CompTIA Security+ Study Guide (SY0-401)

Slides:



Advertisements
Similar presentations
1 Documentation Legal Framework Air Navigation Orders Guidelines ATS Manual Airport Manual Safety Management Manual ICAO Annexes Licenses / Certificates.
Advertisements

1 Regulation. 2 Organisational separation 3 Functional Separation.
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Control and Accounting Information Systems
Ethics Ethics are the rules of personal behavior and conduct established by a social group for those existing within the established framework of the social.
Database Administration and Security Transparencies 1.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Security Controls – What Works
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.
ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.
TEL382 Greene Chapter /27/09 2 Outline What is a Disaster? Disaster Strikes Without Warning Understanding Roles and Responsibilities Preparing For.
Title slide PIPELINE QRA SEMINAR. PIPELINE RISK ASSESSMENT INTRODUCTION TO GENERAL RISK MANAGEMENT 2.
Stephen S. Yau CSE , Fall Security Strategies.
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.
Session 3 – Information Security Policies
CIST 1601 Information Security Fundamentals
Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Disaster Recovery, Business Continuity, and Organizational Policies.
Basics of OHSAS Occupational Health & Safety Management System
Security in Practice Enterprise Security. Business Continuity Ability of an organization to maintain its operations and services in the face of a disruptive.
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering 1.
Information Security Governance and Risk Chapter 2 Part 3 Pages 100 to 141.
Security Policies and Procedures. cs490ns-cotter2 Objectives Define the security policy cycle Explain risk identification Design a security policy –Define.
1 Chapter Nine Conducting the IT Audit Lecture Outline Audit Standards IT Audit Life Cycle Four Main Types of IT Audits Using COBIT to Perform an Audit.
Slides copyright 2010 by Paladin Group, LLC used with permission by UMBC Training Centers, LLC.
KAPLAN SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY Welcome to Introduction to Network Security! Course Name – IT Introduction to Network Security.
NFPA 1600 Disaster/Emergency Management and Business Continuity Programs.
Chapter 11: Policies and Procedures Security+ Guide to Network Security Fundamentals Second Edition.
Introduction to Information Security
Security Administration. Links to Text Chapter 8 Parts of Chapter 5 Parts of Chapter 1.
Certified Protection Officer Program. Chapter 1 Unit 1 Concepts and Theories of Asset Protection Pages 3-11.
KAPLAN SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY Welcome to Introduction to Network Security! Course Name – IT Introduction to Network Security.
Policies and Procedures Security+ Guide to Network Security Fundamentals Chapter 11.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA © 2002 Carnegie.
Information Security IBK3IBV01 College 2 Paul J. Cornelisse.
Security Environment Assessment. Outline  Overview  Key Sources and Participants  General Findings  Policy / Procedures  Host Systems  Network Components.
Slide 1 Security Engineering. Slide 2 Objectives l To introduce issues that must be considered in the specification and design of secure software l To.
Information Security Governance and Risk Chapter 2 Part 2 Pages 69 to 100.
Chapter 19: Building Systems with Assurance Dr. Wayne Summers Department of Computer Science Columbus State University
Prepared By: Razif Razali 1 TMK 264: COMPUTER SECURITY CHAPTER SIX : ADMINISTERING SECURITY.
Chapter 3 Pre-Incident Preparation Spring Incident Response & Computer Forensics.
Chapter 3: Business Continuity Planning. Planning for Business Continuity Assess risks to business processes Minimize impact from disruptions Maintain.
Deck 5 Accounting Information Systems Romney and Steinbart Linda Batch February 2012.
Internal Audit Section. Authorized in Section , Florida Statutes Section , Florida Statutes (F.S.), authorizes the Inspector General to review.
Information Security Principles and Practices by Mark Merkow and Jim Breithaupt Chapter 4: Security Management.
© ITT Educational Services, Inc. All rights reserved. IS3220 Information Technology Infrastructure Security Unit 10 Network Security Management.
INFORMATION SECURITY MANAGEMENT L ECTURE 8: R ISK M ANAGEMENT C ONTROLLING R ISK You got to be careful if you don’t know where you’re going, because you.
Business Continuity Planning 101
ON “SOFTWARE ENGINEERING” SUBJECT TOPIC “RISK ANALYSIS AND MANAGEMENT” MASTER OF COMPUTER APPLICATION (5th Semester) Presented by: ANOOP GANGWAR SRMSCET,
By: Mark Reed.  Protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction.
Dr. Gerry Firmansyah CID Business Continuity and Disaster Recovery Planning for IT (W-I)
KAPLAN SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY Welcome to Introduction to Network Security! Course Name – IT Introduction to Network Security.
Information Systems Security
Risk management «Once we know our weaknesses, they cease to do us any harm.» G.C. Lichtenberg.
Risk management.
Information Security Principles and Practices
CompTIA Security+ Study Guide (SY0-401)
IS4680 Security Auditing for Compliance
Security Engineering.
Air Carrier Continuing Analysis and Surveillance System (CASS)
CompTIA Security+ Study Guide (SY0-501)
CompTIA Security+ Study Guide (SY0-501)
Chapter 19: Building Systems with Assurance
IS4680 Security Auditing for Compliance
Cybersecurity Special Public Meeting/Commission Workshop for Natural Gas Utilities September 27, 2018.
CompTIA Security+ Study Guide (SY0-401)
CS/IS 196 Final Exam Review
Cybersecurity Threat Assessment
A New Concept for Laboratory Quality Management Systems
Presentation transcript:

CompTIA Security+ Study Guide (SY0-401) Chapter 1: Measuring and Weighing Risk

Chapter 1: Measuring and Weighing Risk Explain the importance of risk related concepts Given a scenario, implement risk mitigation strategies Summarize risk management best practices Implementing Assessment Tools and Techniques to Discover Security Threats and Vulnerabilities Explaining the Importance of Data Security

Risk Assessment Risk Assessment (Risk Analysis) Risk Assessment Deals with the threats, vulnerabilities, and impacts of a loss of information-processing capabilities or information itself. Key Components of Risk Assessment: Risks to Which the Organization is Exposed Risks That Need Addressing Coordination with BIA

Computing Risk Assessment Methods of Measurement Annualized Rate of Occurrence (ARO) Likelihood, often from historical data, of an event occurring within a year. ARO Can be Used in Conjunction With: Single Loss Expectancy (SLE) Annual Loss Expectancy (ALE) Formula: SLE x ARO = ALE

Computing Risk Assessment Continued Risk Assessment Can be Qualitative or Quantitative Qualitative Opinion-base and subjective Quantitative: Cost-based and objective

Acting on Your Risk Assessment Risk Avoidance Involves identifying a risk and making the decision to no longer engage in actions associated with that risk. Risk Transference Sharing some of the burden of the risk with someone else. Risk Mitigation Accomplished anytime steps are taken to reduce risk.

Acting on Your Risk Assessment Risk Deterrence Involves understanding something about the enemy and letting them know harm can come their way if they cause harm to you. Risk Acceptance Often the choice you must make when the cost of implementing any of the other four choices exceeds the value of the harm that would occur if the risk came to fruition.

Risks and Cloud Computing Using the Internet to host services and data instead of hosting it locally Three Ways to Implement Cloud Computing: Platform as a Service Software as a Service Infrastructure as a Service

Risks and Cloud Computing Risk-related Issues Associated with Cloud Computing: Regulatory Compliance User privileges Data Integration/Segregation

Risks Associated with Virtualization Breaking Out of the Virtual Machine Network and Security Controls Can Intermingle Hypervisor: the virtual machine monitor- the software that allows the virtual machines to exist

Developing Policies, Standards, and Guidelines Implementing Policies Policies provide people in an organization with guidance about their expected behavior. Well-written policies are clear and concise, and outline the consequences when they are not followed

Key Areas of a Good Policy Scope Statement Outlines what the policy intends to accomplish and which documents, laws, and practices the policy addresses Policy Overview Statement Provides goal of the policy, why it’s important, and how to comply with it Policy Statement Should be as clear and unambiguous as possible Accountability Statement Provides additional information to readers about who to contact if a problem is discovered Exception Statement Provides specific guidance about the procedure or process that must be followed in order to deviate from the policy

Chapter 1: Measuring and Weighing Risk Incorporating Standards: Five Points Scope and Purpose Roles and Responsibilities Reference Documents Performance Criteria Maintenance and Administrative Requirements

Following Guidelines Guidelines Help an organization implement or maintain standards by providing information on how to accomplish policies and maintain standards Four Minimum Contents of Good Guidelines Scope and Purpose Roles and Responsibilities Guideline Statements Operational Considerations

Business Policies Primary Areas of Concern Separation of duties Due care Physical access control Document disposal and destruction Privacy policy Acceptable use Security policy Mandatory vacations Job rotation Least privilege

Chapter 1: Measuring and Weighing Risk False Positives Events that aren’t really incidents Change Management Structured approach that is followed to secure the company’s assets Incident Management Steps followed when events occur

Redundant Array of Independent Disks Redundant Array of Independent Disks (RAID) is a technology that uses multiple disks to provide fault tolerance Several designations for RAID levels: RAID Level 0 RAID 0 is disk striping. RAID Level 1 RAID 1 is disk mirroring. RAID Level 3 RAID 3 is disk striping with a parity disk. RAID Level 5 RAID 5 is disk striping with parity

Tabletop Exercise Involves individuals sitting around a table with a facilitator discussing situations that could arise and how best to respond to them. Advantage is that there is very little cost to it (the time of the participants), and it allows key personnel to mentally walk through emergencies in a low-stress format. Disadvantage is its lack of realism.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.