When it comes to wireless networks and remote access security, there are several threats you need to be on the lookout for. Bluesnarfing, Man-in-the-Middle attacks and the dangers of obsolete protocols are just a few. In this five-video course, the student will review WAN and remote access security: wireless networks, mobile systems, WAN technologies, remote access and secure communication protocols. This course also includes diagrams, vocabulary, definitions, protocol lists and examples.
They say an ounce of prevention is worth a pound of cure, and that’s what this course is about. Nine videos cover secure software development: from change control and software testing to software environment security, object-oriented programming, distributed computing, mobile code, malware and more, this course explores the details of ensuring that software development has security baked in right from the get-go. Take a closer look at software testing types, sample change control procedures and definitions of terms such as polyinstantiation and polymorphism.
Four videos cover the ins and outs of secure software design. Beginning with an introductory module on secure software design, we move on to secure system development life cycle (SDLC), software development models and maturity models. Take a closer look at the waterfall method, the spiral model, the agile software development method and more.
When trouble strikes, your preparations could mean the difference between disaster and a bump in the road. Review disaster recovery with six videos: Recovery Strategy, Recovery Process, Disaster Recovery Plan Testing, RAID (Redundant Array of Inexpensive Disks), Backups and Network Redundancy. Explore the development process for a disaster recovery strategy, look at the different models of disaster recovery plans and fallback sites, and compare Mean Time Between Failure (MTBF) and Mean Time to Repair (MTTR). Remember: “Nine-tenths of wisdom is being wise in time.”
It’s an old saying: hope for the best, plan for the worst. Business continuity planning means planning for the worst. Three modules take the student through the details of making sure your company continues operations: creating incident response plans and contingency plans, conducting a Business Impact Analysis (BIA), the National Institute of Standards and Technology’s Seven Steps to Continuity Planning and more. Learn the stages of incident management, the key metrics developed in a BIA and the ins-and-outs of recovery plans.
Seven videos reintroduce the student to the details of preventative and detective measures on a system. Beginning with log management, the course covers egress monitoring, configuration management, operations concepts, trusted recovery and patch management. Includes vocabulary and definitions, best practices and more.
“You’ve got no evidence!” criminals like to say. Actually, we do. This four-video course covers the fundamentals of computer crime investigations, from the types of crime to the investigation process, forensics and proper handling of evidence. Chain of custody, forensic timeline, computer crime categories and more will remind the student of the ins and outs of investigating crimes in the world of computers.
Twenty minutes is all you need to brush up on your database security. This brisk five-video course covers database architectures, database terminology, data mining, transaction management and database attacks. Includes details such as terminology, key types, database models, diagrams and more.
This course looks at three important parts of security assessment: goals, control testing and collecting, analyzing and reporting security data. In four videos, students will be introduced to the ins and outs of penetration testing: testing a system from an attacker’s point of view, monitoring a system’s vulnerabilities, planning for and performing a test, the Rules of Engagement when attacking a client’s system, the nitty-gritty of security auditing and more. Every system has a weakness, and sometimes, it’s your job to find it before your enemies do.
Twenty-two videos cover everything you want to know about access control fundamentals. Beginning with access control basics (definitions and subject-object relationships), we move on to access control categories, authentication, account management, Single Sign-On (SSO) and Kerberos, the three forms of user authentication and the arguable fourth form, remote authentication services and much more. This is a complex subject, but our Access Control Fundamentals course dives deep and dredges up the answers for you.
Take a closer look at distributed systems and virtualized networks with this four-video course. Beginning with Virtual Private Networks (VPNs) and Virtualized Local Area Networks (VLANs), the student will be introduced to the fundamentals of distributed and cloud computing, virtualization and virtualized networks. Why is virtualization a good choice, and what are its weaknesses? What’s the difference between Infrastructure-as-a-Service and Platform-as-a-Service? Includes definitions and diagrams.
Securing a network is a lot like securing a building: there are many possible protection mechanisms, and even more possible ways for the intruder to get in. In this course, six videos take the student through the essentials of secure network design. From firewalls and the so-called demilitarized zone (DMZ) to honeypots, honeytokens and honeynets, endpoint security and the many flavors of authentication protocol, learn to identify the potential chinks in a system’s armor — and how to make them secure.
Two videos introduce you to the basic principles of security governance, beginning with a close look at the CIA (Confidentiality, Integrity and Availability) triad and what it means for a well-designed system. Includes an examination of the DAD (Disclosure, Alternation and Denial) triad, which opposes CIA. We also look at security governance fundamentals and the importance of roles, developing proper organization processes, aligning business objectives with strategies and a wide array of sample security roles and responsibilities.
Review everything you ever needed to know about network fundamentals with this fourteen-video course. Beginning with OSI (Open Systems and Interconnection) protocols and layers, this course explores the TCP/IP model, network devices and security, IP networking, multi-layer protocols, Dynamic Host Configuration Protocol (DHCP), network cabling and topology, signaling types and much more. Take a closer look at switched and permanent virtual circuits, or find out what DORA or POTS stands for. It’s all here!
Take a closer look at data center security with four videos covering the big picture of data center security, media storage, fire safety and utilities and HVAC (heating, ventilation and air conditioning) systems. Why is prevention the best solution for fire? What’s the difference between a safe, a vault and a container, and why does it matter? Full details on everything you need to know about data center security and protecting your organization’s servers from disaster.
Physical security is any organization’s first line of defense, and understanding it is key. Learn the hows and whys of physical security with eight videos covering facility design and construction, perimeter defenses, internal facilities security, physical intrusion detection, personnel safety and more. Discover the difference between deterrent, detective and preventive controls, and learn about crime prevention through environmental design (CPTED), piggybacking, tailgating, defense-in-depth in physical security and appropriate choices of locks and keys.
Well-designed systems will always attempt to protect themselves, but they can’t do it alone. And that’s where you come in. Seven videos introduce the student to the fundamentals of system protection mechanisms, beginning with Trusted Computing Base (TCB) and covering common architecture flaws, Web-based vulnerabilities, covert channels, embedded systems and more. Compare and contrast open and closed systems, look at the five protection rings of a system and even refresh your knowledge of computer components with this course!
Systems engineering applies through the entire process of development, from concept until final disposal. And to keep your system secure, you need to understand the principles of secure design. Nine modules take the student through security models, evaluation models, popular security models (such as Bell-LaPadula, State Machine, Clark & Wilson and more), common criteria and the certification and accreditation process, with quick stops at useful items such as the Rainbow Series and the secure design life cycle. Includes vocabulary, definitions, lattice diagrams and even some notes on obsolete models.
What is Diffie-Hellman key exchange? Or quantum key cryptography? This course will answer all of your questions about public key infrastructure. Beginning with in-depth definitions of terms (including Certificate Authority, Registration Authority and Certificate Repository), this course takes a close look at public key infrastructure components, PKI certificates, key management and key exchange. Everything from an explanation of an X.509 digital certificate to the dangers of software-based key storage, all in four videos.
Cryptography is the science of securing information, and in today’s security-obsessed world, cryptography is more important than ever. In eight videos, the student explores the fundamentals of symmetric and asymmetric cryptography, cryptographic attacks, hybrid cryptography, ciphers and more. This course offers vocabulary and definitions, example diagrams, a close look at cryptographic algorithms and everything you ever wanted to know about keys. We also touch on the CIA triad and the use of hashing and digital signatures to ensure confidentiality, integrity and non-repudiation.
Here are two questions everyone will eventually need to ask themselves: What do I have, and where is it? This seven-video course gives the student the tools to answer those questions by taking them through the minutiae of asset security. Beginning with managing sensitive data and basic principles such as need-to-know and definitions of important terms (quality control and assurance, data owner, data custodian and more), we conduct a deeper dive into six key topic areas: data remanence, data at rest, data in transit, data ownership, data security controls and classification.
Organizations know the importance of planning ahead, and that’s what this course is about. A five-video series introduces you to security policies, procedures, standards, baselines and guidelines. Take an in-depth look at personnel security, the most common control frameworks, service-level agreements and the various types of security documents. What’s the difference between a policy and a procedure? Come find out!
It’s nearly impossible to completely eliminate risk, but there are steps you can take to reduce it. This nine-video series on risk management takes a close look at risk management: definitions, tools, notable risk frameworks such as the NIST Risk Management Framework (RMF) and other Special Publications and the process of calculating risk. We also touch on threats and threat agents, the difference between due diligence and due care, and tips and best practices for ensuring that your employees are security-conscious and aware of risks. People are always the weakest link, so take an hour to learn how to strengthen them.
Information is increasingly subject to legislation, and that means companies have a choice between regulatory compliance or legal trouble. Five videos give the student a look at the nitty-gritty of regulatory compliance, from the laws and regulations that protect data privacy rights (the Health Insurance Portability and Accountability Act, the California Consumer Privacy Act and more) to issues of intellectual property, the challenges of keeping data safe in an international market and the ethical codes an information security professional is expected to follow.