
Welcome to this course taught by Thor Pedersen. Thor is an experienced instructor with a background in cybersecurity and project management, with extensive work experience in IT, Cyber Security, and project management, he holds CISSP, CISM, , CC, CDPSE, CCNP, CCNA, and PMP certifications. His courses on Udemy are the best-selling and highest rated, and he has helped thousands of students pass their exams over the years. In this course, Thor will provide you with the knowledge and skills you need to succeed on your certification exam. He is eager to connect with you and help you along the way, and you can reach out to him through his LinkedIn profile (linkedin.thorteaches.com) or by joining his Facebook group (fb.thorteaches.com). You can also watch some of his free videos on YouTube (youtube.thorteaches.com). Don't wait any longer - let Thor help you achieve your certification goals.
In this lesson, we will be discussing various tips and tricks for getting the most out of my courses. First, I will introduce the concept of the "little elephant," which indicates that a particular topic is particularly important. Next, we will discuss the use of ",..." in lists, which indicates that the list is not exhaustive. I will also explain the use of bold text to indicate keywords. Additionally, we will take a look at the Udemy interface and its various features, including the ability to pause, play, rewind, and fast forward lectures, as well as the option to change the speed of the lecture to better match your preference. We will also discuss the availability of professionally done subtitles in English, as well as autogenerated subtitles in other languages. Finally, we will explore the option to add your own notes, access a question and answer section, view educational announcements, and receive a certificate of completion upon completing the course.
In this lesson, we will be discussing various tips and tricks for getting the most out of my courses. First, I will introduce the concept of the "little elephant," which indicates that a particular topic is particularly important. Next, we will discuss the use of ",..." in lists, which indicates that the list is not exhaustive. I will also explain the use of bold text to indicate keywords. Additionally, we will take a look at the Udemy interface and its various features, including the ability to pause, play, rewind, and fast forward lectures, as well as the option to change the speed of the lecture to better match your preference. We will also discuss the availability of professionally done subtitles in English, as well as autogenerated subtitles in other languages. Finally, we will explore the option to add your own notes, access a question and answer section, view educational announcements, and receive a certificate of completion upon completing the course.
In this lecture, we introduce CISM Domain 2: Information Security Risk Management, which accounts for 20% of the weighted exam questions (approximately 30 questions) in the 2022 exam version. This domain focuses on identifying risks, assessing them, determining appropriate risk responses, implementing mitigations, and conducting risk control monitoring and reporting. The shift in the 2022 exam places more emphasis on management and technical aspects, making the exam slightly more tactical. ISACA recognizes that CISM candidates come from diverse backgrounds and experiences, so they provide a list of 30 additional publications and books to supplement the official study material. The official book alone is not comprehensive enough to cover all the information and experience needed to pass the exam. Domain 2 covers a wide range of topics, including attackers, vulnerabilities, networking (OSI and TCP/IP models, IP addresses, firewalls, intrusion detection/prevention, WiFi), secure communications, cloud security (SaaS, PaaS, IaaS), and the Internet of Things (IoT). The current exam version is expected to remain in place until the next curriculum update in 2027, as ISACA typically follows a 5-year update cycle.
The risk management lifecycle is an essential aspect of IT security, as it helps professionals identify, assess, and mitigate risks that may affect their systems and infrastructure. The risk management lifecycle is an iterative process that consists of four phases: Risk Identification, Risk Assessment, Risk Response and Mitigation, and Risk and Control Monitoring and Reporting. In this lecture, we will focus on the first phase, Risk Identification, which involves assembling a team from across the enterprise and defining the scope of the risk assessment. Understanding the risk management lifecycle is important for both daily tasks and certification exams, as it helps professionals understand the flow and importance of each phase in managing risks.
In this lecture, we will be discussing risk assessment and the various strategies that can be used to manage risks in a company. This includes performing a qualitative and quantitative risk analysis, creating a risk register, and possibly an uncertainty analysis to understand the potential consequences of risks. We will also discuss the cost benefit analysis that goes into choosing a risk strategy, such as mitigation, transference, acceptance, or avoidance, and the importance of considering an organization's risk appetite. Finally, we will touch on the importance of making informed decisions based on analysis and avoiding risk rejection, which is never acceptable.
In this lecture, we will be exploring the process of qualitative and quantitative risk analysis using a risk analysis matrix and risk registers. We will start by looking at a practical example of analyzing the risk of a laptop being stolen or forgotten and determining the likelihood and consequences of this event. We will then delve into the use of a risk register to examine various factors and prioritize risks in order to mitigate them. The process of quantitative risk analysis involves analyzing the costs and frequency of risks in order to determine the appropriate level of protection. Throughout the lecture, it is emphasized the importance of finding the right balance of security in order to effectively manage and mitigate risks.
In this lecture, the process of risk assessment and management is discussed, including identifying and presenting risks to senior management, choosing a response strategy such as mitigation, transference, acceptance or avoidance, implementing countermeasures to reduce risk, and ongoing monitoring and reporting on risks and controls. The importance of due diligence and due care in this process is emphasized, as well as the role of the IT security manager in communicating risks and controls to senior management in a language they can understand. Key risk indicators (KRIs) and key performance indicators (KPIs) are also introduced as tools for monitoring and measuring the effectiveness of risk management efforts.
In this lecture, we will delve into the different types of attackers and the attacks they use, starting with hackers. Hackers used to be individuals who found ways to use systems in unintended ways or exploit them for unauthorized purposes, such as AT&T switches that could be hacked to make free, long distance and international calls. Now, hackers are mostly seen as attackers who seek to disrupt the Confidentiality, Integrity, and Availability of systems. There are various types of hackers, including White Hat hackers (also known as Ethical Hackers or professional penetration testers) who find flaws in systems to fix them, Black Hat hackers who actively exploit vulnerabilities, and Grey Hat hackers who are somewhere in between and may tell someone about a vulnerability they find but may also publicize it if it is not addressed. We will also discuss Script Kiddies, individuals who use pre-existing scripts or tools without understanding how they work, and Nation-State Actors, hackers sponsored by governments to perform cyber attacks.
In this lesson, we will be discussing botnets and phishing, two tools used by hackers. A bot, also known as a zombie, is a computer system that has been infected by malware and can be controlled remotely by the attacker to perform various tasks. Botnets are organized into a Command and Control network and can contain hundreds of thousands of infected systems, known as zombies, that can be used for spam emails, DDOS attacks, and more. Phishing is a form of social engineering through email, where attackers send fake emails to trick individuals into giving away personal information or money. There are different types of phishing, including regular phishing, spear phishing, whale phishing, and vishing, which is phishing through phone calls.
In this lecture and the next couple of lectures, we will discuss the OWASP Top 10, which is a list of the top 10 web application vulnerabilities as determined by the Open Web Application Security Project (OWASP) every four years. The project is open to the public and is compiled by hundreds of volunteers. We will look at the last three revisions of the list from 2013, 2017, and 2021 and discuss how the attacks are described in the exam. However, the exam doesn't focus on the specific top 10 list, but instead focuses on the attacks themselves. We will also cover some vulnerabilities that are not included in the top 10 list but are still considered to be of concern. Additionally, we will talk about how to mitigate these attacks by using consistent access control across the entire application, implementing role-based access control, strong passwords, multi-factor authentication, and proper user and session management.
We will discuss the topic of A1 - broken access control. This occurs when access control is not consistent across an entire application. We will look at the importance of consistency across an organization and throughout an application. We will also explore the need for a centralized control access mechanism where tricky logic is written once and reused everywhere to ensure consistency. The benefits of this approach include easier code writing and easier auditing later. The importance of proper auditing and checking for access control will also be discussed. Solutions for fixing broken access control, such as deny by default, role-based access control, strong passwords, and multi-factor authentication will be covered.
Then we will discuss the topic of A2 - cryptographic failures. We will look at common mistakes such as using HTTP instead of HTTPS for web traffic, sending data in cleartext, using older, weak encryption algorithms or hashes, not monitoring for data exfiltration, and improper use of initialization vectors. These issues can be avoided by following proper security principles and writing secure code. We will also discuss the importance of identifying sensitive data and protecting it properly, using DLP systems, and ensuring that encryption, hashes, and algorithms are not deprecated. Overall, we will examine the importance of using enough security to protect our data and countermeasures that can be effective against multiple vulnerabilities.
In this lecture, we will continue with OWASP top 10, and we will start by discussing A3 - Injections. It's important to remember that injections were the top one in 2013 and 2017, so while it may not currently be the top one, it is still a major issue. We will talk about what injection attacks are and how attackers are able to exploit them through lack of strong input validation, data type limitation on input fields, and input length limitations. We will also discuss CGIs and APIs and how they are used to separate the untrusted user from the trusted database. Finally, we will cover the steps that can be taken to prevent injection attacks through the use of a positive list for input fields, secure interfaces, and settings and restrictions that limit data exposure. We then talk about OWASP A4 - Insecure Design, which is a new addition to the top 10 security risks. We will explore the importance of designing security into our applications to prevent design flaws and loopholes that attackers can exploit. It is important to note that insecure design is different from insecure implementation, as even a perfectly designed app can be vulnerable if implemented incorrectly. We will also discuss the importance of using secure design patterns and reference architecture, utilizing libraries with secure references and patterns, and conducting threat modeling and penetration testing before finalizing the design of an application. Additionally, we will look at A5 - Security Misconfiguration and A6 - Vulnerable and Outdated components, exploring the dangers of incorrect configuration, failure to remove default access, and use of outdated or vulnerable components in our servers and applications.
In this lecture, we will continue with the wonderful and whimsical world of OWASP and focus on A7 - Identification and Authentication Failures. We will discuss how this topic has been on the top 10 for quite a while and has dropped from number two to seven in recent years. Under the umbrella of identification and authentication failures, we will talk about sessions that don't expire, predictable session IDs, the use of cleartext or insecure encryption and hashing, weak or default passwords and knowledge-based password recovery. We will also look at session sniffing attacks and ways to prevent them by implementing multi-factor authentication, proper secure encryption and hashing, and proper logging and monitoring.
We then talk about A8 - Software and Data Integrity Failures, which is not new to the list. In 2017, it was called insecure deserialization, and it occurs when our applications use code, plugins, libraries or modules from a source that is not trusted. We will look at the importance of making sure that everything our critical business applications use are both trusted and secure, as well as the potential consequences of not having proper integrity checks in place for software updates. We will also discuss ways to fix this issue, including using digital signatures and hashes, software supply chain tools, and proper segregation, configuration, and access control for CI/CD in dev setups. Additionally, we will talk about the importance of patching and confirm the integrity of patches in our test environment before deploying to production.
Then finally in this lecture we will discuss A9 - Security Logging and Monitoring Failures, which is a topic that we have talked about many times before. We will look at the 2017 list and why insufficient logging and monitoring can be a problem. We will explore some of the reasons why our logging and monitoring may not be working properly, including misconfigured systems, incorrect thresholds, and poor admin response. We will also discuss how to properly configure systems and respond to alerts, as well as maintaining a centralized logging server and a proper incident response and recovery plan. By the end of this lesson, we will understand the importance of proper logging and monitoring and how it helps us detect and respond to attacks more efficiently."
In this lecture, we will finish out the OWASP top 10 by discussing A10 - Server-Side Request Forgery and the ones that didn't quite make the top 10 but are still important to know. We will look at how an attacker can use SSRF to attack a target server by creating and controlling requests from a vulnerable web server. To protect against this, we will discuss measures that can be taken on the networking and application layers, such as segmenting remote resource access and enforcing URL schemas. We will also talk about insufficient detection and response, unvalidated redirects and forwards, and the importance of doing a lessons learned after any attack to protect against similar incidents in the future.
In this lecture, we will be discussing the basics of networking and its various definitions. We will begin by delving into foundational concepts so that you can understand how networks function, and in later lectures, we will explore more intricate details. Networking is crucial in our day-to-day lives as almost everything we use is connected to some sort of network. As professionals, it is our responsibility to ensure that all of our networking devices, protocols, and traffic are as secure as possible. We will cover concepts such as simplex, half duplex, and full duplex connections, as well as baseband and broadband signals. Additionally, we will discuss the Internet, intranet, and extranet networks, and how they differ from one another. It is important to have a clear understanding of these terms before diving deeper into the subject.
In this lecture, we will discuss the SIEM and SOAR systems, which are big, overarching systems that give us a high-level view of our entire organization's events and incidences. We will learn about the SIEM system and how it can be pronounced differently, but most of the information discussed for SIEM applies to SOAR as well. SOAR does more, and we will cover that in a minute. We will also look at how all the information from our systems is sent to a centralized location and how we can interpret logs to see traffic flows in our organization and provide near to real-time identification, analysis, and recovery from security events. However, it is important to note that both SIEM and SOAR systems must be configured correctly and have close buttoned-down access to prevent any breaches.
In this lecture and the following lectures, we will be discussing some of the networking models that are used today. Specifically, we will be looking at the OSI model and the TCP/IP model, which are both conceptual models that are widely used in networking. These models will be a part of your day-to-day work and are very testable. If you are new to networking, it will take some time to learn, but it is a critical skill. We will start by discussing the OSI model, which is a layered networking model that standardizes communication functions over telecommunication or computer systems, regardless of the underlying structure and technology. We will also discuss the seven layers of the OSI model, including the physical layer, data link, network, transport, session, presentation, and application layer. Additionally, we will discuss mnemonics to help you remember the different layers and their order. We will dive into the actual layers and what they consist of. We will then look at what is on the actual layers of the OSI model, starting with layer 1, which is the physical layer, this is where we have cables, networking cards, and all the data is 0's and 1's. We will discuss the data link layer, also known as Layer 2, which is where we transport our traffic between two nodes on the same network. We will look at how Layer 2 uses LLC or logical link control for error detection and how this is also where we find our MAC addresses or our burned-in addresses. We will delve into what MAC addresses are and how they are supposed to be a unique identifier for that specific network card, but can easily be changed or spoofed. We will also discuss the common threats on layer two, such as Mac spoofing and Mac flooding, as well as the ARP protocol or address resolution protocol, which is considered to be a layer 2/3 protocol. Finally, we will cover CSMA/CD and CA, which stands for carrier-sense multiple access, collision detection, and collision avoidance, and how it is used in Ethernet networks to fix the problem of collision detection that was prevalent in older topologies.
In this lecture, we will continue our discussion of the OSI model and begin by looking at layer 3, the networking layer. We will talk about how layer 3 uses IP addresses to move beyond our local network and onto the Internet. We will also explore the various protocols that are used on this layer, including IP, ICMP, IPSEC, IGMP, IGRP, IKE, ISAKAMP, and IPIX. We will also cover the different types of attacks that can occur on this layer, such as ping of death, ping floods, Smurf attacks, spoofed sorts addresses, directed broadcast, IP modifications, DHCP attacks, and more. We will then move on to layer 4, the transport layer, where we will discuss the main components of this layer, UDP and TCP, and the various attacks that can occur on this layer.
Then we will focus on layers 5, 6, and 7. We will look at how these layers are more integrated into each other and how they all fall under the category of data layers. We will examine the functions of the session layer (layer 5) in establishing and maintaining connections, the presentation layer (layer 6) in formatting, compressing, and encrypting data, and the application layer (layer 7) in presenting data to the user through various applications and protocols such as HTTP, HTTPS, FTP, SNMP, IMAP, POP, and active directory integration. We will also touch on the potential threats to these layers such as viruses, worms, Trojans, buffer overflows, and vulnerabilities in operating systems and applications. Additionally, we will note that layers 1, 2, and 3 are referred to as the lower or media layers, while layers 4, 5, 6, and 7 are referred to as the upper or host layers. This concludes our discussion on the OSI model, and we will move on to the TCP IP model in our next lecture.
In this lecture, we will discuss the TCP/IP model, also known as the Internet Protocol Suite or the DOD model. The TCP/IP model is a conceptual model, similar to the OSI model, that standardizes how data is addressed, packetized, transmitted, routed, and received, regardless of the backend systems. We will briefly review the similarities between the TCP/IP model and the OSI model, focusing on what is different and how different things map to the different layers of the TCP/IP model. We will also examine how the four layers of the TCP/IP model map to the seven layers of the OSI model, and how the layers of both models relate to one another. We will also take a deeper look at specific features within the TCP/IP model, such as IP addresses, routing, transport layer protocols, and port numbers.
In this lecture and the next couple of lectures, we will be discussing IP addresses, MAC addresses, and ports in order to ensure that information sent over the internet reaches the intended destination. We have already discussed MAC addresses and how they are a unique identifier on the network, but they can also be easily spoofed. We will also delve into the history of IP addresses, which were first deployed in the ARPANet in 1983. However, because the original network was closed and secured, security was not built into the protocols, leading to added security measures being bolted on later. We will also cover the move towards IPv6 as a solution to the limited address space of IPv4 and the changes happening on the back end to make this transition smoother for consumers.
In this lecture, we will be discussing IP addresses and ports and how they are used in networking. The combination of an IP address and a port is called a socket. When using a UDP connection, only one socket, IP, and port is needed, but when using a TCP connection, a pair of sockets is used to establish bidirectional communication between the source and destination. IP addresses are allocated by region, governed by the Internet Assigned Numbers Authority (IANA) and their assigned organizations such as AFRINIC, ARIN, APNIC, LACNIC, and RIPE NCC. These organizations are responsible for assigning IP addresses in specific regions, but with the abundance of IPv6 addresses, this is becoming less of an issue. When needing a static public IP, one can contact their Internet provider to obtain one from a pool of IPs that they are assigned.
In this lecture, we will continue our discussion on IP addresses, exploring the structure and protocols used with them. We will begin by focusing on IPv4 addresses, which are made up of four octets, also known as dotted decimal notation. Each of these octets can be broken down into 8 bits, which is the foundation of all data. We will also look at subnets and their role in IP addresses. For this exam, it is important to have a basic understanding of IP addresses and subnets, but you will not need to dive too deeply into them. We use the dotted decimal notation for ease of readability, as it is much simpler to say 172.16.254.1 than the binary version, 10101100 and so on. We will also discuss how IP addresses are used for websites and how they are made as seamless as possible for the end user. We will also discuss the history and development of IP addresses, including the introduction of public and private addresses as a solution to the increasing need for IPs.
In this lecture, we will conclude our discussion on IP addresses by focusing on IPv6. IPv6 is a newer version of IP addresses that was designed in the 1990s due to the limited address space on IPv4. However, it wasn't widely adopted until we ran out of IPv4 addresses. IPv6 addresses are longer than IPv4 addresses and use hexadecimals instead of regular numbers. They are divided into eight groups of four hexadecimals each and are more secure than IPv4 because IPSec is built-in. IPv6 is mostly used on the back-end and is seen mostly with IoT devices, cell phones, and service providers. We will also look at how to shorten IPv6 addresses by removing zeros and adding colons. Additionally, we will discuss how IPv6 addresses can be connected to MAC addresses.
In this lecture, the focus is on the ARP protocol and its role in translating IP addresses into MAC addresses. The ARP protocol is considered trusting, as it does not have security built in, making it vulnerable to ARP poisoning attacks. One countermeasure to protect against these attacks is to hard code ARP entries for critical devices such as the default gateway. Another use of ARP is in the form of Reverse ARP, which is used on diskless workstations to assign them IP addresses. The next protocol discussed is ICMP, or Internet Control Message Protocol, which is commonly used for troubleshooting and can be used for tasks such as pings and TTL exceeds in traceroute. The lecture also covers the use of ICMP in IPv4 and IPv6 and the differences in format for IPv6 addresses. Lastly, the lecture delves into Traceroutes, which uses ICMP packages and the TTL value to trace the route a packet takes from the source to the destination.
In this lecture, we will continue to explore the protocols that are used online, starting with email protocols. We will review the previously discussed SMTP, POP3, and IMAP protocols and their corresponding port numbers. We will also take a look at the flow of traffic when sending an email. Through the use of an image, we will see how an email is sent from a mail user agent to a mail submission agent, and how it is then delivered to the intended recipient through the use of DNS requests and mail exchange records. We will also briefly touch on DNS and how it translates domain names into IP addresses, and the potential vulnerabilities that come with this protocol.
In this lecture, we will be discussing the world of networking cables and the different types that are used in the field of IT security. We will focus on the most commonly used copper Ethernet cables, but also explore other types that may be cheaper, faster, or more secure. As IT security professionals, it is important to consider the security vulnerabilities of each cable type and choose the right one for the specific implementation. We will also delve into the concepts of EMI, Crosstalk, and attenuation and how they affect cable performance. Additionally, we will touch on the importance of fiber cables and the challenges that can arise with using copper cables, such as interferrence and attenuation issues.
In this lecture, we will be discussing LAN topologies, technologies, and protocols. Network topology refers to the layout and interconnection of a network with other devices and segments. We will be discussing different LAN topologies, including Ring, Bus, Mesh, and Star, and how they were used in the past and how they are used today. We will also be discussing higher level protocols, such as NetBEUI, IPX/SPX, and AppleTalk, and how TCP/IP is the primary protocol used today. Additionally, we will be discussing the use of Ethernet and WiFi and the importance of understanding the different types of cables and technologies used in Ethernet, such as Copper Twisted Pair, Coax, Fiber, and Baseband. We will also be discussing wireless technologies, including CSMA/CA and CSMA/CD, and how they are used to ensure seamless and uninterrupted connectivity for employees.
In this lecture, we will explore the different types of hardware used on layers 1, 2, and 3 of the OSI model in networks. We will discuss the specific roles of equipment such as repeaters, hubs, bridges, and switches, and how they are used to improve signal transmission, reduce collisions, and increase security. We will also review best practices for security on switches, such as shutting down unused ports to prevent unauthorized access. By the end of this lecture, students will have a deeper understanding of the different types of hardware used in networks and their specific uses and functions.
In this lecture, we will be discussing firewalls and their role in securing networks. Firewalls act as a barrier between a trusted internal network and an untrusted external network, such as the Internet. There are multiple types of firewalls, including legacy and modern options, and multiple ways to configure them to fit the security needs of an organization. We will be exploring the two main types of firewalls, starting with Packet Filtering Firewalls, which filter packets based on rules set up on the firewall. However, these firewalls are now considered outdated and not recommended for use today. Next, we will discuss Stateful Filtering Firewalls, which also inspect packets passed through the firewall and check if the packet is part of an existing connection. These firewalls have more granular rules and allow for a more secure network.
In this lecture, we will discuss the concepts of Bastion Hosts, Dual-Homed Hosts, Screened Host Architecture, and Screened Subnet Architecture. We will begin by examining Bastion Hosts and how they are designed to be fortified against attacks, typically only having one application and being located in the DMZ or just outside the Firewall. We will then move on to Dual-Homed Hosts, which have at least two interfaces, one facing the secure internal network and one facing the untrusted Internet, but have become less popular in recent years as Firewalls have become more accessible. We will also talk about Screened Host Architecture and how it uses a screening router with access lists to filter traffic, but does not provide defense in depth. Finally, we will discuss Screened Subnet Architecture and the use of different types of firewalls for better security in the DMZ and internal network.
In this lecture, we will discuss the different types of detective and preventative controls that can be implemented to detect or prevent malicious activity on our networks. We will look at the different types of Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) that can be used, and how they capture traffic on our networks and either alert or block it if it is seen as malicious. We will also look at the two types of these systems, network-based and host-based, as well as the two approaches, signature or pattern matching, and heuristic or behavioral-based systems. We will discuss how these systems can be used as part of a layered defense and how they work on simple if-then statements to trigger actions based on certain conditions.
In this lecture, we will discuss the challenges of securing data in motion and the protocols and devices that can be used to achieve this. We will look at the fact that IPv4 and the Internet were not designed to be secure and how this has resulted in many challenges when it comes to securing data. We will also discuss the importance of balancing confidentiality, integrity, and availability when securing data. Additionally, we will examine specific authentication protocols, including legacy protocols such as PAP and CHAP, and the benefits and limitations of each.
In this lecture, we will discuss wireless LAN (WLAN) networks. A WLAN is a network that links two or more devices using a wireless distribution method within a specific area, such as a school, home, or office building. We will also discuss the importance of wireless network security, including the potential for rogue access points, which can be a significant security risk if not properly addressed. We will also discuss strategies for protecting against rogue access points, including proper port security and using MAC address sticky to ensure that only authorized devices can access the network.
In this lecture, we will continue to cover wireless networks and dive deeper into the 802.11 standard. The 802.11 standard includes the Media Access Control (MAC) abbreviation, which is clearly spelled out in the exam. We will also discuss the different types of 802.11 protocols that have been in use, including ac, ax, and n. It is important to note that while newer protocols are faster, they may not be used as frequently in your work life or on the exam. We will also discuss the use cases behind 2.4, 5 and 6 GHz, including how the 2.4 GHz band can be crowded, and the advantages and disadvantages of using 2.4, 5, and 6 GHz for different situations, such as building size, coverage area, and budget.
In this lecture, we will be discussing Bluetooth, which is a type of wireless communication that is used to exchange data over short distances. It operates on the 2.4 GHz band between fixed or mobile devices and is a Personal Area Network (PAN). Bluetooth devices can be segmented into three categories: Class 1 devices can reach distances of up to 100 meters, Class 2 devices can reach distances of up to 10 meters, and Class 3 devices can only reach distances of less than 10 meters. Bluetooth provides both confidentiality and authentication through its custom algorithm based on the SAFER+ block cipher, which uses the E0 stream cipher to encrypt packages. However, the cryptanalysis of E0 has proven it to be weak and vulnerable to attacks. The security of Bluetooth is also limited by the lack of countermeasures such as salting, nonces, and clipping levels. Additionally, we will also discuss various Bluetooth attacks such as Bluejacking, Bluesnarfing, and Bluebugging and their countermeasures, which include disabling Bluetooth when not in use, turning off discovery, and removing paired devices when not in use.
In this lecture, we will discuss Honeypots and Honeynets. These systems mimic a regular system to attract attackers, allowing us to analyze and study the attack vectors used, which we can then use to enhance our actual systems. We will look at the use of internal and external honeynets and honeypots, with the external ones being more commonly used. We will also explore the potential legal and liability issues that come with deploying honeynets and honeypots, and why it is important to have approval from both legal and senior management before deploying. Additionally, we will differentiate between a honeypot, being a single system, and a honeynet, which is a network of honeypots, and how they can be used to protect against attacks.
In the next couple of lectures, we will discuss all the protocols, technologies, and features used to secure communication. To start, we will look at IPsec, a set of protocols that provide a cryptographic layer to IP traffic for both IPV4 and IPV6. We will also talk about Security Associations (SAs) and how they are used to negotiate the Encapsulation Security Payload (ESP) and Authentication Headers (AH). We will also discuss how IPsec sends traffic in tunnel mode or transport mode, and how it uses IKE (Internet Key Exchange) to negotiate the types of encryption between the two parties. We will also talk about how IPsec can be used to protect data between two hosts, two security gateways, or a security gateway and a host, and how to choose the appropriate mode of communication. Overall, IPsec is an end-to-end security scheme that works on the Internet layer.
In this lecture, we will continue discussing Secure Communications and start with the topic of Callback it is rarely used now as it is based off of dial-up modems. We will look at how it works and its potential use in vishing, or voice phishing, and also how adding caller ID as an additional security feature can help. We will also discuss remote administration and remote viewing, where we connect to a device remotely through software to do configuration, maintenance, or troubleshoot. This is commonly used in networking and server teams to save time and increase efficiency, as well as in personal technical support situations.
In this lecture, we will discuss the topic of secure communication and finish up by looking at Instant Messaging (IMs). We will explore how IMs are used on various platforms such as Facebook and LinkedIn and the importance of their security. We will learn that most IMs are not secure by design and are designed for functionality rather than security. We will also examine research on 18 top IM apps and their security concerns, as well as their plain text messaging feature which can cause security issues. We will also look at web conferencing, which has become more prevalent in recent years due to the shift towards remote working. We will explore the various options available for web conferencing and the security concerns that need to be addressed to ensure they align with our security policies and are implemented correctly. Overall, we will understand the importance of hardening and implementing these technologies in a secure manner.
In this lecture, we will be discussing mobile security, which includes any device that can be walked around with, such as external USB drives, hard drives, tablets, CDs, laptops, and of course, cell phones. As more and more devices are added to our networks, the more complex policies, procedures, and standards we need to ensure that every device we have data on is secure. We need to eliminate internal threats, which often come from users who are unaware of the risks or find it easier to take shortcuts. To do this, we need proper training to raise awareness and also close any loopholes to give users the tools they need. On the technical side, we should lock down USB ports, CD drives, network ports, and wireless devices, and enable full disk encryption and remote wipe capabilities. Overall, we want to ensure that we have the policies and procedures in place to keep our data as secure as possible.
In this lecture, we will discuss positive-listing for applications and some removable media controls. We will explore how in many places, it is normal that regular staff cannot install applications and they need to go through the IT department. However, if we do choose to let them install applications on their own, then we would normally use application positive lists, also known as whitelisting, which are just applications that are allowed. We will also look at how positive lists are much more preferable to negative lists because they are specific about which applications our users can use and the wide release of an application is done against a trusted digital certificate. Lastly, we will discuss Removable Media Controls and how it is common to lock down USB ports, CD drives, and memory card ports to ensure the security of the system.
In this lecture and the following lectures, we will be discussing virtualization, cloud computing, and distributed computing. These topics are extremely important as they are evolving at a rapid pace and are used in almost any organization. Virtualization is the process of creating a powerful system and building smaller systems on top of it. This allows for multiple servers or clients to be on the same hardware platform, known as the host. Common virtualization software includes VMware, Hyper-V, and Xen. Later, when discussing distributed computing, it is the opposite where we have massive data sets that require a lot of resources and instead of running it on one system, we distribute the workload across multiple machines. This is commonly seen in cloud computing and it is important to ensure the security posture and compliance of these systems.
In this lecture, we will be discussing cloud computing, which is a highly important and weighted topic on exams. Not only is it important for understanding how different organizations operate, but it is also something that is extensively used by nearly all organizations. The lecture will cover the various types of cloud computing including private, public, hybrid, and community cloud computing. We will discuss the benefits of using cloud computing, such as cost-effectiveness, and the potential drawbacks, such as security concerns. We will also discuss how organizations can implement the right type of cloud computing for their specific needs, and the importance of ensuring compliance with industry standards.
In this lecture, we will be diving deeper into Public Cloud Computing, which is the most heavily examinable part of virtualization, cloud, and distributed computing. We will discuss the different solutions available within public cloud computing, including Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). We will explore the responsibilities of both the service provider and the customer for each solution, and the benefits of using each one. Additionally, the lecture will stress on the importance of further research on the topic and provide a visual analogy using the example of pizza as a service to better understand the concepts.
In this lecture, we will be discussing Grid Computing, a system in which resources from hundreds or thousands of systems that are not currently in use are utilized to complete complex tasks. By using a network of computers, each working on a small set of subtasks, a vast amount of resources can be utilized to quickly produce results. One notable example of this is the BOINC Network, which currently has around four million enrolled machines and uses their unused resources for various scientific research projects. Additionally, we will also discuss the use of peer-to-peer networks and Thin Clients in Grid Computing. Peer-to-peer networks involve any system on the network being able to act as a client or server, and Thin Clients involve a system with limited hardware or software. Both systems can provide cost and resource efficiency, as well as added security measures.
In this lecture, we will be finishing our discussion on virtualization, cloud, and distributed computing by focusing on distributed systems, high performance computing, and edge computing. Distributed systems, also known as distributed computing environments (DCEs), concurrent computing, parallel computing, or distributed computing, are a type of cloud computing where users connect to the closest node in the system, rather than a centralized system. We will explore the differences between DCEs and other forms of distributed computing, such as CDNs and grid computing, and the benefits and uses of DCEs in various industries such as the internet, websites, cell networks, research, and peer-to-peer networks.
In this lecture, we will continue discussing software vulnerabilities and attacks. We will start by revisiting the concept of buffer overflow or buffer overrun, which occurs when a program writes into memory and overruns the buffer boundaries, potentially writing to adjacent memory. This can happen if programmers fail to perform program boundary checks. We will also discuss the potential consequences of buffer overflow, such as memory access errors and the possibility for an attacker to replace executable code with their own malicious code. Next, we will talk about race conditions and time of check to time of use (TOCTOU) bugs, which can lead to data corruption or privilege escalation. Finally, we will delve into the concept of privilege escalation, where an attacker tries to gain access to higher privileges within a system. We will discuss how this is a common goal in many attacks and why penetration testing is important to prevent this from happening.
In this lecture, we will be discussing the concept of emanations and covert channels in relation to cyber security. Emanations are unintentional information bearing signals that can be intercepted and analyzed by attackers, leading to a compromise of confidential information. We can protect against emanations by using heavy metals and encasing our systems to block the signal. Covert channels, on the other hand, are methods of intentionally transferring information through channels that were not originally intended for it. Examples of this include covert timing channels, where a difference in real-time response can be used to gain information, and covert storage channels, where information is hidden in an object by modifying it. Understanding these concepts is important for identifying and protecting against potential threats to our systems.
In this lecture, we will be discussing the Internet of Things (IoT), which is a term that many people do not fully understand. Similar to cloud technology, IoT encompasses any device that is connected to the internet and made "smart", such as smart TVs, thermostats, and cars. However, as we add more functionality to these devices, we also make them less secure. We will discuss how to make IoT devices more secure by changing default passwords and logins, applying vendor patches, and segmenting the devices on their own VLAN. It is important to remember that the attacker will always find the weakest link in our security system, so we must be vigilant in patching and hardening our IoT devices to ensure the security of our networks and data.
In this lecture, we will be discussing different types of wireless networks. First, we will cover Li-Fi, a technology that uses light to transmit data at speeds of up to 100 gigabits per second. It can use both visible light and infrared and ultraviolet spectrums and requires a direct line of sight. However, it can also reflect light off a wall to reach slower speeds of 70 megabits. Li-Fi is commonly used in places where WiFi cannot be used such as hospitals and nuclear power plants. Next, we will discuss Zigbee, a mesh wireless network that is low power and requires close proximity and line of sight. Finally, we will talk about satellite connections which have been around for a long time but have been slow, high latency and expensive until recent improvements.
In this lecture, we conclude our study of CISM Domain 2: Information Security Risk Management, which accounts for 20% of the weighted questions on the 2022 exam. Remember that many questions will touch on multiple domains, but they will have a primary domain. This video course covers more than the official book, as ISACA assumes significant knowledge and provides a condensed version. They suggest referring to 30 extra books and publications if you need additional information. If you're unclear on some concepts, explore those additional resources to strengthen your understanding. Domain 2 focuses on risk management, including identifying risks, assessing them, determining responses, implementing mitigations, and conducting risk control monitoring and reporting. It also covers attackers, vulnerabilities, networking, secure communication, cloud computing, and IoT. As we wrap up Domain 2, reflect on your progress and identify areas that may require further study before moving on to Domain 3.
* Updated for the 2022 CISM curriculum. We do in-place updates, meaning any future exam updates you get for free *
Welcome, I am Thor Pedersen, and I am here to help you pass your CISM certification.
With over 760,000 enrollments from 209 countries, my CISSP, CISM, and Certified in Cybersecurity (CC) courses are both the “Best Selling” and “Highest Rated” on Udemy.
Getting your CISM certification now is a very smart career move.
The CISM is highly sought after by Cyber Security recruiters.
There are over 44,000 open CISM jobs in the US.
The average CISM salary in the US is over USD165,000 a year.
I think my courses are fantastic but don't just take my word for it. Here's what some of my other students have to say about them:
Detailed and in depth! Recommended! (Nikos, ★★★★★)
Awesome explanations of the material! One the Best courses I have ever taken!! (James, ★★★★★)
Great course, pretty straight forward into what you really need to pass the exam. Thanks Thor. (Alejandro, ★★★★★)
Thor's way of teaching is honestly a god send. Everything is broken up into bite size chunks which makes it a lot easier to understand and digest. (Dale, ★★★★★)
This is a great walkthrough of the CISM topics. It is concise and easy to follow while still provide solid coverage of the material. Highly recommend this course. (David, ★★★★★)
Join our community of successful students and reach your certification goals!
When you buy this course you get all this:
7.5 hours of CISM videos: Covering the 2022 CISM Domain 2 exam topics.
61-page PDF CISM study guides: Detailed guides made from our lectures.
27-page PDF CISM Quick Sheets: For your review sessions.
9 Detailed CISM Mind Maps.
2-page PDF CISM Mnemonics: Memory aids to help you remember key concepts.
40 website links: Additional resources to deepen your understanding of Domain 2 topics.
Subtitles in multiple languages: English, Spanish (Latin America), Portuguese (Brazil), French, Arabic, Japanese, Chinese, and Hindi.
An automatic certificate of completion: Hang on your wall or use for CEUs/PDUs. (8 CEUs).
30-day money-back guarantee: No questions asked.
Lifetime Access to the course and all course updates.
Offline video viewing: Available on the Udemy mobile apps.
In Domain 2 we cover:
A Information Security Risk Assessment
2A1 Emerging Risk and Threat Landscape
2A2 Vulnerability and Control Deficiency Analysis
2A3 Risk Assessment and Analysis
B Information Security Risk Response
2B1 Risk Treatment / Risk Response Options
2B2 Risk and Control Ownership
2B3 Risk Monitoring and Reporting
We continue to update our courses to make sure you have the latest and most effective study materials:
2025: Added 9 CISM Domain 1 Mind Maps. Added CISM Quick Sheets (27 pages).
2024: Added CISM Mnemonics. Added subtitles in Japanese and Portuguese (Brazil).
2023: Added updates/new videos: The OSI model - Part 1, The OSI model - Part 2, Wireless networks.
2022: Full course update for the 2022 curriculum.
2021: 10+ updates: Entirely new content, clearer explanations/examples in videos, and study guides.
2020: 10+ updates: Entirely new content, clearer explanations/examples in videos, and study guides.
2019: My initial course release of my CISM courses.
Start Your Certification Journey Today!
Join thousands of successful professionals who have transformed their careers with ThorTeaches. Let me guide you to CISM certification success.
Enroll now and let's achieve your certification goals together!
Thor Pedersen