Teach on Udemy

Turn what you know into an opportunity and reach millions around the world.

Learn More

Your cart is empty.

Keep shopping

CISO Guide to Cyber Resilience

Name: CISO Guide to Cyber Resilience
Rating: 4.7 (32 reviews)

How to Build a Resilient Security Program

Created byDebra Baker

Last updated 1/2025

English

What you'll learn

Implement a Robust Cyber Resilience Strategy – Develop and execute a cybersecurity framework that aligns with industry best practices, including NIST.
Strengthen Security Awareness & Threat Detection – Train employees on cybersecurity hygiene, phishing prevention, and social engineering tactics.
Secure Critical Data & Assets – Apply encryption, backup strategies, and third-party risk management techniques to protect sensitive information from breaches.
Enhance Endpoint & Cloud Security – Deploy advanced security controls, including Endpoint Detection & Response (EDR), Zero Trust models, and cloud security.
Leverage AI for Cyber Defense – Understand both the risks and benefits of artificial intelligence in cybersecurity, including AI-driven threat detection.

Course content

11 sections • 11 lectures • 2h 0m total length

Welcome to the CISO Guide Cybersecurity Resilience Course6:36
After completing this section, learners will be able to explain the concept of cyber resilience, its importance in modern organizations.

Inside a Cyberattack – How BigCo Got Hacked & Recovered9:05
This session provides a real-world scenario of a major cybersecurity breach, breaking down how an attack unfolds and how organizations can respond and recover. By the end of this session, students will be able to:
Analyze how cybercriminals infiltrate an organization through phishing, RDP, and SMB vulnerabilities.
Understand the stages of a ransomware attack and how data exfiltration occurs.
Evaluate incident response strategies used by CISOs and IT teams to mitigate damage.
Learn from case studies such as Colonial Pipeline and SolarWinds attacks.
Develop an effective breach response plan to contain, remediate, and recover from cyber incidents.
Why is this important?
Understanding how attacks happen in the real world helps organizations strengthen defenses and improve resilience against sophisticated cyber threats.

Locking the Digital Doors – Mastering Identity & Access Management (IAM)5:49
This session covers best practices in authentication and access control, helping students build a secure identity management strategy. By the end of this session, students will be able to:
Implement Multi-Factor Authentication (MFA) to reduce unauthorized access.
Use secure password policies in alignment with NIST 800-63B guidelines.
Understand and deploy passwordless authentication using passkeys and biometrics.
Recognize common authentication attacks, such as credential stuffing and phishing.
Implement role-based and least-privilege access to minimize insider threats.
Why is this important?
IAM is the first line of defense in cybersecurity. A strong IAM strategy prevents 99.9% of account compromise attacks.
Section 3 MFA Quiz

Cyber Rules That Matter – Creating and Enforcing Security Policies11:16
This session guides students on developing and enforcing security policies to ensure compliance and reduce risk. By the end of this session, students will be able to:
Draft and implement essential security policies, including acceptable use and data protection policies.
Ensure compliance with industry regulations like ISO 27001, SOC2, and NIST.
Understand how security policies protect against legal and financial consequences after a breach.
Develop an employee security awareness plan to ensure policies are followed.
Audit and update policies regularly to adapt to new cybersecurity threats.
Why is this important?
A well-defined security policy is the foundation of any cybersecurity program, ensuring consistency, compliance, and risk mitigation.
Section 4 Developing Security Policies Quiz

Risk vs. Reward – Smart Cybersecurity Risk Management8:48
This session covers risk management strategies, helping organizations balance cyber risks, security investments, and business objectives. By the end of this session, students will be able to:
Conduct risk assessments using Impact vs. Likelihood models.
Understand key risk management frameworks like NIST CSF and ISO 27001.
Implement preventive, detective, and corrective security controls.
Develop a risk register to prioritize cybersecurity initiatives.
Align security budgets with risk tolerance and business goals.
Why is this important?
Cybersecurity isn’t about eliminating all risks—it’s about managing them effectively while ensuring business continuity.
Section 5 Security & Risk Management

Defending Every Device – The Ultimate Guide to Endpoint Security15:57
This session introduces endpoint security strategies, helping students protect devices from malware, ransomware, and unauthorized access. By the end of this session, students will be able to:
Implement Endpoint Detection and Response (EDR) solutions.
Utilize antivirus, firewalls, and application control to secure endpoints.
Harden endpoint configurations using disk encryption and VPNs.
Deploy Network Access Control (NAC) and Zero Trust security.
Protect mobile devices using Mobile Device Management (MDM) solutions.
Why is this important?
Endpoints are the most common attack vector for cybercriminals. Securing them is critical to prevent unauthorized access and data breaches.
Section 6 - Endpoint & Network Security Quiz

Protecting Your Crown Jewels – Data Security, Backups & Compliance11:51
This session covers data protection strategies, ensuring data integrity, availability, and confidentiality. By the end of this session, students will be able to:

Understand backup strategies (full, incremental, differential) for disaster recovery.
Create business continuity and disaster recovery (BC/DR) plans.
Ensure backups are tested at least annually, quarterly is recommended

Why is this important?
Proper data protection ensures organizations stay resilient against cyberattacks, ransomware, and compliance violations.
Section 7 Data Safeguarding & Disaster Recovery

The Human Firewall – Training Employees to Stop Cyber Threats10:46
This session helps students develop security awareness programs to reduce human error-related breaches. By the end of this session, students will be able to:
Train employees on phishing, social engineering, and password security.
Develop engaging cybersecurity awareness campaigns.
Measure training effectiveness using phishing simulations and KPIs.
Choose the best security awareness tools (KnowBe4, Curricula, NINJIO).
Foster a culture of cybersecurity responsibility within an organization.
Why is this important?
Many breaches result from human error—security awareness training is the best defense against phishing and social engineering attacks.
Section 8 Security Awareness

Vulnerability Management – Identifying and Patching Risks15:52
This session teaches students how to identify, assess, and remediate vulnerabilities before they are exploited. By the end of this session, students will be able to:
Use vulnerability scanning tools (Nessus, Qualys, OpenVAS).
Prioritize vulnerabilities using CVSS and CISA’s KEV catalog.
Implement patch management best practices.
Secure applications using OWASP Top 10 guidance.
Integrate security into DevOps (DevSecOps) for continuous protection.
Why is this important?
Regular vulnerability management is essential to prevent cybercriminals from exploiting known weaknesses in systems.
Section 9 Vulnerability Management

Asset Inventory – Knowing and Securing What You Own8:09
This session covers asset inventory management, helping students identify and protect critical assets. By the end of this session, students will be able to:
Create a comprehensive asset inventory of hardware, software, and cloud resources.
Use automated discovery tools like ServiceNow, CloudWize.io, and Drata.
Align asset tracking with compliance frameworks (NIST, CIS, ISO 27001).
Secure mobile devices and endpoints using MDM.
Integrate asset inventory with change management processes.
Why is this important?
You can’t protect what you don’t know exists—an updated asset inventory is critical for cyber resilience.
Section 10 Asset Inventory

Requirements

There are no prerequisites for this course. It's for people new to cybersecurity, cybersecurity experts, and cyber leaders.
No programming experience needed. An introduction to cybersecurity course would be useful, but I do define topics as introduced.

Description

Cyber threats are evolving at an unprecedented pace, making security a top priority for every organization. Whether you are a seasoned Chief Information Security Officer (CISO), an IT professional, or a business leader, this course will provide you with the knowledge and tools to build a resilient cybersecurity strategy.

Led by Debra Baker, CISSP, CCSP, this course is based on her highly acclaimed book, A CISO Guide to Cyber Resilience. Through practical insights, real-world case studies, and expert strategies, you'll gain a deep understanding of security awareness, risk management, data protection, endpoint security, AI threats, and much more.

What You’ll Learn:

Security Awareness & Phishing Prevention – Train your employees to be the first line of defense against cyber threats.
Multi-Factor Authentication (MFA) & Password Security – Implement robust authentication strategies to prevent account takeovers.
Vulnerability Management & Threat Detection – Learn to proactively identify, assess, and remediate security weaknesses.
Data Protection & Compliance – Secure sensitive data with encryption, backups, and third-party risk management.
Risk Management & Security Policies – Develop a structured approach to balancing security risks and business priorities.
Endpoint & Cloud Security – Protect your organization’s devices and cloud infrastructure from sophisticated attacks.

This practical course includes real-life cybersecurity case studies, step-by-step implementation guides, and expert Q&A sessions to reinforce your learning.

Who Should Take This Course?

CISOs, CIOs, and IT Security Leaders who want to enhance their organization’s cyber resilience.
IT Professionals & Security Analysts looking to upskill in modern security strategies.
Business Executives & Decision Makers who need a solid understanding of cybersecurity best practices.
Anyone interested in Cybersecurity who wants to strengthen their knowledge of security frameworks and risk management.

Why This Course?

Actionable Strategies – No fluff, just real-world, battle-tested security tactics.
Industry-Recognized Best Practices – Learn frameworks like NIST, CIS Controls, GDPR, ISO 27001, and more.
Expert Guidance – Leverage Debra Baker’s CISO experience to build a security-first culture in your organization.
Stay Ahead of Cyber Threats – Gain insights into emerging attack vectors, AI-driven threats, and Zero Trust security models.

Let’s Build a Cyber-Resilient Future!

Cybersecurity is no longer just an IT issue—it’s a business imperative. Join us on this journey to fortify your organization against evolving cyber threats and establish a resilient, proactive security posture.

Enroll now and take your cybersecurity knowledge to the next level!

Who this course is for:

Chief Information Security Officers (CISOs), CIOs, and IT Security Leaders – Enhance your cybersecurity strategy with frameworks like NIST, CIS Controls, ISO 27001, and Zero Trust.
IT Professionals, System Administrators & Security Analysts – Gain hands-on knowledge of endpoint security, vulnerability management, incident response, and AI-driven cyber threats.
Business Executives & Decision Makers – Understand how cybersecurity impacts business continuity, compliance (GDPR, PCI-DSS), and financial risk.
Cybersecurity Enthusiasts & Career Changers – Learn the fundamentals of cyber resilience, security awareness, and risk management to build a strong foundation in cybersecurity.

CISO Guide to Cyber Resilience

What you'll learn

Explore related topics

Course content

Introduction1 lecture • 7min

Inside a Cyberattack – How BigCo Got Hacked & Recovered1 lecture • 9min

Locking the Digital Doors – Mastering Identity & Access Management (IAM)1 lecture • 6min

Cyber Rules That Matter – Creating and Enforcing Security Policies1 lecture • 11min

Risk vs. Reward – Smart Cybersecurity Risk Management1 lecture • 9min

Defending Every Device – The Ultimate Guide to Endpoint Security1 lecture • 16min

Protecting Your Crown Jewels – Data Security, Backups & Compliance1 lecture • 12min

Security Awareness – Training Employees to be Cyber Resilient1 lecture • 11min

Find, Fix, Prevent – Mastering Vulnerability Management1 lecture • 16min

Asset Inventory – Knowing and Securing What You Own1 lecture • 8min

Requirements

Description

Who this course is for: