Autoplay
Autocomplete
Previous Lesson
Complete and Continue
Information Security Management Fundamentals for Non-Techies
Section 1: Course Introduction
Welcome to the Course! (0:47)
Why Learn Information Security Management From Me? (2:26)
What This Course Is & What It Isn't (2:50)
Course Curriculum Overview (5:18)
Course Lecture PDFs
Join our Facebook Student Community
Student Exercise: Introduce Yourself
Section 2: Getting Started in Information Security
The Many Areas of Information Security (6:08)
The State of Cybersecurity in 2023 (6:37)
The Most Valuable Beginner IT Security Certifications for 2023 (11:06)
Section 3: Core Information Security Principles
Section Introduction (0:34)
The CIA Triad (4:05)
Authentication, Authorization, and Accounting (AAA) (3:09)
Defense in Depth (3:49)
Least Privilege (1:57)
Non-Repudiation (3:17)
Implicit Deny (2:50)
Legal and Regulatory Issues (7:21)
Information Security Governance (8:06)
Authentication Basics (10:44)
Identify Proofing (3:08)
General Password Rules (8:57)
Information Security Principles Quiz
Section 4: Risk Management
Section Introduction (1:04)
Introduction to Risk Management (18:04)
Risk Management Process (5:40)
Exploring Risks and Threats (6:41)
Quantitative Risk Analysis (8:13)
Attack Surface Analysis (8:28)
Student Exercise: Qualitative Risk Assessment
Risk Management Quiz
Section 5: Asset Management
Section Introduction (0:56)
Identifying and Classifying Assets (5:10)
Understanding the Asset Lifecycle (6:02)
Data Retention (3:46)
Understanding Data States (3:26)
Asset Management Quiz
Section 6: Access Control
Section Introduction (0:51)
Access Control (13:43)
Physical and Logical Access Controls (17:38)
Access Control Models (11:26)
Attribute-Based Access Control (4:37)
Access Control Quiz
Section 7: IT Auditing
Section Introduction (0:47)
Introduction to IT Audits (6:59)
Role of IT Audits (3:35)
Benefits of IT Audits (3:12)
Risk of Not Performing IT Audits (6:56)
IT Audit Process and Phases (5:12)
Audit and Control Objectives (2:38)
Gathering Evidence (2:54)
Documenting and Reporting (2:49)
IT Audit Frameworks (4:24)
Student Activity: Auditing Your Home Network (4:20)
Student Exercise Takeaway: Auditing Your Home Network
IT Auditing Quiz
Section 8: Compliance, Laws and Regulations
Section Introduction (0:50)
What is Compliance? (13:15)
Achieving & Maintaining Compliance (6:45)
Laws, Regulations & Compliance Frameworks (9:50)
Compliance, Laws and Regulations Quiz
Section 9: Security Malware Threats
Section Introduction (1:03)
Buffer Overflows (5:07)
Viruses and Polymorphic Viruses (5:50)
Worms (2:14)
Trojan Horses (1:46)
Logic Bombs (2:21)
Spyware and Adware (3:11)
Ransomware (4:41)
Rootkits (3:27)
Zero Day Attacks (2:10)
Protecting Against Malware (6:36)
Case Study: WannaCry Ransomware Attack
Student Exercise: WannaCry Case Study Analysis
Security Malware Threats Quiz
Section 10: Additional Threats & Vulnerabilities
Section Introduction (0:36)
Social Engineering (12:04)
Social Engineering Phone Impersonation Scenarios Overview (0:29)
Social Engineering Phone Call Impersonation Example #1 (1:21)
Social Engineering Phone Call Impersonation Example #2 (1:37)
Social Engineering Phone Call Impersonation Example #3 (0:42)
Social Engineering Phone Impersonation Scenarios Discussion (3:39)
Email Spam, Spoofing, Phishing, and Pharming (12:54)
Protocol Spoofing (9:05)
Common Attack Methods (10:06)
Student Exercise: Phishing Campaign
Additional Threats & Vulnerabilities Quiz
Section 11: Network Segmentation & Isolation
Section Introduction (1:39)
Introduction to Network Isolation (1:52)
Demilitarized Zone (DMZ) (5:27)
Basic Network Zones (5:04)
Virtual LANs (VLANs) (3:51)
Routers (3:04)
Network Address Translation (NAT) (7:54)
Access Control Lists (ACLs) (4:28)
Network Segmentation & Isolation Quiz
Section 12: Network Security
Section Introduction (0:31)
Virtual Private Networks (7:36)
Firewalls (11:10)
Web Proxy Servers (2:42)
Honeypots (2:23)
Intrusion Detection & Prevention Systems (2:54)
Student Activity: Network Security
Network Security Quiz
Section 13: Wireless Networking Security
Section Introduction (0:51)
Wireless Encryption Standards (2:15)
Wireless Equivalent Privacy (WEP) (3:03)
Wi-Fi Protected Access (WPA) (2:33)
Wi-Fi Protected Access 2 (WPA2) (3:53)
Wi-Fi Protected Access 3 (WPA3) (3:17)
WPA Enterprise vs. Personal Mode (3:15)
Wireless Network Vulnerabilities & Security (12:31)
Common Wireless Security Threats (6:13)
Case Study: TJX Companies Inc. (TJX) WEP Exploit Data Breach
Student Exercise: TJX Case Study Analysis
Wireless Security Quiz
Section 14: Security Assessments and Testing
Section Introduction (1:01)
Open-Source Intelligence (OSINT) (10:12)
Vulnerability Assessments (9:14)
Penetration Testing (12:27)
Exploit Frameworks (4:24)
Interview with a Professional Ethical Hacker Blog Article
Security Assessments (2:56)
Security Assessments and Testing Quiz
Section 15: Security Assessment Tools
Section Introduction (1:23)
Wireshark Network Sniffing (4:30)
Nmap Zenmap Network Scanner (6:18)
Tenable Nessus Vulnerability Scanner (4:38)
Ethical Hacking for Beginners (YouTube Series) (3:09)
Case Study: Equifax Web App Vulnerability
Student Exercise: Equifax Case Study Analysis
Section 16: Hardening End-User Systems and Servers
Section Introduction (0:33)
Hardening End-User Systems (7:46)
Hardening Servers (3:51)
Patch and Change Management (4:46)
Separation of Services (3:03)
Hardening Systems Quiz
Section 17: Introduction to Cryptography
Section Introduction (0:55)
Introduction to Cryptography (5:32)
Symmetric Encryption (8:47)
Asymmetric Encryption (4:30)
Hashing Algorithms (7:13)
Digital Certificates and Certificate Authorities (8:05)
Email Encryption Use Cases (12:17)
Windows Encrypted File System Use Case (6:15)
Revisiting VPN (5:13)
Software versus Hardware-Based Encryption (4:15)
Student Activity: Explore Hashing
Introduction to Cryptography Quiz
Section 18: Incident Response, Disaster Recovery & Business Continuity
Section Introduction (0:57)
Understanding Incidents and Disasters (2:53)
Incident Response (5:50)
Disaster Recovery and Business Continuity (18:43)
Case Study: British Airways IT Failure
Student Exercise: British Airways Case Study Analysis
Incident Response, DRP and BCP Quiz
Section 19: Application Development Security
Section Introduction (1:07)
Importance of IT Security in Application Development (3:50)
Software Development Lifecycle (SDLC) (14:07)
Static and Dynamic Testing (2:57)
Authorization to Operate (ATO) (3:48)
Application Development Security Quiz
Section 20: Introduction to Zero Trust
Section Introduction (0:37)
What is Zero Trust? (4:45)
Tenets of Zero Trust (3:03)
Why Do We Need Zero Trust? (4:01)
Digital Transformation & Zero Trust (4:13)
The NIST Zero Trust Architectural (ZTA) Model (12:19)
The State of Zero Trust (7:14)
Student Activity: Your Organization & Zero Trust
Zero Trust Quiz
Section 21: Personnel Policies
Section Introduction (1:00)
Acceptable Use (2:17)
Code of Ethics (3:22)
Mandatory Vacations (2:38)
Separation of Duties (4:05)
Job Rotation (1:56)
Education and Training (4:33)
Student Activity: Acceptable Use Policy
Personnel Policies Quiz
Section 22: Congratulations!
Congratulations! (0:55)
Buffer Overflows
Lesson content locked
If you're already enrolled,
you'll need to login
.
Enroll in Course to Unlock