Transcription
NANODEGREE PROGR AM SYLL ABUSSecurity Architect
OverviewThe goal of the Security Architect Nanodegree is to equip learners with the necessary skills required to advancetheir careers in the field of cybersecurity. As a security architect, you’ll be charged with designing security systemsto thwart malware, hacker intrusions and denial-of-service attacks. The program addresses security topics relatedto architectural and implementation skills required by a skilled cybersecurity professional for critical use-cases likeidentity and access management, infrastructure security, threat detection, and incident response.Estimated Time:4 monthsPrerequisites:Linux and AWSFlexible Learning:Self-paced, so youcan learn on theschedule that worksbest for you.Technical MentorSupport:Our knowledgeablementors guide yourlearning and arefocused on answeringyour questions,motivating you andkeeping you on track*The length of this program is an estimation of total hours the average student may take to complete all requiredcoursework, including lecture and project time. If you spend about 5-10 hours per week working through the program, youshould finish within the time provided. Actual hours may vary.Security Architect 2
Course 1: Security ArchitecturePlanning & DesignThis course introduces the fundamental security planning, design and systems thinking concepts that areused throughout security architecture. As networks and applications grow more complex, the need toidentify potential sources of weakness that are a product of that complexity becomes crucial. Studentswho complete this course will be equipped with the skills to identify and evaluate risks in systems, assesswhether or not risks are acceptable, and work alongside stakeholders to prioritize remediation efforts.Course Project :Conduct an ApplicationSecurity ReviewConducting application security reviews is an important part ofplanning, building and deploying secure systems. As part of asecurity process, we conduct a technical security assessmentfor each newly deployed application or service. For applicationsthat haven’t had a security review, your job includes makingsure they meet the standards of the organization. In this project,students review a customer information management system(CIMS) for security vulnerabilities and write up their findings in atechnical report.Security Architect 3
LEARNING OUTCOMESLESSON ONEIntroduction toSecurity Planning& Design Categorize risks by severity based on impact and likelihood Identify risks in application architectures by considering thedetails of the system Create architecture diagrams using diagramming software Identify threats to a system by examining its exposure andvalue to attackers Determine the applicability of security frameworks to theirLESSON TWOSecurity andRegulatoryFrameworksorganization by considering the types of data managed by theorganization Distinguish between different security frameworks andidentify their commonalities and differences Distinguish between different regulatory frameworks andidentify their commonalities and differences Prioritize risk reduction by evaluating the severity of a riskLESSON THREEDesigning SecureSystemsand the cost to remediate it Design architectures that are highly usable by identifying keystakeholders and prioritizing their needs Assess security problems within trust models by applying riskminimization principles Balance business needs with security needs by conductinganalysis of security controlsSecurity Architect 4
Course 2: Enterprise Identity and Access ControlIdentity and access control management is fundamental to the security of any organization. This courseintroduces the fundamentals needed to create and implement access control within an organization.Specifically, this course teaches the fundamentals of managing access control within cloud environmentssuch as AWS. Students who complete this course will be equipped with the skills to design, implement andenforce access control using different access control models. In doing so, they will be prepared to implementaccess control that is maintainable and aligns with the principle of least privilege.Course Project :Architecting IAMImplementationwith EnforcementCreating and enforcing a role structure is critical to the successof access control within an organization. In this project,students will implement a role structure with policies that willbe evaluated and enforced. Using an access control matrixthat outlines the appropriate roles, resources and actionsto be implemented, students will create the role structurewithin AWS. They will ensure that least privilege is maintainedby evaluating the access defined in the policies to ensurethat it aligns with the access defined in the matrix. Uponimplementation of the policies and permissions, they will beleveraging AWS Config to evaluate IAM policies to ensure thatthe organizational requirements are maintained.Security Architect 5
LEARNING OUTCOMES Identify and justify the correct Access Control Model given aLESSON ONEIAM AccessControl Modelsand AWSLESSON TWOBuilding AccessControl Matrixand MappingPermissionsLESSON THREEBuildingOrganizationalRole StructureLESSON FOURBuildingOrganizationalRole and AccessVisualizationLESSON FIVEEnforcingIAM PolicyConfigurationsscenario Define and employ RBAC and determine the use cases inwhich it should be employed Define and employ ABAC and evaluate the benefits of its usein given scenarios Identify access control components Translate access control components from requirements Create access control matrix from predefined requirements Create IAM roles from subjects in access control matrix Create scoped IAM policies from permissions in accesscontrol matrix Create IAM restrictions from restrictions defined in accesscontrol matrix Identify elements and resources to be visualized from theaccess control matrix Create visualization for IAM roles Create visualization for IAM policies Create visualization for each resource and permissions Identify and employ use cases for AWS Config Evaluate IAM requirements from the access control matrixthat must be enforced Create AWS Config rules for alerting on non-compliant IAMpoliciesSecurity Architect 6
Course 3: Infrastructure & Network SecurityArchitecture Planning & DesignThis course covers infrastructure and network security concepts essential for designing and implementingsecure infrastructure. Complex infrastructures can have multiple moving components connected over anetwork. A multi-layered security architecture is required to provide complete visibility of system and servicebehavior. This course covers aspects of architecting and building security alerting and monitoring servicesthat are scalable throughout the enterprise.Course Project :Watertight SecurityThe Water & Power Organization (WPO) audits and maintainsthe billing and usage of its customers with an application thatallows its field agents to upload the picture of the metersattached in customers’ houses. Lately, WPO engineers startednoticing a lot of binary files getting uploaded through theapplication which are actually malware files. It is possible thateither someone is deliberately trying to attack the applicationby uploading malware files or one of the field agent’s devicesis infected and is being used to target WPO’s application. Asa security architect, you have been called onboard to helpimprove the overall security of the service and mitigate possibledisruption to WPO and its customers.LEARNING OUTCOMES Understand framework types and implement them toLESSON ONEInfrastructure &Network SecurityArchitecturePlanning & Designsecurity problems Build network boundaries and define access types for theinfrastructure Map security services with network and infrastructure Identify, quantify and rectify cybersecurity risks associatedwith the business or infrastructureSecurity Architect 7
LEARNING OUTCOMESLESSON TWOBuildingIntelligencedriven, defensein-depthArchitectureLESSON THREEThreat SurfaceAnalysis &Building ScalableDetection ServiceLESSON FOURThreat Triageand DetectionEnrichment Implement Defense-in-Depth (DiD) on your infrastructureand network Secure an organization with a threat-driven approach Map the various stages of a cyber attack with the Cyber KillChain model Use the STRIDE methodology to complete threat modeling Integrate security best practices into existing business andapplication process flow Plan and build scalable services that can detect certain typesof threats for the business or application Integrate an alert pipeline for security teams to monitor forsecurity incidents Describe detection and response processes and frameworks Implement the MITRE ATT&CK framework to map our threatlandscape against different attack scenarios Design playbooks to triage and remediate security incidentsquickly and efficientlySecurity Architect 8
Course 4: Incident Response & BusinessContinuity Architecture Planning, Design &ImplementationThis course introduces the fundamental incident response planning, design and architecture conceptsthat are used in the cloud. As cloud solutions grow more complex so must the related incident responsecapabilities. Students who complete this course will be equipped with the skills to plan, design and execute astrong set of foundational cloud incident response capabilities.Upon completion of this course students will be able to: Plan incident response roles, conduct asset inventories, and configure logging and monitoring Plan and implement artifact collection, containment and isolation and automated responseprocedures in runbooks Plan, implement and validate business continuity actions in runbooksCourse Project :Incident Response andBusiness Continuity forMicro-AssurancesIt is your first day as the incident response and businesscontinuity manager for a small insurance company called MicroAssurances. They have a small but important deployment inthe AWS cloud and this deployment supports their primarybusiness function which is processing insurance policy claims.If both of their servers are unavailable the company will incurfines, lose customers and possibly have to shut down.An architecture diagram was provided to you depicting a publicfacing AWS elastic load balancer, Linux, Apache, MySQL, andPHP (LAMP) server in a primary availability zone and LAMPserver in a secondary availability zone. In addition, you wereinformed that the AWS platform team consists of a databaseadministrator, system administrator, network engineer,application owner, security analyst and incident responder. Youwill now have to create and execute a cloud incident responserunbook for a compromised database administrator account.Security Architect 9
LEARNING OUTCOMESLESSON ONEIncident Response &Business ContinuityArchitecturePlanning, Design &ImplementationLESSON TWOIncident ResponseRunbooks for CloudInfrastructureLESSON THREELESSON FOURIncident ResponsePlaybooks andAutomationBusinessContinuity Plan incident response roles, conduct asset inventories andconfigure logging and monitoring Plan and implement artifact collection, containment andisolation, and automated response procedures in runbooks Plan, implement and validate business continuity actionsin runbooks Identify and document incident response roles andresponsibilities Document an asset inventory for incident response Configure logging and monitoring for cloud incidentresponse Collect artifacts for incident response in a cloudenvironment Contain and isolate infected resources for incidentresponse in a cloud environment Automate incident response scripts in a cloud environment Perform business continuity analysis Automate business continuity actions Validate and document business continuitySecurity Architect 10
Our Classroom ExperienceREAL-WORLD PROJECTSBuild your skills through industry-relevant projects. Getpersonalized feedback from our network of 900 projectreviewers. Our simple interface makes it easy to submityour projects as often as you need and receive unlimitedfeedback on your work.KNOWLEDGEFind answers to your questions with Knowledge, ourproprietary wiki. Search questions asked by other students,connect with technical mentors, and discover in real-timehow to solve the challenges that you encounter.WORKSPACESSee your code in action. Check the output and quality ofyour code by running them on workspaces that are a partof our classroom.QUIZZESCheck your understanding of concepts learned in theprogram by answering simple and auto-graded quizzes.Easily go back to the lessons to brush up on conceptsanytime you get an answer wrong.CUSTOM STUDY PLANSCreate a custom study plan to suit your personal needsand use this plan to keep track of your progress towardyour goal.PROGRESS TRACKERStay on track to complete your Nanodegree program withuseful milestone reminders.Security Architect 11
Learn with the BestErick GalinkinSjon-Paul BrownP R I N C I PA L A IR E S E A R C H E R R A P I D7SENIOR DE VOPS ENGINEERErick Galinkin is a hackerand scientist specializing inapplying artificial intelligence tocybersecurity. He also conductsacademic research on machinelearning theory and the interplaybetween algorithmic game theoryand information security.Sjon-Paul Brown is a DevOps engineerand DevOps consultant who helpscompanies streamline and secure theircloud environments and developmentprocesses. He has formally workedwith varying startups and enterprisesto ensure to that software can besecurely developed and deployed in anagile manner.Abhinav SinghWilliam O. FergusonC YBER SECURIT Y RESE ARCHERCLOUD ARCHITEC TAbhinav is a cybersecurity researcherwith nearly a decade of experienceworking for global leaders in securitytechnology, financial institutions andas an independent consultant. He isthe author of Metasploit PenetrationTesting Cookbook and Instant WiresharkStarter, as well as many papers,articles and blogs.William serves as a subject matter expertfor complex information assurance andsecurity engineering efforts worldwide.He helps foster a better view intothe globalized challenges of securecomputing worldwide as a global digitalprofessional with intimate knowledgeof both domestic and foreign networkinfrastructures.Security Architect 12
All Our Nanodegree Programs Include:EXPERIENCED PROJECT REVIEWERSREVIEWER SERVICES Personalized feedback & line by line code reviews 1600 Reviewers with a 4.85/5 average rating 3 hour average project review turnaround time Unlimited submissions and feedback loops Practical tips and industry best practices Additional suggested resources to improveTECHNICAL MENTOR SUPPORTMENTORSHIP SERVICES Questions answered quickly by our team oftechnical mentors 1000 Mentors with a 4.7/5 average rating Support for all your technical questionsPERSONAL CAREER SERVICESC AREER SUPPORT Github portfolio review LinkedIn profile optimizationSecurity Architect 13
Frequently Asked QuestionsPROGR AM OVERVIE WWHY SHOULD I ENROLL?This program was designed to help you take advantage of the growingneed for skilled cybersecurity professionals. Prepare to meet the demandfor qualified security analysts that can implement elements of securityinfrastructure design and management at an enterprise level.WHAT JOBS WILL THIS PROGRAM PREPARE ME FOR?The need for a strong cybersecurity culture in an enterprise organization isgreater than ever. The skills you will gain from this Nanodegree program willqualify you for jobs in several industries as countless companies are tryingto keep up with security threats.HOW DO I KNOW IF THIS PROGRAM IS RIGHT FOR ME?The course is for individuals who are looking to advance their cybersecuritycareers with cutting-edge skills to protect enterprises from threats.ENROLLMENT AND ADMISSIONDO I NEED TO APPLY? WHAT ARE THE ADMISSION CRITERIA?No. This Nanodegree program accepts all applicants regardless ofexperience and specific background.WHAT ARE THE PREREQUISITES FOR ENROLLMENT?A well prepared student will be familiar with Linux and AWS and have someexperience conducting administration with those platforms. Specifically: Setting up a Linux server and perform system configuration/management Setting up a cloud environment and perform cloud configuration/management Understanding networking, cloud and hardware systems relevantto courses being taught (e.g. if a course teaches on Linux security,students should know the basics of how Linux works) Experience with networking, cloud and Linux systems Experience with common networking protocols (HTTP, TCP, DNS, SSH) Familiarity with client-server architecture Identifying the different encryption protocols (AES, RSA, PGP) Reviewing, implementing and modifying code using Python Accurately using general cybersecurity terminology to describe threats(e.g. Exploit, Vulnerability, Malware)IF I DO NOT MEET THE REQUIREMENTS TO ENROLL,WHAT SHOULD I DO?Students who do not feel comfortable in the above may consider takingUdacity’s Introduction to Cybersecurity Nanodegree program to obtainprerequisite skills.Security Architect 14
FAQs ContinuedTUITION AND TERM OF PROGR AMHOW IS THIS NANODEGREE PROGRAM STRUCTURED?The Security Architect Nanodegree program is comprised of content andcurriculum to support 4 projects. We estimate that students can completethe program in 4 months working 10 hours per week.Each project will be reviewed by the Udacity reviewer network. Feedbackwill be provided and if you do not pass the project, you will be asked toresubmit the project until it passes.HOW LONG IS THIS NANODEGREE PROGRAM?Access to this Nanodegree program runs for the length of time specifiedabove. If you do not graduate within that time period, you will continuelearning with month to month payments. See the Terms of Use andFAQs for other policies regarding the terms of access to our Nanodegreeprograms.CAN I SWITCH MY START DATE? CAN I GET A REFUND?Please see the Udacity Nanodegree program FAQs for policies onenrollment in our programs.SOF T WARE AND HARDWAREWHAT SOFTWARE AND VERSIONS WILL I NEED IN THIS PROGRAM?There are no software and version requirements to complete thisNanodegree program. All coursework and projects can be completed viaStudent Workspaces in the Udacity online classroom. Udacity’s basic techrequirements can be found ty Architect 15
program by answering simple and auto-graded quizzes. Easily go back to the lessons to brush up on concepts anytime you get an answer wrong. CUSTOM STUDY PLANS Create a custom study plan to suit your personal needs and use this plan to keep track of your progress toward your goal. PROGRESS TRACKER Stay on track to complete your Nanodegree .
