Information Security Fundamentals

The Information Security Fundamentals skills path teaches you critical knowledge of hardware, software and network security. You'll learn about popular security concepts, controls and technologies, as well an overview of risk management, incident response and disaster recovery.

Course

Identification and AAA

16 minutes

This course introduces these important information security concepts: identification, authentication, authorization and accounting (IAAA). It defines the terms, explains the IAAA process and provides an overview of the identity and access management concepts and services, including federation, Single Sign-On (SSO), transitive trust, RADIUS, TACACS+, Kerberos and others.

Course

Access Control Fundamentals

21 minutes

This course covers the fundamental concepts of access control. It introduces common access control models (MAC, DAC, RBAC, ABAC and Rule-Based Access Control) and covers mechanisms for implementing physical and logical access control. The course also covers important account and credential management concepts, including types of user accounts, access policies, secure account management and password security.

Course

Secure Network Design

14 minutes

This course covers the following network security topics: network security devices and placement, network topologies and security zones, and network segregation, segmentation and isolation. It briefly introduces a wide variety of security device types, from sensors to firewalls and load balancers. The terms intranet, extranet, and demilitarized zone (DMZ) are defined and explained, along with the concepts of Network Address Translation (NAT) and honeynets. The segregation/segmentation/isolation part of the course provides a basic understanding of physical and logical separation and explains the VPN tunneling mechanism.

Course

Hardware and OS Security

16 minutes

This course explains the core hardware, firmware and operating system security concepts, including hardware root of trust, full-disk encryption, hardware security module and Trusted Platform Module, secure boot and others. It introduces different types of operating systems and basic hardening techniques. Peripheral device examples and security concepts are also covered.

Course

Software and Application Security

23 minutes

This course introduces basic concepts related to secure software and application development. The Waterfall and Agile implementation methods of the software development life cycle (SDLC) are covered, along with the key secure devops concepts including baselining, immutable systems, version control and change management. Other topics in the course include secure coding techniques, code quality and testing and embedded systems security.

Course

Physical Security

9 minutes

This short course introduces common physical security controls, from perimeter defenses such as fences and lighting to environmental controls and physical intrusion detection. The course explains how each control is used for security and highlights benefits and downsides of using some of the controls.

Course

Introduction to Cryptography

30 minutes

This course introduces the fundamental concepts of cryptography. It covers the key terminology (algorithm, key, cipher and more) and common use cases for cryptography. The course explains the difference between symmetric and asymmetric encryption, talks about common symmetric and asymmetric algorithms, provides an overview of common hashing algorithms and touches upon common implementation concerns.

Course

Risk Management Concepts

23 minutes

This courses introduces the key concepts of information security risk management. It explains the purpose of risk assessments and how quantitative and qualitative risk assessments are performed. Important risk assessment terminology is covered, including Single Loss Expectancy (SLE), Annual Rate of Occurrence (ARO), Annual Loss Expectancy (ALE) and others. The Business Impact Analysis (BIA) concepts are explained, including Recovery Point Objective (RPO), Recovery Time Objective (RTO), Mean Time Between Failures (MTBF), Mean Time To Repair (MTTR) and Single Point of Failure. The course also covers threat assessment, risk response techniques (accept, transfer, avoid, mitigate), and security documents (policies, procedures, service-level agreements and more).

Course

Business Continuity and Disaster Recovery

12 minutes

This course introduces Business Continuity Planning (BCP) and Disaster Recovery (DR) planning and procedures. Different types of recovery sites (hot, warm, cold) are compared and restoration procedures are explained. The course also explains different types of backups: full, differential and incremental, as well as considerations for selecting backup locations.

Course

Introduction to Security Controls

17 minutes

This introductory course provides an overview of security control categories (administrative, physical, technical) and types (deterrent, preventive, detective, corrective, compensating). The course also introduces important data security concepts: data sensitivity types (classification) and secure data destruction/sanitization.

Course

Threats and Threat Actors

1 hour, 0 minutes

This course provides an overview of common security threats and threat actors. It defines common types of threat actors, from script kiddies to Advanced Persistent Threats (APTs), and explains their motivation and intentions. Information security threats covered in this course include malware, social engineering, application and service attacks, wireless attacks and attacks on cryptography.

Course

Introduction to Incident Response

56 minutes

Course

Networking Fundamentals

31 minutes