Information Security Fundamentals Learning Path

16 hours, 7 minutes

Quick facts

About this learning path

  • courses

    100% online

  • Duration

    16 hours, 7 minutes

  • Assessment

    questions

About Information Security Fundamentals

 

Syllabus

Access Control Fundamentals

Course - 00:22:00

This course covers the fundamental concepts of access control. It introduces common access control models (MAC, DAC, RBAC, ABAC and Rule-Based Access Control) and covers mechanisms for implementing physical and logical access control. The course also covers important account and credential management concepts, including types of user accounts, access policies, secure account management and password security.
Secure Network Design

Course - 01:15:00

This course covers the following network security topics: network security devices and placement, network topologies and security zones, and network segregation, segmentation and isolation. It briefly introduces a wide variety of security device types, from sensors to firewalls and load balancers. The terms intranet, extranet and demilitarized zone (DMZ) are defined and explained, along with the concepts of Network Address Translation (NAT) and honeynets. The segregation/segmentation/isolation part of the course provides a basic understanding of physical and logical separation and explains the VPN tunneling mechanism.
Identification and AAA

Course - 00:46:00

This course introduces these important information security concepts: identification, authentication, authorization and accounting (IAAA). It defines the terms, explains the IAAA process and provides an overview of the identity and access management concepts and services, including federation, Single Sign-On (SSO), transitive trust, RADIUS, TACACS+, Kerberos and others.
Hardware and OS Security

Course - 00:46:00

This course explains the core hardware, firmware and operating system security concepts, including hardware root of trust, full-disk encryption, hardware security module and Trusted Platform Module, secure boot and others. It introduces different types of operating systems and basic hardening techniques. Peripheral device examples and security concepts are also covered.
Software and Application Security

Course - 00:54:00

This course introduces basic concepts related to secure software and application development. The Waterfall and Agile implementation methods of the software development life cycle (SDLC) are covered, along with the key secure devops concepts including baselining, immutable systems, version control and change management. Other topics in the course include secure coding techniques, code quality and testing and embedded systems security.
Physical Security

Course - 00:10:00

This short course introduces common physical security controls, from perimeter defenses such as fences and lighting to environmental controls and physical intrusion detection. The course explains how each control is used for security and highlights benefits and downsides of using some of the controls.
Security Technologies and Tools

Course - 01:30:00

This course provides an introductory overview of various information security technologies and tools. It covers network devices (routers, switches, proxies) and their security features, compares different types of firewalls and intrusion detection and prevention systems, and explains other secure networking concepts, such as Virtual Private Networks (VPN) and Network Access Control (NAC). Other topics covered in this course include Security Information and Event Management (SIEM) solutions, Data Loss Prevention (DLP) and other security technologies, such as secure mail and media gateways and Hardware Security Modules (HSM).
Introduction to Cryptography

Course - 01:00:00

This course introduces the fundamental concepts of cryptography. It covers the key terminology (algorithm, key, cipher and more) and common use cases for cryptography. The course explains the difference between symmetric and asymmetric encryption, talks about common symmetric and asymmetric algorithms, provides an overview of common hashing algorithms and touches upon common implementation concerns.
Introduction to Security Controls

Course - 00:48:00

This introductory course provides an overview of security control categories (administrative, physical, technical) and types (deterrent, preventive, detective, corrective, compensating). The course also introduces important data security concepts: data sensitivity types (classification) and secure data destruction/sanitization.
Risk Management Concepts

Course - 00:23:00

This courses introduces the key concepts of information security risk management. It explains the purpose of risk assessments and how quantitative and qualitative risk assessments are performed. Important risk assessment terminology is covered, including Single Loss Expectancy (SLE), Annual Rate of Occurrence (ARO), Annual Loss Expectancy (ALE) and others. The Business Impact Analysis (BIA) concepts are explained, including Recovery Point Objective (RPO), Recovery Time Objective (RTO), Mean Time Between Failures (MTBF), Mean Time To Repair (MTTR) and Single Point of Failure. The course also covers threat assessment, risk response techniques (accept, transfer, avoid, mitigate), and security documents (policies, procedures, service-level agreements and more).
Threats and Threat Actors

Course - 01:01:00

This course provides an overview of common security threats and threat actors. It defines common types of threat actors, from script kiddies to Advanced Persistent Threats (APTs), and explains their motivation and intentions. Information security threats covered in this course include malware, social engineering, application and service attacks, wireless attacks and attacks on cryptography.
Business Continuity and Disaster Recovery

Course - 00:13:00

This course introduces Business Continuity Planning (BCP) and Disaster Recovery (DR) planning and procedures. Different types of recovery sites (hot, warm, cold) are compared and restoration procedures are explained. The course also explains different types of backups: full, differential and incremental, as well as considerations for selecting backup locations.

The details

Learning path insights

How to claim CPEs

Should you complete this learning path, you’ll be able to download a certificate of completion. Use this to claim your CPEs or CPUs.

Associated NICE Work Roles

All Infosec training maps directly to the NICE Workforce Framework for Cybersecurity to guide you from beginner to expert across 52 Work Roles.

  • All-Source Analyst
  • Mission Assessment Specialist
  • Exploitation Analyst

No software. No set up. Unlimited access.

Skip the server racks and spin up a realistic environment with one click. Infosec Skills cyber ranges require no additional software, hardware or server space so your team can spend less time configuring environments and more time learning. Unlimited cyber range access is included in every Infosec Skills subscription so your team can skill up however they learn best.

Unlock 7 days of free training

  • 1,400+ hands-on courses and labs
  • Certification practice exams
  • Skill assessments

Plans & pricing

Infosec Skills Personal

$299 / year

  • 190+ role-guided learning paths (e.g., Ethical Hacking, Threat Hunting)
  • 100s of hands-on labs in cloud-hosted cyber ranges
  • Custom certification practice exams (e.g., CISSP, Security+)
  • Skill assessments
  • Infosec peer community support

Infosec Skills Teams

$799 per license / year

  • Team administration and reporting
  • Dedicated client success manager
  • Single sign-on (SSO)
    Easily authenticate and manage your learners by connecting to any identity provider that supports the SAML 2.0 standard.
  • Integrations via API
    Retrieve training performance and engagement metrics and integrate learner data into your existing LMS or HRS.
  • 190+ role-guided learning paths and assessments (e.g., Incident Response)
  • 100s of hands-on labs in cloud-hosted cyber ranges
  • Create and assign custom learning paths
  • Custom certification practice exams (e.g., CISSP, CISA)
  • Optional upgrade: Guarantee team certification with live boot camps

Learn about scholarships and financing with

Affirm logo