Introduction
Course Introduction
Domain 1: Security and Risk Management
-
NIST (8:12)
-
1.1 Understand and Apply CIA (11:28)
-
1.2 Evaluate and apply security governance principles (8:13)
-
1.3 NIST 800-100 (7:30)
-
1.4 Security Governance (3:37)
-
1.5 Security Governance – Requirements (7:30)
-
1.6 The Organizational Culture's (11:06)
-
1.7 Due Care and Due Diligence (7:27)
-
1.8 Exam Question (4:11)
-
Guidelines for Applying Security Governance Principles
-
1.9 Security Models (2:18)
-
1.10 Determine compliance requirements (8:42)
-
1.11 Understand legal and regulatory issues (2:56)
-
1.12 Exam Question (2:13)
-
1.13 Computer Crime (8:37)
-
1.14 professional Ethics (4:32)
-
1.15 Ethics (2:26)
-
1.16 Security Documentation (2:47)
-
1.20 Guidelines for Upholding Professional Ethics in Security
-
1.21 Information security policy (3:08)
-
1.22 Some Important Policies (7:20)
-
1.23 Security Policy Framework (24:52)
-
1.24 Resources: CIS (4:17)
-
1.25 Exam Tips (1:45)
-
1.26 The Relationship Between Security Document Types (3:42)
-
1.27 Guidelines for Drafting Security Documentation
-
1.28 Identify, analyze, and prioritize Business Continuity (BC) requirements (8:17)
-
1.29 BCP Phases (12:01)
-
1.30 Business Impact Analysis - BIA (10:41)
-
1.31 NIST SP 800-34 (8:06)
-
1.32 MTD-RTO-RPO (11:29)
-
1.33 MTTF-MTTR (6:12)
-
1.34 BCP (5:48)
-
1.35 Business Continuity Controls (9:42)
-
1.36 High availability and Fault Tolerance (11:28)
-
1.37 Exam Tips (1:27)
-
Guidelines for Applying Business Continuity Plan Fundamentals
-
1.39 Contribute to and enforce personnel security policies and procedures (12:59)
-
1.40 Insider Threat Prevention (15:20)
-
1.41 Employees Privacy (4:50)
-
1.42 Social Media Security (9:45)
-
1.43 Threat Modeling (5:16)
-
Guidelines for Implementing Threat Modeling
-
1.44 Understand and apply risk management concepts (10:53)
-
1.45 Qualitative vs Quantitively Assessment (8:24)
-
1.46 Risks Formula (11:42)
-
1.47 Risk Management Strategies (10:12)
-
1.48 Security Controls (6:28)
-
1.49 Nist 800-37 (2:18)
-
1.50 Risk Register (1:17)
-
1.51 Exam Tips (1:58)
-
Guidelines for Implementing Risk Management
-
1.52 Understand and apply threat modeling concepts and methodologies (5:46)
-
1.53 STRIDE Modle (5:23)
-
1.54 Threat Intelligence Sources (3:07)
-
1.55 Risk Management (4:32)
-
1.56 Apply risk-based management concepts to the supply chain (6:17)
-
1.57 Vendor Management Life Cycle (5:26)
-
1.58 Acquisition Strategy and practice (5:11)
-
1.59 Security Awareness and Training (3:43)
-
1.60 Establish and maintain a security awareness, education, and training program (18:39)
-
1.61 Awareness resources (9:09)
-
Domain 1 Evaluation Exam
-
Domain 1 Materials
Domain 2: Asset Security
-
2.1 Identify information and assets (14:19)
-
2.2 Asset Classification (4:14)
-
2.2.1 Assets Classification and Labeling (12:44)
-
2.2.2 Military / Commercial Classification (12:42)
-
2.2.3 Sample of Classification Tool 1 (2:49)
-
2.2.4 Sample of Classification Tool 2 (2:30)
-
2.2.5 Data Lost Prevention (3:11)
-
2.2.6 Sample of DLP Tool (3:18)
-
2.2.7 Guidelines for Implementing Asset Classification
-
2.3 Information Asset Management (4:05)
-
2.4 Determine and maintain information and asset ownership (3:33)
-
2.5 Protect privacy (7:49)
-
2.6 Privacy Protection (4:06)
-
2.7 Guidelines for Implementing Privacy Protection
-
2.8 Ensure appropriate asset retention (12:07)
-
2.9 Asset Retention (5:17)
-
2.10 Personnel Retention
-
2.11 Data Security Controls (4:02)
-
2.12 Determine data security controls (12:51)
-
2.13 Data Encryptian (1:46)
-
2.14 Secure Data Handling (5:04)
-
2.15 Establish information and asset handling requirements
-
Domain 2 Evaluation Exam
-
Domain 2 Materials
Domain 3: Security Architecture and Engineering
-
3.1 Introduction to Security Architecture and Engineering (3:50)
-
3.2 Security Engineering Lifecycle (4:13)
-
3.2 Security Desgin (3:13)
-
3.2.1 System Component Security- Part 1 (5:15)
-
3.2.2 System Component Security - Part 2 (3:44)
-
3.2.3 System Component security - part 3 (4:18)
-
3.3 NISP SP 14-27 (11:36)
-
3.4 Trusted Computing Base _ TCB (9:21)
-
3.4.1 TCB Vulnerability (9:46)
-
3.5 Security Models (3:33)
-
3.6 Security Models (17:07)
-
3.7 TCSEC (5:42)
-
3.8 ITSEC (6:05)
-
3.9.1 Design and Architecture Vulnerability Mitigation- Part 1 (5:27)
-
3.9.2 Design and Architecture Vulnerability Mitigation - Part 2 (5:29)
-
3.9.3 Design and Architecture Vulnerability Mitigation - Part 3 (5:44)
-
3.10 Vulnerability Mitigation in Embedded, Mobile, and Web-Based Systems (6:52)
-
3.11 Security Architecture Questions (3:16)
-
3.12 Enterprise Security Architecture (5:05)
-
3.13 Virtualization (9:50)
-
3.14 Fault Tolerance (6:30)
-
3.15 Server Fault Tolerance Techniques (2:05)
-
3.16 New Technology (6:27)
-
3.17 Cryptography Basics - Part 1 (3:05)
-
3.18 Cryptography Basics - Part 2 (0:53)
-
3.19 Cryptography Basics - Part 3 (1:55)
-
3.20 Cryptography (6:35)
-
3.20 Cryptography (16:30)
-
3.21 Symmetric vs. Asymmetric Cryptography (2:34)
-
3.22 Cryptography Applications (Digital Rights Management, Hishing) (6:55)
-
3.24 Cryptography Applications (PKI,Digital Certificates and Signature) (4:52)
-
3.25 Alternative Ciphers (7:55)
-
3.26 Symmetric Encryption (12:42)
-
3.27 Asymmetric Encryption (13:51)
-
3.28 Hash (6:04)
-
3.29 Physical Security (7:38)
-
3.30 Physical Access barriers (9:41)
-
3.31 Power Issue (3:10)
-
3.32 Fire (5:27)
-
3.23 Domain Evaluation
-
New Lecture
Domain 4: Communication and Network Security
-
4.1 OSI Model (5:07)
-
4.2 OSI Model
-
4.3 The OSI Model (17:26)
-
4.4 TCP-IP Model (2:48)
-
4.5.1 Fundamentals of Network- Part 1 (5:16)
-
4.5.2 Fundamentals of Network- Part 2 (3:33)
-
4.5.3 Fundamentals of Network-Part 3 (4:04)
-
4.6 Network Architecture Components (17:08)
-
4.7 Communication Channel Security (5:38)
-
4.8 Communication Channel Security
-
4.9 Firewall (10:42)
-
4.10 Network Types and Topolgies (8:36)
-
4.11 Remote Access Technology (18:33)
-
4.12 Network Attack Mitigation-Part 1 (3:52)
-
4.13 Network Attack Mitigation-Part 2 (5:38)
-
4.14 Network Attack Mitigation-Part 1
-
4.15 Network Attack Mitigation-Part 2 (5:38)
-
4.16 Network Attack Mitigation-Part 2
-
4.17 Wireless Network (7:12)
-
4.18 Network Attacks (8:53)
-
4.19 Remote Access Security Mechanisms (2:06)
-
4.20 RAID (6:47)
-
4.21 Backup (5:49)
-
4.22 Network Questions (1:12)
-
Domain 4 Evaluation
Domain 5: Identity and Access Management (IAM)
-
5.1 Physical and Logical Access Control (5:07)
-
5.2 Access Control (6:50)
-
5.3 Identity as a Service (4:59)
-
5.4 Identification, Authentication, and Authorization (4:49)
-
5.5 Authorization Mechanisms (4:36)
-
5.6 Authorization (19:23)
-
5.7 Authentication (18:50)
-
5.8 Single Sign on SSO (13:10)
-
5.9 Central Administration (RADUIS) (4:16)
-
5.10 Access Control Attack Mitigation (5:21)
-
5.11 Access Control Attack (17:15)
-
5.12 Instrusion Detection System (IDS) (6:58)
-
5.13 Access Control Inportant exam area (4:15)
-
5.14 Access Control Questions (8:02)
-
Domain 5 Evaluation Exam
Cloud Security
-
1. Introduction to Cloud Security (2:50)
-
2. NIST 800-145 (1:55)
-
3. IaaS vs PaaS vs SaaS (2:25)
-
4. SaaS (4:25)
-
5. PaaS (2:04)
-
6. IaaS (1:59)
-
7. Storage Architecture (1:25)
-
8. Data Life Cycle Security (4:27)
-
9. Hypervisor (4:49)
-
10. Virtualization Security (5:26)
-
11. Perimeter Security (6:05)
-
12 Physical and Logical Access Control (5:07)
-
13 Physical and Logical Access Control
-
14 Identification, Authentication, and Authorization (4:49)
-
15 Identification, Authentication, and Authorization
-
16 Identity as a Service (4:59)
-
17 Identity as a Service
-
18 Authorization Mechanisms (4:36)
-
19 Authorization Mechanisms
-
20 Access Control Attack Mitigation (5:21)
-
21 Access Control Attack Mitigation
Domain 6: Security Assessment and Testing
-
6.1 Introduction Security Assessment and Testing (11:20)
-
6.2 Test Output (4:33)
-
6.3.1 Vulnerability asessment - Part 1 (2:16)
-
6.3.2 Vulnerability assessment -Part 2 (3:16)
-
6.4. Nessus VA (13:24)
-
6.5 Nessus VA- Part 2 (14:05)
-
6.6 Nessus VA Report (5:20)
-
6.7 OWASP ZAP - VA (5:06)
-
6.8 Nexpose VA (5:05)
-
6.9 Penetration testing (8:33)
-
6.10 Reconnaissance Demo -Maltego 2 (7:58)
-
6.11Scanning Demo -Zenmap (5:06)
-
6.12 Exploitation Demo -MetaSploit 2 (14:33)
-
6.13 Event Log Review 2 (7:18)
-
6.14 NIST 800-92 (2:56)
-
6.15 SIEM Solution (6:16)
-
6.16 SIEM Solution Demo - Qradar (3:09)
-
6.17 Code Review (5:20)
-
6.18 Security KPI's (6:57)
-
6.19 System Security Control Testing (5:22)
-
6.20 Software Security Control Testing (4:24)
-
6.21 Security Process Data Collection (4:43)
-
6.22 Audits (4:18)
-
6.23 System Security Control Testing (5:22)
-
6.24 System Security Control Testing
-
6.25 Software Security Control Testing (4:24)
-
6.26 Software Security Control Testing
-
6.28 Security Process Data Collection (4:43)
-
6.29 Security Process Data Collection
-
6.30 Audits (4:18)
-
6.31 Audits
-
Domain 6 Evalution Exam
Domain 7: Security Operations
-
7.1 Introduction to Security Operation 2 (1:40)
-
7.2 Security Operations (5:09)
-
7.3 Security Operation 2 (9:53)
-
7.4 Physcial Security (5:48)
-
7.5 Personnel Security (2:52)
-
7.6 Logging and Monitoring (4:18)
-
7.7 Preventative Measures (5:35)
-
7.8 Resource Provisioning and Protection (5:30)
-
7.9 Patch and Vulnerability Management (2:46)
-
7.10 Change Management (2:55)
-
7.11 Incident Response (5:37)
-
7.12 Investigations (5:25)
-
7.13 Disaster Recovery Planning (5:40)
-
7.14 Recovery Site Strategies (4:52)
-
7.15 Disaster Recovery Implementation (4:47)
-
7.16 Security Operations (5:09)
-
7.17 Security Operations
-
7.18 Physcial Security (5:48)
-
7.19 Physcial Security
-
7.20 Personnel Security (2:52)
-
7.21 Personnel Security
-
7.22 Logging and Monitoring (4:18)
-
7.23 Logging and Monitoring
-
7.24 Preventative Measures (5:35)
-
7.25 Preventative Measures
-
7.26 Resource Provisioning and Protection (5:30)
-
7.27 Resource Provisioning and Protection
-
7.29 Patch and Vulnerability Management (2:46)
-
7.30 Patch and Vulnerability Management
-
7.31 Change Management (2:55)
-
7.32 Change Management
-
7.33Incident Response (5:37)
-
7.34 Incident Response
-
7.35Investigations (5:25)
-
7.36 Investigations
-
7.37 Disaster Recovery Planning (5:40)
-
7.38 Disaster Recovery Planning
-
7.39 Recovery Site Strategies (4:52)
-
7.40 Recovery Site Strategies
-
7.41 Disaster Recovery Implementation (4:47)
-
7.42 Disaster Recovery Implementation
-
Domain 7 Evaluation Exam
Domain 8: Software Development Security
