OpenCourser brand icon
Sign in
We may earn an affiliate commission when you visit our partners.

Systems and Application Security

ISC2 Education & Training

Course 7 - Systems and Application Security

This is the seventh course under the specialization SSCP.

This course discusses two major changes in recent years to how we use our data: going mobile and using the cloud. First, we use our data on the go by means of data services provided to our mobile phones, Wi-Fi, and other devices. Second, so many of the enhanced functions we take for granted in our daily personal and professional lives are made possible by cloud services, where our data is stored or processed. 

Course 7 Learning Objectives

Read more

Course 7 - Systems and Application Security

This is the seventh course under the specialization SSCP.

This course discusses two major changes in recent years to how we use our data: going mobile and using the cloud. First, we use our data on the go by means of data services provided to our mobile phones, Wi-Fi, and other devices. Second, so many of the enhanced functions we take for granted in our daily personal and professional lives are made possible by cloud services, where our data is stored or processed. 

Course 7 Learning Objectives

After completing this course, the participant will be able to: 

- Classify different types of malware.

- Determine how to implement malware countermeasures.

- Identify various types of malicious activities. 

- Develop strategies for mitigating malicious activities. 

- Describe various social engineering methods used by attackers. 

- Explain the role of behavior analytics technologies in detecting and mitigating threats. 

- Explain the role and functionality of host-based intrusion prevention system (HIPS), host-based intrusion detection system (HIDS), and host-based firewalls. 

- Evaluate the benefits of application whitelisting in endpoint device security. 

- Explain the concept of endpoint encryption and its role in endpoint security. 

- Describe the role and functionality of Trusted Platform Module (TPM) technology in providing hardware-based security features. 

- Identify the steps in implementing secure browsing practices using digital certificates and secure communication protocols. 

- Explain the concept of endpoint detection and response (EDR) and its role in providing real-time monitoring, detection, investigation, and response capabilities to identify and mitigate advanced threats and security incidents on endpoint devices. 

- Identify provisioning techniques for mobile devices. 

- Explain the concept of containerization and how it contributes to effective mobile device management. 

- Explain how encryption contributes to effective mobile device management. 

- Describe the process of Mobile Application Management (MAM) to effectively manage the life cycle of mobile applications. 

- Distinguish among public, private, hybrid, and community deployment models in cloud security. 

- Distinguish among various service models and their impact on cloud security practices. 

- Describe virtualization technologies and their role in maintaining cloud security. 

- Identify legal and regulatory concerns related to cloud security. 

- Determine strategies to implement data storage, processing, and transmission while maintaining cloud security. 

- Explain the requirements and considerations associated with third-party services and outsourcing in cloud storage. 

- Explain the concept of the shared responsibility model in cloud storage. 

- Identify steps to manage and secure hypervisor environments. 

- Explain how to deploy, configure, and maintain virtual appliances within virtualized environments. 

- Determine the process for managing containerized environments. 

- Describe the best practices of storage management in virtualized environments. 

- Develop strategies for ensuring business continuity and resilience in virtualized environments. 

- Analyze potential threats and attacks targeting virtual environments.

Who Should Take This Course: Beginners

Experience Required: No prior experience required

Enroll now

Here's a deal for you

We found an offer that may be relevant to this course.
Save money when you learn. All coupon codes, vouchers, and discounts are applied automatically unless otherwise noted.
Valid until April 15
Coursera Plus Sale
Get unlimited access to expert-led courses that give you job-ready certificates with instructors from Google, IBM, and more.
Take
25%
off

What's inside

Syllabus

Overview
This course discusses two major changes in recent years to how we use our data: going mobile and using the cloud. First, we use our data on the go by means of data services provided to our mobile phones, Wi-Fi, and other devices. Second, so many of the enhanced functions we take for granted in our daily personal and professional lives are made possible by cloud services, where our data is stored or processed.  Both of those transformations are complex topics. However, from our perspective as security professionals, we can apply the security fundamentals we learn to help us better secure the data through the technologies, systems, and services we use. 

Good to know

Know what's good
, what to watch for
, and possible dealbreakers
Provides a foundational understanding of malware types and countermeasures, which is essential for anyone starting in cybersecurity
Explores mobile device management techniques, including provisioning, containerization, and encryption, which are crucial for securing modern mobile environments
ISC2 publishes this course, which aligns with their reputation for establishing security certifications and training programs
Examines cloud deployment models (public, private, hybrid, community) and service models, which is vital for understanding cloud security practices
Covers host-based intrusion prevention and detection systems (HIPS/HIDS), which are fundamental components of endpoint security
Discusses virtualization technologies and their role in cloud security, which is increasingly important for securing modern IT infrastructures

Save this course

Save Systems and Application Security to your list so you can find it easily later:
Save

Activities

Be better prepared before your course. Deepen your understanding during and after it. Supplement your coursework and achieve mastery of the topics covered in Systems and Application Security with these activities:
Review Networking Fundamentals
Solidify your understanding of networking concepts to better grasp application security vulnerabilities related to network communication.
Browse courses on Networking
Show steps
  • Review the OSI model and TCP/IP stack.
  • Study common networking protocols (HTTP, HTTPS, DNS, etc.).
  • Practice subnetting and network address translation (NAT).
Review 'Hacking: The Art of Exploitation'
Gain a deeper understanding of common exploitation techniques to better defend against them in system and application security.
View Hacking: The Art of Exploitation, 2nd Edition on Amazon
Show steps
  • Read the chapters related to buffer overflows and shellcode.
  • Experiment with the provided code examples in a virtual environment.
  • Research recent vulnerabilities and how they relate to the concepts in the book.
Review 'Cloud Security and Privacy'
Expand your knowledge of cloud security and privacy considerations to better protect data in cloud environments.
View Cloud Security and Privacy: An Enterprise... on Amazon
Show steps
  • Read the chapters related to data governance and compliance.
  • Research recent cloud security breaches and how they relate to the concepts in the book.
  • Summarize the key takeaways from each chapter.
Four other activities
Expand to see all activities and additional details
Show all seven activities
Follow Mobile Application Security Tutorials
Enhance your practical skills in mobile application security by following guided tutorials on topics like reverse engineering, static analysis, and dynamic analysis.
Show steps
  • Find reputable online tutorials on mobile application security.
  • Follow the tutorials step-by-step, paying attention to the underlying concepts.
  • Apply the techniques learned to analyze a real-world mobile application.
Set up a Mobile Device Security Test Environment
Gain hands-on experience with mobile device security by setting up a test environment to explore vulnerabilities and security controls.
Show steps
  • Install a mobile device emulator (e.g., Android Emulator).
  • Configure the emulator with different security settings.
  • Install and analyze a vulnerable mobile application.
  • Implement security controls like device encryption and remote wipe.
Create a Presentation on Cloud Security Best Practices
Reinforce your understanding of cloud security by creating a presentation that summarizes best practices for securing data and applications in the cloud.
Show steps
  • Research cloud security best practices from reputable sources.
  • Organize the information into a clear and concise presentation.
  • Include real-world examples of cloud security breaches and how to prevent them.
  • Present your findings to a peer or online forum.
Develop a Secure Mobile Application Prototype
Apply your knowledge of mobile security principles by developing a prototype of a secure mobile application with built-in security features.
Show steps
  • Design a simple mobile application with a specific functionality.
  • Implement security features like authentication, authorization, and data encryption.
  • Test the application for common vulnerabilities like SQL injection and cross-site scripting.
  • Document the security features and testing results.

Career center

Learners who complete Systems and Application Security will develop knowledge and skills that may be useful to these careers:
Security Analyst
A Security Analyst is responsible for monitoring and protecting an organization's systems and data. This course, which covers systems and application security, including malware countermeasures, malicious activity mitigation, and behavior analytics, directly helps a Security Analyst build a foundation for threat detection and response. The course also discusses how to implement secure browsing practices, which is crucial for a Security Analyst to understand. This course's coverage of endpoint detection and response would help a Security Analyst in their efforts to monitor and protect endpoints. The course is also useful for understanding the shared responsibility model in cloud storage which is important for properly analyzing cloud security risks.
See salaries and explore the career path for Security Analyst
Information Security Specialist
An Information Security Specialist works to implement and manage security measures to protect an organization's data and systems. The course content on identifying types of malware, developing countermeasures, and understanding social engineering methods directly helps an Information Security Specialist develop protective strategies. This course's discussion of mobile device management, including provisioning techniques, containerization, and encryption, would be particularly relevant for an Information Security Specialist in an era of increasingly mobile workforces. As a foundation-building course, it offers a great stepping stone for those entering this field.
See salaries and explore the career path for Information Security Specialist
Cloud Security Engineer
A Cloud Security Engineer focuses on securing cloud-based systems and data. This course's deep dive into cloud security, such as deployment models, service models, and virtualization technologies, would be very valuable for a Cloud Security Engineer. A Cloud Security Engineer would greatly benefit from the course's focus on legal and regulatory concerns as well as data storage, processing, and transmission in the cloud. This course discusses the shared responsibility model in cloud storage, which is a core component of understanding cloud security. This course's emphasis on cloud security is particularly relevant for those looking to enter this role.
See salaries and explore the career path for Cloud Security Engineer
Endpoint Security Analyst
An Endpoint Security Analyst is responsible for securing devices such as laptops, mobile phones, and tablets. This course's discussion of host-based intrusion prevention systems, host-based intrusion detection systems, and host-based firewalls directly applies to the role of an Endpoint Security Analyst. The course also covers the benefits of application whitelisting and endpoint encryption, which are essential security measures for an Endpoint Security Analyst to know. Further, the course's discussion of endpoint detection and response technologies directly relates to an Endpoint Security Analyst's responsibilities in identifying and mitigating threats on endpoint devices. This course provides a solid foundation regarding endpoint security.
See salaries and explore the career path for Endpoint Security Analyst
Mobile Security Specialist
A Mobile Security Specialist focuses on securing mobile devices and the data they access. This course, which explores provisioning techniques, containerization, and encryption for mobile devices, directly applies to this role. The course's discussion of Mobile Application Management is also directly relevant to the work of a Mobile Security Specialist, as is the understanding of securing data on the go, which is a core focus of the course. A Mobile Security Specialist would be well served by taking this course.
See salaries and explore the career path for Mobile Security Specialist
System Administrator
A System Administrator maintains and manages computer systems, and in doing so, needs to understand security practices. This course, while not focused entirely on systems administration, provides essential security knowledge for a System Administrator, including understanding malware, implementing countermeasures, and identifying malicious activities. The course's discussion of HIPS, HIDS, and firewalls helps a System Administrator secure systems. The course also covers virtualization, which is used by many System Administrators, along with strategies for maintaining business continuity in virtualized environments. These aspects of the course would be valuable for any system administrator interested in enhancing their security knowledge.
See salaries and explore the career path for System Administrator
Network Security Engineer
A Network Security Engineer designs, implements, and manages network security systems and protocols. This course provides foundational knowledge of security concepts such as malicious activities, social engineering methods, and malware, which is valuable for a Network Security Engineer to know, even if it is not specifically focused on network hardware. The course also discusses secure communication protocols such as digital certificates, which a Network Security Engineer would benefit from understanding. While not networking-focused, this course provides a good introduction to a range of important security concepts.
See salaries and explore the career path for Network Security Engineer
Security Consultant
A Security Consultant advises organizations on their security posture and helps them implement security solutions. This course, which discusses a wide range of security topics from malware countermeasures to cloud security, may help a Security Consultant understand the challenges faced by organizations. The course's discussion of social engineering methods, mobile device management, and cloud security may be particularly helpful. This course is a helpful introduction to many security concepts that a Security Consultant may encounter.
See salaries and explore the career path for Security Consultant
IT Auditor
An IT Auditor examines and evaluates an organization's information technology infrastructure and its security controls. While this course does not explicitly cover auditing procedures, it introduces a wide range of security concepts such as types of malware, methods for mitigating malicious activities, and cloud security practices, all of which an IT Auditor needs to understand. The course also discusses legal and regulatory concerns related to cloud security, which may be useful for an IT Auditor. This course may provide some helpful background information for those looking to enter IT auditing.
See salaries and explore the career path for IT Auditor
Software Developer
A Software Developer designs, writes, and tests code for applications and systems. While this course is not about software development itself, it touches on concepts that are very relevant for writing software that is secure. A Software Developer will benefit from understanding the various types of malicious activities and social engineering methods that are covered in this course. By learning about the course's discussion of secure browsing practices, such as digital certificates and secure communication protocols, a Software Developer is able to create better, more secure applications. This course may prove to be useful in the larger context of responsible, secure software development.
See salaries and explore the career path for Software Developer
Data Analyst
A Data Analyst examines and interprets data to identify trends and insights. While this course is not directly focused on data analysis, it introduces security concepts that are important for understanding how data is protected. The course's coverage of malware, malicious activity mitigation, and behavior analytics may help a Data Analyst think more deeply about how their data is stored and processed. This course's discussion of cloud security also applies to Data Analysts who store data in the cloud. This course may be useful for those interested in data governance and security.
See salaries and explore the career path for Data Analyst
Project Manager
A Project Manager is responsible for planning, executing, and overseeing projects. This course does not focus on project management itself, but it can help a Project Manager better understand the security considerations within an organization. The course's focus on cloud and mobile security may be particularly helpful for a Project Manager involved in projects that concern those areas. This course may assist a Project Manager with understanding the security challenges involved in an organization.
See salaries and explore the career path for Project Manager
Technical Support Specialist
A Technical Support Specialist provides technical assistance to users of computer systems and software. While this course is not directly focused on help desk operations, it helps a Technical Support Specialist understand the security aspects of technology. This includes recognizing various types of malware, and also identifying malicious activities, all of which are covered in this course. The course's discussion of secure browsing practices and the use of digital certificates may be useful for someone providing tech support. This course may be helpful for those wishing to improve their technical support skills.
See salaries and explore the career path for Technical Support Specialist
Sales Engineer
A Sales Engineer combines technical knowledge with sales skills to sell complex products or services. While this course is not primarily focused on sales, it introduces security concepts that may be helpful in talking to customers about these types of services. The course covers mobile security, cloud security, and also the shared responsibility model in cloud storage. A Sales Engineer who better understands these concepts may better explain security services to potential customers. This course may improve their understanding of the security landscape.
See salaries and explore the career path for Sales Engineer
Human Resources Specialist
A Human Resources Specialist handles various employee-related matters, including on and offboarding employees. While this course does not focus on human resources, it does cover concepts such as social engineering methods and mobile device management, which may help a human resources professional better understand some of the security challenges an organization faces. The course's discussion of secure browsing practices may also be relevant. This course may be useful for a Human Resources Specialist to better understand how users interact with information systems and data.
See salaries and explore the career path for Human Resources Specialist

Reading list

We've selected two books that we think will supplement your learning. Use these to develop background knowledge, enrich your coursework, and gain a deeper understanding of the topics covered in Systems and Application Security.
Cover image
Hacking: The Art of Exploitation, 2nd Edition
Save
Provides a deep dive into the technical aspects of exploitation, covering topics like buffer overflows, shellcode, and network sniffing. It's particularly useful for understanding the underlying mechanisms of attacks discussed in the course. While not directly focused on mobile or cloud, the fundamental principles of exploitation apply across different environments. This book is commonly used in cybersecurity courses.
Hacking: The Art of Exploitation, 2nd Edition
Paperback
$$
Hacking: The Art of Exploitation, 2nd Edition
Kindle Edition
$$
Cover image
Cloud Security and Privacy
Save
Provides a comprehensive overview of cloud security and privacy issues, covering topics like data governance, compliance, and risk management. It's a valuable resource for understanding the legal and regulatory aspects of cloud security. This book adds more depth to the cloud security topics covered in the course and useful reference tool.
Cloud Security and Privacy: An Enterprise...
Paperback
$$
Cloud Security and Privacy: An Enterprise...
Kindle Edition
$$

Share

Help others find this course page by sharing it with your friends and followers:
Facebook
LinkedIn
Reddit
X
Link
Email

Similar courses

Similar courses are unavailable at this time. Please try again later.
Level
Introductory
Via
Coursera
Institution
ISC2
Instructor
ISC2 Education & Training
Session
January 20, 2025 - February 3, 2025
Language
English
Good to know
Provides a foundational understanding of malware types and countermeasures, which is essential for anyone starting in cybersecurity
Explores mobile device management techniques, including provisioning, containerization, and encryption, which are crucial for securing modern mobile environments
ISC2 publishes this course, which aligns with their reputation for establishing security certifications and training programs
Examines cloud deployment models (public, private, hybrid, community) and service models, which is vital for understanding cloud security practices
Covers host-based intrusion prevention and detection systems (HIPS/HIDS), which are fundamental components of endpoint security
Discusses virtualization technologies and their role in cloud security, which is increasingly important for securing modern IT infrastructures
Share and help others discover this course.
Facebook LinkedIn X Reddit Link Email
Don't miss out
Enroll today to gain access to this course
Enroll in this course
Our mission

OpenCourser helps millions of learners each year. People visit us to learn workspace skills, ace their exams, and nurture their curiosity.

Our extensive catalog contains over 50,000 courses and twice as many books. Browse by search, by topic, or even by career interests. We'll match you to the right resources quickly.

Find this site helpful? Tell a friend about us.

Affiliate disclosure

We're supported by our community of learners. When you purchase or subscribe to courses and programs or purchase books, we may earn a commission from our partners.

Your purchases help us maintain our catalog and keep our servers humming without ads.

Thank you for supporting OpenCourser.

© 2016 - 2025 OpenCourser