Security Analyst to Security Architect

A structured approach to security allows for the efficient management of security controls. In this 13-video course, you will explore assets, threats, vulnerabilities, risk management, user security and session management, data confidentiality, and encryption. Key concepts covered in this course include how to identify, assess, and prioritize risks; how to implement security controls to mitigate risk; and learning about account management actions that secure the environment. Next, learn how to use Group Policy to implement user account hardening and configure the appropriate password security settings for those accounts in accordance with organizational security policies; learn how HTTP session management can affect security; and observe how to harden web browsers and servers to use TLS (transport layer security). Then learn how centralized mobile device control can secure the environment; learn encryption techniques used to protect data; and observe how to configure a virtual private network (VPN) to protect data in motion. Finally, learn how to configure and implement file encryption to protect data at rest; and how to configure encryption and session management settings.

This 12-video course explores selective auditing, which provides valuable insights to activity on a network, and incident response plans, which are proactive measures used to deal with negative events. Key concepts covered here include best practices related to IT security auditing and their benefits, including assurance that IT systems, business processes, and data are protected properly and that privileges are not being abused; and how to use Group Policy to enable file system auditing. Continue by observing how to scan hosts for security weaknesses from Windows and how to scan hosts for security weaknesses from Linux; and learning the importance of securing mobile devices. Next, you will learn how to centrally apply security settings to mobile devices; how to configure Amazon Web Services to use multifactor authentication; and examine how security is applied to applications from design to use. Learn how to use file hashing to detect modifications; how to specify actions used when dealing with security incidents; and learn to view a packet capture to identify suspicious activity centrally apply security settings.

Companies that do not understand threats facing their information are at risk of costly data breaches. In this 13-video course, learners can explore common security threats, types of network attacks, and the human element of security threats. Key concepts covered here include what an attack surface is, and how it must be understood to protect corporate information; and what network hardening is and how it relates to protection of corporate information. Next, learners will examine network demilitarized zones and how they protect corporate information; observe differences between threats, vulnerabilities, and risks in corporate environments; and study top kinds of security threats facing organizations today. Continue by learning the role that physical security plays in protecting corporate data; how social engineering is conducted and how it is mitigated through corporate policy; and the importance of corporate security policies, and why they should be strictly adhered to. Finally, explore the importance of password policies and why they should be adhered to; and learn reasons why IT administrators need to protect an organization by refusing to bend rules.

This 13-video course explores data protection for businesses, including devices, social media, and good governance through security principles, policies, and programs. You will examine several types of security threats, the different types of network attacks, the role physical security plays in the protection of corporate data, and the human element of security threats. Next, learners examine the attack surface, including the total combined nodes, users, devices, and any entry points of software, a network, and a business environment. You will examine threats, vulnerabilities, and risks, and learn the importance of network hardening. This course uses real-world examples of several top security threats to businesses today, including malware, social engineering, unpatched software, BYOD (bring your own device), and IoT (Internet of things). You will examine clickjacking and URL spoofing. Finally, this course discusses the legal and financial ramifications of a major security breach, the importance of having a security policy, training personnel, password protection, and managing a company's security.

In this 13-video course, discover key Advanced Persistent Threat (APT), concepts such as defense and best practices. Explore common APT attacks and mitigation techniques that can be used, APT tools, and how to create effective APT checklists. You will begin with an introduction to APT and its purpose, then look at the steps of the APT lifecycle. Learners will examine motives behind an APT and probable targets, and learn to identify APT defense best practices. Next, you will explore methods that can be used to strengthen APT defenses, and then recall the method(s) to deal with APTs. You will then take a look at the Equation aka APT group and its involvement in various cyber crimes. Another tutorial examines the key tools that are used when conducting an APT. Define risk assessment processes that can help you protect your assets. In the final tutorial in this course, you will be asked to identify key points for creating an effective checklist to address APT attacks.

Learners will discover key features of network access control (NAC), the importance of NAC in a network, various NAC elements, authentication, and its implementation, in this 12-video course. Explore the risks and challenges associated with BYOD-which means "bring your own device"-and IoT, which is Internet of Things. You will begin the course by examining the security risks introduced by BYOD and IoT, along with their preventive measures. You will then explore the major challenges with BYOD in an organization. The next tutorial defines NAC and the importance it has in a network. This leads into examining the NAC architecture; the different features of NAC; and the impact of an improperly configured NAC. You will learn about the various NAC elements; recall the best practices of implementing NAC, and identify the key points for creating an effective checklist for NAC security. In the final tutorial, learners will be asked to list the NAC authentication methods.

In this 11-video course, learners will discover key concepts related to subnetting, virtual machines (VMs), container, and DNS (domain name system) security. Examine tips and tricks used in subnetting and subnetting advantages. Explore classless inter-domain routing (CIDR), notation, deployment and security considerations for VMs and containers, and types of DNS attacks and mitigation strategies. You will begin the course by taking a look at the importance of subnetting, how it relates to security, and its advantages and disadvantages. Then move on to defining the CIDR notation. You will examine the subnetting cheat sheet, and learn various subnetting tips and tricks; compare VMs and containers, and examine the deployment considerations for VMs and containers. Next, learners will observe the best practices for deploying VMs, and the best practices for VM and container security. In the final two tutorials of this course, you will discover the various types of DNS attacks and their mitigations, and the various types of subnetting attacks and mitigations.

Learners can explore the key concept of the common protocols in use, and discover the security issues of the transmission control protocol/Internet protocol (TCP/IP) model and security protocols, in this 10-video course. You will begin by taking a look at the common protocols used in a network, the ports they use, and the type they are and what they do. Next, you will examine some of the security issues of the TCP/IP model at the layer level, of which it has four: application, transport, Internet, and data link. You will also explore the threats, vulnerabilities, and mitigation techniques in network security; identify the types of weak protocols and their replacements; and classify the various types of security protocols. Then learners will continue by examining various ways to use security protocols in different situations; the importance of implementing security protocols. In the final tutorial, learners will explore the security-first mindset and its necessity.

In this 8-video course, learners will discover the key concepts of different security topologies and the key role they play in network security. Begin with an introduction to security topologies, which define the network design based on security requirements. You will then explore the design goals for security topology, the elements used to ensure that the information is secure, which means that you need the concepts of confidentiality, integrity, and availability (CIA), of information in a proper way, and it needs to be secured. You also need to practice accountability along with CIA concepts. Next, you will examine advantages and disadvantages of different security topologies, which are the Intranet, the Internet, and various other topologies. You will take a look at the impact of integrating cloud topologies, and also delve into the various layers of security in cloud computing. The final tutorial in this course explores the different methods used to harden the components of security topologies.

Discover DevOps practices such as continuous security and security monitoring, the benefits of using DevOps, and best practices of DevOps security in this 11-video course. Explore the secure DevOps lifecycle and learn about security risks and the various tools used for DevOps testing. Key concepts covered in this course include continuous security practices and the need for continuous security in a DevOps environment; the benefits of using DevOps including improved quality, saving money, and saving time by not having to integrate code at the later stage; and the components of DevOps and their impact on the infrastructure security. Next, learners will examine the best practices of DevOps security and learn the secure DevOps lifecycle; and learn security risks that come with DevOps and tools that can help aid with continuous security infrastructure testing. Finally, learn the security risks of DevOps; and the various tools used for DevOps testing, as in each stage of DevOps certain types of tools will be used.

In this 9-video course, learners will discover the importance of implementing security governance in an organization. Explore differences between security governance and security management, types of governance frameworks, and the roles of senior management. Also covered are ensuring good IT security governance, risks and opportunities, security governance programs, and governance framework structure. Key concepts covered in this course include how to distinguish between security governance and security management; learning about different types of IT governance frameworks including ISO 27001, PCI DSS, HIPAA (Health Insurance Portability and Accountability Act), ITIL, and COBIT; and learning the various roles and responsibilities of senior management in governance; learn the measures used to ensure good IT security governance including creating governance within an organization, delivering governance through the right stakeholders. Next, observe how to review governance on a periodic basis; learn the risks and opportunities in security governance and making sure the security policies are up to date; and examine the process of rolling out a security governance program. Finally, you will examine the structure of a governance framework.

Explore various honeypot concepts, such as the types of honeypots, roles and uses of a honeypot, and how honeypot data analysis is used. In this 12-video course, you will examine strengths and weaknesses of a honeypot and how it is placed in networks. Key concepts covered in this course include the honeypot system itself, configured to detect, deflect, or counteract any unauthorized attempt to gain access to information; learning the various types of honeypots that can be used focusing on low and high interaction level types; and learning about the role played by honeypots in overall network security. Next, you will examine learn honeypot uses and disadvantages; learn the deployment strategies of a honeypot; and learn the various open-source and commercial honeypot products available on the market. Finally, learners will observe how honeypots are placed in a network; how to install and configure a honeypot by using KFSensor honeypot software; and explore how honeypot data analysis is captured through automated software or through a manual method.

Explore the key penetration (pen) testing concepts such as vulnerability assessment, types of pen testing, and threat actors, in this 14-video course. Discover why pen testing is needed and investigate tools used for pen testing. Key concepts covered in this course include pen testing, a set of tasks that are performed by ethical hackers against an organization, but in a legal way; steps performed during the pen testing process; and reasons why an organization needs to perform pen testing and distinguish between pen testing and vulnerability assessments. Next, you will compare the different types of pen testing and learn the weaknesses of pen testing; learn the various types of tools used in pen testing and the target selection for pen testing; and learn the types of assets in an organization; compare the types of risk responses that an organization may adapt. Finally, learners observe how to use the Metasploit framework in Kali Linux; and how to create an exploit by using MSFvenom.

Final Exam: Security Analyst will test your knowledge and application of the topics presented throughout the Security Analyst track of the Skillsoft Aspire Security Analyst to Security Architect Journey.

Learners can examine end-user security concepts such as shared responsibilities and policies, physical controls, authentication, software, and best practices in this 12-video course. You will begin with a look at shared responsibility, which has expanded greatly because of the use of cloud computing; this means that the role of the end user, the customer or client, in shared responsibility for security is expanding at an accelerated rate. Next, you will move on to defining acceptable use policies (AUP). You will discover how to distinguish physical security controls; classify authentication technologies, and recognize the importance of hardware and software updates. Following on from this, you will explore security suites and endpoint protection; learn about browser best practices, and define the security fundamentals of e-mail. You will also delve into the security issues surrounding personal cloud storage services, and protecting data at rest, or data storage security. To conclude the course, complete an exercise on describing the concepts and technologies of end-user security.

In this 9-video course, learners will examine end-user security from the security administrator point-of-view including threatscape, security policies, training and awareness, Layer 2 security, 802.1x, MACsec, endpoint detection and response (EDR), advanced endpoint protection, and vendor solutions. Begin by taking a look at the present threatscape, while keeping in mind that it is constantly evolving, stealthy, and complex. You will examine written security policies, which every organization must have, and which apply to the entire organization. The policies must be well-written, comprehensive in scope, concise, easy to understand, and well organized. Next, you will explore training and awareness, which must be implemented for your end-users within the first few months of employment. You will compare access switch and wireless application protocol (WAP) security; describe 802.1x and MACsec; EDR protection, and next-generation EDR. In the closing exercise, you will be asked to list characteristics of next-generation EDR solutions, actions you can take with 802.1x port-based Network Access Control (PNAC), and the attributes of an effective security policy.

This 10-video course examines end-user security from the rogue attacker point of view, including motivations, Malware-as-a-Service (MaaS) phishing techniques, pharming, ransomware, data theft, cryptojacking, denial-of-service (DoS), and toolkits. One of the first things to do to be successful as a security technician or practitioner is to start to understand the mind of the attacker, so you will examine the possible motives for attacking user endpoints. You will then take a look at Malware-as-a-Service, which is available all over the world. You will explore the phishing techniques an attacker might take, as they are becoming stealthier, sending phishing e-mails over varied infrastructures. Delve into ransomware, this time from the attacker's perspective, and learn about data breaches and theft. You will also examine cryptojacking, what it is and explore some examples, and have a look at DoS and distributed-denial-of-service (DdoS) attacks using, for example, botnets. The final tutorial surveys common exploit kits such as Kali Linux and Metasploit. The concluding exercise entails listing common motives for attacking endpoints, common ransomware payloads, and exploit kits.

Network anomalies are behaviors or activities that deviate from the norm. It is important that security professionals learn to monitor these anomalies in network traffic because the traffic could be malicious. In this 11-video course, you will explore roles that network and security professionals play in detecting and addressing anomalies. Begin by looking at different types of anomalies or outliers, such as configuration faults or a malicious presence; then take a look at benefits of anomaly detection, such as early response and planning for the unexpected. Learners will also examine the limitations of traditional approaches to anomaly detection, such as chasing false positives; learn how to differentiate between manual and automated detection techniques; and view the importance of building a profile of what is normal, such as user activity, before looking at multimodel attributes and how they relate to anomaly detection. Furthermore, you will explore differences between least frequency of occurrence and baselining; view the benefits of machine learning; and finally, learn how to recognize benefits of auto-periodicity to aid in identifying anomalies.

In this 14-video course, learners can explore best practices for anomaly detection for network forensics with topics such as network behavior anomaly detection (NBAD), frequency analysis, identifying beaconing activity, and recognizing signs of brute force attacks. Also discover protocol and population analysis, HTTPS and SSH (Secure Shell) attacks, as well as triage methods. Begin with a look at concepts and applications of NBAD, then discover how to implement frequency analysis. Learn how to identify beaconing activity, and how to recognize the signs of a brute force attack. Next, learners examine protocol analysis approaches and techniques, and learn about HTTPS attacks, deducing the activity of encrypted web traffic. Analyze SSH authentication behavior; take an overview of population analysis; explore techniques used to reveal hidden connections with behavioral analysis; and learn how to differentiate between different NBAD triage methods. In the final tutorials, discover methods and techniques for performing network anomaly analysis and the benefits of anomaly detection, and examine how network forensics can be used to protect mission critical areas of business.

In this 14-video course, learners can explore digital forensics best practices and techniques and how they relate to investigations, data integrity, proper evidence handling, and legal privacy considerations. To begin, study an overview of digital forensics, and different types of forensics including computer, mobile, network, vehicle, and the Internet of Things (IoT). Learn how to differentiate between criminal, civil, and intellectual property investigations, and examine a typical methodology or investigative approach, including preservation, collection, examination, analysis, and presentation in court. Explore procedures to properly establish and maintain chain of custody; recognize best practices and considerations when working with digital evidence, and examine the roles of forensic laboratories and hardware and software tools. Learn how to recognize legal considerations, including search warrants and privacy considerations; delve into challenges of working with cloud computing environments; and recognize how viruses and other malware work. Learn the importance of ethical decision making related to digital forensic work, and approaches and techniques used when working with live or volatile data. The exercise involves applying digital forensic best practices.

This 12-video course examines the concept of ethics as it relates to digital forensics, including reasonable expectation of privacy, legal authorization, and the primary function of attorney-client privilege and confidentiality. The legalities surrounding digital forensics investigative techniques and standards for analyzing digital evidence are also covered. Begin with a look at the definition of what is considered a reasonable expectation of privacy. You will then learn to differentiate between legal authorization forms such as consent forms and warrants. Next, explore the primary function of attorney-client privilege and confidentiality, and recognize the legalities surrounding digital forensics investigative techniques. Delve into the need for ethics in digital forensics, and the best practices for ethics and forensics. Discover steps for regulating ethical behavior; recognize possible conflicts of interest and how to avoid them; and examine the importance of ongoing training for both investigators and management on the importance of ethics. The final tutorial in this course looks at different standards for analyzing digital evidence.

In this 14-video course, learners can explore security risk management concepts and discover how to assess, categorize, monitor, and respond to organizational risks. Examine key terms such as threats, vulnerabilities, impacts, and risks, and the steps involved in the National Institute of Standard and Technology (NIST), risk management framework (RMF). Begin by learning how risk relates to information systems, and look at the concepts of managing risks, differentiating between threats, vulnerabilities, impacts, and risks. Examine the first step of the NIST RMF, categorizing risk, and then the second RMF step, selecting security controls. Next, observe the third step, implementing security controls; the fourth step, assessing security control effectiveness; the fifth step, examining risk, and output of security controls assessment to determine whether or not the risk is acceptable; and the last step, monitoring controls. Recognize benefits of a control-focused risk management approach; the benefits of an event-focused risk management approach; and risk communication. Finally, explore risk response and remediation, and differentiating between different risk responses such as accepting, avoiding, mitigating, sharing, or transferring risk.

In this 13-video course, learners will discover techniques used to perform software security assessments and testing, including components of a security assessment, test strategy approaches, security control and software testing, and the security management process. Key concepts covered in this course include the major components of a security assessment and test strategies approaches; security control review methods including log and code reviews; and how to recognize security control testing mechanisms such as code testing. Next, learn the importance of a security management process and its common functions; learn steps to take to properly test software to ensure that it is secure; and learn methods to detect potential software vulnerabilities. Then learn common software vulnerabilities such as buffer overflow and injection flaws; learn how to avoid common software vulnerabilities by using secure coding techniques; and explore steps and techniques to analyze risk. Finally, learn about penetration testing and its purpose; and learn microservices, a mini-application that focuses on a specific task, and application programming interfaces (APIs) and highlight security concerns associated with each.

In this 14-video course, learners will explore cybersecurity auditing concepts and the NIST Cybersecurity Framework, how they can improve infrastructure security, and how to perform cybersecurity assessments. Examine web application auditing and approaches for securing web applications. Key concepts covered here include cybersecurity auditing concepts and how they are used to improve infrastructure security; steps used in performing cybersecurity assessments; and how to examine audit review, analysis, and reporting. Next, learn how to use the Wireshark network security auditing tool; how to use the Nmap perimeter security tool; how to perform web application auditing and secure web application and websites; and how to monitor and audit Windows by using audit policies and Event Viewer. Then learn how to monitor the Linux system by reviewing system logs; learn how to use Tiger security audit and intrusion detection tool; and examine guidelines and standards for defining cybersecurity audit strategies. Finally, learn about available security audit tools and their features and benefits; and learn to use Nessus audit tool to run Nessus security system scans.

Learners will discover two core cryptography services, encryption and hashing, in this 14-video course. Examine the goals of information security, symmetric and asymmetric encryption, and using the Caesar cipher. Begin by taking a look at the goals of information security. Then explore cryptography services and how to associate those services with goals of information security, and receive an overview of encryption and encryption history. Next, watch a demonstration of how to use the CrypTool and the Caesar cipher. Following this, you will examine symmetric encryption, and define common symmetric encryption algorithms. Another demonstration covers CrypTool and symmetric encryption. Learners will be introduced to asymmetric encryption; learn how to define common asymmetric encryption algorithms; and explore the purpose of hashing, and define common hashing algorithms. The final tutorial demonstrates use of the CrypTool and hashing. The concluding exercise involves downloading and installing CrypTool v1, creating a text file, creating an MD5 and SHA1 hash of the file, changing the file and checking the hash value again, and encrypting text with Caesar cipher.

In this 12-video course, you will explore Public Key Infrastructure and its components, the basics of certificates and certificate authorities, using a Certificate Revocation List (CRL), and how secure web sites work with secure sockets layer (SSL). You will begin with an overview of Public Key Infrastructure and its components, and then take a look at certificates and the different types. This leads into a demonstration of configuring certificate properties. You will discover how to identify certificate authority types and hierarchies, and then watch how to install a certificate authority. Next, you will observe how digital signatures work, and explore how SSL is used to secure web traffic. Another demonstration on SSL shows how to enable a website. Next, you will learn the purpose of a CRL and how it works, and then watch a demonstration of CRLs in use-revoking a certificate and describing the effects of revocation. The final exercise involves installing a certificate authority and securing web traffic to an Internet Information Services (IIS) webserver by installing a certificate.

Final Exam: Forensics Analyst will test your knowledge and application of the topics presented throughout the Forensics Analyst track of the Skillsoft Aspire Security Analyst to Security Architect Journey.

This 14-video course helps learners explore the threat categories in the STRIDE (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege) model for identifying computer security threats, including spoofing, tampering, repudiation, information disclosure, denial of service (DoS), and escalation of privilege. Key concepts covered in this course include categories of security vulnerabilities using the STRIDE model; how to recognize authenticity and identity spoofing threats; and how to validate integrity and tampering threats. Next, you will learn about authentication threats and non-repudiation, when used in security, for example, when a charge cannot be challenged; learn information threats such as privacy breaches or data leaks; and learn the threat of DoS attacks, a resource disruption attack when a user tries to connect. Learners continue by exploring the privilege escalation threat model; learning to recognize examples of security misconfiguration threats; and observing methods of brute force attacks and key sizes. Finally, learn to perform a local network scan and a targeted remote scan by using Nmap; and learn to perform a DoS vulnerability diagnostic test on a host.

Intrusion detection systems (IDS) allow you to monitor traffic and send alerts when abnormal activities have been detected. In this 14-video course, you will explore concepts of traffic analysis and IDS, including network forensic analysis, sniffing and sensors, signal and noise, and brute force analysis. To begin, you will examine approaches to network security through traffic analysis, then take a look at tools and techniques used by IDS. Learners will also explore the network forensic approach to computer networks; learn how to describe types of application controls that can be used for traffic analysis; placement and use of sniffing and IDS sensors; and examine concepts of signal and noise when it comes to network traffic analysis. You will learn how to perform IDS with Snort with a sample ruleset; configure Bro to detect common attack patterns; use Wireshark to inspect network packets; and perform nmap scans with methods to evade IDS detection. In the final tutorials, you will perform brute force analysis with nmap, and a mock denial of service (DoS) attack with nmap.

Intrusion prevention helps one to detect and stop various attacks that other security components may miss. In this 13-video course, learners explore objectives and tools of intrusion prevention, including kernal attack prevention, vulnerability discovery, remediation strategies, scan detection, and evasion techniques. Begin by examining approaches to intrusion prevention systems (IPS), and how it differs from intrusion detection systems (IDS). Then take a look at options and deployment strategies for IPS; discover the advantages and disadvantages of various approaches to IPS, and view the role of IPS in preventing kernal attacks. Explore the methods used to discover vulnerabilities, and the remediation strategies related to intrusions. Next, learn how to block an attacker after too many failed login attempts; how to describe methods used in IPS to evade intrusions; and how to use tools, including netstat, to scan for potential intrusions on a local system. In the final two tutorials in this course, you will scan a system for potential malware infections using nmap, and use Suricata to implement a packet diversion for intrusion prevention.

In this 14-video course, explore the authentication, authorization, and encryption options that a security architect will need on a day-to-day basis. The focus will be on two fronts-from a network security standpoint including cloud services, and internal solutions in an Agile and DevOps environment. Begin with a look at authentication, authorization, and encryption factors and how they fit together, then look at methods of authentication and best practices. This leads into methods of authorization and access control; the use of encryption methods and best practices in implementing encryption; and key symmetry-differentiating between public and private keys and their ciphers. Examine methods of keeping login and authentication credentials secure; view system authentication and authorization through user account administration in Linux, and handle security policy trade-offs in situations where solutions might not align with policy. Discover Secure Shell (SSH) configuration, and implementing and securing remote access to a system using SSH; create secure certificates and keys using OpenSSL; verify software package authenticity by using OpenSSL, and file encryption and file decryption with OpenSSL.

Learners can explore secure network challenges and security measures used to configure common tools, in this 14-video course. Familiarize yourself with approaches to configuration with a security mindset and review common security threats and their mitigations. Begin by taking a look at the challenges of a secure-first network design, then describe a network design approach from a security mindset. Examine the challenges to DevOps and Agile mindsets in terms of security decisions, and the network security concerns for hybrid cloud models. Learn how to configure an NGINX HTTP service to prevent insecure file access and configure web application security settings in NGINX. View the dangers of file upload remote execution; use Secure Shell (SSH) as a secure proxy for web browsing from an insecure location, and configure a SSH client to use present server connection settings. Discover how to use local/etc/hosts to block unwanted connections; examine the threat of user account discovery and how it is carried out, and finally, learn how to use password security tools to enforce a strong password policy.

Explore secure coding from the standpoint of a security architect, including best practices for both security design and architecture implementation, and the level of influence needed by a security architect to influence secure coding practices, in this 14-video course. Key concepts covered in this course include principles that define a security architecture; examining the issues and steps involved in security design; and learning the process and potential security flaws in security architecture implementation. Next, you will learn about considerations for deploying and operating an application in secure environments; learn methods and tools that can be used to help secure software through automation and testing; and learn approaches to assessing the risk of an application. Continue by examining the lifecycle of vulnerabilities in software; common coding pitfalls that lead to security vulnerabilities; and industry standards and the application domains they apply to. Finally, you will learn security concerns when adopting new technologies, coding languages, and platforms; learn secure coding architecture when deploying cloud applications; and learn practical approaches to secure coding practices.

Explore incident tracking and response measures from the standpoint of a security architect. In 14 videos, learners will familiarize themselves with how to identify, categorize, track, and respond to incidents, as well as incident categories, integrating tracking into an organization, effective tracking, and tracking tools. Key concepts covered here include terms and definitions for communicating incident tracking; categories of incidents and how they need to be tracked; and learning who needs to have access to incident tracking information and how incident tracking can be integrated into an organization. Next, you will learn effective incident tracking practices and the tools used for incident tracking; examine approaches to setting incident response policies; and observe metrics used to measure the effectiveness of incident tracking. Learn the continuous monitoring approach to active incident tracking; learn the lifecycle of an attack and how it is tracked; and learn how to take a proactive approach to tracking incidents. Finally, learners will examine some of the cybersecurity regulations needed when it comes to tracking and responding to incidents.

Explore defensible architecture and zero-trust models from the standpoint of a security architect. In this 14-video course, you will learn about tools used to address the challenges of network security and review common security models and standards for network security. Key concepts covered here include challenges and deficiencies of traditional security architectures; e standards that address the challenges of security architectures; and concepts and approaches to defensible architecture. Next, learners will examine some fundamentals for the zero-trust model for security; explore the security architecture needs for layers 1, 2, and 3; and delve into the principle of least privilege and how it pertains to security architecture. Learn about the security benefit of reproducible builds; learn how to configure a deny-first firewall using uncomplicated firewall (ufw); and learn how to configure a firewall to block all but a trust subnet. Finally, learners will observe how to configure a VPN service by using WireGuard; how to configure a secure VPN client to connect to a VPN server; and how to configure a firewall to block untrusted egress.

Final Exam: Vulnerability Analyst will test your knowledge and application of the topics presented throughout the Vulnerability Analyst track of the Skillsoft Aspire Security Analyst to Security Architect Journey.

Prior to performing any penetration testing, it is important to outline the Rules of Engagement (RoE) with the client. Begin this 14-video course with a general overview of the RoE, how it relates to business, and the potential consequences of not having the RoE in place. Look at benefits of having an easy reference checklist prepared when defining RoE. Learn how to determine the appropriate scope of engagement; examine client (IT staff) considerations; and view common risks and limitations, such as impact on systems. Explore the logistics and considerations such as testing tools, personnel, and test schedules. Delve into incident handling and best practices; testing and best practices, and also best practices in information handling. Examine elements that should be included in final reports, such as action taken, problems, and findings. Look at liabilities, warranty, limitation of a liability, and indemnification considerations to include when outlining the intent of testing activities. Finally, learn how to ensure proper authorization has been granted to commence any testing.

To become a well-rounded ethical hacker, one must have good ethics, love a challenge, and be persistent. In addition, you must have a strong technical background and be familiar with common tools, strategies, and techniques used in a variety of ethical hacking situations. In this 14-video course, learners can explore best practices related to ethical hacking and incident handling, legal considerations, and proactive hacking practices and strategies. Begin with an overview of the importance of ethical hacking in today's world and different types of ethical hacking, and different types of real-world hackers, such as white, black, and grey hat. View benefits of ethical hacking, and rules of engagement prior to performing an ethical hacking exercise. Delve into vulnerability and penetration testing and the common ethical hacking tools. Conduct a network scan by using Nmap; learn about incident handling, and recognize the importance of using templates or checklists prior to and during a penetration test. Finally, recognize best practices when testing uncovers exploits or vulnerabilities, and legal considerations when performing an ethical hacking exercise.

This 14-video course helps learners discover the importance of automating the responses to security incidents. Examine how security information and event management (SIEM) and security orchestration automation and response (SOAR) are related, as well as how automation and orchestration differ. The role of playbooks and machine learning in security is also covered. Begin by taking a look at security solutions that align with business objectives, then plan how security can be implemented with DevOps. Examine the relevance of security baselines, compliance reports, and regulatory compliance. Learners can observe common security tools and techniques; explore the need for proactive security incident planning; and see how to identify security incident response processes that could be automated. Differentiate between automation and orchestration solutions in IT, and describe how SIEM allows for centralized security event monitoring. Recognize the need for automated security incident triage and response; plan automation of security triage, and recall how playbooks create workflows that enable automated security incident responses. Finally, you will discover how machine learning can be used to identify potential security incidents.

In this 12-video course, learners will discover the importance of integrating regulations with organizational security policies. Explore security standards such as General Data Protection Regulation (GDPR); Health Insurance Portability and Accountability (HIPAA); and Federal Information Security Management Act (FISMA), as well as the International Organization for Standardization (ISO), and National Institute of Standard and Technology (NIST). To begin, determine how to establish the importance of building regulatory compliance into a company's IT security program. You will then examine Personally Identifiable Information (PII), and Protected Health Information (PHI). This leads into the subject of Payment Card Industry Data Security Standard (PCI DSS), and what it entails. You will learn how HIPAA protects medical information; how GDPR protects European Union citizen data, and how the Gramm-Leach-Bliley Act (GLBA), applies to financial institutions. You will also identify how FISMA strives to protect sensitive US Government information, and recognize both NIST and ISO security standards. To conclude the course, you will discover how the Sarbanes-Oxley Act (SOX), requires organizational financial transparency.

Explore the data breach response plan, the regulatory requirements for notifying stakeholders and clients of a data security breach, as well as other topics covered in this 14-video course. Begin with an overview of the security breach notification plan and why it is important to have one. Examine the best practices for creating a data privacy breach plan and notifying stakeholders. Then learn how to identify best practices for notifying stakeholders during a security breach incident. Examine common types of security data breaches and categories; discuss the Digital Privacy Act and breach response obligations, and General Data Protection Regulation (GDPR) breach guidelines and stakeholder response obligations. Explore the Health Insurance Portability and Accountability Act (HIPAA) breach guidelines, and Gramm-Leach-Bliley Act breach guidelines, and stakeholder response obligations for both. Identify individuals who need to be notified during HIPAA data breach violations, and recognize consequences of security breach notification noncompliance. Also learn about acceptable methods for notifying affected parties of a data security breach. The exercise involves security breach notification risks.

Explore the importance of security incident triage in handling incidents in a timely and automated manner, in this 14-video course, which familiarizes learners with anomalies and activities that often require triage. Key concepts covered in this course include security triage fundamentals and the strategies to implement triage; tools used in security triage; and automation techniques and common tips and rules of thumb for security triage. Next, you will explore the importance of communication and stakeholder management in security triage; examine the approaches to detecting anomalies and handling them with security triage; and learn about common protocol anomalies that require triage. Continue by exploring the different levels of monitoring for incidents in security triage while looking at network monitoring of traffic, bandwidth, and the various protocols used; learn to analyze SSH activity and security events to look for; and learn how to analyze DNS activity, HTTPS activity, and system log activity. Finally, learn how to describe security events to look for in each activity.

Discover the playbook approach to security, including the security architect's approach to decision making in the era of Agile development, in this 14-video course. Explore challenges, benefits, and considerations to implementing a playbook approach. Key concepts covered here include use of automation to improve consistency for security practices; various approaches to security through playbooks; and important elements needed in a security playbook. Next, learn about the transition to playbooks and services in the cloud; examine goals and measures for success in using security playbooks; and learn some of the challenges in implementing security playbooks. You will learn about the concepts and features implemented in typical playbook tools; how to install Ansible and remotely execute commands on a managed host; and how to execute a simple Ansible playbook. Continue by learning how to configure the iptables firewall by using an Ansible playbook; how to configure an intrusion prevention system (IPS) to protect a system with an Ansible playbook; and how to configure unattended upgrades with an Ansible playbook to keep a system up to date.

Final Exam: Security Architect will test your knowledge and application of the topics presented throughout the Security Architect track of the Skillsoft Aspire Security Analyst to Security Architect Journey.