Best Information Security Courses

Find the best online Information Security Courses for you. The courses are sorted based on popularity and user ratings. We do not allow paid placements in any of our rankings. We also have a separate page listing only the Free Information Security Courses.

Certified Information Systems Security Officer (CISSO)

Certified Information Systems Security Officer (CISSO) Certification Exam Prep Course

Created by Stone River eLearning - 500,000+ Happy Students


Students: 1976, Price: $129.99

Students: 1976, Price:  Paid

Upon completion, Certified Information Systems Security Officer students will not only be able to establish industry acceptable Cyber Security & IS management standards with current best practices but also be prepared to competently take the CISSO exam.

The Certified Information Systems Security Officer certification training was a direct initiative of the DND – Department of National Defence of Canada in cooperation with the DOD – Department of Defense of the United States; defined in the dual initiative titled CANUS CDISM MOU - ID#: 1974100118.

In the CANUS CDISM MOU, it stated the following: I. The CDRSN National Information System Security Officer (ISSO) is the focal point for all security issues pertaining to this network. II. The Director Information Management Security (DIMSECUR) is the DND authority for security assessment of the CDRSN, including the approval of Interim Authority to Process (IAP) and Authority to Communicate. With these initiatives in mind, Mile2 created the Certified ISSO. The CISSO addresses the broad range of industry best practices, knowledge and skills expected of a security manager/officer. The candidate will learn in-depth theory pertaining to the practical implementation of core security concepts, practices, monitoring and compliance in the full panorama of IS management. 

Through the use of a risk-based approach, the CISSO is able to implement and maintain cost-effective security controls that are closely aligned with both business and industry standards. Whether you’re responsible for the management of a Cyber Security team, a Security Officer, an IT auditor or a Business Analyst, the C)ISSO certification course is an ideal way to increase your knowledge, expertise, and skill.  

  • ACCREDITED by the NSA CNSS 4011-4016
  • MAPPED to NIST / Homeland Security NICCS's Cyber Security Workforce Framework
  • APPROVED on the FBI Cyber Security Certification Requirement list (Tier 1-3)

Exam Information

The Certified Information Systems Security Officer exam is taken online through Mile2’s Assessment and Certification System (“MACS”), which is accessible on your mile2 account. The exam will take 2 hours and consist of 100 multiple choice questions. The cost is $400 USD and must be purchased from Mile2.

Isaca : Information Security Manager Certification Exam 2021

best practice Tests for information Security Manager Certification 2021

Created by Nawel wawa - Nawel


Students: 1678, Price: $74.99

Students: 1678, Price:  Paid

CISM (Certified Information Security Manager)

CISM (pronounced siz-zm) is a certification offered by ISACA that validates your knowledge and expertise in managing enterprise information security teams. Getting CISM certified puts you in high demand with employers around the world that recognize the achievement and capability CISM certification represents. CISM shows that you have an all-around knowledge of technical competence and an understanding of business objectives around data security.

Exam details

ISACA CISM is used to be a manual exam, but over the years it has evolved into a Computer-Based Testing method, which ensures even more accuracy and reliability for its candidates. It is consisting of 150 questions that you need to clear within 240 minutes. This exam is available in various languages, such as Chinese, English, Japanese, Korean, and Spanish. It is held at the PSI testing centers around the world.

1. Information Security Governance – 24%

  • Strength, opportunities, weaknesses, threats, and all the required techniques to develop a successful information security strategy;

  • Knowledge of this field in relation to the objectives and goals of a business;

  • Knowledge of worldwide information security governance and its role in strategy development;

  • Knowledge and skills in implementing the methods of information security governance;

  • Knowledge of using and establishing available methods of reporting in an organization.

As for the tasks that you should be able to perform, they include the following:

  • Effectively manage risks and determine whether information security controls are appropriate or not;

  • Determine the risk factors to ensure proper management;

  • To enable a consistent and precise information risk management program, it should be integrated into the business and IT processes.

2. Information Risk Management – 30%

  • Knowledge of the management of internal or external risk factors;

  • Knowledge of analysis methodologies and risk assessment;

  • Knowledge of risk reporting requirements;

  • Knowledge of threats, reliability, and current sources of information;

  • Knowledge of the changes to information security program elements and events that may require risk reassessments;

  • Knowledge of gap analysis related to information security.

Besides that, this section will test your skills in the following:

  • Maintaining and establishing the information security program in line with the information security strategy;

  • To ensure whether the information security program adds value and protects the business, one should know how to align the information security program with the operational objectives of other functions of the business;

  • To evaluate the effectiveness and efficiency of information security management, one should know how to monitor and analyze program management and operational metrics;

  • Establishing a program for information security awareness and training for the effectiveness of security statistics.

3. Information Security Program Development and Management – 27%

  • Knowledge of the certifications, training, and skills required for information security;

  • Knowledge and ability to implement the proper effectiveness and procedures of information security along with its policies;

  • Knowledge and skills in managing, identifying, and defining the necessary requirements for internal and external resources;

  • Knowledge and skills in implementing the rules into contracts, agreements, and third-party management processes;

  • Knowledge of the techniques to communicate this program to the stakeholders.

  • Establish proper information security incidents to allow the accuracy in responding to incidents;

  • Make sure to test, review, and revise the incident response to ensure the effectiveness and improve response capabilities;

  • Make sure to carry out reviews of incidents afterwards to know the exact cause of certain situations to avoid its probability in the future;

  • Maintain the integration of a incident response plan and a disaster recovery plan.

4. Information Security Incident Management – 19%

  • Knowledge of the main components of an incident response plan and the concepts and practices of its management;

  • Knowledge and ability to effectively equip incident response teams through their training and tools;

  • Knowledge of the relationship of business continuity planning and disaster recovery planning to the incident response plan;

  • Knowledge of escalation processes;

  • To detect and analyze information security events, one should have knowledge of technologies

ISO/IEC 27001 : Information Security Controls Explained

ISO/IEC 27001 Annex A

Created by Dr. Amar Massoud - Specialized in IT certfication trainings


Students: 1346, Price: $19.99

Students: 1346, Price:  Paid

This course explains the Information Security Controls of ISO/IEC 27001 Annex A. Annex A of ISO 27001 is probably the most famous annex of all the ISO standards – this is because it provides an essential tool for managing information security risks: a list of security controls (or safeguards) that are to be used to improve the security of information assets.

This course will provide you with an understanding of how Annex A is structured. We will go through all the 114 security controls with easy to understand examples.

Annex A is composed of  14 sections:

  • A.5 Information security policies – controls on how the policies are written and reviewed

  • A.6 Organization of information security – controls on how the responsibilities are assigned;

  • A.7 Human resources security – controls prior to employment, during, and after the employment

  • A.8 Asset management – controls related to inventory of assets and acceptable use; also for information classification and media handling

  • A.9 Access control – controls for the management of access rights of users, systems and applications, and for the management of user responsibilities

  • A.10 Cryptography – controls related to encryption and key management

  • A.11 Physical and environmental security – controls defining secure areas, entry controls, protection against threats, equipment security, secure disposal, Clear Desk and Clear Screen Policy, etc.

  • A.12 Operational security – lots of controls related to the management of IT production: change management, capacity management, malware, backup, logging, monitoring, installation, vulnerabilities, etc.

  • A.13 Communications security – controls related to network security, segregation, network services, transfer of information, messaging, etc.

  • A.14 System acquisition, development and maintenance – controls defining security requirements, and security in development and support processes

  • A.15 Supplier relationships – controls on what to include in agreements, and how to monitor the suppliers

  • A.16 Information security incident management – controls for reporting events and weaknesses, defining responsibilities, response procedures, and collection of evidence

  • A.17 Information security aspects of business continuity management – controls requiring the planning of business continuity, procedures, verification and reviewing, and IT redundancy

  • A.18 Compliance – controls requiring the identification of applicable laws and regulations, intellectual property protection, personal data protection, and reviews of information security

Cloud Security Architecture – An introduction

Basics of cloud security architecture and how you can create a security architecture for your own cloud solutions.

Created by Aksel Bruun - Cloud Security Architect


Students: 1167, Price: Free

Students: 1167, Price:  Free

This course gives an introduction to security architecture for the cloud. You as a cloud consumer must be able to docment, create and govern your security architecture. The purpose of security architecture work is to protect your data and services in the cloud from potential misuse from hackers and other unauthorized individuals. You have to know what the cloud service provider will do to protect you and what you have to take responsibility for yourself.

This course will teach you what type of focus you need when you start creating a security architecture and what steps you must complete in order to implement and document the security architecture you need for your cloud solutions The course will not go into cloud vendor sepcific details but point to relevant resources for further learning.

Did you know that, according to Gartner, through 2025, 99% of cloud security failures will be the customers fault?
Cloud misconfiguration is considered one of the highest ranking risks for cloud services and has already led to the exposure of billions of data records. This risk can be lowered considerable when having a structured approach to security architecture for the cloud and should the primary objective of completing this course.

Course contents:

  • Security Architecture

  • Cloud Computing

  • Shared responsibility model

  • Methodology and frameworks

  • Strategy, scope and context

  • Risk

  • Compliance

  • Logical security architecture

  • Layered defenses

  • Implementation and best practices

Introduction to Corporate Information Security

This course explains why information security and its management are important for any modern organization.

Created by Illumeo Learning - Condensed and Efficient Courses for Busy Professionals


Students: 1122, Price: $24.99

Students: 1122, Price:  Paid

Information security underpins the commercial viability and profitability of enterprises of all sizes and the effectiveness of public sector organizations. This course explains the basics of information security and why information security and its management are important for any modern organization.

Learning Objectives

  • Explore the academic principles behind Information Security.

  • Identify the key issues related to securing corporate information.

  • Discover the technology and methods available to achieve information security in a corporate environment. 

ISACA CISM Certified Information Security Manager

One of the highest paid certifications! Become a Certified Information Security Manager!

Created by Luciano Ferrari - Founder, LufSec IT Security Consulting


Students: 1116, Price: $19.99

Students: 1116, Price:  Paid

This training is a comprehensive reference guide designed to assist individuals in preparing for the ISACA CISM exam and individuals who wish to understand the roles and responsibilities of an information security manager. It is a current, comprehensive, peer-reviewed information security management global resource. 

CISM Domain 1—Information Security Governance
Establish and/or maintain an information security governance framework and supporting processes to ensure that the information security strategy is aligned with organizational goals and objectives

CISM Domain 2—Information Risk Management
Manage information risk to an acceptable level based on risk appetite in order to meet organizational goals and objectives.

CISM Domain 3—Information Security Program Development and Management
Manage information risk to an acceptable level based on risk appetite in order to meet organizational goals and objectives.

CISM Domain 4—Information Security Incident Management
Plan, establish and manage the capability to detect, investigate, respond to and recover from information security incidents to minimize business impact. 

Information Security Primer

Secure Your Network in 12 (not so) Simple Steps

Created by Dave Sirof - Network Security Engineer


Students: 697, Price: $24.99

Students: 697, Price:  Paid

In this course you will learn to secure a network, weather it's Enterprise or SOHO.

The course in based on over my 20 years hands on experience in IT, as a security analyst and network engineer.

Learn the 12 most important steps in securing you network, making sure you cover all the basics, but not wasting time on activities that contribute little.

Step 1- Write a Security Policy

Step 2 - Educate End Users & IT Staff

Step 3 - Implement Physical Security

Step 4 - Implement Perimeter Security

Step 5 - Use Good Password Management

Step 6 - Eliminate Unnecessary Services

Step 7 - Implement Good Patch Management

Step 8 - Implement AntiVirus Measures

Step 9 - Implement Access Control

Step 10 - Secure Data in Transit

Step 11 - IDS & IPS

Step 12 - Backup Your Data

Following a lecture on each of the steps, I provide 10 Live Demos to reinforce the lectures

Introduction to Information Security

Information Security and Cryptography

Created by Mariyam Ejaz Maniyar - Academician


Students: 692, Price: Free

Students: 692, Price:  Free

Information Security is not only about securing information from unauthorized access. Information Security is basically the practice of preventing unauthorized access, use, disclosure, disruption, modification, inspection, recording or destruction of information.

Information can be physical or electronic one. Information can be anything like Your details or we can say your profile on social media, your data in mobile phone, your bio-metrics etc. Thus Information Security spans so many research areas like Cryptography, Mobile Computing, Cyber Forensics, Online Social Media etc.

Information Security programs are build around 3 objectives, commonly known as CIA – Confidentiality, Integrity, Availability.

Cryptography is a method of protecting information and communications through the use of codes, so that only those for whom the information is intended can read and process it. The prefix "crypt-" means "hidden" or "vault" -- and the suffix "-graphy" stands for "writing." This short course will run you through few of most important cryptographic protocols.

  1. Confidentiality – means information is not disclosed to unauthorized individuals, entities and process. For example if we say I have a password for my Gmail account but someone saw while I was doing a login into Gmail account. In that case my password has been compromised and Confidentiality has been breached.

  2. Integrity – means maintaining accuracy and completeness of data. This means data cannot be edited in an unauthorized way. For example if an employee leaves an organisation then in that case data for that employee in all departments like accounts, should be updated to reflect status to JOB LEFT so that data is complete and accurate and in addition to this only authorized person should be allowed to edit employee data.

  3. Availability – means information must be available when needed. For example if one needs to access information of a particular employee to check whether employee has outstanded the number of leaves, in that case it requires collaboration from different organizational teams like network operations, development operations, incident response and policy/change management.
    Denial of service attack is one of the factor that can hamper the availability of information.

CISSO – Certified Information Systems Security Officer

Certification Exam Prep Course

Created by Mile2® Cyber Security Certifications - Cyber Security Certifications


Students: 579, Price: $19.99

Students: 579, Price:  Paid

This course is provided directly by Mile2®. This official Mile2® video includes an authorized exam prep and exam simulator, available upon request.

Upon completion, Certified Information Systems Security Officer students will not only be able to establish industry acceptable Cyber Security & IS management standards with current best practices but also be prepared to competently take the CISSO exam.

The Certified Information Systems Security Officer certification training was a direct initiative of the DND – Department of National Defence of Canada in cooperation with the DOD – Department of Defense of the United States; defined in the dual initiative titled CANUS CDISM MOU - ID#: 1974100118.

In the CANUS CDISM MOU, it stated the following: I. The CDRSN National Information System Security Officer (ISSO) is the focal point for all security issues pertaining to this network. II. The Director Information Management Security (DIMSECUR) is the DND authority for security assessment of the CDRSN, including the approval of Interim Authority to Process (IAP) and Authority to Communicate. With these initiatives in mind, Mile2 created the Certified ISSO. The CISSO addresses the broad range of industry best practices, knowledge and skills expected of a security manager/officer. The candidate will learn in-depth theory pertaining to the practical implementation of core security concepts, practices, monitoring and compliance in the full panorama of IS management. 

Through the use of a risk-based approach, the CISSO is able to implement and maintain cost-effective security controls that are closely aligned with both business and industry standards. Whether you’re responsible for the management of a Cyber Security team, a Security Officer, an IT auditor or a Business Analyst, the C)ISSO certification course is an ideal way to increase your knowledge, expertise, and skill.  

  • ACCREDITED by the NSA CNSS 4011-4016
  • MAPPED to NIST / Homeland Security NICCS's Cyber Security Workforce Framework
  • APPROVED on the FBI Cyber Security Certification Requirement list (Tier 1-3)

Exam Information

The Certified Information Systems Security Officer exam is taken online through Mile2’s Assessment and Certification System (“MACS”), which is accessible on your mile2 account. The exam will take 2 hours and consist of 100 multiple choice questions. The cost is $400 USD and must be purchased from Mile2.

What are the requirements?

  • 1 year experience in at least 2 modules or
  • 1 year in IS management

What am I going to get from this course?

  • Confidently take the CISSO certification exam
  • Establish industry acceptable Cyber Security & IS management standards

What is the target audience?

  • IS Security Officers
  • IS Managers
  • Risk Managers
  • Auditors
  • Information Systems Owners
  • IS Control Assessors
  • System Managers
  • Government

Certified Information Security Manager 2018 – CISM

Master the preparation for the CISM exam by practicing at the real exam difficulty level - Q & A plus Explanations

Created by Sherif Omar - AWS Certified Solutions Architect - Cisco CCNA/CCNP


Students: 488, Price: $29.99

Students: 488, Price:  Paid

Practice for the CISM exam through these practice questions and included explanations.

The course contains two practice tests, each has 200 questions, timed to 240 minutes, and passing score adjusted at 65 %. This simulates to a great deal the actual exam experience.

The exam engines gives you the ability to mark questions for review, move back and forth, skip questions.

I wish you all the best of luck!

Best Regards;

Sherif Omar

Information Security Awareness: An introduction for UK SMEs

Recognise the main UK SME cyber security breaches and learn how to protect yourself and your company from common attacks

Created by David Chapman, PhD - Data protection & information security trainer


Students: 437, Price: $89.99

Students: 437, Price:  Paid

What Will I Learn?

  • The value of stolen information and how to recognise UK SME cyber security threats including viruses, spyware, malware, impersonation, denial-of-service, hacking, identity theft and corporate identity fraud,
  • How social engineering attacks operate and how to protect yourself through cautious behaviour, call verification and by applying email precautions,
  • Sound practices to safely handle email attachments and follow hyperlinks, identify fake emails, and recognise common business scams,
  • To recognise and avoid social media dangers including identity theft, social engineering attacks and malware, by adopting sound social media practices,
  • To securely manage your passwords.



  • An appreciation of the small business workplace,
  • A general familiarity with internet browsing and common office applications.


UK SMEs are at risk of cyber-attack.  Security awareness training helps SMEs defend themselves.  This introductory, non-technical information security awareness course, avoids (almost all) jargon to outline key SME workplace security threats and give you actionable solutions.


Develop a security-mindset based on a realistic, evidence-based UK SME threat awareness

  • Know who the attackers target and why,
  • Minimise your user-enabled security attacks,
  • Defend yourself and your company against phishing and other lure-based attacks,
  • Adopt safe, and avoid unsafe workplace social media practices,
  • Improve your password management.

Protect yourself and your SME

SMEs with a security-aware culture are less likely to suffer an expensive cyber-attack.  Educating yourself about workplace information security threats and adopting secure practices will help protect your company.  This course introduces end-user focused, straightforward, non-technical security awareness topics.

The course is particularly suited to micro (0-9 employees) and small (10-49 employees) SMEs.  Some medium (50-249 employees) SMEs will benefit from parts of the course.  Most examples and many references in the course are UK sourced.

Individuals, families, small businesses and large organisations share many information security threats.  How SMEs should prepare for and respond to these threats differs from the other categories of user.  Defensive techniques and tips offered in this course are UK SME oriented.

Key information security awareness topics are presented in a straightforward, accessible and practical manner.

At the end of each topic, use the workbooks to determine further security awareness actions.

Course content and overview

Actionable end-user security awareness training is structured around five key, standalone topics:

  • You are a target,
  • Social engineering,
  • Dangerous email and links,
  • Social media issues,
  • Password risks.

This course comprises of 33 lectures and around 2 hours of lecture content.  Each topic divides into several short lectures.  Lectures typically last 4-8 minutes.  Following each topic, are practice activities and resources: e.g. a downloadable lecture pdf, an online quiz providing immediate feedback, a downloadable workbook and a topic bibliography.

A course completion certificate is also available.

Course topics


You are a target

This topic considers the value of personal or company information and how it is sold on darknet markets.  It introduces identity theft, highlighting the type of people deliberately targeted.  Corporate identity fraud and basic protection approaches are addressed.  Common workplace information security threats, as identified by a UK government survey, are introduced.


Social engineering

This topic introduces social engineering is and explains its popularity amongst attackers.  Three main malicious social engineering techniques are introduced.  Mainly UK social engineering examples are given.  Defensive techniques against social engineering attacks are outlined.


Dangerous email and links

This topic considers email attachment dangers.  The reasons attackers favour email are given.  Email protection steps are provided.  Hyperlinks and their dangers are explained.  How to distinguish between real and fake email is explored.  Scams targeting UK SMEs and protection advice are introduced.  A specific attack type – spear phishing – is also considered.

Social media issues

This topic introduces workplace social media.  SME social media concerns are outlined.  Key social media dangers including identity theft, social engineering attacks, malware infection, plus employee and employer risks are discussed.  Social media advice for UK SME employees and employers is provided.


Password risks

This topic considers key password issues including the ‘worst’ passwords, too many passwords, forgotten passwords and main types of password attack.  Technical security controls for passwords and their limitations are outlined.  The contrast between how users manage passwords and how they should manage their passwords is explored.  Poor password hygiene practice is demonstrated.  Good practice password hygiene is explained.  Two-factor authentication is outlined.  SME password security – managing multiple logins and passwords plus security tips for passwords are introduced.

Information security in practice

Protect your organization and manage risks related to information security on network, application and physical level

Created by Nikola Milosevic - AI and cyber-security expert


Students: 430, Price: $24.99

Students: 430, Price:  Paid

In this course, you will learn the basics of information security and how to apply information security principles to your home environment or organization, regardless of its size.

Information security, sometimes shortened to infosec, is the practice of protecting information by mitigating information risks. It is part of information risk management. It typically involves preventing or at least reducing the probability of unauthorized/inappropriate access, use, disclosure, disruption, deletion/destruction, corruption, modification, inspection, recording or devaluation, although it may also involve reducing the adverse impacts of incidents. 

The course is tough by Dr. Nikola Milosevic, a PhD in computer science with track record of publications and successful projects in information and cyber-security. Nikola is OWASP chapter and project leader and has been teaching on several reputable Universities over the past 5 years.  I have also published scientific papers on malware analysis. Now he wants to share this knowledge with you and help you develop your career!

This course is following the content of the CISSP (Certified Information Security Systems Professional) certification.

The content of the course is suitable for both beginners and intermediate students interested in information security.

In this course you will learn about:

  • The motivation for having an information security framework

  • Types of information security controls (application, network, physical security)

  • Information security risk management

  • How to evaluate information assets of your organization

  • How to perform a risk assessment and where to include information security controls

  • How to perform audits and when

  • How to manage security operation of a certain organization

  • What are and how to respond to information security incidents (Incident response)

  • How to handle disaster recovery

  • Ethics of information security

  • What laws and regulations are in place (this may be specific to the UK and EU, as it includes talks about GDPR but tries to generalize)

  • Security standards in information security (ISO27001, ISO27003, ISO27005)

  • History and main algorithms used for information security

  • Cryptography

  • Access control

  • Basics of network security

  • Basics of application security

  • Basics of physical security

The tools that the course will be utilizing will be all open sources (such as SNORT or OSSEC).

Who this course is for:

  • This course is for anyone who wants to become an expert in cyber-security and information security. This volume covers the required foundation building blocks of that skillset.

  • For anyone who would love to gain a practical skillset in mitigating the risk from various kinds of information security threats and would like to learn about managing information in the organization.

  • For beginners and intermediate information security enthusiasts who are interested in security, safety, and privacy.

  • This course is designed for personal and corporate information security.

The content of this course was delivered also in the University settings.

Nmap for Information Security Professionals

Stop looking-out for Nmap commands online and start making them for yourself according to your need.

Created by Darshit Varotaria - Founder and CEO at Krydence Technologies LLP


Students: 375, Price: $44.99

Students: 375, Price:  Paid

Welcome to the Nmap for Information Security Professionals Course!

Nmap is a popular tool used by Network and Security Professionals. The developers community of the tool working really hard to keep Nmap updated according to market need. This is the reason that most of them uses it.

If you are an Ethical Hacker, this is the best tool for recon your targets if you have proper skills to use it. This is the tool, in which you should have expertise.

If you are Network Security Professional then being an expert of this tool will let you find weakness in Network Infrastructure and it will help to make it more secure.

Being an Ethical Hacker, Network and System administrator or Pentester, this is the tool without which you can't be a good expert.

This course will start with basic Nmap commands, which will prepare your mind to get-set with the tool. Step by Step, you will be introduced to different sections, which will be focusing on specific topic. So, as you start completing the sections, you will be getting more power to your hands with practical-skill sets on making your own commands.

This course is best suitable for students with technical mind and having interest in Ethical Hacking and Network Security. This tool can be  best for Reconnaissance. Recon Wins it All!

After completing the course, you will have power and understanding to execute your custom commands in Nmap based on your target. You will have understanding that weather you should run Safe Scan or Offensive Scan on target. You will be able to find Vulnerabilities and possible Exploits on target system.

PCI DSS Compliance : The A-Z™ Information Security Course

Master the 12 Requirements of PCI DSS v3.2.1 Compliance, Cyber Security and Identity Access Management + Practice Test

Created by SecuritasX™ IT Training - Information Security Trainings and Consultancy


Students: 347, Price: $89.99

Students: 347, Price:  Paid

The perfect course to get started with Payment Card Industry Data Security Standard. A detailed understanding of each of the sub-requirements and how they will be assessed is essential for PCI DSS compliance.

It doesn't matter whether you know payment card industry data security standard or you are a security professional, this course will help you to understand the protection of payments in a very effective and simple way! We have tried to explain all the requirements and topics in a very simple way so that you don't have to memorize. We are pretty sure that this is the perfect course for you to get started in the payments security industry.

First, you will understand the basics of payment cards.

Topics Covered:

  • Why Protecting Payments is important?

  • What is a Payment Card

  • How does a Card Transaction work?

  • Payment Card Industry Standards

  • What is PCI DSS?

  • Overview of 12 Requirements for PCI DSS

  • Who must comply with PCI?

  • History of PCI DSS

  • Maintaining a Secure Network System

  • Protecting Card Holder Data

  • Maintaining a Vulnerability Management Program

  • Access Control Measures

  • Monitoring and Testing Networks

  • Maintaining an Information Security Policy

Since its formation, PCI DSS has gone through several iterations in order to keep up with changes to the online threat landscape. While the basic rules for compliance have remained constant, new requirements are periodically added.

This course is a must for every computer user of an organization. No prior training is required to take this course as we will start with the basics. This will be a major step up in your career and if you still have doubts you should know I offer a 30-day money-back guarantee no questions asked so what are you waiting for?

Jump on in and take your career to the next level by learning information security today. I'll see you in the course!

ISO/IEC 27001 – Information Security Lead Auditor Exam

ISO 27001:2013 Online Practice Exam | Validate ISO 27001 ISMS knowledge, experience and skills | 3 Audit Case Studies

Created by S.M. WAQAS IMAM - Industrial Engineer | Quality, Health, Safety & Environment Professional | IRCA CQI Lead Auditor


Students: 313, Price: $49.99

Students: 313, Price:  Paid

Value Addition Alerts:

  1. Passing Certification Awarded By Instructor

Certification: Udemy does not provide certification for exams, they only do in the case of Video Courses. But the great news here is, we have empowered our paid students to have a certificate, once they qualify by 80% in the exams. It is a manual process, in which learners our requested to submit evidence of qualification, and apply for the certificate. The certificates are issued at the end of a month.


An Information Security management system offers a robust framework to ensure Information Security through established management system. From risk assessment to risk treatment methodology, from statement of applicability to access control policy, from incident management procedure to business continuity procedures, an Information Security management system (ISMS) approach is helping business achieve their objectives and secure information.


Why you need this exam?

If you are a professional working in the Information Security or you want to work in Information Security sector where you are supposed to manage various Information Security utilities in a company. Then you need to assess your knowledge on ISO/IEC 27001:2013 which is the latest international Information Security management system standard. ISO 27000:2018 is the latest standard entitled as “Information security management systems -- Overview and vocabulary”.

If you are planning to do lead auditor course of ISO/IEC 27001:2013, this practice exam will help you to self-assess your knowledge on ISO/IEC 27001. This exam is not exactly on the same format as of ISO/IEC 27001 Lead Auditor exam; however it gives you a good idea to go on with that. Because the official exam of ISO/IEC 27001:2013 is a written exam with different audit case studies, however this practice exam is based on MCQs with some example audit case studies 9.


Exam Composition

Information Security management systems is generally denoted as ISMS i.e. ISO/IEC 27001.

The exam will assess you on following:

- The concept of Information Security management system (ISMS)

- Incorporation of questions from latest ISO 27000:2018 international guidance

- Internal and external issues of ISMS

- Security Roles and responsibilities

- Statement of Applicability

- Inventory of Assets

- Acceptable use of assets

- Secure system engineering principles

- Business continuity procedures

- Risk assessment and risk treatment methodology

- Auditing methodology for an ISMS


Food for Thought

If you think you are an expert in ISO/IEC 27001 ISMS after taking courses on ISO/IEC 27001

You need to hold on!

Join this exam and self-assess yourself!

Take the Practice Exam...

Be Familiar with ISMS knowledge which you hold...

May be you need to learn and learn...

Or you can prove your knowledge and expertise by successfully completing this exam.

Both ways, you are in a win-win situation.


Audit Case Studies: This course comes with 3 exclusive audit case studies. You need to assess the situation and select the right option. If in-case you select a wrong option, there is an explanation provided at the end of the assessment. Moreover you can discuss the audit case studies as well in Q & A by stating the reference code provided with each study. There can be other correct alternatives for case studies, so you are free to share the alternative with reference to the specific case. 


Official Lead Auditor Exam Versus Lead Auditor Practice Exam:

1. Official LAC Exam is a written one, Practice LAC exam is MCQ based.

2. Official LAC exams has four different sections, Practice LAC exam has three different sections.

3. Official LAC exams has a last section for three written audit case studies, Practice LAC exam has a section for case studies containing 3 cases but answers are stated in MCQ-type. In order to provide students with a real simulated environment, students can post their answers in Q/A sections, by stating the reference code provided with each study; where instructor can respond to their answers. 


Note: ISO/IEC 27001:2013 standard is a copyright document of ISO. We will not be sharing any copyright standard. Please purchase it from ISO store.

Good news: We will be adding more content for example case studies to practice tests in the future. If you feel that you lack the knowledge you can re-take ISMS courses.


Self-Learning Process by examining your answers with explanation: At the end of the ISMS assessment exam, you will be provided with a result sheet which includes correct answers as well and the reason or explanation for the answer. So this exam is itself a learning process. You can improve your learning by assessing your answers against the explanation provided.


One Month Money Back Guarantee: Don't forget One Month 100% Money Back Guarantee without inquiry. This means you have unconditionally no risk when registering to this Exam.


Ask Questions & Report Complaints: Discussion forum on the right side of this course can be used to discuss specific queries and report problems you are facing about the content of the course.

Learn About Foundational Knowledge to Start an IT Career

Know basics of IT including Hardware, Software, Application, Network, Database and etc.

Created by Aiyaz Uddin - Staffing, Sales, Recruitment, Online Marketing, & Branding


Students: 152, Price: Free

Students: 152, Price:  Free

Information Technology is one of the fastest-growing industry and the demand for IT professionals are on the rise. To make informed decisions and decisions that serve the purpose requires information about different paths and components of information technology. The student will go through a knowledge base learning on Information technology and will know different roles within each of the sides of the industry and how to begin your career in information technology on the side of your interest such as development, administration, support, helpdesk, networking, content writing, and etc.

This course is helpful for all students who are studying IT or who are willing to get into IT and know the career paths and how they can develop their career in the field of Information Technology.

In this course, we are going to discuss what consist of information technology.

· Software and its types

· Hardware and its types

· Web Applications and Its Types

· Security and Its Types

· Databases and Its Types

· IT Communication and Its Types

· Servers and Its Types

· Internet and Its Types

· Network and its Types

· and IT Support

This course is not for Experienced Professionals or Developers or Programmers

This course is for students who are beginners and would like to understand IT and basic foundational knowledge of Information Technology.

Enterprise Information Security Management: Tools

Module 2: Strategies, Models, Frameworks, and Approaches

Created by CRC Press - A premier global publisher of science & technology resources


Students: 143, Price: $89.99

Students: 143, Price:  Paid

The purpose of this series course is to address the growing challenges of managing information security risks in enterprise and government organizations, prompted by the complexity and risks of today’s changing technological landscape, as well as increasingly demanding business aspirations. These challenges are further escalated by the inadequacies of existing risk management models and professional development approaches.

Similar to warfares,In information security, there are various strategies, frameworks, approaches, and models, that have been developed over the years, which could help practitioners design, plan, build, deploy, and operate an information security management program in organizations. In this part, we'll discuss how organizations use them.

By the end of this module, you should gain a level of understanding of the models, frameworks, strategies, and approaches applicable to enterprise information security management; discourse their pros and cons, and apply your learning to given scenarios and in your organizations.

Information Security Risk Assessment Process ISO 27001:2013

IS Security Risk Assessment for IS Security, IT, Risk Management, IS Audit Professionals and Students

Created by Compliance Security and Risk Management - Compliance, IS Security and Risk Professional


Students: 110, Price: $19.99

Students: 110, Price:  Paid

Do you know why is it critical for companies and institutions to manage Information and related Risks?

Do you know that one of the biggest challenges being faced by companies and institutions is to face and manage IS Security Risks?

Do you know how practically companies and IS Consultants assess and manage Information Security Risks?

What ISO 27001:2013 ISMS prescribes for IS Security Risk Assessment and Treatments?

All these questions will be answered through practical course, where standards requirements are linked with real world examples and risk assessment models and techniques.

In this course you will get insight about how the companies and institutions are focusing on Strong IS Security Management Culture, to manage the IS Risks and Threats and avoid Vulnerabilities, Financial Losses, Penalties and Reputational Losses. This course will give you conceptual and practical knowledge about IS Security Risk Assessment and Management as per ISO 27001.

You will be able to understand and prepare the "Asset Risk, Impact and Likelihood Matrix", "Risk Assessment Methodology", "Vulnerability and Threat Matrix", "Risk and Financial Impact Pyramid Analysis", "Treatments Options", "Controls Categories" etc. as per ISO 27001 - Information Security Management System.

Other Benefits?

After attending this course you will be able to:

- apply concepts in your IS Security job

- communicate with IS Security and IS Audit professionals

- apply for jobs in organizations where ISO 27001 ISMS is implemented or to be implemented

- get the certificate of the course completion

- pursue a career progression in IS Security domain etc.

Who is this course for:

  • Information System IS Security, IS Audit, IT Professionals and Students

  • IS Security Consultants

  • Risk Management Professionals and Students

  • Internal Audit Professionals and Students

  • Finance Professionals and Students

  • CISA, CISM students

  • Compliance professionals

  • Any one who wants to learn the ISO 27001 standard's requirements for Information Security

Advanced Information Security Management with O-ISM3

Achieve a positive Return of Investment from Information Security implementing information security processes!

Created by Vicente Aceituno Canal - Thought leader in information security management


Students: 52, Price: $19.99

Students: 52, Price:  Paid

In this course you will master the design and operation of information security processes with metrics and you will be able to represent this metrics in compact and engaging dashboards or reports. You will learn what is a measurement, how your choice of a model influences what gets measured, what is the relationship between security activity and business goals, and how to use reports in a way that leads to understanding the security posture of the organisation and drive the right decisions.

712-50 – EC-Chief Information Security Officer (CCISO) Exam

350+ Unique simulator questions based on 712-50-EC-Chief Information Security Officer (CCISO) to review before real exam

Created by Jyoti singh - A Professonal working in IT firm having 5+ years in SAP Impl


Students: 22, Price: $29.99

Students: 22, Price:  Paid

712-50 - EC-Chief Information Security Officer (CCISO) Exam

350+ Unique simulator questions based on 712-50-EC-Chief Information Security Officer (CCISO) to review before real exam.

About EC-Council Certified Chief Information Security Officer (CCISO)

Certified Chief Information Security Officer (CCISO) certification exam is offered by EC-Council for assessment and validation of skills for a senior role in information security. CISOs across the globe have contributed to CCISO. The exam assesses your knowledge in information system controls, governance, audit management, human resource management, strategic program management and financial management.

The exam has 150 questions to be answered in 150 minutes, from five domains as -

Governance and Risk Management

Information Security Controls, Compliance, and Audit Management

Security Program Management & Operations

Information Security Core Competencies

Strategic Planning, Finance, Procurement, and Vendor Management

Exam Pattern

Exam Name: EC-Council Certified Chief Information Security Officer

Exam Code: EC-Council CCISO

Number of Questions: 150

Length of Time:  120 Minutes

Registration Fee:$999.00

Passing Score: 60% to 78% depending upon the cut score for the exam

Exam Language English

Who should take the exam?

The CCISO exam is apt for senior IT professionals, managers, program managers, IT operation managers, C-Level executives engaged in information security. The certification validates your technical, managerial and leadership skills.

Course Structure

Chief Information Security Officer (CCISO) covers the following topics -

Domain 1: Governance and Risk Management

1. Define, Implement, Manage, and Maintain an Information Security Governance Program

1.1. Form of Business Organization

1.2. Industry

1.3. Organizational Maturity

2. Information Security Drivers

3. Establishing an information security management structure

3.1. Organizational Structure

3.2. Where does the CISO fit within the organizational structure

3.3. The Executive CISO

3.4. Nonexecutive CISO

4. Laws/Regulations/Standards as drivers of Organizational Policy/Standards/Procedures

5. Managing an enterprise information security compliance program

5.1. Security Policy

5.1.1. Necessity of a Security Policy

5.1.2. Security Policy Challenges

5.2. Policy Content

5.2.1. Types of Policies

5.2.2. Policy Implementation

5.3. Reporting Structure

5.4. Standards and best practices

5.5. Leadership and Ethics

5.6. EC-Council Code of Ethics

6. Introduction to Risk Management

Domain 2: Information Security Controls, Compliance, and Audit Management

1. Information Security Controls

1.1. Identifying the Organization’s Information Security Needs

1.1.1. Identifying the Optimum Information Security Framework

1.1.2. Designing Security Controls

1.1.3. Control Lifecycle Management

1.1.4. Control Classification

1.1.5. Control Selection and Implementation

1.1.6. Control Catalog

1.1.7. Control Maturity

1.1.8. Monitoring Security Controls

1.1.9. Remediating Control Deficiencies

1.1.10. Maintaining Security Controls

1.1.11. Reporting Controls

1.1.12. Information Security Service Catalog

2. Compliance Management

2.1. Acts, Laws, and Statutes

2.1.1. FISMA

2.2. Regulations

2.2.1. GDPR

2.3. Standards

2.3.1. ASD—Information Security Manual

2.3.2. Basel III

2.3.3. FFIEC

2.3.4. ISO 00 Family of Standards

2.3.5. NERC-CIP

2.3.6. PCI DSS

2.3.7. NIST Special Publications

2.3.8. Statement on Standards for Attestation Engagements No. 16 (SSAE 16)

3. Guidelines, Good and Best Practices

3.1. CIS

3.1.1. OWASP

4. Audit Management

4.1. Audit Expectations and Outcomes

4.2. IS Audit Practices

4.2.1. ISO/IEC Audit Guidance

4.2.2. Internal versus External Audits

4.2.3. Partnering with the Audit Organization

4.2.4. Audit Process

4.2.5. General Audit Standards

4.2.6. Compliance-Based Audits

4.2.7. Risk-Based Audits

4.2.8. Managing and Protecting Audit Documentation

4.2.9. Performing an Audit

4.2.10. Evaluating Audit Results and Report

4.2.11. Remediating Audit Findings

4.2.12. Leverage GRC Software to Support Audits

Domain 3: Security Program Management & Operations

1. Program Management

1.1. Defining a Security Charter, Objectives, Requirements, Stakeholders, and Strategies

1.1.1. Security Program Charter

1.1.2. Security Program Objectives

1.1.3. Security Program Requirements

1.1.4. Security Program Stakeholders

1.1.5. Security Program Strategy Development

1.2. Executing an Information Security Program

1.3. Defining and Developing, Managing and Monitoring the Information Security Program

1.3.1. Defining an Information Security Program Budget

1.3.2. Developing an Information Security Program Budget

1.3.3. Managing an Information Security Program Budget

1.3.4. Monitoring an Information Security Program Budget

1.4. Defining and Developing Information Security Program Staffing Requirements

1.5. Managing the People of a Security Program

1.5.1. Resolving Personnel and Teamwork Issues

1.5.2. Managing Training and Certification of Security Team Members

1.5.3. Clearly Defined Career Path

1.5.4. Designing and Implementing a User Awareness Program

1.6. Managing the Architecture and Roadmap of the Security Program

1.6.1. Information Security Program Architecture

1.6.2. Information Security Program Roadmap

1.7. Program Management and Governance

1.7.1. Understanding Project Management Practices

1.7.2. Identifying and Managing Project Stakeholders

1.7.3. Measuring the Effectives of Projects

1.8. Business Continuity Management (BCM) and Disaster Recovery Planning (DRP)

1.9. Data Backup and Recovery

1.10. Backup Strategy

1.11. ISO BCM Standards

1.11.1. Business Continuity Management (BCM)

1.11.2. Disaster Recovery Planning (DRP)

1.12. Continuity of Security Operations

1.12.1. Integrating the Confidentiality, Integrity and Availability (CIA) Model

1.13. BCM Plan Testing

1.14. DRP Testing

1.15. Contingency Planning, Operations, and Testing Programs to Mitigate Risk and Meet Service Level Agreements (SLAs)

1.16. Computer Incident Response

1.16.1. Incident Response Tools

1.16.2. Incident Response Management

1.16.3. Incident Response Communications

1.16.4. Post-Incident Analysis

1.16.5. Testing Incident Response Procedures

1.17. Digital Forensics

1.17.1. Crisis Management

1.17.2. Digital Forensics Life Cycle

2. Operations Management

2.1. Establishing and Operating a Security Operations (SecOps) Capability

2.2. Security Monitoring and Security Information and Event Management (SIEM)

2.3. Event Management

2.4. Incident Response Model

2.4.1. Developing Specific Incident Response Scenarios

2.5. Threat Management

2.6. Threat Intelligence

2.6.1. Information Sharing and Analysis Centers (ISAC)

2.7. Vulnerability Management

2.7.1. Vulnerability Assessments

2.7.2. Vulnerability Management in Practice

2.7.3. Penetration Testing

2.7.4. Security Testing Teams

2.7.5. Remediation

2.8. Threat Hunting

Domain 4: Information Security Core Competencies

1. Access Control

1.1. Authentication, Authorization, and Auditing

1.2. Authentication

1.3. Authorization

1.4. Auditing

1.5. User Access Control Restrictions

1.6. User Access Behavior Management

1.7. Types of Access Control Models

1.8. Designing an Access Control Plan

1.9. Access Administration

2. Physical Security

2.1. Designing, Implementing and Managing Physical Security Program

2.1.1. Physical Risk Assessment

2.2. Physical Location Considerations

2.3. Obstacles and Prevention

2.4. Secure Facility Design

2.4.1. Security Operations Center

2.4.2. Sensitive Compartmented Information Facility

2.4.3. Digital Forensics Lab

2.4.4. Datacenter

2.5. Preparing for Physical Security Audits

3. Network Security

3.1. Network Security Assessments and Planning

3.2. Network Security Architecture Challenges

3.3. Network Security Design

3.4. Network Standards, Protocols, and Controls

3.4.1. Network Security Standards

3.4.2. Protocols

4. Certified Chief

4.1.1. Network Security Controls

4.2. Wireless (Wi-Fi) Security

4.2.1. Wireless Risks

4.2.2. Wireless Controls

4.3. Voice over IP Security

5. Endpoint Protection

5.1. Endpoint Threats

5.2. Endpoint Vulnerabilities

5.3. End-User Security Awareness

5.4. Endpoint Device Hardening

5.5. Endpoint Device Logging

5.6. Mobile Device Security

5.6.1. Mobile Device Risks

5.6.2. Mobile Device Security Controls

5.7. Internet of Things Security (IoT)

5.7.1. Protecting IoT Devices

6. Application Security

6.1. Secure SDLC Model

6.2. Separation of Development, Test, and Production Environments

6.3. Application Security Testing Approaches

6.4. DevSecOps

6.5. Waterfall Methodology and Security

6.6. Agile Methodology and Security

6.7. Other Application Development Approaches

6.8. Application Hardening

6.9. Application Security Technologies

6.10. Version Control and Patch Management

6.11. Database Security

6.12. Database Hardening

6.13. Secure Coding Practices

7. Encryption Technologies

7.1. Encryption and Decryption

7.2. Cryptosystems

7.2.1. Blockchain

7.2.2. Digital Signatures and Certificates

7.2.3. PKI

7.2.4. Key Management

7.3. Hashing

7.4. Encryption Algorithms

7.5. Encryption Strategy Development

7.5.1. Determining Critical Data Location and Type

7.5.2. Deciding What to Encrypt

7.5.3. Determining Encryption Requirements

7.5.4. Selecting, Integrating, and Managing Encryption Technologies

8. Virtualization Security

8.1. Virtualization Overview

8.2. Virtualization Risks

8.3. Virtualization Security Concerns

8.4. Virtualization Security Controls

8.5. Virtualization Security Reference Model

9. Cloud Computing Security

9.1. Overview of Cloud Computing

9.2. Security and Resiliency Cloud Services

9.3. Cloud Security Concerns

9.4. Cloud Security Controls

9.5. Cloud Computing Protection Considerations

10. Transformative Technologies

10.1. Artificial Intelligence

10.2. Augmented Reality

10.3. Autonomous SOC

10.4. Dynamic Deception

10.5. Software-Defined Cybersecurity

Domain 5: Strategic Planning, Finance, Procurement and Vendor Management

1. Strategic Planning

1.1. Understanding the Organization

1.1.1. Understanding the Business Structure

1.1.2. Determining and Aligning Business and Information Security Goals

1.1.3. Identifying Key Sponsors, Stakeholders, and Influencers

1.1.4. Understanding Organizational Financials

1.2. Creating an Information Security Strategic Plan

1.2.1. Strategic Planning Basics

1.2.2. Alignment to Organizational Strategy and Goals

1.2.3. Defining Tactical Short, Medium, and Long-Term Information Security Goals

1.2.4. Information Security Strategy Communication

1.2.5. Creating a Culture of Security

2. Designing, Developing, and Maintaining an Enterprise Information Security Program

2.1. Ensuring a Sound Program Foundation

2.2. Architectural Views

2.3. Creating Measurements and Metrics

2.4. Balanced Scorecard

2.5. Continuous Monitoring and Reporting Outcomes

2.6. Continuous Improvement

2.7. Information Technology Infrastructure Library (ITIL) Continual Service Improvement (CSI)

3. Understanding the Enterprise Architecture (EA)

3.1. EA Types

3.1.1. The Zachman Framework

3.1.2. The Open Group Architecture Framework (TOGAF)

3.1.3. Sherwood Applied Business Security Architecture (SABSA)

3.1.4. Federal Enterprise Architecture Framework (FEAF)

4. Finance

4.1. Understanding Security Program Funding

4.2. Analyzing, Forecasting, and Developing a Security Budget

4.2.1. Resource Requirements

4.2.2. Define Financial Metrics

4.2.3. Technology Refresh

4.2.4. New Project Funding

4.2.5. Contingency Funding

4.3. Managing the information Security Budget

4.3.1. Obtain Financial Resources

4.3.2. Allocate Financial Resources

4.3.3. Monitor and Oversight of Information Security Budget

4.3.4. Report Metrics to Sponsors and Stakeholders

4.3.5. Balancing the Information Security Budget

5. Procurement

5.1. Procurement Program Terms and Concepts

5.1.1. Statement of Objectives (SOO)

5.1.2. Statement of Work (SOW)

5.1.3. Total Cost of Ownership (TCO)

5.1.4. Request for Information (RFI)

5.1.5. Request for Proposal (RFP)

5.1.6. Master Service Agreement (MSA)

5.1.7. Service Level Agreement (SLA)

5.1.8. Terms and Conditions (T&C)

5.2. Understanding the Organization’s Procurement Program

5.2.1. Internal Policies, Processes, and Requirements

5.2.2. External or Regulatory Requirements

5.2.3. Local Versus Global Requirements

5.3. Procurement Risk Management

5.3.1. Standard Contract Language

6. Vendor Management

6.1. Understanding the Organization’s Acquisition Policies and Procedures

6.1.1. Procurement Life cycle

6.2. Applying Cost-Benefit Analysis (CBA) During the Procurement Process5

6.3. Vendor Management Policies

6.4. Contract Administration Policies

6.4.1. Service and Contract Delivery Metrics

6.4.2. Contract Delivery Reporting

6.4.3. Change Requests

6.4.4. Contract Renewal

6.4.5. Contract Closure

6.5. Delivery Assurance

6.5.1. Validation of Meeting Contractual Requirements

6.5.2. Formal Delivery Audits

6.5.3. Periodic Random Delivery Audits

6.5.4. Third-Party Attestation Services (TPRM)