Inhalt: The Certified in Risk and Information Control (CRISC) certification is an established, well-recognized credential from ISACA, the organization that has issued over 200,000 certifications to cybersecurity professionals in 188 countries. A CRISC certification shows employers that you understand how to identify and manage IT risk in an enterprise and that you're capable of implementing and maintaining the controls necessary to address risks. This series of courses provides you with insights and content around the four IT risk management domains. In this first course of the series, instructor Jerod Brennen focuses on the first CRISC domain: IT Risk Identification. Jerod goes over some basic definitions and information for IT risks, then covers several threats and vulnerabilities and how you can protect your organization's people, processes, and technology. He addresses enterprise risk context and shows you techniques to engage your stakeholders and improve your risk posture. Umfang: 01:55:22
Inhalt: The Certified in Risk and Information Control (CRISC) certification is an established, well-recognized credential from ISACA. A CRISC certification shows employers that you understand how to identify and manage IT risk in an enterprise and that you're capable of implementing and maintaining the controls necessary to address risks. This series of courses explains the four IT risk management domains. In this course, instructor Jerod Brennen focuses on the second CRISC domain: IT Risk Assessment. Jerod covers basic risk assessment techniques, then goes into how you can dig deeper and determine risk rankings. He goes over how to analyze risk scenarios for your organizational structure, policies, technology, architecture, and more. Jerod discusses how to analyze the effectiveness of your current controls, including leveraging assessments and performing gap analysis. Jerod concludes with useful advice on communicating your risk assessment results and updating your risk register. Umfang: 01:36:43
Inhalt: The Certified in Risk and Information Control (CRISC) certification is an established, well-recognized credential from ISACA, the organization that has issued over 200,000 certifications to cybersecurity professionals in 188 countries. A CRISC certification shows employers that you understand how to identify and manage IT risk in an enterprise and that you're capable of implementing and maintaining the controls necessary to address risks. This series of courses provides you with insights and content around the four IT risk management domains. In this third course of the series, instructor Jerod Brennen focuses on the third CRISC domain: Risk Response and Mitigation. Jerod covers the tasks you'll be tested on when you sit for the exam, including consulting with risk owners, creating a risk action plan, selecting risk management controls, assigning control ownership to establish clear lines of accountability, and registering risk profile changes. Umfang: 01:38:27
Inhalt: The Certified Secure Software Lifecycle Professional (CSSLP) is a globally recognized certification from (ISC)², the organization that has certified well over 100,000 information security professionals. As a CSSLP holder, you can demonstrate to current or future employers that you understand how security can be embedded in the software development lifecycle (SDLC). This course, the first installment in the CSSLP Cert Prep series, prepares you to tackle the first domain in the CSSLP exam: Secure Software Concepts. Instructor Jerod Brennen discusses how application security fits within the broader context of information security. He also digs into core concepts, including confidentiality and availability; security design principles, such as least privilege and open design; and more. Umfang: 01:34:19.00
Inhalt: Specific, achievable security requirements are critical ingredients in the creation of any application. In this course, the second installment in the CSSLP Cert Prep series, instructor Jerod Brennen dives into the subject of security requirements to prepare you for the second domain of the Certified Secure Software Lifecycle Professional (CSSLP) exam: Secure Software Requirements. Jerod discusses how to properly define what an app must be and do in order to remain secure. He covers how to approach security, privacy, and data classification requirements for applications. Plus, he goes over how to validate your requirements, including how to use a security requirement traceability matrix (SRTM) to determine how well an app adheres to your security requirements. Umfang: 01:24:53.00
Inhalt: Secure software design helps you eliminate the design flaws that attackers exploit-before your app ever makes it to production. In this course, the third installment of the CSSLP Cert Prep series, instructor Jerod Brennen dives into the subject of app security, helping prepare you for the third domain of the Certified Secure Software Lifecycle Professional (CSSLP) exam: Secure Software Design. Jerod discusses threat modeling, security architecture, and security design. Learn how to identify and prioritize the right controls for your style of architecture, including mobile and cloud-based architectures. Discover security-enhancing tools to diagnose and repair design flaws. Find out how to design adequate security controls for your network, servers, data, and application, and explore how data modeling and classification can make your security efforts more targeted and cost-effective. Umfang: 02:06:15
Inhalt: Work toward attaining a globally recognized credential from (ISC)2, the Certified Secure Software Lifecycle Professional (CSSLP) certification. This course, the fourth of an eight-part series, focuses on Domain 4: Secure Software Implementation. Get a comprehensive look at topics related to this domain, from securely declaring variables and reinforcing safe deployment to finding and fixing vulnerabilities, including the most significant web application security risks, the OWASP Top 10. This course can also help those working in IT or with software to improve the security of their organization's applications. Umfang: 01:29:00
Inhalt: Improve the security of your organization's applications while working toward a credential that can propel your career forward. Prepare for the fifth domain of the CSSLP exam, Secure Software Testing, with this installment of the CSSLP Cert Prep series. Learn about building test cases with a comprehensive approach, including both automated and manual penetration testing, regression, integration, and failure test cases, plus unique tests with a cryptography focus. Get tips for building a testing strategy, such as how to group your tests for greater efficiency and expand your testing with external sources. Plus, see how to execute verification and validation tests and properly conduct testing in order to uncover, track, and remediate bugs. Umfang: 01:04:56
Inhalt: Change is a certainty throughout the software development lifecycle (SDLC). To enhance the security state of their organization's software, information security professionals must create a lifecycle management program that lays out how to apply clear security standards throughout the SDLC. In this course, the sixth installment of the CSSLP Cert Prep series, instructor Jerod Brennen dives into the subject of secure software lifecycle management, helping prepare you for the sixth domain of the Certified Secure Software Lifecycle Professional (CSSLP) exam: Secure Software Lifecycle Management. Jerod discusses how to define your strategy and roadmap, manage security in both adaptive and predictive methodologies, and promote security culture within your organization. He also discusses the importance of generating and maintaining software security documentation, developing security metrics, applying lessons learned to enable continuous improvement, and more. Umfang: 01:21:24
Inhalt: The Certified Secure Software Lifecycle Professional (CSSLP) is a globally recognized certification from (ISC)2. In this course, part seven in an eight-part series, instructor Jerod Brennen provides insights and context around the seventh domain of the CSSLP certification exam: Secure Software Deployment, Operations, Maintenance. Jerod teaches you the essential components of an operational risk analysis. He shows you how to securely store and manage credentials, secrets, keys, certificates, and configurations. He covers bootstrapping, environment hardening, and applying the principle of least privilege. Then he steps you through the security testing you should perform post-deployment. He discusses obtaining the security approval needed to operate your production app and performing information security continuous monitoring (ISCM). In conclusion, Jerod walks you through how to maintain your software, including how to scan, track, and triage vulnerabilities. Umfang: 01:21:54
Inhalt: The Certified Secure Software Lifecycle Professional (CSSLP) is a globally recognized certification from (ISC)2, the organization that has certified well over 100,000 information security professionals. As a CSSLP holder, you can demonstrate to current and/or future employers that you possess proven knowledge of how security can be embedded in the software development lifecycle (SDLC). In this course, instructor Jerod Brennen walks you through what you need to know about the eighth exam domain: Secure Software Supply Chain. Jerod explains the importance of having a process in place for assessing supply chain risk and shows you how to update that process over time. He discusses what you can do to make sure you can trust code you receive from third-party software solutions. Jerod concludes by explaining key documents that you should request from your supplier, as well as contractual requirements like IP ownership, code escrow, EULAs, and SLAs. Umfang: 00:47:07
Inhalt: The Certified Secure Software Lifecycle Professional (CSSLP) is a globally recognized certification from (ISC)2, the organization that has certified well over 100,000 information security professionals. As a CSSLP holder, you can demonstrate to current and future employers that you possess proven knowledge of how security can be embedded in the software development lifecycle (SDLC). This course provides you with insights and context around the eight application security domains, helping you improve the security of your organization's applications while also helping you propel your career forward. Instructor Jerod Brennen provides an overview of the exam and tips for finding practice tests and acing the exam itself. He also covers the experience and continuing education requirements you need to maintain your certification. Umfang: 01:10:26
Inhalt: Building security testing into the software development life cycle is the best way to protect your app and your end users. This course identifies tools and techniques that developers can use to minimize the cost and impact of security testing-while maximizing its impact and effectiveness. In this course, instructor Jerod Brennen focuses on offline testing activities: preparing test plans, policies, and other documentation and conducting offline source code reviews. He also explains how to conduct offline testing for the OWASP Top Ten vulnerabilities. Along the way, you can become familiar with best practices around security in the SDLC. The hands-on sections-with demos of popular tools such as Codacy and SonarQube-prepare you to apply the lessons in the real world. Umfang: 03:22:01.00
Inhalt: Building security testing into the software development life cycle is the best way to protect your app and your end users. This course identifies tools and techniques that developers can use to minimize the cost and impact of security testing-while maximizing its impact and effectiveness. In this course, instructor Jerod Brennen focuses on online testing, using security scanning, penetration testing, and vulnerability testing to validate code and uncover vulnerabilities. He explains the difference between positive and negative, manual and automated, and production and nonproduction testing, so you can choose the right kind for your workflow. The hands-on sections-with demos of popular tools such as Fiddler, Burp Suite, and OWASP OWTF-prepare you to apply the lessons in the real world. Umfang: 03:19:51.00
Inhalt: To provide your organization with confidence, you need to perform testing to prove it's secure. However, not all security testing is the same. A risk assessment is not a vulnerability assessment; a penetration test won't measure compliance. For a successful career, a security analyst needs to have an understanding of the many different types of security testing and know when and how to implement them. This course provides the resources you need to set up a testing environment, plan assessments, identify targets, and begin executing security tests. Instructor Jerod Brennen also helps you analyze test results and draft a report of your findings. Plus, see popular testing frameworks tools in action, include Nmap, Nessus, Wireshark, Lynis, OWASP ZAP, Aircrack-ng, and hashcat, as run on a Kali Linux virtual machine. Note: This course aligns with the National Institute of Standards and Technology (NIST) special publication on information security testing (SP 800-115). Umfang: 02:48:33.00
Inhalt: Information security isn't all ones and zeros. While the people, processes, and technology we rely on to protect our data is critically important, so are the communication skills to help the rest of the organization understand the value and the necessity of those controls. This course was designed to help information security professionals better understand the perspective of the business, as well as learn how to communicate security concepts and proposals in terms that will resonate with all audiences. Instructor Jerod Brennen details which soft skills to cultivate; shares tips for engaging with the different groups that make up the larger information security community; and goes over general communication strategies, including how to determine what motivates your audience. He also explains how to express the findings of your research to colleagues, use your creativity to respond to problems without a clearly defined solution, and more. Umfang: 01:18:36.00
Programm Findus Internet-OPAC findus.pl V20.235/8 auf Server windhund2.findus-internet-opac.de,
letztes Datenbankupdate: 07.05.2024, 18:13 Uhr. 714 Zugriffe im Mai 2024. Insgesamt 510.944 Zugriffe seit Januar 2009
Mobil - Impressum - Datenschutz - CO2-Neutral