Course 4: Securing Software, Data and End Points
Welcome to Course Four. As we know, most attacks against systems involve exploiting vulnerabilities in software that powers hardware. Additionally, attackers may exploit vulnerabilities in the underlying hardware, especially when that hardware is for the protected against being stolen or accessed with unauthorized use, but their real target and all the tax is data. Therefore, it’s so critical, the total set of software powering an organization’s business logic and processes must be kept secure. As we’ll see in this chapter, the software provides a layered environment. Building from a core or kernel of trustworthy functions up through to the mobile code and executable content. This enables and empowers all web apps and remote data access. Security professionals need to appreciate securing software covers two very different, but closely related major tasks. They need to ensure that the Security Posture of that software is known and understood, as well as ensure the software is installed, maintained, and used in ways consistent with Security Posture or improve it over time. As we discussed in the previous chapter, Security Posture is the set of risks, vulnerabilities controls, and residual risks pertaining to an asset or system. We summarize the safety or risk of using an asset and the degree of reliance that can be placed on the results from a specific context or situation. In this course, we’ll build on that foundation by looking more closely at how the data can be the target of an attack and part of exploiting other vulnerabilities in the system. We’ll explore what security professionals, as non-programmers, can do to reduce the risk of such malformed input attacks. In course two, we also discussed the non-human user concept as a general way to view management and security of devices and software entities to protect those entities from threats to their integrity and to protect the overall system and individual assets from unauthorized behavior by those non-human users. In this chapter, we’ll build on those concepts, as we dive into Endpoint Security Issues and Approaches.
Course 4 Learning Objectives
After completing this course, the participant will be able to:
L4.1 – Discuss software systems and application security.
L4.2 – Recognize data security concepts and skills.
L4.3 – Identify malicious code and countermeasures.
L4.4 – Evaluate mobile device management (MDM) and security issues with mobile and autonomous endpoints.
L4.5 – Review attacks and countermeasures for virtual machines.
Module 1: Securing Software (Domain 1 – Security Operations and Administration, Domain 3 – Risk Identification, Monitoring and Analysis , Domain 7 – Systems and Application Security )
Module 2: Securing Data (Domain 1 – Security Operations and Administration, Domain 7 – Systems and Application Security )
Module 3: Identify and Analyze Malicious Code and Activity (Domain 7 – Systems and Application Security)
Module 4: Implement and Operate Endpoint Security (Domain 7 – Systems and Application Security )
Module 5: Operate and Secure Virtual Environments (Domain 7 – Systems and Application Security , Domain 6 – Network and Communications Security)
Who Should Take This Course: Beginners
Experience Required: No prior experience required