This comprehensive course provides an in-depth of different functions performed for security operations. Students will learn how security operations add value to an organization and the role of documented policies, frameworks, and controls in reducing risk. The course covers critical cybersecurity functions, including risk management, compliance management, asset and vulnerability management, identity and access management, data protection, vendor and supply chain security, security awareness, and monitoring.

Additionally, students will examine key risk assessment strategies, incident response planning, digital forensics, contingency planning, and auditing. By the end of the course, learners will have the knowledge and skills to implement and manage a robust cybersecurity program, ensuring organizational security, regulatory compliance, and effective risk mitigation.

Key components of the course include:

  • Define what a cybersecurity program is and how security operations can add value to an organization
  • Explain how documented policies, standards, procedures, guidelines, and controls play a role in reducing risk to an organization
  • Explain how frameworks can help form and implement security controls for an organization
  • Explain common cybersecurity program functions and their role in protecting an organization
  • Explain the function of compliance management and various considerations for compliance management in an organization
  • Explain key concepts to compliance management such as privacy, data roles, legal actions, and potential consequences of non-compliance
  • Describe common laws, regulations, and industry standards as it relates to compliance
  • Explain what a gap analysis is and how it can identify areas that need improvement
  • Explain the function of risk management and various considerations for risk management in an organization
  • Define key risk management actions and terms such as risk identification, risk analysis, risk register, and risk reporting
  • Define key risk measurement strategies and calculations such as AV, TCO, SLE, EF, ALE, and ARO
  • Describe risk management strategies
  • Explain methods of prioritizing projects using risk factors and Return on Investment (ROI)
  • Explain the function of asset acquisition and management and various considerations while managing assets of an organization
  • Explain the function of vulnerability management and various considerations while managing vulnerabilities
  • Explain key terms and resources for vulnerability management, such as CVE, CVSS, CPE, CCE, CVE, SCAP, Pentesting, red teams, and blue teams
  • Explain possible actions to take to deal with vulnerabilities within the organization
  • Explain the importance of patch management and processes associated with patch management
  • Explain the function of data management and various considerations while managing data
  • Define key terms for data management, such as compliance, privacy, data roles, data types, and PII
  • Explain types of data and the data type could determine the level of security controls needed to protect the data
  • Explain common methods for protecting data, such as data classification, data labeling, ACLs, encrypting data, steganography, data masking, data obfuscation, and DLP
  • Explain how data retention and retirement plays a role in keeping data safe
  • Explain the function of vendor and supply chain management
  • Explain key relationships to an organization and common agreement types
  • Explain considerations when choosing and evaluating vendors
  • Explain the function of personnel management
  • Explain key policies in relation to personnel management such as least privilege, need to know, separation of duties, job rotation, and mandatory vacations
  • Explain the function of Identity and Access Management (IAM) and it’s critical role in keeping an organization safe
  • Explain key concepts to IAM such as AAA, PAM, key storage, MFA, OTP, HOTP, TOTP, SSO, Federation, and identity proofing
  • Explain what makes a good password and the importance of a password manager and using MFA
  • Explain key IAM policies and considerations for those policies
  • Explain the importance of access control, access control models and their use cases for common access control models
  • Explain methods for physical access control
  • Explain the function of security awareness and training and its role in keeping an organization safe
  • Explain the function of configuration and change management and it’s critical role in keeping an organization safe
  • Explain the function of monitoring and its role in maintaining security for an organization
  • Explain types and methods of monitoring and how monitoring protocols and software play a role in maintaining an infrastructure
  • Define key monitoring terms, such as logging, NetFlow, SNMP, Syslog, benchmarking, SIEM, FIM, and threat hunting
  • Explain Indicators of Compromise (IoC)
  • Explain the function of alerting and it’s role of keeping an organization secure
  • Explain the function of Incident Management and its role in keeping an organization safe
  • Explain key concepts relating to incident management, such as uptime, five 9s, MTTR, MTBF, root cause analysis, and SOAR
  • List what goes into a incident response plan and explain the importance of it
  • Explain what digital forensics is, some key terms relating to digital forensics, and the process for collecting evidence
  • Explain the function of contingency planning and its role in keeping an organization safe
  • Explain key terms in relation to contingency planning, such as BIA, RPO, RTO, and DRP
  • Explain the function of auditing and assessments and its role in keeping an organization safe
  • Explain key terms, such as auditing, attestation, and gap analysis
  • Explain the function of program management and its role in keeping an organization safe
  • Describe key metrics for evaluating the performance of systems and programs related to security
  • List various regulatory compliance and describe key concepts
  • Determine who may have to comply with various compliance frameworks
  • Describe various agreement types and where they might apply

Learn it Right, Learn it Well, and Reap the Rewards

Spending the time now to fully understand what security operations looks like and how an organization can implement processes and procedures to reduce risk and improve their services.

This well organized course will has the following modules:

Welcome and Getting Started: Prepare yourself for efficiently and successfully completing the course. You’ll get an overview of what the course is all about and what you should expect out of it.

Security Program: This module provides an introduction to cybersecurity programs and their role in protecting an organization. Students will learn how security operations add value by mitigating risks and enhancing business resilience. The module covers the importance of documented policies, standards, procedures, guidelines, and controls in reducing security threats. Additionally, students will explore how cybersecurity frameworks, such as NIST, ISO, and CIS, help organizations implement effective security controls. By the end of this module, learners will understand the fundamental components of a cybersecurity program and how to establish a structured approach to security management.

Security Operations: This module explores the main functions within security operations. Students will examine key areas such as risk management, incident response, compliance, vulnerability management, identity and access management, and security awareness training. The module highlights how these functions work together to create a comprehensive security strategy. By the end of this module, learners will have a solid understanding of the critical cybersecurity operations that help safeguard an organization’s assets, data, and infrastructure. This will serve as an overview of the rest of the course.

Compliance Management: This module covers the role of compliance management in cybersecurity and its importance in meeting legal, regulatory, and industry standards. Students will explore key compliance concepts, including privacy, data roles, legal obligations, and the potential consequences of non-compliance. The module provides an overview of common laws and regulations such as GDPR, HIPAA, PCI-DSS, and SOX, as well as industry best practices for maintaining compliance. Additionally, students will learn about gap analysis as a method for identifying areas that need improvement within an organization’s compliance program. By the end of this module, learners will understand how to implement and manage compliance strategies to reduce risk and ensure regulatory adherence.

Risk Management: This module delves into the fundamentals of risk management and its critical role in safeguarding an organization’s assets and operations. Students will learn key risk management actions and terminology, including risk identification, risk analysis, risk registers, and risk reporting. The module also introduces various risk measurement strategies and calculations, such as AV, TCO, SLE, EF, ALE, and ARO, helping learners quantify and assess risks. Students will explore risk management strategies for mitigating identified risks and prioritizing projects using risk factors and Return on Investment (ROI). By the end of this module, learners will have a comprehensive understanding of how to assess, prioritize, and manage risks effectively within an organization.

Asset Acquisition and Management: This module focuses on the function of asset acquisition and management within an organization’s cybersecurity program. Students will learn how to effectively manage both physical and digital assets, including hardware, software, and data. The module covers key considerations in the acquisition process, such as evaluating asset needs, procurement strategies, and lifecycle management. Students will also explore how to track, monitor, and secure assets to reduce risk and ensure compliance with organizational policies. By the end of this module, learners will have a solid understanding of best practices for managing organizational assets to protect against security vulnerabilities.

Vulnerability and Patch Management: This module covers the critical function of vulnerability management and its role in protecting an organization from cyber threats. Students will explore key terms and resources related to vulnerability management, such as CVE, CVSS, CPE, CCE, SCAP, and the roles of pentesting, red teams, and blue teams in identifying and addressing vulnerabilities. The module will also discuss various actions organizations can take to mitigate vulnerabilities, including the implementation of patch management processes. By the end of this module, learners will understand how to identify, prioritize, and remediate vulnerabilities within an organization, ensuring a proactive approach to cybersecurity risk management.

Data Management: This module explores the function of data management and the essential considerations for effectively securing and managing organizational data. Students will learn key terms and concepts in data management, such as compliance, privacy, data roles, data types, and personally identifiable information (PII). The module will cover how different types of data require varying levels of security controls and methods to protect it. Topics include data classification, labeling, access control lists (ACLs), encryption, steganography, data masking, data obfuscation, and data loss prevention (DLP). Additionally, students will learn the importance of data retention and retirement in maintaining data security over time. By the end of this module, learners will have a clear understanding of how to manage and protect data in compliance with security and privacy requirements.

Vendor and Supply Chain Management: This module focuses on the critical function of vendor and supply chain management in cybersecurity. Students will learn how vendors and suppliers play a key role in an organization’s security posture and operational success. The module covers important relationships between organizations and their vendors, as well as common agreement types, such as Service Level Agreements (SLAs) and Non-Disclosure Agreements (NDAs). Additionally, students will explore key considerations for evaluating and selecting vendors, including risk assessments, compliance requirements, and security capabilities. By the end of this module, learners will understand how to manage vendor relationships and ensure the security of the supply chain to mitigate external risks.

Personnel Management: This module explores the function of personnel management in maintaining a secure organizational environment. Students will learn about key policies related to personnel security, such as least privilege, need to know, separation of duties, job rotation, and mandatory vacations. The module highlights how these policies help mitigate internal security risks and ensure the proper handling of sensitive information.

Identity and Access Management (IAM): This module provides an in-depth look at the function of Identity and Access Management (IAM) and its vital role in safeguarding an organization’s resources. Students will explore key IAM concepts such as Authentication, Authorization, and Accounting (AAA), Privileged Access Management (PAM), multi-factor authentication (MFA), One-Time Passwords (OTP), HOTP, TOTP, Single Sign-On (SSO), Federation, and identity proofing. The module will also cover best practices for password management, including the importance of strong passwords, password managers, and the implementation of MFA. Students will learn about IAM policies and how access control models such as RBAC, ABAC, and DAC are used to enforce security. Additionally, the module includes methods for physical access control to ensure both logical and physical security. By the end of this module, learners will have a comprehensive understanding of IAM principles and how to implement them to protect organizational assets.

Security Awareness and Training: This module focuses on the critical function of security awareness and training in maintaining organizational security. Students will learn how effective security awareness programs can empower employees to recognize and respond to potential threats, such as phishing attacks, social engineering, and malware. By the end of this module, learners will understand how to design and implement security awareness initiatives that help foster a security-conscious culture, ultimately reducing the risk of security breaches caused by human error.

Configuration and Change Management: This module explores the function of configuration and change management in ensuring an organization’s cybersecurity posture remains strong. Students will learn how effective configuration management helps maintain secure, compliant, and stable systems while preventing unauthorized changes that could introduce vulnerabilities. The module covers the processes and tools used in managing configurations and changes, including version control, baseline management, and approval workflows. Students will also explore the role of change management in mitigating risk, ensuring proper documentation, and maintaining system integrity. By the end of this module, learners will understand how to establish and manage configuration and change processes to safeguard organizational assets and minimize the potential for security threats.

Monitoring and Alerting: This module covers the function of monitoring and its critical role in maintaining the security of an organization’s infrastructure. Students will explore various types and methods of monitoring, including network monitoring, system performance monitoring, and security event logging. The module discusses key monitoring protocols and software, such as NetFlow, SNMP, Syslog, and SIEM, and how these tools help maintain infrastructure security. Students will also learn essential monitoring terms, including Indicators of Compromise (IoC), FIM, and benchmarking, and how to leverage threat hunting to detect vulnerabilities. The importance of alerting and its role in promptly addressing security incidents will also be highlighted. By the end of this module, learners will understand how to implement and manage effective monitoring strategies to proactively detect and respond to security threats.

Incident Management: This module explores the function of incident management and its crucial role in maintaining an organization’s security and operational integrity. Students will learn about key concepts related to incident management, such as uptime, five 9s, Mean Time to Recovery (MTTR), Mean Time Between Failures (MTBF), root cause analysis, and Security Orchestration, Automation, and Response (SOAR). The module also covers the components of an effective incident response plan and the importance of preparation in minimizing downtime and damage during a security incident. Additionally, students will learn about digital forensics, including key terms and the process for collecting evidence in a way that supports investigations and legal proceedings. By the end of this module, learners will understand how to develop and implement incident management processes to respond swiftly and effectively to cybersecurity threats.

Contingency Planning: This module covers the function of contingency planning and its critical role in ensuring an organization’s resilience in the face of disruptions. Students will learn how contingency planning helps organizations prepare for and respond to emergencies, minimizing downtime and loss of services. The module delves into key terms related to contingency planning, including Business Impact Analysis (BIA), Recovery Point Objective (RPO), Recovery Time Objective (RTO), and Disaster Recovery Plans (DRP). Students will explore how these concepts guide decision-making and resource allocation to ensure business continuity. By the end of this module, learners will have a comprehensive understanding of how to create and implement effective contingency plans to safeguard an organization’s operations during unforeseen events.

Auditing, Assessments, and Program Management: This module focuses on the function of auditing and assessments and their role in ensuring an organization’s security posture remains strong. Students will learn how auditing and assessments help identify vulnerabilities, validate security controls, and ensure compliance with standards. The module covers key terms such as auditing, attestation, and gap analysis, and explains how they contribute to risk management and continuous improvement. Additionally, students will explore the role of program management in maintaining security programs, including how to evaluate the effectiveness of systems and security initiatives. By the end of this module, learners will understand how to use auditing, assessments, and program management techniques to enhance security, monitor performance, and ensure that security measures are operating as intended.

Appendix A – Regulatory Compliance: Students will learn about different compliance frameworks, such as GDPR, HIPAA, PCI-DSS, and SOX. The module also covers who may be required to comply with these frameworks, including organizations across different industries and sectors. By the end of this module, learners will have a clear understanding of the regulatory landscape and the requirements organizations must meet to ensure compliance.

Appendix B – Agreement Types: This module provides an overview of various agreement types used in cybersecurity and their relevance in protecting organizational assets. Students will explore the different types of agreements, such as Service Level Agreements (SLAs) and Non-Disclosure Agreements (NDAs), and understand where and when they apply. The module explains how these agreements help define the responsibilities, expectations, and security measures between parties involved in business relationships. By the end of this module, learners will be able to identify which agreement type is appropriate for various organizational needs and how these agreements contribute to maintaining compliance, safeguarding data, and reducing risks.

Wrap Up: Time to wrap up the course and provide any final thoughts.