UOP-CYB550: Technical Enterprise Security

Host Security

• Firewalls and Network Access Control
• Host-Based Firewalls
• Persistent Agent
• Non-Persistent Agent
• Agent-Based Technology
• Agentless-Based Technology
• Trusted Operating Systems
• Endpoint Security Solutions
• Anti-Malware
• Host Hardening
• Asset Management
• Data Exfiltration
• Intrusion Detection and Prevention
• Network Management, Monitoring, and Security Tools

Application Security and Penetration Testing Part 1

• Application Security Design Considerations
• Specific Application Issues
• Application Sandboxing
• Application Security Frameworks
• Software Assurance
• Development Approaches
• Secure Coding Standards
• Documentation
• Validation and Acceptance Testing
• Application Exploits
• Privilege Escalation

Application Security and Penetration Testing Part 2

• Improper Storage of Sensitive Data
• Secure Cookie Storage and Transmission
• Context-Aware Management
• Malware Sandboxing
• Pivoting
• Open-Source Intelligence
• Memory Dumping
• Client-Side Processing vs. Server-Side Processing
• Security Assessments and Penetration Testing
• Red, Blue, and White Teaming
• Vulnerability Assessment Areas
• Security Assessment and Penetration Test Tools

Risk Management

• Risk Terminology
• Identifying Vulnerabilities
• Operational Risks
• The Risk Assessment Process
• Best Practices for Risk Assessments

Policies, Procedures, and Incident Response

• A High-Level View of Documentation
• Business Documents Used to Support Security
• Documents and Controls Used for Sensitive Information
• Training and Awareness for Users
• Auditing Requirements and Frequency
• The Incident Response Framework
• Incident and Emergency Response

Security Research and Analysis

• Applying Research Methods to Determine Industry Trends and Their Impact on the Enterprise
• Analyze Scenarios to Secure the Enterprise

About