In this course, we will look at the OWASP organization and what its purpose is. We’ll dive into the details of how they create the Top Ten list: where it comes from, how they calculate the severity of each risk and how they determine where each risk ranks. We also review the possible disparity between OWASP’s ranking and your own organization’s ranking, depending on your needs. We will also examine Broken Access Control, Cryptographic Failures, Injection Attacks, Insecure Design and Security Misconfiguration. We’ll use demos, graphics and real-life examples to help you understand the details of each of these risks.

The ultimate destination for a security manager is the Chief Information Security Officer (or Chief Security Officer) a senior executive role responsible for all cybersecurity operations in the organization. But how do you get from entry-level IT or security employee to the CISO’s office and what do you need to know when you get there? This course examines the career path and requirements to be an effective CISO, as well as the roles and responsibilities of the position. In this course, a learner will be able to: ● Identify the career development and path of a Cybersecurity professional from entry-level to CISO ● Define and describe the role and function of a CISO in planning for cybersecurity ● Identify the development of a cybersecurity governance program and the role the CISO would play in it ● Discuss the strategic responsibilities of the CISO in overseeing an organization’s cybersecurity program

In this course, you will learn about Aruba ClearPass deployment and integration with key cloud products. Aruba ClearPass is an industry leading security solution that provides comprehensive visibility, control, and automated network enforcement to enterprise IT. In Part 1 you will get an understanding of ClearPass deployment in Microsoft Azure and integration with Azure AD and Intune. In Part 2 we will discuss and demonstrate ClearPass integration with Google cloud identity and MDM. This course requires an understanding of network security and cloud providers, we recommend the Aruba Networking Security Basics and Aruba Cloud Basics courses for a refresher.

This is a self-paced lab that takes place in the Google Cloud console. In this lab, you will learn how to install a score-based site key with no challenge on your website. With the score-based site key, you can include reCAPTCHA Enterprise throughout your site without requiring users to solve CAPTCHA challenges.

This course covers a wide variety of IT security concepts, tools, and best practices. It introduces threats and attacks and the many ways they can show up. We’ll give you some background of encryption algorithms and how they’re used to safeguard data. Then, we’ll dive into the three As of information security: authentication, authorization, and accounting. We’ll also cover network security solutions, ranging from firewalls to Wifi encryption options. The course is rounded out by putting all these elements together into a multi-layered, in-depth security architecture, followed by recommendations on how to integrate a culture of security into your organization or team. At the end of this course, you’ll understand: ● how various encryption algorithms and techniques work as well as their benefits and limitations. ● various authentication systems and types. ● the difference between authentication and authorization. ● how to evaluate potential risks and recommend ways to reduce risk. ● best practices for securing a network. ● how to help others to grasp security concepts and protect themselves.

This is a self-paced lab that takes place in the Google Cloud console. In this lab, you will learn how Kubernetes Engine security features can be used to grant varying levels of privilege to applications based on their particular requirements

Course 7: Incident Detection and Response Welcome to course seven, Incident Detection and Response. Having an intruder inside your systems for months unnoticed by your systems, administrators, security specialists, and end-users is tantamount to giving the intruder, the keys to your business or organization. In many cases, organizations discover that they have been subjected to a data breach when they are told by others that their private data has been offered for sale on the dark web. Many leading voices within the security profession state that we all must do better to detect the intruders in our myths. Many people even say that detecting intruders should be the priority for security professionals. Ransomware attacks have become a big business involving not only large scale extortion attacks, but also the sell of ransomware attack tools and services, as well as the exploitation of any data ex-filtrated during the breach. Government officials and industry professionals worldwide have been raising their voices about this new and very troubling variant in the business model of advanced persistent threat or APT attackers. In this chapter, we'll focus on intrusion and incident detection. Many of the tools, techniques, technologies, and ideas, you'll see here have already been examined in previous chapters. This course brings them together and begins by discussing the central theme of detecting the intruder. Model one uses the concepts of precursors and indicators, the signals that give us advanced warning and a genuine alert about a risk event and the indicators of compromise concept which are those signals that we're certain can only mean a hostile agent has gained access. Module two will extend these ideas and concepts around the idea of what to do after you've discovered a possible intrusion, expanding your understanding of incident response. Module three continues with a deeper look at supporting forensic investigations. Forensics is an evidence-based process of logically and dispassionately reasoning about a situation or an event. It's your inner child, looking at something and asking questions. Then following each of those questions with more questions, letting the facts that you find frame and shape your growing understanding of what happened, how why and where, who did it and what impacts it may have. With these questions answered you can circle back to reviewing risk mitigation controls to see which if any, need to be modified, replaced or augmented. Course 7 Learning Objectives After completing this course, the participant will be able to:  L7.1 - Review the steps for monitoring, incident detection and data loss prevention using all-source intelligence. L7.2 - Identify the elements of an incident response policy and members of the incident response team (IRT). L7.3 - Classify the security professional’s role in supporting forensic investigations. Course Agenda Module 1: Operate All-source Intelligence for Monitoring and Incident Detection (Domain 3 - Risk Identification, Monitoring, and Analysis) Module 2: Support Incident Lifecycle (Domain 4 - Incident Response and Recovery) Module 3: Understand and Support Forensic Investigations (Domain 4 - Incident Response and Recovery) Who Should Take This Course: Beginners Experience Required: No prior experience required

In this 1 hour long project-based course, you will learn to configure and manage Azure Key Vault along with the sensitive data stored inside. First, we will learn to create an Azure Key Vault within the Azure portal. Then we will learn to create keys, secrets, and certificates on the Azure Key Vault using PowerShell and the Azure portal. We will also assign a Key Vault contributor role to an existing user. You will also discover how to configure access policies in order to grant permissions to the Key Vault objects and store the connection strings of the storage account and Azure SQL database to secrets in Azure Key Vault. Finally, we’ll explore how to use Azure Key Vault in the Azure data factory. You must have an active Azure account. Basic knowledge of working with Azure is recommended.

This course sensitizes security in Big Data environments. You will discover cryptographic principles, mechanisms to manage access controls in your Big Data system. By the end of the course, you will be ready to plan your next Big Data project successfully, ensuring that all security-related issues are under control. You will look at decent-sized big data projects with security-skilled eyes, being able to recognize dangers. This will allow you to improve your systems to a grown and sustainable level. If you are an ICT professional or someone who designs and manages systems in big data environments, this course is for you! Knowledge about Big Data and IT is advantageous, but if you are e.g. a product manager just touching the surface of Big Data and security, this course will suit you as well.

Welcome to course 4 of 5 of this Specialization, Network Security. In this course, we will look at computer networking and securing the network. In today’s world, the internet connects nearly everyone and everything, and this is accomplished through networking. While most see computer networking as a positive, criminals routinely use the internet, and the networking protocols themselves, as weapons and tools to exploit vulnerabilities and for this reason we must do our best to secure the network. We will review the basic components of a network, threats and attacks to the network, and learn how to protect them from attackers. Network security itself can be a specialty career within cybersecurity; however, all information security professionals need to understand how networks operate and are exploited to better secure them. After completing this chapter, the participant will be able to:  Explain the concepts of network security. - Recognize common networking terms and models. - Identify common protocols and ports and their secure counterparts. - Identify types of network (cyber) threats and attacks. - Discuss common tools used to identify and prevent threats. - Identify common data center terminology. - Recognize common cloud service terminology. - Identify secure network design terminology. - Practice the terminology of and review network security concepts. Agenda Course Introduction Module 1: Network Concepts and Models Module 2: Common Network Threats and Attacks Module 3: Network Security Infrastructure Module 4: Network Security Review This training is for IT professionals, career changers, college students, recent college graduates, advanced high school students and recent high school graduates looking to start their path toward cybersecurity leadership by taking the Certified in Cybersecurity entry-level exam. There are no prerequisites to take the training or the exam. It is recommended that candidates have basic Information Technology (IT) knowledge. No work experience in cybersecurity or formal education diploma/degree is required.