Description:
This course explores the general concepts of threat mitigation for SecOps (security and operations) engineers. In this 13 videos, learners will observe the three basic concepts for threat mitigation and threat intelligence: identification, prevention, and responses. This course examines acceptable risk levels. You will analyze malware classification, such as viruses, worms, logic bombs, and backdoor software. You will learn to mitigation malware, and threats to websites; and examine types of ransomware, including Cryptolocker, Cryptowall, WannaCry, and Bad Rabbit, as well as explore possible solutions. You will learn how DoS (denial of service) is conducted, and see examples of specific attacks; then examine cross-Site Scripting, parameter traversal, and cross-Site Request Forgery. You will learn to address insider threats, and how to mitigate social engineering, phishing, and insecure protocols. Learners will examine how to integrate analysis into mitigating these threats. Finally, this course explores cyberthreat intelligence, and suggests that you subscribe to the National Vulnerability Database, and its feeds.
Target Audience:
Duration: 00:58
Description:
This course explores basic concepts of the cloud and IoT (Internet of things), and examines common security threats, a somewhat new and neglected area of cybersecurity. In this 8 video course, you will examine the cloud concept of distributed storage, and how IoT uses the cloud. First, examine the basics of cloud architecture, and some of the variations. You will learn that a private cloud is an expensive solution, and examine the security advantages of using a private cloud, in which one organization has full control over cloud security, and does not share the cloud with data from other organizations. You will learn about the available public cloud services, including Amazon, Microsoft Azure, and the iCloud for Apple devices. There are two basic advantages to using a public cloud: the cost, and cloud vendors specialize in cloud administration and security. You will also examine concepts and practices for cloud security, for both the cloud and IoT, including least privileges, and the CIA triangle.
Target Audience:
Duration: 00:33
Description:
Explore fundaments of cybersecurity and engineering in this 10-video course, which examines the fundamental concepts of the CIA (confidentiality, integrity, and availability) triangle, and views security operations, security planning, engineering, application security through these three concepts. First, learners will examine the more advanced version: the McCumber Cube. You will learn to integrate systems engineering into cybersecurity, and explore requirements engineering, and how to gather requirements. Next, learn how to analyze them, to apply security requirements engineering techniques, and to finalize project requirements. You will be introduced to SecML (Security Modeling Language) which takes SysML (System Modeling Language) used by systems engineers, and to modify portions of it to be specific to cybersecurity. You will examine how SecML can be used to create both offensive and defensive security mitigation controls. This course examines security metrics, and how to apply engineering failure analysis methods to cybersecurity. Finally, you will observe how to incorporate security requirements engineering into cybersecurity, and the relevance of regulatory requirements.
Target Audience:
Duration: 00:34
Description:
This 13-video course explores software protection by applying secure development and coding practices. Learners will examine secure coding key concepts, including early and frequent testing, and how to validate to ensure it is the proper kind of data, and the proper size, type, and format. First, the course demonstrates how to set up a simple filtering statement to improve software security. You will learn how to constrain user input, by implementing a drop-down box or radio buttons. You will also learn the top 10 rules established by CERT (Computer Emergency Response Team) for secure programming, and how to operationalize secure software deployments, as well as continuous secure delivery to quickly update changes and upgrades. Learners will explore verification, and secure validation software metrics to measure and improve software. You will learn to use C# code, evaluate both secure and unsecure parts, for the web and Windows code, and learn to secure code with Python. Finally, you will learn to secure code with Java.
Target Audience:
Duration: 00:52
Description:
This 13-video course explores SecOps (security and operations) engineering concepts. Learners will observe how security and operations are fused together, and learn to integrate system infrastructure security with normal business operations by applying engineering principles. Begin by learning the steps for infrastructure hardening of the operating system, including server workstations, routers, devices. You will examine server hardening, including how to turn off unneeded services, and remove unneeded software. Next, learn how to analyze and harden Windows 10, and to use security devices, and implement intrusion detection and prevention systems. You will examine the practical use of IDS (intrusion detection system) to detect activity that appears to be a possible intrusion, to log it, and to notify the administrator. You will then examine IPS (intrusion prevention system), which takes the additional step of shutting down the suspicious activity. Finally, you will explore firewall concepts, including stateless firewalls, how to use SPI (stateful packet inspection), and how to place them to improve your security network.
Target Audience:
Duration: 01:01