Transcription
T HE S CHO OL OF C Y B ER SECUR I T YEnterprise SecurityNANODEGREE SYLLABUS
OverviewEnterprise Security Nanodegree ProgramThe goal of the Enterprise SecurityNanodegree program is to equip learnerswith the foundational skills of securityengineering within an enterprise setting. Thisprogram addresses security topics relatedto corporate environments, which are oftendistinct from production environmentsand center around the devices, identities,and infrastructure used by the company’spersonnel on a daily basis.Graduates of this Nanodegree programwill be able to:Build a siem and implement enterprisenetwork security best practices to monitorand control network traffic into an enterpriseDevelop an asset and patch management toincrease security posture of endpointsDesign a security baseline for applicationdevelopment as well conduct an internalapplication security assessment consisting ofthreat modeling, vulnerability scanning, andcode review.Establish data integrity checks as well dataloss prevention mechanisms that control thetypes of data that can be transferred out ofan enterprise2Program InformationTIME4 monthsStudy 5-10 hours/weekLEVELIntermediatePREREQUISITESLinux and AzureHARDWARE/SOFTWAREREQUIREDThere are no software andversion requirements to completethis Nanodegree program. Allcoursework and projects can becompleted via Student Workspacesin the Udacity online classroom.Udacity’s basic tech requirementscan be found at https://www.udacity.com/tech/requirements.LEARN MORE ABOUT THISNANODEGREEContact us atenterpriseNDs@udacity.comTHE SCHOOL OF C YBERSECURIT Y
Our Classroom ExperienceREAL-WORLD PROJECTSLearners build new skills through industry-relevantprojects and receive personalized feedback from ournetwork of 900 project reviewers. Our simple userinterface makes it easy to submit projects as often asneeded and receive unlimited feedback.KNOWLEDGEAnswers to most questions can be found withKnowledge, our proprietary wiki. Learners can searchquestions asked by others and discover in real-timehow to solve challenges.LEARNER HUBLearners leverage the power of community througha simple, yet powerful chat interface built within theclassroom. Learner Hub connects learners with theirtechnical mentor and fellow learners.WORKSPACESLearners can check the output and quality of theircode by testing it on interactive workspaces that areintegrated into the classroom.QUIZZESUnderstanding concepts learned during lessons ismade simple with auto-graded quizzes. Learners caneasily go back and brush up on concepts at anytimeduring the course.CUSTOM STUDY PLANSMentors create a custom study plan tailored tolearners’ needs. This plan keeps track of progresstoward learner goals.PROGRESS TRACKERPersonalized milestone reminders help learners stayon track and focused as they work to complete theirNanodegree program.Learn More at WWW.UDACITY.COM/ENTERPRISEENTERPRISE SECURIT Y
Learn with the BestMilind AdariJerry SmithSECURIT Y ENGINEERI N F O R M AT I O N S E C U R I T YENGINEERMilind Adari is a Security Engineer atThe Associated Press and an AdjunctInstructor at Columbia University. He isresponsible for protecting journalists allaround the world from malicious threatactors and state-sponsored attacks,all while educating students andprofessionals in cybersecurity.Vamsee KandimallaC Y B E R S E C U R I T Y A R C H I T E C T,HE AD OF PRODUC T TECHNOLOGYVamsee has wide-ranging securityexperience, including in sectors suchas defense, consumer electronics,and automotive. He studied electricalengineering, then focused on cybersecurityduring graduate school at Carnegie Mellon.He enjoys working on the latest technologiesand high-impact solutions.4Jerry is a member of the SecurityOperations Center for the Universityof Alabama at Birmingham, wherehe is the Lead Threat Hunter anda member of the firewall team.Previously he was an InformationSecurity Engineer for HibbettSporting Goods.Christine Izuakor,PhD, CISSPF O U N D E R & C E O, C Y B E R P O P - U PDr. Christine Izuakor is the CEO of CyberPop-up, an on-demand cybersecurityplatform powered by vetted cyberfreelancers. She has over a decadeof experience leading cybersecurityfunctions within Fortune 100 companiesand has her PhD in Security Engineering.THE SCHOOL OF C YBERSECURIT Y
Nanodegree Program OverviewCourse 1: Enterprise Perimeter andNetwork SecurityThis course is designed to take you through the perspective of an enterprise and how they design asecure network architecture. The topics in this course will cover current enterprise perimeter and networksecurity, network security architecture, building an enterprise network, continuous monitoring with aSIEM, and Zero Trust.ProjectSecuring the PerimeterStudents will get hands-on experience in building a secure enterprise network. They will segment thenetwork across different security topologies and employ the principle of least privilege to restrict accessacross the various segmentations. Students will then build a VPN to access the enterprise networkfrom a remote location, then set up a SIEM and a web server. Students will monitor web server logs andbuild alerts to help identify security incidents. Students will then write incident response playbooks forcertain attack scenarios. Lastly, students will design a Zero Trust model and write a comparative analysisbetween current network architecture and Zero Trust.5THE SCHOOL OF C YBERSECURIT Y
Nanodegree Program OverviewLESSON TITLELEARNING OUTCOMESNETWORKSECURITYARCHITECTURE Identify weaknesses in network topologies Design the placement of security devices in an enterprise network Use the SABSA framework to align enterprise business andBUILDING ANENTERPRISENETWORK Connect from public to private network over a NAT gateway Partition a virtual network into multiple segments Build a VPN solution to connect to an enterprise networkCONTINUOUSMONITORING WITHA SIEM Deploy a SIEM Set up alerts and monitor traffic Build an Incident Response PlaybookZERO TRUST Define the principles of Zero Trust Identify key components in Zero Trust architecture Design a Zero Trust modelLearn More at WWW.UDACITY.COM/ENTERPRISEsecurity needsENTERPRISE SECURIT Y
Nanodegree Program OverviewCourse 2: Enterprise Endpoint SecurityWith data being a core driver of today’s growth and the number of devices increasing, businesses haveseen a rise in the number of types of endpoints. These factors make enterprise endpoint securitymore difficult since there are more potential vulnerable channels of cyberattack, and they have beencompounded by remote work and the growing number of connected devices (i.e. mobile phones, tablets,etc). Moreover, 89% of security leaders believe that mobile devices will serve as your digital ID to accessenterprise services and data. This course covers best practices for safeguarding the data and workflowsassociated with the individual devices that connect to your enterprise network.ProjectFedF1rst Security AssessmentYou are a security engineer for Fed F1rst Control Systems. Fed F1rst has recently spun out of a largerorganization into a stand-alone company. You have been tasked with implementing the endpoint portionof the organization’s security policy.The tasks that follow represent real tasks that would be performed on a scheduled and on an as-neededbasis (for instance, server hardening is typically performed upon installation). You will recommendhardening strategies on a Windows 10 desktop as well as a Windows 2016 server. In the exercises youperformed during the course, you performed these tasks on a CentOS Linux server. Those skills will comein handy here.Next, you will create several security policies for the organization. As with hardening, you also performedthis activity, but for different areas of the Information Technology department areas during the course.Additionally, you will create build sheets for Windows and Linux cloud servers using the knowledge youhave gained throughout the course.Finally, you will conduct a subset of a server self-assessment that is common during pre-work forcompliance audits.7THE SCHOOL OF C YBERSECURIT Y
Nanodegree Program OverviewLESSON TITLESYSTEMHARDENINGLEARNING OUTCOMES Identify Assets in an Organization Recommend mitigation of discovered vulnerabilities Recommend hardening strategy for commonly usedoperating systems Recommend a security configuration for IoT and Control SystemsPOLICIES ANDCOMPLIANCECLOUDMANAGEMENTLearn More at WWW.UDACITY.COM/ENTERPRISE Define BYOD StrategyCreate an NDA PolicyConduct a compliance self-assessmentCreate a remote work policy Recommend a public access configuration strategy Recommend a configuration for cloud broker Recommend a management solution for cloud deploymentsENTERPRISE SECURIT Y
Nanodegree Program OverviewCourse 3: Enterprise Wide Application SecurityApplication security is a critical part of any enterprise security plan. Similar to the application securitycourse in the Security Engineer Nanodegree, we will be covering how to perform a threat assessment butwill get more granular by doing threat modeling and looking at how to harden applications. This course willteach students mitigation and defensive strategies in an application software development lifecycle. Thefocus will be on covering how enterprises bake security into their lifecycle by shifting security left and thedifferent ways they enhance their security posture across on prem, cloud, containers, and APIs.ProjectCryptoV4ULT Enterprise SecurityAssessmentIn this project, the students are the lead security engineers for a newly released application. Theapplications backend has recently stood up a new infrastructure to offer new features to its base of over 1million users. Students will be tasked with reviewing the security for this new application technology stackand helping identify areas of concern with threat models. After pinpointing vulnerabilities, students willrun scans against the enterprise application and attempt to exploit these potential issues.Students’ scope includes a variety of entities within the architecture, such as the application itself, thecontainers running services, and the external-facing API. Finally, students will create a remediation plan tohelp prevent these vulnerabilities and harden your existing security standards.9LESSON TITLELEARNING OUTCOMESDESIGNING SECURITYARCHITECTURE Identify all steps of enterprise DevSecOps Plan all stages of the SDLC lifecycle Design security architecture with specific constraintsTHE SCHOOL OF C YBERSECURIT Y
Nanodegree Program OverviewLESSON TITLELEARNING OUTCOMESTHREAT HUNTING Conduct threat modeling to identify architecture vulnerabilities Exploit vulnerabilities to prove they exist Run industry-standard application vulnerability scanners withNessus Create pen-testing roadmap to secure solutionsCONTAINERVULNERABILITIES Scan containers to identify vulnerabilities Research container vulnerabilities Create plans to mitigate container vulnerabilitiesAPI VULNERABILITIES Identify coding vulnerabilities in APIs Research coding vulnerabilities in APIs Mitigate coding vulnerabilities in APIsLearn More at WWW.UDACITY.COM/ENTERPRISEENTERPRISE SECURIT Y
Nanodegree Program OverviewCourse 4: Enterprise Data SecurityCyber threats continue to evolve and grow, and each day we are reminded that all it takes is one lucky strikefor a malicious hacker to breach a company.On the other hand, cybersecurity professionals have to try and get it right every time to protect a companyfrom breaches. This means that tackling cyber risk requires a very strategic approach and it starts withsecuring one of the greatest assets within the enterprise — data.To begin mastering data security, during this course we’ll start by exploring the concept of data governanceso that students can build the foundation for understanding, classifying, and protecting data. Studentslearn to navigate the variety of compliance regulations that apply to data security and create policies thatprevent unauthorized disclosure of information.In the bulk of the course, students focus on protecting confidentiality, integrity, and availability of datathrough concepts like encryption, auditing, file integrity monitoring, and back-up strategy.ProjectData Security Analysis in OnlinePayment ProcessingIn this project, students will apply the skills they have acquired in this security course to ensuredata security.Students will be provided a realistic case study, company profile, and resource database. They’ll workto classify data and justify which regulations apply to the data. They’ll use post-breach evidence toperform a file integrity monitoring audit and determine if integrity was impacted. Students will also makerecommendations for ensuring data integrity in the future, such as creating a data security policy, mappingout a data storage architecture and new encryption plan based on the data types, and establishing abackup and recovery policy and testing it to protect the company in the future. The deliverable will be anenterprise data security update delivered to the executive team detailing the security program establishedwithin the enterprise. The final implementation of the project will showcase students’ data securitymanagement skills, including their ability to make and justify recommendations to key stakeholders andimplement changes.11THE SCHOOL OF C YBERSECURIT Y
Nanodegree Program OverviewLESSON TITLELEARNING OUTCOMES Justify which compliance regulations apply to the data of yourbusiness or industryDATAGOVERNANCE Build data security policy to address compliance requirementsDetermine typical compliance requirements with standard regulationsDistinguish appropriate regulations for each data typeAnalyze enterprise data in order to classify data types based on risk.Design information rights management policies to prevent intellectualproperty theft and stop unauthorized file sharing and editing Analyze enterprise data in order to classify data types based on risk. Apply the appropriate encryption system for enterprise data at restand data in transitDATACONFIDENTIALITY Demonstrate encryption of data Identify and distinguish methods for determining the right encryptionsolution for data at rest and data in transit Analyze and distinguish encryption types, applications, andfundamentals (cert authority, PKI, key management) Implement data protection and auditing controls that ensure dataintegrity across the organization Map out a data storage architecture that supports data integrityDATA INTEGRITYand security Conduct an audit to confirm compliance with key security controlsDistinguish major types of auditExecute hashing in order to confirm data integrityApply the principles of identity and access management Establish a backup and recovery solution for critical systems acrossthe organizationDATAAVAILABILITY Learn More at WWW.UDACITY.COM/ENTERPRISECreate a disaster recovery planRun a back-up and restore test in the cloudBuild a backup and recovery strategyJustify what data to back upDistinguish backup and recovery best practice methodsENTERPRISE SECURIT Y
Our Nanodegree Programs Include:13Pre-AssessmentsDashboard & Progress ReportsOur in-depth workforce assessmentsidentify your team’s current level ofknowledge in key areas. Results are used togenerate custom learning paths designedto equip your workforce with the mostapplicable skill sets.Our interactive dashboard (enterprisemanagement console) allows administratorsto manage employee onboarding, trackcourse progress, perform bulk enrollmentsand more.Industry Validation & ReviewsReal World Hands-on ProjectsLearners’ progress and subject knowledgeis tested and validated by industry expertsand leaders from our advisory board. Thesein-depth reviews ensure your teams haveachieved competency.Through a series of rigorous, real-worldprojects, your employees learn andapply new techniques, analyze results,and produce actionable insights. Projectportfolios demonstrate learners’ growingproficiency and subject mastery.THE SCHOOL OF C YBERSECURIT Y
Our Review ProcessReal-life Reviewers for Real-life ProjectsReal-world projects are at the core of our Nanodegree programsbecause hands-on learning is the best way to master a new skill.Receiving relevant feedback from an industry expert is a critical partof that learning process, and infinitely more useful than that frompeers or automated grading systems. Udacity has a network of over900 experienced project reviewers who provide personalized andtimely feedback to help all learners succeed.VaibhavUDACITY LEARNER“I never felt overwhelmed while pursuing theNanodegree program due to the valuable supportof the reviewers, and now I am more confident inconverting my ideas to reality.”now atAll Learners Benefit From:Line-by-line feedbackfor coding projectsCODING VISIONS INFOTECHIndustry tips andbest practicesUnlimited submissionsand feedback loopsAdvice on additionalresources to research Go through the lessons and work on the projects that followHow it Works Get help from your technical mentor, if neededReal-world projects areintegrated within theclassroom experience,making for a seamlessreview process flow. Submit your project work Receive personalized feedback from the reviewer If the submission is not satisfactory, resubmit your project Continue submitting and receiving feedback from the revieweruntil you successfully complete your projectAbout our Project ReviewersOur expert project reviewers are evaluated against the highest standards and graded based on learners’ progress.Here’s how they measure up to ensure your success.900 1.8M34.85/5Expert ProjectReviewersProjects ReviewedHours AverageTurnaroundAverage ReviewerRatingYou can resubmit yourproject on the sameday for additionalfeedback.Our learners love thequality of the feedbackthey receive from ourexperienced reviewers.Are hand-pickedto provide detailedfeedback on yourproject submissions.Our reviewers haveextensive experiencein guiding learnersthrough their courseprojects.Learn More at WWW.UDACITY.COM/ENTERPRISEENTERPRISE SECURIT Y
Udacity 20212440 W El Camino Real, #101Mountain View, CA 94040, USA - HQFor more information visit: www.udacity.com/enterprise
network security best practices to monitor and control network traffic into an enterprise Develop an asset and patch management to increase security posture of endpoints Design a security baseline for application development as well conduct an internal application security assessment consisting of threat modeling, vulnerability scanning, and
