IT Professional Curricula     Tech & Dev Essentials     Certified Information Systems Security Professional     Certified Information Systems Security Professional (CISSP) 2018

---

Explore the domain of security assessment, design, and mitigation for web-based, mobile, and embedded systems. This course will start by examining common web-based attacks, such as SQL injection, cross-site scripting (XSS), cross-site request forgery (CSRF), carjacking, clickjacking, and cookie exploits. Next, you will learn how to evaluate general strategies to mitigate vulnerability. The course then moves on to mitigation strategies fo rmobiles, such as containerization, sandboxes, wrappers, secure encrypted enclaves, TPM, and tokenization. You will then study enterprise mobility management methods, privacy concerns, and security issues. Other topics include how to assess vulnerabilities and common threats for embedded devices; and how to walk through methods to reduce embedded device vulnerability. Finally, as a review exercise, you will describe how to assess and mitigate systems vulnerabilities.

---

---

Objectives

CISSP 2018: Security Architecture and Engineering (Part 2) assess vulnerabilities in web-based systems describe common web-based attacks reduce security vulnerabilities in various web-based systems define enterprise mobility management describe issues related to mobile security and privacy reduce security vulnerabilities in mobile systems assess vulnerabilities in embedded devices describe and compare common threats to embedded devices reduce various embedded device vulnerabilities describe how to assess and mitigate systems vulnerabilities