We may earn an affiliate commission when you visit our partners.
Course image
(ISC)² Education & Training

Welcome to Systems and Application Security Course!

In the Systems and Application Security Course, you will gain an understanding of computer code that can be described as harmful or malicious. Both technical and non-technical attacks will be discussed. You will learn how an organization can protect itself from these attacks. You will learn concepts in endpoint device security, cloud infrastructure security, securing big data systems, and securing virtual environments.

Objectives

1. Identify malicious code activity

2. Describe malicious code and the various countermeasures

Read more

Welcome to Systems and Application Security Course!

In the Systems and Application Security Course, you will gain an understanding of computer code that can be described as harmful or malicious. Both technical and non-technical attacks will be discussed. You will learn how an organization can protect itself from these attacks. You will learn concepts in endpoint device security, cloud infrastructure security, securing big data systems, and securing virtual environments.

Objectives

1. Identify malicious code activity

2. Describe malicious code and the various countermeasures

3. Describe the processes for operating endpoint device security

4. Define mobile device management processes

5. Describe the process for configuring cloud security

6. Explain the process for securing big data systems

7. Summarize the process for securing virtual environments

Enroll now

What's inside

Syllabus

Identify and Analyze Malicious Code and Activity
Module Topics: Malicious Code, Malicious Code Countermeasures, Exploitation, Insider Threats, Spoofing, Phishing, Spam, and Botnet, Malicious Web Activity, Payloads, Malicious Activity Countermeasures, Malcode Mitigation, and Common Mistakes. Malicious Code includes topics like Key concepts, Example Worms, Polymorphic Viruses, Software Exploitation Methods, Scanners, Generations of Antivirus Scanning Software, Generic Decryption (GD) Technology, Behavior-Blocking Software, Antivirus Software on the Firewall and IDS, Code signing, Code Signing Certificates, Sandboxing, Virtual Machine (VM), Social Engineering, Additional Examples of Social Engineering Attacks, and Security Awareness Training. Under the topic of Exploitation, you will learn about Long File Extensions, Fake Icon, Hostile Codecs, and E-mail. In Insider Threats, you will learn about Indicators of Malicious Threat Activity, Countermeasures, Direction, Prevention, and Deterrence Methods, Continual Training, and Insider Hardware Threats. In Spoofing, Phishing, Spam, and Botnets, you will learn about Spoofing, Examples of Spoofing, Phishing, Common Characteristics of Forged E-Mail Messages, Techniques, How Phishing Works, Impact of Phishing, How to Recognize a Phishing E-Mail, Spam, Spam Distribution Channels, How Does Spam Work?, Spam Techniques, Protecting users From Spam, Botnets, How Are Botnets Created?, Botnet-Led Exploits, Botnet Detection and Mitigation, Common Botnet Detection and Mitigation Techniques. In Malicious Web Activity, you will go through topics like Mobomarket Attack, Cross-site Scripting (XSS) Attacks, The Theory of XSS, XSS Attack Vectors, Is the Organization's Site Vulnerable to Cross-Site Scripting? Example of a Cross-Site Scripting Attack, How to check for Cross-Site Scripting Vulnerabilities, Zero-Day Exploits and Advanced Persistent Threats (APTS), Unknown Vulnerabilities management Process, Five Phases of APT, Brute-Force Attacks, Instant Messaging, Infected Factory Builds and Media, man-in-the-Middle Malcode, Malicious Activity Countermeasures, Network Layer, Application Layer, Modified Hosts File and DNS Changes, Inspection of Process, Rootkit, Rootkit Classifications, Behavioral Analysis of Malcode, and Static File Analysis.
Read more
Implement and Operate Endpoint Device Security
Module Topics: Host-Based Intrusion Detection Systems (HIDS), Host-Based Firewalls, Application Whitelisting, Endpoint Encryption, Trusted Platform Module (TPM), Mobile Device Management (MDM), Secure Browsing. In Host-Based Intrusion Detection Systems (HIDS), you will learn about Advantages and Disadvantages of HIDS. In Application Whitelisting, you will learn about software Restriction Policies (SRP), Trusted Platform Module (TPM). In Mobile Device Management (MDM), you will learn about Bring your Own Device (BYOD), Security, BYOD Policy Considerations, BYOD Policy Considerations, Corporate Owned, Personally Enabled (COPE), and Secure Browsing.
Operate and Configure Cloud Security
Module Topics: Introduction, Deployment Models, Service Models, Virtualization, Legal and Privacy Concerns, Classification of Discovered Sensitive Data, Mapping and Definition of Controls, Application of Defined Controls for Personally Identifiable Information (PII), Data Storage and Transmission, Encryption, Key Management, Masking/Obfuscation and Anonymization, Tokenization, Data Deletion Procedures and Mechanisms, Event Sources, Data Event Logging and Event Attributes, and Storage and Analysis of Data Events. Introduction covers the Five Essential Characteristics of Clouds. Deployment Models cover topics like Public, Private, Hybrid and Community Cloud, Service Models, SaaS, PaaS, and IaaS. Virtualization includes Hypervisor, and Types of Virtualization. In Legal and Privacy Concerns, you will learn about Key P&DP Questions, Country-Specific Legal Considerations, Jurisdiction and Applicable Law, Essential Requirements in P&DP Laws, Typical Meaning for Common Privacy Terms, Privacy Roles for Customer and Service Provider, Data Discovery, and Privacy Level Agreement (PLA). In Application of Defined Controls for Personally Identifiable Information (PII), you will learn about Cloud security Alliance Cloud Controls Matrix (CCM), CCM Security Domains, Data Dispersion in Cloud Storage, Threat to storage Types, Technologies Available to Address Threats, Data Loss Prevention (DLP), DLP Components, DLP Architecture, Cloud-Based DLP Considerations, and Best Practices. In Encryption, you will learn about Sample Use cases for Encryption, Cloud Encryption Challenges, Key Management, Key Storage in the Cloud, and Key Management in Software environments. In Masking/Obfuscation and Anonymization, you will learn about Data Masking/Obfuscation, Common Approaches for Data Masking, Primary Methods of Masking Data, and Data Anonymization. Tockenization covers topics like Tokenization and Cloud, Data Retention Policies, Data Deletion Procedures and Mechanisms, Disposal Options, Crypto-shredding, Data Archiving Policy, Security and Information Event Management (SIEM). Data Event Logging and Event Attributes covers topics like OWASP Recommendations, SIEM Capabilities, and SIEM Challenges.
Secure Big Data Systems & Operate and Secure Virtual Environments
Module Topics for Secure Big Data Systems: Application Vulnerabilities and Architecture or Design Environments. Application Vulnerabilities include topics like Data Growth, Big Data, Interpreting Big, Data, Big Data Issues, and Challenges with 'Free' Analytic Tools. Architectural or Design Environments include topics like Distributed Computing Architectures, Key Challenges, Securing the Organization's Big Data, and Deploying Big Data for Security. Module Topics for Operate and Secure Virtual Environments: Software-Defined Network (SDN), Virtual Appliances, Continuity and Resilience, Attacks and Countermeasures, Common Virtualization Attacks, Recommendations and Best Practices for Secure Virtualization, and Shared Storage. In Software-Defined network (SDN), you will learn about How SDN Works. Virtual Appliances talks about Virtual Appliances Compared to Virtual Machines. In Continuity and Resilience you will learn about Host Clustering Concepts, VMware Distributed Resource Scheduling (DRS), Scalability and Reliability, windows Failover Clustering. In Common Virtualization Attacks, you will learn about Mitigation Strategies. In Recommendations and Best Practices for Secure Virtualization you will learn about Desktop Virtualization and Security, Network Security, Storage Networks, Auditing and Logging, Virtual Machine Security, Management Systems, Hypervisor Security, Time Synchronization, Remote Access, Backups, and Configuration and Change Management.
Case Study
End-of-Course Assessment

Good to know

Know what's good
, what to watch for
, and possible dealbreakers
Examines endpoint device security, cloud infrastructure security, securing big data systems, and virtual environments, which is standard in industry
Develops technical and non-technical attack identification skills, which are core skills for security analysts in any setting
Develops endpoint device security management skills, which are core skills for security analysts and system administrators
Develops cloud security management skills, which are essential for cloud security architects, administrators, and auditors
Develops big data system security management skills, which are essential for big data security analysts, administrators, architects, and auditors
Develops virtual environment security management skills, which are essential for virtualization system administrators and virtual environment security analysts

Save this course

Save Systems and Application Security to your list so you can find it easily later:
Save

Reviews summary

Highly praised systems security course

According to learners, this is an excellent course on systems and application security. Students largely praise the course's engaging content, informative lessons, and knowledgeable instructors. Many learners recommend this course to those in IT security, as it covers a wide range of security domains and can help learners to understand how to prevent and mitigate attacks.
Presenters are knowledgeable and enthusiastic.
"Excellent course. Outstanding author."
"Enjoyed learning new concept which were explained very nicely by the instructor."
"I am already busy with the rest of the courses related to SSCP certification training from (ISC)2 on CourseraWell done guys!!!"
Covers a broad range of security domains.
"This course is broad, involving, and beneficial to any IT professional as it covers a broad and wide range of IT security domains."
"The course me ayudo a poder comprender los tipos de malcode y la forma de como prevenir y mitigar estos ataques."
"Awesome course. Lots of detail covering each topic."
Lessons are informative and engaging.
"Very Intensive but very important"
"This was a very informative and interested course."
"Application security provides you the knowledge to stand out of the crowd"
Students recommend this course for IT security professionals.
"I highly recommended it."
"This was an excellent course. I recommend anyone take it that is in the security support role."

Activities

Be better prepared before your course. Deepen your understanding during and after it. Supplement your coursework and achieve mastery of the topics covered in Systems and Application Security with these activities:
Review essential programming fundamentals
Review the basics of programming to solidify your foundation in the subject and prepare for the advanced concepts covered in the course.
Browse courses on Variables and Data Types
Show steps
  • Go over your notes or textbooks from previous programming courses.
  • Solve practice problems or coding challenges to test your understanding.
  • Review online tutorials or resources on the concepts you are less confident in.
Form a study group with classmates or peers
Collaborate with peers to discuss concepts, ask questions, and work on projects together to enhance your learning experience and build a supportive learning community.
Show steps
  • Reach out to classmates or fellow students to form a study group.
  • Schedule regular meetings to discuss course materials and assignments.
  • Collaborate on projects or practice exercises together.
Practice reading and writing malicious code
Gain hands-on experience in identifying and analyzing malicious code to improve your understanding of cyber threats and vulnerabilities.
Show steps
  • Find a dataset of malicious code samples online.
  • Use tools like IDA Pro or Ghidra to disassemble and analyze the code.
  • Identify the malicious functionality and techniques used.
Five other activities
Expand to see all activities and additional details
Show all eight activities
Read 'Network Security Essentials: Applications and Standards' by William Stallings
Gain a comprehensive understanding of network security principles and standards to enhance your knowledge of the subject and prepare for industry certifications like the CISSP.
Show steps
  • Read through the book thoroughly, taking notes and highlighting important concepts.
  • Complete the exercises and review questions at the end of each chapter to test your comprehension.
  • Use the book as a reference guide for future studies and projects.
Set up a lab environment for security testing
Build a practical understanding of security testing by setting up your own lab environment and conducting vulnerability assessments to strengthen your hands-on skills.
Browse courses on Security Testing
Show steps
  • Choose a virtualization platform like VirtualBox or VMware.
  • Install operating systems and security tools on your virtual machines.
  • Follow tutorials or online resources to set up a basic security testing lab.
Develop a security plan for a small business or organization
Apply your understanding of security concepts to a practical scenario by creating a security plan to enhance your ability to protect organizations from cyber threats.
Browse courses on Security Planning
Show steps
  • Identify the organization's security requirements and goals.
  • Conduct a risk assessment to identify potential vulnerabilities.
  • Develop and document a comprehensive security plan that addresses the identified risks.
Compile a resource library on endpoint security best practices
Gather and organize valuable resources on endpoint security to deepen your understanding of best practices and enhance your knowledge in this critical area.
Browse courses on Endpoint Security
Show steps
  • Collect articles, white papers, and security advisories related to endpoint security.
  • Create a repository like a Google Doc, Notion page, or GitHub gist to store the resources.
  • Categorize and organize the resources for easy access and reference.
Attend a cybersecurity workshop or conference
Engage with industry experts and learn about the latest trends and advancements in cybersecurity to expand your knowledge and network with professionals in the field.
Show steps
  • Research and identify relevant cybersecurity workshops or conferences.
  • Register and attend the event.
  • Actively participate in sessions, ask questions, and network with attendees.

Career center

Learners who complete Systems and Application Security will develop knowledge and skills that may be useful to these careers:
Chief Information Security Officer (CISO)
A Chief Information Security Officer (CISO) is responsible for the overall security of an organization's information assets. This includes developing and implementing security policies, managing security risks, and overseeing security operations. The Systems and Application Security course may be useful as it will give you a comprehensive understanding of various types of malicious code, how to identify and mitigate them, and how to secure endpoint devices, cloud infrastructure, big data systems, and virtual environments.
Security Program Manager
A Security Program Manager is responsible for planning, implementing, and managing an organization's security program. This includes developing and implementing security policies, managing security risks, and overseeing security operations. The Systems and Application Security course may be useful as it will teach you about various types of malicious code, how to identify and mitigate them, and how to secure endpoint devices, cloud infrastructure, big data systems, and virtual environments.
Cybersecurity Manager
A Cybersecurity Manager is responsible for planning, implementing, and managing an organization's cybersecurity program. This includes developing and implementing security policies, managing security risks, and overseeing security operations. The Systems and Application Security course may be useful as it will teach you about various types of malicious code, how to identify and mitigate them, and how to secure endpoint devices, cloud infrastructure, big data systems, and virtual environments.
Penetration Tester
A Penetration Tester simulates attacks on an organization's computer systems to identify vulnerabilities. They then report these vulnerabilities to the organization so that they can be fixed. The Systems and Application Security course may be useful as it will teach you about various types of malicious code, how to identify and mitigate them, and how to secure endpoint devices, cloud infrastructure, big data systems, and virtual environments.
Malware Analyst
A Malware Analyst researches and analyzes malicious code, such as viruses, worms, and Trojans. They also develop and implement countermeasures to protect against these threats. The Systems and Application Security course may be useful as it will give you a deep understanding of various types of malicious code, how to identify and mitigate them, and how to secure endpoint devices, cloud infrastructure, big data systems, and virtual environments.
Cyber Threat Intelligence Analyst
A Cyber Threat Intelligence Analyst researches and analyzes cyber threats to identify and mitigate them. The Systems and Application Security course may be useful as it will teach you about various types of malicious code, how to identify and mitigate them, and how to secure endpoint devices, cloud infrastructure, big data systems, and virtual environments.
Data Protection Officer (DPO)
A Data Protection Officer (DPO) is responsible for ensuring that an organization complies with data protection regulations. This includes developing and implementing data protection policies, managing data protection risks, and overseeing data protection operations. The Systems and Application Security course may be useful as it will teach you about various types of malicious code, how to identify and mitigate them, and how to secure endpoint devices, cloud infrastructure, big data systems, and virtual environments.
Cybersecurity Analyst
A Cybersecurity Analyst monitors and analyzes an organization's computer systems to identify and mitigate security threats. The Systems and Application Security course may be useful as it will teach you about various types of malicious code, how to identify and mitigate them, and how to secure endpoint devices, cloud infrastructure, big data systems, and virtual environments.
Privacy Officer
A Privacy Officer is responsible for ensuring that an organization complies with privacy regulations. This includes developing and implementing privacy policies, managing privacy risks, and overseeing privacy operations. The Systems and Application Security course may be useful as it will teach you about various types of malicious code, how to identify and mitigate them, and how to secure endpoint devices, cloud infrastructure, big data systems, and virtual environments.
Security Consultant
A Security Consultant provides advice and guidance to organizations on how to improve their security posture. This includes assessing security risks, developing security plans, and implementing security controls. The Systems and Application Security course may be useful as it will give you a broad understanding of various types of malicious code, how to identify and mitigate them, and how to secure endpoint devices, cloud infrastructure, big data systems, and virtual environments.
IT Auditor
An IT Auditor reviews an organization's IT systems and processes to ensure that they are secure and compliant with regulations. The Systems and Application Security course may be useful as it will teach you about various types of malicious code, how to identify and mitigate them, and how to secure endpoint devices, cloud infrastructure, big data systems, and virtual environments.
Network Security Engineer
A Network Security Engineer designs, implements, and maintains an organization's network security systems. This includes firewalls, intrusion detection systems, and access control lists. The Systems and Application Security course may be useful as it will teach you about various types of malicious code and how to identify and mitigate them. This course also covers endpoint device security, cloud infrastructure security, securing big data systems, and securing virtual environments.
Cloud Security Engineer
A Cloud Security Engineer designs and implements security plans for an organization's cloud computing environment. This includes identifying security risks, developing security policies, and implementing security controls. The Systems and Application Security course may be useful as it will teach you about various types of malicious code and how to identify and mitigate them. This course also covers endpoint device security, cloud infrastructure security, securing big data systems, and securing virtual environments.
Information Security Analyst
An Information Security Analyst is in charge of protecting their organization's networks and computer systems from a range of threats. To do this, they monitor computer systems, analyze security breaches, and develop security plans. The Systems and Application Security course may be useful as it will teach you about various types of malicious code and how to identify and mitigate them. This course also covers endpoint device security, cloud infrastructure security, securing big data systems, and securing virtual environments.
Security Architect
A Security Architect designs and implements security plans for an organization. This includes identifying security risks, developing security policies, and implementing security controls. The Systems and Application Security course may be useful as it will teach you about various types of malicious code and how to identify and mitigate them. This course also covers endpoint device security, cloud infrastructure security, securing big data systems, and securing virtual environments.

Reading list

We've selected seven books that we think will supplement your learning. Use these to develop background knowledge, enrich your coursework, and gain a deeper understanding of the topics covered in Systems and Application Security.
Provides a comprehensive overview of computer security, covering topics such as the different types of computer security threats, the different types of computer security measures, and how to implement computer security measures.
Provides a comprehensive overview of computer security, covering topics such as the different types of computer security threats, the different types of computer security measures, and how to implement computer security measures.
Provides a detailed overview of network security, covering topics such as the different types of network security threats, the different types of network security measures, and how to implement network security measures.
Provides a detailed overview of cloud security, covering topics such as the different types of cloud computing, the security risks associated with cloud computing, and how to implement cloud security measures.
Provides a comprehensive overview of cloud security, covering topics such as the different types of cloud computing, the security risks associated with cloud computing, and how to implement cloud security measures.
Provides a unique perspective on information warfare, covering topics such as the history of information warfare, the different types of information warfare threats, and the different ways to protect against information warfare attacks.
Provides a comprehensive overview of virtualization security, covering topics such as the different types of virtualization, the security risks associated with virtualization, and how to implement virtualization security measures.

Share

Help others find this course page by sharing it with your friends and followers:

Similar courses

Here are nine courses similar to Systems and Application Security.
Our mission

OpenCourser helps millions of learners each year. People visit us to learn workspace skills, ace their exams, and nurture their curiosity.

Our extensive catalog contains over 50,000 courses and twice as many books. Browse by search, by topic, or even by career interests. We'll match you to the right resources quickly.

Find this site helpful? Tell a friend about us.

Affiliate disclosure

We're supported by our community of learners. When you purchase or subscribe to courses and programs or purchase books, we may earn a commission from our partners.

Your purchases help us maintain our catalog and keep our servers humming without ads.

Thank you for supporting OpenCourser.

© 2016 - 2024 OpenCourser