Skip to main content
Cybersecurity Threats in Security Management

Cybersecurity Threats in Security Management

$249.00
Who trusts this:
Trusted by professionals in 160+ countries
Your guarantee:
30-day money-back guarantee — no questions asked
How you learn:
Self-paced • Lifetime updates
When you get access:
Course access is prepared after purchase and delivered via email
Toolkit Included:
Includes a practical, ready-to-use toolkit containing implementation templates, worksheets, checklists, and decision-support materials used to accelerate real-world application and reduce setup time.
Adding to cart… The item has been added

This curriculum spans the design and operational execution of a mature security program, comparable to multi-phase advisory engagements addressing threat intelligence integration, risk-based vulnerability management, identity governance, and third-party risk across complex enterprise environments.

Module 1: Threat Landscape Analysis and Intelligence Integration

  • Decide which threat intelligence feeds (open-source, commercial, ISAC-specific) to integrate based on relevance to industry vertical and attack surface exposure.
  • Implement automated STIX/TAXII-based ingestion pipelines to normalize and correlate threat indicators across SIEM and EDR platforms.
  • Balance the frequency of threat feed updates against false positive rates and analyst workload in monitoring operations.
  • Establish criteria for classifying threat actors (e.g., APT, cybercriminal, insider) based on observed TTPs and historical targeting patterns.
  • Operationalize MITRE ATT&CK mapping for detected threats to prioritize defensive controls and gap analysis.
  • Define thresholds for escalating intelligence findings to incident response teams versus retaining for situational awareness.

Module 2: Vulnerability Management and Risk-Based Prioritization

  • Configure vulnerability scanners to exclude non-routable or decommissioned assets to prevent noise in reporting.
  • Integrate CVSS scores with internal context (exposure, asset criticality, exploit availability) to calculate custom risk ratings.
  • Enforce patch deployment SLAs for critical systems while negotiating exceptions with business units for legacy dependencies.
  • Implement compensating controls (e.g., network segmentation, WAF rules) when immediate patching is not feasible.
  • Coordinate vulnerability scanning windows with change management to avoid interference with production operations.
  • Document and justify risk acceptance decisions for unpatched vulnerabilities in audit-compliant formats.

Module 3: Identity and Access Governance in Threat Mitigation

  • Enforce time-bound, just-in-time privileged access for third-party vendors using PAM solutions.
  • Implement conditional access policies that block or require MFA based on sign-in risk levels from identity protection tools.
  • Conduct quarterly access reviews for privileged roles, reconciling entitlements against job function and separation of duties.
  • Respond to anomalous authentication patterns (e.g., impossible travel, after-hours access) with automated session termination.
  • Integrate identity lifecycle management with HR systems to ensure immediate deprovisioning upon employee offboarding.
  • Balance usability and security by defining acceptable authentication methods for different application tiers (e.g., SSO vs. passwordless).

Module 4: Endpoint Detection and Response (EDR) Operations

  • Deploy EDR agents using signed scripts through configuration management tools to ensure integrity and consistency.
  • Customize detection rules to reduce false positives from legitimate administrative tools like PowerShell or PsExec.
  • Isolate endpoints automatically upon detection of ransomware behavior, with override capability for critical systems.
  • Conduct live forensic collection from endpoints during active investigations while maintaining chain of custody.
  • Configure telemetry levels based on device type (e.g., higher verbosity on domain controllers, reduced on kiosks).
  • Coordinate EDR alert triage between SOC analysts and endpoint support teams to avoid disruption to end users.

Module 5: Network Security and Threat Containment

  • Segment networks to limit lateral movement, ensuring firewall rules enforce least privilege between zones.
  • Deploy network TAPs or SPAN ports to feed full packet capture data to NSM tools without performance degradation.
  • Implement DNS filtering to block known malicious domains while allowing exceptions for research or testing environments.
  • Respond to C2 traffic detection by updating egress filtering rules and initiating host-level investigation.
  • Use NetFlow analysis to identify data exfiltration patterns and correlate with user and device logs.
  • Maintain firewall rule hygiene by removing unused or overly permissive rules during quarterly reviews.

Module 6: Incident Response and Crisis Management

  • Activate incident response playbooks based on incident classification (e.g., data breach, ransomware, DDoS).
  • Preserve volatile memory and disk images from affected systems before containment actions alter evidence.
  • Coordinate external communications with legal and PR teams while maintaining factual accuracy and regulatory compliance.
  • Engage third-party forensic firms under pre-negotiated contracts when internal capacity is exceeded.
  • Conduct tabletop exercises simulating supply chain compromises to test cross-functional coordination.
  • Document root cause analysis using evidence logs, timeline reconstruction, and stakeholder interviews.

Module 7: Security Automation and Orchestration (SOAR)

  • Map common incident types to automated workflows (e.g., phishing email validation, user lockout response).
  • Integrate SOAR with ticketing systems to ensure human-in-the-loop approval for high-risk actions like account disablement.
  • Validate API connectivity and rate limits across integrated tools (email gateways, firewalls, IAM) before workflow deployment.
  • Monitor automation run logs for failures and adjust error-handling logic to prevent alert fatigue.
  • Balance speed of automated response against potential for collateral impact on business operations.
  • Version-control SOAR playbooks and conduct peer review before promoting to production environments.

Module 8: Third-Party Risk and Supply Chain Threat Management

  • Require vendors to provide evidence of security controls (e.g., SOC 2, penetration test reports) before onboarding.
  • Implement continuous monitoring of vendor-facing systems for unauthorized changes or exposed endpoints.
  • Enforce contractual clauses requiring notification of breaches involving shared data within defined timeframes.
  • Assess software bills of materials (SBOMs) for critical applications to identify vulnerable open-source components.
  • Conduct targeted assessments of high-risk vendors with access to crown jewel assets or production environments.
  • Coordinate incident response with third parties during joint security events, clarifying roles and data-sharing protocols.
!