In Course 5, I learned to identify what an organization needs to protect, how vulnerabilities arise, and what threats target digital assets. I explored the NIST Cybersecurity Framework to guide asset classification, dove into vulnerability management lifecycles, and applied threat-modeling techniques.
I discovered how to classify assets by value and why that classification shapes security priorities. I mastered the definitions of asset, threat, vulnerability, and risk, and saw how NIST CSF provides a structured approach to asset protection.
I focused on the controls that safeguard information—encryption, hashing, authentication, and authorization. By testing data-handling processes in hands-on exercises, I learned how each control reduces exposure and enforces policy.
I mapped out the vulnerability management lifecycle and learned to adopt an attacker mindset. Understanding how exposures translate into real threats helped me assess attack surfaces and prioritize remediation steps effectively.
I examined social engineering, malware, and web-based exploits to see how adversaries target different asset types. Applying structured threat-modeling frameworks prepared me to anticipate attack patterns and recommend layered defenses.
By the end of this course, I had captured key asset security principles, evaluated system vulnerabilities, and identified relevant threats. These skills give me a clear methodology for protecting organizational assets in real-world environments.