Learn your way! Get started

CISSP Certified Information Systems Security Professional

with expert Kevin Henry


Course at a glance


Release date 3/16/2018
Level
eBooks / courseware N/A
Hands-on labs N/A
Sample code N/A
Exams Included


Enterprise Solutions

Need reporting, custom learning tracks, or SCORM? Learn More



Course description

The Certified Information Systems Security Professional (CISSP) demonstrates a globally recognized standard of competence which covers critical topics in security today, including cloud computing, mobile security, application development security, risk management and more. The CISSP draws from a comprehensive, up-to-date, global common body of knowledge that ensures security leaders have a deep knowledge and understanding of new threats, technologies, regulations, standards, and practices. This course is a brief Overview

Prerequisites

None

Meet the expert

Kevin Henry Kevin is an international author, consultant and international speaker. He is the official course development writer for ISC2 CISSP, ISACA CRISC and mile2’s C)ISSO. Kevin has been educating IT professionals for over 30 years. He also provides cyber security consulting and support services for organizations around the world. Assisting them with setting up Information Security programs and addressing areas ranging from in-depth risk analysis to policy creation and security awareness.


Course outline



Risk Assessment

Risk Definitions (19:15)
  • Introduction (00:14)
  • Risk Management Flow (05:41)
  • Risk Definitions (00:55)
  • What Is the Value of an Asset (00:55)
  • What Is a Threat Source/Agent (01:25)
  • What Is a Threat (00:48)
  • What Is a Vulnerability (00:42)
  • Examples of Non-Obvious Vulnerabilties (02:12)
  • What Is a Control (01:27)
  • What is Likelihood (02:45)
  • What Is Impact (01:01)
  • Control Effectiveness (00:55)
  • Summary (00:08)
Risk Management (09:53)
  • Introduction (00:11)
  • Agenda (00:12)
  • Risk Management (04:44)
  • Risk Response and Monitoring (01:44)
  • Purpose of Risk Management (02:52)
  • Summary (00:08)
Risk Assessment (19:15)
  • Introduction (00:13)
  • Risk Assessment (04:42)
  • Why Is Risk Assessment Difficult (02:27)
  • Different Approaches to Analysis (01:16)
  • Quantitative Analysis (01:52)
  • Threat Analysis and Annual Loss Expectency (00:44)
  • Quantitative Analysis Continued (01:18)
  • ALE Value Uses (00:29)
  • Qualitative Analysis: Likelihood (01:32)
  • Qualitative Analysis - Impact (00:33)
  • Qualitative Analysis - Risk Level (00:52)
  • Qualitative Analysis Steps (03:04)
  • Summary (00:08)
Responding to Risk (08:54)
  • Introduction (00:14)
  • Completion of Risk Assessment (00:22)
  • Risk Response (01:11)
  • Management's Response to Identified Risks (06:57)
  • Summary (00:08)

Introduction to Security

Understanding Security (12:00)
  • Introduction (00:05)
  • What Is Information Security (01:37)
  • What Is Information Security Continued (01:26)
  • The Information Security Triad (06:47)
  • Understanding the Business (01:55)
  • Summary (00:08)
Security Controls (20:57)
  • Introduction (00:50)
  • Setting up a Security Program (03:48)
  • Enterprise Security Program (02:47)
  • Building a Foundation (01:49)
  • Planning Horizon Components (02:14)
  • Enterprise Security: The Business Requirements (01:22)
  • Enterprise Security Program Components (01:28)
  • Control Types (01:35)
  • "Soft" Controls (01:05)
  • Technical or Logical Controls (00:14)
  • Physical Controls (00:29)
  • Roadmap to Maturity (01:23)
  • Program Monitoring (01:39)
  • Summary (00:08)
Roles and Responsibilities (13:07)
  • Introduction (00:15)
  • Senior Management's Role in Security (02:54)
  • Security Roles and Responsibilities (04:41)
  • Roles and Responsibilties (01:40)
  • Agenda (00:05)
  • Security Program Components (00:46)
  • Information Security Policy (01:18)
  • Security Policy Review (00:31)
  • Implementing Policy (00:43)
  • Summary (00:08)
Human Resources (11:21)
  • Introduction (00:08)
  • Agenda (00:11)
  • Security and the Human Factors (00:29)
  • Employee Management (00:46)
  • Human Resources Issues (01:42)
  • Importance to Security (00:36)
  • Recruitment Issues (00:23)
  • Termination of Employment (01:09)
  • Human Resources Practices (01:21)
  • Types of Training (01:04)
  • Quality Training (00:35)
  • Informing Employees About Security (01:06)
  • Enforcement (00:41)
  • Security Enforcement Issues (00:41)
  • Summary (00:13)
  • Summary (00:08)

Authentication

Access Control Methodology (12:54)
  • Introduction (01:01)
  • Access Control Administration (01:44)
  • Accountability and Access Control (01:20)
  • Trusted Path (00:58)
  • Who Are You? (01:04)
  • Authentication Mechanism (00:34)
  • Strong Authentication (00:27)
  • Authorization (04:01)
  • Access Criteria (00:36)
  • Fraud Controls and Access Control Mechanisms (00:57)
  • Summary (00:08)
Biometrics and Passwords (24:31)
  • Introduction (00:06)
  • Biometric Technology (01:24)
  • Biometrics Enrollment Process (00:50)
  • Downfalls to Biometric Use (00:45)
  • Biometrics Error Types (02:00)
  • Biometrics Diagram (02:31)
  • Biometric System Types (02:14)
  • Agenda (00:10)
  • Passwords and PINs (01:05)
  • Password Shoulds (02:33)
  • Password Attacks (01:45)
  • Countermeasures for Password Cracking (01:52)
  • Cognitive Password (00:47)
  • One-Time Password Authentication (01:21)
  • Agenda (00:04)
  • Synchronous Token (01:07)
  • Asynchronous Token Device (00:16)
  • Cryptographic Keys (00:29)
  • Passphrase Authentication (00:37)
  • Memory Cards and Smart Cards (02:18)
  • Summary (00:08)
Single Sign-on (14:42)
  • Introduction (00:31)
  • Single Sign-on Technology (01:29)
  • Different Technologies (01:22)
  • Scripts and Directory Services (00:51)
  • Thin Clients (00:36)
  • Kerberos as a Single Sign-on Technology (00:20)
  • Tickets (01:04)
  • Kerberos Components Working Together (01:14)
  • Major Components of Kerberos (01:13)
  • Kerberos Authentication Steps (01:47)
  • Purpose of Kerberos (00:37)
  • Issues Pertaining to Kerberos (01:55)
  • SESAME as a Single Sign-on Technology (00:54)
  • Federated Authentication (00:34)
  • Summary (00:08)
Intrusion Detection Systems (09:06)
  • Introduction (00:23)
  • Host-Based IDS (01:22)
  • Network-Based IDS Sensors (00:42)
  • Types of IDSs (02:11)
  • Behavior-Based IDS (00:39)
  • IDS Response Mechanisms (00:42)
  • IDS Issues (01:32)
  • Trapping an Intruder (00:52)
  • Summary (00:30)
  • Summary (00:08)

Access Control

Access Control Types (20:33)
  • Introduction (00:08)
  • Role of Access Control (03:12)
  • Definitions (03:13)
  • More Definitions (02:26)
  • Layers of Access Control (02:14)
  • Layers of Access Control Continued (01:37)
  • Access Control Mechanism Examples (01:41)
  • Access Control Characteristics (05:50)
  • Summary (00:08)
More Access Control Types (21:27)
  • Introduction (00:08)
  • Preventative Control Types (03:50)
  • Administrative Controls (01:02)
  • Controlling Access (01:58)
  • Other Ways of Controlling Access (01:52)
  • Technical Access Controls (03:08)
  • Physical Access Controls (01:05)
  • Accountability (01:25)
  • Threats to Access Control (05:47)
  • Control Combinations (01:00)
  • Summary (00:08)
Information Classification (07:39)
  • Introduction (00:16)
  • Information Classification (03:24)
  • Information Classification Criteria (00:50)
  • Declassifying Data (01:43)
  • Types of Classification Levels (01:15)
  • Summary (00:08)
Access Control Models (29:24)
  • Introduction (00:07)
  • Models for Access (01:47)
  • Discretionary Access Control (02:47)
  • Enforcing a DAC Policy (01:28)
  • Mandatory Access Control Model (02:48)
  • MAC Enforcement Mechanism: Labels (01:06)
  • Where Are They Used? (00:36)
  • Role-Based Access Control (01:44)
  • Acquiring Rights and Permissions (00:46)
  • Rule-Based Access Control (00:35)
  • Access Control Matrix (02:22)
  • Access Control Administration (02:00)
  • Access Control Methods (02:06)
  • Network Access Control (01:46)
  • Policy on Network Services (01:38)
  • Remote Centralized Administration (00:23)
  • RADIUS Charcteristics (01:45)
  • TACACS+ Characteristics (00:49)
  • Diameter Characteristics (00:37)
  • Decentralized Access Control Administration (01:12)
  • Summary (00:43)
  • Summary (00:08)

Computer Security Models

Trusted Computing Base (07:49)
  • Introduction (00:07)
  • System Protection: Trusted Computing Base (02:43)
  • System Protection: Reference Monitor (02:40)
  • Security Kernel Requirements (02:09)
  • Summary (00:08)
Protection Mechanisms (12:25)
  • Introduction (00:10)
  • Security Modes of Operation (01:50)
  • System Protection: Levels of Trust (01:41)
  • System Protection: Process Isolation (02:20)
  • System Protection: Layering (01:32)
  • System Protection: Application Program Interface (01:17)
  • System Protection: Protection Rings (02:18)
  • What Does It Mean to Be in a Specific Ring (01:06)
  • Summary (00:08)
Security Models (21:50)
  • Introduction (00:12)
  • Security Models (02:55)
  • Security Models Continued (01:05)
  • State Machine (01:28)
  • Information Flow (00:56)
  • Bell-LaPadula (02:26)
  • Rules of Bell-LaPadula (01:44)
  • Biba (02:12)
  • Clark-Wilson Model (03:08)
  • Non-Interference Model (02:46)
  • Brewer and Nash: Chinese Wall (01:49)
  • Take-Grant Model (00:54)
  • Summary (00:08)
Evaluation Criteria (19:37)
  • Introduction (00:24)
  • Trusted Computer System Evaluation Criteria (03:41)
  • TCSEC Rating Breakdown (01:11)
  • Evaluation Criteria: ITSEC (02:53)
  • Comparison of Ratings (00:25)
  • ITSEC: Good and Bad (00:53)
  • Common Criteria (00:54)
  • Common Criteria Components (03:16)
  • First Set of Requirements (00:52)
  • Second Set of Requirements (00:25)
  • Package Ratings (00:36)
  • Common Criteria Outline (01:01)
  • Certification vs. Accreditation (01:44)
  • Summary (01:07)
  • Summary (00:08)

Operations Security

Admin Responsibilities (31:38)
  • Introduction (00:27)
  • Operations Issues (01:22)
  • Role of Operations (01:22)
  • Administrator Access (01:42)
  • Computer Operations: System Administrators (03:12)
  • Security Administrator (01:57)
  • Operational Assurance (00:50)
  • Audit and Compliance (01:50)
  • Some Threats to Computer Operations (04:02)
  • Specific Operations Tasks (00:48)
  • Agenda (00:08)
  • Product Implementation Concerns (02:10)
  • Logs and Monitoring (01:15)
  • Records Management (01:17)
  • Change Control (01:40)
  • Resource Protection (02:00)
  • Contingency Planning (01:53)
  • System Controls (00:36)
  • Trusted Recovery (02:48)
  • Summary (00:08)
Redundancy and Fault Tolerance (13:17)
  • Introduction (00:15)
  • Fault-Tolerance Mechanisms (01:59)
  • Duplexing, Mirroring, And Checkpointing (01:24)
  • Redundant Array of Independent Disks (03:30)
  • Fault Tolerance (00:44)
  • Redundancy Mechanism (01:11)
  • Backups (01:28)
  • Backup Types (02:34)
  • Summary (00:08)
Operational Issues (15:43)
  • Introduction (00:08)
  • Remote Access (00:42)
  • Facsimilie Security (00:48)
  • Email Security (00:44)
  • Before Carrying out Vulnerability Testing (02:02)
  • Vulnerability Assessments (02:18)
  • Methology (03:22)
  • Penetration Testing (01:02)
  • Ethical Hacking (01:02)
  • Hack and Attack Strategies (02:06)
  • Protection Mechanism: Honeypot (01:16)
  • Summary (00:08)
Threats to Operations (09:32)
  • Introduction (00:08)
  • Threats to Operations (01:55)
  • Data Leakage: Social Engineering (00:59)
  • Data Leakage - Object Reuse (00:27)
  • Object Reuse (01:49)
  • Why Not Just Delete the File or Format the Disk (00:31)
  • Data Leakage: Keystroke Logging (00:29)
  • Data Leakage: Emanation (00:47)
  • Controlling Data Leakage: TEMPEST (00:34)
  • Controlling Data Leakage: Control Zone (00:23)
  • Controlling Data Leakage: White Noise (00:23)
  • Summary (00:53)
  • Summary (00:08)

Symmetric Cryptography and Hashing

Cryptography Terms (06:24)
  • Introduction (00:06)
  • Cryptography Objectives (01:14)
  • Cryptographic Definitions (01:28)
  • A Few More Definitions (02:12)
  • Some More Definitions (00:47)
  • Symmetric Cryptography: Use of Secret Keys (00:28)
  • Summary (00:08)
Historical Uses of Cryptography (13:02)
  • Introduction (00:27)
  • Cryptography Uses Yesterday and Today (02:17)
  • Historical Uses of Symmetric Cryptography (01:44)
  • Scytale Cipher (00:38)
  • Substitution Cipher (00:25)
  • Caesar Cipher Example (01:14)
  • Vigenere Cipher (00:30)
  • Polyalphabetic Substitution and Vigenere Example (01:36)
  • Enigma Machine (01:12)
  • Vernam Cipher (01:14)
  • Running Key and Concealment (01:32)
  • Summary (00:08)
Cryptography Foundations (14:03)
  • Introduction (00:05)
  • One-Time Pad Characteristics (01:21)
  • Binary Mathmatical Fuction (00:59)
  • Key and Algorithm Relationship (01:49)
  • 128-Bit Keys vs. 64-Bit Keys (02:33)
  • Breaking Cryptosystems: Brute Force (00:49)
  • Breaking Cryptosystems: Frequency Analysis (00:51)
  • Determining Strength in a Cryptosystem (02:52)
  • Characteristics of Strong Algorithms (01:46)
  • Open or Closed (00:46)
  • Summary (00:08)
Modern Cryptography (16:26)
  • Introduction (00:23)
  • Types of Ciphers Used Today (00:43)
  • Encryption/Decryption Methods (00:46)
  • Symmetric Ciphers: Block Cipher (01:32)
  • S-Boxes Used in Block Ciphers (00:55)
  • Symmetric Ciphers: Stream Cipher (02:35)
  • Encryption Process and Symmetric Characteristics (01:16)
  • Strength of a Stream Cipher (02:01)
  • Let's Dive in Deeper (01:04)
  • Symmetric Key Cryptography (04:45)
  • Symmetric Key Management Issue (00:14)
  • Summary (00:08)
Symmetric Algorithms (27:39)
  • Introduction (00:06)
  • Symmetric Algorithms Examples (01:21)
  • Symmetric Downfalls (01:01)
  • Secret vs. Session Keys (01:31)
  • Symmetric Algorithms: DES (02:30)
  • Evolution of DES (02:30)
  • Block Cipher Modes: CBC (01:21)
  • Block Cipher Modes: ECB, CFB, and OFB (01:34)
  • Symmetric Ciphers: AES (01:10)
  • Other Symmetric Algorithms (01:26)
  • Agenda (00:06)
  • MAC- Sender (00:04)
  • Hashing Algorithms (01:53)
  • Protecting the Integrity of Data (01:56)
  • Data Integrity Mechanisms (00:48)
  • Weakness in Using Only Hash Algorithms (00:44)
  • More Protection in Data Integrity (01:58)
  • Security Issues in Hashing (02:36)
  • Birthday Attack (01:55)
  • Summary (00:52)
  • Summary (00:08)

Asymmetric Cryptography and PKI

Asymmetric Cryptography (30:59)
  • Introduction (00:15)
  • Asymmetric Cryptography (01:38)
  • Public Key Cryptography Advantages (03:54)
  • Asymmetric Algorithm Disadvantages (01:18)
  • Symmetric vs. Asymmetric (04:00)
  • Asymmetric Algorithms (02:11)
  • Asymmetric Algorithm: Diffie-Hellman (01:30)
  • Asymmetric Algorithms: RSA (01:40)
  • Asymmetric Algorithms: El Gamal and ECC (00:43)
  • Example of Hybrid Cryptography (02:31)
  • When to Use Which Key (02:05)
  • Using the Algorithm Types Together (01:09)
  • Digital Signatures (03:01)
  • Digital Signature and MAC Comparison (01:14)
  • What if You Need All of the Services? (02:14)
  • U.S. Government Standard (01:21)
  • Summary (00:08)
Public Key Infrastructure (14:15)
  • Introduction (00:06)
  • Why Do We Need a PKI (00:00)
  • Environment (01:06)
  • PKI and Its Components (03:11)
  • CA and RA Roles (01:08)
  • Let's Walk Through an Example (02:05)
  • Digital Certificates (00:49)
  • What Do You Do with a Certificate? (03:46)
  • Components of PKI: Repository and CRLs (01:53)
  • Summary (00:08)
Cryptography and Attacks (44:01)
  • Introduction (00:28)
  • Cryptography and Attacks (00:00)
  • Steganography (03:26)
  • Key Management (04:50)
  • Link vs. End-to-End Encryption (02:16)
  • End-to-End Encryption (00:36)
  • Email Standards (02:37)
  • Secure Protocols (01:47)
  • SSL and the OSI Model (03:00)
  • SSL Connection Setup (02:50)
  • Secure Email Standard (01:01)
  • SSH Security Protocol (01:04)
  • Network Layer Protection (01:23)
  • IPSec Key Management (01:20)
  • Key Issues Within IPSec (00:45)
  • IPSec Handshaking Process (02:14)
  • SAs in Use (01:49)
  • IPSec Is a Suite of Protocols (01:26)
  • IPSec Modes of Operation (05:08)
  • Attacks on Cryptosystems (03:16)
  • More Attacks (01:49)
  • Summary (00:37)
  • Summary (00:08)

Network Connections

Network Communications Security (11:30)
  • Introduction (00:07)
  • Network Security Issues (01:49)
  • Network and Communications Security (01:38)
  • Communications Security (00:40)
  • Network Security Methods (04:00)
  • Network-Based Security Problems (03:06)
  • Summary (00:08)
Network Topologies (31:59)
  • Introduction (00:14)
  • Network Topologies: Physical Layer (00:49)
  • Topology Type: Bus (01:42)
  • Topology Type: Ring (01:55)
  • Topology Type: Star (01:07)
  • Network Topologies: Mesh (02:07)
  • Summary of Topologies (01:48)
  • LAN Media Access Technologies (06:18)
  • One Goal of Media Access Technologies (01:58)
  • Transmission Types: Analog and Digital (01:57)
  • Transmission Types: Synchronous and Asynchronous (05:45)
  • Two Types of Carrier Sense Multiple Access (01:20)
  • Transmission Types: Number of Receivers (01:05)
  • Media Access Technologies: Ethernet (01:55)
  • Media Access Technologies: Token Passing (01:00)
  • Media Access Technologies: Polling (00:42)
  • Summary (00:08)
Network Technologies and Cabling (45:15)
  • Introduction (00:08)
  • Cabling (03:40)
  • Cabling Types: Coaxial (01:10)
  • Cabling Types: Twisted Pair (02:35)
  • Cabling Issues: Plenium-Rated (00:59)
  • Types of Networks (02:37)
  • Network Technologies (03:12)
  • Network Configurations (01:53)
  • MAN Technologies: SONET (02:13)
  • Wide Area Network Technologies (02:27)
  • WAN Technologies Are Circuit or Packet Switched (02:35)
  • Cicuit Switching (02:01)
  • WAN Technologies: ISDN (03:18)
  • ISDN Service Types (02:03)
  • WAN Technologies: DSL (01:54)
  • WAN Technologies: Cable Modem (01:34)
  • Packet Switching (01:15)
  • WAN Technologies: Packet Switched (01:00)
  • Packet Switched Networks (01:52)
  • WAN Technologies: X.25 (00:42)
  • WAN Technologies: Frame Relay (01:28)
  • WAN Technologies: ATM (01:24)
  • Multiplexing (01:40)
  • Permanent Virtual Circuits (01:17)
  • Summary (00:08)

Network Protocols and Devices

OSI Model (31:18)
  • Introduction (00:09)
  • OSI Model (03:18)
  • An Older Model (03:16)
  • Data Encapsulation (04:18)
  • OSI: Application Layer (01:16)
  • OSI: Presentation Layer (01:44)
  • OSI: Session Layer (03:02)
  • OSI: Transport Layer (04:28)
  • OSI: Network Layer (02:57)
  • OSI: Data Link Layer (03:44)
  • OSI: Physical Layer (01:25)
  • Protocols at Each Layer (01:26)
  • Summary (00:08)
Network Devices (16:22)
  • Introduction (00:09)
  • Devices Work at Different Layers (04:24)
  • Networking Devices (00:07)
  • Repeater (00:54)
  • Hub (01:31)
  • Bridge (00:54)
  • Switch (02:06)
  • Virtual LAN (01:11)
  • Router (03:36)
  • Gateway (01:18)
  • Summary (00:08)
Network Security Sentries (26:34)
  • Introduction (00:17)
  • Bastion Host (01:49)
  • Firewalls (05:18)
  • Firewall: First Line of Defense (00:52)
  • Firewall Types: Packet Filtering (00:35)
  • Firewall Types: Proxy Firewalls (01:25)
  • Firewall Types: Circuit-Level Proxy Firewall (00:34)
  • Type of Circuit-Level Proxy: SOCKS (00:25)
  • Firewall Types: Application-Layer Proxy (01:02)
  • Firewall Types: Stateful (01:19)
  • Firewall Types: Dymanic Packet-Filtering (00:34)
  • Firewall Types: Kernel Proxies (00:40)
  • Firewall Placement (01:13)
  • Firewall Architecture Types: Screened Host (00:41)
  • Firewall Architecture Types: Multi- or Dual-Homed (00:40)
  • Firewall Architecture Types: Screened Subnet (00:57)
  • IDS: Second Line of Defense (01:32)
  • IPS Last Line of Defense (00:46)
  • HIPS (01:56)
  • Unified Threat Management (02:13)
  • UTM Product Criteria (01:28)
  • Summary (00:08)
Protocols and Services (17:25)
  • Introduction (00:07)
  • Protocols (03:05)
  • Port and Protocol Relationship (01:02)
  • Conceptual Use of Ports (00:23)
  • UDP vs. TCP (01:10)
  • TCP/IP Suite (01:34)
  • Protocols: ARP (00:46)
  • Protocols: ICMP (01:06)
  • Protocols: SNMP (01:11)
  • Protocols: SMTP (00:43)
  • Protocols: FTP, TFTP, and Telnet (01:22)
  • Protocols: RARP and BootP (00:41)
  • Network Service: DNS (01:31)
  • Network Service: NAT (02:06)
  • Summary (00:24)
  • Summary (00:08)

Telephony, VPNs, and Wireless

Telephony (21:11)
  • Introduction (00:11)
  • PSTN (02:23)
  • Remote Access (01:11)
  • Dial-Up and Authentication Protocols (02:51)
  • Dial-Up Protocol: SLIP (00:44)
  • Dial-Up Protocol: PPP (00:58)
  • Auhtentication Protocols: PAP and CHAP (03:20)
  • Voice Over IP (05:02)
  • Private Branch Exchange (01:28)
  • PBX Vulnerabilities (01:27)
  • PBX Best Practices (01:23)
  • Summary (00:08)
VPN (12:10)
  • Introduction (00:06)
  • Virtual Private Network Technologies (01:20)
  • What Is a Tunneling Protocol (01:33)
  • Tunneling Protocols: PPTP (00:44)
  • Tunneling Protocols: L2TP (00:35)
  • Tunneling Protocols: IPSec (00:53)
  • IPSec: Network Layer Protection (00:51)
  • IPSec (03:23)
  • SSL/TLS (02:34)
  • Summary (00:08)
Wireless (30:47)
  • Introduction (00:09)
  • Wireless Technologies: Access Point (01:40)
  • Standards Comparison (04:11)
  • Wireless Network Topologies (01:04)
  • Wi-Fi Network Types (00:46)
  • Wireless Technologies: WTLS (01:10)
  • Wireless Technologies: Service Set ID (01:17)
  • Wireless Technologies: Authenticating to an AP (01:33)
  • Wireless Technologies: WEP (03:29)
  • Wireless Technologies: More WEP Woes (02:00)
  • How WPA Improves on WEP (02:25)
  • TKIP (01:47)
  • The WPA MIC Vulnerability (00:57)
  • 802.11i: WPA2 (01:29)
  • WPA and WPA2 Mode Types (01:18)
  • WPA-PSK Encryption (01:10)
  • Wireless Technologies: WAP (01:11)
  • WTLS (02:54)
  • Summary (00:08)
Network-Based Attacks (09:39)
  • Introduction (00:06)
  • Wireless Technologies: Common Attacks (01:44)
  • Wireless Technologies: War Driving (00:50)
  • Kismet (00:45)
  • Wireless Technologies: Countermeasures (01:29)
  • Network Based Attacks (01:06)
  • ARP Attacks and DDoS Issues (01:34)
  • Man-in-the-Middle (00:26)
  • Traceroute Operation (01:06)
  • Summary (00:21)
  • Summary (00:08)

Security Architecture

Security Architecture (23:40)
  • Introduction (00:07)
  • ESA Definition (01:49)
  • What Is Architecture? (05:18)
  • Architecture Components (03:00)
  • Objectives of Security Architecture (02:58)
  • Technology Domain Modeling (03:26)
  • Integrated Security is Designed Security (03:57)
  • Security by Design (02:53)
  • Summary (00:08)
Architectural Models (07:08)
  • Introduction (00:21)
  • Architectural Models (02:36)
  • Virtual Machines (00:58)
  • Cloud Computing (03:02)
  • Summary (00:08)
Components and Threats (31:15)
  • Introduction (00:15)
  • Memory Types (01:22)
  • Virtual Memory (00:45)
  • Memory Management (01:51)
  • Accessing Memory Securely (00:15)
  • Different States and System Functionality (01:24)
  • Types of Compromises (02:03)
  • Disclosing Data in an Unauthorized Manner (03:06)
  • Circumventing Access Controls (02:22)
  • Attacks (01:16)
  • Attack Type: Race Condition (01:26)
  • Attack Type: Data Validation (01:33)
  • Attacking Through Applications (01:03)
  • Buffer Overflow (00:59)
  • Attack Characteristics (01:05)
  • Attack Types (01:21)
  • More Attacks (01:16)
  • Host Name Resolution Attacks (01:23)
  • Even More Attacks (01:59)
  • Watching Network Traffic (01:00)
  • Traffic Analysis (00:50)
  • Cell Phone Cloning and Illegal Activities (01:43)
  • Summary (00:38)
  • Summary (00:08)

Software Development Security

Software Security Concerns (13:16)
  • Introduction (00:09)
  • How Did We Get Here (01:34)
  • Device vs. Software Security (00:55)
  • Why Are We Not Improving at a Higher Rate (01:28)
  • Usual Trend of Dealing with Security (01:25)
  • Where to Implement Security (01:35)
  • The Objective (00:52)
  • Systems Security (00:00)
  • Systems Security (00:53)
  • Programming Environment (02:09)
  • Security of Embedded Systems (02:04)
  • Summary (00:08)
Software Lifecycle Process (27:37)
  • Introduction (00:18)
  • SDLC (02:20)
  • Integration of Risk Management into the SDLC (02:25)
  • Development Methodologies (05:02)
  • Maturity Models (02:12)
  • Secure Programming (03:04)
  • Programming Errors (03:48)
  • Security Issues (02:49)
  • Outsourced Development (03:02)
  • Trusted Program Modules (01:19)
  • Middleware (01:06)
  • Summary (00:08)
Web Application Security (23:59)
  • Introduction (00:06)
  • OWASP Top Ten (03:06)
  • Modularity of Objects (00:44)
  • Object-Oriented Programming Characteristic (00:58)
  • Module Characteristics (01:19)
  • Linking Through COM (01:43)
  • Mobile Code with Active Content (00:56)
  • World Wide Web OLE (01:11)
  • ActiveX Security (00:25)
  • Java and Applets (00:53)
  • Common Gateway Interface (01:32)
  • Cookies (01:13)
  • PCI Requirements (02:11)
  • PA-DSS Requirements (02:43)
  • Vendor-Supplied Software (01:21)
  • Virtual Systems (01:02)
  • Virtualization Types (00:54)
  • Cloud Computing (00:50)
  • Summary (00:35)
  • Summary (00:08)

Database Security and System Development

Database Models (18:47)
  • Introduction (00:09)
  • Database Models (00:38)
  • Database Models: Hierarchical and Distributed (01:12)
  • Database Models: Relational (00:44)
  • Database Systems (01:01)
  • Database Models: Relational Components (00:52)
  • Foreign Key (01:31)
  • Database Component (01:49)
  • Database Security Mechanisms (01:14)
  • Database Data Integrity Controls (01:58)
  • Add-On Security (01:23)
  • Database Security Issues (01:14)
  • Controlling Access (01:43)
  • Database Integrity (00:51)
  • Data Warehousing (01:05)
  • Data Mining (01:10)
  • Summary (00:08)
Software Development (17:31)
  • Introduction (00:08)
  • Artificial Intelligence (02:33)
  • Expert System Components (00:45)
  • Artificial Neural Networks (01:03)
  • Software Development Models (03:17)
  • Project Development: Phases III, IV, and V (01:56)
  • Project Development: Phases VI and VII (00:36)
  • Verification vs. Validation (00:45)
  • Evaluating the Resulting Product (01:27)
  • Controlling How Changes Take Place (01:05)
  • Change Control Process (01:45)
  • Administrative Controls (01:58)
  • Summary (00:08)
Malware Attacks (23:11)
  • Introduction (00:08)
  • Malware Attacks (00:42)
  • Virus (02:08)
  • More Malware (02:44)
  • Rootkits and Backdoors (02:14)
  • DDoS Attack Types (01:05)
  • Escalation of Privilege (01:23)
  • DDoS Issues (02:21)
  • Buffer Overflow (02:55)
  • Mail Bombing and Email Links (00:54)
  • Phishing (02:22)
  • Replay Attack (00:23)
  • Cross-Site Scripting Attack (01:21)
  • Timing Attacks (01:14)
  • More Advanced Attacks (00:32)
  • Summary (00:29)
  • Summary (00:08)

Business Continuity

Project Initiation (14:12)
  • Introduction (00:05)
  • Phases of Plan (00:56)
  • Pieces of the BCP (00:47)
  • BCP Development (02:55)
  • Where Do We Start (02:46)
  • Why Is BCP a Hard Sell to Management (02:22)
  • Understanding the Organization (02:01)
  • BCP Committee (02:08)
  • Summary (00:08)
Business Impact Analysis (27:35)
  • Introduction (00:06)
  • BCP Risk Analysis (01:25)
  • Identifying Threats and Vulnerabilties (00:55)
  • Categories (01:04)
  • How to Identify the Critical Company Functions (01:24)
  • Loss Criteria (00:54)
  • Interdependencies (00:26)
  • Choosing Offsite Services (00:36)
  • Functions' Resources (02:51)
  • Calculating MTD (01:05)
  • Recovery Point Objective (02:22)
  • Recovery Strategies (01:33)
  • What Items Need to Be Considered in a Recovery (02:24)
  • Facility Backups (02:30)
  • Compatibility Issues with Offsite Facility (00:48)
  • Which Do We Use? (02:36)
  • Choosing Site Location (00:54)
  • Other Offsite Approaches (01:53)
  • BCP Plans Become out of Date (01:11)
  • Summary (00:22)
  • Summary (00:08)

Disaster Recovery

Disaster Preparation (14:08)
  • Introduction (00:11)
  • Proper Planning (01:16)
  • Executive Succession Planning (00:33)
  • Preventing a Disaster (01:11)
  • Preventative Measures (03:18)
  • Backup/Redundancy Options (01:00)
  • Disk Shadowing (02:18)
  • Hierarchical Storage Management (01:53)
  • SAN (00:52)
  • Co-Location (00:35)
  • Other Options (00:48)
  • Summary (00:08)
Development Plan (23:59)
  • Introduction (00:12)
  • Review: Results from the BIA (07:01)
  • Now What (01:35)
  • Priorities (00:18)
  • Plan Objectives (02:10)
  • Defining Roles (02:28)
  • The Plan (01:04)
  • Types of BC Plans (01:15)
  • Recovery (00:56)
  • Damage Assessment (01:31)
  • Coordination Procedures (01:10)
  • Sequence of Recovery Options (00:35)
  • Relocate to the Alternate Facility (01:17)
  • Restoration of Primary Site (01:19)
  • Return to Normal Operations (00:56)
  • Summary (00:08)
Emergency Response (14:03)
  • Introduction (00:06)
  • Environment (01:56)
  • Operational Planning (01:10)
  • Emergency Response (00:49)
  • Revieing Insurance (00:58)
  • When Is the Danger Over (01:22)
  • Testing and Drills (02:04)
  • Types of Tests (04:13)
  • What Is Success (00:49)
  • Summary (00:23)
  • Summary (00:08)

Incident Management, Law, and Physical Security

Incident Management (10:59)
  • Introduction (00:04)
  • Seriousness of Computer Crimes (00:55)
  • Incidents (01:06)
  • Incident Management Priorities (01:18)
  • Incident Response Capability (01:22)
  • Incident Management Requires (01:27)
  • Preparing for a Crime Before It Happens (02:01)
  • Incident Response Phases (02:35)
  • Summary (00:08)
Law (13:40)
  • Introduction (00:05)
  • Types of Law (03:00)
  • Foundational Concepts of Law (01:05)
  • Common Laws: Criminal (00:57)
  • Common Laws: Civil (01:06)
  • Common Laws: Administrative (00:53)
  • Intellectual Property Laws (04:00)
  • Software Licensing (02:22)
  • Summary (00:08)
Computer Crime (17:57)
  • Introduction (00:26)
  • Historic Examples of Computer Crimes (02:12)
  • Who Perpetrates These Crimes (01:53)
  • Types of Motivation for Attacks (02:55)
  • Telephone Fraud (01:04)
  • Identification Protection and Prosecution (01:02)
  • Computer Crime and Its Barriers (01:55)
  • Countries Working Together (01:12)
  • Security Principles for International Use (01:07)
  • Determine if a Crime Has Been Committed (01:08)
  • When Should Law Enforcement Get Involved (01:05)
  • Citizen vs. Law Enforcement Investigation (00:38)
  • Investigation of Any Crime (01:04)
  • Summary (00:08)
Evidence Handling (24:04)
  • Introduction (00:06)
  • Role of Evidence in a Trial (01:38)
  • General Rules for Evidence (00:47)
  • Evidence Requirements (01:19)
  • Evidence Collection Topics (00:49)
  • Chain of Custody and Evidence Processing (02:15)
  • Evidence Types (03:47)
  • Hearsay Rule Exception (00:24)
  • Privacy of Sensitive Data (00:53)
  • Privacy Issues: US Laws as Examples (00:27)
  • European Union Principles on Privacy (01:35)
  • Employee Privacy Issues (01:35)
  • Computer Forensics (01:27)
  • Trying to Trap the Bad Guy (01:22)
  • Companies Can Be Found Liable (01:52)
  • Sets of Ethics (01:16)
  • Ethics (02:03)
  • Summary (00:13)
  • Summary (00:08)
Physical Security (38:26)
  • Introduction (00:28)
  • Physical Security (00:52)
  • Physical Security: Threats (01:08)
  • Different Types of Threats and Planning (00:22)
  • Facility Site Selection (03:30)
  • Devices Will Fail (01:36)
  • Controlling Access (01:58)
  • External Boundary Protection (01:02)
  • Lock Types (00:55)
  • Facility Access and Piggybacking (01:10)
  • Securing Mobile Devices (00:39)
  • Entrance Protection (00:58)
  • Perimeter Protection (02:31)
  • Perimeter Security (01:44)
  • Types of Physical IDS (02:00)
  • Sensors (01:00)
  • Facility Attributes (01:32)
  • Electrical Power (00:52)
  • Problems with Steady Power Current (01:12)
  • Power Interference And Preventative Measures (01:42)
  • Environmental Considerations (00:48)
  • Fire Prevention (01:36)
  • Fire Detection (02:55)
  • Fire Types (01:37)
  • Supression Methods (01:02)
  • Fire Extinguishers (02:52)
  • Summary (00:13)

Security Overview

Security and Risk Management (24:43)
  • Introduction (00:32)
  • Overview (03:08)
  • Confidentiality, Integrity, and Availability (01:15)
  • Security Governance Principles (03:53)
  • Compliance (00:31)
  • Legal and Regulatory Issues (02:33)
  • Ethics (01:48)
  • Business Continuity Requirements (00:55)
  • Personnel Security Policies (02:24)
  • Risk Management Concepts (02:58)
  • Threat Modeling (01:21)
  • Security Risk Considerations (01:29)
  • Education, Training, and Awareness (01:13)
  • Summary (00:29)
  • Summary (00:08)
Asset Security (12:30)
  • Introduction (00:11)
  • Overview (01:32)
  • Classify Information and Supporting Assets (01:25)
  • Determine and Maintain Ownership (02:18)
  • Protect Privacy (02:30)
  • Ensure Appropriate Retention (00:56)
  • Determine Data Security Controls (02:11)
  • Establish Handling Requirements (00:38)
  • Summary (00:36)
  • Summary (00:08)
Security Engineering (15:30)
  • Introduction (00:14)
  • Overview (02:25)
  • Engineering Processes (00:30)
  • Fundamental Concepts of Security Models (00:45)
  • Controls and Countermeasures (00:46)
  • Security Capabilites of Information Systems (01:42)
  • Mitgate Vulnerabilities (03:56)
  • Cryptography (03:01)
  • Security Principles (00:22)
  • Physical Security (01:36)
  • Summary (00:08)
Communication and Network Security (10:17)
  • Introduction (00:14)
  • Overview (01:10)
  • Secure Network Architecture Design Principles (03:20)
  • Secure Network Components (01:41)
  • Secure Communications Channels (03:07)
  • Prevent or Mitigate Network Attacks (00:35)
  • Summary (00:08)
Identity and Access Management (09:54)
  • Introduction (00:10)
  • Overview (02:09)
  • Physical and Logical Access to Assets (00:54)
  • Identification and Authorization (02:54)
  • Identity Services (00:34)
  • Authorization Mechanisms (01:47)
  • Access Control Attacks (00:58)
  • Summary (00:18)
  • Summary (00:08)

Enacting Security

Security Assessment Testing (12:33)
  • Introduction (00:11)
  • Overview (02:10)
  • Assessment and Test Strategies (00:37)
  • Security Control Testing (04:40)
  • Security Process Data (02:59)
  • Analyze and Report Test Outputs (01:02)
  • Summary (00:44)
  • Summary (00:08)
Security Operations (36:25)
  • Introduction (00:14)
  • Overview (03:30)
  • Understanding Investigations (03:24)
  • Requirements for Investigation Types (01:09)
  • Logging and Monitoring Activities (03:00)
  • Resource Provisioning (03:23)
  • Foundational Security Operations Concepts (04:37)
  • Resource Protection Techniques (00:57)
  • Incident Management (01:56)
  • Preventative Measures (04:04)
  • Support Patch and Vulnerability Management (02:03)
  • Implement Recovery Strategies (02:44)
  • Disaster Recovery Processes (00:42)
  • Disaster Recovery Plans (02:22)
  • Business Continuity Planning (02:07)
  • Summary (00:08)
Software Development Security (13:02)
  • Introduction (00:56)
  • Overview (00:47)
  • Security in the Software Development Lifecycle (04:04)
  • Security Controls in Development Environment (04:29)
  • Software Security Effectiveness (01:55)
  • Summary (00:48)