When you enroll in this course, you'll also be enrolled in this Specialization.
Learn new concepts from industry experts
Gain a foundational understanding of a subject or tool
Develop job-relevant skills with hands-on projects
Earn a shareable career certificate
Earn a career certificate
Add this credential to your LinkedIn profile, resume, or CV
Share it on social media and in your performance review
There are 6 modules in this course
Welcome to Systems and Application Security Course!
In the Systems and Application Security Course, you will gain an understanding of computer code that can be described as harmful or malicious. Both technical and non-technical attacks will be discussed. You will learn how an organization can protect itself from these attacks. You will learn concepts in endpoint device security, cloud infrastructure security, securing big data systems, and securing virtual environments.
Objectives
1. Identify malicious code activity
2. Describe malicious code and the various countermeasures
3. Describe the processes for operating endpoint device security
4. Define mobile device management processes
5. Describe the process for configuring cloud security
6. Explain the process for securing big data systems
7. Summarize the process for securing virtual environments
Module Topics: Malicious Code, Malicious Code Countermeasures, Exploitation, Insider Threats, Spoofing, Phishing, Spam, and Botnet, Malicious Web Activity, Payloads, Malicious Activity Countermeasures, Malcode Mitigation, and Common Mistakes. Malicious Code includes topics like Key concepts, Example Worms, Polymorphic Viruses, Software Exploitation Methods, Scanners, Generations of Antivirus Scanning Software, Generic Decryption (GD) Technology, Behavior-Blocking Software, Antivirus Software on the Firewall and IDS, Code signing, Code Signing Certificates, Sandboxing, Virtual Machine (VM), Social Engineering, Additional Examples of Social Engineering Attacks, and Security Awareness Training. Under the topic of Exploitation, you will learn about Long File Extensions, Fake Icon, Hostile Codecs, and E-mail. In Insider Threats, you will learn about Indicators of Malicious Threat Activity, Countermeasures, Direction, Prevention, and Deterrence Methods, Continual Training, and Insider Hardware Threats. In Spoofing, Phishing, Spam, and Botnets, you will learn about Spoofing, Examples of Spoofing, Phishing, Common Characteristics of Forged E-Mail Messages, Techniques, How Phishing Works, Impact of Phishing, How to Recognize a Phishing E-Mail, Spam, Spam Distribution Channels, How Does Spam Work?, Spam Techniques, Protecting users From Spam, Botnets, How Are Botnets Created?, Botnet-Led Exploits, Botnet Detection and Mitigation, Common Botnet Detection and Mitigation Techniques. In Malicious Web Activity, you will go through topics like Mobomarket Attack, Cross-site Scripting (XSS) Attacks, The Theory of XSS, XSS Attack Vectors, Is the Organization's Site Vulnerable to Cross-Site Scripting? Example of a Cross-Site Scripting Attack, How to check for Cross-Site Scripting Vulnerabilities, Zero-Day Exploits and Advanced Persistent Threats (APTS), Unknown Vulnerabilities management Process, Five Phases of APT, Brute-Force Attacks, Instant Messaging, Infected Factory Builds and Media, man-in-the-Middle Malcode, Malicious Activity Countermeasures, Network Layer, Application Layer, Modified Hosts File and DNS Changes, Inspection of Process, Rootkit, Rootkit Classifications, Behavioral Analysis of Malcode, and Static File Analysis.
Systems and Application Security•6 minutes•Preview module
Malicious Code and Activity: Key Concepts•6 minutes
Malicious Code and Activity: Malicious Code Countermeasures•4 minutes
Malicious Code and Activity: Software Exploitation Methods•6 minutes
Malicious Code and Activity: Software Exploitation Methods•5 minutes
Malicious Code and Activity: Code Signing•5 minutes
Malicious Code and Activity: Social Engineering•6 minutes
Malicious Code and Activity: Security Awareness Training•6 minutes
Malicious Code and Activity: Long File Extensions•5 minutes
Malicious Code and Activity: E-mail•7 minutes
Malicious Code and Activity: Countermeasures•5 minutes
Malicious Code and Activity: Examples of Spoofing•5 minutes
Malicious Code and Activity: Techniques•5 minutes
Malicious Code and Activity: Botnet-Led Exploits•6 minutes
Malicious Code and Activity: Malicious Web Activity•6 minutes
Malicious Code and Activity: Zero-Day Exploits•4 minutes
Malicious Code and Activity: Infected Factory Builds and Media•4 minutes
Malicious Code and Activity: Inspection of Processes•7 minutes
18 readings•Total 180 minutes
Systems and Application Security•10 minutes
Malicious Code and Activity: Key Concepts•10 minutes
Malicious Code and Activity: Malicious Code Countermeasures•10 minutes
Malicious Code and Activity: Software Exploitation Methods•10 minutes
Malicious Code and Activity: Software Exploitation Methods•10 minutes
Malicious Code and Activity: Code Signing•10 minutes
Malicious Code and Activity: Social Engineering•10 minutes
Malicious Code and Activity: Security Awareness Training•10 minutes
Malicious Code and Activity: Long File Extensions•10 minutes
Malicious Code and Activity: E-mail•10 minutes
Malicious Code and Activity: Countermeasures•10 minutes
Malicious Code and Activity: Examples of Spoofing•10 minutes
Malicious Code and Activity: Techniques•10 minutes
Malicious Code and Activity: Botnet-Led Exploits•10 minutes
Malicious Code and Activity: Malicious Web Activity•10 minutes
Malicious Code and Activity: Zero-Day Exploits•10 minutes
Malicious Code and Activity: Infected Factory Builds and Media•10 minutes
Malicious Code and Activity: Inspection of Processes•10 minutes
1 assignment•Total 30 minutes
Quiz 1•30 minutes
1 discussion prompt•Total 10 minutes
Vulnerable Web applications•10 minutes
Module Topics: Host-Based Intrusion Detection Systems (HIDS), Host-Based Firewalls, Application Whitelisting, Endpoint Encryption, Trusted Platform Module (TPM), Mobile Device Management (MDM), Secure Browsing. In Host-Based Intrusion Detection Systems (HIDS), you will learn about Advantages and Disadvantages of HIDS. In Application Whitelisting, you will learn about software Restriction Policies (SRP), Trusted Platform Module (TPM). In Mobile Device Management (MDM), you will learn about Bring your Own Device (BYOD), Security, BYOD Policy Considerations, BYOD Policy Considerations, Corporate Owned, Personally Enabled (COPE), and Secure Browsing.
Module Topics: Introduction, Deployment Models, Service Models, Virtualization, Legal and Privacy Concerns, Classification of Discovered Sensitive Data, Mapping and Definition of Controls, Application of Defined Controls for Personally Identifiable Information (PII), Data Storage and Transmission, Encryption, Key Management, Masking/Obfuscation and Anonymization, Tokenization, Data Deletion Procedures and Mechanisms, Event Sources, Data Event Logging and Event Attributes, and Storage and Analysis of Data Events. Introduction covers the Five Essential Characteristics of Clouds. Deployment Models cover topics like Public, Private, Hybrid and Community Cloud, Service Models, SaaS, PaaS, and IaaS. Virtualization includes Hypervisor, and Types of Virtualization. In Legal and Privacy Concerns, you will learn about Key P&DP Questions, Country-Specific Legal Considerations, Jurisdiction and Applicable Law, Essential Requirements in P&DP Laws, Typical Meaning for Common Privacy Terms, Privacy Roles for Customer and Service Provider, Data Discovery, and Privacy Level Agreement (PLA). In Application of Defined Controls for Personally Identifiable Information (PII), you will learn about Cloud security Alliance Cloud Controls Matrix (CCM), CCM Security Domains, Data Dispersion in Cloud Storage, Threat to storage Types, Technologies Available to Address Threats, Data Loss Prevention (DLP), DLP Components, DLP Architecture, Cloud-Based DLP Considerations, and Best Practices. In Encryption, you will learn about Sample Use cases for Encryption, Cloud Encryption Challenges, Key Management, Key Storage in the Cloud, and Key Management in Software environments. In Masking/Obfuscation and Anonymization, you will learn about Data Masking/Obfuscation, Common Approaches for Data Masking, Primary Methods of Masking Data, and Data Anonymization. Tockenization covers topics like Tokenization and Cloud, Data Retention Policies, Data Deletion Procedures and Mechanisms, Disposal Options, Crypto-shredding, Data Archiving Policy, Security and Information Event Management (SIEM). Data Event Logging and Event Attributes covers topics like OWASP Recommendations, SIEM Capabilities, and SIEM Challenges.
Cloud Security: Application of Defined Controls for Personally Identifiable Information (PII)•10 minutes
Cloud Security: Data Dispersion•10 minutes
Cloud Security: Threat to Storage Types•10 minutes
Cloud Security: Technologies to Address Threats•10 minutes
Cloud Security: DLP Architecture•10 minutes
Cloud Security: Review Activity•10 minutes
Cloud Security: Key Storage in the Cloud•10 minutes
Cloud Security: Common Approaches for Data Masking•10 minutes
Cloud Security: Data Retention Policies•10 minutes
Cloud Security: Disposal Options•10 minutes
1 assignment•Total 30 minutes
Quiz 3•30 minutes
1 discussion prompt•Total 10 minutes
Cloud Security•10 minutes
Module Topics for Secure Big Data Systems: Application Vulnerabilities and Architecture or Design Environments. Application Vulnerabilities include topics like Data Growth, Big Data, Interpreting Big, Data, Big Data Issues, and Challenges with 'Free' Analytic Tools. Architectural or Design Environments include topics like Distributed Computing Architectures, Key Challenges, Securing the Organization's Big Data, and Deploying Big Data for Security. Module Topics for Operate and Secure Virtual Environments: Software-Defined Network (SDN), Virtual Appliances, Continuity and Resilience, Attacks and Countermeasures, Common Virtualization Attacks, Recommendations and Best Practices for Secure Virtualization, and Shared Storage. In Software-Defined network (SDN), you will learn about How SDN Works. Virtual Appliances talks about Virtual Appliances Compared to Virtual Machines. In Continuity and Resilience you will learn about Host Clustering Concepts, VMware Distributed Resource Scheduling (DRS), Scalability and Reliability, windows Failover Clustering. In Common Virtualization Attacks, you will learn about Mitigation Strategies. In Recommendations and Best Practices for Secure Virtualization you will learn about Desktop Virtualization and Security, Network Security, Storage Networks, Auditing and Logging, Virtual Machine Security, Management Systems, Hypervisor Security, Time Synchronization, Remote Access, Backups, and Configuration and Change Management.
What's included
9 videos9 readings1 assignment1 discussion prompt
9 videos•Total 70 minutes
Secure Big data Systems: Big Data•7 minutes•Preview module
Secure Big Data Systems: Interpreting Big Data•4 minutes
Secure Big data Systems: Key Challenges•5 minutes
Operate and Secure Virtual Environments: SDN•5 minutes
Operate and Secure Virtual Environments: Virtual Appliances•8 minutes
Operate and Secure Virtual Environments: DRS•10 minutes
Operate and Secure Virtual Environments: Common Attacks•6 minutes
Operate and Secure Virtual Environments: Network Security•5 minutes
Operate and Secure Virtual Environments: Virtual Machine Security•16 minutes
9 readings•Total 90 minutes
Secure Big Data Systems: Big Data•10 minutes
Secure Big Data Systems: Interpreting Big Data•10 minutes
Secure Big data Systems: Key Challenges•10 minutes
Operate and Secure Virtual Environments: SDN•10 minutes
Operate and Secure Virtual Environments: Virtual Appliances•10 minutes
Operate and Secure Virtual Environments: DRS•10 minutes
Operate and Secure Virtual Environments: Common Attacks•10 minutes
Operate and Secure Virtual Environments: Network Security•10 minutes
Operate and Secure Virtual Environments: Virtual Machine Security•10 minutes
1 assignment•Total 30 minutes
Quiz 4•30 minutes
1 discussion prompt•Total 10 minutes
Big Data Security•10 minutes
What's included
1 peer review
1 peer review•Total 60 minutes
Systems and Applications Case Study•60 minutes
What's included
1 assignment
1 assignment•Total 30 minutes
Final Quiz•30 minutes
Instructor
Instructor ratings
Instructor ratings
We asked all learners to give feedback on our instructors based on the quality of their teaching style.
ISC2 is an international nonprofit membership association focused on inspiring a safe and secure cyber world. Best known for the acclaimed Certified Information Systems Security Professional (CISSP®) certification, ISC2 offers a portfolio of credentials that are part of a holistic, programmatic approach to security. www.isc2.org
"To be able to take courses at my own pace and rhythm has been an amazing experience. I can learn whenever it fits my schedule and mood."
Jennifer J.
Learner since 2020
"I directly applied the concepts and skills I learned from my courses to an exciting new project at work."
Larry W.
Learner since 2021
"When I need courses on topics that my university doesn't offer, Coursera is one of the best places to go."
Chaitanya A.
"Learning isn't just about being better at your job: it's so much more than that. Coursera allows me to learn without limits."
Learner reviews
Showing 3 of 155
4.8
155 reviews
5 stars
82.58%
4 stars
13.54%
3 stars
2.58%
2 stars
0%
1 star
1.29%
A
A
5
Reviewed on Jan 15, 2019
infect systems and application security is the recruisal of all courses in sscp
R
RT
5
Reviewed on Jun 11, 2020
This was an excellent course. I recommend anyone take it that is in the security support role.
D
DK
5
Reviewed on Mar 8, 2019
really worth attending this course, there is so much information available for security professionals. This course is adding weight to my skills and understanding of Cloud and Applications security.
The course schedule contains approximately 15 hours of content material covering lectures, reading materials, a case study, and quizzes broken up over the course of 7 weeks.
Yes, you can preview the first video and view the syllabus before you enroll. You must purchase the course to access content not included in the preview.
If you decide to enroll in the course before the session start date, you will have access to all of the lecture videos and readings for the course. You’ll be able to submit assignments once the session starts.
Once you enroll and your session begins, you will have access to all videos and other resources, including reading items and the course discussion forum. You’ll be able to view and submit practice assessments, and complete required graded assignments to earn a grade and a Course Certificate.
If you complete the course successfully, your electronic Course Certificate will be added to your Accomplishments page - from there, you can print your Course Certificate or add it to your LinkedIn profile.
This course is one of a few offered on Coursera that are currently available only to learners who have paid or received financial aid, when available.
You are eligible for a refund until 14 days after your payment date, or until 14 days after the course or Certificate launches, whichever is later. You are not eligible for a refund after earning a Course Certificate, even if you complete a course within the 14-day period. See our full refund policy.