Security Operations and Administration

Go to Course: https://www.coursera.org/learn/security-operations-administration-sscp

Introduction

**Course Review: Security Operations and Administration on Coursera** In today's digital landscape, the security of information assets has never been more critical. Organizations are constantly facing threats to their data, and as such, the relevance of a well-structured course like "Security Operations and Administration" on Coursera cannot be overstated. This comprehensive course delves deep into the necessary practices required for effective information security management. ### Course Overview The "Security Operations and Administration" course is designed to equip learners with the knowledge and skills required to safeguard an organization’s information assets. It emphasizes understanding the foundational concepts of security operations and administration while ensuring compliance with various policies and procedures that govern data integrity, confidentiality, and availability. ### Content Breakdown **1. Understand and Comply with Code of Ethics and Security Concepts** This module is a solid starting point that introduces learners to the (ISC)2 Code of Ethics and how it applies to security practices. You will explore various types of controls, including managerial, technical, and operational. The emphasis on concepts such as confidentiality, integrity, availability, privacy, and the principle of least privilege provides a well-rounded foundation in ethical security practices. **2. Participate in Asset Management** In this section, learners will engage with the entire life cycle of hardware and software assets. The teachings around secure development practices, continuous diagnostics, and mitigation ensure that students understand what it takes to protect an organization’s physical and electronic data assets. Key topics like data encryption and disposal practices teach vital security management skills. **3. Implement and Assess Compliance with Controls & Participate in Change Management Duties** Effective security operations require compliance with various controls. This module articulates the necessary measures for implementing security policies, standards, and guidelines. The practical knowledge of security configurations, release management, and patch management is a crucial asset for any IT professional. **4. Participate in Physical Security Operations & Security Awareness Training** Understanding the physical dimensions of security operations is highlighted here. Students will learn about principles of building security, access control, and fire prevention methods. This module ensures that participants appreciate the full scope of security, extending beyond the digital realm. **5. Case Study and Exam** The inclusion of a case study is a great way for learners to apply theoretical knowledge to real-world scenarios. Following the thorough understanding and skills development through course modules, the exam assesses students’ comprehension and readiness to implement security operations effectively. ### Learning Experience The course is structured to facilitate both beginners and experienced practitioners in the field. The combination of theoretical content, practical applications, and real-world case studies provides a rich learning experience. Coursera’s platform also allows for flexible learning, enabling students to digest the material at their own pace. ### Recommendations If you're looking to enhance your understanding of security operations and administration, this course comes highly recommended. It is filled with valuable insights, practical knowledge, and ethical considerations that are pivotal for anyone aiming to work in information security roles. Professionals in IT, security management, and compliance roles will find this course particularly beneficial in bolstering their skill set and gaining insights into the regulatory and compliance aspects of maintaining an organization's security posture. ### Conclusion In summary, the "Security Operations and Administration" course on Coursera offers a thorough exploration of vital security principles and practices necessary for any organization today. By the end of this course, you'll possess the tools and knowledge to assess, implement, and manage security operations effectively, guiding your organization toward a more secure future. Whether you are starting your career in security or looking to deepen your existing knowledge, this course should be at the top of your list.

Syllabus

Understand and Comply with Code of Ethics and Security Concepts

Module Topics: (ISC)2 Code of Ethics, Organizational Code of Ethics, There are usually three types of controls, managerial (sometimes called administrative), Technical (sometimes called logical), and physical (sometimes called operational), Deterrent, Preventative, Detective, and Corrective Controls. Understand and Comply with Code of Ethics: In (ISC)2 Code of Ethics, you will learn about Code of Ethics, and Code of Ethics Canons. In Organizational Code of Ethics, you will learn about how a code of ethics applies to security practitioners, and applying ethical principles. Understand Security Concepts: In Confidentiality, you will learn about consequences of a breach, and ensuring confidentiality. In integrity, you will learn about consequences of integrity failure, availability, and consequences of availability failures. You will also Non-Repudiation. In Privacy, you will understand core guidelines. In least privilege, you will learn about least privilege and cots Applications. You will understand the concept of separation of duties and defense in depth, examples approaches, and additional controls. In Risk based Controls, you will learn about risk assessment data. Security concepts also covers accountability and authorization.

Module Topics: Life Cycle, Hardware/Software, and Data. In life Cycle, you will learn about the waterfall model, it's benefits and drawbacks, requirements gathering and analysis, requirements definition, system design, implementation, integration, testing, deployment of system, maintenance, additional application development methods, system vulnerabilities, secure development, and acquisition practices, OWASP top ten, guidelines for developers, IT asset management (ITAM), device management, continuous diagnostics and mitigation (CDM), hardware, hardware asset management desired state, hardware asset management data, the SSCP's challenge, impact and results. In Data, you will learn about secure information storage, considerations, encryption vulnerabilities, database encryption, data scrubbing, data deduplication, managing encryption keys, consideration, Information Rights Management (IRM), secure output, data retention and disposal, shredders, security levels, destruction of magnetic media, erasure or reformatting, data wiping, degaussing, and disclosure controls: data leakage prevention.

Module Topics: Technical Controls, Operational Controls, Managerial Controls, Security Policies, Standards, Guidelines, and Procedures, Implementation and Configuration Management Plan, security Impact Assessment, System Architecture/Interoperability of Systems, Testing Patches, Fixes, and Updates. In technical Controls, you will learn about identification and authentication, logical access controls, public access controls, audit trails. In Operational Controls, you will learn about operational security measures, operational solutions, managerial Controls. In Security Policies, Standards, Guidelines, and Procedures, you will learn about subject-specific security policies, typical policy elements, policy life cycle, components of a security policy, standard guidelines, and procedures. Participate in Change Management Duties: In Implementation and Configuration Management Plan, you will learn about release management, release manager, release management policy, release management process, code signing, release management tools, systems assurance and controls validation, configuration management (CM), CM process, CM system goals, operational aspects of CM, hardware inventory, software inventory, configuration lists, configuration management for opening systems, identification, automated configuration management tools, control, accounting, and auditing. You will also understand the concepts of Security Impact Assessment and System Architecture/Interoperability of Systems. In Testing, Patches, Fixes, and Updates, you will learn about patch management, patch management process.

Module Topics: Security Awareness Training, Physical Security, Building Security, keys, Locks, and safes, communications and Server Rooms, Restricted and Work Area Security, Utilities and HVAC Considerations, Fire Prevention, Detection, and Suppression. Participate in Physical Security Operations: In Physical Security, you will learn about interior access control elements, and escort and visitor control. In building security, you will learn about doors, perimeter doors, door locks, mantraps, and turnstiles. In Keys, Locks, and Safe, you will learn about types of locks, hi-tech keys, safes, vaults, containers, key control, medeco guide for developing and managing key control. In communications and Server Rooms, you will learn about securing the area, protection from lightning, server rooms, and rack security. In Restricted and Work Area Security, you will learn about restricted work areas, data center security, and the "two- person rule". In Utilities and HVAC Considerations, you will learn about utilities and power uninterruptible power supply, generator, HVAC, air contamination, guidelines, and water issues. In Fire Prevention, Detection, and Suppression, you will learn about fire detection, fire suppression, sprinkler systems, and gas suppression systems.