
This lecture talks in general about motivations for using information security, what are the common threats and common attacks that information security specialists need to account for.
This lecture gives an overview of risk assessment and risk management. We talk about what is risk, what are information assets, threats to your information assets and vulnerabilities. In the additional readings you can find ISO 27001, 27002, and 27005 information security standards. The file called ControlsExample.pdf gives an example of calculating risk and residual risk with controls.
In this lecture we look at the estimating asset value and how to merge tangible and intangible asset values. We look at calculating asset value and risk from both quantitative and qualitative viewpoints.
This lecture talks about what is information security assessment and what is information security audit. What are the differences between assessment and audit? Why audit is usually done by external teams and organizations, while assessment can be done internally?
This lecture talks how to manage Information Security operations from perspectives of access control, configuration management and patch and vulnerability management. You will learn about concepts such as least privilege, need to know, entitlement, aggregation, tentative trust, separation of duties and responsibilities. Also we will talk about how to manage hardware inventories, software licences, virtual and cloud assets.
In this lecture you will learn what is the usual process and steps you can and should do if the information security breach (incident) happens. What controls can reduce the damage and prevent further loss of business share and reputation as well as the use of e.g. stolen information.
This lecture looks at disasters (human or natural) that can affect your business and your operations, such as fires, earthquakes, floods, terrorist attacks. In this lecture, we will talk about things that you can think about when making your disaster recovery plans.
Ethics are very important in information security, especially when it comes to intrusive testing of security. In this lecture, we will discuss all ethical aspects, with some examples from both intrusive and defensive security point of view.
This lecture is about laws, regulations and national bodies that enforce these laws, regulations, spread awareness of cyber security and case about cyber security of a whole country. Also among the resources you can fine an overview of GDPR and GDPR itself.
This lecture takes a look at the development of cryptography, from ancient times until today, describing all the important stages of its development with more focus on recent algorithms that can still be used, such as AES, Diffie-Hellman and RSA.
In the 11th lecture we look at access control management. When to give and how to revoke access to information to people. As well, we discuss main concepts of access control such as identity, authentication, authorization, accountability, etc. We take a look at some of the authentication mechanisms that were developed so far, such as once-factor, two-factor and three-factor authentications, biometrics, etc.
Your network is always connected to the internet at least somewhere and therefore is always exposed. We will look the mechanisms, controls and good practices when it comes to protecting your network.
Your organization will usually expose some website and other web applications to the users on the internet. However, these applications may have security flaws that can be exploited. In this lecture we will look at the most common security flaws (mainly OWASP top 10) and how to mitigate them and fix them. As well you should be able to find these flaws on your system.
In the last lecture we will look at how to protect your physical assets that contain information, such as papers, computers, servers, etc. What controls are there that can prevent theft and information security breaches from the physical viewpoint.
Learn more about additional learning resources that we provide
In this course, you will learn the basics of information security and how to apply information security principles to your home environment or organization, regardless of its size.
Information security, sometimes shortened to infosec, is the practice of protecting information by mitigating information risks. It is part of information risk management. It typically involves preventing or at least reducing the probability of unauthorized/inappropriate access, use, disclosure, disruption, deletion/destruction, corruption, modification, inspection, recording or devaluation, although it may also involve reducing the adverse impacts of incidents.
The course is tough by Dr. Nikola Milosevic, a PhD in computer science with track record of publications and successful projects in information and cyber-security. Nikola is OWASP chapter and project leader and has been teaching on several reputable Universities over the past 5 years. I have also published scientific papers on malware analysis. Now he wants to share this knowledge with you and help you develop your career!
This course is following the content of the CISSP (Certified Information Security Systems Professional) certification.
The content of the course is suitable for both beginners and intermediate students interested in information security.
In this course you will learn about:
The motivation for having an information security framework
Types of information security controls (application, network, physical security)
Information security risk management
How to evaluate information assets of your organization
How to perform a risk assessment and where to include information security controls
How to perform audits and when
How to manage security operation of a certain organization
What are and how to respond to information security incidents (Incident response)
How to handle disaster recovery
Ethics of information security
What laws and regulations are in place (this may be specific to the UK and EU, as it includes talks about GDPR but tries to generalize)
Security standards in information security (ISO27001, ISO27003, ISO27005)
History and main algorithms used for information security
Cryptography
Access control
Basics of network security
Basics of application security
Basics of physical security
The tools that the course will be utilizing will be all open sources (such as SNORT or OSSEC).
Who this course is for:
This course is for anyone who wants to become an expert in cyber-security and information security. This volume covers the required foundation building blocks of that skillset.
For anyone who would love to gain a practical skillset in mitigating the risk from various kinds of information security threats and would like to learn about managing information in the organization.
For beginners and intermediate information security enthusiasts who are interested in security, safety, and privacy.
This course is designed for personal and corporate information security.
The content of this course was delivered also in the University settings.