This is the second, and the biggest course in the learning path with 9 different modules.
The first module is Risk and Related concepts.
It covers the security cycle:
Assets are endangered by Threats that exploit Weaknesses resulting in Exposure leading to Risk which are mitigated by Controls that protect our Assets.
The Control types video clip covers three categories of controls:
Management controls and the importance of having a written security policy.
Operational controls including physical and personnel security, incident response, awareness and training.
Technical controls including firewall rules, and strong encryption on wireless access points.
The incident response clip provides some surprising facts about cyber (in)security and why security expertise is so important.
The 2nd module is risks associated with third party integration, including social media networks, interoperability agreements, privacy concerns and data sharing.
The 3rd module is Risk mitigation strategies, covering topics including change management, incident management, user rights and routine audits.
The 4th module is implementing basic forensic procedures. It discusses the order of volatility, capturing system images locally or remotely using special software, capturing video, network traffic and logs. The topic of first responder is introduced. It also talks about recording time offsets (understanding times in UTC), taking hashes and screenshots, the role of witnesses, and tracking man hours and expense.
The 5th module is Incident Response concepts. This discusses escalation and notification, and revisits the topic of first responder introduced in the previous module. It describes two incident isolation techniques: quarantine and data removal.
The 6th module is Security Awareness and Training. It discusses role based training, personally identifiable information, and information classification.
It then covers US compliance laws such as Sarbanes-Oxley and HIPAA, and also covers various user habits such as password behaviours, data handling and clean desk policies. That’s not all, because it then discusses new threats and security trends/alerts, such as new viruses, phishing attacks and zero day exploits, and then talks about use of social networks and P2P.
Finally it stresses the importance of following up and gathering training metrics to confirm that the training is adequately understood.
The 7th module is called Physical and Environmental controls. The environmental controls discussed include heating, ventilation and air conditioning, fire suppression, EMI shielding, hot and cold aisles, environmental monitoring, and temperature and humidity controls.
Physical security covers hardware locks, mantraps, video surveillance, fencing, proximity readers, access lists, signs, guards, biometrics, alarms etc.
This module discusses different control types, the main ones being deterrents, preventive, detective and compensating.
The 8th module is Risk Management best practices. This covers various Business Continuity concepts, Fault Tolerance and Disaster Recovery concepts.
The Business Continuity concepts include business impact analysis, risk assessment, Disaster Recovery, High Availability and Redundancy.
The Fault Tolerance discussion includes hardware, RAID, clustering, load balancing and servers.
The Disaster Recovery concepts include backup plans and policies, backup execution and frequency, hot sites, cold sites and warm sites.
The final module is called Appropriate Controls to Meet Security Goals. This is broken up according to the controls that are applicable to each letter of the CIA triad (Confidentiality, Integrity and Availability), and finally Safety.
Confidentiality Controls: Encryption, Access Controls, Steganography
Integrity Controls: Hashing, Digital Signatures, Certificates and Non-Repudiation
Availability Controls: Redundancy, Fault Tolerance and Patching
Safety Controls: Fencing, Lighting, Locks, CCTV, Escape Plans, Drills, Escape Routes, and Testing Controls.
Introduction to Risk Management is a higher level and much briefer course that covers much of the same essence, but without the technical detail.
Download at least one of these to learn what it can do.
Watch the video tutorials on F Response Universal
Read the New York Times article Deleting may be easy but your hard drive still tells all to learn the role EnCase played in many criminal cases.
Kali Linux contains some forensic tools. Kali is covered in more detail in the Ethical Hacking learning path.
If you are a Windows user, download and install the File Checksum Integrity Verifier
The Steganography video clip introduces OpenPuff which you might want to familiarise yourself with.
Recommended speed: 1.1x
Threats and Vulnerabilities