This course is meant for anyone curious about InfoSec and just starting out in this field. Terminology and concepts are explained with the goal of being clear even to those who hear of them for the very first time.
The following topics are covered mainly with definitions and theoretical explanations, but also with some practical examples:
- The need for InfoSec
- CIA Triad (Confidentiality, Integrity, Availability)
- Non-repudiation
- Risk Assessment & Risk Management
- Cryptography and it's place in InfoSec
- Authentication and Authorization
- Governance and Information Security Policies
- Security Auditing
- Laws & Regulations related to Security and Privacy of Data
- Security Detection and Response
- Vulnerability Management
- Security Patching
- Penetration Testing
As an experienced Cybersecurity expert, I've changed a few roles and seen different approaches to security, mainly in large corporations. I'm happy to provide insight into how those systems operate, and more importantly, how they're secured. You will learn that it's not all about advanced technology you hear about these days, but also about people, processes, education, and analytical thinking. I truly hope you will find value in these lessons, and feel free to reach out shall you have any questions, suggestions, or ideas to share.
Later on, I will add tests in between lessons, including some additional information on differences between all the security disciplines: infosec, cybersec, physical, fraud...