In this course, you will learn the basics of information security and how to apply information security principles to your home environment or organization, regardless of its size.
Information security, sometimes shortened to infosec, is the practice of protecting information by mitigating information risks. It is part of information risk management. It typically involves preventing or at least reducing the probability of unauthorized/inappropriate access, use, disclosure, disruption, deletion/destruction, corruption, modification, inspection, recording or devaluation, although it may also involve reducing the adverse impacts of incidents.
The course is delivered by Dr. Nikola Milosevic, who is OWASP (Open Web Application Security Project) project and chapter leader and has extensive experience in information, network, and application security.
This course is following the content of the CISSP (Certified Information Security Systems Professional) certification.
In this course you will learn about:
- The motivation for having an information security framework
- Types of information security controls (application, network, physical security)
- How to evaluate information assets of your organization
- How to perform a risk assessment and where to include information security controls
- How to perform audits and when
- How to manage security operation of a certain organization
- What are and how to respond to information security incidents
- How to handle disaster recovery
- Ethics of information security
- What laws and regulations are in place (this may be specific to the UK and EU, as it includes talks about GDPR but tries to generalize)
- Security standards in information security (ISO27001, ISO27003, ISO27005)
- History and main algorithms used for information security
- How to establish access control
- Basics of network security
- Basics of application security
- Basics of physical security
The tools that the course will be utilizing will be all open sources (such as SNORT or OSSEC).
Who this course is for:
- This course is for anyone who wants to become an expert in cyber-security and information security. This volume covers the required foundation building blocks of that skillset.
- For anyone who would love to gain a practical skillset in mitigating the risk from various kinds of information security threats and would like to learn about managing information in the organization.
- For beginners and intermediate information security enthusiasts who are interested in security, safety, and privacy.
- This course is designed for personal and corporate information security.
The content of this course was delivered also in the University settings.