[Completed] Professional Google Cybersecurity Specialization C5/8; assets, threats, and vulnerabilities
Introduction to Course 5
What do you picture when you think about the security field? This might make you think of...
Course 5 overview
Hello, and welcome to Assets, Threats, and Vulnerabilities, the fifth course in the Google Cybers...
Da'Queshia: My path to cybersecurity
Hi. My name is Da'Queshia. I'm a security engineer. That basically means I work securing Go...
Understand risks, threats, and vulnerabilities
When security events occur, you’ll need to work in close coordination with others to address the ...
Tri: Life in asset security
I'm Tri, a security engineer at Google. My department is Detection and Response. Let's see,...
Security starts with asset classification
It can be really stressful when you have trouble finding something important. You're late...
Common classification requirements
Asset management is the process of tracking assets and the risks that affect them. The idea behin...
The emergence of cloud security
One of the most significant technology developments this century has been the emergence of cloud ...
Elements of a security plan
Security is all about people, processes, and technology. It's a team effort, and I mean t...
The NIST Cybersecurity Framework
Having a plan is just one part of securing assets. Once the plan is in action, the other ...
Security guidelines in action
Organizations often face an overwhelming amount of risk. Developing a security plan from the begi...
Wrap-up; terms and definitions from course 5, week 1
Well done! You made it to the end of this section! Being a security practitioner takes co...
Welcome to week 2
I was fascinated by a world-wide malware event that happened in 2017. I started watching ...
Security controls
These days, information is in so many places at once. As a result, organizations are unde...
Principle of least privilege
Security controls are essential to keeping sensitive data private and safe. One of the most commo...
最小権限の原則
translated with "MixerBox translate" using chatgpt4 as i suck at reading japanese still im not su...
The data lifecycle
Organizations of all sizes handle a large amount of data that must be kept private. You learned t...
Information privacy: Regulations and compliance
Security and privacy have a close relationship. As you may recall, people have the right to contr...
Heather: The importance of protecting PII
Hello, my name is Heather and I'm the Vice President of Security Engineering at Goo...
Fundamentals of cryptography
The internet is an open, public system with a lot of data flowing through it. Even though...
Public key infrastructure PKI
Computers use a lot of encryption algorithms to send and store information online. They'r...
Symmetric and asymmetric encryption
Previously, you learned these terms: Encryption: the process of converting data from a read...
Symmetric and asymmetric encryption
Previously, you learned these terms: Encryption: the process of converting data f...
Non-repudiation and hashing
We've spent some time together exploring a couple forms of encryption. The two types we'v...
The evolution of hash functions
Hash functions are important controls that are part of every company's security strategy. Hashing...
Access controls and authentication systems
Protecting data is a fundamental feature of security controls. When it comes to keeping i...
The rise of SSO and MFA
Most companies help keep their data safely locked up behind authentication systems. Usernames and...
The mechanisms of authorization
Access is as much about authorization as it is about authentication. One of the most impo...
Why we audit user activity
Have you ever wondered if your employer is keeping a record of when you log into company sy...
Tim: Finding purpose in protecting assets
My name is Tim and I work on the Detection and Response team at Google. You can think of us as ...
Identity and access management
Security is more than simply combining processes and technologies to protect assets. Instead, sec...
Wrap-up; Terms and definitions from Course 5, Week 2
Our focus in this section was on a major theme of security: protecting assets. A large pa...
Welcome to week 3
Wow! We've covered a lot together! It's hard to believe we've reached the midpoint of thi...
Vulnerability management
For every asset that needs protecting, there are dozens of vulnerabilities. Finding tho...
Defense in depth strategy
A layered defense is difficult to penetrate. When one barrier fails, another takes its pl...
Common vulnerabilities and exposures
We've discussed before that security is a team effort. Did you know the group extends wel...
The OWASP Top 10
To prepare for future risks, security professionals need to stay informed. Previously, you learne...
Open source intelligence
Cyber attacks can sometimes be prevented with the right information, which starts with knowing wh...
Vulnerability assessments
Our exploration of the vulnerability management process so far has been focused on a couple...
Approaches to vulnerability scanning
Previously, you learned about a vulnerability assessment, which is the internal review process of...
The importance of updates
At some point in time, you may have wondered, “Why do my devices constantly need updating?” For c...
Omad: My learning journey into cybersecurity
My name is Omad, I'm a corporate operations engineer at Google. All I do is solve problems. G...
Penetration testing
An effective security plan relies on regular testing to find an organization's weaknesses. Previo...
Protect all entry points
There's a wide range of vulnerabilities and systems that need to be found. Assessing thos...
Approach cybersecurity with an attacker mindset
Cybersecurity is a continuously changing field. It's a fast-paced environment where new threats a...
Types of threat actors
Anticipating attacks is an important skill you’ll need to be an effective security professional. ...
Niru: Adopt an attacker mindset
Hi, I'm Niru, and I lead the red team at Google. The red team at Google simulates attackers tha...
Pathways through defenses
To defend against attacks, organizations need to have more than just the understanding of t...
Fortify against brute force cyber attacks
Usernames and passwords are one of the most common and important security controls in use today. ...
Wrap-up; Terms and definitions from Course 5, Week 3
Here we are at the end of this section! Can you believe it? I had so much fun exploring t...
Welcome to week 4; threats and social engeneering
Here we are! The final section of the course. What are amazing job you've done so far! Pu...
The criminal art of persuasion
When you hear the word "cybercriminal", what comes to mind? You may imagine a hacker hunc...
Social engineering tactics
Social engineering attacks are a popular choice among threat actors. That’s because it’s often ea...
Phishing for information
Cybercriminals prefer attacks that do the most amount of damage with the least amount of ef...
Types of phishing
Phishing is one of the most common types of social engineering, which are manipulation techniques...
Malicious software
People and computers are very different from one another. There's one way that we're alik...
An introduction to malware
Previously, you learned that malware is software designed to harm devices or networks. Since its ...
The rise of cryptojacking
Malware has been around nearly as long as computers. In its earliest forms, it was used...
Cross-site scripting (XSS)
Previously, we explored a few types of malware. Whether it's installed on an individual c...
Exploitable gaps in databases
Let's keep exploring injection and attacks by investigating another common type of web ba...
Prevent injection attacks; SQL injection categories
Previously, you learned that Structured Query Language (SQL) is a programming language used to cr...
A proactive approach to security
Preparing for attacks is an important job that the entire security team is responsible for....
Chantelle: The value of diversity in cybersecurity
My name is Chantelle. I'm a Security Engineer here at Google, and I am part of the security...
PASTA: The Process for Attack Simulation and Threat Analysis
Let's finish exploring threat modelling by taking a look at real-world scenarios. This ti...
Traits of an effective threat model
Threat modeling is the process of identifying assets, their vulnerabilities, and how each is expo...
Wrap-up; terms and definitions from course 5, week 4
Managing threats is a major part of what security professionals do. In this part of the cou...
Terms and definitions from Course 5
Cybersecurity Glossary A Access controls: Security controls that manage access, authorization, ...
Course wrap-up
Congratulations on making it through the end of this course! I can hardly believe...