Learn your way! Get started

Certified Information Systems Security Professional, Part 6 of 9: Security Architecture and Apps

with expert Kevin Henry


Watch trailer


Course at a glance

Included in these subscriptions:

  • Dev & IT Pro Video
  • Dev & IT Pro Power Pack

Release date 3/22/2018
Level Intermediate
Runtime 2h 6m
Closed captioning N/A
Transcript N/A
eBooks / courseware N/A
Hands-on labs N/A
Sample code N/A
Exams Included


Enterprise Solutions

Need reporting, custom learning tracks, or SCORM? Learn More



Course description

This course discusses security architecture and models. It starts with the common concerns about security within software, risk management and how it integrates. Next, web applications, compliance with standards and investigate database security issues. Finally the role of artificial intelligence and knowledge discovery, software development models and change control processes. This course is part of a series covering the ISC(2) Certified Information Systems Security Professional (CISSP).

Prerequisites

This series assumes a good understanding of enterprise networking and networking security. This is part 6 of a 9 part series.

Learning Paths

This course will help you prepare for the following certification and exam:
Certified Information Systems Security Professional

Meet the expert

Kevin is an international author, consultant and international
speaker. He is the official course development writer for ISC2 CISSP, ISACA CRISC and mile2’s C)ISSO. Kevin has been educating IT professionals for over 30 years. He also provides cyber security consulting and support services for organizations around the world. Assisting them with setting up Information Security programs and addressing areas ranging from in-depth risk analysis to policy creation and security awareness.

Course outline



Security Architecture

Security Architecture (23:40)
  • Introduction (00:07)
  • ESA Definition (01:49)
  • What Is Architecture? (05:18)
  • Architecture Components (03:00)
  • Objectives of Security Architecture (02:58)
  • Technology Domain Modeling (03:26)
  • Integrated Security is Designed Security (03:57)
  • Security by Design (02:53)
  • Summary (00:08)
Architectural Models (07:08)
  • Introduction (00:21)
  • Architectural Models (02:36)
  • Virtual Machines (00:58)
  • Cloud Computing (03:02)
  • Summary (00:08)
Components and Threats (31:15)
  • Introduction (00:15)
  • Memory Types (01:22)
  • Virtual Memory (00:45)
  • Memory Management (01:51)
  • Accessing Memory Securely (00:15)
  • Different States and System Functionality (01:24)
  • Types of Compromises (02:03)
  • Disclosing Data in an Unauthorized Manner (03:06)
  • Circumventing Access Controls (02:22)
  • Attacks (01:16)
  • Attack Type: Race Condition (01:26)
  • Attack Type: Data Validation (01:33)
  • Attacking Through Applications (01:03)
  • Buffer Overflow (00:59)
  • Attack Characteristics (01:05)
  • Attack Types (01:21)
  • More Attacks (01:16)
  • Host Name Resolution Attacks (01:23)
  • Even More Attacks (01:59)
  • Watching Network Traffic (01:00)
  • Traffic Analysis (00:50)
  • Cell Phone Cloning and Illegal Activities (01:43)
  • Summary (00:38)
  • Summary (00:08)

Software Development Security

Software Security Concerns (13:16)
  • Introduction (00:09)
  • How Did We Get Here (01:34)
  • Device vs. Software Security (00:55)
  • Why Are We Not Improving at a Higher Rate (01:28)
  • Usual Trend of Dealing with Security (01:25)
  • Where to Implement Security (01:35)
  • The Objective (00:52)
  • Systems Security (00:00)
  • Systems Security (00:53)
  • Programming Environment (02:09)
  • Security of Embedded Systems (02:04)
  • Summary (00:08)
Software Lifecycle Process (27:37)
  • Introduction (00:18)
  • SDLC (02:20)
  • Integration of Risk Management into the SDLC (02:25)
  • Development Methodologies (05:02)
  • Maturity Models (02:12)
  • Secure Programming (03:04)
  • Programming Errors (03:48)
  • Security Issues (02:49)
  • Outsourced Development (03:02)
  • Trusted Program Modules (01:19)
  • Middleware (01:06)
  • Summary (00:08)
Web Application Security (23:59)
  • Introduction (00:06)
  • OWASP Top Ten (03:06)
  • Modularity of Objects (00:44)
  • Object-Oriented Programming Characteristic (00:58)
  • Module Characteristics (01:19)
  • Linking Through COM (01:43)
  • Mobile Code with Active Content (00:56)
  • World Wide Web OLE (01:11)
  • ActiveX Security (00:25)
  • Java and Applets (00:53)
  • Common Gateway Interface (01:32)
  • Cookies (01:13)
  • PCI Requirements (02:11)
  • PA-DSS Requirements (02:43)
  • Vendor-Supplied Software (01:21)
  • Virtual Systems (01:02)
  • Virtualization Types (00:54)
  • Cloud Computing (00:50)
  • Summary (00:35)
  • Summary (00:08)