Explore the five pillars of information security—the CIA triad (confidentiality, integrity, availability)—plus authenticity and non-repudiation—through practical controls like encryption, hashing, certificates, and digital signatures.

ISO 27001 presents a risk-based information security management framework emphasizing leadership, compliance, continuous improvement, and documented policies. NIST SP 800-53 provides a customizable control catalog aligned with RMF and monitoring.

Explore major legal systems, including civil code law, common law, criminal and civil tort law, regulatory, customary, religious law, and mixed systems, and their impact on information security obligations.

Identify and distinguish administrative, criminal, civil, regulatory, and standards investigations, and learn how to collect, preserve, and present evidence with law enforcement, legal, and HR collaboration.

Identify vulnerabilities and threats by categorizing threat agents—human, natural, technical, physical, environmental, and operational—and differentiate internal versus external threats, then apply tailored controls.

Explore risk analysis by defining scope across organizational, facility, department, and asset levels, and compare quantitative, qualitative, and hybrid methods with asset value, EF, SLE, ARO, and ALE.

Identify and mitigate supply chain risks across hardware, software, and service providers through SCRM. Apply mitigations like SBOM, silicon root of trust, PUF, and software escrow to protect CIA.

Identify data roles like data owner, custodian, controller, and data steward. Understand governance, metadata, and separation of duties that strengthen data security.

Explore how scoping selects the right security baseline and tailoring customizes it for roles and departments, with documentation and audit trails for future implementation.

Explore security model basics, emphasize the CIA triad, confidentiality, integrity, availability, and illustrate process protections, user versus kernel mode, and practical demos of vulnerabilities.

Examine fundamental security model types, including state machines, multi-level lattice, matrix-based models, non-interference, information flow, and take-grant delegation, with practical examples of rights and permissions.

Explore the Bell-LePadula security model, its mandatory access controls and confidentiality focus, including simple and star properties, security levels, no read up, no write down, and its limitations.

Clark-Wilson presents an integrity-focused security model that enforces separation of duties, well-formed transactions, and certification and enforcement to prevent unauthorized or improper transformations and modifications.

Discover how a trusted platform module stores encryption keys and certificates to protect sensitive data on modern devices, and learn binding, sealing, and key terms like EK, SRK, AIK, PCR.

Explore cloud models (SaaS, PaaS, IaaS) and deployment types, plus vulnerabilities like misconfigurations and poor access control. Learn defenses such as CASB, CSPM, security as a service, and CWPP.

Explore industrial control systems and operational technology, including ICS, SCADA, and DCS, and learn key vulnerabilities, from weak encryption and insecure networks to insider threats, input validation, and access control.

Explore cryptography basics, including encryption and decryption, hashing, the cryptographic life cycle, and the differences between symmetric and asymmetric key management.

Examine classic cryptanalytic attacks, including brute-force, dictionary, and rainbow-table methods. Explore cipher-text-only, known-plaintext, and chosen-ciphertext techniques, illustrated with Enigma cipher and veneer cipher demonstrations.

Explore side channel attacks that exploit physical device characteristics—from timing and power analysis to fault injection and transient execution methods like Spectre and Meltdown—covering acoustic and electromagnetic side channels.

Learn secure site and facility design to protect people and assets through deterrence, denial, detection, and delay, with layered physical and technical controls, CPTED concepts, and BCDR.

Create a formal physical security plan guided by the 4Ds, with incident response contacts and defined timeframes. Focus on site visibility, lighting, blind spots, and server room placement.

Explore the information system life cycle (ISLC) from prerequisites to decommissioning and disposal, covering requirements analysis, design, development, testing, deployment, and operations and maintenance.

Explore the OSI model and TCP/IP model, their layers, and how encapsulation enables interoperable networking. The lecture covers layer-specific security examples like TLS, IPsec, 802.1X, and L2TP.

Explore transport architecture for secure data transmission, focusing on encryption, strong authentication, end-to-end protection, and the data, control, and management planes across physical and logical topologies.

Explore north-south and east-west traffic flows and learn how bandwidth, throughput, latency, packet loss, jitter, and signal-to-noise ratio influence the CIA triad and network performance.

Explore virtual private clouds as isolated networks with private RFC 1918 addresses and customizable subnets, and secure traffic with security groups, ACLs, NAT gateways, and internet gateways.

Practice microsegmentation to isolate workloads and secure east-west traffic in data centers and cloud environments. Leverage containerization, network overlays, and distributed firewalls with zero-trust principles.

Study wireless network architecture and WLAN standards, including 2.4/5 GHz bands, MIMO and MU-MIMO, channel bonding, DFS, and OFDM/OFDMA. Compare infrastructure and ad hoc modes, ESS/BSS/SSID, and roaming.

Categorize access controls into administrative, technical, and physical, and illustrate how preventative, deterrent, corrective, recovery, detective, directive, and compensating controls interrelate to secure systems.

Explore users, groups, roles, and policies in AWS identity and access management, focusing on least privilege, scalable permissions, and service roles for EC2 to S3.

Explore how single sign-on simplifies access to multiple services while enabling just-in-time access and least-privilege through context-aware provisioning and role-based access control.

Compare role-based access control and rule-based access control, illustrate with firewall access lists, explain privilege creep, implicit deny, and how order and hierarchy affect access decisions.

Master how access policy enforcement uses peps, pdps, pips, and paps to decide and enforce access, using subject and object data from directories and identity and access management systems.

Explore how service accounts, often called application accounts, enable machine-to-machine and API communications with elevated privileges, and learn password best practices, risk of default passwords, and defense through monitoring.

Explore the differences between authentication and authorization through OAuth 2.0 and OpenID Connect, showing how token‑based authorization enables third‑party apps to access services without sharing credentials.

Explain how SAML enables web-based single sign-on through federation, and how Kerberos provides ticket-based single sign-on inside private networks.

Designing security tests teaches automating basic security tests to verify controls. It covers resources, criticality, misconfiguration, independence, and NIST 853A guidance.

Identify vulnerabilities with automated assessments, network discovery scans, and web or database scanners, and use the security content automation protocol, the CVE database, and CVSS to prioritize remediation.

Collect security process data by gathering technical details on access controls, privilege management, training, backups, disaster recovery and business continuity, and compliance, then analyze delta between intended and actual privileges.

Understand digital evidence and investigations by applying NIST, ISO/IEC 27037, and IOCE guidelines; identify, preserve, collect, and analyze data with forensics tools and chain-of-custody.

Implement recovery strategies to maintain business continuity. Explore backup storage: onsite, offsite, and cloud, recovery sites, fault tolerance, and RPO and RTO with full, incremental, and differential backups.

Activate the disaster recovery plan, assess impacts, and coordinate the disaster recovery team with clear roles and communications to restore critical systems efficiently.

Implement and manage physical security as the outer layer of defense in depth, covering lighting, CCTV, guards, access control, mantraps, fencing, and architectural measures to protect people and assets.

Protect personnel safety and security by addressing travel risks, data exposure, and theft of information. Train staff on insider threats, duress, and emergency planning using SP 800-series guidance and OEP.

Explore how to choose a software development methodology by weighing size and complexity, flexibility, customer involvement, team experience, time constraints, and costs to avoid costly missteps.

Manage post-deployment expectations by maintaining operations and maintenance, monitoring performance and security, applying change management and governance, and ensuring compliance through audits and regulatory frameworks.

Explore the software development life cycle and the security considerations for libraries, tool sets, IDEs, runtimes, and CI/CD, including secure configuration, code repositories, and vulnerability assessments.

Drive secure software development by embracing software configuration management as a discipline that tracks and controls changes through version control, build and release management, and formal change processes.

Explore how auditing and logging track software changes to protect integrity, identify risks, and ensure compliance through version control, CI/CD, and application logs.

Learn to evaluate managed services and open source software security in a cloud based analytics platform, using RS Tech Solutions to compare source components, licensing, privacy, vulnerability history, and compliance.

Evaluate cloud services security by understanding IaaS, PaaS, and SaaS models, identifying shared responsibilities, and applying provider security features, patch management, and access controls.

Explore SDN and SDsec in cloud networks, using a centralized controller with northbound and southbound APIs to implement dynamic security, segmentation, and zero trust.