This course covers the material that comprises Domain 4.0 of the CompTIA Security+ SY0-401 certification exam. Topics include application security concepts such as fuzzing, cross-site scripting, cross-site request forgery, application and database hardening, device security, encryption, data-wiping, SCADA and embedded systems security, virtualization and cloud security concepts, mobile device security, and the various methods used to implement security best practices.
Chris is a lifelong learner and professional information technologist, trainer and IT Manager. Married with 3 children, Chris is interested in martial arts, working out, spending time with family and friends and being creative whenever possible.
Appropriate Controls to Ensure Data Security Hey, welcome back to Pluralsight. I'm your instructor, Christopher Rees, and in this module we're going to cover the appropriate controls to ensure data security. So in this module we have a few things to cover, we're going to talk about cloud storage, SAN, or storage area networks. We'll talk about handling big data. We'll talk about data encryption and the things that are involved in that process. We'll talk about hardware based encryption devices and the things you need to be aware of as far as using hardware to encrypt your laptops and things along those lines. We'll talk about data in-transit, data at-rest, and also data in-use. The differentiation between those three and why those things are important as a security professional, along with such things as permissions and access control lists. And we'll talk about data policies and such things as wiping, and disposing, and retention, along with the storage of data. So let's go ahead and get started.
Mitigate Security Risks in Static Environments Hey welcome back to Pluralsight. I'm your instructor, Christopher Rees, and in this module we're going to talk about mitigating security risks in static environments. Now this module has some very important information that I want you to pay close attention to, especially when we're dealing with such things as SCADA, or SCADA, this is an important section. We'll also talk about embedded systems, such as printers, smart TVs, and HVAC controls, all things within the environment subcategory. We'll talk about Android and iOS, the passionate debates continues, which is better, of course it's a matter of opinion, but there are security implications for each. We'll talk about mainframes, game consoles, and in-vehicle computing systems. Again some things you may or may not really concern yourself with or think about when we're talking about security or your function as a security professional. And then we'll talk about the various methods that we need to implement to secure these different environments, and that deals with network segmentation, security layers, or defense in depth. We'll talk about application firewalls, manual updates, firmware version control. We'll also talk about wrappers and then control redundancy and diversity. So let's go ahead and get started.