Security Core Concepts: Security+ Intermediate

https://www.skillsoft.com/channel/security-core-concepts-51f5c3d0-e254-11e6-93f3-0242c0a80605?security=3606191&expertiselevel=3606190 https://www.skillsoft.com/channel/security-core-concepts-51f5c3d0-e254-11e6-93f3-0242c0a80605?security=3606192&expertiselevel=3606190 https://www.skillsoft.com/channel/security-core-concepts-51f5c3d0-e254-11e6-93f3-0242c0a80605?security=3606195&expertiselevel=3606190 https://www.skillsoft.com/channel/security-core-concepts-51f5c3d0-e254-11e6-93f3-0242c0a80605?security=3606196&expertiselevel=3606190 https://www.skillsoft.com/channel/security-core-concepts-51f5c3d0-e254-11e6-93f3-0242c0a80605?security=3606191&expertiselevel=3606194 https://www.skillsoft.com/channel/security-core-concepts-51f5c3d0-e254-11e6-93f3-0242c0a80605?security=3606192&expertiselevel=3606197 https://www.skillsoft.com/channel/security-core-concepts-51f5c3d0-e254-11e6-93f3-0242c0a80605?security=3606193&expertiselevel=3606194 https://www.skillsoft.com/channel/security-core-concepts-51f5c3d0-e254-11e6-93f3-0242c0a80605?security=3606195&expertiselevel=3606194
  • 2 Courses | 2h 35m 8s
  • 4 Books | 36h 40m
  • 19 Courses | 18h 54m 1s
  • 4 Books | 25h 17m
  • 33 Courses | 42h 10m 26s
  • 1 Book | 5h 25m
  • Includes Lab
  • 6 Courses | 4h 30m 1s
  • 3 Books | 27h 5m
  • Includes Lab
  • 4 Courses | 4h 7m 7s
  • 4 Books | 36h 40m
  • 2 Courses | 2h 17m 7s
  • 26 Courses | 24h 49m 16s
  • 9 Books | 70h 50m
  • Includes Lab
  • Includes Test Prep
  • 36 Courses | 41h 28m 51s
  • Includes Lab
Likes 214 Likes 214
 
Security is a primary concern for network administrators. Discover the basics of security, from methods, tools, and technologies.

GETTING STARTED

Fundamental Security Concepts

  • Playable
    1. 
    Importance of User Account Security
    5m 15s
    NOW PLAYING
  • Playable
    2. 
    Authenticity
    10m 4s
    UP NEXT

GETTING STARTED

Cybersecurity Awareness and Threat Vectors

  • Playable
    1. 
    The Impact of Cyber Events
    2m 10s
    NOW PLAYING
  • Playable
    2. 
    Importance of Cybersecurity
    1m 22s
    UP NEXT

GETTING STARTED

Security Vulnerabilities: Managing Threats & Vulnerabilities

  • Playable
    1. 
    Course Overview
    1m 22s
    NOW PLAYING
  • Playable
    2. 
    STRIDE Model of Threats
    4m 5s
    UP NEXT

GETTING STARTED

End-User Security: The End-User Perspective

  • Playable
    1. 
    Course Overview
    1m 35s
    NOW PLAYING
  • Playable
    2. 
    Concepts of Shared Responsibility
    4m 50s
    UP NEXT

GETTING STARTED

Authorization & Registration

  • Playable
    1. 
    Authentication and Identification
    4m 19s
    NOW PLAYING
  • Playable
    2. 
    User Authentication Components
    5m
    UP NEXT

GETTING STARTED

Anomaly Detection: Aspects of Anomaly Detection

  • Playable
    1. 
    Course Overview
    2m 2s
    NOW PLAYING
  • Playable
    2. 
    Types of Anomalies
    11m 4s
    UP NEXT

GETTING STARTED

The Present Threat Landscape

  • Playable
    1. 
    Defining the Threat Landscape
    3m 22s
    NOW PLAYING
  • Playable
    2. 
    Risks and Vulnerabilities
    7m 25s
    UP NEXT

GETTING STARTED

Incident Tracking & Response

  • Playable
    1. 
    Course Overview
    1m 38s
    NOW PLAYING
  • Playable
    2. 
    Incident Tracking Definitions
    4m 30s
    UP NEXT

COURSES INCLUDED

Fundamental Security Concepts
Online user accounts are one of easiest entry points for savvy hackers. Explore fundamental security concepts of authenticity, integrity, and confidentiality, and the role they play in establishing effective user account policies.
15 videos | 1h 28m has Assessment available Badge
Understanding Attacks & Prevention Practices
Online user accounts are one of easiest entry points for savvy hackers. Discover why and how most common user account breaches happen, as well as general security practices to help protect against potential intrusions via user accounts.
10 videos | 1h 6m has Assessment available Badge

COURSES INCLUDED

Cybersecurity Awareness and Threat Vectors
Cybersecurity is often defined as the protection of computer systems and networks from unauthorized or unwanted information disclosure, theft or damage. In this course, explore the potential impacts of a personal or business security breach, and discover the fundamentals of the confidentiality, integrity, and availability triad. Explore how baselining can be used to better understand an IT environment and learn to differentiate between natural, malicious human, chemical, and non-malicious threats. Explore security concerns as they relate to internal and external human activity, and discover how to identify drivers for security controls. Explore common functions and purposes of security controls and discover the importance of testing corrective controls in place. Lastly, explore how to differentiate between quantitative and qualitative risk analysis, as well as between data in motion and data at rest. This course was originally created by Global Knowledge (GK). 
20 videos | 42m has Assessment available Badge
Network Discovery Tools and Techniques
Network discovery is the process of identifying or mapping internal networks and computer resources in an organization. Conveniently, network discovery tools can be used to automate the scanning process and discover all the devices on a specific network. In this course, you'll learn about the OSI and TCP/IP models, and how they are used to facilitate communication between entities on a network. Wxplore how security controls behave at different layers of the OSI and TCP/IP models. Explore common network devices and learn how they can be compromised physically or administratively. Discover how to differentiate between discovery, footprinting, and scanning tools, and explore categories of discovery tools including auditing, vulnerability scanning, and SNMP. Explore Nmap, Zenmap, and Supercan network discovery tools, and learn when to use protocol analyzer tools such as Wireshark. Lastly, discover the benefits of periodically referencing the Common Vulnerabilities and Exposures database. This course was originally created by Global Knowledge (GK). 
21 videos | 1h 1m has Assessment available Badge
Systems Hardening
Security hardening is the process of securing systems and networks by reducing the surface of vulnerability. In this course, you'll learn the types of systems that can be hardened as well as how security baselines can be used to define normal conditions on a network. Explore how Group Policy can be used to apply computer settings to numerous systems at once, and discover the benefits of performing ongoing security patching. Explore steps used to harden systems by role including: client, server, database, web server, FTP, DNS, DHCP, network, and mobile devices. Lastly, learn how to differentiate between free and commercial hardening tools, recognize steps to properly implement authentication, authorization, and accounting, and implement physical security to contribute to overall security stability. This course was originally created by Global Knowledge (GK). 
24 videos | 1h 4m has Assessment available Badge
Security Architecture
Security architecture can be defined as the specifications, processes, and standard operating procedures (SOPs) required to protect an organization's IT infrastructure. In order to improve network security and mitigate risks, a series of network devices can be used to control access to networks and resources. In this course, explore how security architectures can be used to enforce security at the network layer. Explore basic switching and routing devices, and discover core functions of a network intrusion detection systems (NIDS) and host-based intrusion detection systems (HIDS). Explore the characteristics and categories of firewall devices, and learn about networks, intranets, and demilitarized zones. Discover the benefits of network segmentation and learn how to segment networks. Lastly, discover how Network Address Translation (NAT) is used to map addresses, and explore how Network Access Control (NAC) can be used to verify compliance using security policies. This course was originally created by Global Knowledge (GK). 
19 videos | 1h 11m has Assessment available Badge
Securing Information using Cryptography
Cryptography is a process used to keep information secret and safe by transforming it into an unrecognizable form that unwanted and unintended recipients cannot understand. In this course, you'll explore how cryptography can be used for confidentiality and integrity. Discover when to use symmetric and asymmetric encryption and discover the advantages and disadvantages of both. Explore practical use cases for cryptography and explore how hashing can be used to ensure data integrity. Discover how digital signatures can provide message integrity, authenticity, and non-repudiation and learn how to implement digital signatures. Discover how to differentiate between rights and permissions and explore access control methods such as discretionary access control, mandatory access control, and role-based access control. Lastly, explore how steganography can be used to hide secret information in or on another object, and how digital rights management (DRM) tools can be used to control access to protected data. This course was originally created by Global Knowledge (GK). 
25 videos | 1h 20m has Assessment available Badge
Public Key Infrastructure and Certificate Distribution
Public-key infrastructure (PKI) is the framework of encryption and cybersecurity used to safely distribute, verify and revoke certificates in an organization and manage public-key encryption. In this course, you will learn the fundamentals of PKI and explore considerations when implementing trust structures through technology and public key-based digital certificates. Explore PKI components including certification authorities, certificates, revocation lists, registration authorities, entities and certificate templates, and discover how certificate authorities (CA) are used to issue certificates to entities and manage trust relationships. Discover how to differentiate between root and subordinate CAs as well as internal and external PKIs, and explore public key certificates and how they can represent the digital identity of the subject. Lastly, explore common certificate acquisition methods including web, auto-enrollment, MMCs, and native consoles, and explore use cases for common access cards (CAC). This course was originally created by Global Knowledge (GK). 
17 videos | 53m has Assessment available Badge
Identity Management, Directory Services, and Federation
Identity management is a framework used to ensure appropriate access controls are in place to grant authenticated users access to enterprise assets. In this course, you will learn about the key fundamentals of identity management, including privilege administration, access control, and system scalability. Explore identification, authentication, authorization, accountability (IAAA) services and discover how personally identifiable information (PII) can be used to identify a subject. Explore the three main types of authentication factors: something you know, something you have, and something you are, and discover how to choose appropriate and accurate biometric criteria. You'll also learn about directory services and how they can be used to organize network resources. Explore password cracking techniques and tools, and discover when to use same sign-on and single sign-on authentication schemes. Lastly, explore how federation can be used to link together different authentication systems. This course was originally created by Global Knowledge (GK). 
27 videos | 1h 19m has Assessment available Badge
Network Hardening, Network Segmentation, and Secure Connections
Network hardening can help identify potential vulnerabilities, secure systems, and reduce the risk of unauthorized access. In this course, you'll learn how to secure administrative and remote access connections. You'll discover key features of the Simple Network Management Protocol (SNMP) and explore the various types of firewalls and logical locations to place them on a network. Discover how to control and manage traffic using rules on routers and firewalls, and explore how firewall management can contribute to overall network hardening. Discover how to limit internal and external physical access to resources. Explore best practices for managing telecom and wiring closets as well as considerations for establishing secure access. Lastly, explore the importance of hardening wireless access points and recognize how to harden network elements including firewalls, routers, and access points. This course was originally created by Global Knowledge (GK). 
27 videos | 1h has Assessment available Badge
Fundamentals of Malware Analysis and Remediation
Malware is any software with the intention to wreak destruction or gain access to sensitive information. Malware is often used as a blanket term for common computer worms, viruses, and trojans. In this course, you'll learn how to protect systems from malware by implementing and managing anti-malware software. Explore different malware infection methods and learn how to differentiate between different types of malware. Explore how viruses can attach themselves to system applications and learn about common virus threats. Discover how to differentiate between worms, trojans, rootkits, and bots, and explore how spyware and adware spyware can be embedded into applications that look free and interesting to use. Lastly, explore how ransomware works and discover countermeasures to protect against threats including user awareness programs, scanning systems, and monitoring network activity. This course was originally created by Global Knowledge (GK). 
23 videos | 56m has Assessment available Badge
Social Engineering Threats and Prevention
Social engineering is a form of attack that is accomplished using malicious activities through human interactions. In a common social engineering attack, humans are tricked into making security mistakes or giving away sensitive information. In this course, you'll explore the goals of social engineering including gaining access to sensitive data, physical locations, and systems. Discover vulnerabilities that make social engineering possible, explore common targets, and learn about indirect and direct social engineering attacks. Explore how searching a person or business's trash can produce information that can be used to carry out an attack, and discover the importance of staying up to date with the latest social engineering stats and trends. Explore the importance of cyber awareness and reporting workplace abnormalities, and discover the various social media site types including social networks, video sharing, blogging, and photo sharing. Lastly, explore factors that drive people to post compromising material on social media. This course was originally created by Global Knowledge (GK). 
27 videos | 1h 2m has Assessment available Badge
Software Engineering, Security and Vulnerabilities
The principles of software engineering include designing, developing, implementing, and maintaining a software solution. One crucial aspect of software security is to determine if software is safe to release to an organization or public. In this course, you'll explore the Software Development Life Cycle (SDLC) and learn about maturity levels used to define agility and effectiveness of a development solution. Discover how security guidelines can help improve the quality and security of a software development, and explore the importance of staying current with the types and trends of software threats and exploits. Continue to learn about software vulnerabilities while exploring common attacks including buffer overflows, database injection, cross-site scripting, and directory traversal attacks. Lastly, explore how misconfiguration of servers increases the likelihood of attacks, and discover how permissions are used to secure directories used by applications. This course was originally created by Global Knowledge (GK). 
15 videos | 57m has Assessment available Badge
Environment Monitoring, Retention, and Data Logging
Logging is used to record events that occur within an organization's systems and networks. Oftentimes, logging information can help with the identification and isolation of any intruder or malware. In this course, explore acceptable use policies (AUP) and how they apply to employee monitoring. Discover how monitoring as a service can benefit an organization, and explore devices that can be monitored on a network including routers, switches, laptops, and wireless access points. Explore how retention policies can identify how long different types of data are maintained and discover when to implement a centralized enterprise logging service. Lastly, explore how keystroke loggers can capture and track what is typed on a keyboard and learn the importance of protecting log information. This course was originally created by Global Knowledge (GK). 
23 videos | 52m has Assessment available Badge
Physical Security, Safety Procedures, and Access Control
Physical security measures can help organizations protect personnel, hardware, software, and data from physical actions and events that could result in unauthorized or unwanted disclosure or theft of property. In this course, you'll learn how defense-in-depth solutions can provide multiple layers of security as well as the various types of physical security controls. Explore the importance of surge protectors, uninterrupted power supplies (UPS), and power generators, and discover how device security concerns should encompass all company-owned equipment. Discover why non-disclosure agreements (NDA) should be used in locations where proprietary information may be accessible to employees, vendors, or visitors, and explore how background checks should be an essential part of security management. Lastly, explore the importance of ensuring the correct level of security access levels. This course was originally created by Global Knowledge (GK). 
18 videos | 47m has Assessment available Badge
Incident Response, Backup and Recovery Strategies, and Documentation
It is imperative that organizations outline instructions to help IT staff identify, respond, and recover from network security incidents. By doing so, organizations can quickly recover from cybercrime events potentially resulting in data loss and service outages. In this course, you'll explore common disaster types, including natural disasters and malicious human actions that threaten organizations. Discover business continuity and disaster recovery planning goals, resources, and concepts. Discover how operational recovery planning can help ensure businesses resume day to day operations in a timely manner, as well as the importance of planning for user recovery. You'll also learn about backup technologies and strategies, and discover the importance of proper documentation. Lastly, explore how to prepare for incident responses and learn about reporting incidents and legal considerations. This course was originally created by Global Knowledge (GK). 
41 videos | 1h 34m has Assessment available Badge
Legal Considerations and Cybercrime Investigations
Cybercrime laws apply to incidents in which a crime was directed at a computer, or crimes committed using a computer. In this course, you'll explore aspects of service-level agreements (SLA) and privacy-level agreements (PLA), and discover considerations when dealing with international regulatory compliance. You'll also learn how cybercrime intersects with different legal fields including intellectual property, privacy laws, jurisdiction, criminal, and civil, and explore methods in which to investigate cybercrime activity. Explore key considerations when dealing with criminal, civil law, and administrative laws, and learn to differentiate between civil, common, statutory, and religious legal systems. Lastly, explore tools used to perform a cybercrime investigation, and discover cybercrime investigative best practices, including how to notify management and protect the crime scene. This course was originally created by Global Knowledge (GK). 
22 videos | 55m has Assessment available Badge
Trends in Cybersecurity
Cybersecurity is the practice of protecting systems, networks, and programs from cyber threats and exploits. Therefore, organizations are required to allocate a growing number of resources to protect their data from unwanted and unauthorized data breaches and disclosures. In this course, you'll explore the possible constraints that may prevent an organization from having an ideal IT security solution including budget, regulations, design limitations, and political issues. Discover driving forces in cybersecurity including money, mobile devices, education, and new technologies, and explore the risks associated with portable electronic devices (PED) such as geolocations. Explore how supervisory control and data acquisition (SCADA) systems can be used to monitor important infrastructure including electric grids, water supplies, and pipelines, and discover how most people now use the Internet daily to send email, shop, and watch TV. Lastly, discover how cybersecurity and IT standards continue to evolve and how no one standard is foolproof or future proof. This course was originally created by Global Knowledge (GK). 
18 videos | 45m available Badge
An Executive's Guide to Security: Understanding Security Threats
Companies that do not understand threats facing their information are at risk of costly data breaches. In this 13-video course, learners can explore common security threats, types of network attacks, and the human element of security threats. Key concepts covered here include what an attack surface is, and how it must be understood to protect corporate information; and what network hardening is and how it relates to protection of corporate information. Next, learners will examine network demilitarized zones and how they protect corporate information; observe differences between threats, vulnerabilities, and risks in corporate environments; and study top kinds of security threats facing organizations today. Continue by learning the role that physical security plays in protecting corporate data; how social engineering is conducted and how it is mitigated through corporate policy; and the importance of corporate security policies, and why they should be strictly adhered to. Finally, explore the importance of password policies and why they should be adhered to; and learn reasons why IT administrators need to protect an organization by refusing to bend rules.
13 videos | 50m has Assessment available Badge
An Executive's Guide to Security: Protecting Your Information
This 13-video course explores data protection for businesses, including devices, social media, and good governance through security principles, policies, and programs. You will examine several types of security threats, the different types of network attacks, the role physical security plays in the protection of corporate data, and the human element of security threats. Next, learners examine the attack surface, including the total combined nodes, users, devices, and any entry points of software, a network, and a business environment. You will examine threats, vulnerabilities, and risks, and learn the importance of network hardening. This course uses real-world examples of several top security threats to businesses today, including malware, social engineering, unpatched software, BYOD (bring your own device), and IoT (Internet of things). You will examine clickjacking and URL spoofing. Finally, this course discusses the legal and financial ramifications of a major security breach, the importance of having a security policy, training personnel, password protection, and managing a company's security.
13 videos | 51m has Assessment available Badge
Defensive CyberOps: Defensive Cyberspace Operations
A well-planned and properly executed DCO mission will enable the cyber warrior to repel attacks and rapidly prepare for offensive action. In this course, you'll learn the principles of Defensive Cyber Operations, including measures and responses. You'll explore cybersecurity and cyberspace operations in DCO. Next, you'll look at DCO analytics, missions, and operating domains. You'll explore the role of the mission owner and network owner in DCO, as well as planning considerations. Finally, you'll learn about cyberspace threats that may occur during the course of maneuver operations and common security and system tools used in DCO.
14 videos | 48m has Assessment available Badge
SHOW MORE
FREE ACCESS

COURSES INCLUDED

Security Vulnerabilities: Managing Threats & Vulnerabilities
This 14-video course helps learners explore the threat categories in the STRIDE (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege) model for identifying computer security threats, including spoofing, tampering, repudiation, information disclosure, denial of service (DoS), and escalation of privilege. Key concepts covered in this course include categories of security vulnerabilities using the STRIDE model; how to recognize authenticity and identity spoofing threats; and how to validate integrity and tampering threats. Next, you will learn about authentication threats and non-repudiation, when used in security, for example, when a charge cannot be challenged; learn information threats such as privacy breaches or data leaks; and learn the threat of DoS attacks, a resource disruption attack when a user tries to connect. Learners continue by exploring the privilege escalation threat model; learning to recognize examples of security misconfiguration threats; and observing methods of brute force attacks and key sizes. Finally, learn to perform a local network scan and a targeted remote scan by using Nmap; and learn to perform a DoS vulnerability diagnostic test on a host.
14 videos | 58m has Assessment available Badge
Intrusion Detection: Best Practices
Intrusion detection systems (IDS) allow you to monitor traffic and send alerts when abnormal activities have been detected. In this 14-video course, you will explore concepts of traffic analysis and IDS, including network forensic analysis, sniffing and sensors, signal and noise, and brute force analysis. To begin, you will examine approaches to network security through traffic analysis, then take a look at tools and techniques used by IDS. Learners will also explore the network forensic approach to computer networks; learn how to describe types of application controls that can be used for traffic analysis; placement and use of sniffing and IDS sensors; and examine concepts of signal and noise when it comes to network traffic analysis. You will learn how to perform IDS with Snort with a sample ruleset; configure Bro to detect common attack patterns; use Wireshark to inspect network packets; and perform nmap scans with methods to evade IDS detection. In the final tutorials, you will perform brute force analysis with nmap, and a mock denial of service (DoS) attack with nmap.
14 videos | 51m has Assessment available Badge
Intrusion Prevention: Best Practices
Intrusion prevention helps one to detect and stop various attacks that other security components may miss. In this 13-video course, learners explore objectives and tools of intrusion prevention, including kernal attack prevention, vulnerability discovery, remediation strategies, scan detection, and evasion techniques. Begin by examining approaches to intrusion prevention systems (IPS), and how it differs from intrusion detection systems (IDS). Then take a look at options and deployment strategies for IPS; discover the advantages and disadvantages of various approaches to IPS, and view the role of IPS in preventing kernal attacks. Explore the methods used to discover vulnerabilities, and the remediation strategies related to intrusions. Next, learn how to block an attacker after too many failed login attempts; how to describe methods used in IPS to evade intrusions; and how to use tools, including netstat, to scan for potential intrusions on a local system. In the final two tutorials in this course, you will scan a system for potential malware infections using nmap, and use Suricata to implement a packet diversion for intrusion prevention.
13 videos | 55m has Assessment available Badge
Digital Forensic Techniques & Investigative Approaches
In this 14-video course, learners can explore digital forensics best practices and techniques and how they relate to investigations, data integrity, proper evidence handling, and legal privacy considerations. To begin, study an overview of digital forensics, and different types of forensics including computer, mobile, network, vehicle, and the Internet of Things (IoT). Learn how to differentiate between criminal, civil, and intellectual property investigations, and examine a typical methodology or investigative approach, including preservation, collection, examination, analysis, and presentation in court. Explore procedures to properly establish and maintain chain of custody; recognize best practices and considerations when working with digital evidence, and examine the roles of forensic laboratories and hardware and software tools. Learn how to recognize legal considerations, including search warrants and privacy considerations; delve into challenges of working with cloud computing environments; and recognize how viruses and other malware work. Learn the importance of ethical decision making related to digital forensic work, and approaches and techniques used when working with live or volatile data. The exercise involves applying digital forensic best practices.
14 videos | 1h 3m has Assessment available Badge
Information Security: APT Defenses
In this 13-video course, discover key Advanced Persistent Threat (APT), concepts such as defense and best practices. Explore common APT attacks and mitigation techniques that can be used, APT tools, and how to create effective APT checklists. You will begin with an introduction to APT and its purpose, then look at the steps of the APT lifecycle. Learners will examine motives behind an APT and probable targets, and learn to identify APT defense best practices. Next, you will explore methods that can be used to strengthen APT defenses, and then recall the method(s) to deal with APTs. You will then take a look at the Equation aka APT group and its involvement in various cyber crimes. Another tutorial examines the key tools that are used when conducting an APT. Define risk assessment processes that can help you protect your assets. In the final tutorial in this course, you will be asked to identify key points for creating an effective checklist to address APT attacks.
13 videos | 1h 29m has Assessment available Badge
Information Security: NACs & Gateways
Learners will discover key features of network access control (NAC), the importance of NAC in a network, various NAC elements, authentication, and its implementation, in this 12-video course. Explore the risks and challenges associated with BYOD—which means "bring your own device"—and IoT, which is Internet of Things. You will begin the course by examining the security risks introduced by BYOD and IoT, along with their preventive measures. You will then explore the major challenges with BYOD in an organization. The next tutorial defines NAC and the importance it has in a network. This leads into examining the NAC architecture; the different features of NAC; and the impact of an improperly configured NAC. You will learn about the various NAC elements; recall the best practices of implementing NAC, and identify the key points for creating an effective checklist for NAC security. In the final tutorial, learners will be asked to list the NAC authentication methods.
12 videos | 42m has Assessment available Badge
Information Security: Subnetting & DNS for Security Architects
In this 11-video course, learners will discover key concepts related to subnetting, virtual machines (VMs), container, and DNS (domain name system) security. Examine tips and tricks used in subnetting and subnetting advantages. Explore classless inter-domain routing (CIDR), notation, deployment and security considerations for VMs and containers, and types of DNS attacks and mitigation strategies. You will begin the course by taking a look at the importance of subnetting, how it relates to security, and its advantages and disadvantages. Then move on to defining the CIDR notation. You will examine the subnetting cheat sheet, and learn various subnetting tips and tricks; compare VMs and containers, and examine the deployment considerations for VMs and containers. Next, learners will observe the best practices for deploying VMs, and the best practices for VM and container security. In the final two tutorials of this course, you will discover the various types of DNS attacks and their mitigations, and the various types of subnetting attacks and mitigations.
11 videos | 1h 9m has Assessment available Badge
Information Security: Securing Networking Protocols
Learners can explore the key concept of the common protocols in use, and discover the security issues of the transmission control protocol/Internet protocol (TCP/IP) model and security protocols, in this 10-video course. You will begin by taking a look at the common protocols used in a network, the ports they use, and the type they are and what they do. Next, you will examine some of the security issues of the TCP/IP model at the layer level, of which it has four: application, transport, Internet, and data link. You will also explore the threats, vulnerabilities, and mitigation techniques in network security; identify the types of weak protocols and their replacements; and classify the various types of security protocols. Then learners will continue by examining various ways to use security protocols in different situations; the importance of implementing security protocols. In the final tutorial, learners will explore the security-first mindset and its necessity.
10 videos | 1h has Assessment available Badge
Information Security: Hardened Security Topologies
In this 8-video course, learners will discover the key concepts of different security topologies and the key role they play in network security. Begin with an introduction to security topologies, which define the network design based on security requirements. You will then explore the design goals for security topology, the elements used to ensure that the information is secure, which means that you need the concepts of confidentiality, integrity, and availability (CIA), of information in a proper way, and it needs to be secured. You also need to practice accountability along with CIA concepts. Next, you will examine advantages and disadvantages of different security topologies, which are the Intranet, the Internet, and various other topologies. You will take a look at the impact of integrating cloud topologies, and also delve into the various layers of security in cloud computing. The final tutorial in this course explores the different methods used to harden the components of security topologies.
8 videos | 45m has Assessment available Badge
Information Security: Continual Infrastructure Testing
Discover DevOps practices such as continuous security and security monitoring, the benefits of using DevOps, and best practices of DevOps security in this 11-video course. Explore the secure DevOps lifecycle and learn about security risks and the various tools used for DevOps testing. Key concepts covered in this course include continuous security practices and the need for continuous security in a DevOps environment; the benefits of using DevOps including improved quality, saving money, and saving time by not having to integrate code at the later stage; and the components of DevOps and their impact on the infrastructure security. Next, learners will examine the best practices of DevOps security and learn the secure DevOps lifecycle; and learn security risks that come with DevOps and tools that can help aid with continuous security infrastructure testing. Finally, learn the security risks of DevOps; and the various tools used for DevOps testing, as in each stage of DevOps certain types of tools will be used.
11 videos | 48m has Assessment available Badge
Information Security: Security Governance
In this 9-video course, learners will discover the importance of implementing security governance in an organization. Explore differences between security governance and security management, types of governance frameworks, and the roles of senior management. Also covered are ensuring good IT security governance, risks and opportunities, security governance programs, and governance framework structure. Key concepts covered in this course include how to distinguish between security governance and security management; learning about different types of IT governance frameworks including ISO 27001, PCI DSS, HIPAA (Health Insurance Portability and Accountability Act), ITIL, and COBIT; and learning the various roles and responsibilities of senior management in governance; learn the measures used to ensure good IT security governance including creating governance within an organization, delivering governance through the right stakeholders. Next, observe how to review governance on a periodic basis; learn the risks and opportunities in security governance and making sure the security policies are up to date; and examine the process of rolling out a security governance program. Finally, you will examine the structure of a governance framework.
9 videos | 1h 17m has Assessment available Badge
Information Security: Honeypots
Explore various honeypot concepts, such as the types of honeypots, roles and uses of a honeypot, and how honeypot data analysis is used. In this 12-video course, you will examine strengths and weaknesses of a honeypot and how it is placed in networks. Key concepts covered in this course include the honeypot system itself, configured to detect, deflect, or counteract any unauthorized attempt to gain access to information; learning the various types of honeypots that can be used focusing on low and high interaction level types; and learning about the role played by honeypots in overall network security. Next, you will examine learn honeypot uses and disadvantages; learn the deployment strategies of a honeypot; and learn the various open-source and commercial honeypot products available on the market. Finally, learners will observe how honeypots are placed in a network; how to install and configure a honeypot by using KFSensor honeypot software; and explore how honeypot data analysis is captured through automated software or through a manual method.
12 videos | 40m has Assessment available Badge
Information Security: Pen Testing
Explore the key penetration (pen) testing concepts such as vulnerability assessment, types of pen testing, and threat actors, in this 14-video course. Discover why pen testing is needed and investigate tools used for pen testing. Key concepts covered in this course include pen testing, a set of tasks that are performed by ethical hackers against an organization, but in a legal way; steps performed during the pen testing process; and reasons why an organization needs to perform pen testing and distinguish between pen testing and vulnerability assessments. Next, you will compare the different types of pen testing and learn the weaknesses of pen testing; learn the various types of tools used in pen testing and the target selection for pen testing; and learn the types of assets in an organization; compare the types of risk responses that an organization may adapt. Finally, learners observe how to use the Metasploit framework in Kali Linux; and how to create an exploit by using MSFvenom.
14 videos | 1h 40m has Assessment available Badge
Authentication & Encryption: Best Practices
In this 14-video course, explore the authentication, authorization, and encryption options that a security architect will need on a day-to-day basis. The focus will be on two fronts—from a network security standpoint including cloud services, and internal solutions in an Agile and DevOps environment. Begin with a look at authentication, authorization, and encryption factors and how they fit together, then look at methods of authentication and best practices. This leads into methods of authorization and access control; the use of encryption methods and best practices in implementing encryption; and key symmetry—differentiating between public and private keys and their ciphers. Examine methods of keeping login and authentication credentials secure; view system authentication and authorization through user account administration in Linux, and handle security policy trade-offs in situations where solutions might not align with policy. Discover Secure Shell (SSH) configuration, and implementing and securing remote access to a system using SSH; create secure certificates and keys using OpenSSL; verify software package authenticity by using OpenSSL, and file encryption and file decryption with OpenSSL.
14 videos | 1h 2m has Assessment available Badge
Security Architect: Ethical Hacking Best Practices
To become a well-rounded ethical hacker, one must have good ethics, love a challenge, and be persistent. In addition, you must have a strong technical background and be familiar with common tools, strategies, and techniques used in a variety of ethical hacking situations. In this 14-video course, learners can explore best practices related to ethical hacking and incident handling, legal considerations, and proactive hacking practices and strategies. Begin with an overview of the importance of ethical hacking in today's world and different types of ethical hacking, and different types of real-world hackers, such as white, black, and grey hat. View benefits of ethical hacking, and rules of engagement prior to performing an ethical hacking exercise. Delve into vulnerability and penetration testing and the common ethical hacking tools. Conduct a network scan by using Nmap; learn about incident handling, and recognize the importance of using templates or checklists prior to and during a penetration test. Finally, recognize best practices when testing uncovers exploits or vulnerabilities, and legal considerations when performing an ethical hacking exercise.
14 videos | 52m has Assessment available Badge
Security Rules: Rules of Engagement
Prior to performing any penetration testing, it is important to outline the Rules of Engagement (RoE) with the client. Begin this 14-video course with a general overview of the RoE, how it relates to business, and the potential consequences of not having the RoE in place. Look at benefits of having an easy reference checklist prepared when defining RoE. Learn how to determine the appropriate scope of engagement; examine client (IT staff) considerations; and view common risks and limitations, such as impact on systems. Explore the logistics and considerations such as testing tools, personnel, and test schedules. Delve into incident handling and best practices; testing and best practices, and also best practices in information handling. Examine elements that should be included in final reports, such as action taken, problems, and findings. Look at liabilities, warranty, limitation of a liability, and indemnification considerations to include when outlining the intent of testing activities. Finally, learn how to ensure proper authorization has been granted to commence any testing.
14 videos | 53m has Assessment available Badge
Malware Removal: Identifying Malware Types & Classification Approaches
Knowing how to respond to malware incidents is a critical skill for security professionals, and the first step to achieving malware response skills is understanding the types of malware you will face in the field. In this course, you'll explore different types of malware such as worms, Trojan viruses, botnets, ransomware, and rootkits. You'll then round out your knowledge by identifying the different methods used to classify a virus and determine its potential impact.
8 videos | 29m has Assessment available Badge
Malware Removal: Analyzing an Infected System
Familiarization with the different types of malware analysis and the tools used to analyze malware is a critical skill for IT security professionals. In this course, you'll explore the characteristics of malware and the impact the malware has on the infected system. You'll learn how to identify different malware analysis techniques, such as static and dynamic malware analysis, to discover activities performed by malware. You'll also examine some of the tools used to perform both static and dynamic malware analysis and how to use a disassembler to view malware code.
13 videos | 1h 50m has Assessment available Badge
Malware Removal: Remediating an Infected System
Understanding what tools to use to recover a system after it is infected with malware is a critical skill. In this course, you'll explore the symptoms of virus infected systems and best practices for malware removal. You'll learn about different remediation approaches for different types of malware. You'll also look at some of the tools used to remove and recover systems after they have been infected such as the Windows Malicious Software Removal Tool, the Windows repair options, and how to restore a system image backup.
12 videos | 54m has Assessment available Badge
Malware Removal: Reporting Findings & Preventing Future Infections
Knowing how to respond to a malware incident and who to report the malware incident to is critical to a timely response. In this course, you'll learn key steps for responding to malware incidents, as well as how to identify key persons to report the malware incident to and steps to take to help prevent future malware incidents.
7 videos | 32m has Assessment available Badge
CyberOps Windows Hardening: Windows Server Hardening Best Practices
Windows servers are the heart of many corporate networks and may contain sensitive company data that, if leaked or stolen by an attacker, would be catastrophic. Protecting the Windows Server assets and preventing a security compromise is an important skill for IT security professionals to master. In this course, you'll learn how to help prevent security incidents by hardening the Windows Server and reducing the attack surface. You'll learn how to follow common security best practices to lock down a Windows system by hardening user accounts, passwords, services, the file system, and common network services, such as DNS and IIS.
16 videos | 1h 39m has Assessment available Badge
Windows Exploits and Forensics: Intelligence Gathering
As a security operations person, you'll need to employ various Windows exploitation techniques to attack vulnerable target software and services. This course covers the various intelligence gathering techniques used for conducting offensive security operations against a Windows-based network to identify possible vulnerabilities. You'll start by examining open source intelligence (OSINT) gathering techniques and sources before conducting your own OSINT investigation. Next, you'll explore the use of social media and other tools for finding targets for social engineering exercises. You'll then examine common Windows services and their ports and tools for conducting basic enumeration. Moving along, you'll practice network scanning for open ports, scanning a Windows-based system, and enumerating data. Lastly, you'll explore various tools used in the Kali hacking environment, the use of Metasploitable, and common locations to find Windows exploits.
13 videos | 1h 32m has Assessment available Badge
Windows Environments
As a security operations person, you'll need to tailor your methods to suit the operating system your working with. This course covers some of the core competencies required to conduct offensive security operations against a Windows environment. Throughout this course, you'll learn how to recognize the differences between various Windows versions. You'll examine the role of intrusion detection systems (IDS) and intrusion prevention systems (IPS) in a Windows environment. You'll then learn about the MITRE ATT&CK framework and how it relates to Windows intrusions and identify the different Windows logging mechanisms. Next, you'll practice using event logging, basic PowerShell commands, and the Windows Registry. You'll then explore how the Windows hashing algorithm works and practice cracking an NTLM hash value. Lastly, you'll investigate different data artifacts within Windows and outline how best to work with Active Directory and Kerberos.
16 videos | 1h 38m has Assessment available Badge
Windows Exploits and Forensics: SMB & PsExec
When carrying out security operations in a Windows environment, you need to know what kind of attacks, exploits, and vulnerabilities to look out for. This course covers two of the most common services used to attack a Windows-based network - SMB and PsExec - along with some popular attack methodologies. You'll start by examining SMB permissions and default settings. You'll then explore tools to enumerate SMB shares and data. Next, you'll investigate how to identify SMB vulnerabilities and recognize SMB attacks. You'll then conduct different SMB exploits, including brute force and denial of service attacks. You'll move on to outline how PsExec works and use it to execute remote commands. Finally, you'll practice exploiting PsExec using various tools, including the EternalBlue exploit.
15 videos | 1h 11m has Assessment available Badge
Windows Exploits and Forensics: FTP, RDP, & Other Services
To protect an operating system, you must first know how to exploit it. This course covers some of the standard Windows services that have known exploits available for them, which can be used in offensive security operations against a Windows environment. You'll start by enumerating data from a Windows-based FTP server before practicing methods used to attack FTP services. You'll then learn how to attack IIS-based systems. Next, you'll examine the RPD protocol and learn methods of attacking the Windows RDP service. Finally, you'll investigate how WMI works and learn to exploit WMI on a Windows-based machine. This course involves conducting brute force attacks, reverse shells, and using the BlueKeep security vulnerability.
14 videos | 1h 18m has Assessment available Badge
Windows Exploits and Forensics: Legacy Systems & Third Party Applications
When an organization uses systems that are no longer serviced and supported and therefore, do not receive security updates, they expose themselves to serious security attacks. To ensure a healthy network ecosystem, security operations personnel must be aware of the vulnerabilities these systems are exposed to. In this course, you'll explore how to conduct offensive security operations against legacy Windows-based systems. You'll learn to recognize older versions of Windows, identify common exploits for these older versions, and scan Server 2008 for vulnerabilities. You'll then learn how to enumerate Server 2008, exploit legacy systems, and gain a reverse shell on a legacy system. You'll then learn how to recognize common third-party applications and vulnerabilities and how to exploit them. Finally, you'll learn how to identify and avoid a honeypot.
12 videos | 1h 2m has Assessment available Badge
Windows Exploits and Forensics: Post Exploitation
As a penetration tester, it's vital that you are familiar with advanced methods of conducting offensive security operations against Windows environments. In this course, you’ll learn to recognize common post exploitation activities within a Windows environment and how to configure an advanced persistent threat. You’ll start by learning how to escalate privileges, use a DLL injection attack, pivot between systems, and crack user credentials. You'll then examine how to use PowerView to enumerate information and use BloodHound to 'walk the dog' and gain domain admin privileges. Finally, you'll learn how to clean up post attack to cover your tracks, create an advanced persistent threat, and use a ransomware attack to lock a system.
14 videos | 1h 29m has Assessment available Badge
Business Continuity Planning Bootcamp: Session 1 Replay
This is a recorded Replay of the Business Continuity Planning Live session that ran on May 7th at 11 AM ET. In this session Lisa Furey discusses the key principles of business continuity planning, the professional practices within BCP, the global factors that impact business continuity practices-a “new normal”, and business continuity needs within organizations.
1 video | 3h 2m available Badge
Business Continuity Planning Bootcamp: Session 2 Replay
This is a recorded Replay of the Business Continuity Planning Live session that ran on May 8th at 11 AM ET. In this session Lisa Furey discusses the necessary components in a solid business continuity plan and BCP principles in the small to medium sized business. She also covers obtaining quotations from licensed BCP professionals to create BCPs (for larger organizations), speaking to stakeholders on the need for business continuity planning within your organization, and the various certifications available in the disaster recovery industry.
1 video | 3h 2m available Badge
Security Risks: Key Risk Terms & Concepts
Familiarity with key terms and concepts associated with security risk enables security leaders to identify, evaluate, and prioritize security risks. In this course, you'll get familiar with the terminologies, activities, and concepts associated with a security risk management process. You'll start by discovering the interdependence between assets, vulnerabilities, threats, and risks. You'll then investigate how to assess risk probability, measure the impact created by it, and the difference between risk appetite and risk tolerance. Next, you'll examine the components, benefits, and stages of a risk management process. You'll also identify different methods of treating risk and the importance of implementing controls as a part of a risk-based approach. Lastly, you'll recognize the standards for risk management and the advantages of managing and assessing security risk.
16 videos | 1h 59m has Assessment available Badge
Security Risks: Performing Security Risk Identification
Effective security risk management often begins with proper security risk identification. In this course, you'll examine various components of the risk identification process and different techniques used to identify risk. You'll begin by distinguishing between threat and risk. You'll then get familiar with other terminologies and concepts associated with risk identification. Moving on, you'll recognize the significance of risk identification in recognizing assets and services that are risk-prone. You'll also investigate different methods used to identify risk and best practices for the risk identification process. Later in the course, you'll outline common security-related risks and their impact on different components of an organization. Finally, you'll examine the features of a security risk register, its role in risk management, and how to create one in Microsoft Excel.
9 videos | 1h has Assessment available Badge
Security Risks: Performing Security Risk Assessments
The categorization of security risks is essential for effectively assessing and managing risk. In this course, you'll explore the assessment, classification, and prioritization of security risks. You'll begin by outlining the concept of risk assessment and the advantages of different risk assessment techniques. You'll also investigate the features of security assessment methods, such as vulnerability assessment and penetration testing, and discover how to assess security vulnerability. Moving on, you'll recognize the significance of risk categorization and how to update a risk register in Microsoft Excel using a four-quadrant risk classification matrix. Finally, you'll identify the purpose and process of risk prioritization, and the role of a probability-impact matrix in determining risk levels. You'll then investigate how to use the matrix to prioritize risks on a security risk register.
13 videos | 1h 41m has Assessment available Badge
Security Risks: Planning for Security Risk Management
Highly effective security leaders recognize that they must prioritize and focus their efforts on managing critical security risks. Therefore, once a security risk is identified, it must be carefully evaluated. In this course, you'll identify the activities involved in a risk management process, the importance of risk strategies in the context of work environments, and essential decisions required for managing security risks effectively. Moving on, you'll investigate the components of a risk management plan and how to improve a risk management strategy by increasing risk tolerance and risk appetite. You'll also outline the importance of mitigation plans and discover how to create one in Microsoft Word. Lastly, you'll recognize the role of risk monitoring and control measures in risk management planning and the factors that shape an organization's approach to making decisions in handling risks.
12 videos | 1h 31m has Assessment available Badge
SHOW MORE
FREE ACCESS

COURSES INCLUDED

End-User Security: The End-User Perspective
Learners can examine end-user security concepts such as shared responsibilities and policies, physical controls, authentication, software, and best practices in this 12-video course. You will begin with a look at shared responsibility, which has expanded greatly because of the use of cloud computing; this means that the role of the end user, the customer or client, in shared responsibility for security is expanding at an accelerated rate. Next, you will move on to defining acceptable use policies (AUP). You will discover how to distinguish physical security controls; classify authentication technologies, and recognize the importance of hardware and software updates. Following on from this, you will explore security suites and endpoint protection; learn about browser best practices, and define the security fundamentals of e-mail. You will also delve into the security issues surrounding personal cloud storage services, and protecting data at rest, or data storage security. To conclude the course, complete an exercise on describing the concepts and technologies of end-user security.
12 videos | 58m has Assessment available Badge
End-User Security: The Security Administrator Perspective
In this 9-video course, learners will examine end-user security from the security administrator point-of-view including threatscape, security policies, training and awareness, Layer 2 security, 802.1x, MACsec, endpoint detection and response (EDR), advanced endpoint protection, and vendor solutions. Begin by taking a look at the present threatscape, while keeping in mind that it is constantly evolving, stealthy, and complex. You will examine written security policies, which every organization must have, and which apply to the entire organization. The policies must be well-written, comprehensive in scope, concise, easy to understand, and well organized. Next, you will explore training and awareness, which must be implemented for your end-users within the first few months of employment. You will compare access switch and wireless application protocol (WAP) security; describe 802.1x and MACsec; EDR protection, and next-generation EDR. In the closing exercise, you will be asked to list characteristics of next-generation EDR solutions, actions you can take with 802.1x port-based Network Access Control (PNAC), and the attributes of an effective security policy.
9 videos | 43m has Assessment available Badge
End-User Security: Securing End Users against Attackers
This 10-video course examines end-user security from the rogue attacker point of view, including motivations, Malware-as-a-Service (MaaS) phishing techniques, pharming, ransomware, data theft, cryptojacking, denial-of-service (DoS), and toolkits. One of the first things to do to be successful as a security technician or practitioner is to start to understand the mind of the attacker, so you will examine the possible motives for attacking user endpoints. You will then take a look at Malware-as-a-Service, which is available all over the world. You will explore the phishing techniques an attacker might take, as they are becoming stealthier, sending phishing e-mails over varied infrastructures. Delve into ransomware, this time from the attacker's perspective, and learn about data breaches and theft. You will also examine cryptojacking, what it is and explore some examples, and have a look at DoS and distributed-denial-of-service (DdoS) attacks using, for example, botnets. The final tutorial surveys common exploit kits such as Kali Linux and Metasploit. The concluding exercise entails listing common motives for attacking endpoints, common ransomware payloads, and exploit kits.
10 videos | 36m has Assessment available Badge
IT Security Fundamentals
The best protected companies are those that know how to use computers, network, and mobile devices with security in mind. Explore fundamental security concepts that apply to use as an end user.
13 videos | 46m has Assessment available Badge
Using Corporate Devices Securely
Using corporate computers and devices in a secure way helps ensure you don't jeopardize your work, organization or personal security. Explore common threats to corporate computers, including malicious attacks, and best practices.
13 videos | 43m has Assessment available Badge
Secure Corporate Communications & Networking
Social networking offers countless opportunities but just as countless are the security threats posed by these advancements. Explore the common threats to corporate computers and devices that exploit vulnerabilities in communications.
12 videos | 41m has Assessment available Badge
SHOW MORE
FREE ACCESS

COURSES INCLUDED

Authorization & Registration
Without the ability to gain entry, hackers are powerless. Explore key authentication concepts and best practices like identification, user authentication, the user logon process, and how to effectively manage user account credentials.
17 videos | 1h 29m has Assessment available Badge
Password Security Requirements
Without the ability to gain entry, hackers are powerless. Explore password security best practices, including establishing password strength, complexity, and age criteria.
7 videos | 40m has Assessment available Badge
Logon, Logoff & Password Policies
When a security breach happens, it puts your customers, assets, and entire reputation at risk. Explore user account security enhancements by establishing logon, logoff, and advanced password management protocols.
16 videos | 1h 18m has Assessment available Badge
Account Changes & Attack Mitigation
When a security breach happens, it puts your customers, assets, and entire reputation at risk. Explore safe and secure policies for advanced user account management as well as best practices for handling user account security breaches.
9 videos | 38m has Assessment available Badge
SHOW MORE
FREE ACCESS

COURSES INCLUDED

Anomaly Detection: Aspects of Anomaly Detection
Network anomalies are behaviors or activities that deviate from the norm. It is important that security professionals learn to monitor these anomalies in network traffic because the traffic could be malicious. In this 11-video course, you will explore roles that network and security professionals play in detecting and addressing anomalies. Begin by looking at different types of anomalies or outliers, such as configuration faults or a malicious presence; then take a look at benefits of anomaly detection, such as early response and planning for the unexpected. Learners will also examine the limitations of traditional approaches to anomaly detection, such as chasing false positives; learn how to differentiate between manual and automated detection techniques; and view the importance of building a profile of what is normal, such as user activity, before looking at multimodel attributes and how they relate to anomaly detection. Furthermore, you will explore differences between least frequency of occurrence and baselining; view the benefits of machine learning; and finally, learn how to recognize benefits of auto-periodicity to aid in identifying anomalies.
11 videos | 59m has Assessment available Badge
Anomaly Detection: Network Anomaly Detection
In this 14-video course, learners can explore best practices for anomaly detection for network forensics with topics such as network behavior anomaly detection (NBAD), frequency analysis, identifying beaconing activity, and recognizing signs of brute force attacks. Also discover protocol and population analysis, HTTPS and SSH (Secure Shell) attacks, as well as triage methods. Begin with a look at concepts and applications of NBAD, then discover how to implement frequency analysis. Learn how to identify beaconing activity, and how to recognize the signs of a brute force attack. Next, learners examine protocol analysis approaches and techniques, and learn about HTTPS attacks, deducing the activity of encrypted web traffic. Analyze SSH authentication behavior; take an overview of population analysis; explore techniques used to reveal hidden connections with behavioral analysis; and learn how to differentiate between different NBAD triage methods. In the final tutorials, discover methods and techniques for performing network anomaly analysis and the benefits of anomaly detection, and examine how network forensics can be used to protect mission critical areas of business.
14 videos | 1h 17m has Assessment available Badge

COURSES INCLUDED

The Present Threat Landscape
There are always new emerging threats and other exploits on the horizon. Examine the status quo in security threats, and how to recognize threat actors and their attributes.
15 videos | 50m has Assessment available Badge
Types of Malware
Most malware is a set of stealthy, complex, hybrid malicious code. Explore the different types of malware that organizations must deal with daily, including viruses, worms, Trojans, keyloggers, and more.
16 videos | 52m has Assessment available Badge
Social Engineering & Related Attacks
It can be safely said that the "human factor" is the main vulnerability in the modern enterprise. Examine social engineering and other attacks, such as phishing, hijacking, tailgating, and impersonation.
15 videos | 42m has Assessment available Badge
Application & Service Attacks
Modern attacks continue to become more pervasive and sophisticated. Explore various application and service-level attacks, including spoofing, injection attacks, domain hijacking, and others.
16 videos | 53m has Assessment available Badge
Cryptographic & Wireless Attacks
Finding weaknesses in cryptosystems is not simply an exercise for cryptanalysts but also a goal of hackers. Explore cryptographic and wireless attacks such as downgrade and replay attacks, jamming, Bluejacking, and more.
15 videos | 44m has Assessment available Badge
Penetration Testing & Vulnerability Scanning
While some of the best tools for improving security are now available, they can also end up in the wrong hands. Examine various penetration testing methods and tools, as well as vulnerability scanners to help you protect your environment.
15 videos | 45m has Assessment available Badge
Impacts from Vulnerability Types
There are a wide variety of impacts affecting every layer of the OSI model. Explore the effects that different vulnerability types can have on your environment.
15 videos | 52m has Assessment available Badge
Components Supporting Organizational Security
One of the main goals of security is to protect the network and client-server architecture. Examine the various components in your environment that support organizational security.
15 videos | 1h 30m has Assessment available Badge
Security Assessment Using Software Tools
There is a saying that a craftsman is only as good as his tools. Explore some of the various tools available for security assessment, including several demonstrations of how to use them.
15 videos | 54m has Assessment available Badge
CompTIA Security+: Cryptography
A top priority in security is protecting your information, whether it is at rest, in transit, or in use. Discover some of the various cryptographic methods you can employ to protect the data of both your company and your users.
20 videos | 2h 3m has Assessment available Badge
Public Key Infrastructure
All secure communications begin with trust. Examine the important role that a public key infrastructure (PKI) plays in securing user communications.
10 videos | 1h 5m has Assessment available Badge
Wireless Security Settings
It is now common for all organizations to have wireless networks; however, these networks may not be secure. Explore wireless security concepts and how to secure a number of different types of wireless networks.
13 videos | 1h 17m has Assessment available Badge
Analyzing Output from Security Technologies
A big trend today is using big data to analyze and handle security attacks. Discover how output can be gathered and analyzed using several of the common security technologies that are available.
12 videos | 1h 2m has Assessment available Badge
Deploying Mobile Devices Securely
With the explosion of bring your own device (BYOD) in corporate environments, there has been a rapidly emerging focus on securing mobile solutions. Examine various deployment models, and learn how to deploy mobile devices securely.
13 videos | 29m has Assessment available Badge
Implementing Secure Protocols
It's no mystery that the original TCP/IP protocols are quite vulnerable. Investigate a number of secure protocol implementations, such as SSH, HTTPS, FTPS, and S/MIME, to help you in securing your environment.
14 videos | 29m has Assessment available Badge
Troubleshooting Common Security Issues
The simplest answer is usually correct and that is never truer than when troubleshooting security. Explore common root causes of security issues, including unencrypted credentials, data exfiltration, unauthorized software, and more.
15 videos | 25m has Assessment available Badge
Identity & Access Services
Identity services is a huge initiative in securing modern networks. Examine the tools used to secure the environment based on the entity context.
14 videos | 33m has Assessment available Badge
Identity & Access Management Controls
Access control is at the heart of any successful security policy and deployment. Explore the different access control models and biometric factors that can be used to manage user access.
15 videos | 28m has Assessment available Badge
Common Account Management Practices
Security practitioners must be able to audit the implementation of account control mechanisms. Examine the various types of accounts and policies that can be implemented, as well as best practices for account management.
14 videos | 31m has Assessment available Badge
Frameworks, Guidelines, & Physical Security
Controlling access to assets is an important part of an organization's overall security initiative. Explore security frameworks, guidelines, and physical controls to help you properly secure your environment.
15 videos | 1h 57m has Assessment available Badge
Implementing a Secure Network Architecture
Isolation and location are critical to security success. Discover the security benefits that can be achieved by correctly isolating, separating, and placing resources in your organization.
6 videos | 49m has Assessment available Badge
Secure System, Application Design, & Deployment
Layered security plays an important role in the overall success of your security strategy. Examine when and where security needs to be considered for devices, systems, and applications.
18 videos | 1h 24m has Assessment available Badge
Cloud Computing, Virtualization, & Resiliency
In today's business world, maximizing resources and uptime is critical. Explore virtualization, cloud computing, and methods to provide resiliency.
12 videos | 1h 5m has Assessment available Badge
Policies, Plans, & Procedures
Security is only as strong as the underlying strategy and its implementation. Examine the importance and benefits that policies, plans, and procedures play in the overall security of your environment.
8 videos | 47m has Assessment available Badge
Business Impact Analysis & Risk Management
Knowing where to focus your security efforts is critical. Introduce yourself to the value of business impact analysis (BIA), risk management, and risk analysis with regards to security for your organization.
15 videos | 1h 6m has Assessment available Badge
Incident Response, Forensics, Recovery, & Security Controls
Being prepared and ready to react is key to security success. Explore procedures for reacting to disaster incidents, including recovery and backups, as well as the use of security controls in protecting privacy and data.
15 videos | 1h 4m has Assessment available Badge
SHOW MORE
FREE ACCESS

COURSES INCLUDED

Incident Tracking & Response
Explore incident tracking and response measures from the standpoint of a security architect. In 14 videos, learners will familiarize themselves with how to identify, categorize, track, and respond to incidents, as well as incident categories, integrating tracking into an organization, effective tracking, and tracking tools. Key concepts covered here include terms and definitions for communicating incident tracking; categories of incidents and how they need to be tracked; and learning who needs to have access to incident tracking information and how incident tracking can be integrated into an organization. Next, you will learn effective incident tracking practices and the tools used for incident tracking; examine approaches to setting incident response policies; and observe metrics used to measure the effectiveness of incident tracking. Learn the continuous monitoring approach to active incident tracking; learn the lifecycle of an attack and how it is tracked; and learn how to take a proactive approach to tracking incidents. Finally, learners will examine some of the cybersecurity regulations needed when it comes to tracking and responding to incidents.
14 videos | 50m has Assessment available Badge
Security Measures: Implementing Security Controls
Explore the use of security controls with the NIST Cybersecurity Framework in this 14-video course, which examines anatomy of security controls, from common to advanced and complex. You will discover how to test and monitor security controls, including the most basic quick-win controls for several control types. Key concepts covered here include security controls in relation to the overall NIST Cybersecurity Framework, and how security controls are relevant in SecOps; the major security control types and components of a security control; and defensive and quick-win controls for major control types. Next, learn how they are compromised, and steps for root cause analysis; learn the CIS critical security controls and how they are implemented; and observe how to assess security controls, including establishing security metrics for risk management framework and reporting. Learn how to investigate security controls when one fails and describe how to mitigate outcomes; learn processes of auditing security controls; and learn potential risk scenarios and how to mitigate and respond using security controls, including how to test controls to effectively respond.
14 videos | 1h 22m has Assessment available Badge
Security Topologies: Developing Secure Networks
Learners can explore secure network challenges and security measures used to configure common tools, in this 14-video course. Familiarize yourself with approaches to configuration with a security mindset and review common security threats and their mitigations. Begin by taking a look at the challenges of a secure-first network design, then describe a network design approach from a security mindset. Examine the challenges to DevOps and Agile mindsets in terms of security decisions, and the network security concerns for hybrid cloud models. Learn how to configure an NGINX HTTP service to prevent insecure file access and configure web application security settings in NGINX. View the dangers of file upload remote execution; use Secure Shell (SSH) as a secure proxy for web browsing from an insecure location, and configure a SSH client to use present server connection settings. Discover how to use local/etc/hosts to block unwanted connections; examine the threat of user account discovery and how it is carried out, and finally, learn how to use password security tools to enforce a strong password policy.
14 videos | 1h 7m has Assessment available Badge
Defensible Security
Explore defensible architecture and zero-trust models from the standpoint of a security architect. In this 14-video course, you will learn about tools used to address the challenges of network security and review common security models and standards for network security. Key concepts covered here include challenges and deficiencies of traditional security architectures; e standards that address the challenges of security architectures; and concepts and approaches to defensible architecture. Next, learners will examine some fundamentals for the zero-trust model for security; explore the security architecture needs for layers 1, 2, and 3; and delve into the principle of least privilege and how it pertains to security architecture. Learn about the security benefit of reproducible builds; learn how to configure a deny-first firewall using uncomplicated firewall (ufw); and learn how to configure a firewall to block all but a trust subnet. Finally, learners will observe how to configure a VPN service by using WireGuard; how to configure a secure VPN client to connect to a VPN server; and how to configure a firewall to block untrusted egress.
14 videos | 51m has Assessment available Badge
Data Security Breach Notification Process
Explore the data breach response plan, the regulatory requirements for notifying stakeholders and clients of a data security breach, as well as other topics covered in this 14-video course. Begin with an overview of the security breach notification plan and why it is important to have one. Examine the best practices for creating a data privacy breach plan and notifying stakeholders. Then learn how to identify best practices for notifying stakeholders during a security breach incident. Examine common types of security data breaches and categories; discuss the Digital Privacy Act and breach response obligations, and General Data Protection Regulation (GDPR) breach guidelines and stakeholder response obligations. Explore the Health Insurance Portability and Accountability Act (HIPAA) breach guidelines, and Gramm-Leach-Bliley Act breach guidelines, and stakeholder response obligations for both. Identify individuals who need to be notified during HIPAA data breach violations, and recognize consequences of security breach notification noncompliance. Also learn about acceptable methods for notifying affected parties of a data security breach. The exercise involves security breach notification risks.
14 videos | 57m has Assessment available Badge
Security Incident Triage
Explore the importance of security incident triage in handling incidents in a timely and automated manner, in this 14-video course, which familiarizes learners with anomalies and activities that often require triage. Key concepts covered in this course include security triage fundamentals and the strategies to implement triage; tools used in security triage; and automation techniques and common tips and rules of thumb for security triage. Next, you will explore the importance of communication and stakeholder management in security triage; examine the approaches to detecting anomalies and handling them with security triage; and learn about common protocol anomalies that require triage. Continue by exploring the different levels of monitoring for incidents in security triage while looking at network monitoring of traffic, bandwidth, and the various protocols used; learn to analyze SSH activity and security events to look for; and learn how to analyze DNS activity, HTTPS activity, and system log activity. Finally, learn how to describe security events to look for in each activity.
14 videos | 57m has Assessment available Badge
Security Program Regulatory Integration
In this 12-video course, learners will discover the importance of integrating regulations with organizational security policies. Explore security standards such as General Data Protection Regulation (GDPR); Health Insurance Portability and Accountability (HIPAA); and Federal Information Security Management Act (FISMA), as well as the International Organization for Standardization (ISO), and National Institute of Standard and Technology (NIST). To begin, determine how to establish the importance of building regulatory compliance into a company's IT security program. You will then examine Personally Identifiable Information (PII), and Protected Health Information (PHI). This leads into the subject of Payment Card Industry Data Security Standard (PCI DSS), and what it entails. You will learn how HIPAA protects medical information; how GDPR protects European Union citizen data, and how the Gramm-Leach-Bliley Act (GLBA), applies to financial institutions. You will also identify how FISMA strives to protect sensitive US Government information, and recognize both NIST and ISO security standards. To conclude the course, you will discover how the Sarbanes-Oxley Act (SOX), requires organizational financial transparency.
12 videos | 43m has Assessment available Badge
Unified Security: Playbook Approach to Security
Discover the playbook approach to security, including the security architect's approach to decision making in the era of Agile development, in this 14-video course. Explore challenges, benefits, and considerations to implementing a playbook approach. Key concepts covered here include use of automation to improve consistency for security practices; various approaches to security through playbooks; and important elements needed in a security playbook. Next, learn about the transition to playbooks and services in the cloud; examine goals and measures for success in using security playbooks; and learn some of the challenges in implementing security playbooks. You will learn about the concepts and features implemented in typical playbook tools; how to install Ansible and remotely execute commands on a managed host; and how to execute a simple Ansible playbook. Continue by learning how to configure the iptables firewall by using an Ansible playbook; how to configure an intrusion prevention system (IPS) to protect a system with an Ansible playbook; and how to configure unattended upgrades with an Ansible playbook to keep a system up to date.
14 videos | 51m has Assessment available Badge
Preemptive Troubleshooting: Concepts & Strategies
Explore preemptive troubleshooting for your organization's cyber security in this 14-video course, which examines available strategies, tools, best practices, and security policies to keep your system secure. First, you will examine how preemptive troubleshooting applies to security in SecOps and how it is different from intrusion detection systems and intrusion prevention systems. This course then demonstrates several scenarios that a SOC (security operations center) can use when troubleshooting network issues and system compromise. Learn best practices, including spotting weak passwords, hardware and software vulnerabilities, and security policies and procedures to keep systems secure. You will also learn how to use password policies, auditing, and how to prevent security compromises. This course demonstrates how threat hunters can help spot threats before they occur. Learners will study the policies and tools for troubleshooting hardware. Finally, you will learn how software and hardware update policies can aid in keeping system secure, and how preemptive resolution and training can help an organization to better secure its systems.
14 videos | 1h 30m has Assessment available Badge
Intelligent Orchestration: Automating Security Incident Processing
This 14-video course helps learners discover the importance of automating the responses to security incidents. Examine how security information and event management (SIEM) and security orchestration automation and response (SOAR) are related, as well as how automation and orchestration differ. The role of playbooks and machine learning in security is also covered. Begin by taking a look at security solutions that align with business objectives, then plan how security can be implemented with DevOps. Examine the relevance of security baselines, compliance reports, and regulatory compliance. Learners can observe common security tools and techniques; explore the need for proactive security incident planning; and see how to identify security incident response processes that could be automated. Differentiate between automation and orchestration solutions in IT, and describe how SIEM allows for centralized security event monitoring. Recognize the need for automated security incident triage and response; plan automation of security triage, and recall how playbooks create workflows that enable automated security incident responses. Finally, you will discover how machine learning can be used to identify potential security incidents.
14 videos | 1h has Assessment available Badge
SecOps Engineer: System Infrastructure Security
This 13-video course explores SecOps (security and operations) engineering concepts. Learners will observe how security and operations are fused together, and learn to integrate system infrastructure security with normal business operations by applying engineering principles. Begin by learning the steps for infrastructure hardening of the operating system, including server workstations, routers, devices. You will examine server hardening, including how to turn off unneeded services, and remove unneeded software. Next, learn how to analyze and harden Windows 10, and to use security devices, and implement intrusion detection and prevention systems. You will examine the practical use of IDS (intrusion detection system) to detect activity that appears to be a possible intrusion, to log it, and to notify the administrator. You will then examine IPS (intrusion prevention system), which takes the additional step of shutting down the suspicious activity. Finally, you will explore firewall concepts, including stateless firewalls, how to use SPI (stateful packet inspection), and how to place them to improve your security network.
13 videos | 1h 6m has Assessment available Badge
SecOps Engineer: Secure Coding
This 13-video course explores software protection by applying secure development and coding practices. Learners will examine secure coding key concepts, including early and frequent testing, and how to validate to ensure it is the proper kind of data, and the proper size, type, and format. First, the course demonstrates how to set up a simple filtering statement to improve software security. You will learn how to constrain user input, by implementing a drop-down box or radio buttons. You will also learn the top 10 rules established by CERT (Computer Emergency Response Team) for secure programming, and how to operationalize secure software deployments, as well as continuous secure delivery to quickly update changes and upgrades. Learners will explore verification, and secure validation software metrics to measure and improve software. You will learn to use C# code, evaluate both secure and unsecure parts, for the web and Windows code, and learn to secure code with Python. Finally, you will learn to secure code with Java.
13 videos | 56m has Assessment available Badge
SecOps Engineer: Security Engineering
Explore fundaments of cybersecurity and engineering in this 10-video course, which examines the fundamental concepts of the CIA (confidentiality, integrity, and availability) triangle, and views security operations, security planning, engineering, application security through these three concepts. First, learners will examine the more advanced version: the McCumber Cube. You will learn to integrate systems engineering into cybersecurity, and explore requirements engineering, and how to gather requirements. Next, learn how to analyze them, to apply security requirements engineering techniques, and to finalize project requirements. You will be introduced to SecML (Security Modeling Language) which takes SysML (System Modeling Language) used by systems engineers, and to modify portions of it to be specific to cybersecurity. You will examine how SecML can be used to create both offensive and defensive security mitigation controls. This course examines security metrics, and how to apply engineering failure analysis methods to cybersecurity. Finally, you will observe how to incorporate security requirements engineering into cybersecurity, and the relevance of regulatory requirements.
10 videos | 37m has Assessment available Badge
SecOps Engineer: Cloud & IoT security
This course explores basic concepts of the cloud and IoT (Internet of things), and examines common security threats, a somewhat new and neglected area of cybersecurity. In this 8 video course, you will examine the cloud concept of distributed storage, and how IoT uses the cloud. First, examine the basics of cloud architecture, and some of the variations. You will learn that a private cloud is an expensive solution, and examine the security advantages of using a private cloud, in which one organization has full control over cloud security, and does not share the cloud with data from other organizations. You will learn about the available public cloud services, including Amazon, Microsoft Azure, and the iCloud for Apple devices. There are two basic advantages to using a public cloud: the cost, and cloud vendors specialize in cloud administration and security. You will also examine concepts and practices for cloud security, for both the cloud and IoT, including least privileges, and the CIA triangle.
8 videos | 35m has Assessment available Badge
SecOps Engineer: Threat Mitigation
This course explores the general concepts of threat mitigation for SecOps (security and operations) engineers. In this 13 videos, learners will observe the three basic concepts for threat mitigation and threat intelligence: identification, prevention, and responses. This course examines acceptable risk levels. You will analyze malware classification, such as viruses, worms, logic bombs, and backdoor software. You will learn to mitigation malware, and threats to websites; and examine types of ransomware, including Cryptolocker, Cryptowall, WannaCry, and Bad Rabbit, as well as explore possible solutions. You will learn how DoS (denial of service) is conducted, and see examples of specific attacks; then examine cross-Site Scripting, parameter traversal, and cross-Site Request Forgery. You will learn to address insider threats, and how to mitigate social engineering, phishing, and insecure protocols. Learners will examine how to integrate analysis into mitigating these threats. Finally, this course explores cyberthreat intelligence, and suggests that you subscribe to the National Vulnerability Database, and its feeds.
13 videos | 1h 2m has Assessment available Badge
Security Best Practices: Network Appliance Security
This course explores the best practices for securing network appliances, and the top network security risks in 14 videos examining best practices for IoT (Internet of things) security risks. You will learn the best practices for transitioning to the Cloud, and the three basic service models IaaS (infrastructure as a service), PaaS (platform as a service), and SaaS (software as a service). Learners will then examine the network perimeter, and security issues and strategies when moving to the Cloud, including how to address de-perimeterization and perimeter exploitation. You will learn about several security architecture models, including Zero Trust Architecture, intrusion kill chain, and the diamond model for intrusion analysis. You will examine the impact of software defined networking, and micro-segmentation to the network security. Learn about next-generation firewalls, network intrusion detection and prevention systems, and distributed denial of service attacks. Finally, you will learn the best practices of Zero Trust Architecture, and how to incorporate them.
14 videos | 1h 38m has Assessment available Badge
Policy & Governance: Incident Response
Learners can explore the creation, adoption, and use of an IRP (Incident Response Plan) in this 14-video course, which examines the purpose and objectives of an IPR, and how it incorporates the objectives of an organization. You will learn how to draft an IRP, and examine the six stages of incident response: preparation, identification, containment, eradication, recovery, and lessons learned. Next, you will examine several tools that are available for incident response strategies, including Sleuth Kit, Metasploit, Websense, and FireEye Security Orchestrator. You will explore the different types of CSIRTs (Computer Security Incident Response Teams), team roles, their purpose, and the benefits of an outsourced team. This course demonstrates an incident team response with two hypothetical scenarios. You will learn about compliance and regulatory requirements, and will examine the international standard, ISO 27001. You will examine governance policy to direct and control IT security. Finally, you will learn to use governance polices to create incident response policies, and you will learn the elements and best practices for creating a plan.
14 videos | 1h 15m has Assessment available Badge
Planning Measures: Incident Response Planning
This 8-video course explores how to build an effective incident response plan, including creation of response policies, plans, procedures, and teams. In this course, you will examine the process to recover from security related incidents such as malware, data leakage, or stolen equipment. You will also review what to implement for security controls to prevent attacks against confidentiality, integrity, and availability of company assets. Learners observe how to create an incident response plan and the steps for creating incident response policies, plans, and procedures. You will learn the six phases necessary to build an incident response plan, and the job roles for each member of the team. You will examine who should be part of the CSIRT (computer security incident response team). Next, examine the different roles that make up a computer security incident response team, their purposes, and the elements of an incident response policy. Finally, this course uses a real-world case study to demonstrate how to implement the incident response plan.
8 videos | 36m has Assessment available Badge
Regulation Conformance for Incidence Response
Explore regulations, policies, and industry practices that organizations should implement for incident responses in this 14-video course, which examines how to build a regulation conformance plan, and a voluntary adherence plan to a set of standards or regulations for an organization. In this course, learners will examine industry standards, including the NIST (National Institute of Standards and Technology) and CIS (Center for Internet Security) standards. You will learn how to build a conformance plan, and how to apply it in the workplace. This course next examines how to document incidents in compliance with regulations, and with the organization's conformance plan. You will learn how to do risk assessments, how to audit, and create logs, and examine several types of internal and external breaches, and how to use Agile, and conformance plans in DevSecOps. This course demonstrates techniques for reacting to conformity change. You will explore internal and legal implications when handling incidents. Finally, learners will study scenarios that demonstrate a conformance program and incident response.
14 videos | 1h 45m has Assessment available Badge
Patch Management Strategies
This course explores benefits of employing a patch management strategy, and its importance to overall security. In this 14 videos, you will learn patch management concepts, and management methodologies including baselining, hardening, and backout plans. Learners will examine best practices, what to do when vendor-specific issues occur, and how to get issues patched before they become a threat. You will learn to analyze and assess patches before implementation, and how to use several tools and techniques to patch and harden systems. You will also learn how to implement patches, and how to automate the process. Next, examine testing and configuration management, and patch management, by using both open-source and commercial tools. You will learn to use the patch rollout process and policies for patch updates. You will learn how patch management can use the Agile software development process, which uses cross-functional teams to make the process more efficient; its goal is to deliver software on regular intervals. Finally, you will learn to create and implement a patch strategy in a serverless architecture.
14 videos | 1h 16m has Assessment available Badge
Monitoring & Securing System Configuration
In this 14-video course, you will learn how to drive system configuration monitoring by using tools to keep systems secure and the importance of monitoring system configuration within an organization for incident response. Key concepts covered here include the configuration management (CM) process and how it can influence securing system configuration for incident response; tools and software to monitor systems and their advantages for incident response; and continuous monitoring in risk management, including the three-tier approach. Next, learn the process of minor, major, and unknown configuration changes; learn the importance of securing CM processes in the software development lifecycle (SDLC) for preventing security impacts; and observe methods for identifying common high probability items, such as identifying default or weak credentials. Continue by learning to implement a secure system CM program; and how to assess the monitoring process and perform security configuration evaluations. Finally, observe methods of monitoring releases and deliveries throughout SDLC; learn security controls for monitoring system configuration in a cyber framework; and learn how monitoring system configuration is important in today's enterprise SDLC.
14 videos | 1h 22m has Assessment available Badge
Threat Intelligence & Attribution Best Practices: Threat Intelligence Concepts
Identifying and interpreting threat intelligence is crucial to preventing and mitigating cyber attacks. In this course, you'll explore the various threat intelligence types and how they relate to an organization's threat landscape. You'll begin by examining the key characteristics and benefits of threat intelligence and how to use it before, during, and after an attack. You'll then name known cyber threat actors and common indicators of compromise. You'll characterize intelligence, data, and information, and the four categories of threat intelligence: strategic, tactical, operational, and technical. You'll outline the threat intelligence lifecycle and how machine learning and risk modeling relate to threat intelligence. Lastly, you'll recognize threat intelligence use cases and sources, and how to map the threat landscape and benefit from intrusion detection and analysis.
20 videos | 1h 47m has Assessment available Badge
Threat Intelligence & Attribution Best Practices: Attribution Analysis
Cyber attribution analysis is used to track, identify, and incriminate perpetrators of cyber attacks or exploits and is a must-know offensive security operations technique. In this course, you'll learn about the fundamental concepts and critical concerns related to attribution. You'll start by examining the different attribution types and levels before exploring attribution indicators, techniques, best practices, tools, and challenges. Moving on, you'll gain insight into how to identify and interpret forensic artifacts gathered from various sources, manage evidence, and make attribution judgments and assessments. You'll then study geopolitics, the Intelligence Community, and legal considerations as they relate to cyber threats and attribution. Lastly, you'll look into how malware cyber threat reverse engineering, code sharing analysis, and network behavior analysis lead to attribution.
20 videos | 1h 31m has Assessment available Badge
Mitigating Security Risks: Managing Network & Infrastructure Security Risks
To mitigate cyber, data, cloud, and information security risks, you need solid knowledge of the complete network security process, from network design to continuous monitoring and logging. In this course, you'll explore some vital network security concepts and standard techniques for mitigating security risks. You'll start by examining the potential vulnerabilities in a network and how these turn into threats. You'll then explore the decisions you need to make to secure the network infrastructure. Next, you'll investigate different network zones and tools used for monitoring, detection, and logging. You'll finish by outlining a secure network design's characteristics and the recommended guidelines and best practices for network security. On completion of this course, you'll be able to plan for network and infrastructure-related security risks using recommended tools, methods, and best practices.
11 videos | 1h 36m has Assessment available Badge
Mitigating Security Risks: Managing Physical Security Risks
Physical security is an important but potentially overlooked consideration when implementing network security. In this course, you'll explore what's meant by physical security, how you can implement physical security risk countermeasures, and what the motivations are for doing so. You'll start by defining physical security. You'll then investigate the critical decisions you must make when planning for physical security. Next, you'll delve into various types of physical security risks, such as tailgating, and the methods to handle these. Moving on, you'll outline the layers of security controls that can be added to increase physical security and recognize the challenges security personnel face in ensuring physical safety. Lastly, you'll study how the security principles examined in this course can be used in facility and site design, including internal and perimeter security controls.
11 videos | 1h 1m has Assessment available Badge
Mitigating Security Risks: Cyber Security Risks
Effective cybersecurity risk management requires intricate knowledge of day-to-day IT security risks, network vulnerabilities, and cyber attacks. In this course, you'll detail several cybersecurity breaches and how best to prevent each one. You'll start with a general overview of what comprises security risks before categorizing different types into information, cloud, and data-related risks. Next, you'll explore cybercrime methods, the motivations behind them, and the security gaps that invite them in. You'll then use real-life examples to detail some commonplace cyberattacks and crimes. Moving on, you'll investigate what's meant by malware and outline best practices to manage worms, viruses, logic bombs, trojans, and rootkits. You'll also learn how to safeguard against malware, spyware, ransomware, adware, phishing, zero-day vulnerabilities, DoS, and backdoor attacks. By the end of the course, you'll be able to outline guidelines and best practices for securing against the most prevalent types of cybercrimes.
13 videos | 1h 22m has Assessment available Badge
Mitigating Security Risks: Managing Social Engineering Risks
Social engineering is a security attack method that takes advantage of the social aspect of human nature, which includes trust and interactivity. All members of an organization need to recognize how these subtle and manipulative techniques work and what they can do to avoid falling prey to them. In this course, you'll explore what's meant by social engineering, examining standard social engineering techniques, the basic principles of these kinds of attacks, their intended outcomes, who and what they target, and the risks they pose for your organization. Moving along, you'll investigate how social engineering is used to launch a cyberattack, study different types of spoofing attacks, and specify best practices to safeguard against social engineering. At the end of the course, you'll recognize the objectives of social engineering attacks, how they're carried out, and how to implement security measures to prevent them.
10 videos | 1h 16m has Assessment available Badge
Mitigating Security Risks: Information, Cloud, & Data Security Risk Considerations
To keep your organization's data secure, you need to know why your data is at risk and how to protect it using established principles and standards. In this course, you'll explore commonly used techniques to compromise data and how international best practices can help protect against these breaches. You'll start by examining three fundamental information security principles, which define information security policy and help identify risks. You'll then outline data breach methods and identify the targets of these threats. Next, you'll investigate what's meant by 'the human factor' and why it's key to any attack. You'll then study how technologies to secure data and information work under the hood. Moving on, you'll outline primary worldwide information security regulations and governance frameworks. Lastly, you'll examine why the ISO 27017 cloud security principles need to be considered when formulating a cloud security risk management plan.
11 videos | 59m has Assessment available Badge
Mitigating Security Risks: Managing Information, Cloud, & Data Security Risks
To lead security-related decisions in the right direction, those in specific job roles need to have a solid comprehension of the guidelines, measures, and best practices for effective security risk management. In this course, you'll learn how to manage various types of risks, including those related to information, cloud, and data. You'll explore key countermeasures to safeguard information and data both on-premises and in the cloud. You'll also examine best practices for cloud security, data management, access control, and backup. Additionally, you'll outline common security risk scenarios and the best ways to protect data and information, including from unintentional exposure. Lastly, you'll study how to use data science and AI to detect security threats.
17 videos | 1h 36m has Assessment available Badge
Mitigating Security Risks: Handling Natural Threats
Natural disasters pose serious security threats. Effective planning and management are required to minimize the damage and loss they could cause. In this course, you'll explore various types of natural threats, their impact on assets and data, and what you can do about them. You'll examine what the procedure is for preparing for natural disasters as well as dealing with the aftermath. You'll also learn how to do this with human-made disasters, such as terrorism. You'll finish the course by diving deeper into how to create an effective emergency action plan for natural disaster risk mitigation.
7 videos | 36m has Assessment available Badge
Mitigating Security Risks: Managing Risks from Internal Stakeholders
Effective risk management involves managing risks from external as well as internal sources. Because security risks can be introduced through internal stakeholder decisions, working with them to build awareness of the broad spectrum of security risks and their role in mitigating these is essential. In this course, you'll explore the internal stakeholder's role in the security landscape context. You'll then investigate how to effectively communicate with stakeholders regarding their role in preventing security risks from being introduced. You'll build on these concepts by examining best practices for continual stakeholder engagement using workplace example scenarios. You'll then outline various methods of effective security health reporting. At the end of this course, you'll be able to plan for effective stakeholder communication and engagement.
7 videos | 52m has Assessment available Badge
Mitigating Security Risks: Managing Security in a Hybrid Workplace
Hybrid workplaces are an attractive working style for many organizations. However, a functioning and secure hybrid workplace can take some strategic planning and management to achieve. By their nature, hybrid workplaces pose various security risks. Security leaders need to educate themselves and their employees on what these risks are and how best to avoid them. In this course, you'll explore what a hybrid workplace entails and the resulting security risks. You'll then outline tips and guidelines to secure a hybrid workplace. You'll also learn about the security risks of the 'work from home' (WFH) working methodology and guidelines for securing it. Upon completing this course, you'll be able to classify the security challenges of a hybrid workplace and WFM situation, outline how to communicate these risks to employees to aid in risk prevention, and recognize the critical decisions when planning for a secure hybrid workplace.
10 videos | 56m has Assessment available Badge
Mitigating Security Risks: Information Security Governance
Adequate risk management requires the policies, procedures, standards, and guidelines that encompass effective information security governance are in place. This course shows you how to incorporate security governance as part of a robust security strategy. Examine the many security governance elements. Outline how to design, implement, and continually evaluate your strategy based on best practices. Define how security governance relates to the CIA Triad and distinguish between security governance and security management. Furthermore, investigate IT governance frameworks and compare centralized, decentralized, and hybrid structures. After taking this course, you'll recognize what's needed to implement a sound and robust information security governance strategy at your organization.
20 videos | 1h 32m has Assessment available Badge
Mitigating Security Risks: Managing the Incidents
Security breach incidents need to be handled effectively to prevent further occurrences. An incident management process based on best practices greatly helps deal with and thoroughly learn from incidents. Use this course to recognize the steps involved in the incident management process, the dependencies this process has on other processes, and who's involved in incident management. Examine the use of incident handling forms and incident prevention measures. Furthermore, study the signs employees should look out for and escalate that indicate a security breach event is occurring. After completing this course, you'll recognize how to use the incident management process to identify, manage, and prevent security breach incidents.
13 videos | 1h 13m has Assessment available Badge
Mitigating Security Risks: Maintaining Business Continuity
Business continuity planning (BCP) ensures an organization functions smoothly during an unplanned incident or disaster. In this course, you'll explore what comprises BCP and how you can employ its methods before, during, and after a disaster. You'll learn about the importance of a business continuity plan and what's needed to create an effective one. You'll differentiate a business continuity plan from disaster recovery and emergency action plans. You'll then investigate some of the individual BCP steps in more detail, including the business impact analysis (BIA), risk management plan, and incident response plan phases. Moving on, you'll study what's involved in post-disaster recovery planning. Finally, you'll explore how to achieve business resiliency and excellence in the face of a disaster and during a pandemic, examining not only how to get back to normal but also how to exploit new opportunities and grow.
17 videos | 1h 44m has Assessment available Badge
Mitigating Security Risks: Maintaining a Secure Workplace
Securing a workplace is a collaborative effort and requires contribution from everyone, including employees at all levels. It's a leader's role to educate and encourage everyone to build a security mindset into their daily practices. In this course, you'll learn how to foster a secure workplace. You'll start by exploring what comprises a secure workplace before examining best practices for achieving this state. You'll then outline best practices for developing a security policy. Next, you'll study how to conduct security awareness training, cultivate an organization-wide security mindset, and encourage employees to take ownership of the security processes. Finally, you'll learn about the role of security certifications, specifically the Cyber Maturity Model certification. You'll recognize what it comprises and how it applies to a secure workplace.
9 videos | 53m has Assessment available Badge
SHOW MORE
FREE ACCESS

EARN A DIGITAL BADGE WHEN YOU COMPLETE THESE COURSES

Skillsoft is providing you the opportunity to earn a digital badge upon successful completion on some of our courses, which can be shared on any social network or business platform.

Digital badges are yours to keep, forever.

BOOKS INCLUDED

Book

The Best Damn IT Security Management Book Period
Providing specific guidelines and checklists, this guide has comprehensive coverage of all major IT and security management issues and is an indispensable addition to the serious security professional's toolkit.
Book Duration 18h 29m Book Authors By Susan Snedaker, et al.

Book

Social Engineering in IT Security: Tools, Tactics, and Techniques
Written by a global expert on the topic, this book discusses the roots and rise of social engineering and presents a proven methodology for planning a test, performing reconnaissance, developing scenarios, implementing the test, and accurately reporting the results.
Book Duration 5h 55m Book Authors By Sharon Conheady

Book

Information Technology Security Fundamentals
Assisting managers in understanding the role of IT Security in their enterprise, this book defines security from an organizational perspective, then builds upon that by discussing issues related to low-level technologies and higher level management issues like security policy.
Book Duration 2h 41m Book Authors By Bryan Hosack, Glen Sagers

Book

Network and System Security, Second Edition
Exploring practical solutions to a wide range of network and systems security issues, this comprehensive book is authored by leading experts in the field and addresses the immediate and long-term challenges in the authors' respective areas of expertise.
Book Duration 9h 35m Book Authors By John R. Vacca (ed)
SHOW MORE
FREE ACCESS

BOOKS INCLUDED

Book

Cybersecurity Essentials
Cybersecurity jobs range from basic configuration to advanced systems analysis and defense assessment. This book provides the foundational information you need to understand the basics of the field, identify your place within it, and start down the security certification path.
Book Duration 9h 27m Book Authors By Charles J. Brooks, Christopher Grow, Donald Short, Philip Craig

Book

The Manager’s Guide to Cybersecurity Law: Essentials for Today's Business
Taking you beyond security standards and regulatory controls to ensure that your current or future cybersecurity program complies with all laws and legal jurisdictions, this much needed book covers the range of practical information you will need as you explore – and prepare to apply – cybersecurity law.
Book Duration 3h 2m Book Authors By Tari Schreider

Book

Personal Cybersecurity: How to Avoid and Recover from Cybercrime
Revealing the most prevalent cyber threats against individual users on all kinds of computing devices, this book teaches you the defensive best practices and state-of-the-art tools available to you to repel each kind of threat.
Book Duration 5h 9m Book Authors By Marvin Waschke

Book

Cybersecurity Breaches and Issues Surrounding Online Threat Protection
Featuring extensive coverage across a range of relevant topics, such as robotics, cloud computing, and electronic data diffusion, this book is an essential reference for the latest scholarly research on the various types of unauthorized access or damage to electronic data.
Book Duration 7h 39m Book Authors By Michelle Moore
SHOW MORE
FREE ACCESS

BOOKS INCLUDED

Book

Security Fundamentals
An approachable discussion of core security concepts and topics, this book is your guide to developing a strong foundational understanding of Windows security, so you can take your IT career to the next level and feel confident going into the certification exam.
Book Duration 5h 25m Book Authors By Crystal Panek

BOOKS INCLUDED

Book

The Best Damn IT Security Management Book Period
Providing specific guidelines and checklists, this guide has comprehensive coverage of all major IT and security management issues and is an indispensable addition to the serious security professional's toolkit.
Book Duration 18h 29m Book Authors By Susan Snedaker, et al.

Book

Social Engineering in IT Security: Tools, Tactics, and Techniques
Written by a global expert on the topic, this book discusses the roots and rise of social engineering and presents a proven methodology for planning a test, performing reconnaissance, developing scenarios, implementing the test, and accurately reporting the results.
Book Duration 5h 55m Book Authors By Sharon Conheady

Book

Information Technology Security Fundamentals
Assisting managers in understanding the role of IT Security in their enterprise, this book defines security from an organizational perspective, then builds upon that by discussing issues related to low-level technologies and higher level management issues like security policy.
Book Duration 2h 41m Book Authors By Bryan Hosack, Glen Sagers

BOOKS INCLUDED

Book

Network and System Security, Second Edition
Exploring practical solutions to a wide range of network and systems security issues, this comprehensive book is authored by leading experts in the field and addresses the immediate and long-term challenges in the authors' respective areas of expertise.
Book Duration 9h 35m Book Authors By John R. Vacca (ed)

Book

Information Technology Security Fundamentals
Assisting managers in understanding the role of IT Security in their enterprise, this book defines security from an organizational perspective, then builds upon that by discussing issues related to low-level technologies and higher level management issues like security policy.
Book Duration 2h 41m Book Authors By Bryan Hosack, Glen Sagers

Book

The Best Damn IT Security Management Book Period
Providing specific guidelines and checklists, this guide has comprehensive coverage of all major IT and security management issues and is an indispensable addition to the serious security professional's toolkit.
Book Duration 18h 29m Book Authors By Susan Snedaker, et al.

Book

Social Engineering in IT Security: Tools, Tactics, and Techniques
Written by a global expert on the topic, this book discusses the roots and rise of social engineering and presents a proven methodology for planning a test, performing reconnaissance, developing scenarios, implementing the test, and accurately reporting the results.
Book Duration 5h 55m Book Authors By Sharon Conheady
SHOW MORE
FREE ACCESS

BOOKS INCLUDED

Book

Security Fundamentals
An approachable discussion of core security concepts and topics, this book is your guide to developing a strong foundational understanding of Windows security, so you can take your IT career to the next level and feel confident going into the certification exam.
Book Duration 5h 25m Book Authors By Crystal Panek

Book

Network and Data Security for Non-Engineers
Presenting the tools, establishing persistent presence, and examining the use of sites as testbeds to determine successful variations of software that elude detection, this book explains network and data security by analyzing the Anthem breach step-by-step, and how hackers gain entry, place hidden software, download information, and hide the evidence of their entry.
Book Duration 4h 56m Book Authors By Frank M. Groom, Kevin Groom, Stephan S. Jones

Book

Cryptography and Network Security: A Practical Approach
Network security is a set of protocols that allows us to use the internet comfortably without worrying about security attacks, and the most common tool for providing network security is cryptography. This book provides a practical survey of the principles of cryptography and network security.
Book Duration 3h 55m Book Authors By K. Haribaskar

Book

Network Security: A Decision and Game-Theoretic Approach
Covering attack detection, malware response, algorithm and mechanism design, privacy, and risk management, this comprehensive work applies unique quantitative models derived from decision, control, and game theories to understanding diverse network security problems.
Book Duration 6h 9m Book Authors By Tamer Basar, Tansu Alpcan

Book

Network and System Security, Second Edition
Exploring practical solutions to a wide range of network and systems security issues, this comprehensive book is authored by leading experts in the field and addresses the immediate and long-term challenges in the authors' respective areas of expertise.
Book Duration 9h 35m Book Authors By John R. Vacca (ed)

Book

Guide to Computer Network Security, Second Edition
Including both quickly-workable questions and more thought-provoking advanced exercises, this book exposes the various security risks and vulnerabilities of computer networks and networked devices, offering advice on developing improved algorithms and best practices for enhancing system security.
Book Duration 10h 32m Book Authors By Joseph Migga Kizza

Book