Gain insights into cyber security fundamentals, explore common threats, discover protection mechanisms like firewalls, learn monitoring and response strategies, and develop secure systems as a developer.

Modern computer systems are almost universally connected, which creates wider attack surfaces well beyond code to users, hardware, and more. Securing systems is thus a fundamental skill for modern software engineers.

This course is a comprehensive introduction to cyber security best practices. You’ll start with an overview of common threats and vulnerabilities, as well as high-level concepts like privilege, integrity, logging, and mediation. With these concepts in mind, you’ll then learn common protection mechanisms and defense strategies from endpoint protection to firewalls, gateways, and proxy servers. Next, you’ll learn monitoring and detection techniques, alerts, and event management. Finally, when you detect a threat, you’ll know how to respond with support tickets, data preservation, and change management.

By the end of this course, you’ll have a better understanding of modern cyber security practices and a clear roadmap to implementing these as a developer.

Cyber Security Best Practices for Developers

## Review notifications

Most SIEM solutions provide the ability to perform a specific action based on receiving an alert from a security device. Examples of these actions can include sending an email or adding an item to a dashboard. The response actions taken by an SIEM need to get security analysts’ attention so that they’re responded to quickly. If the SIEM sends notifications, the organization’s existing messaging solution should be leveraged. This could be the organization’s email infrastructure or a simple messaging service (SMS). The information contained in these notifications should be reviewed to ensure that sensitive information isn’t inappropriately disclosed. This review should include asking questions such as:


- What if the contents of the message ended up in the wrong person's inbox?

- What could be done with that information?

- Who else could benefit from receiving this notification?

## Problems with handling notifications

Using a system that can automatically create notifications runs the risk of sending too many notifications and overwhelming recipients. An SIEM can create a security event based on the alerts it receives. However, the event needs to be actionable. If an event gets the attention of an analyst, it had better be worth the time of that valuable security resource. If there are too many events to be handled appropriately, security personnel may become desensitized and start tuning them out.


> **Note:** Event apathy appears to have contributed to the expensive and widely-publicized incident suffered by the Target Corporation in 2013, where alerts generated by a malware prevention appliance were not seen (and therefore not responded to) by security personnel until it was too late.



# Review notifications

Most SIEM solutions provide the ability to perform a specific action based on receiving an alert from a security device. Examples of these actions can include sending an email or adding an item to a dashboard. The response actions taken by an SIEM need to get security analysts’ attention so that they’re responded to quickly. If the SIEM sends notifications, the organization’s existing messaging solution should be leveraged. This could be the organization’s email infrastructure or a simple messaging service (SMS). The information contained in these notifications should be reviewed to ensure that sensitive information isn’t inappropriately disclosed. This review should include asking questions such as:


- What if the contents of the message ended up in the wrong person's inbox?

- What could be done with that information?

- Who else could benefit from receiving this notification?

# Problems with handling notifications

Using a system that can automatically create notifications runs the risk of sending too many notifications and overwhelming recipients. An SIEM can create a security event based on the alerts it receives. However, the event needs to be actionable. If an event gets the attention of an analyst, it had better be worth the time of that valuable security resource. If there are too many events to be handled appropriately, security personnel may become desensitized and start tuning them out.


> **Note:** Event apathy appears to have contributed to the expensive and widely-publicized incident suffered by the Target Corporation in 2013, where alerts generated by a malware prevention appliance were not seen (and therefore not responded to) by security personnel until it was too late.



Learn about the proper techniques for reviewing notifications.

Introduction

Basics of Security

Detect

Protect

Respond

Conclusion

Alerts

Review notifications