4.8
stars
141 ratings

(ISC)² Education & Training

3,415 already enrolled

Offered By

Systems and Application Security

(ISC)²

About this Course

6,619 recent views

Welcome to Systems and Application Security Course!
In the Systems and Application Security Course, you will gain an understanding of computer code that can be described as harmful or malicious. Both technical and non-technical attacks will be discussed. You will learn how an organization can protect itself from these attacks. You will learn concepts in endpoint device security, cloud infrastructure security, securing big data systems, and securing virtual environments.
Objectives
Identify malicious code activity
Describe malicious code and the various countermeasures
Describe the processes for operating endpoint device security
Define mobile device management processes
Describe the process for configuring cloud security
Explain the process for securing big data systems
Summarize the process for securing virtual environments

Flexible deadlines

Reset deadlines in accordance to your schedule.

Shareable Certificate

Earn a Certificate upon completion

100% online

Start instantly and learn at your own schedule.

Beginner Level

Approx. 16 hours to complete

English

Could your company benefit from training employees on in-demand skills?

Try Coursera for Business

Flexible deadlines

Reset deadlines in accordance to your schedule.

Shareable Certificate

Earn a Certificate upon completion

100% online

Start instantly and learn at your own schedule.

Beginner Level

Approx. 16 hours to complete

English

Could your company benefit from training employees on in-demand skills?

Try Coursera for Business

Instructor

Instructor rating

4.84/5 (27 Ratings)

(ISC)² Education & Training

Education & Training

43,268 Learners

19 Courses

Offered by

(ISC)²

See how employees at top companies are mastering in-demand skills

Learn more about Coursera for Business

Syllabus - What you will learn from this course

Week1

Week 1

5 hours to complete

Identify and Analyze Malicious Code and Activity

Module Topics: Malicious Code, Malicious Code Countermeasures, Exploitation, Insider Threats, Spoofing, Phishing, Spam, and Botnet, Malicious Web Activity, Payloads, Malicious Activity Countermeasures, Malcode Mitigation, and Common Mistakes. Malicious Code includes topics like Key concepts, Example Worms, Polymorphic Viruses, Software Exploitation Methods, Scanners, Generations of Antivirus Scanning Software, Generic Decryption (GD) Technology, Behavior-Blocking Software, Antivirus Software on the Firewall and IDS, Code signing, Code Signing Certificates, Sandboxing, Virtual Machine (VM), Social Engineering, Additional Examples of Social Engineering Attacks, and Security Awareness Training. Under the topic of Exploitation, you will learn about Long File Extensions, Fake Icon, Hostile Codecs, and E-mail. In Insider Threats, you will learn about Indicators of Malicious Threat Activity, Countermeasures, Direction, Prevention, and Deterrence Methods, Continual Training, and Insider Hardware Threats. In Spoofing, Phishing, Spam, and Botnets, you will learn about Spoofing, Examples of Spoofing, Phishing, Common Characteristics of Forged E-Mail Messages, Techniques, How Phishing Works, Impact of Phishing, How to Recognize a Phishing E-Mail, Spam, Spam Distribution Channels, How Does Spam Work?, Spam Techniques, Protecting users From Spam, Botnets, How Are Botnets Created?, Botnet-Led Exploits, Botnet Detection and Mitigation, Common Botnet Detection and Mitigation Techniques. In Malicious Web Activity, you will go through topics like Mobomarket Attack, Cross-site Scripting (XSS) Attacks, The Theory of XSS, XSS Attack Vectors, Is the Organization's Site Vulnerable to Cross-Site Scripting? Example of a Cross-Site Scripting Attack, How to check for Cross-Site Scripting Vulnerabilities, Zero-Day Exploits and Advanced Persistent Threats (APTS), Unknown Vulnerabilities management Process, Five Phases of APT, Brute-Force Attacks, Instant Messaging, Infected Factory Builds and Media, man-in-the-Middle Malcode, Malicious Activity Countermeasures, Network Layer, Application Layer, Modified Hosts File and DNS Changes, Inspection of Process, Rootkit, Rootkit Classifications, Behavioral Analysis of Malcode, and Static File Analysis.

5 hours to complete

18 videos (Total 109 min), 18 readings, 1 quiz

18 videos

Systems and Application Security6mMalicious Code and Activity: Key Concepts6mMalicious Code and Activity: Malicious Code Countermeasures4mMalicious Code and Activity: Software Exploitation Methods6mMalicious Code and Activity: Software Exploitation Methods5mMalicious Code and Activity: Code Signing5mMalicious Code and Activity: Social Engineering6mMalicious Code and Activity: Security Awareness Training6mMalicious Code and Activity: Long File Extensions5mMalicious Code and Activity: E-mail7mMalicious Code and Activity: Countermeasures5mMalicious Code and Activity: Examples of Spoofing5mMalicious Code and Activity: Techniques5mMalicious Code and Activity: Botnet-Led Exploits6mMalicious Code and Activity: Malicious Web Activity6mMalicious Code and Activity: Zero-Day Exploits4mMalicious Code and Activity: Infected Factory Builds and Media4mMalicious Code and Activity: Inspection of Processes7m

18 readings

Systems and Application Security10mMalicious Code and Activity: Key Concepts10mMalicious Code and Activity: Malicious Code Countermeasures10mMalicious Code and Activity: Software Exploitation Methods10mMalicious Code and Activity: Software Exploitation Methods10mMalicious Code and Activity: Code Signing10mMalicious Code and Activity: Social Engineering10mMalicious Code and Activity: Security Awareness Training10mMalicious Code and Activity: Long File Extensions10mMalicious Code and Activity: E-mail10mMalicious Code and Activity: Countermeasures10mMalicious Code and Activity: Examples of Spoofing10mMalicious Code and Activity: Techniques10mMalicious Code and Activity: Botnet-Led Exploits10mMalicious Code and Activity: Malicious Web Activity10mMalicious Code and Activity: Zero-Day Exploits10mMalicious Code and Activity: Infected Factory Builds and Media10mMalicious Code and Activity: Inspection of Processes10m

1 practice exercise

Quiz 130m

Week2

Week 2

1 hour to complete

Implement and Operate Endpoint Device Security

Module Topics: Host-Based Intrusion Detection Systems (HIDS), Host-Based Firewalls, Application Whitelisting, Endpoint Encryption, Trusted Platform Module (TPM), Mobile Device Management (MDM), Secure Browsing. In Host-Based Intrusion Detection Systems (HIDS), you will learn about Advantages and Disadvantages of HIDS. In Application Whitelisting, you will learn about software Restriction Policies (SRP), Trusted Platform Module (TPM). In Mobile Device Management (MDM), you will learn about Bring your Own Device (BYOD), Security, BYOD Policy Considerations, BYOD Policy Considerations, Corporate Owned, Personally Enabled (COPE), and Secure Browsing.

1 hour to complete

3 videos (Total 15 min), 3 readings, 1 quiz

Week3

Week 3

5 hours to complete

Operate and Configure Cloud Security

Module Topics: Introduction, Deployment Models, Service Models, Virtualization, Legal and Privacy Concerns, Classification of Discovered Sensitive Data, Mapping and Definition of Controls, Application of Defined Controls for Personally Identifiable Information (PII), Data Storage and Transmission, Encryption, Key Management, Masking/Obfuscation and Anonymization, Tokenization, Data Deletion Procedures and Mechanisms, Event Sources, Data Event Logging and Event Attributes, and Storage and Analysis of Data Events. Introduction covers the Five Essential Characteristics of Clouds. Deployment Models cover topics like Public, Private, Hybrid and Community Cloud, Service Models, SaaS, PaaS, and IaaS. Virtualization includes Hypervisor, and Types of Virtualization. In Legal and Privacy Concerns, you will learn about Key P&DP Questions, Country-Specific Legal Considerations, Jurisdiction and Applicable Law, Essential Requirements in P&DP Laws, Typical Meaning for Common Privacy Terms, Privacy Roles for Customer and Service Provider, Data Discovery, and Privacy Level Agreement (PLA). In Application of Defined Controls for Personally Identifiable Information (PII), you will learn about Cloud security Alliance Cloud Controls Matrix (CCM), CCM Security Domains, Data Dispersion in Cloud Storage, Threat to storage Types, Technologies Available to Address Threats, Data Loss Prevention (DLP), DLP Components, DLP Architecture, Cloud-Based DLP Considerations, and Best Practices. In Encryption, you will learn about Sample Use cases for Encryption, Cloud Encryption Challenges, Key Management, Key Storage in the Cloud, and Key Management in Software environments. In Masking/Obfuscation and Anonymization, you will learn about Data Masking/Obfuscation, Common Approaches for Data Masking, Primary Methods of Masking Data, and Data Anonymization. Tockenization covers topics like Tokenization and Cloud, Data Retention Policies, Data Deletion Procedures and Mechanisms, Disposal Options, Crypto-shredding, Data Archiving Policy, Security and Information Event Management (SIEM). Data Event Logging and Event Attributes covers topics like OWASP Recommendations, SIEM Capabilities, and SIEM Challenges.

5 hours to complete

16 videos (Total 105 min), 16 readings, 1 quiz

16 videos

Cloud Security: Five Essential Characteristics of Clouds5mCloud Security: Hybrid5mCloud Security: Virtualization7mCloud Security: Hypervisor4mCloud Security: Country-Specific Legal Considerations6mCloud Security: P&DP Laws6mCloud Security:Application of Defined Controls for Personally Identifiable Information (PII)8mCloud Security: Data Dispersion5mCloud Security: Threat to Storage Types9mCloud Security: Technologies to Address Threats4mCloud Security: DLP Architecture7mCloud Security: Review Activity6mCloud Security: Key Storage in the Cloud4mCloud Security: Common Approaches for Data Masking4mCloud Security: Data Retention Policies7mCloud Security: Disposal Options8m

16 readings

Cloud Security: Five Essential Characteristics of Clouds10mCloud Security: Hybrid10mCloud Security: Virtualization10mCloud Security: Hypervisor10mCloud Security: Country-Specific Legal Considerations10mCloud Security: P&DP Laws10mCloud Security: Application of Defined Controls for Personally Identifiable Information (PII)10mCloud Security: Data Dispersion10mCloud Security: Threat to Storage Types10mCloud Security: Technologies to Address Threats10mCloud Security: DLP Architecture10mCloud Security: Review Activity10mCloud Security: Key Storage in the Cloud10mCloud Security: Common Approaches for Data Masking10mCloud Security: Data Retention Policies10mCloud Security: Disposal Options10m

1 practice exercise

Quiz 330m

Week4

Week 4

3 hours to complete

Secure Big Data Systems & Operate and Secure Virtual Environments

Module Topics for Secure Big Data Systems: Application Vulnerabilities and Architecture or Design Environments. Application Vulnerabilities include topics like Data Growth, Big Data, Interpreting Big, Data, Big Data Issues, and Challenges with 'Free' Analytic Tools. Architectural or Design Environments include topics like Distributed Computing Architectures, Key Challenges, Securing the Organization's Big Data, and Deploying Big Data for Security. Module Topics for Operate and Secure Virtual Environments: Software-Defined Network (SDN), Virtual Appliances, Continuity and Resilience, Attacks and Countermeasures, Common Virtualization Attacks, Recommendations and Best Practices for Secure Virtualization, and Shared Storage. In Software-Defined network (SDN), you will learn about How SDN Works. Virtual Appliances talks about Virtual Appliances Compared to Virtual Machines. In Continuity and Resilience you will learn about Host Clustering Concepts, VMware Distributed Resource Scheduling (DRS), Scalability and Reliability, windows Failover Clustering. In Common Virtualization Attacks, you will learn about Mitigation Strategies. In Recommendations and Best Practices for Secure Virtualization you will learn about Desktop Virtualization and Security, Network Security, Storage Networks, Auditing and Logging, Virtual Machine Security, Management Systems, Hypervisor Security, Time Synchronization, Remote Access, Backups, and Configuration and Change Management.

3 hours to complete

9 videos (Total 70 min), 9 readings, 1 quiz

9 videos

Secure Big data Systems: Big Data7mSecure Big Data Systems: Interpreting Big Data4mSecure Big data Systems: Key Challenges5mOperate and Secure Virtual Environments: SDN5mOperate and Secure Virtual Environments: Virtual Appliances8mOperate and Secure Virtual Environments: DRS10mOperate and Secure Virtual Environments: Common Attacks6mOperate and Secure Virtual Environments: Network Security5mOperate and Secure Virtual Environments: Virtual Machine Security16m

9 readings

Secure Big Data Systems: Big Data10mSecure Big Data Systems: Interpreting Big Data10mSecure Big data Systems: Key Challenges10mOperate and Secure Virtual Environments: SDN10mOperate and Secure Virtual Environments: Virtual Appliances10mOperate and Secure Virtual Environments: DRS10mOperate and Secure Virtual Environments: Common Attacks10mOperate and Secure Virtual Environments: Network Security10mOperate and Secure Virtual Environments: Virtual Machine Security10m

1 practice exercise

Quiz 430m

Reviews

4.8

35 reviews

5 stars
84.39%
4 stars
13.47%
3 stars
2.12%

TOP REVIEWS FROM SYSTEMS AND APPLICATION SECURITY

by MBJan 25, 2022

Best course regarding System and application security alot of learning matrial

by GBJul 4, 2018

Thank you. Great course. The instructor breaks everything down, and makes it easy to learn.

by RDMay 6, 2021

Enjoyed learning new concept which were explained very nicely by the instructor.

by RTJun 11, 2020

This was an excellent course. I recommend anyone take it that is in the security support role.

View all reviews

Frequently Asked Questions

Can I preview a course before enrolling?
Yes, you can preview the first video and view the syllabus before you enroll. You must purchase the course to access content not included in the preview.
What will I get when I enroll?
Once you enroll and your session begins, you will have access to all videos and other resources, including reading items and the course discussion forum. You’ll be able to view and submit practice assessments, and complete required graded assignments to earn a grade and a Course Certificate.
When will I receive my Course Certificate?
If you complete the course successfully, your electronic Course Certificate will be added to your Accomplishments page - from there, you can print your Course Certificate or add it to your LinkedIn profile.
Why can’t I audit this course?
This course is one of a few offered on Coursera that are currently available only to learners who have paid or received financial aid, when available.
How long does it take to complete the course?
The course schedule contains approximately 15 hours of content material covering lectures, reading materials, a case study, and quizzes broken up over the course of 7 weeks.

More questions? Visit the Learner Help Center.

Build employee skills, drive business results

Discover Coursera for Business

Systems and Application Security

Systems and Application Security

About this Course