Certified Information Systems Security Professional, Part 6 of 9: Security Architecture and Apps
Interactive

Certified Information Systems Security Professional, Part 6 of 9: Security Architecture and Apps

LearnNow Online
Updated Aug 21, 2018
Book a demoTry it for free

Course description

This course discusses security architecture and models. It starts with the common concerns about security within software, risk management and how it integrates. Next, web applications, compliance with standards and investigate database security issues. Finally the role of artificial intelligence and knowledge discovery, software development models and change control processes. This course is part of a series covering the ISC(2) Certified Information Systems Security Professional (CISSP).

Each LearnNowOnline training course is made up of Modules (typically an hour in length). Within each module there are Topics (typically 15-30 minutes each) and Subtopics (typically 2-5 minutes each). There is a Post Exam for each Module that must be passed with a score of 70% or higher to successfully and fully complete the course.


Prerequisites

This series assumes a good understanding of enterprise networking and networking security. This is part 6 of a 9 part series.


Meet the expert

Kevin Henry

Kevin is an international author, consultant and international
speaker. He is the official course development writer for ISC2 CISSP, ISACA CRISC and mile2’s C)ISSO. Kevin has been educating IT professionals for over 30 years. He also provides cyber security consulting and support services for organizations around the world. Assisting them with setting up Information Security programs and addressing areas ranging from in-depth risk analysis to policy creation and security awareness.

Video Runtime

126 Minutes

Time to complete

166 Minutes

Course Outline

Security Architecture

Security Architecture (23:40)

  • Introduction (00:07)
  • ESA Definition (01:49)
  • What Is Architecture? (05:18)
  • Architecture Components (03:00)
  • Objectives of Security Architecture (02:58)
  • Technology Domain Modeling (03:26)
  • Integrated Security is Designed Security (03:57)
  • Security by Design (02:53)
  • Summary (00:08)

Architectural Models (07:08)

  • Introduction (00:21)
  • Architectural Models (02:36)
  • Virtual Machines (00:58)
  • Cloud Computing (03:02)
  • Summary (00:08)

Components and Threats (31:15)

  • Introduction (00:15)
  • Memory Types (01:22)
  • Virtual Memory (00:45)
  • Memory Management (01:51)
  • Accessing Memory Securely (00:15)
  • Different States and System Functionality (01:24)
  • Types of Compromises (02:03)
  • Disclosing Data in an Unauthorized Manner (03:06)
  • Circumventing Access Controls (02:22)
  • Attacks (01:16)
  • Attack Type: Race Condition (01:26)
  • Attack Type: Data Validation (01:33)
  • Attacking Through Applications (01:03)
  • Buffer Overflow (00:59)
  • Attack Characteristics (01:05)
  • Attack Types (01:21)
  • More Attacks (01:16)
  • Host Name Resolution Attacks (01:23)
  • Even More Attacks (01:59)
  • Watching Network Traffic (01:00)
  • Traffic Analysis (00:50)
  • Cell Phone Cloning and Illegal Activities (01:43)
  • Summary (00:38)
  • Summary (00:08)
Software Development Security

Software Security Concerns (13:16)

  • Introduction (00:09)
  • How Did We Get Here (01:34)
  • Device vs. Software Security (00:55)
  • Why Are We Not Improving at a Higher Rate (01:28)
  • Usual Trend of Dealing with Security (01:25)
  • Where to Implement Security (01:35)
  • The Objective (00:52)
  • Systems Security (00:00)
  • Systems Security (00:53)
  • Programming Environment (02:09)
  • Security of Embedded Systems (02:04)
  • Summary (00:08)

Software Lifecycle Process (27:37)

  • Introduction (00:18)
  • SDLC (02:20)
  • Integration of Risk Management into the SDLC (02:25)
  • Development Methodologies (05:02)
  • Maturity Models (02:12)
  • Secure Programming (03:04)
  • Programming Errors (03:48)
  • Security Issues (02:49)
  • Outsourced Development (03:02)
  • Trusted Program Modules (01:19)
  • Middleware (01:06)
  • Summary (00:08)

Web Application Security (23:59)

  • Introduction (00:06)
  • OWASP Top Ten (03:06)
  • Modularity of Objects (00:44)
  • Object-Oriented Programming Characteristic (00:58)
  • Module Characteristics (01:19)
  • Linking Through COM (01:43)
  • Mobile Code with Active Content (00:56)
  • World Wide Web OLE (01:11)
  • ActiveX Security (00:25)
  • Java and Applets (00:53)
  • Common Gateway Interface (01:32)
  • Cookies (01:13)
  • PCI Requirements (02:11)
  • PA-DSS Requirements (02:43)
  • Vendor-Supplied Software (01:21)
  • Virtual Systems (01:02)
  • Virtualization Types (00:54)
  • Cloud Computing (00:50)
  • Summary (00:35)
  • Summary (00:08)
Related learning
Certified Information Systems Security Professional, Part 3 of 9: Cryptography and OperationsInteractive ⋅ 187 mins
Certified Information Systems Security Professional, Part 8 of 9: Incident Management and Physical SecInteractive ⋅ 125 mins
Certified Information Systems Security Professional, Part 4 of 9: Cryptography and Network TopologiesInteractive ⋅ 218 mins
Certified Information Systems Security Professional, Part 9 of 9: Systems ProfessionalInteractive ⋅ 174 mins

Explore more technology skills

IT Software
IT Software
Web Design and Development
Web Design and Development
Data & Analytics
Data & Analytics
Design and Animation
Design and Animation
Gaming and Games Development
Gaming and Games Development
Devops, Networking and Security
Devops, Networking and Security
Programming and Web Development
Programming and Web Development
Computer Science and Engineering
Computer Science and Engineering
;