This course introduces these important information security concepts: identification, authentication, authorization and accounting (IAAA). It defines the terms, explains the IAAA process and provides an overview of the identity and access management concepts and services, including federation, Single Sign-On (SSO), transitive trust, RADIUS, TACACS+, Kerberos and others.
This course covers the fundamental concepts of access control. It introduces common access control models (MAC, DAC, RBAC, ABAC and Rule-Based Access Control) and covers mechanisms for implementing physical and logical access control. The course also covers important account and credential management concepts, including types of user accounts, access policies, secure account management and password security.
This course covers the following network security topics: network security devices and placement, network topologies and security zones, and network segregation, segmentation and isolation. It briefly introduces a wide variety of security device types, from sensors to firewalls and load balancers. The terms intranet, extranet, and demilitarized zone (DMZ) are defined and explained, along with the concepts of Network Address Translation (NAT) and honeynets. The segregation/segmentation/isolation part of the course provides a basic understanding of physical and logical separation and explains the VPN tunneling mechanism.
This course explains the core hardware, firmware and operating system security concepts, including hardware root of trust, full-disk encryption, hardware security module and Trusted Platform Module, secure boot and others. It introduces different types of operating systems and basic hardening techniques. Peripheral device examples and security concepts are also covered.
This course introduces basic concepts related to secure software and application development. The Waterfall and Agile implementation methods of the software development life cycle (SDLC) are covered, along with the key secure devops concepts including baselining, immutable systems, version control and change management. Other topics in the course include secure coding techniques, code quality and testing and embedded systems security.
This short course introduces common physical security controls, from perimeter defenses such as fences and lighting to environmental controls and physical intrusion detection. The course explains how each control is used for security and highlights benefits and downsides of using some of the controls.
This course introduces the fundamental concepts of cryptography. It covers the key terminology (algorithm, key, cipher and more) and common use cases for cryptography. The course explains the difference between symmetric and asymmetric encryption, talks about common symmetric and asymmetric algorithms, provides an overview of common hashing algorithms and touches upon common implementation concerns.
This courses introduces the key concepts of information security risk management. It explains the purpose of risk assessments and how quantitative and qualitative risk assessments are performed. Important risk assessment terminology is covered, including Single Loss Expectancy (SLE), Annual Rate of Occurrence (ARO), Annual Loss Expectancy (ALE) and others. The Business Impact Analysis (BIA) concepts are explained, including Recovery Point Objective (RPO), Recovery Time Objective (RTO), Mean Time Between Failures (MTBF), Mean Time To Repair (MTTR) and Single Point of Failure. The course also covers threat assessment, risk response techniques (accept, transfer, avoid, mitigate), and security documents (policies, procedures, service-level agreements and more).
This course introduces Business Continuity Planning (BCP) and Disaster Recovery (DR) planning and procedures. Different types of recovery sites (hot, warm, cold) are compared and restoration procedures are explained. The course also explains different types of backups: full, differential and incremental, as well as considerations for selecting backup locations.
This introductory course provides an overview of security control categories (administrative, physical, technical) and types (deterrent, preventive, detective, corrective, compensating). The course also introduces important data security concepts: data sensitivity types (classification) and secure data destruction/sanitization.
This course provides an overview of common security threats and threat actors. It defines common types of threat actors, from script kiddies to Advanced Persistent Threats (APTs), and explains their motivation and intentions. Information security threats covered in this course include malware, social engineering, application and service attacks, wireless attacks and attacks on cryptography.