In the last lesson, you learned the importance of the CIA triad and risk assessment and management. Because data is such an important asset to an organization, many of these same concepts will need to be applied to it as well. As data needs become more critical and the need to access it even more real time, it has become even more difficult to protect it. Organizations have always needed to protect their physical data assets and now they need to protect their logical data assets as well. Additionally, your users are no longer willing to exclusively work at their desk; they want whenever, wherever access. This means protecting data on more devices in more places than ever before. Companies need to consider all the places they store and transmit data and look for ways to protect it.

Now that you understand the relationship between assets, risks, and security, you can start to design cybersecurity for your organization.

In the last lesson, you learned about mitigation against vulnerabilities in system components, multiple architectures, and physical security. Many of those topics are pervasive in the CISSP® material, and you will see many of them throughout the course. Topics like defense in depth, cryptography, and network design will present themselves in regards to communication and network security as well. The network is changing, which means additional security measures are necessary. Voice and video are now delivered across the network, where before those were separate networks. Because the network has become such an important part of the business, protecting it has become critical. In this lesson, you will learn about security for your network systems.

A large part of maintaining the confidentiality, integrity, and availability of your data and your systems depends on identity and access control. By properly identifying the user or systems that are trying to gain access, you can determine how much, if any, control to grant them. This keeps unwanted entities out of your systems, while ensuring that the proper entities have exactly what they need, and no more. In this lesson, you will learn about identity and access management.

Now that you have an awareness of the importance of identification and access management, you will learn the importance of security assessments and testing to verify the security of your organization. It is only when you have done a thorough risk assessment of both your physical and logical assets that you can begin the work of protecting the organization. This lesson will delve further into vulnerability assessments, penetration testing, log reviews, all around testing, and validating your security.

Security operations is a concept that encompasses two basic ideas: to ensure that day-to-day activities that support the business are protected against risk and to deeply integrate security processes within those activities. Recognizing the importance of both of these ideas is a necessary step in ensuring the organization functions without any impairment. In this lesson, you will learn about the integral link between security and your day-to-day business operations.

In the last lesson, you learned about security operations. Many organizations not only manage their network infrastructure and systems, but also develop software. This can be for in-house use, or to sell to customers. In this final lesson, you will learn about developing software securely.

You'll wrap things up and then validate what you've learned in this course by taking an assessment.