Security School Course Catalog from

A catalog of our free online security courses led by information security experts on popular security topics.

This Content Component encountered an error Security SchoolWelcome to's Security School Course Catalog. We offer a variety of free online information security training courses you can take on your own time at your own pace. These lessons, many of which feature full-length video seminars, arm you with the foundational and tactical information you need to keep your organization compliant and secure.

Select a course from the options below and get started today!

Featured lesson

Diana Kelley, SecurityCurveArchitectural considerations for enterprise antimalware deployments
Early antivirus products were host-based agents that used basic signature detection to scan hard drives for malicious code. Today’s antimalware is more sophisticated with enterprises operating not only within the network perimeter, but on mobile devices and in the cloud. In this lesson, you’ll learn how to effectively architect antimalware systems for your enterprise.
Featuring Diana Kelley, partner, SecurityCurve

More lessons

Cloud Security School
In this school, brought to you by, the industry's foremost cloud security experts explain how to securely take advantage of the flexible infrastructure models and lower operating costs that make the cloud an attractive alternative for many enterprise IT organizations.

 Joseph GrannemanUnderstanding cloud-specific security technologies
How to understand and when to use traditional vs. cloud-specific security products.
Featuring Joseph Granneman, MBA, CISSP
Diana Kelley, SecurityCurveCloud application security best practices
How to secure cloud applications, especially in a PaaS environment.
Featuring Diana Kelley, partner, SecurityCurve

Phil CoxIAM control in the cloud
IAM policy, process and technology options for the cloud.
Featuring Phil Cox, former partner, SystemExperts


Data Protection Security School
In this school, provides information security professionals with the tools and tactics they need to successfully secure data throughout the enterprise, whether in motion or at rest. Examine our catalog of lessons below.

Aaron TurneySecurity visibility: Honestly assessing your security posture
NEW Using technology to build a centralized collection of security intelligence.
Featuring Aaron Turner, co-founder, N4Struct

 Mike ChappleNetwork content monitoring must-haves
Focusing on what matters when investing in network content protection.
Featuring Mike Chapple, technical editor,

David SherryRealigning your data protection priorities
Re-prioritizing to thwart the theft of credentials and attackers who want them.
Featuring David Sherry, CISO, Brown University

Andreas AntonopoulosWatching the watchers
Monitoring trusted insiders with process, policy & technology.
Featuring Andreas Antonopoulos, senior VP, Nemertes Research

Lisa PhiferMobile device policy: How to prevent data theft
Lock down smartphones to prevent sensitive data leakage.
Featuring Lisa Phifer, owner, Core Competence Inc.

Andreas AntonopoulosLocking down database applications
Secure database apps via roles and privileges. 
Featuring Andreas Antonopoulos, senior VP, Nemertes Research

Diana KelleyHow to build secure applications
Build security into the app-dev lifecycle.
Featuring Diana Kelley, partner, SecurityCurve

David SherryMitigating Web 2.0 threats
How cloud computing and social networking threaten enterprise data integrity.
Featuring David Sherry, CISO, Brown University

Rich MogullData loss prevention
How to protect intellectual data and implement DLP policies.
Featuring Rich Mogull, founder, Securosis LLC

Frank LagorioE-discovery and security in the enterprise
FCRP, ESI and litigation preparation in the context of information security.
Featuring Frank Lagorio, JD, principal analyst, Contoural Inc.

Rich MogullDatabase defenses for a new era of threats
Defending databases against today's emerging and ever-present threats.
Featuring Rich Mogull, founder, Securosis LLC

Russell L. JonesExecuting a data governance strategy
Implementing a data governance strategy amid disparate corporate data.
Featuring Russell L. Jones, partner AERS - Security & Privacy Services, Deloitte & Touche

Tom BowersData encryption demystified
What to encrypt, how to encrypt it and other key considerations.
Featuring Tom Bowers, managing director, Security Constructs

Richard BejtlichPreventing data leaks
Policies and processes to contain threats from within.
Featuring Richard Bejtlich, founder, Tao Security

Perry CarpenterEnterprise strategies for protecting data at rest
Storage-security synergies and e-discovery tactics.
Featuring Perry Carpenter, security practitioner, major telco firm


Intrusion Defense School
Putting the pieces of intrusion defense -- antivirus, antispyware, IDS/IPS, etc. -- in perspective to help you implement an intrusion defense strategy that meets your organization's needs. Examine our catalog of lessons below. 

Lenny ZeltserDeveloping a defense-in-depth strategy for malware defense
Inside the state of malware & building an effective antimalware program.
Featuring Lenny Zeltser, SANS instructor, noted author

Adrian LaneHow DAM can help detect and trace attacks
Learn effective DAM configurations to best detect and trace attacks.
Featuring Adrian Lane, CTO, Securosis LLC

Mike ChappleReinventing defense in depth
Explore key elements of successful layered security architecture.
Featuring Mike Chapple, University of Notre Dame

Dawn CappelliPractical strategies to mitigate insider threats
Learn about monitoring strategies for detection of insider threats.
Featuring Dawn Cappelli, senior member of technical staff, CERT

Beth QuinlanSecurity-related enhancements in Windows Server 2008
An inside look at the security features of Windows Server 2008.
Featuring Elizabeth Quinlan, consultant, HynesITe

Markus JakobssonAnatomy of an attack
Be prepared for crimeware, social engineering and sophisticated data-mining attacks.
Featuring Markus Jakobsson, principal scientist, Palo Alto Research Center

Lenny ZeltserThe new threat landscape: Defending against next-gen attacks
Thwart sophisticated attacks featuring custom rootkits, Trojans and malware.
Featuring Lenny Zeltser, SANS instructor, noted author

Peter GregoryIntrusion defense in the era of Windows Vista
Preparing for Vista's unique intrusion defense challenges.
Featuring Peter Gregory, author and infosec practitioner

Tom BowersSecurity information management systems
How information/event management can improve defense posture.
Featuring Tom Bowers, managing director, Security Constructs

Michael CobbWeb attack prevention and defense 
Checklists and best practices for Web server hardening, testing and monitoring.
Featuring Michael Cobb, managing director, Cobweb Applications Ltd.

Getting started with perimeter defense
Discover what you may not know about intrusion defense.

Network perimeter security
Getting started with perimeter-based intrusion defense.

ROI of intrusion defense
Getting management buy-in and making smart technology choices.

Network content security
Antivirus and antispyware from architectural and technological perspectives.

Defense beyond the network perimeter
Defending a perimeterless network.

Joel SnyderFeatured instructor
Joel Snyder, senior partner, Opus One
Snyder has worked in information security for 30 years.


Compliance School
A comprehensive look at ongoing information security compliance issues, regulations and practices. Examine our catalog of lessons below. 

Eric Holmquist Compliance metrics: Building a compliance scorecard
NEW How to build a compliance scorecard that makes sense to executives. 
Featuring Eric Holmquist, president of Holmquist Advisory.

Anton Chuvakin How to pass a PCI assessment
How to make PCI compliance a continuous process.
Featuring Anton Chuvakin, principal of Security Warrior Consulting.

Richard E. Mackey Jr. Compliance-driven role management
Integrate role and entitlement management with compliance processes.
Featuring Richard E. Mackey Jr., vice president, SystemExperts

 David Mortman Virtualization: Balancing emerging technology with existing demands
How to secure a virtualized environment and making sure it's compliant. 
Featuring David Mortman, CSO-in-Residence for Echelon One.

Eric Holmquist Automated compliance in the enterprise
How to make compliance logging and documentation responsibilities easier. 
Featuring Eric Holmquist, president of Holmquist Advisory

Richard E. Mackey Jr.
How to meet HIPAA compliance requirements
Do you have policies in place to pass a HIPAA audit?
Featuring Richard E. Mackey Jr., vice president, SystemExperts

Richard E. Mackey Jr.
Building a risk-based compliance program
Mitigate risks using standards, frameworks and end-user strategies.
Featuring Richard E. Mackey, vice president, SystemExperts

Diana Kelley
PCI DSS compliance: Two years later
Breaking down PCI DSS struggles to protect cardholder data.
Featuring Diana Kelley, vice president, Burton Group

Trent Henry
Must-have compliance technologies
Emerging and battle-tested technologies that really work.
Featuring Trent Henry, senior analyst, Burton Group

Ensuring compliance across the extended enterprise
SLAs and best practices for partners and providers.

Compliance improvement: Get better as you go forward
Mixing technology, governance and policy for continuous process improvement.

Gauging your SOX progress
Understanding the various SOX-related security standards; SOX Scorecard.

SOX compliance basics: Taking action
SOX goals, COSO and COBIT, audits, provisioning, vulnerability management, and responsibilities.

Understanding compliance-related technology
SOX product requirements, validity and usage.

Richard E. Mackey Jr.
Featured instructor
Richard Mackey, ISACA, CISM, vice president, SystemExperts


UK Security School
In this school, produced in partnership with, students receive in-depth instruction on topics related to information security at organisations in the United Kingdom and Europe.

Ben ChaiVirtualisation security for enterprise servers
NEW Learn processes for implementing server virtualisation securely.
Featuring Ben Chai, Founding Director, Incoming Thought Limited


Identity and Access Management Services, Systems and Technologies Security School
Explores critical topics to help establish and maintain an effective enterprise identity and access management plan. Examine our catalog of lessons below.

Mark DiodatiThe new school of enterprise authentication
Exploring technologies that redefine successful enterprise authentication.
Featuring Mark Diodati, identity/privacy analyst, Burton Group

Mark DiodatiFuture authentication technologies: How to choose the right product
Innovative, cost-effective user authentication approaches.
Featuring Mark Diodati, identity/privacy analyst, Burton Group

Tom BowersUsing IAM, password and provisioning management tools for compliance
Provisioning and password management tools that save money, ease complexity.
Featuring Tom Bowers, managing director, Security Constructs

Ben RothkeEndpoint security protection: Polices for endpoint control
Endpoint defense tactics, policy controls and technology futures.
Featuring Ben Rothke, CISSP

Lisa PhiferVPNs and remote access: Secure deployment, setup and strategies
Innovations in VPN technology, including IPsec VPN identity and authentication.
Featuring Lisa Phifer, vice president, Core Competence Inc.

Laura HunterAutomated provisioing of hardware and Active Directory
Leverage directory services, policies and Active Directory automated provisioning.
Featuring Laura Hunter, CISSP, MCSE: Security, MCDBA, Microsoft MVP

Richard E. Mackey Jr.How to build an identity and access management architecture
Foundational IAM, from the role of directories to effective approval workflows.
Featuring Richard E. Mackey Jr., ISACA, CISM, SystemsExperts

Tom BowersSecure user authentication: Regulations, implementation and methods
Authentication basics and developing an implementation strategy.
Featuring Tom Bowers, managing director, Security Constructs

Mike RothmanBuilding network security: Evolution and vendor consolidation
A look behind the network/security evolution and how to harness it.
Featuring Mike Rothman, president, Security Incite


Integration of Networking and Security School
In this school, and offer you an in-depth look at how security-related and networking-related teams, products and processes are affecting enterprise network security. View our catalog of lessons below.

Lisa PhiferStrengthening policies for endpoint control
NEW Strategies, policies, practices and tools to rein in unruly endpoints.
Featuring Lisa Phifer, president, Core Competence Inc.

Jennifer JabbuschHow IDS/IPS enables business objectives
Map key network security technologies and practices to business needs.
Featuring Jennifer Jabbusch, CISO with Carolina Advanced Digital Inc.

Diana KelleyApplication log management program planning
Enable an application log management program for security and compliance. 
Featuring Diana Kelley, partner with consulting firm SecurityCurve.

Cory ScottSecuring the application layer
Identifying and defending against the most common application layer threats.
Featuring Cory Scott, regional consulting director, Matasano Security.

Mike ChappleBack to basics: Endpoint security on a budget
Identifying and executing on key elements to secure devices and protect data.
Featuring Mike Chapple, University of Notre Dame
Adrian LaneGetting the most out of your SIM deployment
How to get only the most relevant data from your SIM product
Featuring Adrian Lane, senior security strategist, Securosis

Mike ChappleUsing NAC to create a strong endpoint security strategy
NAC fundamentals and guidelines for implementation and policy management.
Featuring Mike Chapple, University of Notre Dame

Sasan HamidiMarrying security and network management
SIMs, performance management, anomaly detection and NOC/SOC integration.
Featuring Sasan Hamidi, CISO, Interval International

John BurkeSecuring the converged infrastructure
Staying secure while integrating email, IM, video, VoIP and voice messaging.
Featuring John Burke, principal research analyst, Nemertes Research

Dave PiscitelloIntegrating security and network fabric
Discovering how the network infrastructure can meet security needs.
Featuring David Piscitello, president, Core Competence Inc.

Michael CobbUsing the network to secure the application layer
Protecting Layer 7 with new and existing network assets.
Featuring Michael Cobb, managing director, Cobweb Applications

Joel SnyderLocking down the endpoint: How network access control (NAC) can boost host security
The latest endpoint options for network security.
Featuring Joel Snyder, senior partner, Opus One

David StromSecuring your first remote office: Solutions for less than $10k
Securing data and devices beyond corporate headquarters.
Featuring David Strom, noted network security expert/writer/speaker

Lisa PhiferFitting security into your network
The convergence of NAC and SSL VPN concepts.
Featuring Lisa Phifer, vice president, Core Competence Inc.

Lisa PhiferMitigating wireless security threats
Protecting the over-the-air network.
Featuring Lisa Phifer, vice president, Core Competence Inc.


Messaging Security School
In this school, learn strategies and techniques for keeping email, IM and mobile device messaging systems secure. View our catalog of lessons below.  

Sandra Kay MillerCounterintelligence strategies for a new era of threats
Spear phishing, mail-borne Trojans, webmail protection and more.
Featuring Sandra Kay Miller, technical editor, Information Security

Michael CobbSpam 2.0: New threats and new strategies
Mitigation techniques for the new wave of spam-related threats.
Featuring Michael Cobb, managing director, Cobweb Applications

Lisa PhiferEssential practices for securing mobile devices
Locking down mobile platforms and thwarting emerging threats.
Featuring Lisa Phifer, vice president, Core Competence Inc.

Michael CobbSecure instant messaging
An IM security overview, plus the latest attacks and safe usage tips.
Featuring Michael Cobb, managing director, Cobweb Applications

Tom BowersCountermeasures for malicious email code
Learn how to thwart email malware and future email attacks.
Featuring Tom Bowers, managing director, Security Constructs

Lee BenjaminSecuring Microsoft Exchange
Protect Exchange 2003 from spam, malware and Web-based attacks.
Featuring Lee Benjamin, Microsoft MVP, ExchangeGuy Consulting

Joel SnyderEmail security tools, systems and threats
A review of email security basics.
Featuring Joel Snyder, senior partner, Opus One


Financial Information Security School
In this school, produced in partnership with, students receive in-depth instruction on topics related to information security at financial services firms. View our catalog of lessons below. 

Joel DubinBiometrics: Banking on secure identity management
Debunking the myths, integrating with Active Directory, and securing data.
Featuring Joel Dubin, CISSP, independent computer security consultant

Pete LindstromData leak prevention: Controlling financial services threats
Finding leaks, implementing the right tools and controlling insider threats
Featuring Pete Lindstrom, senior analyst, Burton Group


Wireless Security Lunchtime Learning Security School
Develop a thorough understanding of the network security risks posed by Wi-Fi and implement appropriate countermeasures. 

How to counter wireless threats and vulnerabilities
Business risks posed by wireless LANs and best practices for design and deployment.

How to build a secure wireless infrastructure
Wi-Fi security standards, WPA2 migration and using vLANs.

How to implement secure access
Wi-Fi access control on a budget; uses for 802.1x.

How to use wireless IDS/IPS
Introduction to wireless IDS/IPS, choosing sensors and fighting off attacks.

Lisa PhiferAbout the instructor
Featuring Lisa Phifer, vice president, Core Competence Inc.
Phifer has worked with network and security management products for more than two decades.


CISSP Certification Training School
Benefit from a series of 10 training lessons that explore the fundamental concepts, technologies and practices of information systems security. Each lesson corresponds to a subject domain in the exam's "Common Body of Knowledge" -- the essential elements each CISSP-certified practitioner must know. 

Lesson/Domain 1: Security management practices
Security management responsibilities and the core components of security management.

Lesson/Domain 2: Access control
Identification methods and technologies, biometrics and more.

Lesson/Domain 3: Cryptography
Cryptographic components and their relationships, and government involvement in cryptography.

Lesson/Domain 4: Security models and architecture
Outlining how security is to be implemented, and the framework and structure of a security system.

Lesson/Domain 5: Telecommunications and networking
How networks work, how data is transmitted from one device to another, and how protocols transmit information.

Lesson/Domain 6: Applications and system development
Different types of software controls and implementations, change-control methods and more.

Lesson/Domain 7: Business continuity
Critical aspects of availability, including business continuity planning and disaster recovery.

Lesson/Domain 8: Law, investigations and ethics
Computer crime investigation processes and evidence collection; incident-handling procedures.

Lesson/Domain 9: Physical security
Administrative, technical and physical controls pertaining to physical security.

Lesson/Domain 10: Operations security
Administrative and management responsibilities, product evaluation and operational assurance and change-configuration management.

Shon HarrisAbout the instructor
Featuring Shon Harris, president, Logical Security
Harris specializes in security education and training, and has authored two best-selling CISSP training manuals.



This was first published in March 2011

Dig deeper on Information Security Jobs and Training



Enjoy the benefits of Pro+ membership, learn more and join.



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: