Certified Information Systems Security Professional, Part 6 of 9: Security Architecture and Apps
with expert Kevin Henry
Course description
This course discusses security architecture and models. It starts with the common concerns about security within software, risk management and how it integrates. Next, web applications, compliance with standards and investigate database security issues. Finally the role of artificial intelligence and knowledge discovery, software development models and change control processes. This course is part of a series covering the ISC(2) Certified Information Systems Security Professional (CISSP).
Prerequisites
This series assumes a good understanding of enterprise networking and networking security. This is part 6 of a 9 part series.
Learning Paths
This course will help you prepare for the following certification and exam:
Certified Information Systems Security Professional
Meet the expert
Kevin is an international author, consultant and international
speaker. He is the official course development writer for ISC2 CISSP, ISACA CRISC and mile2’s C)ISSO. Kevin has been educating IT professionals for over 30 years. He also provides cyber security consulting and support services for organizations around the world. Assisting them with setting up Information Security programs and addressing areas ranging from in-depth risk analysis to policy creation and security awareness.
speaker. He is the official course development writer for ISC2 CISSP, ISACA CRISC and mile2’s C)ISSO. Kevin has been educating IT professionals for over 30 years. He also provides cyber security consulting and support services for organizations around the world. Assisting them with setting up Information Security programs and addressing areas ranging from in-depth risk analysis to policy creation and security awareness.
Course outline
Security Architecture
Security Architecture (23:40)
- Introduction (00:07)
- ESA Definition (01:49)
- What Is Architecture? (05:18)
- Architecture Components (03:00)
- Objectives of Security Architecture (02:58)
- Technology Domain Modeling (03:26)
- Integrated Security is Designed Security (03:57)
- Security by Design (02:53)
- Summary (00:08)
Architectural Models (07:08)
- Introduction (00:21)
- Architectural Models (02:36)
- Virtual Machines (00:58)
- Cloud Computing (03:02)
- Summary (00:08)
Components and Threats (31:15)
- Introduction (00:15)
- Memory Types (01:22)
- Virtual Memory (00:45)
- Memory Management (01:51)
- Accessing Memory Securely (00:15)
- Different States and System Functionality (01:24)
- Types of Compromises (02:03)
- Disclosing Data in an Unauthorized Manner (03:06)
- Circumventing Access Controls (02:22)
- Attacks (01:16)
- Attack Type: Race Condition (01:26)
- Attack Type: Data Validation (01:33)
- Attacking Through Applications (01:03)
- Buffer Overflow (00:59)
- Attack Characteristics (01:05)
- Attack Types (01:21)
- More Attacks (01:16)
- Host Name Resolution Attacks (01:23)
- Even More Attacks (01:59)
- Watching Network Traffic (01:00)
- Traffic Analysis (00:50)
- Cell Phone Cloning and Illegal Activities (01:43)
- Summary (00:38)
- Summary (00:08)
Software Development Security
Software Security Concerns (13:16)
- Introduction (00:09)
- How Did We Get Here (01:34)
- Device vs. Software Security (00:55)
- Why Are We Not Improving at a Higher Rate (01:28)
- Usual Trend of Dealing with Security (01:25)
- Where to Implement Security (01:35)
- The Objective (00:52)
- Systems Security (00:00)
- Systems Security (00:53)
- Programming Environment (02:09)
- Security of Embedded Systems (02:04)
- Summary (00:08)
Software Lifecycle Process (27:37)
- Introduction (00:18)
- SDLC (02:20)
- Integration of Risk Management into the SDLC (02:25)
- Development Methodologies (05:02)
- Maturity Models (02:12)
- Secure Programming (03:04)
- Programming Errors (03:48)
- Security Issues (02:49)
- Outsourced Development (03:02)
- Trusted Program Modules (01:19)
- Middleware (01:06)
- Summary (00:08)
Web Application Security (23:59)
- Introduction (00:06)
- OWASP Top Ten (03:06)
- Modularity of Objects (00:44)
- Object-Oriented Programming Characteristic (00:58)
- Module Characteristics (01:19)
- Linking Through COM (01:43)
- Mobile Code with Active Content (00:56)
- World Wide Web OLE (01:11)
- ActiveX Security (00:25)
- Java and Applets (00:53)
- Common Gateway Interface (01:32)
- Cookies (01:13)
- PCI Requirements (02:11)
- PA-DSS Requirements (02:43)
- Vendor-Supplied Software (01:21)
- Virtual Systems (01:02)
- Virtualization Types (00:54)
- Cloud Computing (00:50)
- Summary (00:35)
- Summary (00:08)