CISM 2020: Detecting Security Anomalies


Overview/Description
Expected Duration
Lesson Objectives
Course Number
Expertise Level


Overview/Description

Information security managers must have the most efficient tools to detect potential security incidents at their disposal. In this course, you'll explore several tools that can be used to detect anomalies and learn how to take action to mitigate these anomalies.

You'll learn to differentiate intrusion detection from intrusion prevention, before using Snort for network anomaly detection. You'll then examine how honeypots provide insight related to malicious user techniques. Next, you'll analyze various types of Windows logs, before working with logging in Linux.

Lastly, you'll configure data loss prevention in the cloud, view compliance reports, and outline how SIEM and SOAR can be used for incident detection and response.

This course is one of a collection of courses that prepares learners for the Certified Information Security Manager (CISM) certification.



Expected Duration (hours)
0.9

Lesson Objectives

CISM 2020: Detecting Security Anomalies

  • discover the key concepts covered in this course
  • recognize how security baselines can help identify potential indicators of compromise
  • identify how IPD and IPS systems differ
  • deploy Snort to detect network anomalies
  • recall how honeypots and honeynets provide valuable insight related to attacker methods
  • view and filter Windows logs
  • enable Linux logging to a central logging host
  • identify cloud configuration security violations
  • recognize how centralized incident and log analysis and correlation are part of an ISMS
  • summarize the key concepts covered in this course

    • Course Number:
    it_spcism2020_09_enus

    Expertise Level
    Intermediate