Securing Software, Data and End Points from Coursera

What's inside

Syllabus

Module 1: Securing Software

Software presents the largest attack surface of nearly every organization’s information systems, and its creation is often poorly managed. The vast majority of software vulnerabilities are accidental but repeat offenses. Repeats and reprises of classic design and programming errors, being made over and over again by each new generation of programmers.  And when they’re not exploiting those kinds of software vulnerabilities, attackers take advantage of poorly maintained, often under-protected software, and thus exploit other operational and procedural vulnerabilities as they travel along their attack vector to their desired targets.  We are not going to do a deep dive into the common weaknesses of software, nor how they get put in by designers and programmers. You won’t need to learn programming or how to read code to help your organization dramatically improve the security of its software or the supply chains that bring that software to the organization’s end users.   

Module 2: Securing Data

Whether you are using the CIA triad, CIANA+PS or any other set of security characteristics as your analysis framework, you’ll find that they all meet their stress test case when considering databases and data warehouses. This is the “data at rest” part of the three-state model of data; applications and endpoints make up the environment in which we consider data in use, and networks and communications systems are where data is in motion, of course.  Business and organizational data, personal data such as personally identifiable information (PII) or protected health information (PHI), and metadata about all of that data are collected, collated, linked together and stored in databases and data warehouses, whether on-premises, in the cloud or in hybrid architectures.  It’s the information in those architectures that requires the right set of protections and controls, if the organization is to meet or exceed its information security, data protection and systems safety needs.  Many different forms of attacks on data happen every day. Ransom attacks encrypt the target’s data while demanding payment to provide the decryption key and tool; this is extortion, a crime everywhere.  Other attacks attempt to corrupt existing data or put false data into the system as an act of sabotage or fraud.   Copying of data without disturbing it is theft, and such data breaches, or data exfiltration attacks, can target data that is in simple files, such as poorly protected lists of usernames and related credentials, systems log files or applications data in documents, spreadsheets and other files. Attacks that net millions of stolen copies of customer records, however, have more than likely been targeted against databases and data warehouses. These attack vectors can be categorized in many ways, and the next section will look at the most common. 

Module 3: Identify and Analyze Malicious Code and Activity

The term “malicious code” refers to the many types of malware in use today. In many cases, people use the term “virus” incorrectly to include all types of malware. In fact, a virus is only one form of malware.  Malware is the joining of the two terms “malicious” and “software.” It is often used to discuss the various forms of malicious software code that have been written to cause damage or perform unauthorized activity on a system. Malware is not used to describe a software bug or logic flaw in a system because those are not written to intentionally perform unauthorized actions. There are many forms of malware in use today, and over the years it has evolved as malware authors have had to discover new ways to compromise a system and to achieve its goals.  It’s important to differentiate between malware and potentially unwanted programs (PUPs). Many adware and spyware programs are viewed as having legitimate business and organizational uses; in fact, the trade groups that represent advertisers, workplace employee performance monitoring and vendors of these programs argue that when used legitimately, the organization clearly wants them installed and in use, even if some of their employees are hesitant.  This is why many threat intelligence services, anti-malware and security systems vendors and others refer to programs with no demonstrably hostile or malicious intent as separate from programs that are clearly hostile by design and use.  Some malware (also called malcode) is overt and obvious, doing extensive damage to systems and data within a short time of its introduction, while other malware is hidden and can lie dormant on a system for months or years undetected, just waiting to respond to a call from the implementer of the malware.  Early versions of malware were either a virus or a worm and often spread by passing floppy disks from person to person (like the Brain computer virus) or exploiting a network connection (e.g., Morris worm). The infected floppy disk would contain a (boot sector) virus that overwrote the boot sector on the hard disk. When the disk was inserted into a system, the system would read the boot sector to determine what data was on the disk and load the virus sitting in the boot sector. With this means of transmission, it took years for such a virus to spread around the world. Other virus types included the macro virus that would exploit the macro language used in some office productivity products, or the various forms of malware that would spread as email attachments or through links in an email. 

Module 4: Implement and Operate Endpoint Security

Systems’ security depends on the correct configuration and interaction of many different components. Security must be deployed in a consistent manner across the entire system. This requires careful management of equipment, personnel and communications interfaces. This module will examine how to design, build and manage secure systems and ensure that no gaps are left in the design or operations of a system. 

Module 5: Operate and Secure Virtual Environments

Module 6: Chapter 4 Review

This chapter has taken you on a wide-ranging journey across the threat surface of your organization’s software, its data, its endpoints and its virtual environments. Along the way you’ve seen some of the challenges that face you as you try to harden systems, procedures and the organization’s people as well as to resist the attacks of malware, social engineering, phishing and malformed data.   Cybercrime has become incredibly lucrative; it has also become a very big business ecosystem, in which many layers of toolkit developers, open source intelligence gatherers, exfiltrated data resellers and specialist attack teams support the efforts of advanced persistent threat (APT) teams in their attacks on businesses, schools, universities, hospitals and government services around the world.   Your organization’s information security team cannot outspend the cybercriminals; and while it’s true that you cannot outthink all of them all the time, you really don’t have to. You only have to outthink the ones you have to detect, right now, today, as they try to intrude into your systems or otherwise disrupt your IT and OT infrastructures and the business processes that depend upon them.  The bottom line is keeping the data safe, secure, reliable; and that means keeping the software safe and reliable to use, whether it’s running on servers or endpoints, on real iron or in virtualized environments on top of hypervisors. One day at a time.

Good to know

Know what's good

, what to watch for

, and possible dealbreakers

Appropriate as a pre-course for advanced IT and cyber security courses

Suitable for non-programmers seeking to reduce software vulnerabilities

Recognizes malicious code and prevention measures

Covers security issues in mobile and autonomous endpoints

Provides insights into software systems and application security

Suitable for beginners with no prior experience

Activities

Be better prepared before your course. Deepen your understanding during and after it. Supplement your coursework and achieve mastery of the topics covered in Securing Software, Data and End Points with these activities:

Review Course Materials Regularly

Show steps

Enhance your learning by consistently reviewing your course materials.

Show steps

Set aside time for regular review
Review lecture notes, slides, and readings
Summarize key concepts in your own words

Review Networking Concepts

Show steps

Brush up on your knowledge of networking to fully grasp the security concepts discussed in the course.

Browse courses on Networking Concepts

Show steps

Review basic networking concepts
Focus on network protocols and architectures

Review textbook

Show steps

Review the basics of operating system concepts to prepare for the course.

View Operating System Concepts on Amazon

Show steps

Read the first three chapters of the book.
Take notes on the key concepts in each chapter.
Complete the practice exercises at the end of each chapter.

18 other activities

Expand to see all activities and additional details

Show all 21 activities

Review SQL

Show steps

This course assumes a strong foundation in SQL. Refresh SQL knowledge and skills now to ensure a smooth learning experience.

Browse courses on SQL

Show steps

Revisit SQL commands and syntax
Practice writing SELECT statements
Refresh knowledge of aggregate functions
Solve coding problems using SQL

Connect with Security Professionals

Show steps

Reach out to professionals in the field of security to gain insights, guidance, and potential mentorship opportunities.

Show steps

Attend industry events and conferences
Join professional organizations and online communities
Reach out to individuals directly for mentorship

Participate in Study Groups

Show steps

Collaborate with peers, exchange insights, and reinforce your understanding through active discussions.

Show steps

Form a study group with classmates
Meet regularly to discuss course materials
Work together to solve problems and clarify concepts
Share resources and support each other

Participate in online discussion forums

Show steps

Engage with peers and clarify concepts through discussions.

Show steps

Join online discussion forums related to the course topics.
Participate in discussions, ask questions, and share your insights.
Read and respond to other participants' posts.

Explore Current Security Threats

Show steps

Stay up-to-date with the evolving cybersecurity landscape by following experts and industry news.

Browse courses on Security Threats

Show steps

Follow cybersecurity blogs and news outlets
Attend webinars or online talks
Read industry reports and white papers
Subscribe to security newsletters

Complete online quizzes

Show steps

Test understanding of key concepts through online quizzes.

Browse courses on Malicious Code

Show steps

Search for online quizzes related to the course topics.
Complete the quizzes and review your results.
Identify areas where you need further study or clarification.

Virtualization Security Best Practices

Show steps

Complete online tutorials to learn about best practices for securing virtual environments, such as hypervisor hardening and VM isolation techniques.

Browse courses on Virtualization Security

Show steps

Identify reputable sources for virtualization security tutorials
Follow tutorials to understand best practices
Apply best practices in a lab environment

Solve Cybersecurity Quiz Challenges

Show steps

Test your understanding of cybersecurity concepts and stay sharp with regular practice.

Show steps

Find online cybersecurity quizzes or challenges
Take the quiz and review your answers
Identify areas for improvement
Repeat the process regularly

Endpoint Security Case Study

Show steps

Develop a detailed case study analyzing an endpoint security incident or implementation to deepen understanding of endpoint security strategies.

Browse courses on Endpoint Security

Show steps

Identify a real-world case study or scenario
Research and analyze relevant security concepts
Write a comprehensive report outlining the analysis

Follow Tutorials on Data Security Tools

Show steps

The course discusses several security tools without going into details. Explore the internet for tutorials on these tools to enhance your understanding.

Show steps

Identify a tool used in the course
Search for tutorials on the tool
Follow the tutorial and complete the examples

Data Breach Mitigation Resource Collection

Show steps

Compile a collection of resources, including articles, whitepapers, and case studies, to gain a comprehensive understanding of data breach mitigation strategies.

Browse courses on Data Breach Prevention

Show steps

Search for reputable sources on data breach mitigation
Organize and categorize collected resources
Create a repository for easy access and sharing

Complete tutorials on specific security tools

Show steps

Gain hands-on experience with security tools by following guided tutorials.

Browse courses on Endpoint Security

Show steps

Identify the security tools that you want to learn more about.
Search for guided tutorials on these tools.
Follow the tutorials and complete the exercises.
Experiment with the tools to gain a deeper understanding of their functionalities.

Security Design Project

Show steps

Engage in hands-on development of a secure software solution to reinforce software security principles and practices.

Browse courses on Software Security

Show steps

Define project scope and requirements
Design and implement security controls
Conduct security testing
Document and present project

Create a Cheat Sheet on Cybersecurity Best Practices

Show steps

Reinforce your understanding and share your knowledge by creating a quick reference guide on cybersecurity best practices.

Browse courses on Cybersecurity Best Practices

Show steps

Identify essential cybersecurity best practices
Summarize them in a clear and concise manner
Organize the information in a logical and easy-to-use format
Share the cheat sheet with peers or post it online

Write a blog post summarizing a topic

Show steps

Reinforce understanding of security concepts by writing a blog post about a topic covered in the course.

Browse courses on Security Posture

Show steps

Choose a topic from the course material that you want to write about.
Research the topic and gather information from credible sources.
Write a draft of your blog post, including an introduction, body, and conclusion.
Edit and proofread your blog post.
Publish your blog post on a platform of your choice.

Malicious Code Analysis Exercises

Show steps

Practice analyzing malicious code samples to develop skills in identifying and mitigating malware threats.

Browse courses on Malware Analysis

Show steps

Obtain sample malicious code files
Use analysis tools to examine code structure and behavior
Identify malicious techniques and payloads

Design a security plan for a fictional organization

Show steps

Apply course concepts to a practical scenario by designing a security plan.

Browse courses on Security Planning

Show steps

Choose a fictional organization and industry for your plan.
Conduct a risk assessment to identify potential threats and vulnerabilities.
Develop a set of security controls to mitigate the risks.
Write a security plan document that outlines your findings and recommendations.

Build a Mock Security System

Show steps

Apply your knowledge by building a mock security system that addresses real-world security concerns.

Browse courses on System Security

Show steps

Define the requirements of the security system
Design the system architecture
Implement the system using the tools and techniques learned
Test and evaluate the system

Career center

Learners who complete Securing Software, Data and End Points will develop knowledge and skills that may be useful to these careers:

Information Security Analyst

Information security analysts monitor networks and databases for vulnerabilities and develop security measures to protect against cyberattacks and data breaches. This course can help prepare you for this role by providing you with a deep understanding of software and data security concepts, as well as the skills to identify and mitigate security risks. You will learn about different types of malware, how to secure virtual environments, and how to implement endpoint security measures.

See salaries and explore the career path for Information Security Analyst

Cybersecurity Engineer

Cybersecurity engineers design, implement, and maintain security systems to protect networks and data from cyberattacks. This course can provide you with the foundation you need to succeed in this role by teaching you about software and data security, as well as how to identify and mitigate security risks. You will also learn about different types of malware, how to secure virtual environments, and how to implement endpoint security measures.

See salaries and explore the career path for Cybersecurity Engineer

Data Analyst

Data analysts collect, clean, and analyze data to identify trends and patterns. They use this information to make recommendations to businesses on how to improve their operations. This course can help you develop the skills you need to succeed in this role by providing you with a strong foundation in data security and analysis. You will learn about different types of data, how to protect data from breaches, and how to use data to make informed decisions.

See salaries and explore the career path for Data Analyst

Database Administrator

Database administrators manage and maintain databases. They work to ensure that databases are secure, reliable, and efficient. This course can provide you with the skills you need to succeed in this role by teaching you about data security concepts, as well as how to identify and mitigate security risks. You will also learn about different types of malware, how to secure virtual environments, and how to implement endpoint security measures.

See salaries and explore the career path for Database Administrator

Software Engineer

Software engineers design, develop, and maintain software applications. They work to ensure that software is secure, reliable, and efficient. This course can provide you with the skills you need to succeed in this role by teaching you about software security concepts, as well as how to identify and mitigate security risks. You will also learn about different types of malware, how to secure virtual environments, and how to implement endpoint security measures.

See salaries and explore the career path for Software Engineer

Systems Administrator

Systems administrators manage and maintain computer systems. They work to ensure that systems are secure, reliable, and efficient. This course can provide you with the skills you need to succeed in this role by teaching you about software and data security concepts, as well as how to identify and mitigate security risks. You will also learn about different types of malware, how to secure virtual environments, and how to implement endpoint security measures.

See salaries and explore the career path for Systems Administrator

Security Consultant

Security consultants provide advice to businesses on how to improve their security posture. They work to identify and mitigate security risks, and develop security plans. This course can provide you with the skills you need to succeed in this role by teaching you about software and data security concepts, as well as how to identify and mitigate security risks. You will also learn about different types of malware, how to secure virtual environments, and how to implement endpoint security measures.

See salaries and explore the career path for Security Consultant

Information Technology Auditor

Information technology auditors review and evaluate an organization's IT systems and processes to ensure that they are secure and compliant with regulations. This course can provide you with the skills you need to succeed in this role by teaching you about software and data security concepts, as well as how to identify and mitigate security risks. You will also learn about different types of malware, how to secure virtual environments, and how to implement endpoint security measures.

See salaries and explore the career path for Information Technology Auditor

Security Analyst

Security analysts monitor networks and databases for security breaches. They work to identify and mitigate security risks, and develop security plans. This course can provide you with the skills you need to succeed in this role by teaching you about software and data security concepts, as well as how to identify and mitigate security risks. You will also learn about different types of malware, how to secure virtual environments, and how to implement endpoint security measures.

See salaries and explore the career path for Security Analyst

Privacy Analyst

Privacy analysts develop and implement privacy policies and procedures to protect personal data. They work to ensure that organizations are compliant with privacy regulations. This course can provide you with the skills you need to succeed in this role by teaching you about data security concepts, as well as how to identify and mitigate security risks. You will also learn about different types of malware, how to secure virtual environments, and how to implement endpoint security measures.

See salaries and explore the career path for Privacy Analyst

Risk Analyst

Risk analysts identify and assess risks to an organization's assets. They work to develop and implement strategies to mitigate these risks. This course can provide you with the skills you need to succeed in this role by teaching you about software and data security concepts, as well as how to identify and mitigate security risks. You will also learn about different types of malware, how to secure virtual environments, and how to implement endpoint security measures.

See salaries and explore the career path for Risk Analyst

Information Security Manager

Information security managers oversee the development and implementation of an organization's security policies and procedures. They work to ensure that the organization's information assets are protected from unauthorized access, use, disclosure, disruption, modification, or destruction. This course can provide you with the skills you need to succeed in this role by teaching you about software and data security concepts, as well as how to identify and mitigate security risks. You will also learn about different types of malware, how to secure virtual environments, and how to implement endpoint security measures.

See salaries and explore the career path for Information Security Manager

Security Architect

Security architects design and implement security architectures to protect an organization's information assets. They work to ensure that the organization's systems and data are protected from unauthorized access, use, disclosure, disruption, modification, or destruction. This course can provide you with the skills you need to succeed in this role by teaching you about software and data security concepts, as well as how to identify and mitigate security risks. You will also learn about different types of malware, how to secure virtual environments, and how to implement endpoint security measures.

See salaries and explore the career path for Security Architect

Ethical Hacker

Ethical hackers use their skills to identify and exploit security vulnerabilities in software and systems. They work with organizations to fix these vulnerabilities before they can be exploited by malicious actors. This course can provide you with the skills you need to succeed in this role by teaching you about software and data security concepts, as well as how to identify and mitigate security risks. You will also learn about different types of malware, how to secure virtual environments, and how to implement endpoint security measures.

See salaries and explore the career path for Ethical Hacker

Security Researcher

Security researchers identify and analyze security vulnerabilities in software and systems. They work to develop and implement patches and updates to fix these vulnerabilities. This course can provide you with the skills you need to succeed in this role by teaching you about software and data security concepts, as well as how to identify and mitigate security risks. You will also learn about different types of malware, how to secure virtual environments, and how to implement endpoint security measures.

See salaries and explore the career path for Security Researcher