and the process to use to identify and prioritize threats. You will examine how to optimize resources, and to focus on reducing risks, and explore counter measures in relation to prioritized threats. Next, explore BIA (business impact analysis), and its importance to business continuity. You will learn how a BIA can be incorporated into a DRP (disaster recovery plan) to facilitate recovery of a failed system. Learners will examine the use of a risk registry with the likelihood of the risk occurrence, the business impact should it occur, and a severity rating. You will learn about risk avoidance and mitigation. Finally, you will explore cost efficiencies for risk mitigation.
12 videos |
40m
Assessment
Badge
System Security Certified Practitioner (SSCP 2018): Cryptography Primer
Continue preparing for the Systems Security Certified Practitioner (SSCP) certification exam with this 14-video course, which explores how cryptography can be used to provide confidentiality and integrity for data at rest, and data in transit. You will learn how to acquire a PKI (public key infrastructure), and how to generate a random key to feed into an encryption algorithm. Next, you will examine data hashing and salting. Examine how symmetric and asymmetric encryption provides data confidentiality, and about ECC (elliptic curve cryptography), an asymmetric, cryptographic algorithm. Learners will then explore secure network protocols, including SSL (secure sockets layer), to provide cryptographic functions such as encryption, message authentication, and integrity. This course demonstrates the use of cryptanalysis to identify security flaws, and how to enable IPsec (Internet security protocol) to secure network traffic, and have it applied to all TCP/IP (transmission control protocol/Internet protocol) network traffic. Finally, you will explore how the Telnet and SSH (secure shell) protocols are used for remote administration of things like Linux, Unix, Windows computers.
14 videos |
44m
Assessment
Badge
System Security Certified Practitioner (SSCP 2018): Public Key Infrastructure
This 13-video course explores the PKI (public key infrastructure) certificate, its lifecycle, and how to use it to secure IT solutions, while preparing learners for the Systems Security Certified Practitioner (SSCP) certification exam. You will learn about the numerous CAs (certificate authorities), a hierarchy of digital security certificates, where unique public and private key pairs are issued for each certificate. Learners will explore public and private CAs, including the Microsoft Active Directory Certificate Services, then examine the PKI hierarchy, where certificates are issued and managed by a certificate authority. This course demonstrates how to set up a private certificate authority within your own organization. You will learn to use Linux to create a PKI Certificate Authority, and about the tools available in Linux. This course examines how the CAs digitally sign issued certificates using its private key, and how the signature is used to establish trust. Finally, you will learn several ways to store a PKI certificate, for example, on a smart card, or in a file.
13 videos |
56m
Assessment
Badge
System Security Certified Practitioner (SSCP 2018): Identity Management
Learners can explore identity management, also known as IAM (identity and access management), in this 14-video course helping prepare for the Systems Security Certified Practitioner (SSCP) certification exam. You will learn how to configure identities to have strong authentication for users and devices, such as smart phones. Next, examine single-factor authentication, in which one category is used to authenticate, such as a username and a password. You will examine multifactor authentication where there is a username and a password, and having an additional private key. Learners continue by examining how to use an identity federation, and SSO (single sign-on) a centralized trusted set of logon credentials. This course demonstrates the multiple phases of the IAM lifecycle, including account request, how accounts are provisioned, how the user access is enforced and reported, and how it is de-provisioned. You will learn the concepts and terminology, including IDP (identity provider) and RP (resource provider), and how to use MS Active Directory for authentication. Finally, learners will examine Amazon Web Services CLI (command-line interface) authentication.
14 videos |
55m
Assessment
Badge
System Security Certified Practitioner (SSCP 2018): Controlling Resource Access
This 14-video course explores common methods and uses real-world examples for providing resource access after authentication. Prepare for the Systems Security Certified Practitioner (SSCP) certification exam by examining defense in depth, a security term for multiple layers of security. You will learn about Discretionary Access Control, where the resource owner sets the permissions. You will learn how to use the Windows command line to manage a Windows file system access control list, and you will examine MAC (mandatory access control). You will learn to modify the default file system access control permissions on a Linux host using umask. You will examine RBAC (role-based access control). You will learn to use Microsoft PowerShell to assign permissions to a Windows group. You will learn to assign permissions to a group in Linux, and how to modify the default file system access control permissions on a Linux host by using umask. You will learn to configure Attribute-based Access Control in Windows, and object-level access control. Finally, learners will examine NAC (network access control).
14 videos |
59m
Assessment
Badge
System Security Certified Practitioner (SSCP 2018): Security Controls
This course is an exploration and comparison of several categories of security controls ranging from deterrent controls to technical controls, in preparation for the Systems Security Certified Practitioner (SSCP) certification exam. In 14 videos, learners will examine security control safeguards to reduce risks and mitigate threats, including threat detection and threat avoidance. This course uses several examples of security controls, including user awareness and training, deterrent controls, detective controls to confirm vulnerabilities or active threats, and preventative controls to restrict threats, or limit their impact. Learn to install and configure the Microsoft NPS (Network Policy Services) to implement network access control. Next, examine how physical security controls to limit access to IT systems. You will learn why and how to disable SSL version 3, both on the client web browser side as well as on the web server side. You will then learn about administrative controls to guide actions that are taken by personnel within the organization. Learners observe how to use the Microsoft Active Directory to deploy security control settings.
14 videos |
1h 2m
Assessment
Badge
System Security Certified Practitioner (SSCP 2018): Asset & Change Management
Explore asset and change management, and their relationship to security through discussion and demonstration, in this 14-video course, which examines classes of assets, including personnel, hardware, software, data, and trade secrets. Prepare for the Systems Security Certified Practitioner (SSCP) certification exam by learning how to inventory hardware assets; how hardware is configured; and learning about network entry points such as VPN concentrators, wireless access points, and ethernet switches. This course examines software assets, including off-the-shelf and customized software. Learners observe how to configure a hardware inventory using Microsoft SCCM (System Center Configuration Manager). You will learn about data classification, and techniques to help facilitate security on a larger scale. Next, learn how file classification works by using the Windows Server Operating System and the File Server Resource Manager role service. You will examine TPM (Trusted Platform Module), firmware that is embedded in a chip, and which can be used with MFA (multifactor authentication). You will explore MDM (mobile device management). Finally, this course demonstrates a structured approach to change management and adoption.
14 videos |
1h 8m
Assessment
Badge
System Security Certified Practitioner (SSCP 2018): Network Security
This 14-video course explores the key concepts for designing and implementing a secure network. Continue preparations for the Systems Security Certified Practitioner (SSCP) certification exam by exploring physical network design, including the location of the network, wired and wireless networks, and infrastructure devices. You will examine local network infrastructure device management, and logical network design, such as VLANs (virtual local area networks), virtual network switches, and software-defined networking. Next, learners observe how to enable HTTPS for a network printer. You will explore types of firewalls, the placement of firewall solutions, and ACLs (access control lists), and how to configure a firewall rule. Then learn how to configure cloud-based firewalls by using the AWS (Amazon Web Services) console, and to configure a firewall rule on a Linux host. You will learn to configure IDS (intrusion detection systems) and IPS (intrusion prevention systems), and placement of intrusion and prevention systems. Finally, this course discusses Bluetooth, NFC (near field communication), and how to configure Wi-Fi security settings on wireless router.
14 videos |
1h 1m
Assessment
Badge
System Security Certified Practitioner (SSCP 2018): Malware & Endpoint Security
This 14-video course explores how malware infections occur, and how to mitigate these threats. Learners prepare for the Systems Security Certified Practitioner (SSCP) certification exam by examining how to compare current activity to a baseline. You will examine spyware, which tracks your computing usage with or without your consent, and adware, to direct information to the user. Next, explore rootkits, which stem from replacing UNIX Operating System files in the past with malicious code, and hide their presence. You will examine types of rootkits, including the form of files replaced on the host, running processes in memory, web browser plug-ins, on a Windows platform, or a Windows registry entry. You will examine backdoors which create a hidden entry point for malicious users, and is part of a rootkit. You will explore worms, viruses, and social engineering security threats. This course demonstrates how to configure common Windows Defender settings, and how to use the SCCM (System Center Configuration Manager), and malware policies by using white lists, and locking down USB removable media.
14 videos |
57m
Assessment
Badge
System Security Certified Practitioner (SSCP 2018): Securing Environments
Learners can explore how to secure virtual and cloud environments in this 12-video course, which examines different types of virtualization technologies, including hypervisors, application virtualization, OS (operating system) virtualization, and desktop virtualization. Prepare for the Systems Security Certified Practitioner (SSCP) certification exam by examining hypervisors, a physical host that runs virtual machines, and appropriate software, and uses them to increase server density. You will learn about application virtualization, where the app files are not installed on the host machine, but run on the host machine. Next, you will examine OS virtualization where a virtual machine is assigned virtual hardware, such as virtual CPUs, virtual network adapters, and hard disks. You will learn how to install and configure a Microsoft Hyper-V Virtual Machine. Learn how to configure iSCSI (Internet Small Computer Systems Interface), and secure it by using CHAP (challenge handshake authentication protocol). Then learn to use AWS (Amazon Web Service) to secure data at rest in the cloud. Finally, you will examine laws and regulations to consider when using public cloud services.
12 videos |
58m
Assessment
Badge
System Security Certified Practitioner (SSCP 2018): Security Assessments
This 15-video course prepares learners for the Systems Security Certified Practitioner (SSCP) certification exam by exploring security assessments, vulnerability scans, and penetration testing. First, you will examine the Nmap (network mapper) scanner to probe computer networks for host discovery, service, and operating system detection. You will learn how to use Nmap to conduct a network scan by using Windows. This course examines vulnerability scanning, and it demonstrates how to do penetration testing to identify and exploit host and network weaknesses. Learners will examine the importance of monitoring and analysis to identify security incidents. You will learn how to use a Windows performance monitor, and how to monitor resource usage in Linux. Continue by examining LANguard and end map assessments. This course then demonstrates how to view system logs to troubleshoot problems, and how to enhance the security of a network. You will learn how to configure log filtering in a Windows environment. Finally, learners will explore SCADA (Supervisory Control and Data Acquisition), and SIEM (for Security Information and Event Management).
15 videos |
1h 1m
Assessment
Badge
System Security Certified Practitioner (SSCP 2018): Digital Forensics
This course explores key aspects of digital forensics by looking at device usage while helping prepare learners for the Systems Security Certified Practitioner (SSCP) certification exam. In 13 videos, you will examine evidence gathering, chain of custody, data recovery, hard drive scrubbing, IP address tracking, and memory forensics. You will learn that a crucial aspect of digital forensics is the gathering of evidence in a lawful manner. Next, learners will examine how to determine when events occurred, when files were modified, when certain websites were accessed, and when messages were received. You will examine the chain of custody for preservation of evidence, and having a detailed account of gathering and handling evidence. This course demonstrates how to recover deleted data, and how to use a steganography tool to hide data in plain sight. You will examine memory forensics, a subset of digital forensics. This course then discusses the NIST (National Institute of Standards and Technologies) document publication 800-86. Finally, learn how to create a raw image of a hard disk drive.
13 videos |
46m
Assessment
Badge
System Security Certified Practitioner (SSCP 2018): Business Continuity
This 14-video course explores effective contingency planning and incidence response while preparing learners for the Systems Security Certified Practitioner (SSCP) certification exam. First, examine core elements of business continuity planning, data backup and restore, redundancy, how to use RAID (redundant array of independent disks), and incident response. This course then describes how to assess risk, the likelihood of events occurring against valued assets, and how to conduct a BIA (business impact analysis). Learners will explore a BCP (business continuity plan), assess assets, IT systems, data, and possible threats against those valued assets. This course continues by discussing alternate disaster recovery site types, including cold sites, warm sites, and hot sites. You will learn to use Windows Server 2016 to configure backup of data, restore data from a virtual machine, and understand the importance of backing up configurations of servers. You will learn to configure software RAID level 1 and RAID level 5 on a Windows host. Finally, learners will examine incident response lifecycles, and observe how to prepare the IRP (incident response plan).
14 videos |
52m
Assessment
Badge
SHOW MORE
FREE ACCESS
COURSES INCLUDED
SSCP 2021: Basic Security Concepts
Most candidates for the (ISC)² Systems Security Certified Practitioner (SSCP) exam will have the required one year of paid job experience. So the basic security concepts are most likely a review for most learners. However, simply defining the technology is not enough. Candidates must be able to grasp how the following principles are implemented: (ISC)² Code of Ethics, confidentiality, integrity, availability, accountability, privacy, non-repudiation, least privilege, and segregation of duties (SoD). Take this course to explore how you would apply these principles to your own daily security operations. Upon completion, you'll have a solid knowledge of the topics covered in Domain 1: Security Operations and Administration of the (ISC)² SSCP 2021 CBK, preparing you to take the exam.
11 videos |
28m
Assessment
Badge
SSCP 2021: Security Controls
When an organization decides to mitigate risk as part of a handling strategy, they will, in essence, raise the difficulty or resistance to threat actors using various security controls. If your role involves upholding the operational security of your organization's most coveted assets, you must be familiar with the many types of controls available. Use this course to become familiar with security control categories and the controls that fall within them. Among others, explore administrative controls, like security policies and procedures; technical controls, like device hardening and application firewalls; and physical controls, like surveillance equipment and security personnel. When you're done, you'll be able to decide the security controls you should implement in your organization. This course covers topics from Domain 1: Security Operations and Administration of the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 CBK.
10 videos |
21m
Assessment
Badge
SSCP 2021: Asset & Change Management Lifecycles
As a security practitioner, assessing risk and applying controls is a fundamental part of the job description. However, doing so becomes pretty challenging if you don't know the value and priority of all physical and logical assets. Solid comprehension of the well-established lifecycles and architectures involved in both asset and change management will help you implement all your security initiatives smartly. In this course, examine the processes and best practices involved in each of the asset and change management lifecycle phases. When you've finished, you'll know the best way to implement each of these phases within the context of your own business. This course explores topics from Domain 1: Security Operations and Administration of the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 CBK.
10 videos |
42m
Assessment
Badge
SSCP 2021: Physical Security Operations
Although on the surface, choosing physical controls may seem common sense and subjective, there are likely options and considerations you're unaware of. Furthermore, SSCP exam candidates must have a broad knowledge of these controls to pass the exam. Use this course to explore, in detail, the many categories and types of physical security controls, including barriers, such as gate types; surveillance, such as camera types; types of locks and sensors; secure areas, such as Faraday cages; and environmental controls, such as air gaps. Upon course completion, you'll be able to customize your physical security methods to suit your organization. This course covers subtopic 1.8 from Domain 1: Security Operations and Administration of the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 CBK.
10 videos |
30m
Assessment
Badge
SSCP 2021: Understanding & Applying Cryptography
Although cryptography isn't covered until domain 5 of the SSCP CBK, potential exam candidates and security professionals will benefit from foundational knowledge of cryptosystems early in their training. Use this course to grasp the reasons and requirements for cryptography in safe-guarding information, including regulations and governance. Investigate cryptographic techniques, such as hashing and salting, symmetric and asymmetric encryption, and elliptic curve cryptography. Discover what's involves in digital signatures and certificates. Explore cryptographic attacks, cryptanalysis, and countermeasures. And delve into advanced cryptosystems, such as quantum computing and blockchain. Upon course completion, you'll be aware of the various traditional and modern cryptology techniques used to protect data and communications. This course will help you in the lead-up to taking the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 exam.
10 videos |
41m
Assessment
Badge
SSCP 2021: Secure Protocols & Public Key Infrastructure (PKI)
Early on in the development of TCP/IP and the application layer protocols and services, it was decided not no build native security but rather to add new secure mechanisms and protocols. The aim was to maintain internetworking and interoperability without adding too much overhead. Knowing how these protocols work and how you can implement them will change how you protect your organization's information. Use this course to get abreast of some of the most vital secure protocols and their implementation along with other core services, such as key management, web of trust (WOT), and Public Key Infrastructure (PKI). Upon course completion, you'll be able to detail how and why these protocols and services are used. This course will help you in the lead-up to taking the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 exam.
8 videos |
38m
Assessment
Badge
SSCP 2021: Authentication & Trust Architectures
As a security professional, you'll likely have been exposed to the concept of origin authentication. However, in today's modern environment of mobile devices, the Internet of Things, and embedded systems, more robust authentication, authorization, and identity management methods are imperative. Use this course to comprehend how single and multi-factor authentication, single sign-on (SSO), device authentication, and federated access work. Examine the use of trust relationships between domains and what's meant by Zero Trust. And distinguish between various internetwork connections such as the Internet, intranets, and extranets. Upon course completion, you'll be able to detail how and why these authentication mechanisms and trust architectures are used. You'll also be one step closer to being prepared to take the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 exam.
7 videos |
33m
Assessment
Badge
SSCP 2021: Identity Management & Access Control Models
Whether you manage one or thousands of digital identities, the expectation for regulatory compliance, top-level security, and speedy access control will be the same. The importance of access control is reinforced by Domain 2 of the SSCP exam, representing 15% of the overall subject matter. Among other topics, this domain covers the identity management lifecycle and access control models. Use this course to gain a clear comprehension of the various aspects of identity management, namely authorization, proofing, provisioning, de-provisioning, maintenance, and entitlement. Furthermore, explore several types of access control models, including role-based and rule-based, and investigate the Bell-LaPadula and Biba mandatory access confidentiality and integrity models. Upon course completion, you'll recognize the identity management and access control techniques needed in your organization. You'll also be further prepared to sit the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 exam.
10 videos |
40m
Assessment
Badge
SSCP 2021: Risk Management
If a threat agent exploits an IT asset's vulnerability, then the consequences for a business could be detrimental. In IT security terms, the likelihood of this happening and the potential impact if it did constitutes the concept of risk. Those responsible for the operational security of assets need to know how to reduce risk sufficiently. Use this course to learn the many ways to identify, assess, and manage risk related to IT infrastructure. Explore, in detail, various risk management techniques, such as risk visibility and reporting, threat modeling, and risk treatment. Examine legal and regulatory concerns when managing risk. And see how to implement organizational security awareness and training. Upon completion, you'll know how to bring risk magnitude down to a pre-defined acceptable level. You'll also be further prepared to sit the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 exam.
9 videos |
46m
Assessment
Badge
SSCP 2021: Security & Vulnerability Assessment
Once you've assessed an organization's risks, you need to implement continuous visibility and reporting to understand risk evolution. Furthermore, once you've established security policies and controls, you need to test and evaluate them to confirm their efficacy. To meet these goals, security practitioners need to know how to uncover vulnerabilities, identify events of interest, monitor logs, and analyze metrics. Use this course to learn security and vulnerability assessment techniques and methodologies. Explore security testing, risk review, and vulnerability management. Examine data logging and event aggregation. Learn how to implement monitoring and event data analysis. And see how to document and communicate findings. Upon completion, you'll be able to identify, monitor, and analyze security risks. You'll also be further prepared to sit the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 exam.
8 videos |
30m
Assessment
Badge
SSCP 2021: Incident Response & Forensics
Unprecedented events such as the Y2K bug and terrorist attacks, along with increasing cybercrime pervasiveness and sophistication, have meant that since the early 2000s, a security team's ability to recover from a disaster has moved from a bonus to non-negotiable. There are several phases to incident response, from preparation to forensic investigations and beyond. A competent security professional needs to know all of them. Use this course to learn what's involved in the incident response lifecycle phases of preparation, detection, analysis, escalation, containment, eradication, recovery, and lessons learned. As you advance, explore essential aspects of cyber forensic investigations, such as handling evidence and reporting. Upon completion, you'll know the multiple facets of incident response and cyber forensics. You'll also be further prepared to sit the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 exam.
9 videos |
36m
Assessment
Badge
SSCP 2021: Business Continuity Planning
When dealing with security, preparation is key. A variety of disasters could happen to most organizations at any moment, and the impact that could have on data and systems could be detrimental. There are many measures and processes to help recover from a disaster. Use this course to learn a handful of them. Explore the main elements of business continuity planning (BCP), also called continuity of operations (COOP). See what's involved in business impact analysis and disaster recovery planning. And examine various backup and restore methods. Upon course completion, you'll know several strategies to ensure a business continues to function after a disaster. This course's objectives line up with those in Domain 4: Incident Response and Recovery of the SSCP CBK and will help you prepare for the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 exam.
7 videos |
36m
Assessment
Badge
SSCP 2021: Fundamental Networking Concepts
Historically speaking, the vast majority of security practitioners, technicians, engineers, and architects come from the field of local and wide area networking. This factor, as well as the importance of protecting data-in-transit, makes networking a critical knowledge area. Use this course to get to grips with several networking concepts and methodologies. Learn to distinguish between the OSI and TCP/IP reference models. Explore network topologies, relationships, and media types. See what's meant by software-defined networking (SDN), Remote Authentication Dial-In User Service (RADIUS), and terminal access controller access-control system plus (TACACS+), among other terms. Examine commonly used ports and protocols. And look into remote access connectivity and virtual private networks (VPNs). Upon course completion, you'll be familiar with several fundamental networking concepts and network access control methodologies. You'll also be further prepared for the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 exam.
9 videos |
50m
Assessment
Badge
SSCP 2021: Network Attacks & Countermeasures
A critical aspect of risk and security management is having a clear picture of the present threatscape. This involves knowledge of threats actors, exploits, vulnerabilities, and malware along with countermeasures that include various technical, physical, and managerial controls. Take this course to learn to recognize several types of network attacks. Examine various methods for managing network security, from network device placement to configuring access control lists and using firewalls and proxies. Furthermore, learn how to secure network-based security devices as well as routers and switches. Then, delve into content delivery networking, cloud-based load balancers, and intrusion detection and prevention. Upon course completion, you'll know what's involved in both network attacks and countermeasures. You'll also be further prepared for the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 exam.
10 videos |
1h 5m
Assessment
Badge
SSCP 2021: Secure Wireless Communication
Network and communications security is part of the SSCP Domain 6 objectives and includes the important topic of securing wireless communication. Use this course to learn about the key features of wireless networking technologies and the security vulnerabilities you need to consider. Examine key aspects about the operation of wireless technologies on the network including common wireless 802.11 standards and their distinguishing characteristics, and explore cellular, Wi-Fi, Bluetooth, and Near-Field Communication (NFC). Learn about the role of authentication and encryption protocols like WPA, WPA2, WPA3, and Extensible Authentication Protocol (EAP) as used on the network. Finally, learn how to secure various Internet of Things (IoT) devices including embedded devices and software-on-a-chip technology. Upon course completion, you'll know what's involved in securing wireless communication and devices. You'll also be further prepared for the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 exam.
7 videos |
35m
Assessment
Badge
SSCP 2021: Malware & Countermeasures
To secure systems and applications appropriately, security practitioners must first recognize the various types of malicious code and activity. After this, they need to execute the best measures to counter these exploits. Use this theory-based course to recognize multiple types of exploits and malware and their most common countermeasures. Explore malware variants, such as rootkits, spyware, scareware, and ransomware. Examine countermeasures involving scanners, antimalware, and code signing. Then, study malicious activities, such as insider threats, data theft, zero-day exploits, and advanced persistent threats (APTs). And discover their various countermeasures, such as system hardening, patching, and data loss prevention (DLP). Lastly, investigate advanced mitigation techniques that involve behavioral and data analytics, machine learning, and artificial intelligence. Upon completion, you'll be able to identify and analyze malicious code and activity. You'll also be further prepared for the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 exam.
7 videos |
36m
Assessment
Badge
SSCP 2021: Endpoint Protection & Mobile Device Management
The first decade of the 21st century saw an explosion in the use of various mobile devices and cloud service providers in the enterprise. With this came a new challenge for security professionals from which several techniques and tools were developed. Get to grips with the many terms and activities related to endpoint protection and mobile device management in this vocational course. Explore what's involved in host-based intrusion prevention systems (HIPS) and host-based intrusion detection systems (HIDS). Examine endpoint encryption, protection, detection, and response. And study mobile provisioning and mobile device and application management. Upon course completion, you'll be familiar with the best techniques for protecting various devices and systems. You'll also be further prepared for the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 exam.
8 videos |
33m
Assessment
Badge
SSCP 2021: Secure Virtual & Cloud Environments
The security landscape changes in tandem with the evolution of technology. As virtualization and cloud computing have emerged, so have associated security tools, techniques, and regulations. Ensure your security knowledge is up-to-date with this advanced exam preparatory course. Learn about hypervisors, virtual appliances, and containers. Examine continuity and resilience, attacks and countermeasures, and legal and regulatory concerns. Explore what's involved in shared and data storage, deployment and service models, processing, and transmission. Delve into third-party/outsourcing requirements, data portability, data destruction, and auditing. And finally, investigate the cloud computing shared responsibility model. When you're done, you'll know how to secure technologies related to virtualization and cloud computing. You'll also be further prepared for the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 exam.
8 videos |
41m
Assessment
Badge
SHOW MORE
FREE ACCESS
COURSES INCLUDED
Information Security for Leaders: An Introduction to InfoSec
Information security, often called InfoSec, consists of tools and processes used to protect data and sensitive information from threats and attacks. In this course, explore the history of information security and discover how to differentiate between cybersecurity and information security. Discover common myths and misconceptions about information security and learn about types of information security, such as infrastructure, cloud, application, and incident response. Next, you will explore security threats, including social media attacks, social engineering, malware, and misconfigurations, and common information security and data protection laws. Finally, you will investigate the responsibilities of a Chief Information Security Officer (CISO), including developing sound security practices, identifying security objectives, conducting awareness and training programs, and ensuring regulatory compliance. Upon completion, you'll be able to recognize the importance of information security and the key roles and responsibilities required to protect an organization
15 videos |
1h 18m
Assessment
Badge
Information Security for Leaders: Elements of InfoSec
Confidentiality, integrity, and availability, otherwise known as the CIA triad, is a common information security model used by organizations to design and implement their overall security policies and frameworks. In this course, you will learn the basics of confidentiality, integrity, and availability, and discover emerging challenges brought on by big data and the Internet of Things (IoT). Explore the stages of information security risk management (ISRM) and learn how to differentiate between various types of security controls. Discover techniques such as defense in depth, data classification, cryptography, access control, and governance, and the importance of having a sound incident response and management strategy in place. Lastly, learn about the role of investigations and forensics as well as the steps in a forensic investigation such as searching and seizing, acquisition, analysis, and reporting. After course completion, you'll be able to recognize common elements of information security.
15 videos |
1h 54m
Assessment
Badge
Information Security for Leaders: Elements of an InfoSec Team
There are many elements to a successful InfoSec team, but its goal is always to protect the organization's electronic data and information technology systems. In this course, you will learn about the responsibilities of an IT security team and the many roles required for success. Explore the responsibilities of a chief information security officer and a chief information officer and discover the primary responsibilities of a network security engineer, which include ensuring hardware and software security and updating and patching resources. Next, you will differentiate between the roles of penetration tester, information owner, junior engineer, computer technician, forensic investigator, and digital forensic examiner. Then examine key stakeholder and decision-maker roles. Lastly, explore the role of DevSecOps and list ways it can have a positive impact on information security. Upon completion, you'll be able to recognize the elements of an InfoSec team.
14 videos |
1h 39m
Assessment
Badge
Managing Enterprise InfoSec Risks & Risk Tolerance
IT security risks can be defined as a combination of the consequences of an event and the associated likelihood of occurrence. They can be managed by an organization through asset-safeguarding strategies. Through this course, learn about managing enterprise information security (InfoSec) risk and risk tolerance. Explore the definition of risk, how it differs from threats and vulnerabilities, and the history of information security. Next, discover common threats to IT systems and data, how to identify and manage security risks, and the key differences between quantitative and qualitative risk analysis. Finally, learn about common risk assessment tools and the differences between penetration testing and vulnerability assessments. Upon completion, you'll be able to outline and manage IT security risks.
15 videos |
1h 44m
Assessment
Badge
InfoSec Crisis Management & Incident Response
Not only do IT security teams need to be ready to identify security incidents, but they also need to be able to respond to and manage the environment during a crisis. In this course, you'll explore the term 'crisis' and identify crisis management practices. Discover the key components of an organizational crisis readiness program, including planning, training, technology, tools, and continuous improvement. Next, investigate the roles and responsibilities of a crisis management team, examine measures to minimize disruptions, and determine how incident response planning can help organizations better respond to critical incidents. Then, investigate how to best identify incidents and learn how early detection of incidents can be crucial to containing threats. Lastly, explore the various steps of a typical incident response plan, focusing on identification, containment, investigation, eradication, recovery, and lessons learned. After completing this course, you will be able to recognize what constitutes a crisis and respond to and manage security incidents.
15 videos |
1h 34m
Assessment
Badge
Information Security Practices: Budgeting & Forecasting for InfoSec
Information security leaders must identify organizational goals and develop plans and strategies to attain them. In this course, you will explore information security planning, including how a good plan can offer economic benefits and provide a competitive advantage. Discover the importance of evaluating security risks, threats, and vulnerabilities, and learn how to conduct a security risk analysis. Then you will focus on data classification planning, various regulatory acts that apply to information security, and the importance of disaster recovery and incident management planning. Next, examine the value of properly training and evaluating employees in security awareness, and learn how to strengthen security culture through communications and awareness programs. Finally, you will investigate key considerations when planning for budgets and contingency.
15 videos |
1h 12m
Assessment
Badge
Information Security Practices: InfoSec Vendor Management
Everything comes with pros and cons, and outsourced information security is no exception. Leaders contemplating outsourcing information security products and services will need to trade potential time and money savings for other potential gaps. In this course, explore information security outsourcing, security vendor relationships, and major considerations and challenges associated with outsourcing information security. Next, discover common downsides to outsourcing security services, key steps to consider when choosing a security vendor, and explore vendor risk management. Finally, learn about vendor contracts and the importance of having sound contract language when dealing with security vendors. Upon completion, you'll be able to identify common InfoSec vendors and providers and best practices for outsourcing InfoSec products or services.
13 videos |
1h 24m
Assessment
Badge
Information Security Practices: Multi-year InfoSec Planning
There is no easy way to predict the future of information security. There are however strategies leaders can implement to better plan and prepare for future growth, security, and threats. In this course, examine potential information security threats, how complexity makes them challenging to predict and plan for, and the threats that ransomware, cybercrime, and the growing crime-as-a-service (CaaS) community pose. Next, discover how work shortages and voids created by skills gaps can cause major issues and the impact of recent global pandemics. Finally, explore operational technology, application container risks, and the evolving risks posed by artificial intelligence and machine learning. Upon completion, you'll be able to plan for the future as an InfoSec leader.
15 videos |
1h 17m
Assessment
Badge
SHOW MORE
FREE ACCESS
COURSES INCLUDED
CRISC 2023: Risk Management
Proper IT governance consists of proper risk management. Risk management specialists can apply a variety of techniques to manage risk to an acceptable level. In this course, you will begin by exploring how risk management can minimize the impact of IT security events and discussing the relevance of recurring risk assessments and the use of a risk register. You will then consider risk treatments such as risk avoidance and risk transfer. Next, you will learn how to calculate the annual loss expectancy (ALE) and how this compares to the cost of security controls. You will explore security control types such as preventative and compensating controls. Finally, you will look at how configuration management relates to IT security, how to establish security baselines and replicate cloud storage, and how to back up data to the cloud. This course can be used to prepare for the ISACA(r) Certified in Risk and Information Systems Control (CRISC) certification.
13 videos |
1h 17m
Assessment
Badge
CRISC 2023: IT Governance
Managing risk properly can result in reducing risk to acceptable levels for business objectives. IT governance principles guide activities related to reducing risk. In this course, explore IT security governance, its relationship to organizational security programs and project management, and how the COBIT framework applies to IT governance. Next, learn about organizational security policies, organizational culture and its relationship to security, and the importance of performing a gap analysis. Finally, examine supply chain security, personnel management, configuration and change management, IT audits, SLOs and SLAs, and chain of custody. This course can be used to prepare for the ISACA(r) Certified in Risk and Information Systems Control (CRISC(r)) certification.
14 videos |
1h 22m
Assessment
Badge
CRISC 2023: Data Privacy
Data privacy is a foremost concern for most organizations. Compliance with laws and regulations feeds into risk management. In this course, you will discover the characteristics of Personally Identifiable Information (PII) and techniques to prevent sensitive data leakage. Then you will explore data loss prevention (DLP) and learn how to implement DLP using Microsoft Purview. Next, you will examine various data privacy and security standards including International Organization for Standardization (ISO)/International Electrotechnical Commission (IEC) standards, General Data Protection Regulation (GDPR), the Federal Risk and Authorization Management Program (FedRAMP) and the Health Insurance Portability and Accountability Act (HIPAA). Finally, you will focus on the Payment Card Industry Data Security Standard (PCI DSS), Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and China's Personal Information Protection Law (PIPL). This course can be used to prepare for the ISACA(r) Certified in Risk and Information Systems Control (CRISC(r)) certification.
12 videos |
1h 7m
Assessment
Badge
CRISC 2023: IT Baselines
Organizations must consider compliance with applicable laws and regulations through the management of security controls. IT systems and on-premises and cloud data can be secured, and compliance achieved using a variety of methods. In this course, explore various cloud provider compliance program details and how to use AWS conformance packs to track configuration compliance in the AWS cloud. Next, discover how security baselines are created and establish a performance baseline on the Windows Server platform and Azure Cloud. Finally, learn how to configure Azure Blueprints for a repeatable and compliant cloud environment and use Azure Policy to check resource configuration compliance. This course can be used to prepare for the ISACA(r) Certified in Risk and Information Systems Control (CRISC(r)) certification.
9 videos |
49m
Assessment
Badge
CRISC 2023: Data Classification
The need to comply with data privacy regulations and reduce risk to sensitive data applies to most organizations. Organizations must know which sensitive data they possess in order to secure it properly. In this course, I will begin by using tags, or metadata, to organize Microsoft Azure cloud resources. Next, I will use Amazon Macie to discover and classify data stored in Simple Storage Service (S3) buckets. I will then use Microsoft Purview governance to discover and classify data stored in storage accounts. I will also discover and classify data on the Windows Server platform using File Server Resource Manager (FSRM). Lastly, I will configure automated life cycle management for blobs in Microsoft Azure storage accounts. This course can be used to prepare for the ISACA(r) Certified in Risk and Information Systems Control (CRISC(r)) certification.
8 videos |
42m
Assessment
Badge
CRISC 2023: Authentication
Hardening authentication processes makes it more difficult for attackers to compromise accounts. Managing users and groups allows for access to required resources. In this course, you will explore authentication methods, including passwordless login. Then, you will learn how to manage Linux users and groups using the command line and how to enable Secure Shell (SSH) public key authentication. Next, you will manage Windows and cloud users and groups and examine dynamic membership cloud-based groups. Finally, you will configure multi-factor authentication (MFA) for users and explore identity federation. This course can be used to prepare for the ISACA(r) Certified in Risk and Information Systems Control (CRISC(r)) certification.
11 videos |
59m
Assessment
Badge
CRISC 2023: Authorization
Strong authorization settings limit permissions to resources for authenticated entities. Cybersecurity analysts must be aware of how to not only configure resource permissions, but also how to evaluate existing permissions to ensure adherence to the principle of least privilege. In this course, you will discover how authorization is related to, but differs from, authentication. Then, you will explore access control models, such as role-based access control (RBAC) and attribute-based access control (ABAC). Next, you will find out how to manage Linux and Windows file system permissions using the command lines. Finally, you will learn how to configure Windows dynamic access control, work with privileged access management in Linux using sudo, and manage RBAC permissions in the Microsoft Azure cloud. This course can be used to prepare for the ISACA(r) Certified in Risk and Information Systems Control (CRISC(r)) certification.
10 videos |
53m
Assessment
Badge
CRISC 2023: Cryptography
Confidentiality, integrity, and availability are core pillars of IT security governance. Cybersecurity analysts can harden IT environments using various encryption and hashing techniques. In this course, examine how the CIA triad relates to IT security and how cryptography protects sensitive data. Next, discover how to configure Encrypting File System (EFS) file encryption and Microsoft BitLocker encryption, and use a customer-managed key to enable encryption for an Azure storage account. Then learn how to hash files in Linux and Windows. Finally, find out about hardware security modules (HSMs) and the Trusted Platform Module (TPM), how Transport Layer Security (TLS) supersedes the Secure Sockets Layer (SSL), and how to enable HTTPS. This course can be used to prepare for the ISACA(r) Certified in Risk and Information Systems Control (CRISC(r)) certification.
14 videos |
1h 18m
Assessment
Badge
CRISC 2023: Public Key Infrastructure
Public key infrastructure (PKI) certificates are used to secure IT environments in many different ways, such as through email encryption and web server HTTPS bindings. Technicians must have an understanding of how PKI certificates are requested, issued, and used. In this course, you will explore the PKI hierarchy from certification authorities (CAs) down to issued certificates, as well as the PKI certificate life cycle. Next, you will learn how to deploy a private CA on the Windows platform and how to manage PKI certificate templates. Then, you will acquire PKI certificates and configure a web server HTTPS binding. Finally, you will configure a website to allow access only from clients with trusted PKI certificates. This course can be used to prepare for the ISACA(r) Certified in Risk and Information Systems Control (CRISC(r)) certification.
9 videos |
51m
Assessment
Badge
CRISC 2023: Network Security
Organizations should secure resource access while remaining compliant with relevant laws and regulations. One way to do this is to ensure proper network security controls are in place and reviewed regularly. In this course, learn about the OSI model layers, their relevance to network security controls, and the security aspects of network switching and network access control. Next, explore DHCP and DNS security issues, Wi-Fi authentication methods, and how to harden a DHCP and DNS deployment on Windows Server. Finally, discover the importance of honeypots and honeynets, how to implement a honeypot, how to analyze captured network traffic, and the purpose of an interconnection security agreement. This course can be used to prepare for the ISACA(r) Certified in Risk and Information Systems Control (CRISC(r)) certification.
15 videos |
1h 29m
Assessment
Badge
CRISC 2023: Security Controls
To protect assets, organizations must apply a structured approach to software development, as well as implement, manage, and monitor security controls. Organizations must also determine the appropriate cost to protect assets. In this course, learn about security control types, how physical security and digital data security relate, and how critical infrastructure should be protected. Next, explore the Cloud Controls Matrix (CCM), how to use the annual loss expectancy (ALE) formula, and security within the software development life cycle (SDLC). Finally, examine continuous integration and continuous deployment (CI/CD), Git version control, how to use the git CLI, and the benefits of the OWASP Enterprise Security API (ESAPI). This course can be used to prepare for the ISACA(r) Certified in Risk and Information Systems Control (CRISC(r)) certification.
12 videos |
1h 3m
Assessment
Badge
CRISC 2023: Virtualization & the Cloud
Virtualization has become a standard for on-premises and cloud-based IT deployments. Application container use is increasing, and both virtualization and application containers are used in cloud computing. In this course, learn about the different types of virtualization, virtualization security, and how to configure a VMware Workstation hypervisor. Next, explore application containers by learning how to install Docker on Linux, as well as how to manage and secure application containers and configure an isolated virtualization sandbox. Finally, examine cloud computing deployment and service models, as well as cloud-based security solutions. This course can be used to prepare for the ISACA(r) Certified in Risk and Information Systems Control (CRISC(r)) certification.
12 videos |
1h 7m
Assessment
Badge
CRISC 2023: Threat Intelligence
Risk analysts and security tools can reference a variety of threat intelligence sources to keep up to date with the latest threats and mitigations. These can be used to help keep organization security policies as effective as possible. In this course, you will examine different threat intelligence sources such as the common vulnerabilities and exposures (CVEs) website. Then you will explore how the Open Web Application Security Project (OWASP) Top 10 can help harden vulnerable web applications. You will discover how artificial intelligence (AI) and machine learning (ML) are used in threat hunting. Next, you will investigate threat positives and negatives, as well as how advanced persistent threats (APTs) are executed. Finally, you will focus on the Cyber Kill Chain and learn how to detect threats using Amazon GuardDuty. This course can be used to prepare for the ISACA(r) Certified in Risk and Information Systems Control (CRISC(r)) certification.
11 videos |
55m
Assessment
Badge
CRISC 2023: SIEM & SOAR
Security information and event management (SIEM) solutions serve as centralized data ingestion and analysis engines that seek out potential security issues. Security incident response can be partially or fully automated using security orchestration, automation, and response (SOAR) solutions. In this course, discover the benefits of SIEM and SOAR security incident monitoring and response solutions. Next, learn how to deploy the Splunk SIEM on Linux. Then, you will configure a Splunk universal forwarder. Finally, you will use various tools like Wireshark to capture and analyze industrial control system (ICS) network traffic. This course can be used to prepare for the ISACA(r) Certified in Risk and Information Systems Control (CRISC(r)) certification.
8 videos |
39m
Assessment
Badge
CRISC 2023: Firewalls
Security firewalls can determine what type of network traffic to allow or deny into and out of networks and hosts. Intrusion detection systems notify technicians of suspicious activity. Begin this course by discovering firewall types like next-generation firewall (NGFW) and web application firewall (WAF) and examining their use cases. Then you will configure Windows Defender Firewall and learn how to manage a Linux-based firewall solution. Next, you will manage a cloud-based firewall, explore proxy servers, and deploy the Squid proxy server on Linux. Finally, you will investigate intrusion detection and prevention and install Snort on Linux. This course can be used to prepare for the ISACA(r) Certified in Risk and Information Systems Control (CRISC(r)) certification.
10 videos |
51m
Assessment
Badge
CRISC 2023: Business Continuity
Organizations must prepare in advance for the inevitable disruption of business operations. This means proactive planning to not only prevent disruptions but also manage them to reduce their negative impact. In this course, you will explore common characteristics of a business continuity plan (BCP) and learn how to conduct a business impact analysis (BIA). Then you will investigate disaster recovery plans (DRPs), including components, key considerations, and governance. Next, you will configure high availability for cloud storage accounts, virtual machines, and databases through replication. Finally, you will configure the backup of on-premises data to the cloud. This course can be used to prepare for the ISACA(r) Certified in Risk and Information Systems Control (CRISC(r)) certification.
8 videos |
44m
Assessment
Badge
CRISC 2023: Malware
Threat actors use social engineering and exploit vulnerabilities to achieve their goals. Performance and security baselines can facilitate threat detection. In this course, I will begin by covering threat actor types. I will then explain the relationship between baselines and threat detection. Next, I will discuss indicators of malicious activity at the network, host and application levels. I will define how social engineering is a major threat and demonstrate how to execute a social engineering attack. Lastly, I will discuss common malware types, explore malware techniques, and analyze email messages. This course can be used to prepare for the ISACA(r) Certified in Risk and Information Systems Control (CRISC(r)) certification.
11 videos |
1h 5m
Assessment
Badge
CRISC 2023: Security Testing
Vulnerability scanning identifies host and network vulnerabilities and must be an ongoing task. Penetration testing is an active security method by which there is an attempt to exploit discovered vulnerabilities. In this course, you will begin by discovering how to plan for, schedule, and execute vulnerability assessments, identify common vulnerability scanning tools, and conduct an Nmap scan. Next, you will use Zenmap to execute a security scan and test web app security using the Open Worldwide Application Security Project (OWASP) Zed Attack Proxy (ZAP) tool. Then you will explore penetration testing and the Metasploit framework and use the Burp Suite tool as an HTTP intermediary proxy. Finally, you will view security alerts using Microsoft Defender for Cloud. This course can be used to prepare for the ISACA(r) Certified in Risk and Information Systems Control (CRISC(r)) certification.
12 videos |
1h 10m
Assessment
Badge
CRISC 2023: Hardening Techniques
Hardening refers to attack surface reduction in IT environments and can be applied to any type of device or software environment, including storage area networks (SANs). Firmware and software patches should be applied to ensure that potential security flaws in code have been addressed. In this course, you will begin by discovering hardening techniques for a variety of IT environments. Then you will find out how to use Microsoft Intune to centrally manage mobile devices. You will explore the importance of applying hardware and software patches and patch AWS virtual machines. Next, you will install and configure a Windows Server Update Services (WSUS) server and harden Windows computers using Group Policy. You will investigate SANs and related security considerations and you will manage virtual machines through Microsoft Azure Bastion. Finally, you will harden a Wi-Fi router and printer, enable Microsoft Azure VNet peering, and configure Azure private endpoints. This course can be used to prepare for the ISACA(r) Certified in Risk and Information Systems Control (CRISC(r)) certification.
13 videos |
1h 13m
Assessment
Badge
CRISC 2023: Attack Mitigations
Understanding the characteristics of various types of attacks goes a long way in helping cybersecurity analysts prevent and detect malicious activity. Knowledge of techniques and attacks, such as buffer overflows and distributed denial-of-service (DDoS) attacks, facilitates mitigation planning. In this course, you will begin by exploring SYN flood attacks and their relationship with the three-way Transmission Control Protocol (TCP) handshake. Next, you will spoof network traffic and discover different types of buffer overflow attacks. Then you will investigate DDoS attack mitigations and run a denial-of-service (DoS) attack against a website. Finally, you will compromise a client web browser, run a structured query language (SQL) injection and reverse shell attack, and crack Remote Desktop Protocol (RDP) passwords. This course can be used to prepare for the ISACA(r) Certified in Risk and Information Systems Control (CRISC(r)) certification.
11 videos |
55m
Assessment
Badge
CRISC 2023: IT Monitoring
Logging and monitoring are crucial aspects of IT security governance. The ability to configure and centrally monitor logs to detect anomalies can prevent security incidents or minimize their impact. In this course, I will cover how to view Linux log files, configure log rotation for log retention, and configure Linux log forwarding to a central logging host. Next, I will work with Windows Event Viewer logs. Lastly, I will configure Windows log forwarding. This course can be used to prepare for the ISACA(r) Certified in Risk and Information Systems Control (CRISC(r)) certification.
8 videos |
39m
Assessment
Badge
CRISC 2023: Incident Response
Organizations must prepare in advance for the inevitable disruption of business operations. This means proactive planning to not only prevent disruptions but also to manage them to reduce their negative impact. In this course, learn the importance of incident response plans (IRPs) and explore incident response activities such as escalation, eradication, and containment. Next, discover the value of lessons learned from past incidents and how to make future incident response more effective. Finally, examine how to apply incident response to a scenario. This course can be used to prepare for the ISACA(r) Certified in Risk and Information Systems Control (CRISC(r)) certification.
8 videos |
40m
Assessment
Badge
CRISC 2023: Risk Case Studies
The ability to effectively mitigate risk to levels acceptable to the organization is possible through risk management. Business leaders and technicians must apply risk management techniques to many levels of threats. In this course, I will begin with a risk management scenario related to a ransomware outbreak. I will then manage risk related customer data breaches, user account compromises, and Internet of Things (IoT) device usage. Lastly, I will apply risk management techniques to phishing scams. This course can be used to prepare for the ISACA(r) Certified in Risk and Information Systems Control (CRISC(r)) certification.
7 videos |
31m
Assessment
Badge
SHOW MORE
FREE ACCESS
COURSES INCLUDED
(ISC)² & Security Fundamentals
What is (ISC)²? How does it help security? Find out from this course, which will introduce you to the (ISC)² organization, its Code of Professional Ethics, and its CISSP exam, which certifies competence in the eight domains of the (ISC)2(r) CISSP CBK(r). Next, you will study the CIA triad, and consider how to identify, classify, and determine ownership of information and assets. You'll also learn about data privacy protection requirements, such as HIPAA and PCI-DSS, as well as data loss prevention (DLP) methods. Conclude by familiarizing yourself with appropriate asset retention practices and data security controls, as well as information-handling and asset-handling requirements.
11 videos |
39m
Assessment
Badge
Cryptographic Client-based Systems
Gain an advanced knowledge of cryptographic systems, life cycles, techniques, and methodologies. This course introduces you to cryptology and cryptographic systems. It then examines integrity and hashing in relation to cryptography, explores cryptographic methods and techniques, and discusses the nature of cryptanalytic attacks. You will then learn about the phases of the cryptographic life cycle, digital signatures, and the use and function of public key infrastructure (PKI). From there, you will go on to consider key management practices, such as key stretching, pinning, key escrow, and hardware security modules (HSM). Finally, as a review exercise, you will list three types of ciphers, three types of cryptographic hashing, and three different hashing algorithms.
10 videos |
56m
Assessment
Badge
Communication & Network Security
Discover how to implement secure architectures and controls for communication and network security. In this course, you will learn about secure design principles for networks, secure network components, OSI TCP/IP models, multilayer and converged protocols. Other topics covered include the following: signal transmission media, Network Admission Control (NAC) endpoint security, content-distribution networks, unified communications, wireless networking, remote access technology, and virtualized network security. As you conclude, there will be a review exercise, where you will list four security architecture principles, name three common security components of network switches, list three types of proxies, name four features of unified communications, and list five SIEM system features.
12 videos |
1h 15m
Assessment
Badge
Identity and Access Management (IAM)
Explore domain topics related to management, control, deployment, and accountability of various identity and access services in the enterprise, as well as the provisioning life cycle.In this course, you will learn about control physical and logical asset access, identification and authentication of entities, identity integration, authorization mechanism implementation, access control models, identity management implementation, access review and provisioning, and Federated Services. As a review exercise, you will list three examples each of Federated Services, military asset classification labels, and commercial asset classification labels.
9 videos |
59m
Assessment
Badge
Site & Facility Security Controls
Explore the domain of physical security as it relates to the corporate facility and on-site locales. In this course, you will learn about wiring closets, intermediate distribution, security controls for server rooms and data centers, media storage facilities, and evidence storage techniques and practices. Other topics include restricted work area security, utilities and HVAC intrusion protection, environmental controls, and fire prevention, detection, and suppression techniques. As a review exercise, you will name three types of keyless locks, list for types of motion detectors, list three security best practices to store evidence, and list four security practices that the Kraken bitcoin exchange uses for administrative, technical, and physical controls.
9 videos |
33m
Assessment
Badge
CISSP: Security
Explore the domain areas concerning governance, compliance, and business continuity planning for the enterprise security practitioner and engineer. In this course, you will evaluate and apply security governance principles to various situations. You will learn how to determine contractual, legal, industry standard, and regulatory requirements. Then you will move on to review privacy principles, requirements, and legal/regulatory considerations. From there, you will see what is needed to develop, document, and implement security policies, standards, procedures, and guidelines, as well as business continuity and disaster recovery plans. Other topics include learning how to align security functions with business strategies and objectives; ensuring compliance with due care and due diligence; identifying and analyzing cybercrimes and data breaches; comparing import/export and transborder data controls. Finally, you will examine licensing, intellectual property, and privacy requirements.
13 videos |
1h
Assessment
Badge
CISSP: Risk Management
What roles do human resources and legal departments play in ensuring that an enterprise is run securely? During this course, you will explore the governance, compliance, and business continuity planning domains for the enterprise security practitioner and engineer. You will observe how these departments must work closely with the security policy steering committee to enforce personnel security policies and procedures. See how to apply risk assessment and analysis techniques; study how to respond to risks, including measurement and monitoring. Discover how to implement threat modeling concepts and methodologies. Learn to apply risk-based management concepts to the supply chain. Also learn to build and maintain security training programs. Finally, as a review exercise, you will examine various IT security controls.
7 videos |
41m
Assessment
Badge
Security Architecture and Engineering
Explore the world of security engineering, such as the engineering processes that use secure design principles. In this course, you will start by becoming familiar with security architecture and engineering practices. You will then compare various security models, such as the state machine, lattice, noninterference, information flow, Bell-LaPadula confidentiality, and Clark-Wilson integrity models. Next, you will learn how to select various technical controls based on a system's requirements. Other topics include: how to compare security capabilities of one system to another, and how to mitigate vulnerabilities in security architectures and designs. You will conclude the course with a review exercise on how to describe security engineering and design. In the exercise, you will list four principles of secure network design, name five common attributes of next generation firewalls, name four proxy types, and list three rules of the Bell-LaPadula model.
6 videos |
46m
Assessment
Badge
Vulnerability Assessment & Mitigation
Explore the domain of security assessment, design, and mitigation for web-based, mobile, and embedded systems. This course will start by examining common web-based attacks, such as SQL injection, cross-site scripting (XSS), cross-site request forgery (CSRF), carjacking, clickjacking, and cookie exploits. Next, you will learn how to evaluate general strategies to mitigate vulnerability. The course then moves on to mitigation strategies fo rmobiles, such as containerization, sandboxes, wrappers, secure encrypted enclaves, TPM, and tokenization. You will then study enterprise mobility management methods, privacy concerns, and security issues. Other topics include how to assess vulnerabilities and common threats for embedded devices; and how to walk through methods to reduce embedded device vulnerability. Finally, as a review exercise, you will describe how to assess and mitigate systems vulnerabilities.
10 videos |
48m
Assessment
Badge
CISSP: Security Assessment & Testing
Find out what is involved with security assessment and testing. In this course, you will walk through steps you can take to support investigations. Examine resource provisioning and protection requirements, such as maintaining a chain of custody (CoC) to handle evidence. Learn key points about how to log and monitor operations, implement tests of security controls and processes, design and validate audit strategies, conduct security audits, and analyze test output. As a review exercise, you will describe how to effectively assess and test security.
8 videos |
51m
Assessment
Badge
CISSP: Security Operations
Explore the subject of security concerns and management tasks of continuous security operations and initiatives. During this course, you will review various operations security principles and see how to conduct or facilitate security audits. You will identify asset inventory measures and asset management controls. See how to manage configurations and changes and spot the differences between change management and configuration management. Compare features of privileged and service accounts. Finally, consider legal issues related to information security, such as service level agreements (SLAs), non-disclosure agreements (NDAs), and operational level agreements (NLAs).
9 videos |
36m
Assessment
Badge
Monitoring & Reporting
Discover security principles and management tasks of continuous security operations and initiatives. Learn about protocol analyzers, network scanners, vulnerability scanners, and other continuous monitoring systems. Review egress monitors as well as security information and event management (SIEM) systems. Examine various types of intrusion detection and prevention methods, such as NIDS and NIPS. Walk through forensic investigative processes. Explore digital forensics tools, tactics, and procedures. Observe reporting and documentation techniques, as part of a post-incident response, including root cause analysis and an after-action report of lessons learned.
9 videos |
51m
Assessment
Badge
Conducting Incident Management
Discover various methods for incident handling, disaster recovery, and business continuity, for enterprise. During this course, you will learn how to conduct detective and preventative measures, implement patch and vulnerability management, participate in change management processes, and setup a disaster recovery plan (DRP). You will observe how to test disaster recovery plans and identify elements of a business continuity plan (BCP). You will also examine physical security needs, such as confidentiality, integrity, and availability (CIA) requirements for an organization. From there you will observe how to assess environmental, man-made, supply system, and political threats, as well as their impacts; and consider protective measures for physical security, such as surveillance, lighting, tokens, biometrics, and Faraday cages. Finally, you will learn how to address personnel safety and security concerns.
12 videos |
1h 26m
Assessment
Badge
SHOW MORE
FREE ACCESS
COURSES INCLUDED
CISSP 2021: (ISC)2 & the CISSP Exam
In this introductory course of this CISSP training series, you will learn about the (ISC)2 code of professional ethics and organizational code of ethics that all CISSP candidates must attest to in order to be certified. These codes transcend the certification and should permeate every aspect of the life of a security practitioner, engineer, or architect. This course will also introduce the various characteristics of the 4-hour CAT and 6-hour linear CISSP examinations, including domain weightings. After completing this course, you'll have a foundational understanding of codes of ethics and aspects of the CISSP exam.
5 videos |
8m
Assessment
Badge
CISSP 2021: Fundamental Concepts & Principles
Even with several years of practical experience in the security field, knowledge and application of specific security concepts and principles may have eluded even the seasoned security professional. Use this course to brush up on some of the vital, core security principles, such as confidentiality, integrity, and non-repudiation. Be reminded of the critical role of security design in the ISO OSI 7-layer Reference Model and the 4-layer TCP/IP Reference Model. Upon completion of this course, you'll be fully attuned to the most fundamental aspects of security. Furthermore, you can use this course to prepare for the CISSP exam.
9 videos |
28m
Assessment
Badge
CISSP 2021: Secure Design Principles
Security design principles are crucial while designing any security mechanism for a system. This course will help you gain a better understanding of how these principles help develop a secure system, which prevents security flaws and also blocks unwanted access to it. Get familiar with security concepts and principles such as defense in depth, least privilege, and zero trust and explore them further with the help of real-world applications and use cases. After completing this course, you'll be aware of the significance of methodologies for implementing separation of duties, secure defaults, secure failure, and privacy by design while avoiding over-complexity.
11 videos |
40m
Assessment
Badge
CISSP 2021: Security Governance Principles
All security imitative begin at the top as an aspect of global corporate governance. The modern security architect must understand the role of security governance in the bigger picture as well as how it should align with the value proposition of the organization. This course will help you get familiar with the principles of security governance, aspects of compliance and industry standards, and the components of conducting investigations. After you are done with this course, you will be able to recognize and assess issues related to security governance, compliance, and regulations. Further, this course will help you prepare for the CISSP exam.
8 videos |
42m
Assessment
Badge
CISSP 2021: Security Policy
The written and published security policy is a critical aspect of security governance in all sizes and types of organizations. Use this course to gain a better understanding of security policy development and implementation. Delve into employment and personnel policies, third-party policies and agreements, as well as security awareness and training. Upon finishing this course, you'll have a foundational knowledge of security governance and will be able to prepare for the CISSP exam.
9 videos |
37m
Assessment
Badge
CISSP 2021: Asset Classification & Lifecycle
Before a security practitioner can even begin to implement security controls and countermeasures, they must have a good understanding of the types and valuation of organizational assets, both tangible and intangible. Data exists in various states and different locations, and it must be handled and treated according to pre-established policies. Explore methods for classifying, prioritizing, handling assets throughout the entire lifecycle to disposition using this course. Examine various aspects of the lifecycle: data and asset states and classification, information and asset handling requirements, data roles, and asset destruction and sanitation. After completing this course, you will have a knowledge of organizational assets and how to classify them. Further, you can also use this course to prepare for the CISSP exam.
9 videos |
42m
Assessment
Badge
CISSP 2021: Risk Management
A security professional must be familiar with risk management concepts to be able to apply them effectively. Use this course to explore the management of risks to tangible and intangible assets. Get familiar with the details of vulnerability and risk assessment, countermeasure selection and implementation, and risk frameworks. This course will also help you examine the monitoring, measuring, and reporting of risk and delve further into threat modeling and supply chain risk management (SCRM). You'll have an understanding of risk management fundamentals and how to apply them after completing this course. Moreover, you can also use this course to prepare for the CISSP exam.
12 videos |
1h 3m
Assessment
Badge
CISSP 2021: Practical Cryptography
Cryptology is crucial to network security as it secures data, information, and communication. Take this course to build a strong foundation in cryptography and cryptanalysis - the two aspects of cryptology. This course will help you gain a better understanding of two objectives of the security architecture and engineering domain: selecting and determining cryptographic solutions and understanding methods of cryptanalytic attacks. These will support your exploration of controls and countermeasures to be implemented going forward in the security lifecycle. You'll be able to outline practical cryptographic solutions and cryptanalysis and prepare for the CISSP exam after completing this course.
10 videos |
40m
Assessment
Badge
CISSP 2021: Identity and Access Management Principles
Identity and access management (IAM) is crucial for businesses in order to identify and mitigate security violations, define user identity, and manage access privileges and authorization. Gain a better understanding of critical concepts, terms, and models needed to build a strong foundation in IAM using this course. Explore different areas of physical and logical control and learn more about security models like Biba and Bell-LaPadula. You will also delve deeper into authorization mechanisms, such as MAC, RBAC, DAC, and ABAC. You will have a better understanding of authentication and authorization fundamentals after completing this course. Further, you can also use this course to prepare for the CISSP exam.
11 videos |
34m
Assessment
Badge
CISSP 2021: Deploying Identity & Access Management (IAM)
If implemented properly, Identity Access Management mechanisms and protocols can greatly improve an enterprise's visibility and security. This course will help you delve deeper into the practical implementation of identity and access management controls and mechanisms. Explore the implementation of authentication systems like SAML, investigate the management of the identity and access provisioning lifecycle, and discover how the identification of people, devices, and services are managed. You'll also examine authentication and authorization protocols, provisioning and deprovisioning, and accounting, registration, and proofing of identity. After finishing this course, you'll have an understanding of how to effectively use and execute identity and access mechanisms within your organization. Moreover, you can also use this course to prepare for the CISSP exam.
12 videos |
44m
Assessment
Badge
CISSP 2021: Architecture, Design, & Solutions Vulnerabilities
A security professional needs to be acquainted with security architecture and engineering as they determine the design, implementation, monitoring, and securing of systems and networks of an organization. Use this course to explore the fundamentals of security architecture and engineering. Learn more about client-server, databases, and distributed systems, examine IoT, containers, serverless, and microservices, and explore embedded system security and constraints in detail. You'll also get familiar with TPM, HPC, and edge computing security. Upon completion of this course, you'll be able to assess and mitigate the vulnerabilities of modern security architectures, designs, and solutions, as well as understanding the capabilities of securing information systems. Further, you can also use this course to prepare for the CISSP exam.
12 videos |
51m
Assessment
Badge
CISSP 2021: Site & Facility Security
In past iterations of the CISSP exam, physical security was a domain in itself. In the recent version of CISSP, this topic is found in the Security Architecture and Engineering domain. Use this course to explore security principles and for site and facility design and examine various site and facility security controls. Discover how to navigate the essentials of facility and site security, investigate common physical controls, and get familiar with the physical defense-in-depth approach. You'll also learn about the prevention, detection and, suppression of fire in greater detail. After completing this course, you'll be able to assess issues with the security design of a site or facility and implement appropriate controls to address them. Moreover, you can also use this course to prepare for the CISSP exam.
12 videos |
42m
Assessment
Badge
CISSP 2021: Communication & Network Security
Some CISSP domains have evolved further than the others over the past few years, and the communication and network security domain is a prime example. Explore cutting-edge technologies, such as converged protocols, micro-segmentation, 5G, and content distribution networks (CDN) using this course. Examine secure protocols, wireless and cellular networking, and secure communication channels. This course will also help you investigate the mechanisms involved in endpoint security. After completing this course, you'll be acquainted with the fundamentals of security concerns in network channels. You can also use this course to prepare for the CISSP exam.
10 videos |
1h 6m
Assessment
Badge
CISSP 2021: Security Operations
The security operations domain represents 13% of the CISSP exam and is one of the most important areas of practice for the security engineer and architect. Use this course to gain an in-depth theoretical comprehension of core security concepts, such as configuration, change, and patch management, logging and monitoring, vulnerability assessment and management, incident response, BCP, BIA, DRP, and forensic investigations. After completing this course, you'll be familiar with the processes, best practices, and tools to put these security concepts in place. If you're preparing for the CISSP exam, this course will help you.
10 videos |
1h 2m
Assessment
Badge
CISSP 2021: Business Continuity Planning
Business impact and continuity planning form part of the most crucial topics in security operations. They involve identifying risks, foreseeing potential threats and the impact on business operations if disasters occur, and planning accordingly to prevent and recover from these possible occurrences. Use this course to learn how to develop a business impact analysis plan. Examine what's involved in business continuity planning and continuity of operations processes. Explore various backup storage and recovery strategies. Also, learn how to conduct multiple types of tests on disaster recovery plans. Upon completion of this course, you'll be able to plan for recovery from various types of disasters and know how to document all processes before and after the fact correctly. Furthermore, you'll be a step closer to being prepared for the CISSP exam.
8 videos |
35m
Assessment
Badge
CISSP 2021: Security Assessment & Testing
For an organization to achieve continual improvement and attain a higher level of security maturity, a solid plan for security assessment and testing must be in place. Explore the fundamental aspects of security assessment and testing through this course. You will delve deeper into designing and validating assessment, test and audit strategies, and data collection. This course will also give you a deeper insight into performing security testing, analyzing the output, generating reports, and facilitating audits. After completing this course, you will possess the skills and knowledge to implement appropriate security assessment and testing measures within your organization. Further, you can also use this course to prepare for the CISSP 2021 exam.
6 videos |
29m
Assessment
Badge
CISSP 2021: Software Development Lifecycles & Ecosystems
Security has become an integral element of the software development lifecycle (SDLC). A security professional needs to be aware of software development methodologies and ecosystems to safeguard their business against data breaches and other security threats. Use this course to learn more about different aspects of software development lifecycles, such as development methodologies, maturity models, security controls, SOAR and SCM in application security, and application security testing. Having completed this course, you'll have a foundational understanding of the different elements of SDLC. Moreover, you can also use this course to prepare for the CISSP 2021 exam.
8 videos |
36m
Assessment
Badge
CISSP 2021: Software Development Security
Securing software development should be an area of focus for business owners and security professionals because it reduces business risk, protects the data stored in business applications, and ensures ongoing compliance with governing security laws and regulations. Use this course to gain a deeper understanding of software development security. Learn more about assessing built and acquired software security, cloud deployment types and their relationship to security, and software diversity. You'll also examine weaknesses in source code and APIs and secure coding techniques. Upon completion of this course, you'll have the skills and knowledge to implement secure practices while developing software. You'll also be a step closer in your preparation for the CISSP 2021 exam.
8 videos |
32m
Assessment
Badge
SHOW MORE
FREE ACCESS
COURSES INCLUDED
CISSP 2024: Professional Ethics & Security Concepts
Regardless of the guidance that one is following as a security professional, one common theme is that architects must be held to a high ethical standard based on their responsibility to manage risk to all assets. In this course, you will explore the International Information System Security Certification Consortium (ISC2) Code of Professional Ethics. Then you will discover organizational codes of ethics, which establish an integral aspect of a mission and model adopted by an organization. Finally, you will focus on the Five Pillars of information security - confidentiality, integrity, availability, authenticity, and non-repudiation. This course helps prepare learners for the Certified Information Systems Security Professional (CISSP) exam.
9 videos |
18m
Assessment
Badge
CISSP 2024: Security Governance & Compliance Issues
Security governance is the set of practices exercised by executive management to offer strategic direction, ensuring that objectives are achieved, determining that risks are managed properly, and verifying that the organizations' resources are used responsibly. Begin this course by discovering how to align security governance with organizational goals and objectives. Then you will explore organizational processes like acquisitions, divestitures, and governance committees, as well as organizational roles and responsibilities. You will investigate security control frameworks like including the International Organization for Standardization (ISO), the National Institute of Standards and Technology (NIST) and learn about due diligence, due care, cybercrimes, and data breaches. Next, you will examine licensing and intellectual property requirements, import and export controls, transborder data flow, and privacy-related issues. Finally, you will focus on contractual, legal, industry standards and regulatory requirements. This course helps prepare learners for the Certified Information Systems Security Professional (CISSP) exam.
12 videos |
42m
Assessment
Badge
CISSP 2024: Investigations & Policies
Cybercrime investigation is a critical practice in a modern security landscape. In this field, skilled security professionals from agencies like the FBI use digital forensics to track, analyze, and dismantle various types of cybercrime and cyber threats. This course covers several CISSP exam objectives. You will begin by exploring the requirements for administrative, criminal, civil, regulatory, and industry investigations. You will then learn to develop, document, and implement security policy, standards, procedures, and guidelines. Finally, you will discover considerations for the enforcement of personnel security policies and procedures. This course helps prepare learners for the Certified Information Systems Security Professional (CISSP) exam.
7 videos |
32m
Assessment
Badge
CISSP 2024: Risk Management Concepts
Security risk management involves the continual process of identifying security risks and implementing strategy and tactics to mitigate them. It is a vital component of any organization's strategy to protect its assets, ensure regulatory compliance, maintain operational continuity, and safeguard its reputation. Begin this course by exploring threat and vulnerability identification, as well as risk analysis, assessment, and response. Next, you will discover control categories, types, and assessments. Then you will investigate continuous monitoring and measurement and risk management reporting. Finally, you will examine continuous improvement and risk frameworks as you gain the essential skills to protect and secure your organization's critical resources. This course helps prepare learners for the Certified Information Systems Security Professional (CISSP) exam.
11 videos |
45m
Assessment
Badge
CISSP 2024: Threat Modeling, SCRM, & Security Awareness
Threat modeling uses hypothetical scenarios, system and data flow diagrams, and testing to assist in securing systems, applications and data. In this course, the learner will explore threat modeling concepts and methodologies, supply chain risk management (SCRM) concepts, and ways to establish and maintain a security awareness, education, and training program. This course helps prepare learners for the Certified Information Systems Security Professional (CISSP) exam.
8 videos |
29m
Assessment
Badge
CISSP 2024: Asset Classification, Handling, & Provisioning
It is an established principle that before risk can be assessed and analyzed, an organization must know what physical and software resources they have. This enables businesses to categorize and allocate their assets effectively, thus mitigating risks, optimizing usage, and potentially saving costs. Begin this course by exploring general asset classification, types of assets, and restricted, confidential, internal, and public data. Then you will discover information and asset handling requirements and secure provisioning of assets. Next, you will investigate different use cases for asset ownership. Finally, you will examine tangible and intangible asset inventory and asset management per International Organization for Standardization (ISO) guidelines. This course helps prepare learners for the Certified Information Systems Security Professional (CISSP) exam.
9 videos |
23m
Assessment
Badge
CISSP 2024: Data Lifecycle, Controls, & Compliance
Data is one of the highest-priority assets that most organizations possess. For CISSP professionals, understanding the data lifecycle to ensure that security measures are applied at each stage to protect sensitive information, controls, and compliance is crucial. Together, these elements form the backbone of a robust security strategy, ensuring that data is managed securely throughout its lifecycle, mitigating risks through effective controls, and meeting legal and regulatory requirements. Begin this course by exploring various data roles like owner, controllers, and processors, as well as in use, in transit, and at rest data states. Then you will delve into the phases of the data lifecycle, including data collection, data location, data maintenance, data retention and remanence, and data destruction. Next, you will compare data scoping to data tailoring and learn how to select appropriate data security and privacy standards. Finally, you will focus on data protection methods, including digital rights management (DRM), data loss prevention (DLP), and cloud access security brokers (CASBs). This course helps prepare learners for the Certified Information Systems Security Professional (CISSP) exam.
12 videos |
34m
Assessment
Badge
CISSP 2024: Secure Design Principles & Models
For the CISSP exam, one must be able to understand a variety of security design principles and practices. The topics in this course cover the following Domain 3 objectives: research, implement, and manage engineering processes using secure design principles and understand the fundamental concepts of security models. Begin by exploring the importance of least privilege and defense in depth to create multi-layered security defenses and restrict access to sensitive information. You will then look at concepts of segregation of duties (SOD), keeping it simple and small, and privacy by default and design. Next, you will consider how the shared responsibility model is crucial for participants to grasp the roles and accountability in cloud and collaborative environments. You will also explore threat modeling techniques to identify, evaluate, and mitigate potential security threats. Finally, you will compare zero trust vs. trust, explore the secure access service edge (SASE) framework, and consider the fundamental concepts of security models such as Bell-LaPadula, Biba, Star, and Clark-Wilson. This course helps prepare learners for the Certified Information Systems Security Professional (CISSP) exam.
12 videos |
40m
Assessment
Badge
CISSP 2024: Vulnerabilities of Architectures, Designs, & Solution Elements
A security vulnerability is a weakness, flaw, or error found within a security element that has the potential to be leveraged by a threat agent in order to compromise a secure network, system, or application. The goal of this course is to prepare the CISSP candidate to assess and mitigate the vulnerabilities of security architectures, designs, and solution elements. In this course, you will begin by considering the potential vulnerabilities of various systems including client-based, server-based, database, cryptographic, industrial control (ICS), embedded, virtualized, cloud-based, and distributed systems and how you might mitigate these issues. Next, you will walk through ways to lessen vulnerabilities in Internet of Things (IoT) devices and discover how to assess and mitigate vulnerabilities in containerized systems and microservices including application programming interface (API) calls. You will also look at the potential weaknesses in serverless technologies, high-performance computing, and edge computing and how to alleviate these issues. Finally, you will explore the security capabilities of Information Systems like memory protection, Trusted Platform Module (TPM), and encryption/decryption.
14 videos |
55m
Assessment
Badge
CISSP 2024: Cryptographic Solutions & Cryptanalytic Attacks
Cryptology is the science of securing all communications. Cryptography generates messages with hidden meaning whereas cryptanalysis is the science of breaking those encrypted messages to recover their meaning. In this course, we will begin by defining several cryptographic methods such as symmetric, asymmetric, elliptic curves, and quantum and explore the cryptographic life cycle. Next, we will compare key management practices like generation and rotation and look at digital signatures and digital certificates for non-repudiation and integrity. We will then explore public key infrastructure (PKI), including quantum key distribution, and compare several types of brute force attacks. Finally, we will delve into implementation attacks, side-channel attacks, Kerberos exploitation, and ransomware attacks. This course helps prepare learners for the Certified Information Systems Security Professional (CISSP) exam.
12 videos |
48m
Assessment
Badge
CISSP 2024: Site & Facility Security
Physical security consists of tested practices for protecting building sites and equipment (and all information and software contained therein) from theft, vandalism, natural disaster, human-caused catastrophes, and accidental damage, thereby maintaining overall organizational security. Begin this course by exploring site and facility security design principles, as well as perimeter and internal security controls to gain insights into safeguarding both the outer and inner layers of infrastructure. Then you will investigate security concerns for wiring closets, distribution frames, server rooms, data centers, and media and evidence storage facilities. Next, you will examine security issues for restricted and work areas, utilities, and heating, ventilation, and air conditioning (HVAC) systems. Additionally, you will focus on environmental topics, including fire prevention, detection, and suppression. Finally, you will discover power issues and controls, including redundancy and backup, and personnel safety concerns including insider threats, social media impacts, two-factor authentication (2FA) fatigue, emergency management, and duress. This course helps prepare learners for the Certified Information Systems Security Professional (CISSP) exam.
13 videos |
46m
Assessment
Badge
CISSP 2024: Secure Design Principles in Network Architectures (Part 1)
In the digital era, understanding network protocols and their impact on performance is crucial for IT professionals tasked with maintaining robust and efficient communication systems. This course is the first of two courses that cover a large part of CISSP Domain 4. In this course the learner will focus on several aspects of secure design principles in network architectures including OSI and TCP/IP protocols for IPv4 and IPv6, secure protocols, multilayer protocol implications, converged protocols, transport architectures, performance metrics, and traffic flows. This course helps prepare learners for the Certified Information Systems Security Professional (CISSP) exam.
10 videos |
47m
Assessment
Badge
CISSP 2024: Secure Design Principles in Network Architectures (Part 2)
In today's increasingly complex threat landscape, securing physical sites and facilities is paramount for safeguarding assets, data, and personnel. This course covers secure design principles in network architectures beginning with an exploration of physical and logical segmentation and microsegmentation. Next you will dig into edge networks, including peering and ingress/egress. You will compare types of wireless networks and explore cellular and mobile networks. Next you will discover the roles of content distribution networks (CDNs), software-defined networks (SDNs), and virtual private clouds (VPCs) in security design. Finally, you will explore security monitoring and management. This course helps prepare learners for the Certified Information Systems Security Professional (CISSP) exam.
12 videos |
47m
Assessment
Badge
CISSP 2024: Securing Network Components & Communication Channels
Evaluate the best data communications solutions for your organizations based on factors such as reliability, cost, and security. In this course, you'll explore how to design and deploy infrastructure that meets the requirements of modern businesses. Learn how to evaluate infrastructure solutions based on factors such as reliability, scalability, and cost-effectiveness, explore the best practices for maintaining that infrastructure, and learn about the different types of transmission media, including physical security and signal propagation quality. Next, you'll discover different transmission media solutions, Network Access Control (NAC) systems, and gain an understanding of how to design and deploy NAC solutions that provide comprehensive security to network endpoints. Finally, explore the different types of data communications, including backhaul networks, satellite, and third-party connectivity such as telecom providers and hardware support. This course helps prepare learners for the Certified Information Systems Security Professional (CISSP) exam.
10 videos |
34m
Assessment
Badge
CISSP 2024: Controlling Asset Access, Device Identification, and Authentication
Traditionally, access control has been described as AAA services. Authentication, authorization, and accounting (AAA) is a security framework that controls access to computer resources, enforces policies, and audits usage. This course explores classic and evolving approaches to controlling asset access and device identification and authentication. Topics include physical and logical access, groups and roles, AAA services, session management, registration, proofing, identity, federated identity management (FIM), credential management systems, single sign-on (SSO), Just-In-Time (JIT), authentication systems, and federated identity. This course helps prepare learners for the Certified Information Systems Security Professional (CISSP) exam.
13 videos |
45m
Assessment
Badge
CISSP 2024: Authorization Mechanisms & Identity Management
While authentication is technically mandatory, authorization is optional, and if all principals had root or administrative access in a small organization, there would be no need for different access layers. This scenario, however, is quite rare and is a violation of modern identity management and zero-trust initiatives. In this course, learn about the implementation and management of authorization mechanisms and control of the identity and access provisioning lifecycle, including rule-based, role-based, discretionary, mandatory, attribute-based, and risk-based access controls. Next, compare attribute-based access control (ABAC) with RBAC and explore access policy enforcement, account access review, and provisioning/deprovisioning. Finally, examine role definitions and transitions, privilege escalation, and service accounts management. This course helps prepare learners for the Certified Information Systems Security Professional (CISSP) exam.
13 videos |
35m
Assessment
Badge
CISSP 2024: Security Audit & Controls Testing
A security audit is a comprehensive assessment of an organization's information systems. Typically, they measure the systems and applications against an audit checklist of industry best practices, externally established standards, and/or federal regulations. In this course, differentiate internal, external, and third-party auditing and learn about locations for auditing and controls testing, the purpose of a vulnerability assessment, and the basics of penetration testing. Next, explore log reviews and log data, code review and testing techniques, and compare synthetic transactions, benchmark, and misuse case testing. Finally, examine coverage analysis concepts, compare interface testing methods, and discover the purpose of compliance checks. This course helps prepare learners for the Certified Information Systems Security Professional (CISSP) exam.
12 videos |
34m
Assessment
Badge
CISSP 2024: Collecting & Analyzing Security Process Data
Collecting and analyzing security process data is a key aspect of maintaining and improving the overall security of a business or organization, and there is a vast array of sources and metrics that must be considered. In this course, learn about account management process data collection, management review and approval data collection, and key concepts of security management key performance indicators (KPI) and key risk indicators (KRIs). Next, examine data backup verification best practices, training and awareness process data, and disaster recovery (DR) and business continuity (BC) process data. Finally, discover how to analyze test output and generate reports, and explore best practices for proper security audit reporting. This course helps prepare learners for the Certified Information Systems Security Professional (CISSP) exam.
10 videos |
22m
Assessment
Badge
CISSP 2024: Logging, Monitoring, & Investigations
In the realm of cybersecurity, logging, monitoring, and investigations play a critical role in ensuring the integrity, confidentiality, and availability of information systems. These processes help to safeguard an organization's digital assets from potential threats. In this course, learn about log management, intrusion detection and prevention systems (IDPS), and compare security information and event management (SIEM) and security orchestration, automation, and response (SOAR). Next, explore continuous monitoring and tuning, threat intelligence and hunting concepts, and user and entity behavior analytics. Finally, examine cyber forensics collection and handling, the forensic analysis process and activities, and forensic reporting and documentation. This course helps prepare learners for the Certified Information Systems Security Professional (CISSP) exam.
12 videos |
33m
Assessment
Badge
CISSP 2024: Foundational Security Operations & Resource Protection
Different organizations have varying definitions of change management and configuration management in IT. In this course, learn the differences between IT change management and configuration management, compare need to know and least privilege, and explore segregation of duties (SoD) and privileged account management (PAM). Next, learn about job rotation, service-level agreements (SLAs), and how to apply resource protection for media management. Finally, examine the processes of the incident management life cycle, including preparation, detection, response, mitigation, reporting, recovery, remediation, and lessons learned. This course helps prepare learners for the Certified Information Systems Security Professional (CISSP) exam.
14 videos |
36m
Assessment
Badge
CISSP 2024: Operating Detection & Preventative Measures
A firewall system is designed to prevent fires from spreading from one zone or domain to another. Patch management, on the other hand, can stop a fire from ever starting. In this course, examine operating detection and preventative measures, including intrusion detection systems (IDS) and intrusion prevention systems (IPS) and whitelisting and blacklisting. Next, learn about third-party security services, sandboxing, and honeypots and honeynets. Finally, explore antimalware systems, machine learning (ML) and AI-based tools, and how to implement and support patch and vulnerability management. This course helps prepare learners for the Certified Information Systems Security Professional (CISSP) exam.
11 videos |
36m
Badge
CISSP 2024: Business Continuity Planning & Exercises
Business continuity planning is a systematic and comprehensive strategy and set of tactics for ensuring that an organization can prevent or quickly recover from a significant disruption to its operations at a pre-determined acceptable level. In this course, discover methods to identify, assess, prioritize, and implement business continuity requirements. Learn about the business continuity plan (BCP) and business impact analysis (BIA). Next, explore how to implement recovery strategies using backup storage and recovery sites. Finally, learn about the importance of system and design resilience, high availability, and fault tolerance. This course helps prepare learners for the Certified Information Systems Security Professional (CISSP) exam.
9 videos |
35m
Badge
CISSP 2024: Implement Disaster Recovery
Generally speaking, disaster recovery (DR) involves securely replicating and backing up critical data and workloads to another or multiple sites. In this course, learn about disaster recovery response, personnel involved in the disaster recovery process, communications methods for disaster recovery, and disaster recovery plan (DRP) assessments. Next, explore the restoration from disasters process, various methods for testing the disaster recovery plan, and documenting lessons learned in disaster recovery. Finally, examine how to communicate test results and best practices for training and awareness for disaster recovery planning. This course helps prepare learners for the Certified Information Systems Security Professional (CISSP) exam.
11 videos |
21m
Badge
CISSP 2024: Securing the SDLC & Software Development Ecosystems
According to Amazon Web Services (AWS), the Software Development Life Cycle (SDLC) is a cost-effective and time-efficient development team process used to design and build high-quality software. The goal of the SDLC is minimizing project risks through forward planning so software during production and beyond meets customer expectations. In this course, explore various development methodologies and maturity models and DevOps operations, maintenance, and change management concepts. Next, explore integrated product teams (IPTs), apply security controls in various scenarios, and work with integrated development environments (IDEs) and toolsets. Finally, learn how to apply security controls in CI/CD and code repositories, software configuration management (SCM) benefits, and application security testing techniques. This course helps prepare learners for the Certified Information Systems Security Professional (CISSP) exam.
12 videos |
42m
Assessment
Badge
CISSP 2024: Assessing Software Security & Coding Guidelines
It is one thing to implement application security controls, managed services, and cloud services; it is another thing to assess the ongoing success and failure of those initiatives. In the course, learn how to assess the auditing and logging of changes, risk analysis and mitigation, acquired software, managed services, and cloud services with the CCM. Next, explore source code security weaknesses and vulnerabilities at the source code level and how to secure application programming interfaces (API) with the 2023 OWASP Top 10. Finally, examine secure coding practices and software-defined security (SDS). This course helps prepare learners for the Certified Information Systems Security Professional (CISSP) exam.
11 videos |
27m
Assessment
Badge
SHOW MORE
FREE ACCESS
EARN A DIGITAL BADGE WHEN YOU COMPLETE THESE COURSES
Skillsoft is providing you the opportunity to earn a digital badge upon successful completion on some of our courses, which can be shared on any social network or business platform.
Digital badges are yours to keep, forever.BOOKS INCLUDED
Book
The InfoSec Handbook: An Introduction to Information SecurityAllowing beginners to enter the field and understand the key concepts and ideas of Information Security, this guide offers a practical and simple view of the security practices while still offering somewhat technical and detailed information relating to security.
8h 45m
By Umesh Hodeghatta Rao, Umesha Nayak
Book
Information Security Management Handbook, Sixth Edition, Volume 6Bringing together the knowledge, skills, techniques, and tools required of IT security professionals, this comprehensive reference facilitates the up-to-date understanding required to stay one step ahead of evolving threats, standards, and regulations.
9h 48m
By Harold F. Tipton, Micki Krause Nozaki (eds)
Book
The Basics of Information Security: Understanding the Fundamentals of InfoSec in Theory and Practice, Second EditionGiving you the basic knowledge needed to understand the key concepts of confidentiality, integrity, and availability, this clear, non-technical book dives into practical applications of these ideas in the areas of operational, physical, network, application, and operating system security.
4h 23m
By Jason Andress
Book
The Information Systems Security Officer's Guide: Establishing and Managing a Cyber Security Program, Third EditionProviding users with information on how to combat the ever-changing myriad of threats security professionals face, this accessible guide presents practical advice on establishing, managing, and evaluating a successful information protection program in a corporation or government agency.
6h 23m
By Gerald L. Kovacich
Book
Practical Information Security Management: A Complete Guide to Planning and ImplementationCovering a wealth of information that explains exactly how the industry works today, this book focuses on how you can set up an effective information security practice, hire the right people, and strike the best balance between security controls, costs, and risks.
6h 51m
By Tony Campbell
SHOW MORE
FREE ACCESS
BOOKS INCLUDED
Book
SSCP Systems Security Certified Practitioner All-in-One Exam Guide, Third EditionIncluding exam tips, practice exam questions, and in-depth explanations. this authoritative guide enables you to take the exam with complete confidence or use the book as an ideal on-the-job reference.
12h 48m
By Darril Gibson
Book
The Official (ISC)2 Guide to the SSCP CBK, Fourth EditionOffering step-by-step guidance through each of SSCP's domains, including best practices and techniques, this book brings together a global, thorough perspective to not only prepare for the SSCP exam, but it also provides a reference that will serve you well into your career.
16h 25m
By Adam Gordon, Steven Hernandez
Book
The InfoSec Handbook: An Introduction to Information SecurityAllowing beginners to enter the field and understand the key concepts and ideas of Information Security, this guide offers a practical and simple view of the security practices while still offering somewhat technical and detailed information relating to security.
8h 45m
By Umesh Hodeghatta Rao, Umesha Nayak
Book
Information Security Management Handbook, Sixth Edition, Volume 6Bringing together the knowledge, skills, techniques, and tools required of IT security professionals, this comprehensive reference facilitates the up-to-date understanding required to stay one step ahead of evolving threats, standards, and regulations.
9h 48m
By Harold F. Tipton, Micki Krause Nozaki (eds)
Book
The Basics of Information Security: Understanding the Fundamentals of InfoSec in Theory and Practice, Second EditionGiving you the basic knowledge needed to understand the key concepts of confidentiality, integrity, and availability, this clear, non-technical book dives into practical applications of these ideas in the areas of operational, physical, network, application, and operating system security.
4h 23m
By Jason Andress
Book
The Information Systems Security Officer's Guide: Establishing and Managing a Cyber Security Program, Third EditionProviding users with information on how to combat the ever-changing myriad of threats security professionals face, this accessible guide presents practical advice on establishing, managing, and evaluating a successful information protection program in a corporation or government agency.
6h 23m
By Gerald L. Kovacich
Book
Practical Information Security Management: A Complete Guide to Planning and ImplementationCovering a wealth of information that explains exactly how the industry works today, this book focuses on how you can set up an effective information security practice, hire the right people, and strike the best balance between security controls, costs, and risks.
6h 51m
By Tony Campbell
SHOW MORE
FREE ACCESS
BOOKS INCLUDED
Book
CRISC Certified in Risk and Information Systems Control All-in-One Exam Guide, Second Edition"CRISC Certified in Risk and Information Systems Control All-in-One Exam Guide, Second Edition" features learning objectives, explanations, exam tips, and hundreds of practice questions.
5h 38m
By Bobby E. Rogers, Dawn Dunkerley, Peter H. Gregory
BOOKS INCLUDED
Book
CISSP All-in-One Exam Guide, Eighth EditionFeaturing learning objectives at the beginning of each chapter, exam tips, practice questions, and in-depth explanation, this completely up-to-date self-study system helps you pass the exam with ease and also serves as an essential on-the-job reference.
30h 39m
By Fernando Maymí, Shon Harris
Book
CISSP for Dummies, 6th EditionIf you're a security professional seeking your CISSP certification, this expert guide is a perfect way to prepare for the exam.
9h 25m
By Lawrence C. Miller, Peter H. Gregory
Book
Eleventh Hour CISSP: Study Guide, Third EditionConcisely covering the main objectives of the exam with key concepts highlighted, this thorough book is streamlined for maximum efficiency of study, making it ideal for professionals updating their certification or for those taking the test for the first time.
3h 43m
By Eric Conrad, Joshua Feldman, Seth Misenar
Book
CISSP Practice Exams, Fourth EditionFully updated and featuring new exam question formats, this in-depth self-study tool contains more than 1250 realistic practice exam questions and offers 100% coverage of the 2015 CISSP Common Body of Knowledge.
12h 48m
By Jonathan Ham, Shon Harris
Book
Practical Information Security Management: A Complete Guide to Planning and ImplementationCovering a wealth of information that explains exactly how the industry works today, this book focuses on how you can set up an effective information security practice, hire the right people, and strike the best balance between security controls, costs, and risks.
6h 51m
By Tony Campbell
Book
Information Security Policies, Procedures, and Standards: A Practitioner's ReferenceHighlighting key terminology, policy development concepts and methods, and suggested document structures, this practical guide includes examples, checklists, sample policies and procedures, guidelines, and a synopsis of the applicable standards.
3h 18m
By Douglas J. Landoll
Book
The Basics of Information Security: Understanding the Fundamentals of InfoSec in Theory and Practice, Second EditionGiving you the basic knowledge needed to understand the key concepts of confidentiality, integrity, and availability, this clear, non-technical book dives into practical applications of these ideas in the areas of operational, physical, network, application, and operating system security.
4h 23m
By Jason Andress
Book
Information Security: A Practical GuideCovering everything from your first day at work as an information security professional to developing and implementing enterprise-wide information security processes, this book provides an overview of basic information security practices that will enable your security team to better engage with their peers to address the threats facing the organisation as a whole.
1h 25m
By Tom Mooney
SHOW MORE
FREE ACCESS
BOOKS INCLUDED
Book
70 Tips and Tricks for Mastering the CISSP ExamLearn how to think and apply knowledge in a practical way. Tackling the CISSP exam is vastly different from simply understanding the subject matter.
5h 21m
By R. Sarma Danturthi
SKILL BENCHMARKS INCLUDED
Information Security for Decision-makers Awareness (Entry Level)
The Information Security for Decision-makers Awareness (Entry Level) benchmark measures your exposure to basic information security issues and processes. A learner who scores high on this benchmark demonstrates an entry-level awareness in the basic areas of information security.
12m
| 12 questions
Information Security for Decision-makers Literacy (Beginner Level)
The Information Security for Decision-makers Literacy (Beginner Level) benchmark measures your exposure to information security issues and processes. A learner who scores high on this benchmark demonstrates a general understanding of the basics of information security but requires additional learning to lead information security teams. They also can participate in InfoSec team discussions.
22m
| 22 questions
Information Security for Decision-makers Competency (Intermediate Level)
The Information Security for Decision-makers Competency (Intermediate Level) benchmark measures your field and managerial experience with information security issues and processes. A learner who scores high on this benchmark demonstrates an intermediate-level competency in information security and its practices. They can likely manage InfoSec security teams but may still require additional training or oversight input from a more knowledgeable InfoSec professional.
20m
| 20 questions
Information Security for Decision-makers Proficiency (Advanced Level)
The Information Security for Decision-makers Proficiency (Advanced Level) benchmark measures your extensive experience with information security issues and processes. A learner who scores high on this benchmark demonstrates years of experience managing and designing InfoSec teams and processes and is thought of as an InfoSec thought leader. They can also work independently with little to no supervision.
29m
| 29 questions
SHOW MORE
FREE ACCESS
SKILL BENCHMARKS INCLUDED
CISSP: Asset Security Proficiency (Advanced Level)
The CISSP: Asset Security Proficiency benchmark will measure your ability to recognize key terms and concepts related to asset security. You will be evaluated on asset classification, lifecycle, and change management practices as they relate to security best practices. A learner who scores high on this benchmark demonstrates that they have the skills related to understanding key asset security terminology and concepts.
30m
| 15 questions
CISSP: Communication and Network Security Proficiency (Advanced Level)
The CISSP: Communication and Network Security Proficiency benchmark will measure your ability to recognize key terms and concepts related to communication and network security. You will be evaluated on security governance, communication and network security, and network hardening. A learner who scores high on this benchmark demonstrates that they have an understanding of communication and network security terminology and concepts.
30m
| 15 questions
CISSP: Identity and Access Management (IAM) Proficiency (Advanced Level)
The CISSP: Identity and Access Management (IAM) Proficiency benchmark will measure your ability to recognize key terms and concepts related to identity and access management. You will be evaluated on identity and access management principles and deploying identity and access management. A learner who scores high on this benchmark demonstrates that they have the skills related to understanding key identity and access management terminology and concepts.
20m
| 25 questions
CISSP: Security and Risk Management Proficiency (Advanced Level)
The CISSP: Security and Risk Management Proficiency benchmark will measure your ability to recognize key terms and concepts related to security and risk management. You will be evaluated on security and risk principles, security governance principles, security policies, risk management, and business continuity planning. A learner who scores high on this benchmark demonstrates that they have the skills related to understanding key security and risk management terminology and concepts.
30m
| 30 questions
CISSP: Security Architecture and Engineering Proficiency (Advanced Level)
The CISSP: Security Architecture and Engineering Proficiency benchmark will measure your ability to recognize key terms and concepts related to security architecture and engineering. You will be evaluated on secure design principles, cryptography, design vulnerabilities, and site and facility security. A learner who scores high on this benchmark demonstrates that they have the skills related to understanding security architecture and engineering terminology and concepts.
30m
| 30 questions
CISSP: Security Assessment and Testing Proficiency (Advanced Level)
The CISSP: Security Assessment and Testing Proficiency benchmark will measure your ability to recognize key terms and concepts related to security assessment and testing proficiency. You will be evaluated on security assessments and testing, pen testing, and software assessment. A learner who scores high on this benchmark demonstrates that they have the skills related to security assessment and testing proficiency terminology and concepts.
15m
| 15 questions
CISSP: Security Operations Proficiency (Advanced Level)
The CISSP: Security Operations Proficiency benchmark will measure your ability to recognize key terms and concepts related to security operations concepts. You will be evaluated on security concepts for site and facility security, security operations, and business continuity planning. A learner who scores high on this benchmark demonstrates that they have the skills related to understanding key security operations terminology and concepts.
15m
| 15 questions
CISSP: Software Development Security Proficiency (Advanced Level)
The CISSP: Software Development Security Proficiency benchmark will measure your ability to recognize key terms and concepts related to software development security. You will be evaluated on software development lifecycles and ecosystems, and software development security. A learner who scores high on this benchmark demonstrates that they have an understanding of key software development security terminology and concepts.
30m
| 20 questions
SHOW MORE
FREE ACCESS