Course: Information Security for Decision-Makers and Leaders

Information security, often called InfoSec, consists of tools and processes used to protect data and sensitive information from threats and attacks. In this course, explore the history of information security and discover how to differentiate between cybersecurity and information security. Discover common myths and misconceptions about information security and learn about types of information security, such as infrastructure, cloud, application, and incident response. Next, you will explore security threats, including social media attacks, social engineering, malware, and misconfigurations, and common information security and data protection laws. Finally, you will investigate the responsibilities of a Chief Information Security Officer (CISO), including developing sound security practices, identifying security objectives, conducting awareness and training programs, and ensuring regulatory compliance. Upon completion, you'll be able to recognize the importance of information security and the key roles and responsibilities required to protect an organization

Confidentiality, integrity, and availability, otherwise known as the CIA triad, is a common information security model used by organizations to design and implement their overall security policies and frameworks. In this course, you will learn the basics of confidentiality, integrity, and availability, and discover emerging challenges brought on by big data and the Internet of Things (IoT). Explore the stages of information security risk management (ISRM) and learn how to differentiate between various types of security controls. Discover techniques such as defense in depth, data classification, cryptography, access control, and governance, and the importance of having a sound incident response and management strategy in place. Lastly, learn about the role of investigations and forensics as well as the steps in a forensic investigation such as searching and seizing, acquisition, analysis, and reporting. After course completion, you'll be able to recognize common elements of information security.

There are many elements to a successful InfoSec team, but its goal is always to protect the organization's electronic data and information technology systems. In this course, you will learn about the responsibilities of an IT security team and the many roles required for success. Explore the responsibilities of a chief information security officer and a chief information officer and discover the primary responsibilities of a network security engineer, which include ensuring hardware and software security and updating and patching resources. Next, you will differentiate between the roles of penetration tester, information owner, junior engineer, computer technician, forensic investigator, and digital forensic examiner. Then examine key stakeholder and decision-maker roles. Lastly, explore the role of DevSecOps and list ways it can have a positive impact on information security. Upon completion, you'll be able to recognize the elements of an InfoSec team.

Final Exam: Elements of InfoSec will test your knowledge and application of the topics presented throughout the Elements of InfoSec track.

A good information security leader will likely be responsible for many areas, including security operations, fraud prevention, program management, and investigations. Effective leaders should possess a clear vision, inspire others, and deliver results. In this course, you will explore the potential education requirements of an InfoSec leader and discover how experience working in security or business management can be a requirement for many senior-level executive roles. Examine the qualities that make good leaders, including interpersonal skills, honesty, integrity, business acumen, and ethical decision-making. Discover how successful leaders are often big picture thinkers who are capable of making quick decisions, and explore other qualities of a leader including loyalty, leadership, confidence, positivity, empathy, humility, creativity, and accountability. After completion of this course, you'll be able to recognize the qualities of a good security leader.

IT security risks can be defined as a combination of the consequences of an event and the associated likelihood of occurrence. They can be managed by an organization through asset-safeguarding strategies. Through this course, learn about managing enterprise information security (InfoSec) risk and risk tolerance. Explore the definition of risk, how it differs from threats and vulnerabilities, and the history of information security. Next, discover common threats to IT systems and data, how to identify and manage security risks, and the key differences between quantitative and qualitative risk analysis. Finally, learn about common risk assessment tools and the differences between penetration testing and vulnerability assessments. Upon completion, you'll be able to outline and manage IT security risks.

Not only do IT security teams need to be ready to identify security incidents, but they also need to be able to respond to and manage the environment during a crisis. In this course, you'll explore the term 'crisis' and identify crisis management practices. Discover the key components of an organizational crisis readiness program, including planning, training, technology, tools, and continuous improvement. Next, investigate the roles and responsibilities of a crisis management team, examine measures to minimize disruptions, and determine how incident response planning can help organizations better respond to critical incidents. Then, investigate how to best identify incidents and learn how early detection of incidents can be crucial to containing threats. Lastly, explore the various steps of a typical incident response plan, focusing on identification, containment, investigation, eradication, recovery, and lessons learned. After completing this course, you will be able to recognize what constitutes a crisis and respond to and manage security incidents.

Information security leaders must identify organizational goals and develop plans and strategies to attain them. In this course, you will explore information security planning, including how a good plan can offer economic benefits and provide a competitive advantage. Discover the importance of evaluating security risks, threats, and vulnerabilities, and learn how to conduct a security risk analysis. Then you will focus on data classification planning, various regulatory acts that apply to information security, and the importance of disaster recovery and incident management planning. Next, examine the value of properly training and evaluating employees in security awareness, and learn how to strengthen security culture through communications and awareness programs. Finally, you will investigate key considerations when planning for budgets and contingency.

Everything comes with pros and cons, and outsourced information security is no exception. Leaders contemplating outsourcing information security products and services will need to trade potential time and money savings for other potential gaps. In this course, explore information security outsourcing, security vendor relationships, and major considerations and challenges associated with outsourcing information security. Next, discover common downsides to outsourcing security services, key steps to consider when choosing a security vendor, and explore vendor risk management. Finally, learn about vendor contracts and the importance of having sound contract language when dealing with security vendors. Upon completion, you'll be able to identify common InfoSec vendors and providers and best practices for outsourcing InfoSec products or services.

There is no easy way to predict the future of information security. There are however strategies leaders can implement to better plan and prepare for future growth, security, and threats. In this course, examine potential information security threats, how complexity makes them challenging to predict and plan for, and the threats that ransomware, cybercrime, and the growing crime-as-a-service (CaaS) community pose. Next, discover how work shortages and voids created by skills gaps can cause major issues and the impact of recent global pandemics. Finally, explore operational technology, application container risks, and the evolving risks posed by artificial intelligence and machine learning. Upon completion, you'll be able to plan for the future as an InfoSec leader.

Final Exam: InfoSec Leadership will test your knowledge and application of the topics presented throughout the InfoSec Leadership track.