Modern computer systems are almost universally connected, which creates wider attack surfaces well beyond code to users, hardware, and more. Securing systems is thus a fundamental skill for modern software engineers.

This course is a comprehensive introduction to cyber security best practices. You’ll start with an overview of common threats and vulnerabilities, as well as high-level concepts like privilege, integrity, logging, and mediation. With these concepts in mind, you’ll then learn common protection mechanisms and defense strategies from endpoint protection to firewalls, gateways, and proxy servers. Next, you’ll learn monitoring and detection techniques, alerts, and event management. Finally, when you detect a threat, you’ll know how to respond with support tickets, data preservation, and change management.

By the end of this course, you’ll have a better understanding of modern cyber security practices and a clear roadmap to implementing these as a developer.

Cyber Security Best Practices for Developers

## Overview

**Separation of duties** is similar to least privilege except that the separation of duties focuses on distributing permissions among more than one person.


## The insider threat

To protect against the insider threat, permissions should be designed so that no individual has access to everything. Excessive privileges can give individuals the opportunity to commit end-to-end fraud. We prevent this by creating logical barriers between systems and functionality in the form of a secure permissions design.


## Example of an insurance company

Let’s look at a hypothetical insurance company’s IT systems. To reduce the chance of fraud being committed by an employee, separation of duties should be used to prevent the same person from being able to create a new insurance policy and then file a claim against that policy. Being able to do both of these things would give an employee the ability to commit insurance fraud.



# Overview

**Separation of duties** is similar to least privilege except that the separation of duties focuses on distributing permissions among more than one person.


# The insider threat

To protect against the insider threat, permissions should be designed so that no individual has access to everything. Excessive privileges can give individuals the opportunity to commit end-to-end fraud. We prevent this by creating logical barriers between systems and functionality in the form of a secure permissions design.


# Example of an insurance company

Let’s look at a hypothetical insurance company’s IT systems. To reduce the chance of fraud being committed by an employee, separation of duties should be used to prevent the same person from being able to create a new insurance policy and then file a claim against that policy. Being able to do both of these things would give an employee the ability to commit insurance fraud.



Learn the importance of dividing duties among an organization’s employees.


Separation of Duties

Learn the importance of dividing duties among an organization’s employees.

Introduction

Basics of Security

Detect

Protect

Respond

Conclusion

Separation of Duties

Overview

The insider threat

Example of an insurance company