
Identify and address data security requirements by understanding data types, classification, lifecycle, governance and data management, and regulatory needs for organizations, then implement monitoring, incident response, and technical controls.
Explore digital information, its data types, classification, and lifecycle, and learn how confidentiality, integrity, and availability shape data across healthcare, finance, retail, and government.
Identify various sensitive data types, including PII, ePHI/PHI, SBI, NPI, intellectual property, financial information, regulatory data, and government information, to guide data security strategies.
Identify the differences between pii and phi, recognize examples like full name, addresses, ssns, medical data, device identifiers, and health insurance details, and note regulatory requirements.
Identify non-public information (NPI) and financial information as sensitive data, and explain why internal documents, employee data, contracts, and tax details must remain confidential and not public.
Classify data to assign appropriate security controls based on business needs, distinguishing public, private, sensitive, and highly confidential categories and their risk levels.
Explore data lifecycle management from creation to destruction, detailing how data is created, stored, used, shared, archived, and erased, with security controls and regulatory considerations.
Discover how global, local, and industry regulations shape data security, from WIPO global patent and trademark registrations to GDPR, CCPA, PCI-DSS, and SOX compliance for public companies and healthcare sectors.
Explore PCI DSS and its 12 requirements for securing cardholder data, including firewall protection, encryption of transmissions, access controls, and ongoing security testing.
Explore HIPAA's security framework for protecting patient data, covering general security principles, risk management, and administrative, physical, technical, and organizational safeguards, plus third-party contracts and policies.
Understand GDPR's core requirements: lawful, fair, and transparent processing; purpose limitation; data subject rights; consent; breach notification; privacy by design and data transfers.
Explore the Sarbanes-Oxley Act's governance, accounting, and reporting standards for public companies, and its essential security requirements like access control and change management.
Learn ISO 27001's information security management system and its 14 domains with Annex A controls. Explore policy, risk management, asset protection, cryptography, and incident and business continuity management.
Understand how local legislation affects data security, documenting country-specific rules and ensuring compliance with laws like France health data hosting, UK NHS, and Japan privacy law.
Define security governance and explain how it coordinates security activities, enables information flow, and supports risk management across the organization, emphasizing shared responsibility and accountable participation by all employees.
Explore the four components of security governance—security policy framework and policies and standards, risk management, security awareness, and metrics for improvements—and how they define ownership and roles across the organization.
Explore the security policy framework, detailing policy, standards, procedures, guidelines, and baselines, distinguish mandatory from discretionary elements, and outline information security policy sections such as purpose, scope, roles, and training.
Define and implement data protection roles across senior management, the CISO and security team, data owners, data custodians, data users, and auditors to enforce security controls throughout the data lifecycle.
Security risk management forms the foundation of an information security program, identifying risks by evaluating threats and vulnerabilities and using likelihood and impact to determine risk scores for assets.
Learn how to define valid risk by mapping assets to threats and vulnerabilities, evaluate asset value (tangible or data-based intangible), and calculate risk severity and impact on operations and stakeholders.
Learn how risk management frameworks like coso, iso 27005, and nisT sp 800-30 guide identifying, assessing, mitigating, and monitoring organizational risks in an ongoing cycle.
Monitor and report risk using key risk indicators and key performance indicators to provide early warning of risk exposure and measure whether security controls effectively minimize risk.
Explore security awareness training, learning management systems, clear policies and standards, and phishing tests to educate employees and strengthen data security across the organization.
Assess security metrics and improvements to ensure controls are functional and effective, while monitoring risks, identifying threats and vulnerabilities, and maintaining asset inventory, classification, and user awareness.
Explore data monitoring controls and the incident response process to gain visibility on our data and learn how to respond to data security incidents, including a data breach.
Identify and continuously monitor all IT assets in real-time, tangible and intangible, through asset discovery, classification, and ownership to apply appropriate security controls and protect data.
Explore structured vs unstructured data access and monitoring, emphasizing controls, encryption, logging, and labeling. Apply data loss prevention and file integrity monitoring to detect violations and ransomware across data types.
Explore database access monitoring and file access monitoring solutions for structured and unstructured data to detect anomalies, report violations, and remediate unauthorized access for auditing and protection.
Define incident response processes for data breaches, practice planning to notify authorities, and distinguish incidents from events within internal and external obligations.
Define an incident response process with a multi-role team including incident handler, scribe, security analysts, and data owner, covering preparation, identification, containment, remediation, recovery, lessons learned, and communication.
Identify and validate security incidents in the identification phase by verifying events against a network baseline, reviewing anti-malware, IPS, and logs for suspicious events, and declaring incidents for formal response.
Remediation reverses incident effects and removes attack vectors with a well-documented, environment-specific process. It cleans up suspicious processes, altered files, and registry keys across Windows, Unix, and cloud storage.
Lead the recovery phase by restoring from clean backups, validating no malware remains, applying patches, and implementing disaster recovery, logging, monitoring, and out-of-band communication for secure resumption.
Simulate cyber threat scenarios with tabletop exercises to test and improve the incident response plan. Reveal gaps in documentation, tools, controls, and team responsibilities through regular practice.
Implement a data breach notification process that identifies scope, informs regulators and affected individuals within 72 hours under GDPR, and documents forensic findings and containment plans.
Explore data security with a focus on technical controls, and review tools and solutions that strengthen data protection, building on prior operational and administrative controls.
Defense in depth uses a layered approach to protect data and assets. Focus on data security governance, incident response, and policy-driven operations across applications, endpoints, networks, and perimeter controls.
Define and enforce identity and access management to provide the right level of access for data, applying privileged access management and precise permissions for structured and unstructured data.
Learn how to implement data loss prevention within Office 365 by creating GDPR-focused DLP policies, applying them across emails, SharePoint, OneDrive, and Teams, and configuring actions, thresholds, and protections.
Data classification tools tag and classify data to apply layer-specific security controls, labels, and encryption, integrating with DLP, Microsoft Office, and Adobe Solutions.
Explore how the Office 365 data classification portal uses prebuilt labels and templates, plus Content Explorer, to automatically classify, label, and encrypt data while enabling DLP controls.
Explore file integrity monitoring (fim) to detect changes in unstructured data, establish baselines with file hashes, and enable policy-driven incident response and threshold alerts.
Explore data discovery and protection solutions, such as Varonis, that integrate with on-prem and cloud resources to identify data, classify content, and enforce automated security controls.
Celebrate completing the course and recognize its usefulness for your data security journey while exploring identity and access management and privileged access management, and rate it on Udemy if helpful.
Set up a virtual lab with a Windows 11 client and a Windows Server 2019 domain controller and file server, install domain services, and test auditing with ManageEngine ADAudit Plus.
Explore a ready-made lab environment on Azure featuring a Windows 11 workstation, Hyper-V, and a Windows Server 2019 with Active Directory for a practical data security setup.
Configure Windows Server 2019 as a file server for data security by creating an Active Directory structure, three users and folders, and granting read-write access for sharing, with future testing.
Configure and test a Windows file server with Active Directory users, map network drives, and access folders by credentials, then prep monitoring and auditing with a ManageEngine solution.
Configure manageengine ad audit plus on windows file server by logging in, joining domains, setting alerts and mail, enabling sso and two-factor authentication, and enabling siem and branding.
Shows how Manageengine AD Audit Plus tracks identity and access events in Active Directory, including OU monitoring and GPO changes. Demonstrates creating an OU and reviewing GPO changes for governance.
Learn to troubleshoot ManageEngine Audit Plus by verifying credentials, domain settings, and auditing policies, and consult the troubleshooting page to ensure complete AD and Azure AD reporting.
Explore file integrity monitoring, analytics, and alerts with ADAudit Plus to detect file changes and unusual login failures on domain controllers and file shares.
All companies rely on some sort of digital data to be able to operate, e.g. customer data, financial data, business plans. Digital Data is the most important asset and needs to be kept secure in order for any company to be successful. Whether you work for a small or large organization, an innovator company, a public company, a software as a service company or any other company with any digital transactions, data plays a vital role for that company operation. Today, no company can survive without digital data and with all cyber attacks going on, protecting data becomes more and more important.
Securing the data is really the foundation of any information security program, and any security control implementation is done for that reason.
Here, you will learn different data security requirements and techniques. At the end of this course, you will be able to understand what different types of data are, the importance of them for different organizations and security control requirements to protect them.
This course will have 5 main sections as below:
What are the Data Types, Data Classification, and Data Lifecycle
What are the Law and Industry Regulations specific to digital data
What is the Data Governance and Management
What is Data Monitoring and Incident Response
What are the common Data Security Technical Controls