Evaluating Your Organization’s Security Posture
This course will teach you about completing a holistic security evaluation, and how to shape it into a repeatable practice that helps raise the IT security posture for the whole company.
What you'll learn
Assessing your organization’s security is a long process consisting of many moving parts. In this course, Evaluating Your Organization’s Security Posture, you will gain the ability to complete an end-to-end security evaluation to provide a “map” of your company’s security posture. First, you will learn about the practices of security evaluation. Next, you will discover the many tools and techniques available. Finally, you will explore how to effectively juggle the amount of work, evidence, and data collection required of an assessment. When you’re finished with this course, you will have the skills and knowledge of auditing, governance, and critical thinking needed to evaluate your organization’s security.
Table of contents
- Overview 1m
- Understanding Layers of Physical Security 3m
- Threats and Vulnerabilities 1m
- Outer Perimeter Controls and Countermeasures 1m
- Inner Perimeter Controls and Countermeasures 4m
- Locks, Badges, and CCTV 3m
- Work Center Security 2m
- Inventory and Vendor Management 3m
- Testing and Assessing Physical Controls 1m
- Summary 1m
- Overview 3m
- Why You Should Map Your External Footprint 4m
- The Process of Evaluating Your External Environment 2m
- Enumerating Subdomains & Demo 3m
- Email Addresses Are a Target 1m
- Evaluating Your Cloud Tenant 4m
- Assessing Web Apps 2m
- Assessing Bug Tracking & Release Cycles 4m
- Questions for Penetration Testing and Vulnerability Scanning 4m
- Considerations for SaaS 2m
- Demo: Finding Secrets in GitHub 4m
- Summary 2m
- Overview 3m
- Assessing AD and Administrators 4m
- IT Services and Account Lifecycle 3m
- Investigating Email Security 2m
- Assessing NTP 2m
- Evaluating Log Practices 2m
- Digging into Fileshares 2m
- DNS Security Posture 4m
- Evaluating Networking 3m
- Vulnerability Management 2m
- All About Incident Response 5m
- Summary 1m
About the author
Paul started building computers in high school. He feels lucky to have received life lessons and technical training in the United States Air Force. Throughout his career he has been part of many project teams ranging from single server deployments, to data center refreshes, to cloud migrations. He believes in being a well rounded IT practitioner and studying all aspects of technology. In the future he plans to move into IT leadership roles or build his own company. In his free time Paul enjoys w... more