Securing Software, Data and End Points

ISC2 via Coursera

Go to Course: https://www.coursera.org/learn/sscp-4th-ed-course-4

Introduction

### Course Recommendation: Securing Software, Data and End Points Cybersecurity has become an essential skill in our increasingly digital world. For anyone interested in bolstering their knowledge of information systems and defending against cyber threats, Coursera offers a crucial course titled **“Securing Software, Data and End Points.”** This course stands out as a comprehensive exploration of the many facets of cybersecurity, particularly emphasizing the importance of software, data protection, and endpoint security. Below is an in-depth review of the course content, structure, and my recommendations. --- #### Course Overview “Securing Software, Data and End Points” is the fourth course in a series that emphasizes the critical role of secure software as a defense against data breaches and other cyber threats. It strategically highlights that attackers often target either vulnerabilities in software or the data itself, making it essential to adopt a holistic approach to security. **Key Highlights:** - Focuses on understanding and mitigating risks associated with software vulnerabilities, data protection, and endpoint security. - Designed for individuals who aspire to be security professionals or those in IT roles seeking to enhance their understanding of security practices. --- #### Course Structure and Syllabus The course is divided into six modules, each tackling a distinct area of cybersecurity: 1. **Securing Software** This module introduces the concept of software vulnerabilities and emphasizes the importance of secure software development practices. It explains how common design and programming errors recur due to inadequate team management and lack of awareness. Participants will gain a general understanding of software security without needing to master coding. 2. **Securing Data** Moving from software to data, this module dives into frameworks such as the CIA triad (Confidentiality, Integrity, and Availability) and highlights the threats that databases and data warehouses face. It discusses various attacks, including ransomware and data exfiltration, equipping learners with strategies to protect organizational information. 3. **Identify and Analyze Malicious Code and Activity** This module sheds light on different types of malware, including viruses, worms, and the importance of distinguishing them from potentially unwanted programs (PUPs). Understanding the evolution of malware helps participants identify threats and implement defenses effectively. 4. **Implement and Operate Endpoint Security** The focus here shifts to managing endpoint security, with insights on designing and maintaining secure systems. This module is crucial as endpoints are often the first line of defense against cyber intrusions. 5. **Operate and Secure Virtual Environments** In a world where many businesses are shifting toward cloud services and virtual environments, this module covers the nuances of securing such systems against threats. 6. **Chapter 4 Review** This concluding module synthesizes the knowledge gained throughout the course, emphasizing the importance of a multifaceted approach to security. It also highlights the evolving nature of cybercrime and how organizations can adapt their strategies in response. --- #### Course Takeaways By the end of this course, participants will: - Understand the crucial vulnerabilities in software and how they can be mitigated. - Develop strategies for securing sensitive data against various forms of attacks. - Gain familiarity with the landscape of malicious code, enhancing their ability to detect and respond to threats. - Learn best practices for securing endpoints and virtual environments, integral to maintaining an organization’s overall security posture. --- #### Final Recommendations I unequivocally recommend “Securing Software, Data and End Points” for cybersecurity professionals, students of information technology, or anyone looking to expand their understanding of critical aspects of cybersecurity. The structured modules offer a balanced mix of theory and practical knowledge, making it suitable for both beginners and those with prior experience. With rising cyber threats and the ever-growing impact of data breaches, this course is not just an academic exercise; it is a vital resource for anyone vested in ensuring the integrity, confidentiality, and availability of data and systems. Enroll today on Coursera and take a significant step towards enhancing your cybersecurity knowledge and skills!

Syllabus

Module 1: Securing Software

Software presents the largest attack surface of nearly every organization’s information systems, and its creation is often poorly managed. The vast majority of software vulnerabilities are accidental but repeat offenses. Repeats and reprises of classic design and programming errors, being made over and over again by each new generation of programmers.  And when they’re not exploiting those kinds of software vulnerabilities, attackers take advantage of poorly maintained, often under-protected software, and thus exploit other operational and procedural vulnerabilities as they travel along their attack vector to their desired targets.  We are not going to do a deep dive into the common weaknesses of software, nor how they get put in by designers and programmers. You won’t need to learn programming or how to read code to help your organization dramatically improve the security of its software or the supply chains that bring that software to the organization’s end users.   

Module 2: Securing Data

Whether you are using the CIA triad, CIANA+PS or any other set of security characteristics as your analysis framework, you’ll find that they all meet their stress test case when considering databases and data warehouses. This is the “data at rest” part of the three-state model of data; applications and endpoints make up the environment in which we consider data in use, and networks and communications systems are where data is in motion, of course.  Business and organizational data, personal data such as personally identifiable information (PII) or protected health information (PHI), and metadata about all of that data are collected, collated, linked together and stored in databases and data warehouses, whether on-premises, in the cloud or in hybrid architectures.  It’s the information in those architectures that requires the right set of protections and controls, if the organization is to meet or exceed its information security, data protection and systems safety needs.  Many different forms of attacks on data happen every day. Ransom attacks encrypt the target’s data while demanding payment to provide the decryption key and tool; this is extortion, a crime everywhere.  Other attacks attempt to corrupt existing data or put false data into the system as an act of sabotage or fraud.   Copying of data without disturbing it is theft, and such data breaches, or data exfiltration attacks, can target data that is in simple files, such as poorly protected lists of usernames and related credentials, systems log files or applications data in documents, spreadsheets and other files. Attacks that net millions of stolen copies of customer records, however, have more than likely been targeted against databases and data warehouses. These attack vectors can be categorized in many ways, and the next section will look at the most common. 

Module 3: Identify and Analyze Malicious Code and Activity

The term “malicious code” refers to the many types of malware in use today. In many cases, people use the term “virus” incorrectly to include all types of malware. In fact, a virus is only one form of malware.  Malware is the joining of the two terms “malicious” and “software.” It is often used to discuss the various forms of malicious software code that have been written to cause damage or perform unauthorized activity on a system. Malware is not used to describe a software bug or logic flaw in a system because those are not written to intentionally perform unauthorized actions. There are many forms of malware in use today, and over the years it has evolved as malware authors have had to discover new ways to compromise a system and to achieve its goals.  It’s important to differentiate between malware and potentially unwanted programs (PUPs). Many adware and spyware programs are viewed as having legitimate business and organizational uses; in fact, the trade groups that represent advertisers, workplace employee performance monitoring and vendors of these programs argue that when used legitimately, the organization clearly wants them installed and in use, even if some of their employees are hesitant.  This is why many threat intelligence services, anti-malware and security systems vendors and others refer to programs with no demonstrably hostile or malicious intent as separate from programs that are clearly hostile by design and use.  Some malware (also called malcode) is overt and obvious, doing extensive damage to systems and data within a short time of its introduction, while other malware is hidden and can lie dormant on a system for months or years undetected, just waiting to respond to a call from the implementer of the malware.  Early versions of malware were either a virus or a worm and often spread by passing floppy disks from person to person (like the Brain computer virus) or exploiting a network connection (e.g., Morris worm). The infected floppy disk would contain a (boot sector) virus that overwrote the boot sector on the hard disk. When the disk was inserted into a system, the system would read the boot sector to determine what data was on the disk and load the virus sitting in the boot sector. With this means of transmission, it took years for such a virus to spread around the world. Other virus types included the macro virus that would exploit the macro language used in some office productivity products, or the various forms of malware that would spread as email attachments or through links in an email. 

Module 4: Implement and Operate Endpoint Security

Systems’ security depends on the correct configuration and interaction of many different components. Security must be deployed in a consistent manner across the entire system. This requires careful management of equipment, personnel and communications interfaces. This module will examine how to design, build and manage secure systems and ensure that no gaps are left in the design or operations of a system. 

Module 5: Operate and Secure Virtual Environments

Module 6: Chapter 4 Review

This chapter has taken you on a wide-ranging journey across the threat surface of your organization’s software, its data, its endpoints and its virtual environments. Along the way you’ve seen some of the challenges that face you as you try to harden systems, procedures and the organization’s people as well as to resist the attacks of malware, social engineering, phishing and malformed data.   Cybercrime has become incredibly lucrative; it has also become a very big business ecosystem, in which many layers of toolkit developers, open source intelligence gatherers, exfiltrated data resellers and specialist attack teams support the efforts of advanced persistent threat (APT) teams in their attacks on businesses, schools, universities, hospitals and government services around the world.   Your organization’s information security team cannot outspend the cybercriminals; and while it’s true that you cannot outthink all of them all the time, you really don’t have to. You only have to outthink the ones you have to detect, right now, today, as they try to intrude into your systems or otherwise disrupt your IT and OT infrastructures and the business processes that depend upon them.  The bottom line is keeping the data safe, secure, reliable; and that means keeping the software safe and reliable to use, whether it’s running on servers or endpoints, on real iron or in virtualized environments on top of hypervisors. One day at a time.