Time
23 hours 21 minutes
Difficulty
Intermediate
CEU/CPE
23

Video Transcription

00:02
welcome back to the course. So in the last video, we talked about some basic information that you needed to know. So things like why should become a penetration tester Blackwell Half versus Why have versus Gray had we learned about the c i A tree and we find out that's not really the agency that we're talking about there.
00:17
Now, in this video, we're gonna talk about some different laws that you're gonna need to know is the penetration tester, and we're gonna talk about a couple of standards as well.
00:25
So we've got hip A P C I D. Assess again. That's a standard socks DMC a fisma and then I s So you see 27 zeros or one on 2013 version that's actually standard as well.
00:38
So let's start off with Hippo Hippo stands for Health Insurance Portability and Accountability Act. You'll see some people spell that all wrong, but that's what it is
00:46
and basically cover safeguarding private medical information. So things like you're so security number, date of birth and then also like a grandma had, you know, photo removed that type of stuff.
00:56
Now I've worked predominantly in health care with the security aspect. So I can also say that there's several other laws, like hi tech and stuff, but those they're not gonna be tested at least right now on the certified ethical hacker examination
01:10
so hip it basically incorporate strict violations for anyone or any organization that's not securing the patient data properly.
01:19
So for your exam, just remember that hippie equals health care. That's kind of the main thing. You know, you'll probably want to know again. I can't tell you exactly if this is gonna be tested or not. But just remember, hip is a health care one.
01:33
So next up we have our standard PC idea says so. Payment card industry
01:37
data security standard. So that's gonna be, ah, organizations that process in store cardholder data, so they process different credit card or debit card transactions. However, the standards through PC Idea says they're very helpful for any organization that's looking to build out a little better security program. So they do cover a lot of the generalized information
01:56
that you would want to know.
01:57
So things like building and maintaining security, delicate systems, you know, of course, protecting cardholder data or just protecting data in general right. If we apply this to any industry,
02:07
we do need a vulnerability management program. So we can you check for different vulnerabilities and make sure we're applying either patches or reducing the risk
02:15
access control needs to be strong throughout any system,
02:19
especially ones with critical data on them.
02:21
We also need a monitor, right, sweetie, and we also need to do testing. Now, that's where penetration testers coming, right? We would go in and tested the network in the systems and say, OK, these are your vulnerabilities here.
02:31
And then, of course, you know nothing would be complete without an information security policy.
02:38
So socks now certain somebody's Oxley Act now. This was passed simply because of companies like Enron and WorldCom, and some others were basically cooking their books and reporting a lot more profit than they actually had on. And so I don't know if you guys remembered many years ago the Enron scandal, where a lot of people lost like the life savings, right? So they
02:57
invested the Enron for one K top of stuff in
03:00
like literally, I think there was one lady on the news like the like. The day before she was gonna retire a couple of days before all this broke. You know, all this news broken all this happen. And she had to go work, you know, again for the rest of her life. But
03:13
that's basically what it was. So survivors Oxley's with past, mostly to protect investors. So it was basically putting, like auditing and controls in place for financial reporting. So basically makes off. Excuse me? It makes corporate executives sign off on the financial reports, and they can be civilly or criminally liable after stuff tonight the issue with a report So
03:31
you don't really hear about too much fraud. It could be,
03:34
you know, hidden still. But you don't hear about it like you did back with Enron. Work world. Come on, Those other ones
03:42
DMC is a Digital Millennium Copyright Act. Now this one, let's say, for example, you create an online course like this one. You know, it's I bury, And so you put it out there and then you do have some Google searching and a little bit of Google hacking, which will cover later, and you find out that there's a lot of different websites underground or you know, not not necessarily underground with that have your content for free on them.
04:01
But, you know, maybe you're charging for it, right? And obviously cyber is free. But
04:04
I must say you have your own website and you were charging
04:08
so under D m c A. You can actually there's some formats out there that you can use. You basically can just send a request for them to, you know, remove your data. Probably easier option is just actually Google If using like Google search, Google has a future where they will send a d m c A request for you. So all you have to do basically you you
04:27
list out The different websites were finding this stuff, but he's placed him in there and they reported
04:31
on Then you verify that you actually like you own the content. You show that to send a link for your content and then what they'll do is ill basically removed from the search results initially. So I had to do that a few times with the
04:44
courses in the past that have had just sound like different platforms.
04:47
But, you know, it was a situation where someone stole the content was putting out there. So whether you want to do that or not, whether you have content out there that you want to do that or not, you have to judge for yourself that that's even worth it. Obviously, it's like free material. You know me personally when I put out free material. I don't really care if it's sharing all around the world because I want it was free. I want people to use it in
05:06
and have the information. So
05:09
but for your exam, all you need to know is DMC A stands for Digital Millennium Copyright Act. And that's what covers, like a different type of material that you create
05:18
fisma. That's a fertile information security management act. So this basically requires annual reviews, of course, but also requires information, security program reviews and everything and, uh, management in the federal system. So federal agencies basically have to review their security practices and sit in their programs.
05:38
Make sure it's, you know, meeting standards, etcetera, and I have to do that on an annual basis.
05:44
I s O I C 27 zeros were one and then 2013. Again, this is a standard, so basically it sets a precedent that management needs to, you know, examine the organization's information security risk on that, continuing continually examine those to make sure that is still relevant.
06:00
Then, of course, design and implement different security controls to control those risks and then monitor those controls to make sure they're still working there, still relevant and, if not, adapt them and or improve them.
06:13
So just one simple question for our post assessment here. Which one of these covers health care law. So which one of these words hear covers health care law?
06:24
All right, that was a pretty easy one, cause I did mention in this video answer. See Hippolyte. So again, the Health Insurance Portability and Accountability Act that covers protecting the patient data of the patient, medical data and the private information of the patients as well again, if you if you do see a question about hip on your exam, for some reason,
06:41
just remember it's health care law that, and hopefully that'll help narrow down
06:45
the correct answer for you.
06:46
So in this video, we just talked about some of the laws and standards you're gonna want to know specifically from the certified ethical hacker examination, but also if you're gonna be working in the industry as a penetration tester as well
06:58
and the next module, we're gonna jump into footprint. So again, that's our way of gathering information about our potential target.

Up Next

Penetration Testing and Ethical Hacking

Do you like breaking things or figuring out how things work? Join thousands of professionals who’ve entered the information security field by taking this class. Taking this ethical hacking course will give you the skills needed to become a professional penetration tester and prepare you for industry certifications, like the CEH.

Instructed By

Instructor Profile Image
Ken Underhill
Master Instructor at Cybrary
Master Instructor