Course Learning Objectives
This course provides a fundamental understanding of Operations Security, or OpSec. OpSec covers the side of a software company that doesn’t spend their time writing code, but ensuring the security and stability of the systems the organization relies on.
By the end of this course, you’ll be able to discuss how to harden and configure your software and environments, manage access control and identity management, describe the role of a Security Operations Center, develop a Business Continuity and Disaster Recovery plan, and develop a process for backing up and disposing of software in your organization.
Description
This course covers the fundamental concepts of Operations Security in terms of installation and deployment, access control and identity management, the Security Operations Center, Business Continuity and Disaster Recovery, and enterprise data backup and disposal.
| Audience | Time Required |
|---|---|
| Ops Engineers Sys Admins | Tailored learning – 60 minutes total (approx.) |
Course Outline
1. Installation and Deployment Process
- About
- Considerations for deployment
- Hardening
- Environment configuration
- Configuration activities
- Bootstrapping
- Operations and maintenance
- Maintaining resilience
2. Access Control and Identity Management
- About
- Identity and access management
- Identity and access management example
- Identification, authentication, and authorization
- Identification mechanism
- Federation
- Single Sign-On
- IDaaS
- Certificate-based authentication
- Accountability
- Account management
- Secrets management
3. Security Operations Center
- About
- SOC requirements
- Minimum security baseline and IAM
- Security scans and logs
- SIEMs
- Network security and performance
- Penetration testing
- Incident management
- Notification and escalation
- Managed security service providers
4. Business Continuity and Disaster Recovery
- About
- Business continuity example
- Impact to businesses
- Business Continuity vs. Disaster Recovery
- BCP and cybersecurity
- Start your journey
- Business Impact Analysis
- Risk assessment
- Specific requirements
- Critical time frames
- Security table top exercises
- Maintaining the business continuity
5. Enterprise Backup and Disposal
- About
- End-of-life policies
- Sunset criteria
- Data backup
- Backup strategies
- Cloud backup
- RAID backups
- Backup considerations