Security Operations

This comprehensive course provides an in-depth of different functions performed for security operations. Students will learn how security operations add value to an organization and the role of documented policies, frameworks, and controls in reducing risk. The course covers critical cybersecurity functions, including risk management, compliance management, asset and vulnerability management, identity and access management, data protection, vendor and supply chain security, security awareness, and monitoring.

Additionally, students will examine key risk assessment strategies, incident response planning, digital forensics, contingency planning, and auditing. By the end of the course, learners will have the knowledge and skills to implement and manage a robust cybersecurity program, ensuring organizational security, regulatory compliance, and effective risk mitigation.

About This Course

Key components of the course include

  • Define what a cybersecurity program is and how security operations can add value to an organization
  • Explain how documented policies, standards, procedures, guidelines, and controls play a role in reducing risk to an organization
  • Explain how frameworks can help form and implement security controls for an organization
  • Explain common cybersecurity program functions and their role in protecting an organization
  • Explain the function of compliance management and various considerations for compliance management in an organization
  • Explain key concepts to compliance management such as privacy, data roles, legal actions, and potential consequences of non-compliance
  • Describe common laws, regulations, and industry standards as it relates to compliance
  • Explain what a gap analysis is and how it can identify areas that need improvement
  • Explain the function of risk management and various considerations for risk management in an organization
  • Define key risk management actions and terms such as risk identification, risk analysis, risk register, and risk reporting
  • Define key risk measurement strategies and calculations such as AV, TCO, SLE, EF, ALE, and ARO
  • Describe risk management strategies
  • Explain methods of prioritizing projects using risk factors and Return on Investment (ROI)
  • Explain the function of asset acquisition and management and various considerations while managing assets of an organization
  • Explain the function of vulnerability management and various considerations while managing vulnerabilities
  • Explain key terms and resources for vulnerability management, such as CVE, CVSS, CPE, CCE, CVE, SCAP, Pentesting, red teams, and blue teams
  • Explain possible actions to take to deal with vulnerabilities within the organization
  • Explain the importance of patch management and processes associated with patch management
  • Explain the function of data management and various considerations while managing data
  • Define key terms for data management, such as compliance, privacy, data roles, data types, and PII
  • Explain types of data and the data type could determine the level of security controls needed to protect the data
  • Explain common methods for protecting data, such as data classification, data labeling, ACLs, encrypting data, steganography, data masking, data obfuscation, and DLP
  • Explain how data retention and retirement plays a role in keeping data safe
  • Explain the function of vendor and supply chain management
  • Explain key relationships to an organization and common agreement types
  • Explain considerations when choosing and evaluating vendors
  • Explain the function of personnel management
  • Explain key policies in relation to personnel management such as least privilege, need to know, separation of duties, job rotation, and mandatory vacations
  • Explain the function of Identity and Access Management (IAM) and it’s critical role in keeping an organization safe
  • Explain key concepts to IAM such as AAA, PAM, key storage, MFA, OTP, HOTP, TOTP, SSO, Federation, and identity proofing
  • Explain what makes a good password and the importance of a password manager and using MFA
  • Explain key IAM policies and considerations for those policies
  • Explain the importance of access control, access control models and their use cases for common access control models
  • Explain methods for physical access control
  • Explain the function of security awareness and training and its role in keeping an organization safe
  • Explain the function of configuration and change management and it’s critical role in keeping an organization safe
  • Explain the function of monitoring and its role in maintaining security for an organization
  • Explain types and methods of monitoring and how monitoring protocols and software play a role in maintaining an infrastructure
  • Define key monitoring terms, such as logging, NetFlow, SNMP, Syslog, benchmarking, SIEM, FIM, and threat hunting
  • Explain Indicators of Compromise (IoC)
  • Explain the function of alerting and it’s role of keeping an organization secure
  • Explain the function of Incident Management and its role in keeping an organization safe
  • Explain key concepts relating to incident management, such as uptime, five 9s, MTTR, MTBF, root cause analysis, and SOAR
  • List what goes into a incident response plan and explain the importance of it
  • Explain what digital forensics is, some key terms relating to digital forensics, and the process for collecting evidence
  • Explain the function of contingency planning and its role in keeping an organization safe
  • Explain key terms in relation to contingency planning, such as BIA, RPO, RTO, and DRP
  • Explain the function of auditing and assessments and its role in keeping an organization safe
  • Explain key terms, such as auditing, attestation, and gap analysis
  • Explain the function of program management and its role in keeping an organization safe
  • Describe key metrics for evaluating the performance of systems and programs related to security
  • List various regulatory compliance and describe key concepts
  • Determine who may have to comply with various compliance frameworks
  • Describe various agreement types and where they might apply

 

Learn it Right, Learn it Well, and Reap the Rewards

Spending the time now to fully understand what security operations looks like and how an organization can implement processes and procedures to reduce risk and improve their services.

How to Take This Course!

Option #1 – Watch this course on YouTube. For convenience, I’ve included links to the videos down below

Option #2 – Take this course on Udemy. This is not a free option, but has the advantage of a full learning management system, no commercials, and completion certificates.

Here’s the link to the Udemy Course:

https://www.udemy.com/share/10dj8F/

Course Content

Module 0 – Welcome and Getting Started

Welcomehttps://youtu.be/jLA4T9PQoSA0:0:49
Course Overviewhttps://youtu.be/e4TWt4cBPEU0:10:30
SyllabusN/A
Meet Your InstructorN/A

 

Module 1 – Security Program

Module Introhttps://youtu.be/reiqmqa6D_A0:01:14
Security Operationshttps://youtu.be/CH8giGZQuLA0:04:30
What is a Cybersecurity Programhttps://youtu.be/OuIZkeYsPpQ0:07:52
Security Program Documentationhttps://youtu.be/uJbrR746NyE0:04:35
Policieshttps://youtu.be/VBgoePcAcYE0:05:57
Information Security Policy (ISP)https://youtu.be/AyvqYjac5hY0:02:46
Standardshttps://youtu.be/NLJ7z10oAC80:03:29
Procedureshttps://youtu.be/hZbiMf2ZWY00:04:42
Guidelineshttps://youtu.be/6qhCLZPH0rk0:02:26
Controlshttps://youtu.be/bMOHOEC1PrU0:03:36
Fail-Open vs Fail-Closedhttps://youtu.be/3RTOIZVx1mA0:06:16
Types of Controlshttps://youtu.be/X8wBjWxFbr00:05:16
Policies, Standards, Procedures, Guidelineshttps://youtu.be/I1PGDHnqVf80:09:07
Cybersecurity Frameworkshttps://youtu.be/QlhgY8j4a740:07:39
Monitoring and Revisionshttps://youtu.be/VxknoICuLRA0:02:38
Security Program Governancehttps://youtu.be/fxIWDqBGS-Q0:07:40

 

Module 2 – Security Operations

Module Introhttps://youtu.be/H3N4aCasjtA0:03:56
Compliance Managementhttps://youtu.be/Wzwhy9WRFkI0:01:56
Risk Managementhttps://youtu.be/6g6VcqPRqL80:05:13
Asset Acquisition and Managementhttps://youtu.be/5w-dreWicEU0:02:33
Vulnerability Managementhttps://youtu.be/Fg6XTelPKG40:06:09
Patch Managementhttps://youtu.be/wBijFzSeirU0:02:59
Data Managementhttps://youtu.be/z8QbvQ8hKa00:01:11
Vendor and Supply Chain Managementhttps://youtu.be/9NdDX-eBjBM0:05:08
Personnel Managementhttps://youtu.be/rp18sO3UwMo0:02:30
Identity and Access Management (IAM)https://youtu.be/UXMJfmIyIRk0:01:05
Security Awareness & Training Managementhttps://youtu.be/jF2ekqGLkuk0:01:59
Configuration and Change Managementhttps://youtu.be/LIoUTD0W4_80:04:06
Monitoring and Alertinghttps://youtu.be/SlZ18dg7YoM0:03:17
Incident Managementhttps://youtu.be/ElsSqnAeleI0:02:37
Contingency Planninghttps://youtu.be/Pu3zBK0SH6E0:02:18
Auditing and Assessmentshttps://youtu.be/Dre8uA_gHus0:02:03
Program Managementhttps://youtu.be/LBPI66WGWlo0:01:22

 

Module 3 – Compliance Management

Module Introhttps://youtu.be/0xvXjlNA0CE0:02:27
Compliance Managementhttps://youtu.be/g4BCD_n8FDI0:05:15
Privacyhttps://youtu.be/wx-Q2qrtexM0:09:16
Data Roleshttps://youtu.be/IpTRSb15G5E0:04:08
Compliance Factorshttps://youtu.be/-PaDQ0c9sKg0:09:35
Regulation, Accreditations, and Standardshttps://youtu.be/PdWU6ZckqmQ0:04:23
Customer, Vendor, and Partner Agreementshttps://youtu.be/IZhGJgcWFxE0:04:09
Legal Actionshttps://youtu.be/uI2l6LbCX7U0:07:46
Compliance Monitoring and Reportinghttps://youtu.be/h76Z63_TGRo0:10:04
Gap Analysishttps://youtu.be/0g_f_cAop1U0:04:01
Consequences of Non-Compliancehttps://youtu.be/PKsYh4t2IUM0:02:20

 

Module 4 – Risk Management

Module Introhttps://youtu.be/-LNC8ljRSpE0:02:24
Risk Managementhttps://youtu.be/b3muOmLdZ3o0:12:55
Risk Management Approachhttps://youtu.be/4Omv3ClgZgI0:07:15
Risk Assessmenthttps://youtu.be/VPcSsrBNXkU0:02:52
Risk Appetite, Risk Threshold, and Risk Tolerancehttps://youtu.be/zGDiMQaXy8I0:10:22
Risk Identificationhttps://youtu.be/0DJCuhpWvxc0:04:39
DEMO: Assessmentshttps://youtu.be/XrMXPUeWwjw0:04:39
Risk Tracking & Risk Registerhttps://youtu.be/c-W8V4g1FD80:02:27
Risk Analysishttps://youtu.be/xN3a0eEVKdk0:06:01
Qualitative Risk Analysishttps://youtu.be/2vX1Ui3-jC00:06:01
DEMO: Risk Register and Analysishttps://youtu.be/lUzqiEFJ-9c0:03:16
Asset Value (AV) and Total Cost of Ownership (TCO)https://youtu.be/h8MQ4MJNAeg0:06:23
Quantitative Risk Analysishttps://youtu.be/BxWV2BoA70s0:05:25
Single-Loss Expectancy (SLE) and Exposure Factor (EF)https://youtu.be/G2F3Rvs0AC80:05:22
Annualized Loss Expectancy (ALE) and Annual Rate of Occurrence (ARO)https://youtu.be/cLD8BKzuBMs0:05:22
Risk Reportinghttps://youtu.be/BL57aFNuTEI0:07:14
Risk Management Strategieshttps://youtu.be/5GfIpGefjJk0:05:27
Risk Mitigation and Controlshttps://youtu.be/HUJezjmZTCI0:05:30
Inherent and Residual Riskhttps://youtu.be/xbW611wJ3qI0:01:37
Trade-Off Analysishttps://youtu.be/imxybEfWafQ0:10:36
Cost-Benefit Analysis (CBA) Examplehttps://youtu.be/HDWdFoCOakI0:09:53
Calculating Return On Investment (ROI)https://youtu.be/q4CsfusndQA0:09:40
DEMO: ROI Worksheethttps://youtu.be/PB5MBLu4GqI0:03:39
Planning and Prioritizationhttps://youtu.be/JuJEyGLgxHg0:07:14

 

Module 5 – Asset Acquisition and Management

Module Introhttps://youtu.be/TNUanMGeCxQ0:02:18
Asset Managementhttps://youtu.be/WCb8_N8v_VA0:10:36
Acquisition and Procurementhttps://youtu.be/Jza1dIYPW9c0:07:57
Assignment and Accountinghttps://youtu.be/JdfXjk_DpHw0:02:55
Monitoring and Asset trackinghttps://youtu.be/fn0S0OFxQ3s0:04:45
Decommissioning and Disposalhttps://youtu.be/4KGsEYJCCWc0:07:14

 

Module 6 – Vulnerability and Patch Management

Module Introhttps://youtu.be/ZSWKUFz6BaA0:04:42
Vulnerability Managementhttps://youtu.be/y6xKWY-0ADM0:13:47
Common Vulnerabilities and Exposures (CVE)https://youtu.be/XZZyRflWIz00:03:42
Common Vulnerability Scoring System (CVSS)https://youtu.be/0iNg5XpuvF80:12:09
Discovering Vulnerabilitieshttps://youtu.be/zeN5z3w4p0w0:07:24
Discovering Application Vulnerabilitieshttps://youtu.be/VU31jCpp9wA0:05:57
Vulnerability Scanshttps://youtu.be/LEETqqdhlCc0:08:11
Vulnerability Scanner Settings and Considerationshttps://youtu.be/LP3OJC_GLt80:16:18
Penetration Testing (Pentesting)https://youtu.be/0WAfI3-OVe00:08:16
Red Teams and Blue Teamshttps://youtu.be/c8vNcEwWGNM0:02:28
Reportinghttps://youtu.be/VQIySU8h0rQ0:03:53
Vulnerability Validationhttps://youtu.be/yABHFGPtan00:03:26
Vulnerability Analysis and (Re-)Classificationhttps://youtu.be/xHsRs7FABAU0:03:10
Prioritization and Escalationhttps://youtu.be/R-GF4Gp3jq40:02:50
Action Planhttps://youtu.be/RzE0klvaAjE0:06:14
Vulnerability Remediationhttps://youtu.be/Aka2XvY1b6Q0:07:51
Validation of Remediationhttps://youtu.be/ddhix34M-2M0:01:43
Patch Managementhttps://youtu.be/6kOS2dcAFfg0:08:41

 

Module 7 – Data Management

Module Introhttps://youtu.be/Xfa_1OTvp7I0:01:56
Data Managementhttps://youtu.be/85v1d37uU5w0:05:13
Compliance, Privacy, and Data Roleshttps://youtu.be/I2DdMOjx9kU0:07:31
Data Typeshttps://youtu.be/iAScK_PuQU40:03:25
Personally Identifiable Information (PII)https://youtu.be/wgM0UOQxmpE0:09:08
Data Classificationshttps://youtu.be/C-Vvpd7bFWM0:04:56
Data Inventory and Data Labelinghttps://youtu.be/j0WA09KjtxY0:02:58
Data Protectionhttps://youtu.be/wgXYTDYcNnM0:06:48
Data Stateshttps://youtu.be/yDC_pa4O9HQ0:03:46
Keeping Data Confidentialhttps://youtu.be/vXZMCFCtpfM0:07:19
Encrypting Datahttps://youtu.be/Nv7PDlQej9Q0:05:37
Steganographyhttps://youtu.be/-HPELXT1Er80:05:37
Data Masking and Obfuscationhttps://youtu.be/DY4nJG-JplE0:10:42
Data Loss Detectionhttps://youtu.be/hr2XvIYcQBI0:03:35
Data Loss Preventionhttps://youtu.be/kjRMOv–G8c0:03:45
Data Retention and Retirementhttps://youtu.be/IXrPai3zD7Y0:05:29

 

Module 8 – Vendor and Supply Chain Management

Module Introhttps://youtu.be/tjjLIBVt_-Y0:05:16
Vendor Managementhttps://youtu.be/v1jDWBj1WZM0:05:25
Gathering Requirementshttps://youtu.be/bVMJfQp_PkI0:09:06
Vendor Assessmenthttps://youtu.be/FHEimY7sNvo0:13:30
Cloud Hosting Considerationshttps://youtu.be/PaRfLmUezQE0:05:34
Supply Chain Managementhttps://youtu.be/usWr5C8_OLM0:04:52
Vendor Selectionhttps://youtu.be/X90dpxCnmRs0:02:28
Agreement Typeshttps://youtu.be/cjDoyxO5KX40:10:30
Vendor Monitoring and Terminationhttps://youtu.be/R0tg8r6_ynA0:04:19

 

Module 9 – Personnel Management

Module Introhttps://youtu.be/2IM2Cg2tpbo0:03:01
Personnel Managementhttps://youtu.be/Ja9CGTsBkSE0:11:38
Onboarding and Termination Procedureshttps://youtu.be/eheqoK4T5fA0:04:59
Least Privilegehttps://youtu.be/dczZQgvloUw0:03:53
Need to Knowhttps://youtu.be/YQVDG11gzh80:03:35
Separation of Dutieshttps://youtu.be/BiB2143UyO40:05:11
Job Rotationhttps://youtu.be/VlcWQq3fcOk0:04:10
Mandatory Vacationshttps://youtu.be/G7ueoqtJeWg0:02:11

 

Module 10 – Identity and Access Management (IAM)

Module Introhttps://youtu.be/9owgJAjT2CQ0:0:33
Identity and Access Management (IAM)https://youtu.be/S7lfSVSv4KE0:04:48
Authentication, Authorization, and Accounting (AAA)https://youtu.be/dNdtdDh8uHE0:03:26
What Makes a Good Passwordhttps://youtu.be/8eRsKCwV6Q40:21:56
Password Managerhttps://youtu.be/b8iC695TD9w0:07:41
Privileged Access Management (PAM)https://youtu.be/7MHrmrqEbGM0:06:16
Key Storagehttps://youtu.be/ktBLZUt-p400:02:06
Multi Factor Authentication (MFA)https://youtu.be/fhS9Tdy2hFQ0:05:39
One-Time Passwords (OTP)https://youtu.be/dWnnnJbmJ_Q0:03:24
HOTP and TOTPhttps://youtu.be/HVko8oD0HAk0:07:50
IAM Policies and Enforcementhttps://youtu.be/3Ya3RM0xFyg0:06:18
Single Sign-On (SSO)https://youtu.be/vcFKiOkDU_M0:05:08
Federationhttps://youtu.be/JBGQ_jCIGRs0:04:27
Identity Proofinghttps://youtu.be/giMdO5uFoPo0:01:38
Access Controlhttps://youtu.be/ViDMpB1v4aQ0:10:24
Access Control Modelshttps://youtu.be/q687FIec8q00:09:28
Physical Access Controlhttps://youtu.be/yxUGH3R64KU0:06:24

 

Module 11 – Security Awareness and Training

Module Introhttps://youtu.be/6RyzoK5zJyo0:01:26
Awarenesshttps://youtu.be/mOkc7i_SXQo0:05:51
Traininghttps://youtu.be/CaqOviHGQag0:05:11
Security Training Contenthttps://youtu.be/fjGuPTQqbL40:03:19
Deliveryhttps://youtu.be/A6AIBr5XeeI0:11:04
Awareness Testinghttps://youtu.be/HbfsSuQkzXg0:04:06
Monitoring and Reportinghttps://youtu.be/YR7b9BjDyrU0:01:21

 

Module 12 – Configuration and Change Management

Module Introhttps://youtu.be/HLrzisEJXvc0:01:44
Configuration vs Change Managementhttps://youtu.be/5U7h1_tEZZA0:04:09
Change Managementhttps://youtu.be/q0uQRIBdXx00:06:48
Planning Considerationshttps://youtu.be/zLPqfWzwgNU0:08:16
Evaluation and Implementationhttps://youtu.be/Wd-zZINvyXE0:02:06
Monitoring, Documentation, and Closurehttps://youtu.be/yPaYI_z_tlE0:02:39
Automationhttps://youtu.be/dUuyVfdweYQ0:15:26

 

Module 13 – Monitoring and Alerting

Module Introhttps://youtu.be/38_ulAtvCf00:03:11
Monitoringhttps://youtu.be/MdSBiASORAI0:05:25
Monitoring Examplehttps://youtu.be/xoaIaLFYb3w0:09:26
Monitoring Methodshttps://youtu.be/6ZcB7sCzWm40:02:59
Capturinghttps://youtu.be/JzOHKzIWBC80:06:27
Scanning and Probinghttps://youtu.be/8iMUIPlTZ3M0:03:47
Pollinghttps://youtu.be/yRKtnZ-Ic4w0:04:13
Logginghttps://youtu.be/jl3wsh7l6Uc0:05:33
Netflow vs SNMP vs Sysloghttps://youtu.be/-jqRo8Z7G-g0:01:43
Benchmarkinghttps://youtu.be/fmAil-GcrNY0:02:06
Security Information and Event Management (SIEM)https://youtu.be/HkO9fnO-2L00:02:43
Indicators of Compromise (IoC)https://youtu.be/zfQrwwK0xZk0:04:55
File Integrity Monitoring (FIM)https://youtu.be/GU8-NBU-MNw0:02:08
Alertinghttps://youtu.be/MZzGbmdMbFg0:08:21
Log Management and Archivinghttps://youtu.be/2XBVcQDZuX40:02:33
Threat Huntinghttps://youtu.be/OsQEFMtsPiE0:03:39

 

Module 14 – Incident Management

 

Module 15 – Contingency Planning

Module Introhttps://youtu.be/Qwk_a8L_l0Q0:01:43
Contingency Planninghttps://youtu.be/wzgrrap_0xg0:04:59
Business Impact Analysis (BIA)https://youtu.be/Zp3c2sDmIdA0:06:53
RPO and RTOhttps://youtu.be/DPmVRAEA_wo0:03:57
Disaster Recovery Plan (DRP)https://youtu.be/K4lhgm5cWLk0:05:11
Testing Planshttps://youtu.be/6_kWWqpVqhw0:03:48

 

Module 16 – Auditing, Assessment, and Program Management

Module Introhttps://youtu.be/egSYhtE1abE0:01:27
Auditinghttps://youtu.be/z1XjmIxyur80:05:17
Attestationhttps://youtu.be/-AoP73n6OoQ0:01:35
Compliance Audits Examplehttps://youtu.be/YbZaZs5DPU00:03:44
Gap Analysishttps://youtu.be/h5eKiHv5ACA0:02:29
Program Managementhttps://youtu.be/1VZwc8_FagQ0:04:38
Evaluation and Metricshttps://youtu.be/O1MPvJqi54w0:03:36

 

Appendix A – Regulatory Compliance

Appendix Introhttps://youtu.be/uxGbcYU60xM0:01:27
General Data Protection Regulation (GDPR)https://youtu.be/umiat_wEoag0:04:05
California Consumer Privacy Act (CCPA)https://youtu.be/czoWru16Nbk0:04:02
Payment Card Industry Data Security Standard (PCI DSS)https://youtu.be/1T5pbwGUDsE0:03:43
Sarbanes-Osxley Act (SOX)https://youtu.be/H2r8xuIflWU0:04:35
Health Insurance Portability and Accountability Act (HIPAA)https://youtu.be/eI_bmbDRdW40:01:32
Cybersecurity Maturity Model Certification (CMMC)https://youtu.be/ZpGnSPQzj-k0:02:49
Gramm-Leach-Bliley Act (GLBA)https://youtu.be/ZpGnSPQzj-k0:01:54
Children’s Online Privacy Protection Act (COPPA)https://youtu.be/n0Vw7gorq9Q0:01:42
Family Educational Rights and Privacy Act (FERPA)https://youtu.be/UHJK_CjWXMw0:02:57

 

Appendix B – Agreements

Appendix Introhttps://youtu.be/Fb26fGiN-g80:01:16
Service-level agreement (SLA)https://youtu.be/2uzhmPAU5Kg0:04:19
Operational Level Agreement (OLA)https://youtu.be/oA13M146I5k0:02:54
Privacy Level Agreementhttps://youtu.be/YDgY8OXfEVk0:02:00
Master Service Agreement (MSA)https://youtu.be/u4gtjGql9_E0:03:31
Work Order (WO)/Statement of Work (SoW)https://youtu.be/eY-XRNIuL8Y0:02:57
Non-disclosure agreement (NDA)https://youtu.be/20HOYCrZ0As0:01:57
Memorandum of Understanding (MOU)https://youtu.be/NUfmu8SkLuQ0:02:21
Business Partners Agreement (BPA)https://youtu.be/BF-03FzxNCI0:02:08
Memorandum of Agreement (MOA)https://youtu.be/tbMwByuLsB80:02:03
Interconnection Security Agreement (ISA)https://youtu.be/xVtlNNYaA4M0:02:29
Aggrement Type Example: Pentestinghttps://youtu.be/Lu0mK-3T4jg0:05:09
Aggrement Type Example: SaaShttps://youtu.be/_eDBfSC6aQ80:03:18
Aggrement Type Example: Business Partnerhttps://youtu.be/J2kfW2GHB_s0:03:36

 

Module X – Wrap Up

Security Operations X-1: Reviewhttps://youtu.be/nffTuFXbeo80:06:35
Course Wrap Uphttps://youtu.be/ze1VSTWAH5o

 

Help the Effort

Creating these videos takes a lot of time, effort, and money. There are costs to producing the videos, hosting the site, and buying the equipment, not to mention the 1,000’s of hours I’ve put into recording these videos. So far, I’ve asked for and received very little in return. Please consider helping keep the effort going by one of the following: