Cyber Resilience: Building Strong Cybersecurity Systems

Packt via Coursera

Go to class Write review

Overview

Google, IBM & Meta Certificates — All 10,000+ Courses at 40% Off

One annual plan covers every course and certificate on Coursera. 40% off for a limited time.

Get Full Access

This course equips learners with essential knowledge and skills to build and maintain a resilient cybersecurity framework. Cyber resilience is critical in the modern world, where digital systems face evolving threats. The course focuses on understanding how to protect, detect, respond, and recover from cybersecurity incidents. By the end of this course, learners will have the skills to apply cybersecurity principles effectively, managing risks and implementing defense-in-depth strategies. It ensures participants gain practical insights for real-world application in safeguarding digital systems. What sets this course apart is its combination of theoretical concepts with practical, actionable strategies. It prepares learners to navigate the constantly changing cybersecurity landscape while maintaining robust and secure environments. Designed for cybersecurity professionals, risk managers, and business continuity experts, this course provides the foundation for enhancing cybersecurity posture. A basic understanding of digital systems and security is recommended for optimal learning. Copyright © Alan Calder, 2023. The author has asserted the rights of the author under the Copyright, Designs and Patents Act, 1988, to be identified as the author of this work. This course is based on a book originally published by IT Governance Publishing. First edition published in the United Kingdom in 2023 by IT Governance Publishing.

Syllabus

The Cyber Threat Landscape

In this section, we examine the dynamic cyber threat landscape, focusing on rapid vulnerability exploitation and the challenges of timely patching for effective risk management.

Legal and Contractual Requirements

In this section, we examine legal and contractual requirements shaping security practices. Key concepts include data privacy laws, critical infrastructure standards, and contractual obligations for compliance and accountability.

Key Terms and Concepts

In this section, we define key security terminology, distinguish between security events and incidents, and apply defence in depth principles to enhance threat management practices.

Managing the Risks

In this section, we explore security trade-offs and how to make balanced decisions for effective protection.

Three Security Pillars

In this section, we examine the three security pillars-people, processes, and technology-and their interdependence in mitigating risks through training, policies, and practical implementation.

Layers of Defence in Depth

In this section, we explore defence in depth, focusing on prevention, detection, and response to enhance cyber resilience and manage threats effectively.

Mapping the Layers Against the Part 2 Reference Controls

In this section, we map reference controls to defence-in-depth layers, emphasizing risk-based selection and multi-layered security implementation for practical cyber resilience.

Implementation Tips

In this section, we explore practical steps for aligning security frameworks with organisational needs, defining clear objectives, and conducting gap analyses to identify weaknesses.

Asset Management

In this section, we explore asset management, focusing on identifying information assets, maintaining accurate inventories, and optimising usage for security and cost efficiency.

Board-Level Commitment and Involvement

In this section, we examine how board-level commitment influences cybersecurity success. Key concepts include executive support, strategic alignment, and leadership impact on security outcomes.

Business Continuity Management

In this section, we explore business continuity management, focusing on risk mitigation, plan development, and disruption response to ensure organizational resilience and operational continuity.

Configuration and Patch Management

In this section, we explore configuration hardening and patch management to reduce security risks. Key concepts include disabling unnecessary functions, applying updates, and minimizing attack surfaces.

Continual Improvement Process

In this section, we explore continual improvement processes to adapt security measures to evolving threats. Key concepts include threat analysis, risk mitigation, and maintaining security maturity through regular adjustments.

Encryption

In this section, we explore encryption techniques for securing data at rest and in transit, evaluate encryption alternatives, and emphasize secure key management practices for real-world data protection.

External Certification/Validation

In this section, we examine external certification benefits, including trust building, compliance, and business growth, while exploring frameworks like Cyber Essentials and ISO 27001 for structured security strategies.

Identity and Access Control

In this section, we examine IAAA controls, the need to know principle, and least privilege to manage user access and reduce security risks in organisations.

Incident Response Management

In this section, we examine incident response management, emphasizing prepared plans, detection measures, and defense-in-depth strategies to minimize breach impacts.

Internal Audits

In this section, we examine internal audits as tools for verifying security measures against standards, identifying weaknesses, and supporting continual improvement through objective evaluation.

Malware Protection

In this section, we examine malware protection strategies, including anti-malware software, firewalls, data scanning, and staff training to reduce infection risks through technical and human measures.

Network and Communications Security

In this section, we explore network asset identification, security zone organization, and implementation of firewalls and DMZs to enhance network protection and data security.

Physical and Environmental Security

In this section, we examine physical and environmental security measures, emphasizing secure perimeters, hardware protection, and environmental risk analysis to enhance overall system integrity.

Security Monitoring

In this section, we explore continuous security monitoring, log generation, and analysis for detecting threats and supporting incident response. Key concepts include real-time observation, log management, and forensic readiness.

Security Policies

In this section, we examine how documented security policies and procedures ensure organisational compliance, consistency, and accountability, while highlighting the importance of continuous policy review and alignment with evolving requirements.

Staff Training and Awareness

In this section, we explore tailored security training for dedicated roles and general staff, emphasizing effective risk management through role-specific programs and awareness strategies.

Supply Chain Security

In this section, we examine supply chain security, emphasizing due diligence, SLA reviews, and risk assessments to mitigate third-party vulnerabilities.

System Security

In this section, we examine system risks based on access types, implement input sanitisation for web services, and design security measures for system interactions.

Vulnerability Scanning and Penetration Testing

In this section, we explore vulnerability scanning and penetration testing to identify system weaknesses. Key concepts include using tools, analyzing results, and integrating security testing into programs.