Welcome to SearchSecurity.com's Security School Course Catalog. We offer a variety of free online information security training courses you can take on your own time at your own pace. These lessons, many of which feature full-length video seminars, arm you with the foundational and tactical information you need to keep your organization compliant and secure.

Select a course from the options below and get started today!

FEATURED LESSON 

Realigning your data protection priorities
In this Security School lesson, expert David Sherry explains how your organization should react to the way in which organized online criminals have shifted from coveting credit card numbers to identity information, and how to re-prioritize your data protection efforts to defend the information attackers want most.

Featuring David Sherry, chief information security officer, Brown University. 

 

MORE LESSONS 

Data Protection Security School
In this school, SearchSecurity.com provides information security professionals with the tools and tactics they need to successfully secure data throughout the enterprise, whether in motion or at rest. Examine our catalog of lessons below.

 

 Realigning your data protection priorities
NEW Re-prioritizing to thwart the theft of credentials and attackers who want them.
Featuring David Sherry, CISO, Brown University

Watching the watchers
NEW Monitoring trusted insiders with process, policy & technology.
Featuring Andreas Antonopoulos, senior VP, Nemertes Research

Mobile device policy: How to prevent data theft
NEW Lock down smartphones to prevent sensitive data leakage.
Featuring Lisa Phifer, owner, Core Competence Inc.

Locking down database applications
Secure database apps via roles and privileges. 
Featuring Andreas Antonopoulos, senior VP, Nemertes Research

How to build secure applications
Build security into the app-dev lifecycle.
Featuring Diana Kelley, partner, SecurityCurve

Mitigating Web 2.0 threats
How cloud computing and social networking threaten enterprise data integrity.
Featuring David Sherry, CISO, Brown University

Data loss prevention
How to protect intellectual data and implement DLP policies.
Featuring Rich Mogull, founder, Securosis LLC

E-discovery and security in the enterprise
FCRP, ESI and litigation preparation in the context of information security.
Featuring Frank Lagorio, JD, principal analyst, Contoural Inc.

Database defenses for a new era of threats
Defending databases against today's emerging and ever-present threats.
Featuring Rich Mogull, founder, Securosis LLC

Executing a data governance strategy
Implementing a data governance strategy amid disparate corporate data.
Featuring Russell L. Jones, partner AERS - Security & Privacy Services, Deloitte & Touche

Data encryption demystified
What to encrypt, how to encrypt it and other key considerations.
Featuring Tom Bowers, managing director, Security Constructs

Preventing data leaks
Policies and processes to contain threats from within.
Featuring Richard Bejtlich, founder, Tao Security

Enterprise strategies for protecting data at rest
Storage-security synergies and e-discovery tactics.
Featuring Perry Carpenter, security practitioner, major telco firm

 

Intrusion Defense School
Putting the pieces of intrusion defense -- antivirus, antispyware, IDS/IPS, etc. -- in perspective to help you implement an intrusion defense strategy that meets your organization's needs. Examine our catalog of lessons below. 

Developing a defense-in-depth strategy for malware defense
NEW Inside the state of malware & building an effective antimalware program.
Featuring Lenny Zeltser, SANS instructor, noted author

How DAM can help detect and trace attacks
Learn effective DAM configurations to best detect and trace attacks.
Featuring Adrian Lane, CTO, Securosis LLC

Reinventing defense in depth
Explore key elements of successful layered security architecture.
Featuring Mike Chapple, University of Notre Dame

Practical strategies to mitigate insider threats
Learn about monitoring strategies for detection of insider threats.
Featuring Dawn Cappelli, senior member of technical staff, CERT

Security-related enhancements in Windows Server 2008
An inside look at the security features of Windows Server 2008.
Featuring Elizabeth Quinlan, consultant, HynesITe

Anatomy of an attack
Be prepared for crimeware, social engineering and sophisticated data-mining attacks.
Featuring Markus Jakobsson, principal scientist, Palo Alto Research Center

The new threat landscape: Defending against next-gen attacks
Thwart sophisticated attacks featuring custom rootkits, Trojans and malware.
Featuring Lenny Zeltser, SANS instructor, noted author

Intrusion defense in the era of Windows Vista
Preparing for Vista's unique intrusion defense challenges.
Featuring Peter Gregory, author and infosec practitioner

Security information management systems
How information/event management can improve defense posture.
Featuring Tom Bowers, managing director, Security Constructs

Web attack prevention and defense 
Checklists and best practices for Web server hardening, testing and monitoring.
Featuring Michael Cobb, managing director, Cobweb Applications Ltd.
 

Getting started with perimeter defense
Discover what you may not know about intrusion defense.

Network perimeter security
Getting started with perimeter-based intrusion defense.

Network content security
Antivirus and antispyware from architectural and technological perspectives.

Defense beyond the network perimeter
Defending a perimeterless network.

Featured instructor
Joel Snyder, senior partner, Opus One
Snyder has worked in information security for 30 years.

 

Compliance School
A comprehensive look at ongoing information security compliance issues, regulations and practices. Examine our catalog of lessons below. 

Compliance metrics: Building a compliance scorecard
NEW How to build a compliance scorecard that makes sense to executives. 
Featuring Eric Holmquist, president of Holmquist Advisory.

How to pass a PCI assessment
How to make PCI compliance a continuous process.
Featuring Anton Chuvakin, principal of Security Warrior Consulting.

Compliance-driven role management
Integrate role and entitlement management with compliance processes.
Featuring Richard E. Mackey Jr., vice president, SystemExperts

  Virtualization: Balancing emerging technology with existing demands
How to secure a virtualized environment and making sure it's compliant. 
Featuring David Mortman, CSO-in-Residence for Echelon One.

 Automated compliance in the enterprise
How to make compliance logging and documentation responsibilities easier. 
Featuring Eric Holmquist, president of Holmquist Advisory

How to meet HIPAA compliance requirements
Do you have policies in place to pass a HIPAA audit?
Featuring Richard E. Mackey Jr., vice president, SystemExperts

Building a risk-based compliance program
Mitigate risks using standards, frameworks and end-user strategies.
Featuring Richard E. Mackey, vice president, SystemExperts

PCI DSS compliance: Two years later
Breaking down PCI DSS struggles to protect cardholder data.
Featuring Diana Kelley, vice president, Burton Group

Must-have compliance technologies
Emerging and battle-tested technologies that really work.
Featuring Trent Henry, senior analyst, Burton Group

Ensuring compliance across the extended enterprise
SLAs and best practices for partners and providers.

Compliance improvement: Get better as you go forward
Mixing technology, governance and policy for continuous process improvement.

Gauging your SOX progress
Understanding the various SOX-related security standards; SOX Scorecard.

SOX compliance basics: Taking action
SOX goals, COSO and COBIT, audits, provisioning, vulnerability management, and responsibilities.

Understanding compliance-related technology
SOX product requirements, validity and usage.

Featured instructor
Richard Mackey, ISACA, CISM, vice president, SystemExperts
 

 

UK Security School
In this school, produced in partnership with SearchSecurity.co.UK, students receive in-depth instruction on topics related to information security at organisations in the United Kingdom and Europe.

LESSONS:
Virtualisation security for enterprise servers
NEW Learn processes for implementing server virtualisation securely.
Featuring Ben Chai, Founding Director, Incoming Thought Limited

 

Identity and Access Management Services, Systems and Technologies Security School
Explores critical topics to help establish and maintain an effective enterprise identity and access management plan. Examine our catalog of lessons below.

The new school of enterprise authentication
Exploring technologies that redefine successful enterprise authentication.
Featuring Mark Diodati, identity/privacy analyst, Burton Group

Future authentication technologies: How to choose the right product
Innovative, cost-effective user authentication approaches.
Featuring Mark Diodati, identity/privacy analyst, Burton Group

Using IAM, password and provisioning management tools for compliance
Provisioning and password management tools that save money, ease complexity.
Featuring Tom Bowers, managing director, Security Constructs

Endpoint security protection: Polices for endpoint control
Endpoint defense tactics, policy controls and technology futures.
Featuring Ben Rothke, CISSP

VPNs and remote access: Secure deployment, setup and strategies
Innovations in VPN technology, including IPsec VPN identity and authentication.
Featuring Lisa Phifer, vice president, Core Competence Inc.

Automated provisioing of hardware and Active Directory
Leverage directory services, policies and Active Directory automated provisioning.
Featuring Laura Hunter, CISSP, MCSE: Security, MCDBA, Microsoft MVP

How to build an identity and access management architecture
Foundational IAM, from the role of directories to effective approval workflows.
Featuring Richard E. Mackey Jr., ISACA, CISM, SystemsExperts

Secure user authentication: Regulations, implementation and methods
Authentication basics and developing an implementation strategy.
Featuring Tom Bowers, managing director, Security Constructs

Building network security: Evolution and vendor consolidation
A look behind the network/security evolution and how to harness it.
Featuring Mike Rothman, president, Security Incite

 

Integration of Networking and Security School
In this school, SearchSecurity.com and SearchNetworking.com offer you an in-depth look at how security-related and networking-related teams, products and processes are affecting enterprise network security. View our catalog of lessons below.


Strengthening policies for endpoint control
NEW Strategies, policies, practices and tools to rein in unruly endpoints.
Featuring Lisa Phifer, president, Core Competence Inc.

How IDS/IPS enables business objectives
Map key network security technologies and practices to business needs.
Featuring Jennifer Jabbusch, CISO with Carolina Advanced Digital Inc.

Application log management program planning
Enable an application log management program for security and compliance. 
Featuring Diana Kelley, partner with consulting firm SecurityCurve.

Securing the application layer
Identifying and defending against the most common application layer threats.
Featuring Cory Scott, regional consulting director, Matasano Security.

Back to basics: Endpoint security on a budget
Identifying and executing on key elements to secure devices and protect data.
Featuring Mike Chapple, University of Notre Dame
 
Getting the most out of your SIM deployment
How to get only the most relevant data from your SIM product
Featuring Adrian Lane, senior security strategist, Securosis

Using NAC to create a strong endpoint security strategy
NAC fundamentals and guidelines for implementation and policy management.
Featuring Mike Chapple, University of Notre Dame

Marrying security and network management
SIMs, performance management, anomaly detection and NOC/SOC integration.
Featuring Sasan Hamidi, CISO, Interval International

Securing the converged infrastructure
Staying secure while integrating email, IM, video, VoIP and voice messaging.
Featuring John Burke, principal research analyst, Nemertes Research

Integrating security and network fabric
Discovering how the network infrastructure can meet security needs.
Featuring David Piscitello, president, Core Competence Inc.

Using the network to secure the application layer
Protecting Layer 7 with new and existing network assets.
Featuring Michael Cobb, managing director, Cobweb Applications

Locking down the endpoint: How network access control (NAC) can boost host security
The latest endpoint options for network security.
Featuring Joel Snyder, senior partner, Opus One

Securing your first remote office: Solutions for less than $10k
Securing data and devices beyond corporate headquarters.
Featuring David Strom, noted network security expert/writer/speaker

Fitting security into your network
The convergence of NAC and SSL VPN concepts.
Featuring Lisa Phifer, vice president, Core Competence Inc.

Mitigating wireless security threats
Protecting the over-the-air network.
Featuring Lisa Phifer, vice president, Core Competence Inc.

 

Messaging Security School
In this school, learn strategies and techniques for keeping email, IM and mobile device messaging systems secure. View our catalog of lessons below.  

Counterintelligence strategies for a new era of threats
Spear phishing, mail-borne Trojans, webmail protection and more.
Featuring Sandra Kay Miller, technical editor, Information Security

Spam 2.0: New threats and new strategies
Mitigation techniques for the new wave of spam-related threats.
Featuring Michael Cobb, managing director, Cobweb Applications

Essential practices for securing mobile devices
Locking down mobile platforms and thwarting emerging threats.
Featuring Lisa Phifer, vice president, Core Competence Inc.

Secure instant messaging
An IM security overview, plus the latest attacks and safe usage tips.
Featuring Michael Cobb, managing director, Cobweb Applications

Countermeasures for malicious email code
Learn how to thwart email malware and future email attacks.
Featuring Tom Bowers, managing director, Security Constructs

Securing Microsoft Exchange
Protect Exchange 2003 from spam, malware and Web-based attacks.
Featuring Lee Benjamin, Microsoft MVP, ExchangeGuy Consulting

Email security tools, systems and threats
A review of email security basics.
Featuring Joel Snyder, senior partner, Opus One

 

Financial Information Security School
In this school, produced in partnership with SearchFinancialSecurity.com, students receive in-depth instruction on topics related to information security at financial services firms. View our catalog of lessons below. 

Biometrics: Banking on secure identity management
Debunking the myths, integrating with Active Directory, and securing data.
Featuring Joel Dubin, CISSP, independent computer security consultant

Data leak prevention: Controlling financial services threats
Finding leaks, implementing the right tools and controlling insider threats
Featuring Pete Lindstrom, senior analyst, Burton Group

 

Cloud Security School
In this school, produced in partnership with SearchCloudSecurity.com, students receive in-depth instruction on topics related to information security in the cloud.

LESSONS:
Identity management and access control in the cloud
NEW Learn about IAM options for cloud computing models.
Featuring Phil Cox, Former Director of Security and Compliance, SystemExperts

Wireless Security Lunchtime Learning Security School
Develop a thorough understanding of the network security risks posed by Wi-Fi and implement appropriate countermeasures. 

How to counter wireless threats and vulnerabilities
Business risks posed by wireless LANs and best practices for design and deployment.

How to build a secure wireless infrastructure
Wi-Fi security standards, WPA2 migration and using vLANs.

How to implement secure access
Wi-Fi access control on a budget; uses for 802.1x.

How to use wireless IDS/IPS
Introduction to wireless IDS/IPS, choosing sensors and fighting off attacks.

About the instructor
Featuring Lisa Phifer, vice president, Core Competence Inc.
Phifer has worked with network and security management products for more than two decades.

 

CISSP Certification Training School
Benefit from a series of 10 training lessons that explore the fundamental concepts, technologies and practices of information systems security. Each lesson corresponds to a subject domain in the exam's "Common Body of Knowledge" -- the essential elements each CISSP-certified practitioner must know. 

Lesson/Domain 1: Security management practices
Security management responsibilities and the core components of security management.

Lesson/Domain 2: Access control
Identification methods and technologies, biometrics and more.

Lesson/Domain 3: Cryptography
Cryptographic components and their relationships, and government involvement in cryptography.

Lesson/Domain 4: Security models and architecture
Outlining how security is to be implemented, and the framework and structure of a security system.

Lesson/Domain 5: Telecommunications and networking
How networks work, how data is transmitted from one device to another, and how protocols transmit information.

Lesson/Domain 6: Applications and system development
Different types of software controls and implementations, change-control methods and more.

Lesson/Domain 7: Business continuity
Critical aspects of availability, including business continuity planning and disaster recovery.

Lesson/Domain 8: Law, investigations and ethics
Computer crime investigation processes and evidence collection; incident-handling procedures.

Lesson/Domain 9: Physical security
Administrative, technical and physical controls pertaining to physical security.

Lesson/Domain 10: Operations security
Administrative and management responsibilities, product evaluation and operational assurance and change-configuration management.

About the instructor
Featuring Shon Harris, president, Logical Security
Harris specializes in security education and training, and has authored two best-selling CISSP training manuals.