Presentation is loading. Please wait.

Presentation is loading. Please wait.

SSCP: A High-Speed Introduction to the Exam Domains

Published by心食 霍 Modified over 7 years ago

Similar presentations

Presentation on theme: "SSCP: A High-Speed Introduction to the Exam Domains"— Presentation transcript:

1 SSCP: A High-Speed Introduction to the Exam Domains
Intro to IT Security Access Controls Administration Auditing and Monitoring Risk, Response, and Recovery Cryptography Data Communications Malicious Code / Malware Testing Tips Domain 4 William F. Slater, III IT Consultant – Author – Teacher – Mentor SSCP, CISSP, MCSE, Security+

2 Agenda Domain Definition Risk Response Recovery Conclusion

3 Domain Definition

4 What Is Risk?

5 Major System Elements At Risk

6 Major System Elements At Risk

7 Major System Elements At Risk

8 Major System Elements At Risk

9 Threats

10 Vulnerability Any weakness in a system that can be exploited R = V x T
Risk = Vulnerability x Threat

11 Controls

12 Safeguards Controls that are put into place to provide some amount of protection to an asset.

13 Countermeasures

14 Exposure The amount or percentage of loss experienced should a threat exploit a vulnerability. Don’t forget things like the exposure of a company’s reputation and/or the brand.

15 Risk Analysis

16 Risk Assessment Loss of Confidentiality Loss of Integrity
Loss of Availability

17 Threats vs. Vulnerabilities
Threats exist and typically don’t change or change much over time Vulnerabilities are places where your IT assets are already weak.

18 Analyzing Risk

19 Quantitative Risk Analysis

20 Quantitative Risk Analysis

21 Quantitative Risk Analysis

22 Quantitative Risk Analysis

23 Qualitative Risk Analysis

24 Automated Risk Assessment
Automated Risk Analysis Tools have become quite popular and are big time savers.

25 Automated Risk Assessment

26 Risk Management Process of identifying, measuring, and controlling uncertain events.

27 An Effective Risk-Assessment Methodology
Taken from NIST’s website Risk = Threat x Vulnerability R = T x V

28 An Effective Risk-Assessment Methodology

29 An Effective Risk-Assessment Methodology

30 Response Those activities performed when a security-related incident occurs

31 Response Tools

32 Response Tools

33 Relationship of Incident Response to Incident Response to Contingency Planning

34 Incident Response Determining Which Protocol to Use:

35 Recovery

36 Restoration and Recovery

37 Conclusion Risk Management is essential to understanding to creating the right kind of BCP and DRP for an organization. Understanding Risk Management and creating a corresponding BCP and DRP is a likely place that SSCPs and CISSPs would be involved.

38 Questions and Answers

39 References & Text Resources
Corrigan, P. H. (1994). LAN Disaster Prevention and Recovery. Englewood Cliffs, NJ: Prentice Hall. Isaac, D. S. and Isaac, M. J. (2003). The SSCP Prep Guide. Indianapolis, IN: Wiley Publishing. Hansche, S., Berti, J. and Hare, C. (2004). Official (ISC)2 Guide to the CISSP Exam. Boca Raton, FL: Auerbach Publications. Harris, S. (2003). All-In-One CISSP Certification Exam Guide, second edition. Emeryville, CA: Osborne McGraw-Hill. Middleton, B. (2005). Cyber Crime Investigator’s Field Guide, second edition. Auerbach Publications: Boca Raton, FL. Pfleeger, C. P. and Pfleeger, S. L. (2003). Security in Computing, Third Edition. Upper Saddle River, NJ: Prentice Hall. Sandhu, R. J. (2002). Disaster Recovery Planning Crash Dump. Boston: Premier Press. Toigo, J. W. (2003). Disaster Recovery Planning: Preparing for the Unthinkable. Upper Saddle River, NJ: Prentice Hall. Wallace, M. and Webber, L. (2004) Disaster Recovery Handbook, The: A Step-by-Step Plan to Ensure Business Continuity and Protect Vital Operations, Facilities, and Assets. New York: AMACOM. Wold, G. and Shriver, R. (1998). Disaster Proof Your Business, University of Phoenix Edition. New York: McGraw-Hill Companies, Inc.

Download ppt "SSCP: A High-Speed Introduction to the Exam Domains"

Similar presentations

HIPAA Security Rule Overview and Compliance Program Presented by: Lennox Ramkissoon, CISSP The People’s Hospital HIPAA Security Manager The Hospital June.

HIPAA Security Rule Overview and Compliance Program Presented by: Lennox Ramkissoon, CISSP The People’s Hospital HIPAA Security Manager The Hospital June.
National Institute of Standards and Technology 1 NIST Guidance and Standards on System Level Information Security Management Dr. Alicia Clay Deputy Chief.

National Institute of Standards and Technology 1 NIST Guidance and Standards on System Level Information Security Management Dr. Alicia Clay Deputy Chief.
Public Key Infrastructure (PKI) Jerad Bates University of Maryland, Baltimore County.

Public Key Infrastructure (PKI) Jerad Bates University of Maryland, Baltimore County.
Introducing Computer and Network Security

Introducing Computer and Network Security
Practice for the CISSP Exam Steve Santy, MBA, CISSP IT Security Project Manager IT Networks and Security.

Practice for the CISSP Exam Steve Santy, MBA, CISSP IT Security Project Manager IT Networks and Security.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Computer Security: Principles and Practice

Computer Security: Principles and Practice
Randy Marchany VA Tech Computing Center

Randy Marchany VA Tech Computing Center
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
What is CISSP Anyway? A Presentation by: George L. McMullin II, CISSP COO, CorpNet Security, Inc. Executive Director, NEbraskaCERT.

What is CISSP Anyway? A Presentation by: George L. McMullin II, CISSP COO, CorpNet Security, Inc. Executive Director, NEbraskaCERT.
Certification and Training Presented by Sam Jeyandran.

Certification and Training Presented by Sam Jeyandran.
 An Overview of IE 4382/5382 Cybersecurity for Information Systems Susan D. Urban, Ph.D Department of Industrial Engineering Texas Tech University Lubbock,

 An Overview of IE 4382/5382 Cybersecurity for Information Systems Susan D. Urban, Ph.D Department of Industrial Engineering Texas Tech University Lubbock,
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.
Storage Security and Management: Security Framework

Storage Security and Management: Security Framework
Thomas Levy. Agenda 1.Aims: CIAN 2.Common Business Attacks 3.Information Security & Risk Management 4.Access Control 5.Cryptography 6.Physical Security.

Thomas Levy. Agenda 1.Aims: CIAN 2.Common Business Attacks 3.Information Security & Risk Management 4.Access Control 5.Cryptography 6.Physical Security.
CSI-4138/CEG-4394 Design of Secure Computer Systems Virtual Election Booth Lab Project Jean-Yves Chouinard Fall 2002.

CSI-4138/CEG-4394 Design of Secure Computer Systems Virtual Election Booth Lab Project Jean-Yves Chouinard Fall 2002.
Confidentiality Integrity Accountability Communications Data Hardware Software Next.

Confidentiality Integrity Accountability Communications Data Hardware Software Next.
Introducing Computer and Network Security. Computer Security Basics What is computer security? –Answer depends on the perspective of the person you’re.

Introducing Computer and Network Security. Computer Security Basics What is computer security? –Answer depends on the perspective of the person you’re.
David N. Wozei Systems Administrator, IT Auditor.

David N. Wozei Systems Administrator, IT Auditor.
SEC’s Cybersecurity Risk Alert Part 2 of 3 How-To: Assessing Cybersecurity Risk Thomas J. DeMayo, CISSP, CIPP, CEH, CPT, MCSE Director, IT Audit and Consulting.

SEC’s Cybersecurity Risk Alert Part 2 of 3 How-To: Assessing Cybersecurity Risk Thomas J. DeMayo, CISSP, CIPP, CEH, CPT, MCSE Director, IT Audit and Consulting.

Similar presentations

Ads by Google