Gain insights into cyber security fundamentals, explore common threats, discover protection mechanisms like firewalls, learn monitoring and response strategies, and develop secure systems as a developer.

Modern computer systems are almost universally connected, which creates wider attack surfaces well beyond code to users, hardware, and more. Securing systems is thus a fundamental skill for modern software engineers.

This course is a comprehensive introduction to cyber security best practices. You’ll start with an overview of common threats and vulnerabilities, as well as high-level concepts like privilege, integrity, logging, and mediation. With these concepts in mind, you’ll then learn common protection mechanisms and defense strategies from endpoint protection to firewalls, gateways, and proxy servers. Next, you’ll learn monitoring and detection techniques, alerts, and event management. Finally, when you detect a threat, you’ll know how to respond with support tickets, data preservation, and change management.

By the end of this course, you’ll have a better understanding of modern cyber security practices and a clear roadmap to implementing these as a developer.

Cyber Security Best Practices for Developers

# Incident management


Very few security alerts turn into incidents. The majority are treated as events and need to be handled accordingly using playbooks. For incidents, the ability to efficiently and adequately respond requires an incident response plan (IRP) rehearsed and reviewed periodically. There will be more than one plan to cover different scenarios. How a team responds to a data exfiltration incident will be different from handling an email worm eating its way through employee inboxes.


# Ensure that IRP requirements are met on time

Team members various roles, the communications tree, and a list of the required resources are all part of a good IRP. Team members should be prepared to perform their required roles, the communications plan should be reviewed and updated, and the required resources should be ready to use and have the connectivity required at the time of the incident. The worst time to discover that something is missing or misconfigured is when incident response begins.

# Data management during the incident

Plan execution should be done assuming that legal proceedings will be involved. All data, such as log files, documentation, memory captures, and data on storage devices, should be treated as if they will be evidence in a future legal proceeding. Data handling requirements should be included in the plan, and all team members should be made aware and reminded of them at the time of the incident. The organization’s data retention policy should also inform the procedures to be used for the preservation of artifacts involved in incident response.

# Post-incident insights

An incident is a great learning opportunity. The team should review after-action results to identify what went right and what could be improved. Performing a lessons learned exercise is integral to a successful IRP. This allows the team to improve the plan for next time, and it should always be assumed that there will be a next time. Some IRPs may never be used, but when they are, the team and the organization will be thankful for the work done to prepare for it.


___

Get a recap of responding to cyber threats.

Introduction

Basics of Security

Detect

Protect

Respond

Conclusion

Summary: Respond

Incident management