The Certified Pro Hub/Principles of Information Security Management

Get access for free

Free

Principles of Information Security Management

Course
47 Lessons
90-day access

In cybersecurity, the problem isn't a lack of information: it's information overload. This product is your solution to the chaos. Think of these notes as your "Second Brain" for Cybersecurity. Over the course of my learning journey, I have documented, tagged, and summarised the critical components of the security landscape.

Contents

Course Description:

1. Security and Risk Management (1 - 2h)

Establishes the governance, compliance, and risk frameworks necessary to align security initiatives with business goals. This foundation ensures that every security measure has strategic direction, budget justification, and legal enforceability.

A Strategic Governance and Risk Architecture

Cybersecurity Architecture: Fundamentals of Confidentiality, Integrity, and Availability (12 min)

Risky Business: Strengthening Cybersecurity with Risk Analysis (12 min)

Controls Categories (12 min)

Zero Trust (7 min)

Cyber Risk Management: Essentials for the Practical CISO (1 hr)

2. Asset Security (0.5 - 1h)

Covers the identification, classification, and lifecycle management of data to ensure protection controls match the asset's value. You cannot effectively secure or legally defend data if you have not defined its location, ownership, and worth.

Asset Security

Data Security: Protect your critical data (or else) (6 min)

SSD Data destruction (10 min reading)

Google Data Center Security: 6 Layers Deep (2 min)

Data Governance (10 min)

3. Security Architecture and Engineering (3 - 4 hrs)

This section explores the theoretical and practical application of security principles to the design of systems, encompassing hardware, software, and physical environments. It bridges the gap between abstract security models and concrete implementations.

Security Architecture and Engineering

Cryptography: Crash Course Computer Science (12 min)

The Adventure of Alice and the Encrypted Message (14 min)

Steganography (3 min)

Virtualization Explained (5 min)

Cybersecurity Architecture: Who Are You? Identity and Access Management (30 min)

Cloud security guidance (30 min - reading)

Full SANS Webcast | Decoding the Shared Responsibility Model (49 min)

Buffer Overflows (3 min)

Stack vs Heap Memory - Simple Explanation ( 5 min)

What are hardware security modules (HSM), why we need them and how they work. (7 min)

How Access Control Systems Work | Point Monitor Corporation (6 min)

4 - Communication and Network Security (2 - 3 hrs)

Bridges secure design principles with network architecture to ensure the fundamental pathways of data transmission are structurally sound. If the underlying architectural blueprint is flawed, operational monitoring alone cannot secure the environment.

Network Security basics

Understanding the OSI Model (12 min)

Cybersecurity Architecture: Networks (27 min)

Internet Networks & Network Security | Google Cybersecurity Certificate (1 hr)

How does HTTPS work? What's a CA? What's a self-signed Certificate? (11 min)

Kerberos (3 min)

5 - Identity and Access Management (1- 2hr)

Identity and Access Management defines the mechanisms for verifying identities and restricting access, serving as the primary control against unauthorised entry.

Robust IAM prevents attackers from masquerading as legitimate users to move undetected through your systems.

Identity and Access Management (12 min)

Cybersecurity Architecture: Who Are You? Identity and Access Management (31 min)

OAuth terminologies and flows explained (24 min)

6. Security Assessment and Testing

Security Assessment and Testing: Validates the effectiveness of specific security controls through rigorous auditing and penetration testing. This "trust but verify" approach exposes invisible weaknesses so they can be fixed before an attacker exploits them.

Key Terminology

Building a Cybersecurity Framework (8 min)

NIST Cybersecurity Framework 2.0 (5 min)

SOC 1 vs SOC 2 Audits: What’s the Difference? (5 min)

CertMike Explains SOC Audits (8 min)

7 - Security Operations

Security Operations operationalises daily defence procedures, including incident response and disaster recovery, to ensure business continuity. This allows the organisation to detect active threats immediately and recover rapidly following a disruptive event.

The Incident Scene & Evidence Collection

Malware (21 min)

Attack Frameworks (8 min)

How Hackers Steal Passwords: 5 Attack Methods Explained (13 min)

Examples: Data resilience, RAID and storage

8- Software Development Security

Software Development Security Integrates security best practices into the Software Development Lifecycle (SDLC) to eliminate coding vulnerabilities at the source. Eliminating flaws during development is significantly safer and more cost-effective than patching live applications.

Software Development Security

Cybersecurity Architecture: Application Security (16 min)

Container Security Explained (6 min)

Threat Modeling in the Age of AI - Susanna Cox (45 min)