Security Essentials for Decision-makers and Leaders

As organizations become more reliant on IT systems to store all kinds of information, facilitate communication among colleagues and customers, and track business-related statistics, information is becoming more precious and its security increasingly crucial and challenging In this course, you'll explore standard information security concepts and the security-related roles within an organization. You'll examine where various security-related responsibilities fall throughout the organization and the importance of solid strategic planning and decision-making when implementing proper information security. You will also investigate the concept of security governance and the activities involved. Finally, you'll delve into the relationship between an organization's overall business objectives and how information security can promote these.

With information security a key concern for organizations, it is important to understand the basic concepts of information security and the security concepts that fall within this topic, such as those within the world of cybersecurity. In this course, you'll recall information security fundamentals before examining the broad domains within it. You'll then delve into cybersecurity and explore the various approaches to it. In addition, you'll examine some practical cybersecurity concepts, such as the CIA triad and the security architecture principle. You'll then investigate the actions that expose us to security risks, the roles we play in maintaining or breaching security, and the various security controls that can be implemented to mitigate security-related risks

Everyone who connects to the Internet is vulnerable to security threats. Managers need to know the types of security threats their organizations are vulnerable to and their potential impact. In this course, you'll explore the key terms used in cybersecurity. You'll examine different types of threats, threat actors, and targets. You'll investigate advanced persistent threats (APTs), insider threats, and uncertainty in relation to cybersecurity, as well as the various types of malware and security threats

There are security issues everywhere. Managers must keep abreast of security risks and threats. In this course, you'll identify standard security risks and their origins. You'll also learn about more diverse types of security issues and the potential threats to an organization's security. You'll be given examples from daily life that expose us to security risks. To wrap up, you'll outline effective methods to reduce common security risks that render organizations vulnerable via different channels.

Final Exam: Becoming Security Aware will test your knowledge and application of the topics presented throughout the Becoming Security Aware track of the Skillsoft Aspire Security Essentials for Decision Makers and Leaders Journey.

Familiarity with key terms and concepts associated with security risk enables security leaders to identify, evaluate, and prioritize security risks. In this course, you'll get familiar with the terminologies, activities, and concepts associated with a security risk management process. You'll start by discovering the interdependence between assets, vulnerabilities, threats, and risks. You'll then investigate how to assess risk probability, measure the impact created by it, and the difference between risk appetite and risk tolerance. Next, you'll examine the components, benefits, and stages of a risk management process. You'll also identify different methods of treating risk and the importance of implementing controls as a part of a risk-based approach. Lastly, you'll recognize the standards for risk management and the advantages of managing and assessing security risk.

Effective security risk management often begins with proper security risk identification. In this course, you'll examine various components of the risk identification process and different techniques used to identify risk. You'll begin by distinguishing between threat and risk. You'll then get familiar with other terminologies and concepts associated with risk identification. Moving on, you'll recognize the significance of risk identification in recognizing assets and services that are risk-prone. You'll also investigate different methods used to identify risk and best practices for the risk identification process. Later in the course, you'll outline common security-related risks and their impact on different components of an organization. Finally, you'll examine the features of a security risk register, its role in risk management, and how to create one in Microsoft Excel.

The categorization of security risks is essential for effectively assessing and managing risk. In this course, you'll explore the assessment, classification, and prioritization of security risks. You'll begin by outlining the concept of risk assessment and the advantages of different risk assessment techniques. You'll also investigate the features of security assessment methods, such as vulnerability assessment and penetration testing, and discover how to assess security vulnerability. Moving on, you'll recognize the significance of risk categorization and how to update a risk register in Microsoft Excel using a four-quadrant risk classification matrix. Finally, you'll identify the purpose and process of risk prioritization, and the role of a probability-impact matrix in determining risk levels. You'll then investigate how to use the matrix to prioritize risks on a security risk register.

Highly effective security leaders recognize that they must prioritize and focus their efforts on managing critical security risks. Therefore, once a security risk is identified, it must be carefully evaluated. In this course, you'll identify the activities involved in a risk management process, the importance of risk strategies in the context of work environments, and essential decisions required for managing security risks effectively. Moving on, you'll investigate the components of a risk management plan and how to improve a risk management strategy by increasing risk tolerance and risk appetite. You'll also outline the importance of mitigation plans and discover how to create one in Microsoft Word. Lastly, you'll recognize the role of risk monitoring and control measures in risk management planning and the factors that shape an organization's approach to making decisions in handling risks.

Final Exam: Evaluating and Planning for Security Risks will test your knowledge and application of the topics presented throughout the Evaluating and Planning for Security Risks track of the Skillsoft Aspire Security Essentials for Decision Makers and Leaders Journey.

To mitigate cyber, data, cloud, and information security risks, you need solid knowledge of the complete network security process, from network design to continuous monitoring and logging. In this course, you'll explore some vital network security concepts and standard techniques for mitigating security risks. You'll start by examining the potential vulnerabilities in a network and how these turn into threats. You'll then explore the decisions you need to make to secure the network infrastructure. Next, you'll investigate different network zones and tools used for monitoring, detection, and logging. You'll finish by outlining a secure network design's characteristics and the recommended guidelines and best practices for network security. On completion of this course, you'll be able to plan for network and infrastructure-related security risks using recommended tools, methods, and best practices.

Physical security is an important but potentially overlooked consideration when implementing network security. In this course, you'll explore what's meant by physical security, how you can implement physical security risk countermeasures, and what the motivations are for doing so. You'll start by defining physical security. You'll then investigate the critical decisions you must make when planning for physical security. Next, you'll delve into various types of physical security risks, such as tailgating, and the methods to handle these. Moving on, you'll outline the layers of security controls that can be added to increase physical security and recognize the challenges security personnel face in ensuring physical safety. Lastly, you'll study how the security principles examined in this course can be used in facility and site design, including internal and perimeter security controls.

Effective cybersecurity risk management requires intricate knowledge of day-to-day IT security risks, network vulnerabilities, and cyber attacks. In this course, you'll detail several cybersecurity breaches and how best to prevent each one. You'll start with a general overview of what comprises security risks before categorizing different types into information, cloud, and data-related risks. Next, you'll explore cybercrime methods, the motivations behind them, and the security gaps that invite them in. You'll then use real-life examples to detail some commonplace cyberattacks and crimes. Moving on, you'll investigate what's meant by malware and outline best practices to manage worms, viruses, logic bombs, trojans, and rootkits. You'll also learn how to safeguard against malware, spyware, ransomware, adware, phishing, zero-day vulnerabilities, DoS, and backdoor attacks. By the end of the course, you'll be able to outline guidelines and best practices for securing against the most prevalent types of cybercrimes.

Social engineering is a security attack method that takes advantage of the social aspect of human nature, which includes trust and interactivity. All members of an organization need to recognize how these subtle and manipulative techniques work and what they can do to avoid falling prey to them. In this course, you'll explore what's meant by social engineering, examining standard social engineering techniques, the basic principles of these kinds of attacks, their intended outcomes, who and what they target, and the risks they pose for your organization. Moving along, you'll investigate how social engineering is used to launch a cyberattack, study different types of spoofing attacks, and specify best practices to safeguard against social engineering. At the end of the course, you'll recognize the objectives of social engineering attacks, how they're carried out, and how to implement security measures to prevent them.

To keep your organization's data secure, you need to know why your data is at risk and how to protect it using established principles and standards. In this course, you'll explore commonly used techniques to compromise data and how international best practices can help protect against these breaches. You'll start by examining three fundamental information security principles, which define information security policy and help identify risks. You'll then outline data breach methods and identify the targets of these threats. Next, you'll investigate what's meant by 'the human factor' and why it's key to any attack. You'll then study how technologies to secure data and information work under the hood. Moving on, you'll outline primary worldwide information security regulations and governance frameworks. Lastly, you'll examine why the ISO 27017 cloud security principles need to be considered when formulating a cloud security risk management plan.

To lead security-related decisions in the right direction, those in specific job roles need to have a solid comprehension of the guidelines, measures, and best practices for effective security risk management. In this course, you'll learn how to manage various types of risks, including those related to information, cloud, and data. You'll explore key countermeasures to safeguard information and data both on-premises and in the cloud. You'll also examine best practices for cloud security, data management, access control, and backup. Additionally, you'll outline common security risk scenarios and the best ways to protect data and information, including from unintentional exposure. Lastly, you'll study how to use data science and AI to detect security threats.

Natural disasters pose serious security threats. Effective planning and management are required to minimize the damage and loss they could cause. In this course, you'll explore various types of natural threats, their impact on assets and data, and what you can do about them. You'll examine what the procedure is for preparing for natural disasters as well as dealing with the aftermath. You'll also learn how to do this with human-made disasters, such as terrorism. You'll finish the course by diving deeper into how to create an effective emergency action plan for natural disaster risk mitigation.

Effective risk management involves managing risks from external as well as internal sources. Because security risks can be introduced through internal stakeholder decisions, working with them to build awareness of the broad spectrum of security risks and their role in mitigating these is essential. In this course, you'll explore the internal stakeholder's role in the security landscape context. You'll then investigate how to effectively communicate with stakeholders regarding their role in preventing security risks from being introduced. You'll build on these concepts by examining best practices for continual stakeholder engagement using workplace example scenarios. You'll then outline various methods of effective security health reporting. At the end of this course, you'll be able to plan for effective stakeholder communication and engagement.

Hybrid workplaces are an attractive working style for many organizations. However, a functioning and secure hybrid workplace can take some strategic planning and management to achieve. By their nature, hybrid workplaces pose various security risks. Security leaders need to educate themselves and their employees on what these risks are and how best to avoid them. In this course, you'll explore what a hybrid workplace entails and the resulting security risks. You'll then outline tips and guidelines to secure a hybrid workplace. You'll also learn about the security risks of the 'work from home' (WFH) working methodology and guidelines for securing it. Upon completing this course, you'll be able to classify the security challenges of a hybrid workplace and WFM situation, outline how to communicate these risks to employees to aid in risk prevention, and recognize the critical decisions when planning for a secure hybrid workplace.

Adequate risk management requires the policies, procedures, standards, and guidelines that encompass effective information security governance are in place. This course shows you how to incorporate security governance as part of a robust security strategy. Examine the many security governance elements. Outline how to design, implement, and continually evaluate your strategy based on best practices. Define how security governance relates to the CIA Triad and distinguish between security governance and security management. Furthermore, investigate IT governance frameworks and compare centralized, decentralized, and hybrid structures. After taking this course, you'll recognize what's needed to implement a sound and robust information security governance strategy at your organization.

Security breach incidents need to be handled effectively to prevent further occurrences. An incident management process based on best practices greatly helps deal with and thoroughly learn from incidents. Use this course to recognize the steps involved in the incident management process, the dependencies this process has on other processes, and who's involved in incident management. Examine the use of incident handling forms and incident prevention measures. Furthermore, study the signs employees should look out for and escalate that indicate a security breach event is occurring. After completing this course, you'll recognize how to use the incident management process to identify, manage, and prevent security breach incidents.

Business continuity planning (BCP) ensures an organization functions smoothly during an unplanned incident or disaster. In this course, you'll explore what comprises BCP and how you can employ its methods before, during, and after a disaster. You'll learn about the importance of a business continuity plan and what's needed to create an effective one. You'll differentiate a business continuity plan from disaster recovery and emergency action plans. You'll then investigate some of the individual BCP steps in more detail, including the business impact analysis (BIA), risk management plan, and incident response plan phases. Moving on, you'll study what's involved in post-disaster recovery planning. Finally, you'll explore how to achieve business resiliency and excellence in the face of a disaster and during a pandemic, examining not only how to get back to normal but also how to exploit new opportunities and grow.

Securing a workplace is a collaborative effort and requires contribution from everyone, including employees at all levels. It's a leader's role to educate and encourage everyone to build a security mindset into their daily practices. In this course, you'll learn how to foster a secure workplace. You'll start by exploring what comprises a secure workplace before examining best practices for achieving this state. You'll then outline best practices for developing a security policy. Next, you'll study how to conduct security awareness training, cultivate an organization-wide security mindset, and encourage employees to take ownership of the security processes. Finally, you'll learn about the role of security certifications, specifically the Cyber Maturity Model certification. You'll recognize what it comprises and how it applies to a secure workplace.

Final Exam: Mitigating Security Risks will test your knowledge and application of the topics presented throughout the Mitigating Security Risks track of the Skillsoft Aspire Security Essentials for Decision Makers and Leaders Journey.

Enhancing your security posture is an essential part of protecting yourself against generative artificial intelligence (AI) technologies. Monitoring and leveraging emerging generative AI technologies help organizations stay safe and secure while reducing manual work. In this course, discover why enhancing security posture is important, common security and cyber threats organizations are facing today, and the applications and advantages of using AI in cybersecurity. Next, examine the components of a successful cyberattack defense strategy and how to leverage machine learning (ML) in cybersecurity. Lastly, explore AI cybersecurity considerations and possible future trends of AI in cybersecurity. Upon course completion, you'll recognize how to monitor and utilize emerging generative AI technologies to help improve an organization's overall security posture.

Protecting intellectual property (IP) is an important part of any business. In this course, you will learn the fundamentals of intellectual property including copyright, trademarks, patents, and trade secrets. Discover how to defend against intellectual property infringement in the realm of generative AI, how using generative AI can result in IP infringement, and considerations to have when using generative AI solutions for yourself or your business. Then you will learn how to detect when your intellectual property has been infringed upon, identify risk areas, and determine what detection tools are available. Finally, you will explore legal considerations surrounding intellectual property and AI and investigate future trends of intellectual property in the era of AI. After completing this course, you will be ready to the crucial steps to detect and protect the intellectual property within your organization.

Generative artificial intelligence (AI) creates a variety of concerns in a number of different ways, so we must create governance to regulate these concerns. In this course, you will discover why governance in the realm of generative AI is crucial, how and by whom governance can be achieved, as well as the challenges and opportunities that arise with the use of generative AI. In addition, you will also explore how governments and legal bodies can regulate generative AI, and what regulations are already in place in the public sector. Then you will examine AI governance best practices, including engaging stakeholders, managing AI models, and building internal governance structures. Next, you will investigate the benefits of AI auditing and monitoring. Finally, you will learn how to implement a governance approach that includes user education, data and AI risk management, and regulatory compliance.

When using generative artificial intelligence (AI) content within your business, you need to know how to leverage it safely and effectively. In this course, you will learn about techniques used to identify AI-generated content and how to avoid possible misinformation that it can produce. You will investigate deepfakes and learn how to detect them. You will discover how to provide proper attribution when using generative AI content and how to avoid having any copyright issues. Next, you will explore industry use cases for generative AI, and more specifically, discover common use cases for boosting cybersecurity using generative AI. Then you will examine stakeholder considerations and possible generative AI challenges. Finally, you will focus on security protections, security risks, and mitigating risks associated with generative AI. Upon course completion you will be able to confidently take steps to secure your organization when using generative AI solutions.

The introduction of generative AI has created security, privacy, ethical, and moral implications for everyone involved. In this course, you will learn how and why generative AI is being used in security attacks, how to put countermeasures in place to defend against these attacks, and how to navigate and mitigate those attacks from happening. You will also explore the ethical and moral concerns that generative AI has created, how privacy plays a role in those concerns, and how to manage those risks. Then you will discover how generative AI can be leveraged by threat actors to perform data breaches, create malware threats, and coordinate social engineering attacks. Next, you will investigate how generative AI can be used maliciously to perform model manipulation and data poisoning. Finally, you will examine how to enhance protection controls using processes, governance, and ethics, and focus on common considerations for securing AI systems.

Final Exam: Generative AI Security Considerations will test your knowledge and application of the topics presented throughout the Generative AI Security Considerations track.