This is a self-paced lab that takes place in the Google Cloud console. In this lab you will deploy a new Cloud SQL instance using a customer-managed encryption key (CMEK). You will configure pgAudit to selectively record and track SQL operations performed against that instance, then you will configure and test Cloud SQL IAM database authentication.

Good system management not only requires managing the systems themselves, but requires careful planning to make systems interact with each other, auditing of the systems once the systems are built, and proactive maintenance of all systems. Organizations also rely on organizational policies, such as Acceptable Use Policies to bolster the technical aspect of system management. This course explores many of the behind the scenes requirements of good system management. The first half of the course covers how to build security into system management process and the organization policies necessary for any enterprise to follow. The latter half of the course focuses on auditing and maintenance of systems once they have been designed, and implemented. By the end of the course you should be able to design and construct organizational policies based on a set of requirements, audit a system based on those requirements, and make sure systems adhere technically to the set of requirements.

A growing number of exciting, well-paying jobs in today’s security industry do not require a college degree. This is the final course required to assess your acquired knowledge and skills from from the previous two specializations, IT Fundamentals of Cybersecurity and Security Analyst Fundamentals, to become job-ready for a cybersecurity analyst role. You will be expected to pass a final assessment quiz for each of the seven (7) prior courses within the IBM Cybersecurity Analyst Professional Certificate. Upon successful completion of the quizzes, you will acquire the IBM Cybersecurity Analyst Professional Certificate.

Security operations and administration is the task of identifying an organization's information assets and the documentation needed for policy implementation, standards, procedures, and guidelines to ensure confidentiality, integrity, and availability. You will understand the process necessary for working with management and information owners, custodians, and users so that proper data classifications are defined. This will ensure the proper handling of all hard copy and electronic information. The Security operations and Administration course addresses basic security concepts and the application of those concepts in the day to day operation and administration of enterprise computer systems and the information that they host.Ethical considerations in general, and the (ISC)2 Code of Ethics in particular, provide the backdrop for any discussion of information security and SSCP candidates will be tested on both. Information security professionals often find themselves in positions of trust and must be beyond reproach in every way.Several core principles of information security stand above all others and this domain covers these principles in some depth. It can be said that the CIA triad of confidentiality, integrity and availability forms the basis for almost everything that we do in information security and the SSCP candidate must not only fully understand these principles but be able to apply them in all situations. additional security concepts covered in this domain include privacy, least privilege, non-repudiation and the separation of duties. Course Objectives 1. Define Code of Ethics 2. Describe the security concepts 3. Document and operate security controls 4. Describe the asset management process 5. Implement compliance controls 6. Assess compliance controls 7. Describe the change management process 8. Contribute to the security awareness training program 9. Contribute to physical security operations

NIST SP 800-171 is a cybersecurity framework of 110 controls in 14 families published by the National Institute of Standards and Technology (NIST). This learning path will teach you how to comply with the requirements of NIST 800-171. You will understand what CUI is and how to identify it; what a nonfederal information systems is; how to understand each of the 110 requirements in the framework and satisfy each of them if necessary; how to create a Body of Evidence (BOE) including Organizational Policy or Procedures; a System Security Plan (SSP) and Plans of Action and Milestones (POAM). Upon completion of this course, you will have the knowledge and skills to implement the controls required by the NIST 800-171 framework and build your BOE.

Computer attacks and data breaches are inevitable. It seems like every day a data breach occurs and the victims of the data breach suffer. Their information is stolen or posted online. The company’s or businesses who had the breach go on, learn a little from the attack, and just give credit monitoring out as if nothing happened. What if you could help prevent a data breach in your organization? This is the third course in the Practical Computer Security specialization. This course looks at detection and mitigation of threats and attack vectors and discusses how to use tools and principles to protect information. By the end of the course you should be able to make suggestions on what type of detection and mitigation strategy is right for your systems or business given the known threats and attack vectors. You should be able to discuss what features you want in a firewall, or how cash registers or sensitive data systems should be secured. The project at the end of the course will allow you to apply what you have learned to argue what type of detection and mitigation strategies should have been employed by companies and businesses that have suffered a data breach.

This course is an introduction and an overview to the basic principles of cybersecurity leadership and management. It explores and dissects the correlation between security, trust and stability (STS) and the Confidentiality, Integrity and Availability CIA Triad, while integrating information security governance (ISG) and the McKinsey 7S Change Model as guidance for cybersecurity leadership and management.

In this course, the learner will get a good look at what policies and frameworks do to keep the cybersecurity industry on-mission and formal. Without this area of cybersecurity, cybersecurity would mean too many people doing too many different things that might not even improve security. Learn how you can have a successful career in cybersecurity without ever touching a command line!

This specialization offers the latest developments in blockchain technology through a highly engaging learning experience with animated video components and intuitive course flow to maximize your knowledge retention.

In this 1-hour long project-based course, you will learn how to Learn basic functioning of a web application, Set up your private web Pentesting lab, Learn how to write python script to automatically footprint a web application.