Organizations with little experience in risk management will want to look to national and international organizations for guidance in designing and implementing their risk management efforts. There are two dominant organizations that offer guidance in this area: the U.S. National Institute for Standards in Technology (NIST) and the International Standards Organization. This course examines the risk management frameworks and standards offered by these organization and then discusses other available approaches. The course concludes with a discussion of applications and tools to support the organization’s risk management effort.

Course 8: Maturing Risk Management In management science terms, maturing a process or practice means taking positive steps over time to make it more reliable, repeatable and efficient. In practice, this means getting better every day, while showing the measurements that demonstrate improvement and suggest other opportunities to improve. As we saw in chapters one and two risk management for information intensive organizations works best when using evidence-based reasoning to identify, characterize, and take actions as necessary to resolve the issues. Course eight will bring together numerous threads that are intrinsically related to managing the risks associated with information systems. Also, we know that cyber attack is a risk for all organizations. In this course, we will focus on bringing these ideas together in a context of continuous maturity modeling, measuring and monitoring. Risk alignment works best at the strategic long-term level of planning. By contrast risk maturation can be most effective when considered in day-to-day business operations. This is sometimes called operationalizing one's approach to risk management and maturation. Operationalizing risk management asks us to take the life cycle models about systems, software and data and connect or pivot them around business operations. We'll take on the view of the workers who use the business logic and the systems or the people who oversee the robotics and internet of things on the factory or warehouse floor and see how each of the different security disciplines brings something to them. This course has five modules. Module one focuses on change management and reveals how this detailed administratively intense process plays a primary role in protecting information systems. We'll also look at its vital contributions to incident response and remediation. Module two shows how physical security design principles are used to monitor and control the flow of physical objects in and out of various security zones. This module also considers the operational effects of safety planning and preparation on people and property, as well as availability and integrity of systems and information. Module three provides a different attitude and mindset about empowering and enabling the people in the organization to become more effective contributors and proponents of its information security. Security training programs have failed to help people complete their job safely and securely. New concepts such as micro chaining demonstrates that security education and awareness can add value to the security process. Module four shows us that system security assessment should be an ongoing task. Security has always involved continuous vigilance and integrity. Formal and informal audits demonstrate just how effective an organization's security controls are. As its process of maturing those controls continues to improve their performance. Module five brings many of these ideas and concepts together through business continuity and disaster recovery planning. The emphasis will be the operational support of these tasks, both in the planning and execution stages. We've prepared the foundations so you can bring concepts covered thus far into a cohesive daily operational context. Course 8 Learning Objectives After completing this course, the participant will be able to:  L8.1 - Identify operational aspects of change management. L8.2 - Summarize physical security considerations. L8.3 - Design a security education and awareness strategy. L8.4 - Recognize common security assessment activities. L8.5 - Classify the components of a business continuity plan and disaster recovery plan. Course Agenda Module 1: Participate in Change Management (Domain 1 - Security Operations and Administration) Module 2: Physical Security Considerations (Domain 1 - Security Operations and Administration) Module 3: Collaborate in Security Awareness and Training (Domain 1 - Security Operations and Administration) Module 4: Perform Security Assessment Activities (Domain 3 - Risk Identification, Monitoring and Analysis) Module 5: Understand and Support the Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP) (Domain 4 - Incident Response and Recovery) Who Should Take This Course: Beginners Experience Required: No prior experience required

The course is awarded The Best Free Online Courses of All Time, and Best Online Courses of the Year (2021 Edition) by Class Central (http://www.classcentral.com). --- Information systems (IS) are important assets to business organizations and are ubiquitous in our daily lives. With the latest IS technologies emerging, such as Big Data, FinTech, Virtual Banks, there are more concerns from the public on how organizations maintain systems’ integrity, such as data privacy, information security, the compliance to the government regulations. Management in organizations also need to be assured that systems work the way they expected. IS auditors play a crucial role in handling these issues. In the course “Information Systems Auditing, Controls and Assurance”, you will explore risks of information systems, and how to mitigate the risks by proper IS Controls. You will also get familiar with the IS Audit procedures and how they are applied during the IS development throughout the Systems Development Life Cycle (SDLC). Finally, you will get to observe how we can make the system changes more manageable using formal IS Management practices, such as Change Management Controls and Emergency Changes. The conversations between the course instructor - Prof. Percy Dias, and the IS auditing practitioner will give you a concrete idea on how IS auditors perform their duties, the qualities to become IS auditors and future prospects of IS auditing industry. This course is suitable for students and graduates from Information Systems, Information Technology and Computer Science, and IT practitioners who are interested to get into the IS auditing field. It is also a good starting point for learners who would like to pursue further studies for IS audit certifications – such as Certified Information Systems Auditor (CISA).

Explore the C and C++ languages. Look at the specificity of the C/C++ languages and how this impacts security, ways C/C++ can interact with the external world, error handling, the execution environment and much more.

The Windows Registry Forensics course shows you how to examine the live registry, the location of the registry files on the forensic image, and how to extract files.

I’ve heard this before – “I’m not sure my computer security practices are working”. I reply “Have you tested them?” This course is the fourth and final course in the Practical Computer Security specialization. In this course, you’ll learn how to proactively test what you have put in place to protect your data. In the first week you’ll be able to discuss the basics of deterrents and how to “trick” attackers into believing they’ve hit a goldmine of data away from your real systems. In week 2, you’ll be able to understand and discuss the steps of penetration testing methodology. In week 3, you will be able to understand and apply what you have learned on your own systems to test whether your systems are secure or not. In week 4, we’ll discuss planning for your own methodology that you can apply to your own systems. And finally in week 5, we’ll finish up with a project that will allow you to test your skills in a safe environment.

This course is an introduction and an overview to the basic principles of cybersecurity Governance and Strategy. It provides guidance on determining information security objectives and how to measure progress toward achieving them. It is an exposition on the rationale and necessity for senior management to integrate information security into overall organizational governance at the highest levels.

In this 1-hour long project-based course, you will learn how to use simple commands to create and manipulate files and folders, perform multiple complex tasks using one simple command, use the superuser to perform high privilege operations.

This course will help you to build a basic understanding of NIST cybersecurity fundamentals. You will learn about the RMF process and managing risk by identifying, assessing and responding to risk. Additionally, you will learn how to use the framework to assess an organization's cybersecurity risk and the steps to implement or improve a cybersecurity program. The Cybersecurity Framework skill path introduces the framework for improving infrastructure cybersecurity.

Whether you are accessing a bank website, Netflix or your home router, chances are that your computer is interacting with a Linux system. The world runs on Linux. In this course, we will dive into how Linux works from an enterprise perspective. In week 1 we will look at what Linux is used for in the enterprise. By the end of week 1, you will be able to differentiate between different versions of Linux and understand how they are used in an enterprise environment. In week 2, we will explore how Linux systems are configured. By the end of week 2, you will be able to demonstrate different Linux commands and how they are used. You will also be able to interact with a Linux system. In week 3, we will explore Linux authentication mechanisms and how to add users and user controls to a Linux system. By the end of week 3, you should be able to demonstrate how to appropriately add users to a Linux machine and secure them. In week 4, we will explore how to harden a Linux system. By the end of week 4, you should be able to classify different technologies to secure Linux and differentiate access control methods for Linux applications.