Introduction to Cybersecurity Online Course

Description

With the Introduction to Cybersecurity Nanodegree programme, you can take your first step toward a career in cybersecurity and learn the skills needed to become a security professional. This programme will teach you how to assess, maintain, and monitor the security of computer systems. You'll also learn how to assess threats, respond to incidents, and implement security controls in order to reduce risk and meet security compliance objectives. 

Syllabus:

Course 1: Cybersecurity Foundations

Cybersecurity Fundamentals

• Understand the relevant role of cybersecurity and whyit is important
• Describe how business stakeholders play a role in cybersecurity
• Become familiar with cybersecurity tools, environments and dependencies

What is Cybersecurity

• Identify trends in cybersecurity events and protection techniques
• Describe careers and skill qualifications of cybersecurity professionals
• Explain security fundamentals including core security principles, critical security controls, and best practices

Maintain Secure Infrastructure

• Apply methods to enforce cybersecurity governance
• Identify common security regulations and frameworks
• Explain how current security laws, regulations, and standards applied to cybersecurity and data privacy
• Recognize components of the NIST Cybersecurity Framework (CSF)
• Recognize components of the Center for Internet Security Critical Security Controls (CSC)

Think Like a Hacker

• Categorize assets, risks, threats, vulnerabilities, and exploits
• Identify different types of vulnerabilities in a system
• Identify the categories of a cyber threat
• Determine the phase of a cyber attack
• Recognize common exploits

Security Defenses

• Explain how security defenses are layered throughout different system architectures
• Explain components of identity and access control
• Identify common identity and access control protection techniques
• Determine patch levels for common systems/applications
• Describe the process and technique for applying patches and updates on computing devices
• Understand protection for email and other communication methods

Applying Cybersecurity

• Identify organizational asset(s)
• Analyze vulnerabilities and risks to those organizational assets
• Recommend and apply basic security controls

Project: Securing a Business Network

Students will use the skills they learned in the cybersecurity fundamentals course to conduct a hands-on security assessment based on a common business problem in this project. As a means of demonstrating fundamental cybersecurity knowledge, skills, and abilities, students will investigate and resolve security issues on a Windows 10 client system.

 

Course 2: Defending and Securing Systems

Defending Computer Systems and Security Principles

• Explain the Defense in Depth approach to a layered security strategy
• Explain the NIST 800 framework for defending computer systems
• Determine if a system has implemented Least Privileged properly
• Suggest approaches to correct systems that have inappropriately implemented Least Privileged Principles

System Security: Securing Networks

• Differentiate between different types of firewalls
• Analyze the effectiveness of Firewall rules and craft a basic rule
• Evaluate best practices for securing wireless networks
• Explain different types of IDS/IPS and craft a basic IDS signature
• Evaluate documentation to determine proper security settings in Windows
• Identify the impact of services, permissions, and updates on Windows Security
• Identify the impact of daemons, permissions, and patches on Linux Security

Monitoring and Logging for Detection of Malicious Activity

• Interpret between different types of logs
• Define the basic parts of network traffic
• Interpret the output of a firewall and IDS report
• Explain the importance of a SIEM
• Explain the pros and cons of open source vs commercial SIEM LESSON FOUR Cryptography Basics (Applied Cryptography)
• Define encryption
• Differentiate different types of encryption techniques
• Determine the appropriate encryption type for a given scenario
• Differentiate between data at rest and data in transit
• Differentiate different types of encryption techniques for data in transit
• Define and analyze file hashes

Project: Monitoring and Securing Douglas Financials Inc.

Douglas Financials Inc. (DFI) has experienced rapid growth and is now looking to fill a Security Analyst position. Students will analyse Windows and Linux servers as that new analyst and report recommendations on OS hardening, compliance issues, encryption, and network security. In addition, students will create firewall rules, analyse threat intelligence, and encrypt files and folders for transport to a client.

 

Course 3: Threats, Vulnerabilities, and Incident Response

Assessing Threats

• Explain the relationship between threats, threat actors, vulnerabilities, and exploits
• Utilize event context to identify potential threat actor motivations.
• Identify security threats applicable to important organizational assets
• Use standard frameworks to assess threats, identify risks, and prioritize

Finding Security Vulnerabilities

• Leverage the MITRE ATT&CK framework to understand attack methods
• Configure and launch scans to find vulnerabilities
• Explain the steps required to conduct a penetration test.

Fixing Security Vulnerabilities

• Conduct vulnerability research using industry resources like MITRE CVE framework
• Validate scan results through manual testing and application of business context
• Prioritize security gaps and recommend remediation strategies

Preparing for Inevitable Attacks

• Explain the relationship between incident response, disaster recovery, and business continuity
• Distinguish events from incidents and recognize indicators of compromise
• Explain the incident response lifecycle
• Recognize the key incident response team roles and core components of an incident response plan

Project Navigating a Cybersecurity Incident

Hospital X's worst nightmare has become a reality. After several hospitals in its partner network were hacked, the medical community realised that they were likely next on the attack hit list. In such cases, it is critical for the cybersecurity team to understand the threats at hand, whether the company is vulnerable, how to close the gaps, and, ultimately, how to respond if a security incident occurs. 

Students will use the skills they learned in this security course to navigate a potential cyber incident in this project.
Students will work together to determine the type of threat actor involved as well as the potential motivation for the attack. Students will conduct scans based on clues provided throughout the scenario to discover and test vulnerabilities that could lead to a successful attack. Following that, students will assess the risk levels associated with the findings and propose a remediation plan. They will also use the incident response plan provided to them to navigate the potential breach and make recommendations for improvements to the plan.

The project's final implementation will demonstrate students' vulnerability management and incident response skills, as well as their ability to prioritise threats and make recommendations to key stakeholders.

 

Course 4: Governance, Risk, and Compliance

Introduction to Governance, Risk, and Compliance

• Understand the historical underpinnings of cybersecurity GRC
• Explain the key functions of each of the Governance, Risk, and Compliance (GRC) roles
• Articulate the connection between GRC roles
• Demonstrate the importance of cybersecurity GRC in accomplishing cybersecurity objectives and business goals

Governance

• Understand reliance on governance professionals to align business and security strategy.
• Describe how governance professionals are expected to communicate with the organization
• Develop organizational security policies and procedures
• Understand common methods for providing employee security training
• Explain keys to assessing security controls against expected results

Risk

• Explain how organizations measure cybersecurity risk
• Develop risk measurement documentation
• Remediate risk and report risk measurement and remediation activities to senior leadership
• Develop and interpret risk statements
• Understand the differences between value based risk assessment and traditional risk assessment

Compliance

• Describe sources of compliance
• Locate and assess relevant sources of compliance for your organization
• Interpret compliance obligations and develop control objectives
• Measure existing security controls against control objectives

Audit Management

• Understand audit and assessment goals
• Explain the role Governance, Risk, and Compliance professionals have in ensuring audits achieve expected goals
• Learn how to facilitate and control audits
• Develop management responses and remediation plans for audits

Project: Create the SwiftTech GRC Program

SwiftTech is a company in transition; they are accelerating product development while attempting to maintain a high level of flexibility and responsiveness with customers, all while migrating their infrastructure to the cloud. The organization's cybersecurity GRC practise faces challenges in this fast-paced environment. As a brand new GRC analyst at SwiftTech, you'll need to quickly understand the business and improve their documentation in order to support the organization's goals.

Show more