Aspire Journeys

Fundamentals of Cyber Resilience and Risk Management

  • 43 Courses | 28h 30m 3s
  • 7 Labs | 2h 50m
Cyber risk is everywhere and affects organizations as well as individuals. Creating resilient practices, policies, and procedures can protect you and your organization from malicious attackers as well as human error. That being said, there are trade-offs to every decision, and risk management techniques and analysis can help you make informed decisions. In this Journey, you will begin by exploring the path to establishing cyber resilience and doing risk management, next you will learn cyber resilience techniques and how companies and individuals manage risks. Lastly, you will explore how to secure applications to improve cyber resilience.

Track 1: Cybersecurity Policies, Procedures, and Controls

In this Track of the Fundamentals of Cyber Resilience and Risk Management, the focus will be on understanding key cybersecurity policies, procedures, and controls.

  • 4 Courses | 1h 30m 46s

Track 2: Fundamentals of Cyber Resilience and Risk Management

In this track of Fundamentals of Cyber Resilience and Risk Management, the focus will be on creating resilient systems, policies, and procedures to protect against threat actors.

  • 16 Courses | 11h 6m 25s
  • 6 Labs | 2h 40m

In the Securing Applications track, the focus will be on learning authentication, authorization, Role-Based Access Control (RBAC), and other key topics to secure your data and applications.

  • 11 Courses | 6h 25m 28s
  • 1 Lab | 10m

In the Malware Removal track, the focus will be on the processes and tools to remove malware.

  • 4 Courses | 3h 30m 56s

In this track of Introduction to DevOps, the focus will be DevOps' culture, practices, and tools.

  • 5 Courses | 4h 10m

In this track of DevOps Processes: CI/CD, the focus will be on how Continuous Integration, Continuous Delivery, and Continuous Deployment enable DevOps to achieve its goals to build cyber resilience and aid in managing risk.

  • 3 Courses | 1h 46m 28s

COURSES INCLUDED

An Executive's Guide to Security: Protecting Your Information
This 13-video course explores data protection for businesses, including devices, social media, and good governance through security principles, policies, and programs. You will examine several types of security threats, the different types of network attacks, the role physical security plays in the protection of corporate data, and the human element of security threats. Next, learners examine the attack surface, including the total combined nodes, users, devices, and any entry points of software, a network, and a business environment. You will examine threats, vulnerabilities, and risks, and learn the importance of network hardening. This course uses real-world examples of several top security threats to businesses today, including malware, social engineering, unpatched software, BYOD (bring your own device), and IoT (Internet of things). You will examine clickjacking and URL spoofing. Finally, this course discusses the legal and financial ramifications of a major security breach, the importance of having a security policy, training personnel, password protection, and managing a company's security.
13 videos | 45m has Assessment available Badge
Certified in Cybersecurity (CC): Security Governance, Policies, & Controls
Security governance is a huge part of overall corporate or organizational governance. The security practitioner must be aware of various governance elements, regulations, laws, standards, policies, and procedures. Begin this course by exploring the elements of governance, including mission charter, leadership, and corporate guidance. Then investigate various laws and regulations like General Data Protection Regulation (GDPR) and HIPAA, standards issued by the International Organization for Standardization and International Electrotechnical Commission (ISO/IEC), and the National Institute of Standards and Technology (NIST), and common policies and standard operating procedures. Next, examine the International Information System Security Certification Consortium (ISC2) code of ethics. Finally, discover security control categories and types. This course prepares learners for the (ISC)2 Certified in Cybersecurity exam.
10 videos | 25m has Assessment available Badge

COURSES INCLUDED

CompTIA Security+: Implementing Cybersecurity Resilience
In order to protect your enterprise assets, you should be familiar with and know how to apply key cybersecurity resiliency concepts. In this course, you'll learn about redundancy concepts like geographic dispersal, RAID, and NIC teaming. You'll explore replication methods like storage area networking and virtual machines. You'll move on to examine various backup types, including full, incremental, differential, and snapshot. Next, you'll look at non-persistence and high availability concepts. Finally, you'll learn about the order of restoration and diversity concepts. This course can be used in preparation for the CompTIA Security+ SY0-601 certification exam.
9 videos | 32m has Assessment available Badge
Risk Analysis: Security Risk Management
In this 14-video course, learners can explore security risk management concepts and discover how to assess, categorize, monitor, and respond to organizational risks. Examine key terms such as threats, vulnerabilities, impacts, and risks, and the steps involved in the National Institute of Standard and Technology (NIST), risk management framework (RMF). Begin by learning how risk relates to information systems, and look at the concepts of managing risks, differentiating between threats, vulnerabilities, impacts, and risks. Examine the first step of the NIST RMF, categorizing risk, and then the second RMF step, selecting security controls. Next, observe the third step, implementing security controls; the fourth step, assessing security control effectiveness; the fifth step, examining risk, and output of security controls assessment to determine whether or not the risk is acceptable; and the last step, monitoring controls. Recognize benefits of a control-focused risk management approach; the benefits of an event-focused risk management approach; and risk communication. Finally, explore risk response and remediation, and differentiating between different risk responses such as accepting, avoiding, mitigating, sharing, or transferring risk.
14 videos | 38m has Assessment available Badge
CEH v11: Risk Management, Cyber Threat Intelligence & Threat Modeling
At the end of the day, cybersecurity is all about understanding risk. In this course, you'll learn about how risk pertains to cybersecurity, risk levels, and how to use a risk matrix to visualize risk. You'll also examine the concept, practice, and phases of risk management, which can help you minimize the negative effects of risk. Next, you'll explore how using Cyber Threat Intelligence is a more proactive approach towards your cybersecurity defenses and the four types of CTI. Finally, you'll learn about using threat modeling to stop threats before they become security incidents and the five steps common to the threat modeling process. This course is one in a series that helps to prepare you for the Certified Ethical Hacker v11 (312-50) exam.
4 videos | 51m has Assessment available Badge
CompTIA Cybersecurity Analyst+: IT Security Risk Mitigation
Discover how organizational security policies specify details for hardening organizational assets including patching, data masking and digital rights management. This course also covers baselines, secure disposal and IPsec. This course can be used in preparation for the CompTIA Cybersecurity Analyst (CySA+) Certification Exam CS0-002.
16 videos | 1h 7m has Assessment available Badge
Monitoring & Securing System Configuration
In this 14-video course, you will learn how to drive system configuration monitoring by using tools to keep systems secure and the importance of monitoring system configuration within an organization for incident response. Key concepts covered here include the configuration management (CM) process and how it can influence securing system configuration for incident response; tools and software to monitor systems and their advantages for incident response; and continuous monitoring in risk management, including the three-tier approach. Next, learn the process of minor, major, and unknown configuration changes; learn the importance of securing CM processes in the software development lifecycle (SDLC) for preventing security impacts; and observe methods for identifying common high probability items, such as identifying default or weak credentials. Continue by learning to implement a secure system CM program; and how to assess the monitoring process and perform security configuration evaluations. Finally, observe methods of monitoring releases and deliveries throughout SDLC; learn security controls for monitoring system configuration in a cyber framework; and learn how monitoring system configuration is important in today's enterprise SDLC.
14 videos | 1h 16m has Assessment available Badge
CompTIA Cybersecurity Analyst+: Hardware & Security
Securing hardware includes applying firmware updates and configuring devices on isolated networks. In this course, you'll learn about mobile device security, IoT security, and vulnerable device lists. You'll explore physical security and the security risks presented by drones and vehicles. You'll move on to examine how SCADA is used for industrial device networks, how to recognize BIOS and UEFI security settings, how self encrypting drives can protect data at rest, and how hardware security modules are used for encryption offloading and cryptographic secret storage. This course can be used in preparation for the CompTIA Cybersecurity Analyst (CySA+) certification exam CS0-002.
11 videos | 39m has Assessment available Badge
CompTIA Cybersecurity Analyst+: Intrusion Detection & Traffic Analysis
Discover how IT security analysts must recognized how malicious attacks take place. Explore how to analyze log results allows for the detection of security incidents. This course can be used in preparation for the CompTIA Cybersecurity Analyst (CySA+) Certification Exam CS0-002.
20 videos | 1h has Assessment available Badge
CompTIA Cybersecurity Analyst+: Threat Intelligence
Your organization's security posture is critical to its success-and security technicians must be aware of known and emerging security threats from a variety of sources. Learners begin this 14-video course by exploring various ways for security technicians to keep up-to-date and ahead of the curve. Examine various security intelligence sources and how to use the MITRE corporation's invaluable, trademarked ATT&CK knowledge base. Learners next discuss threat intelligence collection, threat classification for prioritization, and different sources and motivations of IT threats. Not sure what the bug bounty program is? Confused by false positives-mislabeled security alerts-and how to handle them? This course gives you the information you need. Become familiar with the Common Vulnerability Scoring System (CVSS), which provides a way to allocate or assign a score to a vulnerability: the higher the score, the bigger the threat. Then go on to examine the National Vulnerability Database (NVD). The course helps to prepare learners for CompTIA+ Cybersecurity Analyst+ (CySA+) CS0-002 certification exam.
14 videos | 48m has Assessment available Badge
Threat Intelligence & Attribution Best Practices: Attribution Analysis
Cyber attribution analysis is used to track, identify, and incriminate perpetrators of cyber attacks or exploits and is a must-know offensive security operations technique. In this course, you'll learn about the fundamental concepts and critical concerns related to attribution. You'll start by examining the different attribution types and levels before exploring attribution indicators, techniques, best practices, tools, and challenges. Moving on, you'll gain insight into how to identify and interpret forensic artifacts gathered from various sources, manage evidence, and make attribution judgments and assessments. You'll then study geopolitics, the Intelligence Community, and legal considerations as they relate to cyber threats and attribution. Lastly, you'll look into how malware cyber threat reverse engineering, code sharing analysis, and network behavior analysis lead to attribution.
20 videos | 1h 22m has Assessment available Badge
CompTIA Cybersecurity Analyst+: Malware Threats
Perhaps nothing is more frustrating for the average computer user-or his IT security staffer-than being tricked into divulging sensitive information by a social engineering practitioner. Hackers are malicious and ingenious-using malware, bots, ransomware, viruses, and plain garden-variety scams-but there are sensible ways to reduce the risk. This 13-video course offers you invaluable information on hackers' methods and ways to mitigate their devious schemes-whether by e-mail phishing messages, malware, or bots, a favorite tool of black-market operators. Next, learners explore the danger of ransomware and how to mitigate this threat; how malware and botnets have become black-market commodities; and why botnets are proliferating under cybercriminals' user control. Then watch a demonstration of how to configure a reverse shell and use the Malzilla tool to explore malicious web pages. The course concludes by exploring a GUI (graphical user interface) malware dashboard and showing how to configure malware settings on an endpoint device. The course helps to prepare learners for CompTIA+ Cybersecurity Analyst+ (CySA+) CS0-002 certification exam.
13 videos | 52m has Assessment available Badge

COURSES INCLUDED

CompTIA Security+: Security Concepts in an Enterprise Environment
As a security specialist, you need to be familiar with and apply a range of security concpets related to operating in an enterprise environment. In this course, you'll explore enterprise security factors like change and configuration management, as well as data sovereignty, protection, and loss prevention. You'll learn about hardware security modules, geographical considerations, cloud access security brokers. You'll move on to examine response and recovery controls, SSL/TLS inspection, and site resiliency. Finally, you'll learn about deception and disruption techniques using honeypots, honeyfiles, honeynets, fake telemetry, and DNS sinkholes. This course can be used in preparation for the CompTIA Security+ SY0-601 certification exam.
13 videos | 40m has Assessment available Badge
OWASP Top 10: Securing Web Applications
Web applications are ubiquitous in today's computing world, and many software development tools are available to help with secure web app creation. In this course, examine different software development tools and explore server-side and client-side code. Next, learn how to scan web apps for vulnerabilities using OWASP ZAP and Burp Suite, write secure code, and enable the Metasploitable intentionally vulnerable web app virtual machine. Finally, compare the different types of software testing methodologies, learn the difference between vulnerability scanning and penetration testing, and discover how web application firewalls (WAFs) protect web apps from common attacks. Upon completion, you'll be able to recognize the key components of secure web app creation and the purpose of the Open Web Application Security Project (OWASP).
12 videos | 1h 27m has Assessment available Badge
Communication and Web Protocols
In networking, communications are facilitated using a number of communication protocols. In this course you'll explore the various protocols used for transmitting information including email protocols SMTP, POP3, and IMAP. Then you'll learn about instant messaging and the SIMPLE and XMPP protocols. You'll discover VoIP, SIP, RTP, H.323 and MGCP, and unified communications. There are several protocols used to facilitate communication on the Worldwide Web. So, you'll explore HTTP and URLs. Then you'll learn about SSL and TLS. Finally, you'll discover RDP and FTP. This course was originally created by Global Knowledge (GK).
18 videos | 28m has Assessment available Badge
CompTIA Cybersecurity Analyst+: Encryption & Hashing
Cryptographers far from enemy lines have long helped win shooting wars by cracking enemy codes-and in the new world of cyber warfare, cryptography has become the first line of defense for hundreds of millions of civilians worldwide. In this 21-video course, you will learn just how cryptography and encryption protect sensitive data, both in transit and at rest. Learners are given important information about public key infrastructure (PKI) hierarchy and lifecycles; protection in UFS (Ultra Flash Storage) and Bitlocker; and on Linux and cloud storage. Learn about the hashing process, including how to generate file hashes for Linux and Windows. Then learn about using SSL (secure sockets layer) and TLS (Transport Layer Security) to secure network traffic, cloud certificate authority (CA) deployment, and certificate issuance. Next, learn how to configure custom encryption keys for cloud storage and how to configure a Microsoft IIS web site with a PKI certificate. The course helps to prepare learners for CompTIA+ Cybersecurity Analyst+ (CySA+) CS0-002 certification exam.
21 videos | 1h 17m has Assessment available Badge
CompTIA CASP+: Authentication & Authorization
Securing user and device logins, as well as access to IT resources, relates to authentication and authorization. In this course, you'll learn how to differentiate between authentication and authorization and also ow to enable 2FA and MFA user authentication. Next, you'll explore how to enable Wi-Fi RADIUS authentication, configure SELinux, and enable attribute-based control in Windows. Lastly, you'll examine how to use Group Policy to configure password policy settings, crack passwords using freely available tools like the Johnny tool, brute-force RDP using Hydra, and limit cloud admin access using role-based access control. This course is one of a collection of courses that prepares learners for the CompTIA Advanced Security Practitioner (CASP+) CAS-004 exam.
11 videos | 1h 1m has Assessment available Badge

COURSES INCLUDED

Malware Removal: Identifying Malware Types & Classification Approaches
Knowing how to respond to malware incidents is a critical skill for security professionals, and the first step to achieving malware response skills is understanding the types of malware you will face in the field. In this course, you'll explore different types of malware such as worms, Trojan viruses, botnets, ransomware, and rootkits. You'll then round out your knowledge by identifying the different methods used to classify a virus and determine its potential impact.
8 videos | 26m has Assessment available Badge
Malware Removal: Analyzing an Infected System
Familiarization with the different types of malware analysis and the tools used to analyze malware is a critical skill for IT security professionals. In this course, you'll explore the characteristics of malware and the impact the malware has on the infected system. You'll learn how to identify different malware analysis techniques, such as static and dynamic malware analysis, to discover activities performed by malware. You'll also examine some of the tools used to perform both static and dynamic malware analysis and how to use a disassembler to view malware code.
13 videos | 1h 44m has Assessment available Badge
Malware Removal: Remediating an Infected System
Understanding what tools to use to recover a system after it is infected with malware is a critical skill. In this course, you'll explore the symptoms of virus infected systems and best practices for malware removal. You'll learn about different remediation approaches for different types of malware. You'll also look at some of the tools used to remove and recover systems after they have been infected such as the Windows Malicious Software Removal Tool, the Windows repair options, and how to restore a system image backup.
12 videos | 49m has Assessment available Badge
Malware Removal: Reporting Findings & Preventing Future Infections
Knowing how to respond to a malware incident and who to report the malware incident to is critical to a timely response. In this course, you'll learn key steps for responding to malware incidents, as well as how to identify key persons to report the malware incident to and steps to take to help prevent future malware incidents.
7 videos | 30m has Assessment available Badge

COURSES INCLUDED

Exploring CI: Continuous Integration & CI Tools
This 14-video course examines continuous integration (CI), the purpose of CI, and why it is important for successful software development. Learners will begin with a look at the benefits of using CI and some of the best practices. Next, you will learn about common mistakes that companies make when trying to integrate and utilize CI, and how to avoid making those mistakes. Discover why CI crucial to developing high-quality software systems and increasing customer satisfaction, and understand how CI and automated testing are related and how to create effective automated tests. You will delve into the stages of the CI pipeline and the importance of each phase, and examine the CI pipeline and how to configure it to efficiently run automated tests. You will compare CI, continuous delivery, and continuous deployment and how they are related to each other, and view the features of common continuous integration tools. To conclude the course, you will work with CircleCI, GitHub, and Bamboo for continuous integration.
14 videos | 48m has Assessment available Badge

EARN A DIGITAL BADGE WHEN YOU COMPLETE THESE TRACKS

Skillsoft is providing you the opportunity to earn a digital badge upon successful completion on some of our courses, which can be shared on any social network or business platform.

Digital badges are yours to keep, forever.