SSCP: A High-Speed Introduction to the Exam Domains

Slides:

Advertisements

Similar presentations

HIPAA Security Rule Overview and Compliance Program Presented by: Lennox Ramkissoon, CISSP The People’s Hospital HIPAA Security Manager The Hospital June.

Advertisements

National Institute of Standards and Technology 1 NIST Guidance and Standards on System Level Information Security Management Dr. Alicia Clay Deputy Chief.

Public Key Infrastructure (PKI) Jerad Bates University of Maryland, Baltimore County.

Introducing Computer and Network Security

Practice for the CISSP Exam Steve Santy, MBA, CISSP IT Security Project Manager IT Networks and Security.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Computer Security: Principles and Practice

Randy Marchany VA Tech Computing Center

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

What is CISSP Anyway? A Presentation by: George L. McMullin II, CISSP COO, CorpNet Security, Inc. Executive Director, NEbraskaCERT.

Certification and Training Presented by Sam Jeyandran.

 An Overview of IE 4382/5382 Cybersecurity for Information Systems Susan D. Urban, Ph.D Department of Industrial Engineering Texas Tech University Lubbock,

SEC835 Database and Web application security Information Security Architecture.

Storage Security and Management: Security Framework

Thomas Levy. Agenda 1.Aims: CIAN 2.Common Business Attacks 3.Information Security & Risk Management 4.Access Control 5.Cryptography 6.Physical Security.

CSI-4138/CEG-4394 Design of Secure Computer Systems Virtual Election Booth Lab Project Jean-Yves Chouinard Fall 2002.

Confidentiality Integrity Accountability Communications Data Hardware Software Next.

Introducing Computer and Network Security. Computer Security Basics What is computer security? –Answer depends on the perspective of the person you’re.

David N. Wozei Systems Administrator, IT Auditor.

SEC’s Cybersecurity Risk Alert Part 2 of 3 How-To: Assessing Cybersecurity Risk Thomas J. DeMayo, CISSP, CIPP, CEH, CPT, MCSE Director, IT Audit and Consulting.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Can your team outwit, outplay and outlast your opponents to be the ultimate CyberSurvivor?

Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.

Web Security for Network and System Administrators1 Chapter 2 Security Processes.

Security Standards and Threat Evaluation. Main Topic of Discussion  Methodologies  Standards  Frameworks  Measuring threats –Threat evaluation –Certification.

Lesson 7-Managing Risk. Overview Defining risk. Identifying the risk to an organization. Measuring risk.

INFORMATION SECURITY MANAGEMENT L ECTURE 2: P LANNING FOR S ECURITY You got to be careful if you don’t know where you’re going, because you might not get.

Copyright © 2013 Pearson Education, Inc. Publishing as Prentice Hall

Alaa Mubaied Risk Management Alaa Mubaied

Tamra Pawloski Jeff Miller. The views, information, and content expressed herein are those of the authors and do not necessarily represent the views of.

E NGINEERING STUDIES IN T ELECOMMUNICATIONS S ECURITY School of Communication Engineering.

SecSDLC Chapter 2.

Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.

A Defense-in-Depth Strategy

Information Security Governance and Risk Chapter 2 Part 2 Pages 69 to 100.

INFORMATION SECURITY MANAGEMENT L ECTURE 2: P LANNING FOR S ECURITY You got to be careful if you don’t know where you’re going, because you might not get.

MANAGING INCIDENT RESPONSE By: Ben Holmquist. 2 Outline Key Terms and Understanding Personnel and Plan Preparation Incident Detection Incident Response.

Contingency Management Indiana University of Pennsylvania John P. Draganosky.

By: Mark Reed.  Protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction.

SSCP: A High-Speed Introduction to the Exam Domains William F. Slater, III IT Consultant – Author – Teacher – Mentor SSCP, CISSP, MCSE, Security+

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.

Disaster recovery planning

William F. Slater, III IT Consultant – Author – Teacher – Mentor SSCP, CISSP, MCSE, Security+ Domain 1 Intro to IT Security Access.

SSCP: A High-Speed Introduction to the Exam Domains William F. Slater, III IT Consultant – Author – Teacher – Mentor SSCP, CISSP, MCSE, Security+

Risk management.

Technological Systems, 3rd Edition

CBCIS Strategy Week 2016 Activity Review Summary

CMIT100 Chapter 15 - Information.

Associate Degree in Cyber security

Information Security.

Security on the Move & In the Clouds

System Security and Audit

OSG Computer Security Plans

Operating system Security

Managing Multi-user Databases

Steven Hartman State Information Security Officer State of Nebraska

Microsoft Dumps PDF CompTIA SY0-501 Dumps PDF CompTIA Security+ Certification RealExamCollection.com.

SEC 400 Competitive Success/snaptutorial.com

CMGT 230Competitive Success/snaptutorial.com

SEC 400 Education for Service-- snaptutorial.com.

CMGT 230 Education for Service-- snaptutorial.com

CMGT 230 Education for Service-- tutorialrank.com

I have many checklists: how do I get started with cyber security?

CMGT 230 Teaching Effectively-- snaptutorial.com.

Chapter 7: RISK ASSESSMENT, SECURITY SURVEYS, AND PLANNING

Keeping your data, money & reputation safe

INTRODUCTION For years there have been attacks around the United States for sometimes now, which is unexpected. However; there have not been good restoration.

Cybersecurity Threat Assessment

HIPAA Security Risk Assessment (SRA)

Presentation transcript:

SSCP: A High-Speed Introduction to the Exam Domains Intro to IT Security Access Controls Administration Auditing and Monitoring Risk, Response, and Recovery Cryptography Data Communications Malicious Code / Malware Testing Tips Domain 4 William F. Slater, III IT Consultant – Author – Teacher – Mentor SSCP, CISSP, MCSE, Security+ slater@billslater.com

Agenda Domain Definition Risk Response Recovery Conclusion

Domain Definition

What Is Risk?

Major System Elements At Risk

Major System Elements At Risk

Major System Elements At Risk

Major System Elements At Risk

Threats

Vulnerability Any weakness in a system that can be exploited R = V x T Risk = Vulnerability x Threat

Controls

Safeguards Controls that are put into place to provide some amount of protection to an asset.

Countermeasures

Exposure The amount or percentage of loss experienced should a threat exploit a vulnerability. Don’t forget things like the exposure of a company’s reputation and/or the brand.

Risk Analysis

Risk Assessment Loss of Confidentiality Loss of Integrity Loss of Availability

Threats vs. Vulnerabilities Threats exist and typically don’t change or change much over time Vulnerabilities are places where your IT assets are already weak.

Analyzing Risk

Quantitative Risk Analysis

Quantitative Risk Analysis

Quantitative Risk Analysis

Quantitative Risk Analysis

Qualitative Risk Analysis

Automated Risk Assessment Automated Risk Analysis Tools have become quite popular and are big time savers.

Automated Risk Assessment

Risk Management Process of identifying, measuring, and controlling uncertain events.

An Effective Risk-Assessment Methodology Taken from NIST’s website Risk = Threat x Vulnerability R = T x V

An Effective Risk-Assessment Methodology

An Effective Risk-Assessment Methodology

Response Those activities performed when a security-related incident occurs

Response Tools

Response Tools

Relationship of Incident Response to Incident Response to Contingency Planning

Incident Response Determining Which Protocol to Use:

Recovery

Restoration and Recovery

Conclusion Risk Management is essential to understanding to creating the right kind of BCP and DRP for an organization. Understanding Risk Management and creating a corresponding BCP and DRP is a likely place that SSCPs and CISSPs would be involved.

Questions and Answers

References & Text Resources Corrigan, P. H. (1994). LAN Disaster Prevention and Recovery. Englewood Cliffs, NJ: Prentice Hall. Isaac, D. S. and Isaac, M. J. (2003). The SSCP Prep Guide. Indianapolis, IN: Wiley Publishing. Hansche, S., Berti, J. and Hare, C. (2004). Official (ISC)2 Guide to the CISSP Exam. Boca Raton, FL: Auerbach Publications. Harris, S. (2003). All-In-One CISSP Certification Exam Guide, second edition. Emeryville, CA: Osborne McGraw-Hill. Middleton, B. (2005). Cyber Crime Investigator’s Field Guide, second edition. Auerbach Publications: Boca Raton, FL. Pfleeger, C. P. and Pfleeger, S. L. (2003). Security in Computing, Third Edition. Upper Saddle River, NJ: Prentice Hall. Sandhu, R. J. (2002). Disaster Recovery Planning Crash Dump. Boston: Premier Press. Toigo, J. W. (2003). Disaster Recovery Planning: Preparing for the Unthinkable. Upper Saddle River, NJ: Prentice Hall. Wallace, M. and Webber, L. (2004) Disaster Recovery Handbook, The: A Step-by-Step Plan to Ensure Business Continuity and Protect Vital Operations, Facilities, and Assets. New York: AMACOM. Wold, G. and Shriver, R. (1998). Disaster Proof Your Business, University of Phoenix Edition. New York: McGraw-Hill Companies, Inc.