Skip to main content

[Completed] Professional Google Cybersecurity Specialization C5/8; assets, threats, and vulnerabilities

Introduction to Course 5

What do you picture when you think about the security field? This might make you think of...

Course 5 overview

Hello, and welcome to Assets, Threats, and Vulnerabilities, the fifth course in the Google Cybers...

Da'Queshia: My path to cybersecurity

Hi. My name is Da'Queshia. I'm a security engineer. That basically means I work securing Go...

Understand risks, threats, and vulnerabilities

When security events occur, you’ll need to work in close coordination with others to address the ...

Tri: Life in asset security

I'm Tri, a security engineer at Google. My department is Detection and Response. Let's see,...

Security starts with asset classification

It can be really stressful when you have trouble finding something important. You're late...

Common classification requirements

Asset management is the process of tracking assets and the risks that affect them. The idea behin...

The emergence of cloud security

One of the most significant technology developments this century has been the emergence of cloud ...

Elements of a security plan

Security is all about people, processes, and technology. It's a team effort, and I mean t...

The NIST Cybersecurity Framework

Having a plan is just one part of securing assets. Once the plan is in action, the other ...

Security guidelines in action

Organizations often face an overwhelming amount of risk. Developing a security plan from the begi...

Wrap-up; terms and definitions from course 5, week 1

Well done! You made it to the end of this section! Being a security practitioner takes co...

Welcome to week 2

I was fascinated by a world-wide malware event that happened in 2017. I started watching ...

Security controls

These days, information is in so many places at once. As a result, organizations are unde...

Principle of least privilege

Security controls are essential to keeping sensitive data private and safe. One of the most commo...

最小権限の原則

translated with "MixerBox translate" using chatgpt4 as i suck at reading japanese still im not su...

The data lifecycle

Organizations of all sizes handle a large amount of data that must be kept private. You learned t...

Information privacy: Regulations and compliance

Security and privacy have a close relationship. As you may recall, people have the right to contr...

Heather: The importance of protecting PII

Hello, my name is Heather and I'm the Vice President of Security Engineering at Goo...

Fundamentals of cryptography

The internet is an open, public system with a lot of data flowing through it. Even though...

Public key infrastructure PKI

Computers use a lot of encryption algorithms to send and store information online. They'r...

Symmetric and asymmetric encryption

Previously, you learned these terms:  Encryption: the process of converting data from a read...

Symmetric and asymmetric encryption

Previously, you learned these terms:  Encryption: the process of converting data f...

Non-repudiation and hashing

We've spent some time together exploring a couple forms of encryption. The two types we'v...

The evolution of hash functions

Hash functions are important controls that are part of every company's security strategy. Hashing...

Access controls and authentication systems

Protecting data is a fundamental feature of security controls. When it comes to keeping i...

The rise of SSO and MFA

Most companies help keep their data safely locked up behind authentication systems. Usernames and...

The mechanisms of authorization

Access is as much about authorization as it is about authentication. One of the most impo...

Why we audit user activity

Have you ever wondered if your employer is keeping a record of when you log into company sy...

Tim: Finding purpose in protecting assets

My name is Tim and I work on the Detection and Response team at Google. You can think of us as ...

Identity and access management

Security is more than simply combining processes and technologies to protect assets. Instead, sec...

Wrap-up; Terms and definitions from Course 5, Week 2

Our focus in this section was on a major theme of security: protecting assets. A large pa...

Welcome to week 3

Wow! We've covered a lot together! It's hard to believe we've reached the midpoint of thi...

Vulnerability management

For every asset that needs protecting, there are dozens of vulnerabilities.  Finding tho...

Defense in depth strategy

A layered defense is difficult to penetrate. When one barrier fails, another takes its pl...

Common vulnerabilities and exposures

We've discussed before that security is a team effort. Did you know the group extends wel...

The OWASP Top 10

To prepare for future risks, security professionals need to stay informed. Previously, you learne...

Open source intelligence

Cyber attacks can sometimes be prevented with the right information, which starts with knowing wh...

Vulnerability assessments

Our exploration of the vulnerability management process so far has been focused on a couple...

Approaches to vulnerability scanning

Previously, you learned about a vulnerability assessment, which is the internal review process of...

The importance of updates

At some point in time, you may have wondered, “Why do my devices constantly need updating?” For c...

Omad: My learning journey into cybersecurity

My name is Omad, I'm a corporate operations engineer at Google. All I do is solve problems. G...

Penetration testing

An effective security plan relies on regular testing to find an organization's weaknesses. Previo...

Protect all entry points

There's a wide range of vulnerabilities and systems that need to be found. Assessing thos...

Approach cybersecurity with an attacker mindset

Cybersecurity is a continuously changing field. It's a fast-paced environment where new threats a...

Types of threat actors

Anticipating attacks is an important skill you’ll need to be an effective security professional. ...

Niru: Adopt an attacker mindset

Hi, I'm Niru, and I lead the red team at Google. The red team at Google simulates attackers tha...

Pathways through defenses

To defend against attacks, organizations need to have more than just the understanding of t...

Fortify against brute force cyber attacks

Usernames and passwords are one of the most common and important security controls in use today. ...

Wrap-up; Terms and definitions from Course 5, Week 3

Here we are at the end of this section! Can you believe it? I had so much fun exploring t...

Welcome to week 4; threats and social engeneering

Here we are! The final section of the course. What are amazing job you've done so far! Pu...

The criminal art of persuasion

When you hear the word "cybercriminal", what comes to mind? You may imagine a hacker hunc...

Social engineering tactics

Social engineering attacks are a popular choice among threat actors. That’s because it’s often ea...

Phishing for information

Cybercriminals prefer attacks that do the most amount of damage with the least amount of ef...

Types of phishing

Phishing is one of the most common types of social engineering, which are manipulation techniques...

Malicious software

People and computers are very different from one another. There's one way that we're alik...

An introduction to malware

Previously, you learned that malware is software designed to harm devices or networks. Since its ...

The rise of cryptojacking

Malware has been around nearly as long as computers. In its earliest forms, it was used...

Cross-site scripting (XSS)

Previously, we explored a few types of malware. Whether it's installed on an individual c...

Exploitable gaps in databases

Let's keep exploring injection and attacks by investigating another common type of web ba...

Prevent injection attacks; SQL injection categories

Previously, you learned that Structured Query Language (SQL) is a programming language used to cr...

A proactive approach to security

Preparing for attacks is an important job that the entire security team is responsible for....

Chantelle: The value of diversity in cybersecurity

My name is Chantelle. I'm a Security Engineer here at Google, and I am part of the security...

PASTA: The Process for Attack Simulation and Threat Analysis

Let's finish exploring threat modelling by taking a look at real-world scenarios. This ti...

Traits of an effective threat model

Threat modeling is the process of identifying assets, their vulnerabilities, and how each is expo...

Wrap-up; terms and definitions from course 5, week 4

Managing threats is a major part of what security professionals do. In this part of the cou...

Terms and definitions from Course 5

Cybersecurity Glossary A Access controls: Security controls that manage access, authorization, ...

Course wrap-up

Congratulations on making it through the end of this course! I can hardly believe...
Back to top