Course: (ISC)² Certified in Cybersecurity

It is of high importance that organizations operate upon a solid foundation of security principles, concepts, and risk management. It is impossible to reduce security risk until core security and risk management principles are defined. In this course, explore the elements of the confidentiality, integrity, and availability (CIA) triad, along with the essentials of authentication and using non-repudiation services. Next, examine what risk is and the terminology surrounding risk management, threats, and vulnerability. Finally, learn about risk assessment, identification, and treatment and compare qualitative and quantitative risk analysis. This course prepares learners for the (ISC)2 Certified in Cybersecurity exam.

Security governance is a huge part of overall corporate or organizational governance. The security practitioner must be aware of various governance elements, regulations, laws, standards, policies, and procedures. Begin this course by exploring the elements of governance, including mission charter, leadership, and corporate guidance. Then investigate various laws and regulations like General Data Protection Regulation (GDPR) and HIPAA, standards issued by the International Organization for Standardization and International Electrotechnical Commission (ISO/IEC), and the National Institute of Standards and Technology (NIST), and common policies and standard operating procedures. Next, examine the International Information System Security Certification Consortium (ISC2) code of ethics. Finally, discover security control categories and types. This course prepares learners for the (ISC)2 Certified in Cybersecurity exam.

Practically anything that occurs in the enterprise can be called an event, but not all events are negative occurrences. It is the problematic events that are managed with the incident response practice. In this course, you will begin by exploring incident terminology and the goal of incident response. Next, discover the phases of the incident response lifecycle: Preparation, Detection and Analysis, Containment, and Post-incident Activities. Finally, you will explore additional incident response topics, including incident response teams, forensics, and problem management. This course prepares learners for the (ISC)2 Certified in Cybersecurity exam.

Many organizations nowadays have become aware of the need for business continuity planning, also known as continuity of operations. The main objective of a business continuity plan (BCP) is for an organization to maintain organizational operations while recovering from a major interruption. In this course, explore the importance and goals of business continuity and continuity of operations, as well as the components of a business continuity plan. Next, learn about business impact analysis (BIA), backup and restore policies, and disaster recovery plans. Finally, investigate the various tests and drills that incident response and business continuity plans should be subjected to. This course prepares learners for the (ISC)2 Certified in Cybersecurity exam.

Many security practitioners learn about physical security by comparing it to protecting a medieval castle. Defense in Depth (DiD) relies on multiple layers of independent methods of security and must be used with either an outward-in or inward-out approach. Begin this course by exploring fundamental physical security concepts and mechanisms such as privileged access management (PAM) and segregation of duties (SoD). Then you will focus on badge systems, gate/facility entry, and environmental controls design. Next, you will examine biometric authentication, including crime prevention through environmental design (CPTED). Finally, you will learn about various monitoring systems like syslog, NetFlow, security information and event management (SIEM), and security orchestration, automation, and response (SOAR). This course prepares learners for the (ISC)2 Certified in Cybersecurity exam.

There is often a blurred line between physical and logical access control, as the systems typically function together. In this course, you will explore the logical aspect of Defense in Depth and security controls. Next, you will examine discretionary access control (DAC) and mandatory access control (MAC). Finally, you will define role-based access control (RBAC), rule-based access control (RuBAC), and attribute-based access control (ABAC) and learn about their differences. This course prepares learners for the (ISC)2 Certified in Cybersecurity exam.

Although new security practitioners can come from development, database, or other backgrounds, the majority of security professionals come from a networking background. It is virtually impossible to separate networking knowledge from security expertise. Begin this course by exploring network types, network devices, and device addressing mechanisms. Then you will discover the Open Systems Interconnection (OSI) and Transmission Control Protocol/Internet Protocol (TCP/IP) reference models, logical ports, and the TCP handshake. Next, you will focus on transport layer security (TLS) and IP security (IPsec). Finally, you will examine virtual LANs (VLANs) and Wi-Fi fundamentals. This course prepares learners for the (ISC)2 Certified in Cybersecurity exam.

The constant emergence of new security threats, variants, vectors, and technologies is an ongoing challenge to keep up with. In this course, learn about threats, attacks, and threat prevention tools and methods, such as advanced persistent threats (APT) and intrusion detection and intrusion prevention systems. Next, investigate data center security, secure cloud computing, and elements of secure network design, including HVAC and environmental controls, zoning, and VLANs. Finally, explore Zero Trust security initiatives and micro-segmentation, such as network access control (NAC), software-defined networks, and IoT. This course prepares learners for the (ISC)2 Certified in Cybersecurity exam.

For many organizations, data is the most critical asset to be secured. Begin this course by exploring the data life cycle, or the different phases a piece of data goes through, from data creation to data destruction. You will focus on each of the six phases, including create, store, use, share, archive, and destroy. Then, you will learn how to log and monitor security events using modern enterprise and cloud-based solutions. Next, you will investigate encryption, hashing, and digital signing. Finally, you will discover system hardening practices like patch management. This course prepares learners for the (ISC)2 Certified in Cybersecurity exam.

A mature and successful organization will follow guidance and best practices to better secure all resources. Stakeholders at every level must understand their roles and responsibilities for contributing to a secure environment. In this course, the learner will begin by exploring common security policies, including acceptable use policies (AUPs) and remote access policies. You will then review the processes of configuration and change management. Finally, you will explore security awareness programs and topics, and the security awareness training life cycle. This course prepares learners for the (ISC)2 Certified in Cybersecurity exam.