Security Core Concepts: Security beginner
Security:
Expertise:
- 2 Courses | 2h 23m 8s
- 4 Books | 36h 40m
- 19 Courses | 18h 37m 1s
- 2 Books | 14h 36m
- 11 Courses | 3h 55m
- 1 Book | 5h 25m
- Includes Lab
- 5 Courses | 3h 36m 18s
- 3 Books | 27h 5m
- Includes Lab
- 7 Courses | 3h 21m 27s
- 4 Courses | 3h 43m 37s
- 4 Books | 36h 40m
- 2 Courses | 2h 6m 37s
- 1 Course | 24m
- 9 Books | 70h 50m
- Includes Lab
- 54 Courses | 57h 46m 29s
Security is a primary concern for network administrators. Discover the basics of security, from methods, tools, and technologies.
GETTING STARTED
Cybersecurity Awareness and Threat Vectors
-
2m 10s
-
1m 22s
GETTING STARTED
Security Vulnerabilities: Managing Threats & Vulnerabilities
-
1m 22s
-
4m 5s
GETTING STARTED
End-User Security: The End-User Perspective
-
1m 35s
-
4m 50s
GETTING STARTED
Microsoft Security: Compliance Concepts & Methodologies
-
55s
-
8m 55s
GETTING STARTED
Anomaly Detection: Aspects of Anomaly Detection
-
2m 2s
-
11m 4s
GETTING STARTED
CompTIA Security+: Security Goals & Controls
-
30s
-
4m 57s
COURSES INCLUDED
Fundamental Security Concepts
Online user accounts are one of easiest entry points for savvy hackers. Explore fundamental security concepts of authenticity, integrity, and confidentiality, and the role they play in establishing effective user account policies.
15 videos |
1h 21m
Assessment
Badge
Understanding Attacks & Prevention Practices
Online user accounts are one of easiest entry points for savvy hackers. Discover why and how most common user account breaches happen, as well as general security practices to help protect against potential intrusions via user accounts.
10 videos |
1h 1m
Assessment
Badge
COURSES INCLUDED
Cybersecurity Awareness and Threat Vectors
Cybersecurity is often defined as the protection of computer systems and networks from unauthorized or unwanted information disclosure, theft or damage. In this course, explore the potential impacts of a personal or business security breach, and discover the fundamentals of the confidentiality, integrity, and availability triad. Explore how baselining can be used to better understand an IT environment and learn to differentiate between natural, malicious human, chemical, and non-malicious threats. Explore security concerns as they relate to internal and external human activity, and discover how to identify drivers for security controls. Explore common functions and purposes of security controls and discover the importance of testing corrective controls in place. Lastly, explore how to differentiate between quantitative and qualitative risk analysis, as well as between data in motion and data at rest. This course was originally created by Global Knowledge (GK).
20 videos |
42m
Assessment
Badge
Network Discovery Tools and Techniques
Network discovery is the process of identifying or mapping internal networks and computer resources in an organization. Conveniently, network discovery tools can be used to automate the scanning process and discover all the devices on a specific network. In this course, you'll learn about the OSI and TCP/IP models, and how they are used to facilitate communication between entities on a network. Explore how security controls behave at different layers of the OSI and TCP/IP models. Explore common network devices and learn how they can be compromised physically or administratively. Discover how to differentiate between discovery, footprinting, and scanning tools, and explore categories of discovery tools including auditing, vulnerability scanning, and SNMP. Explore Nmap, Zenmap, and SuperScan network discovery tools, and learn when to use protocol analyzer tools such as Wireshark. Lastly, discover the benefits of periodically referencing the Common Vulnerabilities and Exposures database. This course was originally created by Global Knowledge (GK).
21 videos |
1h 1m
Assessment
Badge
Systems Hardening
Security hardening is the process of securing systems and networks by reducing the surface of vulnerability. In this course, you'll learn the types of systems that can be hardened as well as how security baselines can be used to define normal conditions on a network. Explore how Group Policy can be used to apply computer settings to numerous systems at once, and discover the benefits of performing ongoing security patching. Explore steps used to harden systems by role including: client, server, database, web server, FTP, DNS, DHCP, network, and mobile devices. Lastly, learn how to differentiate between free and commercial hardening tools, recognize steps to properly implement authentication, authorization, and accounting, and implement physical security to contribute to overall security stability. This course was originally created by Global Knowledge (GK).
24 videos |
1h 4m
Assessment
Badge
Getting Started with Security Architecture
Security architecture can be defined as the specifications, processes, and standard operating procedures (SOPs) required to protect an organization's IT infrastructure. In order to improve network security and mitigate risks, a series of network devices can be used to control access to networks and resources. In this course, explore how security architectures can be used to enforce security at the network layer. Explore basic switching and routing devices, and discover core functions of a network intrusion detection systems (NIDS) and host-based intrusion detection systems (HIDS). Explore the characteristics and categories of firewall devices, and learn about networks, intranets, and demilitarized zones. Discover the benefits of network segmentation and learn how to segment networks. Lastly, discover how Network Address Translation (NAT) is used to map addresses, and explore how Network Access Control (NAC) can be used to verify compliance using security policies. This course was originally created by Global Knowledge (GK).
19 videos |
1h 11m
Assessment
Badge
Securing Information using Cryptography
Cryptography is a process used to keep information secret and safe by transforming it into an unrecognizable form that unwanted and unintended recipients cannot understand. In this course, you'll explore how cryptography can be used for confidentiality and integrity. Discover when to use symmetric and asymmetric encryption and discover the advantages and disadvantages of both. Explore practical use cases for cryptography and explore how hashing can be used to ensure data integrity. Discover how digital signatures can provide message integrity, authenticity, and non-repudiation and learn how to implement digital signatures. Discover how to differentiate between rights and permissions and explore access control methods such as discretionary access control, mandatory access control, and role-based access control. Lastly, explore how steganography can be used to hide secret information in or on another object, and how digital rights management (DRM) tools can be used to control access to protected data. This course was originally created by Global Knowledge (GK).
25 videos |
1h 20m
Assessment
Badge
Public Key Infrastructure and Certificate Distribution
Public-key infrastructure (PKI) is the framework of encryption and cybersecurity used to safely distribute, verify and revoke certificates in an organization and manage public-key encryption. In this course, you will learn the fundamentals of PKI and explore considerations when implementing trust structures through technology and public key-based digital certificates. Explore PKI components including certification authorities, certificates, revocation lists, registration authorities, entities and certificate templates, and discover how certificate authorities (CA) are used to issue certificates to entities and manage trust relationships. Discover how to differentiate between root and subordinate CAs as well as internal and external PKIs, and explore public key certificates and how they can represent the digital identity of the subject. Lastly, explore common certificate acquisition methods including web, auto-enrollment, MMCs, and native consoles, and explore use cases for common access cards (CAC). This course was originally created by Global Knowledge (GK).
17 videos |
53m
Assessment
Badge
Identity Management, Directory Services, and Federation
Identity management is a framework used to ensure appropriate access controls are in place to grant authenticated users access to enterprise assets. In this course, you will learn about the key fundamentals of identity management, including privilege administration, access control, and system scalability. Explore identification, authentication, authorization, accountability (IAAA) services and discover how personally identifiable information (PII) can be used to identify a subject. Explore the three main types of authentication factors: something you know, something you have, and something you are, and discover how to choose appropriate and accurate biometric criteria. You'll also learn about directory services and how they can be used to organize network resources. Explore password cracking techniques and tools, and discover when to use same sign-on and single sign-on authentication schemes. Lastly, explore how federation can be used to link together different authentication systems. This course was originally created by Global Knowledge (GK).
27 videos |
1h 19m
Assessment
Badge
Network Hardening, Network Segmentation, and Secure Connections
Network hardening can help identify potential vulnerabilities, secure systems, and reduce the risk of unauthorized access. In this course, you'll learn how to secure administrative and remote access connections. You'll discover key features of the Simple Network Management Protocol (SNMP) and explore the various types of firewalls and logical locations to place them on a network. Discover how to control and manage traffic using rules on routers and firewalls, and explore how firewall management can contribute to overall network hardening. Discover how to limit internal and external physical access to resources. Explore best practices for managing telecom and wiring closets as well as considerations for establishing secure access. Lastly, explore the importance of hardening wireless access points and recognize how to harden network elements including firewalls, routers, and access points. This course was originally created by Global Knowledge (GK).
27 videos |
1h
Assessment
Badge
Fundamentals of Malware Analysis and Remediation
Malware is any software with the intention to wreak destruction or gain access to sensitive information. Malware is often used as a blanket term for common computer worms, viruses, and trojans. In this course, you'll learn how to protect systems from malware by implementing and managing anti-malware software. Explore different malware infection methods and learn how to differentiate between different types of malware. Explore how viruses can attach themselves to system applications and learn about common virus threats. Discover how to differentiate between worms, trojans, rootkits, and bots, and explore how spyware and adware spyware can be embedded into applications that look free and interesting to use. Lastly, explore how ransomware works and discover countermeasures to protect against threats including user awareness programs, scanning systems, and monitoring network activity. This course was originally created by Global Knowledge (GK).
23 videos |
56m
Assessment
Badge
Social Engineering Threats and Prevention
Social engineering is a form of attack that is accomplished using malicious activities through human interactions. In a common social engineering attack, humans are tricked into making security mistakes or giving away sensitive information. In this course, you'll explore the goals of social engineering including gaining access to sensitive data, physical locations, and systems. Discover vulnerabilities that make social engineering possible, explore common targets, and learn about indirect and direct social engineering attacks. Explore how searching a person or business's trash can produce information that can be used to carry out an attack, and discover the importance of staying up to date with the latest social engineering stats and trends. Explore the importance of cyber awareness and reporting workplace abnormalities, and discover the various social media site types including social networks, video sharing, blogging, and photo sharing. Lastly, explore factors that drive people to post compromising material on social media. This course was originally created by Global Knowledge (GK).
27 videos |
1h 2m
Assessment
Badge
Software Engineering, Security and Vulnerabilities
The principles of software engineering include designing, developing, implementing, and maintaining a software solution. One crucial aspect of software security is to determine if software is safe to release to an organization or public. In this course, you'll explore the Software Development Life Cycle (SDLC) and learn about maturity levels used to define agility and effectiveness of a development solution. Discover how security guidelines can help improve the quality and security of a software development, and explore the importance of staying current with the types and trends of software threats and exploits. Continue to learn about software vulnerabilities while exploring common attacks including buffer overflows, database injection, cross-site scripting, and directory traversal attacks. Lastly, explore how misconfiguration of servers increases the likelihood of attacks, and discover how permissions are used to secure directories used by applications. This course was originally created by Global Knowledge (GK).
15 videos |
57m
Assessment
Badge
Environment Monitoring, Retention, and Data Logging
Logging is used to record events that occur within an organization's systems and networks. Oftentimes, logging information can help with the identification and isolation of any intruder or malware. In this course, explore acceptable use policies (AUP) and how they apply to employee monitoring. Discover how monitoring as a service can benefit an organization, and explore devices that can be monitored on a network including routers, switches, laptops, and wireless access points. Explore how retention policies can identify how long different types of data are maintained and discover when to implement a centralized enterprise logging service. Lastly, explore how keystroke loggers can capture and track what is typed on a keyboard and learn the importance of protecting log information. This course was originally created by Global Knowledge (GK).
23 videos |
52m
Assessment
Badge
Physical Security, Safety Procedures, and Access Control
Physical security measures can help organizations protect personnel, hardware, software, and data from physical actions and events that could result in unauthorized or unwanted disclosure or theft of property. In this course, you'll learn how defense-in-depth solutions can provide multiple layers of security as well as the various types of physical security controls. Explore the importance of surge protectors, uninterrupted power supplies (UPS), and power generators, and discover how device security concerns should encompass all company-owned equipment. Discover why non-disclosure agreements (NDA) should be used in locations where proprietary information may be accessible to employees, vendors, or visitors, and explore how background checks should be an essential part of security management. Lastly, explore the importance of ensuring the correct level of security access levels. This course was originally created by Global Knowledge (GK).
18 videos |
47m
Assessment
Badge
Incident Response, Backup and Recovery Strategies, and Documentation
It is imperative that organizations outline instructions to help IT staff identify, respond, and recover from network security incidents. By doing so, organizations can quickly recover from cybercrime events potentially resulting in data loss and service outages. In this course, you'll explore common disaster types, including natural disasters and malicious human actions that threaten organizations. Discover business continuity and disaster recovery planning goals, resources, and concepts. Discover how operational recovery planning can help ensure businesses resume day to day operations in a timely manner, as well as the importance of planning for user recovery. You'll also learn about backup technologies and strategies, and discover the importance of proper documentation. Lastly, explore how to prepare for incident responses and learn about reporting incidents and legal considerations. This course was originally created by Global Knowledge (GK).
41 videos |
1h 34m
Assessment
Badge
Legal Considerations and Cybercrime Investigations
Cybercrime laws apply to incidents in which a crime was directed at a computer, or crimes committed using a computer. In this course, you'll explore aspects of service-level agreements (SLA) and privacy-level agreements (PLA), and discover considerations when dealing with international regulatory compliance. You'll also learn how cybercrime intersects with different legal fields including intellectual property, privacy laws, jurisdiction, criminal, and civil, and explore methods in which to investigate cybercrime activity. Explore key considerations when dealing with criminal, civil law, and administrative laws, and learn to differentiate between civil, common, statutory, and religious legal systems. Lastly, explore tools used to perform a cybercrime investigation, and discover cybercrime investigative best practices, including how to notify management and protect the crime scene. This course was originally created by Global Knowledge (GK).
22 videos |
55m
Assessment
Badge
Trends in Cybersecurity
Cybersecurity is the practice of protecting systems, networks, and programs from cyber threats and exploits. Therefore, organizations are required to allocate a growing number of resources to protect their data from unwanted and unauthorized data breaches and disclosures. In this course, you'll explore the possible constraints that may prevent an organization from having an ideal IT security solution including budget, regulations, design limitations, and political issues. Discover driving forces in cybersecurity including money, mobile devices, education, and new technologies, and explore the risks associated with portable electronic devices (PED) such as geolocations. Explore how supervisory control and data acquisition (SCADA) systems can be used to monitor important infrastructure including electric grids, water supplies, and pipelines, and discover how most people now use the Internet daily to send email, shop, and watch TV. Lastly, discover how cybersecurity and IT standards continue to evolve and how no one standard is foolproof or future proof. This course was originally created by Global Knowledge (GK).
18 videos |
45m
Assessment
Badge
An Executive's Guide to Security: Understanding Security Threats
Companies that do not understand threats facing their information are at risk of costly data breaches. In this 13-video course, learners can explore common security threats, types of network attacks, and the human element of security threats. Key concepts covered here include what an attack surface is, and how it must be understood to protect corporate information; and what network hardening is and how it relates to protection of corporate information. Next, learners will examine network demilitarized zones and how they protect corporate information; observe differences between threats, vulnerabilities, and risks in corporate environments; and study top kinds of security threats facing organizations today. Continue by learning the role that physical security plays in protecting corporate data; how social engineering is conducted and how it is mitigated through corporate policy; and the importance of corporate security policies, and why they should be strictly adhered to. Finally, explore the importance of password policies and why they should be adhered to; and learn reasons why IT administrators need to protect an organization by refusing to bend rules.
13 videos |
44m
Assessment
Badge
An Executive's Guide to Security: Protecting Your Information
This 13-video course explores data protection for businesses, including devices, social media, and good governance through security principles, policies, and programs. You will examine several types of security threats, the different types of network attacks, the role physical security plays in the protection of corporate data, and the human element of security threats. Next, learners examine the attack surface, including the total combined nodes, users, devices, and any entry points of software, a network, and a business environment. You will examine threats, vulnerabilities, and risks, and learn the importance of network hardening. This course uses real-world examples of several top security threats to businesses today, including malware, social engineering, unpatched software, BYOD (bring your own device), and IoT (Internet of things). You will examine clickjacking and URL spoofing. Finally, this course discusses the legal and financial ramifications of a major security breach, the importance of having a security policy, training personnel, password protection, and managing a company's security.
13 videos |
45m
Assessment
Badge
Defensive CyberOps: Defensive Cyberspace Operations
A well-planned and properly executed DCO mission will enable the cyber warrior to repel attacks and rapidly prepare for offensive action. In this course, you'll learn the principles of Defensive Cyber Operations, including measures and responses. You'll explore cybersecurity and cyberspace operations in DCO. Next, you'll look at DCO analytics, missions, and operating domains. You'll explore the role of the mission owner and network owner in DCO, as well as planning considerations. Finally, you'll learn about cyberspace threats that may occur during the course of maneuver operations and common security and system tools used in DCO.
14 videos |
42m
Assessment
Badge
SHOW MORE
FREE ACCESS
COURSES INCLUDED
Security Vulnerabilities: Managing Threats & Vulnerabilities
This 14-video course helps learners explore the threat categories in the STRIDE (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege) model for identifying computer security threats, including spoofing, tampering, repudiation, information disclosure, denial of service (DoS), and escalation of privilege. Key concepts covered in this course include categories of security vulnerabilities using the STRIDE model; how to recognize authenticity and identity spoofing threats; and how to validate integrity and tampering threats. Next, you will learn about authentication threats and non-repudiation, when used in security, for example, when a charge cannot be challenged; learn information threats such as privacy breaches or data leaks; and learn the threat of DoS attacks, a resource disruption attack when a user tries to connect. Learners continue by exploring the privilege escalation threat model; learning to recognize examples of security misconfiguration threats; and observing methods of brute force attacks and key sizes. Finally, learn to perform a local network scan and a targeted remote scan by using Nmap; and learn to perform a DoS vulnerability diagnostic test on a host.
14 videos |
52m
Assessment
Badge
Intrusion Detection: Best Practices
Intrusion detection systems (IDS) allow you to monitor traffic and send alerts when abnormal activities have been detected. In this 14-video course, you will explore concepts of traffic analysis and IDS, including network forensic analysis, sniffing and sensors, signal and noise, and brute force analysis. To begin, you will examine approaches to network security through traffic analysis, then take a look at tools and techniques used by IDS. Learners will also explore the network forensic approach to computer networks; learn how to describe types of application controls that can be used for traffic analysis; placement and use of sniffing and IDS sensors; and examine concepts of signal and noise when it comes to network traffic analysis. You will learn how to perform IDS with Snort with a sample ruleset; configure Bro to detect common attack patterns; use Wireshark to inspect network packets; and perform nmap scans with methods to evade IDS detection. In the final tutorials, you will perform brute force analysis with nmap, and a mock denial of service (DoS) attack with nmap.
14 videos |
45m
Assessment
Badge
Intrusion Prevention: Best Practices
Intrusion prevention helps one to detect and stop various attacks that other security components may miss. In this 13-video course, learners explore objectives and tools of intrusion prevention, including kernal attack prevention, vulnerability discovery, remediation strategies, scan detection, and evasion techniques. Begin by examining approaches to intrusion prevention systems (IPS), and how it differs from intrusion detection systems (IDS). Then take a look at options and deployment strategies for IPS; discover the advantages and disadvantages of various approaches to IPS, and view the role of IPS in preventing kernal attacks. Explore the methods used to discover vulnerabilities, and the remediation strategies related to intrusions. Next, learn how to block an attacker after too many failed login attempts; how to describe methods used in IPS to evade intrusions; and how to use tools, including netstat, to scan for potential intrusions on a local system. In the final two tutorials in this course, you will scan a system for potential malware infections using nmap, and use Suricata to implement a packet diversion for intrusion prevention.
13 videos |
49m
Assessment
Badge
Digital Forensic Techniques & Investigative Approaches
In this 14-video course, learners can explore digital forensics best practices and techniques and how they relate to investigations, data integrity, proper evidence handling, and legal privacy considerations. To begin, study an overview of digital forensics, and different types of forensics including computer, mobile, network, vehicle, and the Internet of Things (IoT). Learn how to differentiate between criminal, civil, and intellectual property investigations, and examine a typical methodology or investigative approach, including preservation, collection, examination, analysis, and presentation in court. Explore procedures to properly establish and maintain chain of custody; recognize best practices and considerations when working with digital evidence, and examine the roles of forensic laboratories and hardware and software tools. Learn how to recognize legal considerations, including search warrants and privacy considerations; delve into challenges of working with cloud computing environments; and recognize how viruses and other malware work. Learn the importance of ethical decision making related to digital forensic work, and approaches and techniques used when working with live or volatile data. The exercise involves applying digital forensic best practices.
14 videos |
57m
Assessment
Badge
Information Security: APT Defenses
In this 13-video course, discover key Advanced Persistent Threat (APT), concepts such as defense and best practices. Explore common APT attacks and mitigation techniques that can be used, APT tools, and how to create effective APT checklists. You will begin with an introduction to APT and its purpose, then look at the steps of the APT lifecycle. Learners will examine motives behind an APT and probable targets, and learn to identify APT defense best practices. Next, you will explore methods that can be used to strengthen APT defenses, and then recall the method(s) to deal with APTs. You will then take a look at the Equation aka APT group and its involvement in various cyber crimes. Another tutorial examines the key tools that are used when conducting an APT. Define risk assessment processes that can help you protect your assets. In the final tutorial in this course, you will be asked to identify key points for creating an effective checklist to address APT attacks.
13 videos |
1h 24m
Assessment
Badge
Information Security: NACs & Gateways
Learners will discover key features of network access control (NAC), the importance of NAC in a network, various NAC elements, authentication, and its implementation, in this 12-video course. Explore the risks and challenges associated with BYOD-which means "bring your own device"-and IoT, which is Internet of Things. You will begin the course by examining the security risks introduced by BYOD and IoT, along with their preventive measures. You will then explore the major challenges with BYOD in an organization. The next tutorial defines NAC and the importance it has in a network. This leads into examining the NAC architecture; the different features of NAC; and the impact of an improperly configured NAC. You will learn about the various NAC elements; recall the best practices of implementing NAC, and identify the key points for creating an effective checklist for NAC security. In the final tutorial, learners will be asked to list the NAC authentication methods.
12 videos |
37m
Assessment
Badge
Information Security: Subnetting & DNS for Security Architects
In this 11-video course, learners will discover key concepts related to subnetting, virtual machines (VMs), container, and DNS (domain name system) security. Examine tips and tricks used in subnetting and subnetting advantages. Explore classless inter-domain routing (CIDR), notation, deployment and security considerations for VMs and containers, and types of DNS attacks and mitigation strategies. You will begin the course by taking a look at the importance of subnetting, how it relates to security, and its advantages and disadvantages. Then move on to defining the CIDR notation. You will examine the subnetting cheat sheet, and learn various subnetting tips and tricks; compare VMs and containers, and examine the deployment considerations for VMs and containers. Next, learners will observe the best practices for deploying VMs, and the best practices for VM and container security. In the final two tutorials of this course, you will discover the various types of DNS attacks and their mitigations, and the various types of subnetting attacks and mitigations.
11 videos |
1h 5m
Assessment
Badge
Information Security: Securing Networking Protocols
Learners can explore the key concept of the common protocols in use, and discover the security issues of the transmission control protocol/Internet protocol (TCP/IP) model and security protocols, in this 10-video course. You will begin by taking a look at the common protocols used in a network, the ports they use, and the type they are and what they do. Next, you will examine some of the security issues of the TCP/IP model at the layer level, of which it has four: application, transport, Internet, and data link. You will also explore the threats, vulnerabilities, and mitigation techniques in network security; identify the types of weak protocols and their replacements; and classify the various types of security protocols. Then learners will continue by examining various ways to use security protocols in different situations; the importance of implementing security protocols. In the final tutorial, learners will explore the security-first mindset and its necessity.
10 videos |
56m
Assessment
Badge
Information Security: Hardened Security Topologies
In this 8-video course, learners will discover the key concepts of different security topologies and the key role they play in network security. Begin with an introduction to security topologies, which define the network design based on security requirements. You will then explore the design goals for security topology, the elements used to ensure that the information is secure, which means that you need the concepts of confidentiality, integrity, and availability (CIA), of information in a proper way, and it needs to be secured. You also need to practice accountability along with CIA concepts. Next, you will examine advantages and disadvantages of different security topologies, which are the Intranet, the Internet, and various other topologies. You will take a look at the impact of integrating cloud topologies, and also delve into the various layers of security in cloud computing. The final tutorial in this course explores the different methods used to harden the components of security topologies.
8 videos |
42m
Assessment
Badge
Information Security: Continual Infrastructure Testing
Discover DevOps practices such as continuous security and security monitoring, the benefits of using DevOps, and best practices of DevOps security in this 11-video course. Explore the secure DevOps lifecycle and learn about security risks and the various tools used for DevOps testing. Key concepts covered in this course include continuous security practices and the need for continuous security in a DevOps environment; the benefits of using DevOps including improved quality, saving money, and saving time by not having to integrate code at the later stage; and the components of DevOps and their impact on the infrastructure security. Next, learners will examine the best practices of DevOps security and learn the secure DevOps lifecycle; and learn security risks that come with DevOps and tools that can help aid with continuous security infrastructure testing. Finally, learn the security risks of DevOps; and the various tools used for DevOps testing, as in each stage of DevOps certain types of tools will be used.
11 videos |
43m
Assessment
Badge
Information Security: Security Governance
In this 9-video course, learners will discover the importance of implementing security governance in an organization. Explore differences between security governance and security management, types of governance frameworks, and the roles of senior management. Also covered are ensuring good IT security governance, risks and opportunities, security governance programs, and governance framework structure. Key concepts covered in this course include how to distinguish between security governance and security management; learning about different types of IT governance frameworks including ISO 27001, PCI DSS, HIPAA (Health Insurance Portability and Accountability Act), ITIL, and COBIT; and learning the various roles and responsibilities of senior management in governance; learn the measures used to ensure good IT security governance including creating governance within an organization, delivering governance through the right stakeholders. Next, observe how to review governance on a periodic basis; learn the risks and opportunities in security governance and making sure the security policies are up to date; and examine the process of rolling out a security governance program. Finally, you will examine the structure of a governance framework.
9 videos |
1h 14m
Assessment
Badge
Information Security: Honeypots
Explore various honeypot concepts, such as the types of honeypots, roles and uses of a honeypot, and how honeypot data analysis is used. In this 12-video course, you will examine strengths and weaknesses of a honeypot and how it is placed in networks. Key concepts covered in this course include the honeypot system itself, configured to detect, deflect, or counteract any unauthorized attempt to gain access to information; learning the various types of honeypots that can be used focusing on low and high interaction level types; and learning about the role played by honeypots in overall network security. Next, you will examine learn honeypot uses and disadvantages; learn the deployment strategies of a honeypot; and learn the various open-source and commercial honeypot products available on the market. Finally, learners will observe how honeypots are placed in a network; how to install and configure a honeypot by using KFSensor honeypot software; and explore how honeypot data analysis is captured through automated software or through a manual method.
12 videos |
35m
Assessment
Badge
Information Security: Pen Testing
Explore the key penetration (pen) testing concepts such as vulnerability assessment, types of pen testing, and threat actors, in this 14-video course. Discover why pen testing is needed and investigate tools used for pen testing. Key concepts covered in this course include pen testing, a set of tasks that are performed by ethical hackers against an organization, but in a legal way; steps performed during the pen testing process; and reasons why an organization needs to perform pen testing and distinguish between pen testing and vulnerability assessments. Next, you will compare the different types of pen testing and learn the weaknesses of pen testing; learn the various types of tools used in pen testing and the target selection for pen testing; and learn the types of assets in an organization; compare the types of risk responses that an organization may adapt. Finally, learners observe how to use the Metasploit framework in Kali Linux; and how to create an exploit by using MSFvenom.
14 videos |
1h 34m
Assessment
Badge
Security for Engineering Leaders: Defining Security
Security can be defined in many ways and broken down into numerous types. Data security involves defining the necessary policies and procedures that ensure data is cared for and protected. Through this course, learn about data security attributes and parameters and examine data security from a variety of perspectives. Discover the definition of security and its types, including data security. Next, study the theory and functionality of DevSecOps, as well as risk identification, assessment, and management. Finally, examine the use of data security frameworks, including popular frameworks such as COBIT, NIST, and FISMA. After course completion, you'll be able to outline security terms, expressions, and frameworks.
12 videos |
40m
Assessment
Badge
Security for Engineering Leaders: Data Security for Engineering Projects
Understanding the who, where, and what is important for good outcomes when it comes to data security. Through this course, explore a breakdown of data security challenges and best practices, and how to use your knowledge of them like tools in a toolbox. Discover data security challenges that occur with teams, data, and projects, examine data security in the cloud and in data centers, learn about project data sets, and explore team expertise levels and other elements of a team before, during, and after a project. After course completion, you'll be able to apply a better understanding of data security challenges and best practices for teams and projects.
18 videos |
1h 6m
Assessment
Badge
Security for Engineering Leaders: Data Security Use Cases
Data security involves more than understanding the skills and techniques necessary to keep information safe. Once you have identified policies and procedures and considered security challenges and best practices, what are your next steps? Through this course, consider the best means to implement, sustain, and enforce good data security practices across your teams and projects. How does the experience level of a particular team affect data security considerations? Define use cases for inexperienced, mixed experience, and highly experienced project teams. Identify the components that make up each type of team, and learn to recognize best practices for each type of team as they relate to data security. After course completion, you'll be able to consider the specifics of each team when identifying the best ways to apply data security to their work.
11 videos |
50m
Assessment
Badge
Authentication & Encryption: Best Practices
In this 14-video course, explore the authentication, authorization, and encryption options that a security architect will need on a day-to-day basis. The focus will be on two fronts-from a network security standpoint including cloud services, and internal solutions in an Agile and DevOps environment. Begin with a look at authentication, authorization, and encryption factors and how they fit together, then look at methods of authentication and best practices. This leads into methods of authorization and access control; the use of encryption methods and best practices in implementing encryption; and key symmetry-differentiating between public and private keys and their ciphers. Examine methods of keeping login and authentication credentials secure; view system authentication and authorization through user account administration in Linux, and handle security policy trade-offs in situations where solutions might not align with policy. Discover Secure Shell (SSH) configuration, and implementing and securing remote access to a system using SSH; create secure certificates and keys using OpenSSL; verify software package authenticity by using OpenSSL, and file encryption and file decryption with OpenSSL.
14 videos |
56m
Assessment
Badge
Security Architect: Ethical Hacking Best Practices
To become a well-rounded ethical hacker, one must have good ethics, love a challenge, and be persistent. In addition, you must have a strong technical background and be familiar with common tools, strategies, and techniques used in a variety of ethical hacking situations. In this 14-video course, learners can explore best practices related to ethical hacking and incident handling, legal considerations, and proactive hacking practices and strategies. Begin with an overview of the importance of ethical hacking in today's world and different types of ethical hacking, and different types of real-world hackers, such as white, black, and grey hat. View benefits of ethical hacking, and rules of engagement prior to performing an ethical hacking exercise. Delve into vulnerability and penetration testing and the common ethical hacking tools. Conduct a network scan by using Nmap; learn about incident handling, and recognize the importance of using templates or checklists prior to and during a penetration test. Finally, recognize best practices when testing uncovers exploits or vulnerabilities, and legal considerations when performing an ethical hacking exercise.
14 videos |
46m
Assessment
Badge
Security Rules: Rules of Engagement
Prior to performing any penetration testing, it is important to outline the Rules of Engagement (RoE) with the client. Begin this 14-video course with a general overview of the RoE, how it relates to business, and the potential consequences of not having the RoE in place. Look at benefits of having an easy reference checklist prepared when defining RoE. Learn how to determine the appropriate scope of engagement; examine client (IT staff) considerations; and view common risks and limitations, such as impact on systems. Explore the logistics and considerations such as testing tools, personnel, and test schedules. Delve into incident handling and best practices; testing and best practices, and also best practices in information handling. Examine elements that should be included in final reports, such as action taken, problems, and findings. Look at liabilities, warranty, limitation of a liability, and indemnification considerations to include when outlining the intent of testing activities. Finally, learn how to ensure proper authorization has been granted to commence any testing.
14 videos |
47m
Assessment
Badge
Malware Removal: Identifying Malware Types & Classification Approaches
Knowing how to respond to malware incidents is a critical skill for security professionals, and the first step to achieving malware response skills is understanding the types of malware you will face in the field. In this course, you'll explore different types of malware such as worms, Trojan viruses, botnets, ransomware, and rootkits. You'll then round out your knowledge by identifying the different methods used to classify a virus and determine its potential impact.
8 videos |
26m
Assessment
Badge
Malware Removal: Analyzing an Infected System
Familiarization with the different types of malware analysis and the tools used to analyze malware is a critical skill for IT security professionals. In this course, you'll explore the characteristics of malware and the impact the malware has on the infected system. You'll learn how to identify different malware analysis techniques, such as static and dynamic malware analysis, to discover activities performed by malware. You'll also examine some of the tools used to perform both static and dynamic malware analysis and how to use a disassembler to view malware code.
13 videos |
1h 44m
Assessment
Badge
Malware Removal: Remediating an Infected System
Understanding what tools to use to recover a system after it is infected with malware is a critical skill. In this course, you'll explore the symptoms of virus infected systems and best practices for malware removal. You'll learn about different remediation approaches for different types of malware. You'll also look at some of the tools used to remove and recover systems after they have been infected such as the Windows Malicious Software Removal Tool, the Windows repair options, and how to restore a system image backup.
12 videos |
49m
Assessment
Badge
Malware Removal: Reporting Findings & Preventing Future Infections
Knowing how to respond to a malware incident and who to report the malware incident to is critical to a timely response. In this course, you'll learn key steps for responding to malware incidents, as well as how to identify key persons to report the malware incident to and steps to take to help prevent future malware incidents.
7 videos |
30m
Assessment
Badge
CyberOps Windows Hardening: Windows Server Hardening Best Practices
Windows servers are the heart of many corporate networks and may contain sensitive company data that, if leaked or stolen by an attacker, would be catastrophic. Protecting the Windows Server assets and preventing a security compromise is an important skill for IT security professionals to master. In this course, you'll learn how to help prevent security incidents by hardening the Windows Server and reducing the attack surface. You'll learn how to follow common security best practices to lock down a Windows system by hardening user accounts, passwords, services, the file system, and common network services, such as DNS and IIS.
16 videos |
1h 32m
Assessment
Badge
Windows Exploits and Forensics: Intelligence Gathering
As a security operations person, you'll need to employ various Windows exploitation techniques to attack vulnerable target software and services. This course covers the various intelligence gathering techniques used for conducting offensive security operations against a Windows-based network to identify possible vulnerabilities. You'll start by examining open source intelligence (OSINT) gathering techniques and sources before conducting your own OSINT investigation. Next, you'll explore the use of social media and other tools for finding targets for social engineering exercises. You'll then examine common Windows services and their ports and tools for conducting basic enumeration. Moving along, you'll practice network scanning for open ports, scanning a Windows-based system, and enumerating data. Lastly, you'll explore various tools used in the Kali hacking environment, the use of Metasploitable, and common locations to find Windows exploits.
13 videos |
1h 27m
Assessment
Badge
Windows Environments
As a security operations person, you'll need to tailor your methods to suit the operating system your working with. This course covers some of the core competencies required to conduct offensive security operations against a Windows environment. Throughout this course, you'll learn how to recognize the differences between various Windows versions. You'll examine the role of intrusion detection systems (IDS) and intrusion prevention systems (IPS) in a Windows environment. You'll then learn about the MITRE ATT&CK framework and how it relates to Windows intrusions and identify the different Windows logging mechanisms. Next, you'll practice using event logging, basic PowerShell commands, and the Windows Registry. You'll then explore how the Windows hashing algorithm works and practice cracking an NTLM hash value. Lastly, you'll investigate different data artifacts within Windows and outline how best to work with Active Directory and Kerberos.
16 videos |
1h 31m
Assessment
Badge
Windows Exploits and Forensics: SMB & PsExec
When carrying out security operations in a Windows environment, you need to know what kind of attacks, exploits, and vulnerabilities to look out for. This course covers two of the most common services used to attack a Windows-based network - SMB and PsExec - along with some popular attack methodologies. You'll start by examining SMB permissions and default settings. You'll then explore tools to enumerate SMB shares and data. Next, you'll investigate how to identify SMB vulnerabilities and recognize SMB attacks. You'll then conduct different SMB exploits, including brute force and denial of service attacks. You'll move on to outline how PsExec works and use it to execute remote commands. Finally, you'll practice exploiting PsExec using various tools, including the EternalBlue exploit.
15 videos |
1h 5m
Assessment
Badge
Windows Exploits and Forensics: FTP, RDP, & Other Services
To protect an operating system, you must first know how to exploit it. This course covers some of the standard Windows services that have known exploits available for them, which can be used in offensive security operations against a Windows environment. You'll start by enumerating data from a Windows-based FTP server before practicing methods used to attack FTP services. You'll then learn how to attack IIS-based systems. Next, you'll examine the RPD protocol and learn methods of attacking the Windows RDP service. Finally, you'll investigate how WMI works and learn to exploit WMI on a Windows-based machine. This course involves conducting brute force attacks, reverse shells, and using the BlueKeep security vulnerability.
14 videos |
1h 12m
Assessment
Badge
Windows Exploits and Forensics: Legacy Systems & Third Party Applications
When an organization uses systems that are no longer serviced and supported and therefore, do not receive security updates, they expose themselves to serious security attacks. To ensure a healthy network ecosystem, security operations personnel must be aware of the vulnerabilities these systems are exposed to. In this course, you'll explore how to conduct offensive security operations against legacy Windows-based systems. You'll learn to recognize older versions of Windows, identify common exploits for these older versions, and scan Server 2008 for vulnerabilities. You'll then learn how to enumerate Server 2008, exploit legacy systems, and gain a reverse shell on a legacy system. You'll then learn how to recognize common third-party applications and vulnerabilities and how to exploit them. Finally, you'll learn how to identify and avoid a honeypot.
12 videos |
57m
Assessment
Badge
Windows Exploits and Forensics: Post Exploitation
As a penetration tester, it's vital that you are familiar with advanced methods of conducting offensive security operations against Windows environments. In this course, you'll learn to recognize common post exploitation activities within a Windows environment and how to configure an advanced persistent threat. You'll start by learning how to escalate privileges, use a DLL injection attack, pivot between systems, and crack user credentials. You'll then examine how to use PowerView to enumerate information and use BloodHound to 'walk the dog' and gain domain admin privileges. Finally, you'll learn how to clean up post attack to cover your tracks, create an advanced persistent threat, and use a ransomware attack to lock a system.
14 videos |
1h 23m
Assessment
Badge
Business Continuity Planning Bootcamp: Session 1 Replay
This is a recorded Replay of the Business Continuity Planning Live session that ran on May 7th at 11 AM ET. In this session Lisa Furey discusses the key principles of business continuity planning, the professional practices within BCP, the global factors that impact business continuity practices-a "new normal", and business continuity needs within organizations.
1 video |
3h 2m
Badge
Business Continuity Planning Bootcamp: Session 2 Replay
This is a recorded Replay of the Business Continuity Planning Live session that ran on May 8th at 11 AM ET. In this session Lisa Furey discusses the necessary components in a solid business continuity plan and BCP principles in the small to medium sized business. She also covers obtaining quotations from licensed BCP professionals to create BCPs (for larger organizations), speaking to stakeholders on the need for business continuity planning within your organization, and the various certifications available in the disaster recovery industry.
1 video |
3h 2m
Badge
Security Risks: Key Risk Terms & Concepts
Familiarity with key terms and concepts associated with security risk enables security leaders to identify, evaluate, and prioritize security risks. In this course, you'll get familiar with the terminologies, activities, and concepts associated with a security risk management process. You'll start by discovering the interdependence between assets, vulnerabilities, threats, and risks. You'll then investigate how to assess risk probability, measure the impact created by it, and the difference between risk appetite and risk tolerance. Next, you'll examine the components, benefits, and stages of a risk management process. You'll also identify different methods of treating risk and the importance of implementing controls as a part of a risk-based approach. Lastly, you'll recognize the standards for risk management and the advantages of managing and assessing security risk.
16 videos |
1h 52m
Assessment
Badge
Security Risks: Performing Security Risk Identification
Effective security risk management often begins with proper security risk identification. In this course, you'll examine various components of the risk identification process and different techniques used to identify risk. You'll begin by distinguishing between threat and risk. You'll then get familiar with other terminologies and concepts associated with risk identification. Moving on, you'll recognize the significance of risk identification in recognizing assets and services that are risk-prone. You'll also investigate different methods used to identify risk and best practices for the risk identification process. Later in the course, you'll outline common security-related risks and their impact on different components of an organization. Finally, you'll examine the features of a security risk register, its role in risk management, and how to create one in Microsoft Excel.
9 videos |
57m
Assessment
Badge
Security Risks: Performing Security Risk Assessments
The categorization of security risks is essential for effectively assessing and managing risk. In this course, you'll explore the assessment, classification, and prioritization of security risks. You'll begin by outlining the concept of risk assessment and the advantages of different risk assessment techniques. You'll also investigate the features of security assessment methods, such as vulnerability assessment and penetration testing, and discover how to assess security vulnerability. Moving on, you'll recognize the significance of risk categorization and how to update a risk register in Microsoft Excel using a four-quadrant risk classification matrix. Finally, you'll identify the purpose and process of risk prioritization, and the role of a probability-impact matrix in determining risk levels. You'll then investigate how to use the matrix to prioritize risks on a security risk register.
13 videos |
1h 35m
Assessment
Badge
Security Risks: Planning for Security Risk Management
Highly effective security leaders recognize that they must prioritize and focus their efforts on managing critical security risks. Therefore, once a security risk is identified, it must be carefully evaluated. In this course, you'll identify the activities involved in a risk management process, the importance of risk strategies in the context of work environments, and essential decisions required for managing security risks effectively. Moving on, you'll investigate the components of a risk management plan and how to improve a risk management strategy by increasing risk tolerance and risk appetite. You'll also outline the importance of mitigation plans and discover how to create one in Microsoft Word. Lastly, you'll recognize the role of risk monitoring and control measures in risk management planning and the factors that shape an organization's approach to making decisions in handling risks.
12 videos |
1h 26m
Assessment
Badge
SHOW MORE
FREE ACCESS
COURSES INCLUDED
End-User Security: The End-User Perspective
Learners can examine end-user security concepts such as shared responsibilities and policies, physical controls, authentication, software, and best practices in this 12-video course. You will begin with a look at shared responsibility, which has expanded greatly because of the use of cloud computing; this means that the role of the end user, the customer or client, in shared responsibility for security is expanding at an accelerated rate. Next, you will move on to defining acceptable use policies (AUP). You will discover how to distinguish physical security controls; classify authentication technologies, and recognize the importance of hardware and software updates. Following on from this, you will explore security suites and endpoint protection; learn about browser best practices, and define the security fundamentals of e-mail. You will also delve into the security issues surrounding personal cloud storage services, and protecting data at rest, or data storage security. To conclude the course, complete an exercise on describing the concepts and technologies of end-user security.
12 videos |
53m
Assessment
Badge
End-User Security: The Security Administrator Perspective
In this 9-video course, learners will examine end-user security from the security administrator point-of-view including threatscape, security policies, training and awareness, Layer 2 security, 802.1x, MACsec, endpoint detection and response (EDR), advanced endpoint protection, and vendor solutions. Begin by taking a look at the present threatscape, while keeping in mind that it is constantly evolving, stealthy, and complex. You will examine written security policies, which every organization must have, and which apply to the entire organization. The policies must be well-written, comprehensive in scope, concise, easy to understand, and well organized. Next, you will explore training and awareness, which must be implemented for your end-users within the first few months of employment. You will compare access switch and wireless application protocol (WAP) security; describe 802.1x and MACsec; EDR protection, and next-generation EDR. In the closing exercise, you will be asked to list characteristics of next-generation EDR solutions, actions you can take with 802.1x port-based Network Access Control (PNAC), and the attributes of an effective security policy.
9 videos |
39m
Assessment
Badge
End-User Security: Securing End Users against Attackers
This 10-video course examines end-user security from the rogue attacker point of view, including motivations, Malware-as-a-Service (MaaS) phishing techniques, pharming, ransomware, data theft, cryptojacking, denial-of-service (DoS), and toolkits. One of the first things to do to be successful as a security technician or practitioner is to start to understand the mind of the attacker, so you will examine the possible motives for attacking user endpoints. You will then take a look at Malware-as-a-Service, which is available all over the world. You will explore the phishing techniques an attacker might take, as they are becoming stealthier, sending phishing e-mails over varied infrastructures. Delve into ransomware, this time from the attacker's perspective, and learn about data breaches and theft. You will also examine cryptojacking, what it is and explore some examples, and have a look at DoS and distributed-denial-of-service (DdoS) attacks using, for example, botnets. The final tutorial surveys common exploit kits such as Kali Linux and Metasploit. The concluding exercise entails listing common motives for attacking endpoints, common ransomware payloads, and exploit kits.
10 videos |
32m
Assessment
Badge
An Executive's Guide to Security: Understanding Security Threats
Companies that do not understand threats facing their information are at risk of costly data breaches. In this 13-video course, learners can explore common security threats, types of network attacks, and the human element of security threats. Key concepts covered here include what an attack surface is, and how it must be understood to protect corporate information; and what network hardening is and how it relates to protection of corporate information. Next, learners will examine network demilitarized zones and how they protect corporate information; observe differences between threats, vulnerabilities, and risks in corporate environments; and study top kinds of security threats facing organizations today. Continue by learning the role that physical security plays in protecting corporate data; how social engineering is conducted and how it is mitigated through corporate policy; and the importance of corporate security policies, and why they should be strictly adhered to. Finally, explore the importance of password policies and why they should be adhered to; and learn reasons why IT administrators need to protect an organization by refusing to bend rules.
13 videos |
44m
Assessment
Badge
An Executive's Guide to Security: Protecting Your Information
This 13-video course explores data protection for businesses, including devices, social media, and good governance through security principles, policies, and programs. You will examine several types of security threats, the different types of network attacks, the role physical security plays in the protection of corporate data, and the human element of security threats. Next, learners examine the attack surface, including the total combined nodes, users, devices, and any entry points of software, a network, and a business environment. You will examine threats, vulnerabilities, and risks, and learn the importance of network hardening. This course uses real-world examples of several top security threats to businesses today, including malware, social engineering, unpatched software, BYOD (bring your own device), and IoT (Internet of things). You will examine clickjacking and URL spoofing. Finally, this course discusses the legal and financial ramifications of a major security breach, the importance of having a security policy, training personnel, password protection, and managing a company's security.
13 videos |
45m
Assessment
Badge
SHOW MORE
FREE ACCESS
COURSES INCLUDED
Microsoft Security: Compliance Concepts & Methodologies
The SC-900 Microsoft Security, Compliance, and Identity Fundamentals exam is for individuals who want to familiarize themselves with the basics of security, compliance, and identity across cloud-based and other Microsoft services. In this course, examine security and compliance concepts and methodologies, including the Zero Trust methodology, shared responsibility model, Cloud Adoption Framework, and defense in depth. Next, explore common threats, such as advanced persistent threats, phishing attacks, distributed denial of service (DDoS) botnets, remote access Trojans, ransomware, and viruses and worms. Finally, learn about encryption and hashing. This is one of a collection of courses that fully prepare the learner for the SC-900 Microsoft Security, Compliance, and Identity Fundamentals certification exam.
8 videos |
41m
Assessment
Badge
Microsoft Security: Basic Azure AD Identity Services & Types
This course will introduce the building blocks of fundamental identity concepts and several universal concepts of any modern identity platform. You will begin the course by exploring identity as the primary security perimeter, authentication, and authorization method. Next, you will look at identity providers and Active Directory. You will learn to identify federated services and common identity attacks. Finally, you will learn the basics of Azure Active Directory, Azure AD identity types, and hybrid/external identity types. This class is part of a collection of courses that prepare the learner for the SC-900 Microsoft Security, Compliance, and Identity Fundamentals certification exam.
9 videos |
31m
Assessment
Badge
Microsoft Security: Azure AD Authentication, Access, & Identity
The process of authenticating entities such as end users has evolved well beyond the simple username and password credential modality. As modern enterprises build towards zero-trust environments, the demand for more robust authentication and identity solutions are emerging. In this course, explore different authentication methods and capabilities such as self-service password reset, password protection, and multi-factor authentication schemes. Discover Azure AD Conditional Access and the benefits of Azure AD roles. Next, examine Azure AD Identity Governance, entitlement management, access reviews. Finally, take a look at the robust capabilities of Privileged Identity Management (PIM) and Azure AD Identity Protection. This is one of a collection of courses that fully prepare the learner for the SC-900 Microsoft Security, Compliance, and Identity Fundamentals certification exam.
9 videos |
25m
Assessment
Badge
Microsoft Security: Azure Security Capabilities & Management
A core security principle is the usage of mediated access to create a layer of abstraction between the management client and the server or service. In this course, discover Azure Bastion and various firewall proxies that function at layer two through seven of the ISO OSI reference model. You will compare Azure Network Security Groups (NSGs), Azure Firewall, and Web Application Firewall (WAF) services. Then, explore distributed denial of service (DDoS) protection, Azure data encryption, and Cloud Security Posture Management (CSPM). Next, you will focus on Microsoft Defender for Cloud and its three main solutions. Finally, learn the security baselines for Azure and the security capabilities of Microsoft Sentinel. This is one of a collection of courses that fully prepare the learner for the SC-900 Microsoft Security, Compliance, and Identity Fundamentals certification exam.
10 videos |
31m
Assessment
Badge
Microsoft Security: Microsoft 365 Security & Security Management
Microsoft Defender for Cloud provides security management and enhanced threat protection capabilities for cloud workloads residing across hybrid and multi-cloud configurations. In this course, you will explore Microsoft Defender for Identity, Office 365, Endpoint, and Cloud Apps. You will also dive into other technologies such as Microsoft 365 Defender portal, Microsoft Secure Score, security reports, dashboards, incident management, and endpoint security with Microsoft Intune. This is one of a collection of courses that fully prepare the learner for the SC-900 Microsoft Security, Compliance, and Identity Fundamentals certification exam.
10 videos |
24m
Assessment
Badge
Microsoft Security: Compliance, Information Protection, & Governance
In today's data-driven, service-oriented enterprise environment due diligence and due care must be taken by security professionals to enforce privacy initiatives and data loss prevention of intellectual property and personal data. This course will examine several related Microsoft security solutions. Explore Service Trust Portal, Microsoft's privacy principles, compliance center, and compliance manager. Discover use cases for data classification, sensitivity labels, content and activity explorer, and retention policies, labels, and records. Finally, explore tools for data loss prevention and use cases Azure Resource Locks, Azure Blueprints, and Azure Policy. This is one of a collection of courses that fully prepare the learner for the SC-900 Microsoft Security, Compliance, and Identity Fundamentals certification exam.
10 videos |
25m
Assessment
Badge
Microsoft Security: Microsoft 365 Insider Risk, eDiscovery, & Auditing
While enterprise users can access, create, control, and share data across a wide range of platforms and services, many organizations lack the means to balance mitigating enterprise-wide risks with managing compliance and privacy standards. Microsoft 365 offers a series of solutions to help organizations recognize, prioritize, and remediate security risks while addressing compliance and privacy requirements. In this course, learn the capabilities of Microsoft 365's compliance solutions. Next, explore the responsibilities of Microsoft 365 solutions such as insider risk management, eDiscovery, and auditing. Finally, examine Microsoft 365 communication compliance, information barriers (IB), privileged access management, and Customer Lockbox. This is one of a collection of courses that fully prepare the learner for the SC-900 Microsoft Security, Compliance, and Identity Fundamentals certification exam.
10 videos |
20m
Assessment
Badge
SHOW MORE
FREE ACCESS
COURSES INCLUDED
Authorization & Registration
Without the ability to gain entry, hackers are powerless. Explore key authentication concepts and best practices like identification, user authentication, the user logon process, and how to effectively manage user account credentials.
17 videos |
1h 21m
Assessment
Badge
Password Security Requirements
Without the ability to gain entry, hackers are powerless. Explore password security best practices, including establishing password strength, complexity, and age criteria.
7 videos |
37m
Assessment
Badge
Logon, Logoff & Password Policies
When a security breach happens, it puts your customers, assets, and entire reputation at risk. Explore user account security enhancements by establishing logon, logoff, and advanced password management protocols.
16 videos |
1h 10m
Assessment
Badge
Account Changes & Attack Mitigation
When a security breach happens, it puts your customers, assets, and entire reputation at risk. Explore safe and secure policies for advanced user account management as well as best practices for handling user account security breaches.
9 videos |
34m
Assessment
Badge
SHOW MORE
FREE ACCESS
COURSES INCLUDED
Anomaly Detection: Aspects of Anomaly Detection
Network anomalies are behaviors or activities that deviate from the norm. It is important that security professionals learn to monitor these anomalies in network traffic because the traffic could be malicious. In this 11-video course, you will explore roles that network and security professionals play in detecting and addressing anomalies. Begin by looking at different types of anomalies or outliers, such as configuration faults or a malicious presence; then take a look at benefits of anomaly detection, such as early response and planning for the unexpected. Learners will also examine the limitations of traditional approaches to anomaly detection, such as chasing false positives; learn how to differentiate between manual and automated detection techniques; and view the importance of building a profile of what is normal, such as user activity, before looking at multimodel attributes and how they relate to anomaly detection. Furthermore, you will explore differences between least frequency of occurrence and baselining; view the benefits of machine learning; and finally, learn how to recognize benefits of auto-periodicity to aid in identifying anomalies.
11 videos |
54m
Assessment
Badge
Anomaly Detection: Network Anomaly Detection
In this 14-video course, learners can explore best practices for anomaly detection for network forensics with topics such as network behavior anomaly detection (NBAD), frequency analysis, identifying beaconing activity, and recognizing signs of brute force attacks. Also discover protocol and population analysis, HTTPS and SSH (Secure Shell) attacks, as well as triage methods. Begin with a look at concepts and applications of NBAD, then discover how to implement frequency analysis. Learn how to identify beaconing activity, and how to recognize the signs of a brute force attack. Next, learners examine protocol analysis approaches and techniques, and learn about HTTPS attacks, deducing the activity of encrypted web traffic. Analyze SSH authentication behavior; take an overview of population analysis; explore techniques used to reveal hidden connections with behavioral analysis; and learn how to differentiate between different NBAD triage methods. In the final tutorials, discover methods and techniques for performing network anomaly analysis and the benefits of anomaly detection, and examine how network forensics can be used to protect mission critical areas of business.
14 videos |
1h 11m
Assessment
Badge
COURSES INCLUDED
CompTIA Security+: Security Goals & Controls
Every long journey, including the path to Security+ certification, begins with a few steps and some fundamental practices. Security goals and controls are an important starting point for building your security skills. You will begin this course by familiarizing yourself with the four primary security goals of confidentiality, integrity, availability, and non-repudiation. You will then explore the concepts of authentication, authorization, and accounting (AAA) and how they relate to people, systems, and models. Finally, you will delve into security control categories and types. This course is part of a series that prepares you for the CompTIA Security+ (SY0-701) exam.
10 videos |
29m
Assessment
Badge
CompTIA Security+: Fundamental Security Concepts
The Security+ candidate must display competency in an assortment of core security concepts including the newer Zero Trust initiative and common physical security controls. In this course, the learner will explore gap analysis, Zero Trust control and data planes, deception technologies like honeynets, physical security controls, Change Management business processes and technical implications, and documentation and version control. This course is part of a series that prepares you for the CompTIA Security+ (SY0-701) exam.
11 videos |
33m
Assessment
Badge
CompTIA Security+: Practical Cryptography
Cryptography is at the heart of many security controls and countermeasures and as such, Security+ candidates must have a solid grasp of practical cryptography. In this course, you will discover symmetric and asymmetric cryptography and compare different encryption levels, including full disk and partition. Next, you will explore hashing, salting, hash-based message authentication codes (HMACs), and key exchange. Then you will examine digital signatures, certificates, and public key infrastructure (PKI), focusing on certificate authorities (CAs), certificate signing request (CSR) generation, and Online Certificate Status Protocol (OCSP). Finally, you will investigate cryptographic tools like Trusted Platform Module (TPM), hardware security module, and key management systems, and you will dive into blockchain technology. This course is part of a series that prepares you for the CompTIA Security+ (SY0-701) exam.
11 videos |
43m
Assessment
Badge
CompTIA Security+: Threat Actors & Vectors
One of the primary goals for an emerging security practitioner is to have a firm grasp of the present threatscape. The learner will build this vital knowledge base in this course. In this course, we will explore threat actor types, attributes, and motivations. Next, we will dive into the use of human vectors and social engineering as well as common attack surfaces. Then we will explore supply chain, application, and O/S and web-based vulnerabilities. Finally, we will cover hardware and virtualization vulnerabilities, cloud vulnerabilities, and mobile device vulnerabilities. This course is part of a series that prepares you for the CompTIA Security+ (SY0-701) exam.
12 videos |
34m
Assessment
Badge
CompTIA Security+: Survey of Malicious Activities
Malicious software, also known as malware, comes in a variety of attack vectors and characteristics. The ability to stay current with the different malware and variants is one of the biggest challenges for modern security professionals. Begin this course by exploring malware attacks like ransomware, trojan horses, and logic bombs. Then you will investigate physical and network attacks including brute force, denial-of-service, and credential replay attacks. Next, you will focus on application and cryptographic attacks, such as buffer overflow, privilege escalation, collision, and birthday attacks. Finally, you will take a look at password attacks and discover indicators of compromise, like concurrent session usage, blocked content, and impossible travel. This course is part of a series that prepares you for the CompTIA Security+ (SY0-701) exam.
9 videos |
35m
Assessment
Badge
CompTIA Security+: Mitigation Techniques
As a security professional, it is always better to be proactive with mitigation rather than purely reactive. Begin this course by exploring segmentation and isolation, access control mechanisms, and configuration and patch management. Next, you will investigate the principles of least privilege and separation of duties and find out how encryption technologies can shield private information from unauthorized users. Then you will examine the monitoring and visibility of access controls and learn the best practices for decommissioning and offboarding. Finally, you will focus on hardening techniques, including endpoint detection and response (EDR), host intrusion detection system (HIDS)/host intrusion prevention system (HIPS), disabling ports/protocols, default password changes, and removal of unnecessary software. This course is part of a series that prepares you for the CompTIA Security+ (SY0-701) exam.
10 videos |
29m
Assessment
Badge
CompTIA Security+: Architecture & Infrastructure Concepts
A physical structure that is built by engineers and architects needs solid design, construction, and ongoing maintenance. The same can be said for a networking and system environment. Begin this course by exploring fundamental security architectural considerations, including high availability, resilience, scalability, and responsiveness. Then, you will discover cloud computing, focusing on the cloud responsibility matrix, hybrid considerations, and third-party vendors. You will investigate Infrastructure as Code, compare serverless technologies, and learn about containers and microservices. Next, you will take a look at network infrastructure, centralized and decentralized design, and virtualization. Finally, you will examine industrial control systems (ICSs), Supervisory Control and Data Acquisition (SCADA) systems, and the Internet of Things. This course is part of a series that prepares you for the CompTIA Security+ (SY0-701) exam.
12 videos |
44m
Assessment
Badge
CompTIA Security+: Enterprise Infrastructure Security Principles
This course is a critical component of modern technical controls and countermeasures, as many of the technologies covered represent the daily technical activities of security practitioners, operators, and administrators. Begin by discovering various infrastructure security considerations like device placement, security zones, and failure modes. Then, you will compare network appliances and explore port security and firewalls. Next, you will examine virtual private networks (VPNs) and IP security (IPSec). Finally, you will investigate transport layer security (TLS), software-defined wide area networks (SD-WANs), and secure access service edge (SASE). This course is part of a series that prepares you for the CompTIA Security+ (SY0-701) exam.
10 videos |
43m
Assessment
Badge
CompTIA Security+: Data Protection Concepts & Strategies
It is an understatement to declare that society is rapidly becoming a data-driven and service-oriented. Data protection and security is a key aspect of modern IT security management. In this course, we will begin by exploring data states, classification, types, and lifecycles. Then we will examine considerations for securing data including geographic and cultural restrictions, encryptions, and hashing. Finally, we will look at masking, obfuscation, and tokenization as well as segmentation and compartmentalization. This course is part of a series that prepares you for the CompTIA Security+ (SY0-701) exam.
10 videos |
26m
Assessment
Badge
CompTIA Security+: Resilience & Recovery
Restoration and recovery is a vital part of a comprehensive backup plan. As a well-known axiom regarding backup strategy states, "a backup policy without tested restoration and recovery is no backup at all." In this course, we will examine restoration and recovery concepts, beginning with load balancing, clustering, and backup strategies. Next, we will explore continuity of operations, multicloud, and disaster recovery sites. We will then focus on capacity planning and testing techniques. Finally, we will look at power considerations. This course is part of a series that prepares you for the CompTIA Security+ (SY0-701) exam.
9 videos |
44m
Assessment
Badge