What roles do humna resources and legal departments play in ensuring that an enterprise is run securely? During this course, you will explore the governance, compliance, and business continuity planning domains for the enterprise security practitioner and engineer. You will observe how these departments must work closely with the security policy steering committee to enforce personnel security policies and procedures. See how to apply risk assessment and analysis techniques; study how to respond to risks, including measurement and monitoring. Discover how to implement threat modeling concepts and methodologies. Learn to apply risk-based management concepts to the supply chain. Also learn to build and maintain security training programs. Finally, as a review exercise, you will examine various IT security controls.

Explore the domain areas concerning governance, compliance, and business continuity planning for the enterprise security practitioner and engineer. In this course, you will evaluate and apply security governance principles to various situations. You will learn how to determine contractual, legal, industry standard, and regulatory requirements. Then you will move on to review privacy principles, requirements, and legal/regulatory considerations. From there, you will see what is needed to develop, document, and implement security policies, standards, procedures, and guidelines, as well as business continuity and disaster recovery plans. Other topics include learning how to align security functions with business strategies and objectives; ensuring compliance with due care and due diligence; identifying and analyzing cybercrimes and data breaches; comparing import/export and transborder data controls. Finally, you will examine licensing, intellectual property, and privacy requirements.

Find out what is involved with security assessment and testing. In this course, you will walk through steps you can take to support investigations. Examine resource provisioning and protection requirements, such as maintaining a chain of custody (CoC) to handle evidence. Learn key points about how to log and monitor operations, implement tests of security controls and processes, design and validate audit strategies, conduct security audits, and analyze test output. As a review exercise, you will describe how to effectively assess and test security.

Explore the subject of security concerns and management tasks of continuous security operations and initiatives. During this course, you will review various operations security principles and see how to conduct or facilitate security audits. You will identify asset inventory measures and asset management controls. See how to manage configurations and changes and spot the differences between change management and configuration management. Compare features of privileged and service accounts. Finally, consider legal issues related to information security, such as service level agreements (SLAs), non-disclosure agreements (NDAs), and operational level agreements (NLAs).

Explore the Software Development Life Cycle (SDLC), as well as how to secure and manage the software development and application development environments. You will begin by dentifying the main software development phases: requirements, acquisition (development), test and evaluation, and commissioning/decommissioning, and how security is integrated. Next, you will examine various development security controls for development; and apply secure coding techniques to meet standards and best practices. As a review exercise, you will list four development security controls, name six secure coding techniques, and name four software development methods.

Discover how to implement secure architectures and controls for communication and network security. In this course, you will learn about secure design principles for networks, secure network components, OSI TCP/IP models, multilayer and converged protocols. Other topics covered include the following: signal transmission media, Network Admission Control (NAC) endpoint security, content-distribution networks, unified communications, wireless networking, remote access technology, and virtualized network security. As you conclude, there will be a review exercise, where you will list four security architecture principles, name three common security components of network switches, list three types of proxies, name four features of unified communications, and list five SIEM system features.

Discover various methods for incident handling, disaster recovery, and business continuity, for enterprise. During this course, you will learn how to conduct detective and preventative measures, implement patch and vulnerability management, participate in change management processes, and setup a disaster recovery plan (DRP). You will observe how to test disaster recovery plans and identify elements of a business continuity plan (BCP). You will also examine physical security needs, such as confidentiality, integrity, and availability (CIA) requirements for an organization. From there you will observe how to assess environmental, man-made, supply system, and political threats, as well as their impacts; and consider protective measures for physical security, such as surveillance, lighting, tokens, biometrics, and Faraday cages. Finally, you will learn how to address personnel safety and security concerns.

Gain an advanced knowledge of cryptographic systems, life cycles, techniques, and methodologies. This course introduces you to cryptology and cryptographic systems. It then examines integrity and hashing in relation to cryptography, explores cryptographic methods and techniques, and discusses the nature of cryptanalytic attacks. You will then learn about the phases of the cryptographic life cycle, digital signatures, and the use and function of public key infrastructure (PKI). From there, you will go on to consider key management practices, such as key stretching, pinning, key escrow, and hardware security modules (HSM). Finally, as a review exercise, you will list three types of ciphers, three types of cryptographic hashing, and three different hashing algorithms.

Explore domain topics related to management, control, deployment, and accountability of various identity and access services in the enterprise, as well as the provisioning life cycle.In this course, you will learn about control physical and logical asset access, identification and authentication of entities, identity integration, authorization mechanism implementation, access control models, identity management implementation, access review and provisioning, and Federated Services. As a review exercise, you will list three examples each of Federated Services, military asset classification labels, and commercial asset classification labels.

Discover security principles and management tasks of continuous security operations and initiatives. Learn about protocol analyzers, network scanners, vulnerability scanners, and other continuous monitoring systems. Review egress monitors as well as security information and event management (SIEM) systems. Examine various types of intrusion detection and prevention methods, such as NIDS and NIPS. Walk through forensic investigative processes. Explore digital forensics tools, tactics, and procedures. Observe reporting and documentation techniques, as part of a post-incident response, including root cause analysis and an after-action report of lessons learned.

Explore the world of security engineering, such as the engineering processes that use secure design principles. In this course, you will start by becoming familiar with security architecture and engineering practices. You will then compare various security models, such as the state machine, lattice, noninterference, information flow, Bell-LaPadula confidentiality, and Clark-Wilson integrity models. Next, you will learn how to select various technical controls based on a system's requirements. Other topics include: how to compare security capabilities of one system to another, and how to mitigate vulnerabilities in security architectures and designs. You will conclude the course with a review exercise on how to describe security engineering and design. In the exercise, you will list four principles of secure network design, name five common attributes of next generation firewalls, name four proxy types, and list three rules of the Bell-LaPadula model.

Explore the domain of physical security as it relates to the corporate facility and on-site locales. In this course, you will learn about wiring closets, intermediate distribution, security controls for server rooms and data centers, media storage facilities, and evidence storage techniques and practices. Other topics include restricted work area security, utilities and HVAC intrusion protection, environmental controls, and fire prevention, detection, and suppression techniques. As a review exercise, you will name three types of keyless locks, list for types of motion detectors, list three security best practices to store evidence, and list four security practices that the Kraken bitcoin exchange uses for administrative, technical, and physical controls.

Explore the domain of security assessment, design, and mitigation for web-based, mobile, and embedded systems. This course will start by examining common web-based attacks, such as SQL injection, cross-site scripting (XSS), cross-site request forgery (CSRF), carjacking, clickjacking, and cookie exploits. Next, you will learn how to evaluate general strategies to mitigate vulnerability. The course then moves on to mitigation strategies fo rmobiles, such as containerization, sandboxes, wrappers, secure encrypted enclaves, TPM, and tokenization. You will then study enterprise mobility management methods, privacy concerns, and security issues. Other topics include how to assess vulnerabilities and common threats for embedded devices; and how to walk through methods to reduce embedded device vulnerability. Finally, as a review exercise, you will describe how to assess and mitigate systems vulnerabilities.