Data breaches occur nearly every day. From very large retailers, down to your fantasy football website, and anywhere in between, they have been compromised in some way. How did the attackers get in? What did they do with the data they compromised? What should I be concerned with in my own business or my systems? This course is the second course in the Practical Computer Security. It will discuss types of threats and attack vectors commonly seen in today’s environment. I hate to be the bearer of bad news, but threats are all over the place! This course isn’t designed to insight fear that there is no hope for keeping systems and business secure, but rather educate you on how attacks are carried out so that you have a better sense of what to look out for in your business or with your systems.
Introduction
Loading...
Del curso dictado por University of Colorado System
Cyber Threats and Attack Vectors
111 calificaciones
University of Colorado System
111 calificaciones
Curso 2 de 4 en SpecializationCybersecurity for Business
De la lección
THREATS AND ATTACK VECTORS IN COMPUTER SECURITY
Welcome! This week we'll explore users and user based attacks. User based attacks are common because it may be easier to compromise a human rather than a computer.
Conoce a los instructores
Greg WilliamsLecturer
Department of Computer Science
Hello, my name is Greg Williams, I'm a lecturer in the computer
science department at the University of Colorado, Colorado Springs.
This is the course, threats and attack vectors in computer security.
It's the second
course in the overall specialization called practical computer security.
So a little bit more about me, I'm also, in addition to a lecturer,
I'm also the director of IT operations, or information technology operations, for
the university or the office of information technology for the university.
You can also call it the director of networks and
infrastructure, because that's exactly what my teams do.
We manage telecom, we manage everything physical,
servers, networks, again, telecom.
So, my teams manage all the physical infrastructure for
the office of information technology.
I'm also, what qualifies me to teach this course is, among other things,
I've been a former information security officer for the university.
And the former HIPAA security officer for the university,
for the medical data that we have.
I hold certifications in Windows forensics and penetration testing.
I've also held certifications in payment card industry processing, so
you're going to hear some of that in these courses as well.
How I approach payment card industry security as well.
I did have my ISA internal security auditor certification,
which is a very rigorous program that you have to go through,
in order to get certified for that.
So what made me go back to
being somebody that's innovative, versus somebody in security?
Well, I wanted to be innovative again,
with security it's pretty, here is exactly what you need to do.
And it's not so much innovation and, hey, look at all the cool
things that we can do in computer security, well, it's not like that.
So I really wanted innovate again, and I thought, hey, what best
career path could I move to,
that would allow me both to practice security still.
Because, still on the operations side, but
it would also allow me to keep up with my computer security.
And I teach the stuff for the university as well, so it's a great opportunity
to practice both sides of the house, so who is this course for?
This course is going to be for anyone that's interested
in computer security from a practical perspective, and not just theory.
Like I said, I've been practicing this for several years,
I've been in the industry now for about 15 years.
And that is hands-on experience, dealing with security, dealing with organizations,
and I haven't spent my entire career in higher education.
I spent it in Fortune 5000 companies,
if you watch my bio video, you'll see that.
Again, who is this course for, you may be an executive that needs to
understand what threats to be concerned about,
what is your information security office telling you?
Are they telling you something that you should be concerned with, or
are they saying, everything's fine, we've got it taken care of.
Maybe there's going to be a debrief in a few days that you need to
understand what just happened.
Maybe there was a security breach,
small business owners are not immune to this, either.
Small businesses often don't have the time or
the money to deal with information security.
So if you're watching this as a small business owner or
somebody that's in management inside of a small business,
I hope you're going to get some information out of this course.
What to be concerned with, inside of computer security.
This course is design to explore the threats that are out there today.
What would you be concerned with, what are you concerned with,
what doesn't allow you to sleep at night?
I have things like that all the time, and
now I'm in operations, I still worry about computer security all the time.
My information security office, I like to discuss things one on one with
them every week, or even as they arise throughout the week.
But I need to still understand the concepts out there,
in order to be able to communicate back and forth between me as senior management,
and also from the security point of view.
This course approaches the practical side of computer security.
Again, it's the second course in In the specialization called practical computer
security.
This course will help you prepare for some industry leading computer
security certifications, such as Security+ and CISSP.
The concepts in here map to the concepts inside of those certifications.
It's not going to help you with everything, and
I encourage you to study other resources.
But one of the best comments I've ever had from my students is, your
courses have helped me pass my Security+ without actually studying for them.
Which was a huge compliment for me,
because I've been practicing this stuff awhile.
So I don't have my Security+ certification,
but I understand, because I've been doing it for so long.
My approach to this course, and the others in this specialization,
is to help you prepare for what you're going to see out in your career.
Not just the things that you're going to study one little thing here,
one little thing there, and really based on theory.
So this course is based for anyone who's looking to learn
more about the computer security industry.
And, well, from really somebody that practices it on a day to day basis.
Of course, you need to understand the theory behind computer security
in order to practice it as well.
The course modules in this course are designed to cover four different areas.
The first module or week is going to introduce you to user based attacks.
Second module is going to examine network and system based attacks.
The third module is going to explore cloud security.
And the fourth module is going to dive into common vulnerabilities.
There's also a fifth module, which is a project based module.
That's going to allow you to apply what you've learned in the previous four
modules into an overall project that you're going to be peer reviewing.
At the end of each module, there's going to be a quiz that
is covering the topic that was discussed in that week.
The course project is a hands-on application of what you have learned
in the course.
You must achieve at least an 80% passing grade for the quizzes and
for the project, in order to pass the course.
Even though there's no technical component to this course,
I do have guides to show you how you can build your own lab, so
you can even get more out of the course, if you wish.
I hope you get excited about this course, and since I've been practicing real world
information security in an enterprise setting for several years.
I hope that you can see the value in having somebody that's been
in the industry and taught it as well, from the stories that I'll present to you.
Since I've also been senior management for a majority of my career,
I hope my insights, both in senior management and talking to constituents
across the organization, will help you disseminate information.
Understanding how to weed through what vendors tell you is also an important
part of this course.
How do you actually communicate to those vendors, what is really important to you?
What are you really concerned about, what threats are you concerned about?
So let me explain a little story to you,
the WannaCry vulnerability, if you will,
it was an exploit that was developed by
the NSA to breach Windows-based systems.
And it was so dangerous, in fact, that Microsoft said,
we're going to patch even our 16 year old operating system,
Windows XP, in order to patch this hole.
So as soon as that comes out, as soon as the NSA and
Microsoft say, okay, this is actually our doing.
Vendors just went after this like crazy, and they said, hey,
we have this solution, we have this solution, we have this solution.
Well, it's really, really simple to protect your systems,
like patching your systems, why do I need to talk to all these vendors?
What are my attack vectors that I need to be concerned with?
So understanding some of these concepts, and
understanding these real-world scenarios that I'm going to share with you,
are going to help you throughout this course, see you in lesson one.
Explora nuestro catálogo
Inscríbete de manera gratuita y obtén recomendaciones personalizadas, actualizaciones y ofertas.
Coursera brinda acceso universal a la mejor educación del mundo, al asociarse con las mejores universidades y organizaciones, para ofrecer cursos en línea.
© 2018 Coursera Inc. Todos los derechos reservados.
