ISC2
Securing Software, Data and End Points
ISC2

Securing Software, Data and End Points

This course is part of (ISC)² Systems Security Certified Practitioner (SSCP)

Taught in English

Some content may not be translated

3,211 already enrolled

Course

Gain insight into a topic and learn the fundamentals

4.8

(25 reviews)

Beginner level

Recommended experience

7 hours (approximately)
Flexible schedule
Learn at your own pace

Skills you'll gain

Details to know

Shareable certificate

Add to your LinkedIn profile

Assessments

13 quizzes

Course

Gain insight into a topic and learn the fundamentals

4.8

(25 reviews)

Beginner level

Recommended experience

7 hours (approximately)
Flexible schedule
Learn at your own pace

See how employees at top companies are mastering in-demand skills

Placeholder

Build your subject-matter expertise

This course is part of the (ISC)² Systems Security Certified Practitioner (SSCP)
When you enroll in this course, you'll also be enrolled in this Specialization.
  • Learn new concepts from industry experts
  • Gain a foundational understanding of a subject or tool
  • Develop job-relevant skills with hands-on projects
  • Earn a shareable career certificate
Placeholder
Placeholder

Earn a career certificate

Add this credential to your LinkedIn profile, resume, or CV

Share it on social media and in your performance review

Placeholder

There are 6 modules in this course

Software presents the largest attack surface of nearly every organization’s information systems, and its creation is often poorly managed. The vast majority of software vulnerabilities are accidental but repeat offenses. Repeats and reprises of classic design and programming errors, being made over and over again by each new generation of programmers.  And when they’re not exploiting those kinds of software vulnerabilities, attackers take advantage of poorly maintained, often under-protected software, and thus exploit other operational and procedural vulnerabilities as they travel along their attack vector to their desired targets.  We are not going to do a deep dive into the common weaknesses of software, nor how they get put in by designers and programmers. You won’t need to learn programming or how to read code to help your organization dramatically improve the security of its software or the supply chains that bring that software to the organization’s end users.   

What's included

7 videos2 readings2 quizzes

Whether you are using the CIA triad, CIANA+PS or any other set of security characteristics as your analysis framework, you’ll find that they all meet their stress test case when considering databases and data warehouses. This is the “data at rest” part of the three-state model of data; applications and endpoints make up the environment in which we consider data in use, and networks and communications systems are where data is in motion, of course.  Business and organizational data, personal data such as personally identifiable information (PII) or protected health information (PHI), and metadata about all of that data are collected, collated, linked together and stored in databases and data warehouses, whether on-premises, in the cloud or in hybrid architectures.  It’s the information in those architectures that requires the right set of protections and controls, if the organization is to meet or exceed its information security, data protection and systems safety needs.  Many different forms of attacks on data happen every day. Ransom attacks encrypt the target’s data while demanding payment to provide the decryption key and tool; this is extortion, a crime everywhere.  Other attacks attempt to corrupt existing data or put false data into the system as an act of sabotage or fraud.   Copying of data without disturbing it is theft, and such data breaches, or data exfiltration attacks, can target data that is in simple files, such as poorly protected lists of usernames and related credentials, systems log files or applications data in documents, spreadsheets and other files. Attacks that net millions of stolen copies of customer records, however, have more than likely been targeted against databases and data warehouses. These attack vectors can be categorized in many ways, and the next section will look at the most common. 

What's included

6 videos2 readings2 quizzes

The term “malicious code” refers to the many types of malware in use today. In many cases, people use the term “virus” incorrectly to include all types of malware. In fact, a virus is only one form of malware.  Malware is the joining of the two terms “malicious” and “software.” It is often used to discuss the various forms of malicious software code that have been written to cause damage or perform unauthorized activity on a system. Malware is not used to describe a software bug or logic flaw in a system because those are not written to intentionally perform unauthorized actions. There are many forms of malware in use today, and over the years it has evolved as malware authors have had to discover new ways to compromise a system and to achieve its goals.  It’s important to differentiate between malware and potentially unwanted programs (PUPs). Many adware and spyware programs are viewed as having legitimate business and organizational uses; in fact, the trade groups that represent advertisers, workplace employee performance monitoring and vendors of these programs argue that when used legitimately, the organization clearly wants them installed and in use, even if some of their employees are hesitant.  This is why many threat intelligence services, anti-malware and security systems vendors and others refer to programs with no demonstrably hostile or malicious intent as separate from programs that are clearly hostile by design and use.  Some malware (also called malcode) is overt and obvious, doing extensive damage to systems and data within a short time of its introduction, while other malware is hidden and can lie dormant on a system for months or years undetected, just waiting to respond to a call from the implementer of the malware.  Early versions of malware were either a virus or a worm and often spread by passing floppy disks from person to person (like the Brain computer virus) or exploiting a network connection (e.g., Morris worm). The infected floppy disk would contain a (boot sector) virus that overwrote the boot sector on the hard disk. When the disk was inserted into a system, the system would read the boot sector to determine what data was on the disk and load the virus sitting in the boot sector. With this means of transmission, it took years for such a virus to spread around the world. Other virus types included the macro virus that would exploit the macro language used in some office productivity products, or the various forms of malware that would spread as email attachments or through links in an email. 

What's included

6 videos4 quizzes

Systems’ security depends on the correct configuration and interaction of many different components. Security must be deployed in a consistent manner across the entire system. This requires careful management of equipment, personnel and communications interfaces. This module will examine how to design, build and manage secure systems and ensure that no gaps are left in the design or operations of a system. 

What's included

9 videos4 readings2 quizzes

What's included

3 videos3 readings2 quizzes

This chapter has taken you on a wide-ranging journey across the threat surface of your organization’s software, its data, its endpoints and its virtual environments. Along the way you’ve seen some of the challenges that face you as you try to harden systems, procedures and the organization’s people as well as to resist the attacks of malware, social engineering, phishing and malformed data.   Cybercrime has become incredibly lucrative; it has also become a very big business ecosystem, in which many layers of toolkit developers, open source intelligence gatherers, exfiltrated data resellers and specialist attack teams support the efforts of advanced persistent threat (APT) teams in their attacks on businesses, schools, universities, hospitals and government services around the world.   Your organization’s information security team cannot outspend the cybercriminals; and while it’s true that you cannot outthink all of them all the time, you really don’t have to. You only have to outthink the ones you have to detect, right now, today, as they try to intrude into your systems or otherwise disrupt your IT and OT infrastructures and the business processes that depend upon them.  The bottom line is keeping the data safe, secure, reliable; and that means keeping the software safe and reliable to use, whether it’s running on servers or endpoints, on real iron or in virtualized environments on top of hypervisors. One day at a time.

What's included

1 reading1 quiz1 peer review

Instructor

(ISC)² Education & Training
ISC2
20 Courses74,096 learners

Offered by

ISC2

Recommended if you're interested in Security

Why people choose Coursera for their career

Felipe M.
Learner since 2018
"To be able to take courses at my own pace and rhythm has been an amazing experience. I can learn whenever it fits my schedule and mood."
Jennifer J.
Learner since 2020
"I directly applied the concepts and skills I learned from my courses to an exciting new project at work."
Larry W.
Learner since 2021
"When I need courses on topics that my university doesn't offer, Coursera is one of the best places to go."
Chaitanya A.
"Learning isn't just about being better at your job: it's so much more than that. Coursera allows me to learn without limits."

Learner reviews

Showing 3 of 25

4.8

25 reviews

  • 5 stars

    84%

  • 4 stars

    16%

  • 3 stars

    0%

  • 2 stars

    0%

  • 1 star

    0%

SS
5

Reviewed on Jun 2, 2023

New to Security? Start here.

Placeholder

Open new doors with Coursera Plus

Unlimited access to 7,000+ world-class courses, hands-on projects, and job-ready certificate programs - all included in your subscription

Advance your career with an online degree

Earn a degree from world-class universities - 100% online

Join over 3,400 global companies that choose Coursera for Business

Upskill your employees to excel in the digital economy

Frequently asked questions