Information Security Operations: CISSP 2024 expert
Tech:
Expertise:
- 9 Courses | 8h 38m 33s
- 5 Books | 36h 10m
- 15 Courses | 13h 59m 41s
- 7 Books | 65h 23m
- 18 Courses | 11h 28m 17s
- 8 Courses | 12h 4m 17s
- 23 Courses | 22h 29m 12s
- 1 Book | 5h 38m
- 13 Courses | 11h 27m 38s
- 8 Books | 72h 32m
- Includes Lab
- 18 Courses | 12h 20m 25s
- 1 Book | 5h 21m
- 9 Courses | 5h 22m 8s
Information security is of paramount importance to individuals and organizations. Explore the fascinating world of data and systems protection.
GETTING STARTED
System Security Certified Practitioner (SSCP 2018): Network Fundamentals
-
1m 29s
-
4m 2s
GETTING STARTED
Information Security for Leaders: An Introduction to InfoSec
-
1m 5s
-
6m 15s
GETTING STARTED
CISSP 2024: Professional Ethics & Security Concepts
-
36s
-
2m 19s
COURSES INCLUDED
Access Controls
Access controls determine the level of access that a security principal has to a network and its resources. Explore authentication mechanisms, trust architectures, the identity management life cycle, and specific access controls.
18 videos |
56m
Assessment
Badge
Security Operations
Enterprise computer systems require a solid understanding of security practices. Explore codes of ethics, confidentiality, integrity, and availability, privacy, accountability, and non-repudiation, and security best practices.
16 videos |
45m
Assessment
Badge
Security Administration
IT asset management is a critical element of IT security administration approach. Explore hardware, software, and data asset management best practices, compliance, change management, security awareness and training in the enterprise.
14 videos |
49m
Assessment
Badge
SSCP: Risk Management
Identifying, evaluating, and prioritizing threats are critical for proper IT systems security. Explore risk assessment, treatment, and assessment; best practices for monitoring systems; and security analytics, metrics, and trends.
15 videos |
48m
Assessment
Badge
Incident Response & Recovery
Despite your best efforts, security incidents will happen. Explore incident handling best practices, including discovery, escalation, reporting, and response; countermeasures and continuity practices; and forensic investigation.
15 videos |
52m
Assessment
Badge
SSCP: Cryptography
Enterprise assets, including data, must be protected at all times. Explore cryptography best practices, including hashing, salting, encryption, digital signatures, regulatory requirements, PKI, and Web of Trust.
16 videos |
55m
Assessment
Badge
Network & Communications Security
Enterprise networks and telecommunications come with unique security challenges. Explore network security best practices for OSI and TCP/IP models, common communication network attacks and countermeasures, and network access control.
20 videos |
1h 34m
Assessment
Badge
Systems & Application Security
Malicious attacks on systems and applications are an everyday problem. Discover how to identify and analyze malicious activity, including malicious code and countermeasures, and best practices for endpoint device security.
20 videos |
1h 30m
Assessment
Badge
Configuring Cloud Security
Systems and applications running in the cloud are subject to malicious attacks. Explore best practices for cloud security, including operation and service models, virtualization, legal and privacy concerns, data storage, and outsourcing.
6 videos |
26m
Assessment
Badge
SHOW MORE
FREE ACCESS
COURSES INCLUDED
System Security Certified Practitioner (SSCP 2018): Network Fundamentals
This 14-video course helps prepare for the Systems Security Certified Practitioner (SSCP) certification exam by exploring network concepts, including packet switching, the OSI (open systems interconnect) and TCP/IP (transmission control protocol/Internet protocol) models, network topologies, network infrastructure devices, and wireless router configuration. You will learn the differences between circuit switching and packet switching. You will examine the seven-layer OSI model that is used to describe communications hardware and software, including Layer 3 switch, and the Layer 7 firewall appliance. Continue by examining the TCP/IP model, a conceptual 4-layer model, and the TCP/IP protocol suite. This course then examines types of network interface cards, cable types, including coaxial and twisted pair copper, and connector types. Watch demonstrations of how to configure a wireless router, and how to configure NLB (network load balancing). You will learn to use a physical device or virtual appliance network load balancer, on-premises or in the cloud. Finally, this course shows learners how to configure a network load balancer by using AWS (Amazon Web Services).
14 videos |
57m
Assessment
Badge
System Security Certified Practitioner (SSCP 2018): Security Concepts
Learners can explore the ISC squared (International Information System Security Certification Consortium) and its Code of Ethics when performing security work in this course, which prepares for the Systems Security Certified Practitioner (SSCP) certification exam. In its 14 videos, you will examine the four canons of Ethics: 1) to protect society and infrastructure; 2) to act honorably, honestly, justly, responsibly, and legally; 3) to provide diligent and competent service to principals; and 4) to advance and protect the profession. Examine the CIA (confidentiality, integrity, and availability) triad for security controls; then examine restricting access or protecting data through encryption. You will learn how to provide data assurances, and how to use MS Windows Power Shell and Linux to generate file hashes, and digital signatures. Learners will explore availability, and the importance to assuring business processes can run uninterrupted. Next, explore how accountability and data access can be used to track users, devices, or software. Finally, you will learn how to enable file system auditing.
14 videos |
56m
Assessment
Badge
System Security Certified Practitioner (SSCP 2018): Risk Management
This 12-video course explores risk management when engaging in business activities supported by IT solutions. Prepare for the Systems Security Certified Practitioner (SSCP) certification exam as you examine risk classification, and learn how to identify digital assets and threats, including natural disasters such as floods, fires, or storms; manmade disasters, arson, terrorism; and identity theft. This course demonstrates threat modeling, and the process to use to identify and prioritize threats. You will examine how to optimize resources, and to focus on reducing risks, and explore counter measures in relation to prioritized threats. Next, explore BIA (business impact analysis), and its importance to business continuity. You will learn how a BIA can be incorporated into a DRP (disaster recovery plan) to facilitate recovery of a failed system. Learners will examine the use of a risk registry with the likelihood of the risk occurrence, the business impact should it occur, and a severity rating. You will learn about risk avoidance and mitigation. Finally, you will explore cost efficiencies for risk mitigation.
12 videos |
40m
Assessment
Badge
System Security Certified Practitioner (SSCP 2018): Cryptography Primer
Continue preparing for the Systems Security Certified Practitioner (SSCP) certification exam with this 14-video course, which explores how cryptography can be used to provide confidentiality and integrity for data at rest, and data in transit. You will learn how to acquire a PKI (public key infrastructure), and how to generate a random key to feed into an encryption algorithm. Next, you will examine data hashing and salting. Examine how symmetric and asymmetric encryption provides data confidentiality, and about ECC (elliptic curve cryptography), an asymmetric, cryptographic algorithm. Learners will then explore secure network protocols, including SSL (secure sockets layer), to provide cryptographic functions such as encryption, message authentication, and integrity. This course demonstrates the use of cryptanalysis to identify security flaws, and how to enable IPsec (Internet security protocol) to secure network traffic, and have it applied to all TCP/IP (transmission control protocol/Internet protocol) network traffic. Finally, you will explore how the Telnet and SSH (secure shell) protocols are used for remote administration of things like Linux, Unix, Windows computers.
14 videos |
44m
Assessment
Badge
System Security Certified Practitioner (SSCP 2018): Public Key Infrastructure
This 13-video course explores the PKI (public key infrastructure) certificate, its lifecycle, and how to use it to secure IT solutions, while preparing learners for the Systems Security Certified Practitioner (SSCP) certification exam. You will learn about the numerous CAs (certificate authorities), a hierarchy of digital security certificates, where unique public and private key pairs are issued for each certificate. Learners will explore public and private CAs, including the Microsoft Active Directory Certificate Services, then examine the PKI hierarchy, where certificates are issued and managed by a certificate authority. This course demonstrates how to set up a private certificate authority within your own organization. You will learn to use Linux to create a PKI Certificate Authority, and about the tools available in Linux. This course examines how the CAs digitally sign issued certificates using its private key, and how the signature is used to establish trust. Finally, you will learn several ways to store a PKI certificate, for example, on a smart card, or in a file.
13 videos |
56m
Assessment
Badge
System Security Certified Practitioner (SSCP 2018): Identity Management
Learners can explore identity management, also known as IAM (identity and access management), in this 14-video course helping prepare for the Systems Security Certified Practitioner (SSCP) certification exam. You will learn how to configure identities to have strong authentication for users and devices, such as smart phones. Next, examine single-factor authentication, in which one category is used to authenticate, such as a username and a password. You will examine multifactor authentication where there is a username and a password, and having an additional private key. Learners continue by examining how to use an identity federation, and SSO (single sign-on) a centralized trusted set of logon credentials. This course demonstrates the multiple phases of the IAM lifecycle, including account request, how accounts are provisioned, how the user access is enforced and reported, and how it is de-provisioned. You will learn the concepts and terminology, including IDP (identity provider) and RP (resource provider), and how to use MS Active Directory for authentication. Finally, learners will examine Amazon Web Services CLI (command-line interface) authentication.
14 videos |
55m
Assessment
Badge
System Security Certified Practitioner (SSCP 2018): Controlling Resource Access
This 14-video course explores common methods and uses real-world examples for providing resource access after authentication. Prepare for the Systems Security Certified Practitioner (SSCP) certification exam by examining defense in depth, a security term for multiple layers of security. You will learn about Discretionary Access Control, where the resource owner sets the permissions. You will learn how to use the Windows command line to manage a Windows file system access control list, and you will examine MAC (mandatory access control). You will learn to modify the default file system access control permissions on a Linux host using umask. You will examine RBAC (role-based access control). You will learn to use Microsoft PowerShell to assign permissions to a Windows group. You will learn to assign permissions to a group in Linux, and how to modify the default file system access control permissions on a Linux host by using umask. You will learn to configure Attribute-based Access Control in Windows, and object-level access control. Finally, learners will examine NAC (network access control).
14 videos |
59m
Assessment
Badge
System Security Certified Practitioner (SSCP 2018): Security Controls
This course is an exploration and comparison of several categories of security controls ranging from deterrent controls to technical controls, in preparation for the Systems Security Certified Practitioner (SSCP) certification exam. In 14 videos, learners will examine security control safeguards to reduce risks and mitigate threats, including threat detection and threat avoidance. This course uses several examples of security controls, including user awareness and training, deterrent controls, detective controls to confirm vulnerabilities or active threats, and preventative controls to restrict threats, or limit their impact. Learn to install and configure the Microsoft NPS (Network Policy Services) to implement network access control. Next, examine how physical security controls to limit access to IT systems. You will learn why and how to disable SSL version 3, both on the client web browser side as well as on the web server side. You will then learn about administrative controls to guide actions that are taken by personnel within the organization. Learners observe how to use the Microsoft Active Directory to deploy security control settings.
14 videos |
1h 2m
Assessment
Badge
System Security Certified Practitioner (SSCP 2018): Asset & Change Management
Explore asset and change management, and their relationship to security through discussion and demonstration, in this 14-video course, which examines classes of assets, including personnel, hardware, software, data, and trade secrets. Prepare for the Systems Security Certified Practitioner (SSCP) certification exam by learning how to inventory hardware assets; how hardware is configured; and learning about network entry points such as VPN concentrators, wireless access points, and ethernet switches. This course examines software assets, including off-the-shelf and customized software. Learners observe how to configure a hardware inventory using Microsoft SCCM (System Center Configuration Manager). You will learn about data classification, and techniques to help facilitate security on a larger scale. Next, learn how file classification works by using the Windows Server Operating System and the File Server Resource Manager role service. You will examine TPM (Trusted Platform Module), firmware that is embedded in a chip, and which can be used with MFA (multifactor authentication). You will explore MDM (mobile device management). Finally, this course demonstrates a structured approach to change management and adoption.
14 videos |
1h 8m
Assessment
Badge
System Security Certified Practitioner (SSCP 2018): Network Security
This 14-video course explores the key concepts for designing and implementing a secure network. Continue preparations for the Systems Security Certified Practitioner (SSCP) certification exam by exploring physical network design, including the location of the network, wired and wireless networks, and infrastructure devices. You will examine local network infrastructure device management, and logical network design, such as VLANs (virtual local area networks), virtual network switches, and software-defined networking. Next, learners observe how to enable HTTPS for a network printer. You will explore types of firewalls, the placement of firewall solutions, and ACLs (access control lists), and how to configure a firewall rule. Then learn how to configure cloud-based firewalls by using the AWS (Amazon Web Services) console, and to configure a firewall rule on a Linux host. You will learn to configure IDS (intrusion detection systems) and IPS (intrusion prevention systems), and placement of intrusion and prevention systems. Finally, this course discusses Bluetooth, NFC (near field communication), and how to configure Wi-Fi security settings on wireless router.
14 videos |
1h 1m
Assessment
Badge
System Security Certified Practitioner (SSCP 2018): Malware & Endpoint Security
This 14-video course explores how malware infections occur, and how to mitigate these threats. Learners prepare for the Systems Security Certified Practitioner (SSCP) certification exam by examining how to compare current activity to a baseline. You will examine spyware, which tracks your computing usage with or without your consent, and adware, to direct information to the user. Next, explore rootkits, which stem from replacing UNIX Operating System files in the past with malicious code, and hide their presence. You will examine types of rootkits, including the form of files replaced on the host, running processes in memory, web browser plug-ins, on a Windows platform, or a Windows registry entry. You will examine backdoors which create a hidden entry point for malicious users, and is part of a rootkit. You will explore worms, viruses, and social engineering security threats. This course demonstrates how to configure common Windows Defender settings, and how to use the SCCM (System Center Configuration Manager), and malware policies by using white lists, and locking down USB removable media.
14 videos |
57m
Assessment
Badge
System Security Certified Practitioner (SSCP 2018): Securing Environments
Learners can explore how to secure virtual and cloud environments in this 12-video course, which examines different types of virtualization technologies, including hypervisors, application virtualization, OS (operating system) virtualization, and desktop virtualization. Prepare for the Systems Security Certified Practitioner (SSCP) certification exam by examining hypervisors, a physical host that runs virtual machines, and appropriate software, and uses them to increase server density. You will learn about application virtualization, where the app files are not installed on the host machine, but run on the host machine. Next, you will examine OS virtualization where a virtual machine is assigned virtual hardware, such as virtual CPUs, virtual network adapters, and hard disks. You will learn how to install and configure a Microsoft Hyper-V Virtual Machine. Learn how to configure iSCSI (Internet Small Computer Systems Interface), and secure it by using CHAP (challenge handshake authentication protocol). Then learn to use AWS (Amazon Web Service) to secure data at rest in the cloud. Finally, you will examine laws and regulations to consider when using public cloud services.
12 videos |
58m
Assessment
Badge
System Security Certified Practitioner (SSCP 2018): Security Assessments
This 15-video course prepares learners for the Systems Security Certified Practitioner (SSCP) certification exam by exploring security assessments, vulnerability scans, and penetration testing. First, you will examine the Nmap (network mapper) scanner to probe computer networks for host discovery, service, and operating system detection. You will learn how to use Nmap to conduct a network scan by using Windows. This course examines vulnerability scanning, and it demonstrates how to do penetration testing to identify and exploit host and network weaknesses. Learners will examine the importance of monitoring and analysis to identify security incidents. You will learn how to use a Windows performance monitor, and how to monitor resource usage in Linux. Continue by examining LANguard and end map assessments. This course then demonstrates how to view system logs to troubleshoot problems, and how to enhance the security of a network. You will learn how to configure log filtering in a Windows environment. Finally, learners will explore SCADA (Supervisory Control and Data Acquisition), and SIEM (for Security Information and Event Management).
15 videos |
1h 1m
Assessment
Badge
System Security Certified Practitioner (SSCP 2018): Digital Forensics
This course explores key aspects of digital forensics by looking at device usage while helping prepare learners for the Systems Security Certified Practitioner (SSCP) certification exam. In 13 videos, you will examine evidence gathering, chain of custody, data recovery, hard drive scrubbing, IP address tracking, and memory forensics. You will learn that a crucial aspect of digital forensics is the gathering of evidence in a lawful manner. Next, learners will examine how to determine when events occurred, when files were modified, when certain websites were accessed, and when messages were received. You will examine the chain of custody for preservation of evidence, and having a detailed account of gathering and handling evidence. This course demonstrates how to recover deleted data, and how to use a steganography tool to hide data in plain sight. You will examine memory forensics, a subset of digital forensics. This course then discusses the NIST (National Institute of Standards and Technologies) document publication 800-86. Finally, learn how to create a raw image of a hard disk drive.
13 videos |
46m
Assessment
Badge
System Security Certified Practitioner (SSCP 2018): Business Continuity
This 14-video course explores effective contingency planning and incidence response while preparing learners for the Systems Security Certified Practitioner (SSCP) certification exam. First, examine core elements of business continuity planning, data backup and restore, redundancy, how to use RAID (redundant array of independent disks), and incident response. This course then describes how to assess risk, the likelihood of events occurring against valued assets, and how to conduct a BIA (business impact analysis). Learners will explore a BCP (business continuity plan), assess assets, IT systems, data, and possible threats against those valued assets. This course continues by discussing alternate disaster recovery site types, including cold sites, warm sites, and hot sites. You will learn to use Windows Server 2016 to configure backup of data, restore data from a virtual machine, and understand the importance of backing up configurations of servers. You will learn to configure software RAID level 1 and RAID level 5 on a Windows host. Finally, learners will examine incident response lifecycles, and observe how to prepare the IRP (incident response plan).
14 videos |
52m
Assessment
Badge
SHOW MORE
FREE ACCESS
COURSES INCLUDED
SSCP 2021: Basic Security Concepts
Most candidates for the (ISC)² Systems Security Certified Practitioner (SSCP) exam will have the required one year of paid job experience. So the basic security concepts are most likely a review for most learners. However, simply defining the technology is not enough. Candidates must be able to grasp how the following principles are implemented: (ISC)² Code of Ethics, confidentiality, integrity, availability, accountability, privacy, non-repudiation, least privilege, and segregation of duties (SoD). Take this course to explore how you would apply these principles to your own daily security operations. Upon completion, you'll have a solid knowledge of the topics covered in Domain 1: Security Operations and Administration of the (ISC)² SSCP 2021 CBK, preparing you to take the exam.
11 videos |
28m
Assessment
Badge
SSCP 2021: Security Controls
When an organization decides to mitigate risk as part of a handling strategy, they will, in essence, raise the difficulty or resistance to threat actors using various security controls. If your role involves upholding the operational security of your organization's most coveted assets, you must be familiar with the many types of controls available. Use this course to become familiar with security control categories and the controls that fall within them. Among others, explore administrative controls, like security policies and procedures; technical controls, like device hardening and application firewalls; and physical controls, like surveillance equipment and security personnel. When you're done, you'll be able to decide the security controls you should implement in your organization. This course covers topics from Domain 1: Security Operations and Administration of the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 CBK.
10 videos |
21m
Assessment
Badge
SSCP 2021: Asset & Change Management Lifecycles
As a security practitioner, assessing risk and applying controls is a fundamental part of the job description. However, doing so becomes pretty challenging if you don't know the value and priority of all physical and logical assets. Solid comprehension of the well-established lifecycles and architectures involved in both asset and change management will help you implement all your security initiatives smartly. In this course, examine the processes and best practices involved in each of the asset and change management lifecycle phases. When you've finished, you'll know the best way to implement each of these phases within the context of your own business. This course explores topics from Domain 1: Security Operations and Administration of the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 CBK.
10 videos |
42m
Assessment
Badge
SSCP 2021: Physical Security Operations
Although on the surface, choosing physical controls may seem common sense and subjective, there are likely options and considerations you're unaware of. Furthermore, SSCP exam candidates must have a broad knowledge of these controls to pass the exam. Use this course to explore, in detail, the many categories and types of physical security controls, including barriers, such as gate types; surveillance, such as camera types; types of locks and sensors; secure areas, such as Faraday cages; and environmental controls, such as air gaps. Upon course completion, you'll be able to customize your physical security methods to suit your organization. This course covers subtopic 1.8 from Domain 1: Security Operations and Administration of the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 CBK.
10 videos |
30m
Assessment
Badge
SSCP 2021: Understanding & Applying Cryptography
Although cryptography isn't covered until domain 5 of the SSCP CBK, potential exam candidates and security professionals will benefit from foundational knowledge of cryptosystems early in their training. Use this course to grasp the reasons and requirements for cryptography in safe-guarding information, including regulations and governance. Investigate cryptographic techniques, such as hashing and salting, symmetric and asymmetric encryption, and elliptic curve cryptography. Discover what's involves in digital signatures and certificates. Explore cryptographic attacks, cryptanalysis, and countermeasures. And delve into advanced cryptosystems, such as quantum computing and blockchain. Upon course completion, you'll be aware of the various traditional and modern cryptology techniques used to protect data and communications. This course will help you in the lead-up to taking the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 exam.
10 videos |
41m
Assessment
Badge
SSCP 2021: Secure Protocols & Public Key Infrastructure (PKI)
Early on in the development of TCP/IP and the application layer protocols and services, it was decided not no build native security but rather to add new secure mechanisms and protocols. The aim was to maintain internetworking and interoperability without adding too much overhead. Knowing how these protocols work and how you can implement them will change how you protect your organization's information. Use this course to get abreast of some of the most vital secure protocols and their implementation along with other core services, such as key management, web of trust (WOT), and Public Key Infrastructure (PKI). Upon course completion, you'll be able to detail how and why these protocols and services are used. This course will help you in the lead-up to taking the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 exam.
8 videos |
38m
Assessment
Badge
SSCP 2021: Authentication & Trust Architectures
As a security professional, you'll likely have been exposed to the concept of origin authentication. However, in today's modern environment of mobile devices, the Internet of Things, and embedded systems, more robust authentication, authorization, and identity management methods are imperative. Use this course to comprehend how single and multi-factor authentication, single sign-on (SSO), device authentication, and federated access work. Examine the use of trust relationships between domains and what's meant by Zero Trust. And distinguish between various internetwork connections such as the Internet, intranets, and extranets. Upon course completion, you'll be able to detail how and why these authentication mechanisms and trust architectures are used. You'll also be one step closer to being prepared to take the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 exam.
7 videos |
33m
Assessment
Badge
SSCP 2021: Identity Management & Access Control Models
Whether you manage one or thousands of digital identities, the expectation for regulatory compliance, top-level security, and speedy access control will be the same. The importance of access control is reinforced by Domain 2 of the SSCP exam, representing 15% of the overall subject matter. Among other topics, this domain covers the identity management lifecycle and access control models. Use this course to gain a clear comprehension of the various aspects of identity management, namely authorization, proofing, provisioning, de-provisioning, maintenance, and entitlement. Furthermore, explore several types of access control models, including role-based and rule-based, and investigate the Bell-LaPadula and Biba mandatory access confidentiality and integrity models. Upon course completion, you'll recognize the identity management and access control techniques needed in your organization. You'll also be further prepared to sit the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 exam.
10 videos |
40m
Assessment
Badge
SSCP 2021: Risk Management
If a threat agent exploits an IT asset's vulnerability, then the consequences for a business could be detrimental. In IT security terms, the likelihood of this happening and the potential impact if it did constitutes the concept of risk. Those responsible for the operational security of assets need to know how to reduce risk sufficiently. Use this course to learn the many ways to identify, assess, and manage risk related to IT infrastructure. Explore, in detail, various risk management techniques, such as risk visibility and reporting, threat modeling, and risk treatment. Examine legal and regulatory concerns when managing risk. And see how to implement organizational security awareness and training. Upon completion, you'll know how to bring risk magnitude down to a pre-defined acceptable level. You'll also be further prepared to sit the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 exam.
9 videos |
46m
Assessment
Badge
SSCP 2021: Security & Vulnerability Assessment
Once you've assessed an organization's risks, you need to implement continuous visibility and reporting to understand risk evolution. Furthermore, once you've established security policies and controls, you need to test and evaluate them to confirm their efficacy. To meet these goals, security practitioners need to know how to uncover vulnerabilities, identify events of interest, monitor logs, and analyze metrics. Use this course to learn security and vulnerability assessment techniques and methodologies. Explore security testing, risk review, and vulnerability management. Examine data logging and event aggregation. Learn how to implement monitoring and event data analysis. And see how to document and communicate findings. Upon completion, you'll be able to identify, monitor, and analyze security risks. You'll also be further prepared to sit the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 exam.
8 videos |
30m
Assessment
Badge
SSCP 2021: Incident Response & Forensics
Unprecedented events such as the Y2K bug and terrorist attacks, along with increasing cybercrime pervasiveness and sophistication, have meant that since the early 2000s, a security team's ability to recover from a disaster has moved from a bonus to non-negotiable. There are several phases to incident response, from preparation to forensic investigations and beyond. A competent security professional needs to know all of them. Use this course to learn what's involved in the incident response lifecycle phases of preparation, detection, analysis, escalation, containment, eradication, recovery, and lessons learned. As you advance, explore essential aspects of cyber forensic investigations, such as handling evidence and reporting. Upon completion, you'll know the multiple facets of incident response and cyber forensics. You'll also be further prepared to sit the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 exam.
9 videos |
36m
Assessment
Badge
SSCP 2021: Business Continuity Planning
When dealing with security, preparation is key. A variety of disasters could happen to most organizations at any moment, and the impact that could have on data and systems could be detrimental. There are many measures and processes to help recover from a disaster. Use this course to learn a handful of them. Explore the main elements of business continuity planning (BCP), also called continuity of operations (COOP). See what's involved in business impact analysis and disaster recovery planning. And examine various backup and restore methods. Upon course completion, you'll know several strategies to ensure a business continues to function after a disaster. This course's objectives line up with those in Domain 4: Incident Response and Recovery of the SSCP CBK and will help you prepare for the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 exam.
7 videos |
36m
Assessment
Badge
SSCP 2021: Fundamental Networking Concepts
Historically speaking, the vast majority of security practitioners, technicians, engineers, and architects come from the field of local and wide area networking. This factor, as well as the importance of protecting data-in-transit, makes networking a critical knowledge area. Use this course to get to grips with several networking concepts and methodologies. Learn to distinguish between the OSI and TCP/IP reference models. Explore network topologies, relationships, and media types. See what's meant by software-defined networking (SDN), Remote Authentication Dial-In User Service (RADIUS), and terminal access controller access-control system plus (TACACS+), among other terms. Examine commonly used ports and protocols. And look into remote access connectivity and virtual private networks (VPNs). Upon course completion, you'll be familiar with several fundamental networking concepts and network access control methodologies. You'll also be further prepared for the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 exam.
9 videos |
50m
Assessment
Badge
SSCP 2021: Network Attacks & Countermeasures
A critical aspect of risk and security management is having a clear picture of the present threatscape. This involves knowledge of threats actors, exploits, vulnerabilities, and malware along with countermeasures that include various technical, physical, and managerial controls. Take this course to learn to recognize several types of network attacks. Examine various methods for managing network security, from network device placement to configuring access control lists and using firewalls and proxies. Furthermore, learn how to secure network-based security devices as well as routers and switches. Then, delve into content delivery networking, cloud-based load balancers, and intrusion detection and prevention. Upon course completion, you'll know what's involved in both network attacks and countermeasures. You'll also be further prepared for the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 exam.
10 videos |
1h 5m
Assessment
Badge
SSCP 2021: Secure Wireless Communication
Network and communications security is part of the SSCP Domain 6 objectives and includes the important topic of securing wireless communication. Use this course to learn about the key features of wireless networking technologies and the security vulnerabilities you need to consider. Examine key aspects about the operation of wireless technologies on the network including common wireless 802.11 standards and their distinguishing characteristics, and explore cellular, Wi-Fi, Bluetooth, and Near-Field Communication (NFC). Learn about the role of authentication and encryption protocols like WPA, WPA2, WPA3, and Extensible Authentication Protocol (EAP) as used on the network. Finally, learn how to secure various Internet of Things (IoT) devices including embedded devices and software-on-a-chip technology. Upon course completion, you'll know what's involved in securing wireless communication and devices. You'll also be further prepared for the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 exam.
7 videos |
35m
Assessment
Badge
SSCP 2021: Malware & Countermeasures
To secure systems and applications appropriately, security practitioners must first recognize the various types of malicious code and activity. After this, they need to execute the best measures to counter these exploits. Use this theory-based course to recognize multiple types of exploits and malware and their most common countermeasures. Explore malware variants, such as rootkits, spyware, scareware, and ransomware. Examine countermeasures involving scanners, antimalware, and code signing. Then, study malicious activities, such as insider threats, data theft, zero-day exploits, and advanced persistent threats (APTs). And discover their various countermeasures, such as system hardening, patching, and data loss prevention (DLP). Lastly, investigate advanced mitigation techniques that involve behavioral and data analytics, machine learning, and artificial intelligence. Upon completion, you'll be able to identify and analyze malicious code and activity. You'll also be further prepared for the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 exam.
7 videos |
36m
Assessment
Badge
SSCP 2021: Endpoint Protection & Mobile Device Management
The first decade of the 21st century saw an explosion in the use of various mobile devices and cloud service providers in the enterprise. With this came a new challenge for security professionals from which several techniques and tools were developed. Get to grips with the many terms and activities related to endpoint protection and mobile device management in this vocational course. Explore what's involved in host-based intrusion prevention systems (HIPS) and host-based intrusion detection systems (HIDS). Examine endpoint encryption, protection, detection, and response. And study mobile provisioning and mobile device and application management. Upon course completion, you'll be familiar with the best techniques for protecting various devices and systems. You'll also be further prepared for the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 exam.
8 videos |
33m
Assessment
Badge
SSCP 2021: Secure Virtual & Cloud Environments
The security landscape changes in tandem with the evolution of technology. As virtualization and cloud computing have emerged, so have associated security tools, techniques, and regulations. Ensure your security knowledge is up-to-date with this advanced exam preparatory course. Learn about hypervisors, virtual appliances, and containers. Examine continuity and resilience, attacks and countermeasures, and legal and regulatory concerns. Explore what's involved in shared and data storage, deployment and service models, processing, and transmission. Delve into third-party/outsourcing requirements, data portability, data destruction, and auditing. And finally, investigate the cloud computing shared responsibility model. When you're done, you'll know how to secure technologies related to virtualization and cloud computing. You'll also be further prepared for the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 exam.
8 videos |
41m
Assessment
Badge
SHOW MORE
FREE ACCESS
COURSES INCLUDED
Information Security for Leaders: An Introduction to InfoSec
Information security, often called InfoSec, consists of tools and processes used to protect data and sensitive information from threats and attacks. In this course, explore the history of information security and discover how to differentiate between cybersecurity and information security. Discover common myths and misconceptions about information security and learn about types of information security, such as infrastructure, cloud, application, and incident response. Next, you will explore security threats, including social media attacks, social engineering, malware, and misconfigurations, and common information security and data protection laws. Finally, you will investigate the responsibilities of a Chief Information Security Officer (CISO), including developing sound security practices, identifying security objectives, conducting awareness and training programs, and ensuring regulatory compliance. Upon completion, you'll be able to recognize the importance of information security and the key roles and responsibilities required to protect an organization
15 videos |
1h 18m
Assessment
Badge
Information Security for Leaders: Elements of InfoSec
Confidentiality, integrity, and availability, otherwise known as the CIA triad, is a common information security model used by organizations to design and implement their overall security policies and frameworks. In this course, you will learn the basics of confidentiality, integrity, and availability, and discover emerging challenges brought on by big data and the Internet of Things (IoT). Explore the stages of information security risk management (ISRM) and learn how to differentiate between various types of security controls. Discover techniques such as defense in depth, data classification, cryptography, access control, and governance, and the importance of having a sound incident response and management strategy in place. Lastly, learn about the role of investigations and forensics as well as the steps in a forensic investigation such as searching and seizing, acquisition, analysis, and reporting. After course completion, you'll be able to recognize common elements of information security.
15 videos |
1h 54m
Assessment
Badge
Information Security for Leaders: Elements of an InfoSec Team
There are many elements to a successful InfoSec team, but its goal is always to protect the organization's electronic data and information technology systems. In this course, you will learn about the responsibilities of an IT security team and the many roles required for success. Explore the responsibilities of a chief information security officer and a chief information officer and discover the primary responsibilities of a network security engineer, which include ensuring hardware and software security and updating and patching resources. Next, you will differentiate between the roles of penetration tester, information owner, junior engineer, computer technician, forensic investigator, and digital forensic examiner. Then examine key stakeholder and decision-maker roles. Lastly, explore the role of DevSecOps and list ways it can have a positive impact on information security. Upon completion, you'll be able to recognize the elements of an InfoSec team.
14 videos |
1h 39m
Assessment
Badge
Managing Enterprise InfoSec Risks & Risk Tolerance
IT security risks can be defined as a combination of the consequences of an event and the associated likelihood of occurrence. They can be managed by an organization through asset-safeguarding strategies. Through this course, learn about managing enterprise information security (InfoSec) risk and risk tolerance. Explore the definition of risk, how it differs from threats and vulnerabilities, and the history of information security. Next, discover common threats to IT systems and data, how to identify and manage security risks, and the key differences between quantitative and qualitative risk analysis. Finally, learn about common risk assessment tools and the differences between penetration testing and vulnerability assessments. Upon completion, you'll be able to outline and manage IT security risks.
15 videos |
1h 44m
Assessment
Badge
InfoSec Crisis Management & Incident Response
Not only do IT security teams need to be ready to identify security incidents, but they also need to be able to respond to and manage the environment during a crisis. In this course, you'll explore the term 'crisis' and identify crisis management practices. Discover the key components of an organizational crisis readiness program, including planning, training, technology, tools, and continuous improvement. Next, investigate the roles and responsibilities of a crisis management team, examine measures to minimize disruptions, and determine how incident response planning can help organizations better respond to critical incidents. Then, investigate how to best identify incidents and learn how early detection of incidents can be crucial to containing threats. Lastly, explore the various steps of a typical incident response plan, focusing on identification, containment, investigation, eradication, recovery, and lessons learned. After completing this course, you will be able to recognize what constitutes a crisis and respond to and manage security incidents.
15 videos |
1h 34m
Assessment
Badge
Information Security Practices: Budgeting & Forecasting for InfoSec
Information security leaders must identify organizational goals and develop plans and strategies to attain them. In this course, you will explore information security planning, including how a good plan can offer economic benefits and provide a competitive advantage. Discover the importance of evaluating security risks, threats, and vulnerabilities, and learn how to conduct a security risk analysis. Then you will focus on data classification planning, various regulatory acts that apply to information security, and the importance of disaster recovery and incident management planning. Next, examine the value of properly training and evaluating employees in security awareness, and learn how to strengthen security culture through communications and awareness programs. Finally, you will investigate key considerations when planning for budgets and contingency.
15 videos |
1h 12m
Assessment
Badge
Information Security Practices: InfoSec Vendor Management
Everything comes with pros and cons, and outsourced information security is no exception. Leaders contemplating outsourcing information security products and services will need to trade potential time and money savings for other potential gaps. In this course, explore information security outsourcing, security vendor relationships, and major considerations and challenges associated with outsourcing information security. Next, discover common downsides to outsourcing security services, key steps to consider when choosing a security vendor, and explore vendor risk management. Finally, learn about vendor contracts and the importance of having sound contract language when dealing with security vendors. Upon completion, you'll be able to identify common InfoSec vendors and providers and best practices for outsourcing InfoSec products or services.
13 videos |
1h 24m
Assessment
Badge
Information Security Practices: Multi-year InfoSec Planning
There is no easy way to predict the future of information security. There are however strategies leaders can implement to better plan and prepare for future growth, security, and threats. In this course, examine potential information security threats, how complexity makes them challenging to predict and plan for, and the threats that ransomware, cybercrime, and the growing crime-as-a-service (CaaS) community pose. Next, discover how work shortages and voids created by skills gaps can cause major issues and the impact of recent global pandemics. Finally, explore operational technology, application container risks, and the evolving risks posed by artificial intelligence and machine learning. Upon completion, you'll be able to plan for the future as an InfoSec leader.
15 videos |
1h 17m
Assessment
Badge
SHOW MORE
FREE ACCESS
COURSES INCLUDED
CRISC 2023: Risk Management
Proper IT governance consists of proper risk management. Risk management specialists can apply a variety of techniques to manage risk to an acceptable level. In this course, you will begin by exploring how risk management can minimize the impact of IT security events and discussing the relevance of recurring risk assessments and the use of a risk register. You will then consider risk treatments such as risk avoidance and risk transfer. Next, you will learn how to calculate the annual loss expectancy (ALE) and how this compares to the cost of security controls. You will explore security control types such as preventative and compensating controls. Finally, you will look at how configuration management relates to IT security, how to establish security baselines and replicate cloud storage, and how to back up data to the cloud. This course can be used to prepare for the ISACA(r) Certified in Risk and Information Systems Control (CRISC) certification.
13 videos |
1h 17m
Assessment
Badge
CRISC 2023: IT Governance
Managing risk properly can result in reducing risk to acceptable levels for business objectives. IT governance principles guide activities related to reducing risk. In this course, explore IT security governance, its relationship to organizational security programs and project management, and how the COBIT framework applies to IT governance. Next, learn about organizational security policies, organizational culture and its relationship to security, and the importance of performing a gap analysis. Finally, examine supply chain security, personnel management, configuration and change management, IT audits, SLOs and SLAs, and chain of custody. This course can be used to prepare for the ISACA(r) Certified in Risk and Information Systems Control (CRISC(r)) certification.
14 videos |
1h 22m
Assessment
Badge
CRISC 2023: Data Privacy
Data privacy is a foremost concern for most organizations. Compliance with laws and regulations feeds into risk management. In this course, you will discover the characteristics of Personally Identifiable Information (PII) and techniques to prevent sensitive data leakage. Then you will explore data loss prevention (DLP) and learn how to implement DLP using Microsoft Purview. Next, you will examine various data privacy and security standards including International Organization for Standardization (ISO)/International Electrotechnical Commission (IEC) standards, General Data Protection Regulation (GDPR), the Federal Risk and Authorization Management Program (FedRAMP) and the Health Insurance Portability and Accountability Act (HIPAA). Finally, you will focus on the Payment Card Industry Data Security Standard (PCI DSS), Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and China's Personal Information Protection Law (PIPL). This course can be used to prepare for the ISACA(r) Certified in Risk and Information Systems Control (CRISC(r)) certification.
12 videos |
1h 7m
Assessment
Badge
CRISC 2023: IT Baselines
Organizations must consider compliance with applicable laws and regulations through the management of security controls. IT systems and on-premises and cloud data can be secured, and compliance achieved using a variety of methods. In this course, explore various cloud provider compliance program details and how to use AWS conformance packs to track configuration compliance in the AWS cloud. Next, discover how security baselines are created and establish a performance baseline on the Windows Server platform and Azure Cloud. Finally, learn how to configure Azure Blueprints for a repeatable and compliant cloud environment and use Azure Policy to check resource configuration compliance. This course can be used to prepare for the ISACA(r) Certified in Risk and Information Systems Control (CRISC(r)) certification.
9 videos |
49m
Assessment
Badge
CRISC 2023: Data Classification
The need to comply with data privacy regulations and reduce risk to sensitive data applies to most organizations. Organizations must know which sensitive data they possess in order to secure it properly. In this course, I will begin by using tags, or metadata, to organize Microsoft Azure cloud resources. Next, I will use Amazon Macie to discover and classify data stored in Simple Storage Service (S3) buckets. I will then use Microsoft Purview governance to discover and classify data stored in storage accounts. I will also discover and classify data on the Windows Server platform using File Server Resource Manager (FSRM). Lastly, I will configure automated life cycle management for blobs in Microsoft Azure storage accounts. This course can be used to prepare for the ISACA(r) Certified in Risk and Information Systems Control (CRISC(r)) certification.
8 videos |
42m
Assessment
Badge
CRISC 2023: Authentication
Hardening authentication processes makes it more difficult for attackers to compromise accounts. Managing users and groups allows for access to required resources. In this course, you will explore authentication methods, including passwordless login. Then, you will learn how to manage Linux users and groups using the command line and how to enable Secure Shell (SSH) public key authentication. Next, you will manage Windows and cloud users and groups and examine dynamic membership cloud-based groups. Finally, you will configure multi-factor authentication (MFA) for users and explore identity federation. This course can be used to prepare for the ISACA(r) Certified in Risk and Information Systems Control (CRISC(r)) certification.
11 videos |
59m
Assessment
Badge
CRISC 2023: Authorization
Strong authorization settings limit permissions to resources for authenticated entities. Cybersecurity analysts must be aware of how to not only configure resource permissions, but also how to evaluate existing permissions to ensure adherence to the principle of least privilege. In this course, you will discover how authorization is related to, but differs from, authentication. Then, you will explore access control models, such as role-based access control (RBAC) and attribute-based access control (ABAC). Next, you will find out how to manage Linux and Windows file system permissions using the command lines. Finally, you will learn how to configure Windows dynamic access control, work with privileged access management in Linux using sudo, and manage RBAC permissions in the Microsoft Azure cloud. This course can be used to prepare for the ISACA(r) Certified in Risk and Information Systems Control (CRISC(r)) certification.
10 videos |
53m
Assessment
Badge
CRISC 2023: Cryptography
Confidentiality, integrity, and availability are core pillars of IT security governance. Cybersecurity analysts can harden IT environments using various encryption and hashing techniques. In this course, examine how the CIA triad relates to IT security and how cryptography protects sensitive data. Next, discover how to configure Encrypting File System (EFS) file encryption and Microsoft BitLocker encryption, and use a customer-managed key to enable encryption for an Azure storage account. Then learn how to hash files in Linux and Windows. Finally, find out about hardware security modules (HSMs) and the Trusted Platform Module (TPM), how Transport Layer Security (TLS) supersedes the Secure Sockets Layer (SSL), and how to enable HTTPS. This course can be used to prepare for the ISACA(r) Certified in Risk and Information Systems Control (CRISC(r)) certification.
14 videos |
1h 18m
Assessment
Badge
CRISC 2023: Public Key Infrastructure
Public key infrastructure (PKI) certificates are used to secure IT environments in many different ways, such as through email encryption and web server HTTPS bindings. Technicians must have an understanding of how PKI certificates are requested, issued, and used. In this course, you will explore the PKI hierarchy from certification authorities (CAs) down to issued certificates, as well as the PKI certificate life cycle. Next, you will learn how to deploy a private CA on the Windows platform and how to manage PKI certificate templates. Then, you will acquire PKI certificates and configure a web server HTTPS binding. Finally, you will configure a website to allow access only from clients with trusted PKI certificates. This course can be used to prepare for the ISACA(r) Certified in Risk and Information Systems Control (CRISC(r)) certification.
9 videos |
51m
Assessment
Badge
CRISC 2023: Network Security
Organizations should secure resource access while remaining compliant with relevant laws and regulations. One way to do this is to ensure proper network security controls are in place and reviewed regularly. In this course, learn about the OSI model layers, their relevance to network security controls, and the security aspects of network switching and network access control. Next, explore DHCP and DNS security issues, Wi-Fi authentication methods, and how to harden a DHCP and DNS deployment on Windows Server. Finally, discover the importance of honeypots and honeynets, how to implement a honeypot, how to analyze captured network traffic, and the purpose of an interconnection security agreement. This course can be used to prepare for the ISACA(r) Certified in Risk and Information Systems Control (CRISC(r)) certification.
15 videos |
1h 29m
Assessment
Badge
CRISC 2023: Security Controls
To protect assets, organizations must apply a structured approach to software development, as well as implement, manage, and monitor security controls. Organizations must also determine the appropriate cost to protect assets. In this course, learn about security control types, how physical security and digital data security relate, and how critical infrastructure should be protected. Next, explore the Cloud Controls Matrix (CCM), how to use the annual loss expectancy (ALE) formula, and security within the software development life cycle (SDLC). Finally, examine continuous integration and continuous deployment (CI/CD), Git version control, how to use the git CLI, and the benefits of the OWASP Enterprise Security API (ESAPI). This course can be used to prepare for the ISACA(r) Certified in Risk and Information Systems Control (CRISC(r)) certification.
12 videos |
1h 3m
Assessment
Badge
CRISC 2023: Virtualization & the Cloud
Virtualization has become a standard for on-premises and cloud-based IT deployments. Application container use is increasing, and both virtualization and application containers are used in cloud computing. In this course, learn about the different types of virtualization, virtualization security, and how to configure a VMware Workstation hypervisor. Next, explore application containers by learning how to install Docker on Linux, as well as how to manage and secure application containers and configure an isolated virtualization sandbox. Finally, examine cloud computing deployment and service models, as well as cloud-based security solutions. This course can be used to prepare for the ISACA(r) Certified in Risk and Information Systems Control (CRISC(r)) certification.
12 videos |
1h 7m
Assessment
Badge
CRISC 2023: Threat Intelligence
Risk analysts and security tools can reference a variety of threat intelligence sources to keep up to date with the latest threats and mitigations. These can be used to help keep organization security policies as effective as possible. In this course, you will examine different threat intelligence sources such as the common vulnerabilities and exposures (CVEs) website. Then you will explore how the Open Web Application Security Project (OWASP) Top 10 can help harden vulnerable web applications. You will discover how artificial intelligence (AI) and machine learning (ML) are used in threat hunting. Next, you will investigate threat positives and negatives, as well as how advanced persistent threats (APTs) are executed. Finally, you will focus on the Cyber Kill Chain and learn how to detect threats using Amazon GuardDuty. This course can be used to prepare for the ISACA(r) Certified in Risk and Information Systems Control (CRISC(r)) certification.
11 videos |
55m
Assessment
Badge
CRISC 2023: SIEM & SOAR
Security information and event management (SIEM) solutions serve as centralized data ingestion and analysis engines that seek out potential security issues. Security incident response can be partially or fully automated using security orchestration, automation, and response (SOAR) solutions. In this course, discover the benefits of SIEM and SOAR security incident monitoring and response solutions. Next, learn how to deploy the Splunk SIEM on Linux. Then, you will configure a Splunk universal forwarder. Finally, you will use various tools like Wireshark to capture and analyze industrial control system (ICS) network traffic. This course can be used to prepare for the ISACA(r) Certified in Risk and Information Systems Control (CRISC(r)) certification.
8 videos |
39m
Assessment
Badge
CRISC 2023: Firewalls
Security firewalls can determine what type of network traffic to allow or deny into and out of networks and hosts. Intrusion detection systems notify technicians of suspicious activity. Begin this course by discovering firewall types like next-generation firewall (NGFW) and web application firewall (WAF) and examining their use cases. Then you will configure Windows Defender Firewall and learn how to manage a Linux-based firewall solution. Next, you will manage a cloud-based firewall, explore proxy servers, and deploy the Squid proxy server on Linux. Finally, you will investigate intrusion detection and prevention and install Snort on Linux. This course can be used to prepare for the ISACA(r) Certified in Risk and Information Systems Control (CRISC(r)) certification.
10 videos |
51m
Assessment
Badge
CRISC 2023: Business Continuity
Organizations must prepare in advance for the inevitable disruption of business operations. This means proactive planning to not only prevent disruptions but also manage them to reduce their negative impact. In this course, you will explore common characteristics of a business continuity plan (BCP) and learn how to conduct a business impact analysis (BIA). Then you will investigate disaster recovery plans (DRPs), including components, key considerations, and governance. Next, you will configure high availability for cloud storage accounts, virtual machines, and databases through replication. Finally, you will configure the backup of on-premises data to the cloud. This course can be used to prepare for the ISACA(r) Certified in Risk and Information Systems Control (CRISC(r)) certification.
8 videos |
44m
Assessment
Badge
CRISC 2023: Malware
Threat actors use social engineering and exploit vulnerabilities to achieve their goals. Performance and security baselines can facilitate threat detection. In this course, I will begin by covering threat actor types. I will then explain the relationship between baselines and threat detection. Next, I will discuss indicators of malicious activity at the network, host and application levels. I will define how social engineering is a major threat and demonstrate how to execute a social engineering attack. Lastly, I will discuss common malware types, explore malware techniques, and analyze email messages. This course can be used to prepare for the ISACA(r) Certified in Risk and Information Systems Control (CRISC(r)) certification.
11 videos |
1h 5m
Assessment
Badge
CRISC 2023: Security Testing
Vulnerability scanning identifies host and network vulnerabilities and must be an ongoing task. Penetration testing is an active security method by which there is an attempt to exploit discovered vulnerabilities. In this course, you will begin by discovering how to plan for, schedule, and execute vulnerability assessments, identify common vulnerability scanning tools, and conduct an Nmap scan. Next, you will use Zenmap to execute a security scan and test web app security using the Open Worldwide Application Security Project (OWASP) Zed Attack Proxy (ZAP) tool. Then you will explore penetration testing and the Metasploit framework and use the Burp Suite tool as an HTTP intermediary proxy. Finally, you will view security alerts using Microsoft Defender for Cloud. This course can be used to prepare for the ISACA(r) Certified in Risk and Information Systems Control (CRISC(r)) certification.
12 videos |
1h 10m
Assessment
Badge
CRISC 2023: Hardening Techniques
Hardening refers to attack surface reduction in IT environments and can be applied to any type of device or software environment, including storage area networks (SANs). Firmware and software patches should be applied to ensure that potential security flaws in code have been addressed. In this course, you will begin by discovering hardening techniques for a variety of IT environments. Then you will find out how to use Microsoft Intune to centrally manage mobile devices. You will explore the importance of applying hardware and software patches and patch AWS virtual machines. Next, you will install and configure a Windows Server Update Services (WSUS) server and harden Windows computers using Group Policy. You will investigate SANs and related security considerations and you will manage virtual machines through Microsoft Azure Bastion. Finally, you will harden a Wi-Fi router and printer, enable Microsoft Azure VNet peering, and configure Azure private endpoints. This course can be used to prepare for the ISACA(r) Certified in Risk and Information Systems Control (CRISC(r)) certification.
13 videos |
1h 13m
Assessment
Badge
CRISC 2023: Attack Mitigations
Understanding the characteristics of various types of attacks goes a long way in helping cybersecurity analysts prevent and detect malicious activity. Knowledge of techniques and attacks, such as buffer overflows and distributed denial-of-service (DDoS) attacks, facilitates mitigation planning. In this course, you will begin by exploring SYN flood attacks and their relationship with the three-way Transmission Control Protocol (TCP) handshake. Next, you will spoof network traffic and discover different types of buffer overflow attacks. Then you will investigate DDoS attack mitigations and run a denial-of-service (DoS) attack against a website. Finally, you will compromise a client web browser, run a structured query language (SQL) injection and reverse shell attack, and crack Remote Desktop Protocol (RDP) passwords. This course can be used to prepare for the ISACA(r) Certified in Risk and Information Systems Control (CRISC(r)) certification.
11 videos |
55m
Assessment
Badge
CRISC 2023: IT Monitoring
Logging and monitoring are crucial aspects of IT security governance. The ability to configure and centrally monitor logs to detect anomalies can prevent security incidents or minimize their impact. In this course, I will cover how to view Linux log files, configure log rotation for log retention, and configure Linux log forwarding to a central logging host. Next, I will work with Windows Event Viewer logs. Lastly, I will configure Windows log forwarding. This course can be used to prepare for the ISACA(r) Certified in Risk and Information Systems Control (CRISC(r)) certification.
8 videos |
39m
Assessment
Badge
CRISC 2023: Incident Response
Organizations must prepare in advance for the inevitable disruption of business operations. This means proactive planning to not only prevent disruptions but also to manage them to reduce their negative impact. In this course, learn the importance of incident response plans (IRPs) and explore incident response activities such as escalation, eradication, and containment. Next, discover the value of lessons learned from past incidents and how to make future incident response more effective. Finally, examine how to apply incident response to a scenario. This course can be used to prepare for the ISACA(r) Certified in Risk and Information Systems Control (CRISC(r)) certification.
8 videos |
40m
Assessment
Badge
CRISC 2023: Risk Case Studies
The ability to effectively mitigate risk to levels acceptable to the organization is possible through risk management. Business leaders and technicians must apply risk management techniques to many levels of threats. In this course, I will begin with a risk management scenario related to a ransomware outbreak. I will then manage risk related customer data breaches, user account compromises, and Internet of Things (IoT) device usage. Lastly, I will apply risk management techniques to phishing scams. This course can be used to prepare for the ISACA(r) Certified in Risk and Information Systems Control (CRISC(r)) certification.
7 videos |
31m
Assessment
Badge
SHOW MORE
FREE ACCESS
COURSES INCLUDED
(ISC)² & Security Fundamentals
What is (ISC)²? How does it help security? Find out from this course, which will introduce you to the (ISC)² organization, its Code of Professional Ethics, and its CISSP exam, which certifies competence in the eight domains of the (ISC)2(r) CISSP CBK(r). Next, you will study the CIA triad, and consider how to identify, classify, and determine ownership of information and assets. You'll also learn about data privacy protection requirements, such as HIPAA and PCI-DSS, as well as data loss prevention (DLP) methods. Conclude by familiarizing yourself with appropriate asset retention practices and data security controls, as well as information-handling and asset-handling requirements.
11 videos |
39m
Assessment
Badge
Cryptographic Client-based Systems
Gain an advanced knowledge of cryptographic systems, life cycles, techniques, and methodologies. This course introduces you to cryptology and cryptographic systems. It then examines integrity and hashing in relation to cryptography, explores cryptographic methods and techniques, and discusses the nature of cryptanalytic attacks. You will then learn about the phases of the cryptographic life cycle, digital signatures, and the use and function of public key infrastructure (PKI). From there, you will go on to consider key management practices, such as key stretching, pinning, key escrow, and hardware security modules (HSM). Finally, as a review exercise, you will list three types of ciphers, three types of cryptographic hashing, and three different hashing algorithms.
10 videos |
56m
Assessment
Badge
Communication & Network Security
Discover how to implement secure architectures and controls for communication and network security. In this course, you will learn about secure design principles for networks, secure network components, OSI TCP/IP models, multilayer and converged protocols. Other topics covered include the following: signal transmission media, Network Admission Control (NAC) endpoint security, content-distribution networks, unified communications, wireless networking, remote access technology, and virtualized network security. As you conclude, there will be a review exercise, where you will list four security architecture principles, name three common security components of network switches, list three types of proxies, name four features of unified communications, and list five SIEM system features.
12 videos |
1h 15m
Assessment
Badge
Identity and Access Management (IAM)
Explore domain topics related to management, control, deployment, and accountability of various identity and access services in the enterprise, as well as the provisioning life cycle.In this course, you will learn about control physical and logical asset access, identification and authentication of entities, identity integration, authorization mechanism implementation, access control models, identity management implementation, access review and provisioning, and Federated Services. As a review exercise, you will list three examples each of Federated Services, military asset classification labels, and commercial asset classification labels.
9 videos |
59m
Assessment
Badge
Site & Facility Security Controls
Explore the domain of physical security as it relates to the corporate facility and on-site locales. In this course, you will learn about wiring closets, intermediate distribution, security controls for server rooms and data centers, media storage facilities, and evidence storage techniques and practices. Other topics include restricted work area security, utilities and HVAC intrusion protection, environmental controls, and fire prevention, detection, and suppression techniques. As a review exercise, you will name three types of keyless locks, list for types of motion detectors, list three security best practices to store evidence, and list four security practices that the Kraken bitcoin exchange uses for administrative, technical, and physical controls.
9 videos |
33m
Assessment
Badge
CISSP: Security
Explore the domain areas concerning governance, compliance, and business continuity planning for the enterprise security practitioner and engineer. In this course, you will evaluate and apply security governance principles to various situations. You will learn how to determine contractual, legal, industry standard, and regulatory requirements. Then you will move on to review privacy principles, requirements, and legal/regulatory considerations. From there, you will see what is needed to develop, document, and implement security policies, standards, procedures, and guidelines, as well as business continuity and disaster recovery plans. Other topics include learning how to align security functions with business strategies and objectives; ensuring compliance with due care and due diligence; identifying and analyzing cybercrimes and data breaches; comparing import/export and transborder data controls. Finally, you will examine licensing, intellectual property, and privacy requirements.
13 videos |
1h
Assessment
Badge
CISSP: Risk Management
What roles do human resources and legal departments play in ensuring that an enterprise is run securely? During this course, you will explore the governance, compliance, and business continuity planning domains for the enterprise security practitioner and engineer. You will observe how these departments must work closely with the security policy steering committee to enforce personnel security policies and procedures. See how to apply risk assessment and analysis techniques; study how to respond to risks, including measurement and monitoring. Discover how to implement threat modeling concepts and methodologies. Learn to apply risk-based management concepts to the supply chain. Also learn to build and maintain security training programs. Finally, as a review exercise, you will examine various IT security controls.
7 videos |
41m
Assessment
Badge
Security Architecture and Engineering
Explore the world of security engineering, such as the engineering processes that use secure design principles. In this course, you will start by becoming familiar with security architecture and engineering practices. You will then compare various security models, such as the state machine, lattice, noninterference, information flow, Bell-LaPadula confidentiality, and Clark-Wilson integrity models. Next, you will learn how to select various technical controls based on a system's requirements. Other topics include: how to compare security capabilities of one system to another, and how to mitigate vulnerabilities in security architectures and designs. You will conclude the course with a review exercise on how to describe security engineering and design. In the exercise, you will list four principles of secure network design, name five common attributes of next generation firewalls, name four proxy types, and list three rules of the Bell-LaPadula model.
6 videos |
46m
Assessment
Badge
Vulnerability Assessment & Mitigation
Explore the domain of security assessment, design, and mitigation for web-based, mobile, and embedded systems. This course will start by examining common web-based attacks, such as SQL injection, cross-site scripting (XSS), cross-site request forgery (CSRF), carjacking, clickjacking, and cookie exploits. Next, you will learn how to evaluate general strategies to mitigate vulnerability. The course then moves on to mitigation strategies fo rmobiles, such as containerization, sandboxes, wrappers, secure encrypted enclaves, TPM, and tokenization. You will then study enterprise mobility management methods, privacy concerns, and security issues. Other topics include how to assess vulnerabilities and common threats for embedded devices; and how to walk through methods to reduce embedded device vulnerability. Finally, as a review exercise, you will describe how to assess and mitigate systems vulnerabilities.
10 videos |
48m
Assessment
Badge
CISSP: Security Assessment & Testing
Find out what is involved with security assessment and testing. In this course, you will walk through steps you can take to support investigations. Examine resource provisioning and protection requirements, such as maintaining a chain of custody (CoC) to handle evidence. Learn key points about how to log and monitor operations, implement tests of security controls and processes, design and validate audit strategies, conduct security audits, and analyze test output. As a review exercise, you will describe how to effectively assess and test security.
8 videos |
51m
Assessment
Badge
CISSP: Security Operations
Explore the subject of security concerns and management tasks of continuous security operations and initiatives. During this course, you will review various operations security principles and see how to conduct or facilitate security audits. You will identify asset inventory measures and asset management controls. See how to manage configurations and changes and spot the differences between change management and configuration management. Compare features of privileged and service accounts. Finally, consider legal issues related to information security, such as service level agreements (SLAs), non-disclosure agreements (NDAs), and operational level agreements (NLAs).
9 videos |
36m
Assessment
Badge
Monitoring & Reporting
Discover security principles and management tasks of continuous security operations and initiatives. Learn about protocol analyzers, network scanners, vulnerability scanners, and other continuous monitoring systems. Review egress monitors as well as security information and event management (SIEM) systems. Examine various types of intrusion detection and prevention methods, such as NIDS and NIPS. Walk through forensic investigative processes. Explore digital forensics tools, tactics, and procedures. Observe reporting and documentation techniques, as part of a post-incident response, including root cause analysis and an after-action report of lessons learned.
9 videos |
51m
Assessment
Badge
Conducting Incident Management
Discover various methods for incident handling, disaster recovery, and business continuity, for enterprise. During this course, you will learn how to conduct detective and preventative measures, implement patch and vulnerability management, participate in change management processes, and setup a disaster recovery plan (DRP). You will observe how to test disaster recovery plans and identify elements of a business continuity plan (BCP). You will also examine physical security needs, such as confidentiality, integrity, and availability (CIA) requirements for an organization. From there you will observe how to assess environmental, man-made, supply system, and political threats, as well as their impacts; and consider protective measures for physical security, such as surveillance, lighting, tokens, biometrics, and Faraday cages. Finally, you will learn how to address personnel safety and security concerns.
12 videos |
1h 26m
Assessment
Badge
SHOW MORE
FREE ACCESS
COURSES INCLUDED
CISSP 2021: (ISC)2 & the CISSP Exam
In this introductory course of this CISSP training series, you will learn about the (ISC)2 code of professional ethics and organizational code of ethics that all CISSP candidates must attest to in order to be certified. These codes transcend the certification and should permeate every aspect of the life of a security practitioner, engineer, or architect. This course will also introduce the various characteristics of the 4-hour CAT and 6-hour linear CISSP examinations, including domain weightings. After completing this course, you'll have a foundational understanding of codes of ethics and aspects of the CISSP exam.
5 videos |
8m
Assessment
Badge
CISSP 2021: Fundamental Concepts & Principles
Even with several years of practical experience in the security field, knowledge and application of specific security concepts and principles may have eluded even the seasoned security professional. Use this course to brush up on some of the vital, core security principles, such as confidentiality, integrity, and non-repudiation. Be reminded of the critical role of security design in the ISO OSI 7-layer Reference Model and the 4-layer TCP/IP Reference Model. Upon completion of this course, you'll be fully attuned to the most fundamental aspects of security. Furthermore, you can use this course to prepare for the CISSP exam.
9 videos |
28m
Assessment
Badge
CISSP 2021: Secure Design Principles
Security design principles are crucial while designing any security mechanism for a system. This course will help you gain a better understanding of how these principles help develop a secure system, which prevents security flaws and also blocks unwanted access to it. Get familiar with security concepts and principles such as defense in depth, least privilege, and zero trust and explore them further with the help of real-world applications and use cases. After completing this course, you'll be aware of the significance of methodologies for implementing separation of duties, secure defaults, secure failure, and privacy by design while avoiding over-complexity.
11 videos |
40m
Assessment
Badge
CISSP 2021: Security Governance Principles
All security imitative begin at the top as an aspect of global corporate governance. The modern security architect must understand the role of security governance in the bigger picture as well as how it should align with the value proposition of the organization. This course will help you get familiar with the principles of security governance, aspects of compliance and industry standards, and the components of conducting investigations. After you are done with this course, you will be able to recognize and assess issues related to security governance, compliance, and regulations. Further, this course will help you prepare for the CISSP exam.
8 videos |