Information Security Management Fundamentals for Non-Techies

Learn Information Security, Risk Management, Incident Response, Compliance, Network Security Fundamentals & More

Why Information Security Management Matters

Cyber threats are more advanced and relentless than ever. In 2024, ransomware attacks surged by 84%, phishing incidents exploded by over 1,200%, and the average cost of a data breach jumped to $4.88 million—the largest single-year increase since the COVID pandemic. Organizations are taking an average of 258 days just to detect and contain a breach.

Whether you're a business owner, aspiring IT professional, or someone looking to understand how cybersecurity really works, this comprehensive course gives you the essential foundation you need to protect your organization and advance your career.

A Complete Learning Experience

This isn't just a series of lectures—it's a comprehensive educational program designed specifically for non-technical professionals who need to understand information security management.

16.5 Hours of Expert Instruction: Over 190 video lectures across 23 sections, covering everything from foundational principles to advanced enterprise security concepts.
Hands-On Learning Activities: 21 section quizzes to test your knowledge and 16 student activities to apply what you've learned in practical scenarios.

Real-World Case Studies: Analyze 7 actual security incidents to understand how breaches happen, what went wrong, and how they could have been prevented.
Complete Course Materials: Downloadable PDF versions of all lecture slides, closed captions in 14 languages, and offline viewing capability.

Practical, Not Theoretical: Learn the frameworks, methodologies, and principles that security professionals actually use in enterprise environments.
Always Current: Course is updated annually with the latest threats, technologies, and best practices.
Lifetime Access: Learn at your own pace with permanent access to all materials and future updates.

Comprehensive Curriculum: 23 Sections

This course provides a complete, high-level overview of information security management—designed specifically for beginners and non-technical professionals. You'll gain a solid understanding of how cybersecurity works in real organizations, from risk management and compliance to incident response and Zero Trust architecture.

Foundational Principles & Management

Getting Started in Information Security: Explore the evolving cybersecurity landscape, understand different security roles and career paths, and discover beginner IT security certifications.
Core Information Security Principles: Master essential concepts including the CIA and DAD Triads, the Parkerian Hexad, Authentication/Authorization/Accounting (AAA), Defense in Depth, Least Privilege, and Non-Repudiation.
Risk Management: Understand what risk really means in cybersecurity. Learn the risk management process, risk appetite and tolerance, common threat categories, and both qualitative and quantitative risk analysis methods.
Asset Management: Discover why you can't protect what you don't know you have. Learn how organizations inventory and manage their IT assets as the foundation of security.
Access Control: Explore physical and logical access controls, study key access control models and methodologies (DAC, MAC, RBAC, ABAC), and understand the fundamentals of Privileged Access Management.
IT Auditing: Learn how security auditing works, why it's essential for finding vulnerabilities, and how organizations use audits to maintain and improve their security posture.
Compliance, Laws & Regulations: Understand the legal and regulatory landscape of cybersecurity, including GDPR, HIPAA, PCI DSS, and other frameworks organizations must follow.

Threats, Vulnerabilities & Defense

Security Malware Threats: Identify and understand viruses, worms, trojans, logic bombs, ransomware, zero-day attacks, cryptojacking, fileless malware, and other evolving threats.
Additional Threats & Vulnerabilities: Learn about social engineering attacks, phishing campaigns, email spam, protocol spoofing, ransomware-as-a-service, and Advanced Persistent Threats (APTs).
Network Segmentation & Isolation: Understand how organizations use DMZs, VLANs, routers, and network architecture to compartmentalize and protect critical systems.
Network Security: Explore firewalls, proxy servers, honeypots and honeynets, intrusion detection and prevention systems, and other network defense mechanisms.
Wireless Network Security: Learn about wireless encryption standards (WEP, WPA, WPA2, WPA3), common wireless vulnerabilities, and security measures to protect wireless networks.

Security Assessment & Monitoring

Security Assessments & Testing: Understand vulnerability assessments, penetration testing methodologies, exploit frameworks, and how security testing fits into an organization's security program.
Security Assessment Tools: Get introduced to industry-standard tools including Wireshark for network analysis, Nmap for network discovery, Nessus for vulnerability scanning, and more.
Continuous Monitoring: Learn about endpoint detection and response (EDR), Security Information and Event Management (SIEM) systems, and why continuous monitoring is critical for modern security.
Hardening Client Systems & Servers: Discover how to secure end-user systems and servers through hardening techniques, patch management, change management, and separation of services.
Securing Modern Devices & Systems: Explore security challenges and solutions for IoT devices, mobile systems, virtual machines, and containers.

Advanced Enterprise Security

Introduction to Cryptography: Understand what cryptography is and why it matters. Learn about symmetric and asymmetric encryption, hashing algorithms, digital signatures, and certificate authorities.
Incident Response, Disaster Recovery & Business Continuity: Learn how organizations prepare for, respond to, and recover from security incidents and disasters. Understand the incident response lifecycle and business continuity planning.
Cyber Resiliency: Explore strategies for building resilient systems including geographic dispersal, redundancy, load balancing, power management, backup strategies, and site recovery options.
Application Development Security: Understand the importance of integrating security into the Software Development Lifecycle (SDLC), learn about DevSecOps, and discover how secure coding prevents vulnerabilities.
Introduction to Zero Trust: Discover this modern security architecture that's revolutionizing enterprise security. Learn what Zero Trust is, why organizations need it, and how it works with real-world examples.
Personnel Policies: Understand the human element of security through acceptable use policies, codes of ethics, separation of duties, remote work policies, and security awareness training.

What Students Are Saying

"As someone without a technical background, I found the course content to be highly accessible and tailored to non-techies, which made it a perfect match for my needs. The instructors were adept at demystifying complex concepts, making them easy to understand and applicable to everyday situations."

— James Parker ⭐⭐⭐⭐⭐

"The videos are well organized and very thorough. They teach me these topics as if I have no background in the subjects, and I really appreciate that! I feel like I'm really understanding the lessons. Additionally, each video is pretty short and digestible, so I don't feel mentally drained after each lecture."

— Angel Dees ⭐⭐⭐⭐⭐

"Excellent introductory course. It is broad enough to give you a real essential overview of cybersecurity but detailed enough that it's not superficial. Instructor is fantastic - very clear, very easy to understand and has a very pleasant speaking voice which is very nice too. I've done a lot of online self-paced courses and a nice easy to understand instructor helps with your overall learning when you're trying to absorb a lot of complex or (in my case) new content."

— Rosa Cortez ⭐⭐⭐⭐⭐

Course curriculum

1. Section Introduction
  FREE PREVIEW
2. The CIA & DAD Triads
  FREE PREVIEW
3. The Parkerian Hexad
  FREE PREVIEW
4. Authentication, Authorization, and Accounting (AAA)
  FREE PREVIEW
5. Defense in Depth
6. Least Privilege
7. Non-Repudiation
8. Implicit Deny
9. Legal and Regulatory Issues
10. Information Security Governance
11. Authentication Basics
12. Identify Proofing
13. General Password Rules
14. Modern Password Guidelines
15. Case Study: Netflix's Calculated Risk for Cloud Success
16. Student Activity: Netflix Case Study Analysis
17. Information Security Principles Quiz
1. Section Introduction
2. What is a Risk?
3. What is an Issue?
4. Introduction to Risk Management
5. Risk Management Process
6. Who Uses Risk Management?
7. The Role of Risk Appetite & Tolerance
8. Exploring Risks and Threats
9. Common Risk Categories
10. Identifying IT Risks
11. Quantitative Risk Analysis
12. Attack Surface Analysis
13. Student Activity: Qualitative Risk Assessment
14. Risk Management Quiz
1. Section Introduction
2. Identifying and Classifying Assets
3. Emerging Modern Asset Types Reference List
4. Understanding the Asset Lifecycle
5. Data Retention
6. Understanding Data States
7. Asset Management Quiz
1. Section Introduction
2. Access Control
3. Physical and Logical Access Controls
4. Access Control Models
5. Attribute-Based Access Controls (ABAC)
6. Modern Authentication Methods
7. Privileged Access Fundamentals
8. Student Activity: Analyzing Your Organization's Access Control
9. Access Control Quiz
1. Section Introduction
2. Introduction to IT Audits
3. Role of IT Audits
4. Benefits of IT Audits
5. Risk of Not Performing IT Audits
6. IT Audit Process and Phases
7. Audit and Control Objectives
8. Gathering Evidence
9. Documenting and Reporting
10. IT Audit Frameworks
11. Student Activity: Auditing Your Home Network
12. Student Activity Takeaway: Auditing Your Home Network
13. IT Auditing Quiz
  FREE PREVIEW
1. Section Introduction
2. What is Compliance?
3. Achieving & Maintaining Compliance
4. Laws, Regulations & Compliance Frameworks
5. Compliance, Laws and Regulations Quiz
1. Section Introduction
2. Buffer Overflows
3. Viruses and Polymorphic Viruses
4. Worms
5. Trojan Horses
6. Logic Bombs
7. Spyware and Adware
8. Ransomeware
9. Rootkits
10. Zero Day Attacks
11. Mobile Malware
12. Cryptojacking
13. Fileless Malware
14. AI-Enhanced Malware
15. Protecting Against Malware
16. Case Study: WannaCry Ransomware Attack
17. Student Activity: WannaCry Case Study Analysis
18. Security Malware Threats Quiz
1. Section Introduction
2. Social Engineering
3. Social Engineering Phone Impersonation Scenarios Overview
4. Social Engineering Phone Call Impersonation Example #1
5. Social Engineering Phone Call Impersonation Example #2
6. Social Engineering Phone Call Impersonation Example #3
7. Social Engineering Phone Impersonation Scenarios Discussion
8. Email Spam, Spoofing, Phishing, and Pharming
9. Modern Phishing Techniques
10. Insider Threats
11. Protocol Spoofing
12. Common Attack Methods
13. Ransomware-as-a-Service (RaaS)
14. Advanced Persistent Threats (APTs)
15. AI-Enabled Threats
16. Supply Chain Risks
17. Case Study: AI-Powered DDoS Attack on Lloyds Banking Group
18. Student Activity: Lloyds Banking Group Case Study Analysis
19. Additional Threats & Vulnerabilities Quiz
1. Section Introduction
2. Introduction to Network Isolation
3. Demilitarized Zone (DMZ)
4. Basic Network Zones
5. Virtual LANs (VLANs)
6. Routers
7. Network Address Translation (NAT)
8. Access Control Lists (ACLs)
9. Network Segmentation & Isolation Quiz
1. Section Introduction
2. Virtual Private Networks
3. Firewalls
4. Web Proxy Servers
5. Honeypots
6. Honeynets
7. Intrusion Detection & Prevention Systems
8. Student Activity: Network Security
9. Network Security Quiz
1. Section Introduction
2. Wireless Encryption Standards
3. Wireless Equivalent Privacy (WEP)
4. Wi-Fi Protected Access (WPA)
5. Wi-Fi Protected Access 2 (WPA2)
6. Wi-Fi Protected Access 3 (WPA3)
7. WPA Enterprise vs. Personal Mode
8. Wireless Network Vulnerabilities & Security
9. Common Wireless Security Threats
10. Case Study: TJX Companies Inc. (TJX) WEP Exploit Data Breach
11. Student Activity: TJX Case Study Analysis
12. Wireless Security Quiz
1. Section Introduction
2. Open-Source Intelligence (OSINT)
3. Vulnerability Assessments
4. Penetration Testing
5. Exploit Frameworks
6. Interview with a Professional Ethical Hacker Blog Article
7. Security Assessments
8. Red vs Blue Team Exercises in the Workplace
9. Security Assessments and Testing Quiz
1. Section Introduction
2. Wireshark Network Sniffing
3. Nmap Zenmap Network Scanner
4. Tenable Nessus Vulnerability Scanner
5. Ethical Hacking for Beginners (YouTube Series)
6. Case Study: Equifax Web App Vulnerability
7. Student Activity: Equifax Case Study Analysis
1. Section Introduction
2. Introduction to Continuous Monitoring
3. Endpoint Detection and Response (EDR)
4. Security Information and Event Management (SIEM)
5. Security Orchestration, Automation, and Response (SOAR)
6. Case Study: Target Data Breach - When Alerts Go Unheeded
7. Student Activity: Target Case Study Analysis
8. Continuous Monitoring Quiz
1. Section Introduction
2. Hardening End-User Systems
3. Hardening Servers
4. Patch and Change Management
5. Separation of Services
6. Hardening Systems Quiz
1. Section Introduction
2. Bring Your Own Device (BYOD) Security
3. Mobile Device Hardening
4. IoT Device Security
5. Virtual Machine (VM) Security
6. Container Security
7. Automated Security Configuration Management
8. Securing Modern Devices & Systems Quiz
1. Section Introduction
2. Introduction to Cryptography
3. Symmetric Encryption
4. Asymmetric Encryption
5. Hashing Algorithms
6. Digital Certificates and Certificate Authorities
7. Email Encryption Use Cases
8. Windows Encrypted File System Use Case
9. Revisiting VPN
10. Software versus Hardware-Based Encryption
11. Quantum Computing and Post-Quantum Cryptography
12. Student Activity: Explore Hashing
13. Introduction to Cryptography Quiz
1. Section Introduction
2. Understanding Incidents and Disasters
3. Incident Response
4. Disaster Recovery and Business Continuity
5. Case Study: British Airways IT Failure
6. Student Activity: British Airways Case Study Analysis
7. Incident Response, DRP and BCP Quiz
1. Section Introduction
2. Introduction to Cyber Resiliency
3. Geographic Dispersal & Redundancy
4. Load Balancing Basics
5. Power Management & Uninterruptible Power Supply (UPS)
6. Backup Strategies & Types
7. Site Recovery Options
8. Student Activity: Cyber Resiliency Planning
9. Cyber Resiliency Quiz
1. Section Introduction
2. Importance of IT Security in Application Development
3. Software Development Lifecycle (SDLC)
4. DevSecOps
5. Static and Dynamic Testing
6. Authorization to Operate (ATO)
7. Application Development Security Quiz
1. Section Introduction
2. What is Zero Trust?
3. Tenets of Zero Trust
4. Why Do We Need Zero Trust?
5. Digital Transformation & Zero Trust
6. The NIST Zero Trust Architectural (ZTA) Model
7. VPN-Less Implementation ZTA Use Case
8. Real-Life ZTA Example
9. Student Activity: Your Organization & Zero Trust
10. Zero Trust Quiz
1. Section Introduction
2. Acceptable Use
3. Code of Ethics
4. Mandatory Vacations
5. Separation of Duties
6. Job Rotation
7. Education and Training
8. Remote Work
9. Student Activity: Acceptable Use Policy
10. Personnel Policies Quiz
1. Congratulations

About this course

$99.95
236 lessons
16.5 hours of video content

Your Instructor & Learning Approach

About Alton Hardin

Alton is the founder of Alton Teaches LLC and a former college professor. He spent 12 years as a cybersecurity specialist at the U.S. Department of the Treasury, working in governance, risk, and compliance. He holds an MBA in Information Assurance and Security Management and multiple certifications, including CISSP, Security+, and Network+.

250,000+ students taught across cybersecurity and IT courses. 90,000+ copies sold of his bestselling books. 19 courses published as a Udemy Instructor Partner with seven best-selling and highest-rated courses.

Designed for Non-Technical Professionals

This course takes a unique approach: it's comprehensive yet accessible, technical yet understandable, thorough yet not overwhelming. Here's what makes it different:

High-Level Overview, Not How-To: You won't learn to hack systems or configure firewalls. Instead, you'll understand how security professionals think, what frameworks they use, and why certain decisions are made.
10,000-Foot Perspective: Perfect for business owners, managers, aspiring IT professionals, and anyone who needs to understand cybersecurity without getting lost in technical weeds.

Balanced Approach: Comprehensive coverage of essential topics while maintaining clarity. Every section is designed to be thorough without being overly complex.
Real-World Context: Learn through case studies, practical examples, and scenarios that show how security concepts apply in actual organizations.

Trusted by Professionals

"As a Cybersecurity professional for the DoD, this is a great refresher course for anyone that requires it."

— Eric Trimble ⭐⭐⭐⭐⭐

"I would recommend this course even to experienced IT person as this is the fundamental and in my view cover all of the security. An exceptional well-structured course. After completing this course, I am determined to continue to study/reading on Security for knowledge purposes. This course is definitely going to aid me in my position as Project Manager. Thank so much."

— Harry ⭐⭐⭐⭐⭐

"The break down of the information is very insightful, and the real world example give further root to how the information can be applied. The downloadable resources allow me to print and make my own notes as well."

— Anthony Stewart ⭐⭐⭐⭐⭐

Ready to Build Your Cybersecurity Foundation?

Join 71,500+ students in Udemy's #1 Data and Information Management course. 16.5 hours of comprehensive training with 21 quizzes, 16 activities, 7 case studies, lifetime access, 14-day money-back guarantee.

Enroll Now

Common Questions

Who is this course for?

This course is designed for business owners, managers, aspiring IT professionals, project managers, and anyone who needs to understand cybersecurity from a management and strategic perspective. No technical background required—everything is explained from the ground up.

Is this a hands-on technical course?

No. This is not an ethical hacking course, penetration testing boot camp, or network security configuration course. You won't learn how to hack systems or configure firewalls. Instead, you'll gain a comprehensive understanding of information security management principles, frameworks, and best practices—the knowledge you need to make informed security decisions and communicate effectively with technical teams.

Do I need any IT experience or certifications?

No prerequisites required. This course is specifically designed for non-technical professionals. If you can use a computer, you can take this course and understand the material.

How long will it take to complete?

The course contains 16.5 hours of video content across 190+ lectures. Most students complete it in 3-6 weeks, but you have lifetime access so you can learn at your own pace. Each video is relatively short (5-15 minutes) so you can fit learning into your schedule.

What's included with enrollment?

You get 16.5 hours of video lectures, 21 section quizzes, 16 student activities, 7 case studies, downloadable PDF versions of all slides, closed captions in 14 languages, and lifetime access to all materials including future updates.

Will this prepare me for cybersecurity certifications?

This course provides an excellent foundation for understanding cybersecurity concepts and will help you understand what's covered in certifications like Security+, CISSP, or CISM. However, you'll need additional certification-specific study materials to pass those exams. Think of this course as your comprehensive introduction that prepares you to pursue more specialized certifications.

Is the course kept up to date?

Yes. This course is updated annually with the latest threats, technologies, statistics, and best practices. The 2024 update included current breach costs, ransomware statistics, and emerging threats like AI-powered attacks.

What if I'm not satisfied?

We offer a 100% satisfaction guarantee. If you are unsatisfied with your purchase, you may request a refund within 14 days of the original purchase date.

A Complete Learning Experience

Foundational Principles & Management

Threats, Vulnerabilities & Defense

Security Assessment & Monitoring

Advanced Enterprise Security

Course Introduction

Getting Started in Information Security

Core Information Security Principles

Risk Management

Asset Management

Access Control

IT Auditing

Compliance, Laws and Regulations

Security Malware Threats

Additional Threats & Vulnerabilities

Network Segmentation & Isolation

Network Security

Wireless Networking Security

Security Assessments and Testing

Security Assessment Tools

Continuous Monitoring

Hardening End-User Systems and Servers

Securing Modern Devices & Systems

Introduction to Cryptography

Incident Response, Disaster Recovery & Business Continuity

Cyber Resiliency

Application Development Security

Introduction to Zero Trust

Personnel Policies

Congratulations!