Code of Ethics (SC)

00:01

Hello, everyone. Welcome to Domaine two of the S S. C. P. Example. I'm your host, Peter Simple In

00:08

remain to focuses on security operations and administration

00:12

In this domain, we take a look at the identification and management off company's assets on the documentation and creation of policies, procedures, standards, guidelines and baselines of policies,

00:29

all of which support the three core pillars of cyber security which are confidentiality, integrity and availability.

00:38

In this first lesson,

00:40

we take a look at

00:43

the code of ethics and the C I A. Try it and beyond

00:47

the code of ethics is the standard for good behavior. As an SS CP practitioner and the CIA, Triad represents the three main pillars of confidentiality, integrity and availability. Let's get started.

01:04

Let's start off the lesson with the code of ethics.

01:07

The code of ethics is the absolute standard off professionalism and the necessary qualification of being an SS cp practitioner.

01:18

It's important because the code of ethics is what separates us from the bad guys.

01:23

Being S S C P certified is a big responsibility, and practitioners need to really act accordingly. Therefore, mandatory tenants off the code of ethics. These must be followed at the bare minimal. These are the minimum requirements

01:40

versus to protect society, the Commonwealth and the infrastructure

01:44

act honorably, honestly, justly, responsibly and legally

01:49

provide diligent and competence, service the principles and advance and protect the profession.

01:57

These are the four main tenants of the code of ethics. There's also some the code of ethics cannons,

02:05

which are things like Tell the truth, be competent,

02:08

be respectful, you know, honor the trust and privilege given to you among other things.

02:15

Both the ethics and the ethics cannons must be followed.

02:21

There are serious consequences for any violations of condoms are subject to disciplinary action by the I S C. To Ethics Committee.

02:30

And as a punishment, the S S C P certification could be revoked.

02:38

Let's talk about the C I A Triad and beyond

02:42

the C I. A. Triad is the

02:46

main principle foundation of cyber security. It is the most fundamental thing in cyber security.

02:53

Everything is cyber security can come back to the sea. I try it.

02:59

C i A Triad is composed of three major components

03:04

which are confidentiality,

03:06

integrity

03:07

and availability.

03:09

Confidentiality

03:12

information is made available on a need to know basis.

03:16

This is dictated by an organization's conduct and principles.

03:23

If confidentiality is breached, then finds legal trouble, loss of confidence, these things are all followed. As a consequence,

03:34

Confidentiality supports the concept of least privilege, which is the minimum requirement to do your job.

03:42

Information is kept confidential through access controls and security models. Things that we've looked at in the first domain.

03:50

The second pillar of cybersecurity is integrity.

03:54

The way information is recorded, used and maintained.

03:59

Keeping the data pure and not letting it get tarnished

04:02

is the main job of integrity.

04:05

The key to ensuring this integrity is toe have knowledge of the state of information

04:10

at all times.

04:12

This can be done by creating a baseline off what the data should look like

04:16

on a normal basis.

04:18

Once you have this baseline, you can check the data against the baseline at any given time.

04:25

If the conditions of the data are the same in both the baseline and the current state, then integrity is maintained.

04:31

If they are different than integrity is not being maintained.

04:36

It's impossible to talk about integrity without talking about the Sarbanes Oxley Act.

04:43

This act mandates controls over financial reporting.

04:46

Integrity is dictated by laws and regulations. And every time there's a conversation about laws, regulations and integrity, the Star Banes Oxley Act will come up.

04:59

There are serious consequences if integrity is not

05:01

enforced.

05:03

Integrity failure includes calculation errors and inaccurate reporting, which then leads to uninformed business decisions and in inadmissible evidence in court.

05:15

The last pillar

05:16

of the C. I. A. Triad is availability

05:20

being able to access information when you need it?

05:26

Availability is defined in terms of

05:29

that's always

05:30

arts use and read.

05:33

S L. A. Is service level agreements, which is the amount off time

05:39

that a system is guaranteed.

05:42

Art CEOs. The recovery time objective,

05:45

which focuses on once the system or data, is unavailable. What is the maximum period of time it will take for it to come up and be available once again

05:57

and read

05:58

redundant array of independent discs,

06:01

which is really a backup in case data gets destroyed or becomes unusable. The backup data can be inserted and replays and take the police off the data that was destroyed or is no longer usable. Well, look, it s l. A's are to use and raid

06:19

later on in this domain

06:23

consequences on

06:25

availability. Well, if your things are not available vendors, service interruption, a loss of revenue and loss of trust,

06:33

so time to get to the beyond part of the C. I. A. Triad and beyond.

06:39

First aspect of the beyond consists of non repudiation.

06:44

Non repudiation is a service that ensures that a sender cannot deny a message was sent,

06:49

and the integrity of the message is intact.

06:54

This is accomplished through digital signatures and public key infrastructure,

07:00

just to give a brief overview of public key infrastructure. Think of two keys

07:04

key a key be

07:06

if something is encrypted with Ki ay, it can only be decrypted with TB and vice versa.

07:14

The key's only worked with each other,

07:16

so when a person

07:18

signs a document,

07:20

the signature

07:23

is encrypted

07:24

with one of the keys.

07:27

So then, when the message is sent to the other person, they can decrypt it with the other key.

07:33

And that. And since the two keys can Onley encrypt and decrypt each other,

07:39

that insurers that the sender cannot deny that the message was sent since it was encrypted with their key.

07:46

The second aspect

07:48

off the beyond is the privacy factor, which is the rights and obligations individuals organizations with the collection with respect to the collection user retention off personal data,

08:01

different laws and regulations exist to protect individuals and companies.

08:07

Privacy is really a high level, high level overview and concept on how to protect your personal information. It's more of the high to how to guide for personal data. An example of privacy is Europe's eunuch GDP. Our general data privacy regulations.

08:26

Best practices

08:28

when designing and implementing a security program always tried to combine the needs of the organization with the industry's best practice.

08:37

What's the best practice? While a best practice is, a defined method has been tested and proven to consistently lied to desired results.

08:46

There's a best practice for every aspect of cybersecurity. So if you're looking for email security,

08:52

there's a best practice. There's a template which could be followed, which, when implemented, will help you maintain good email security.

09:01

What's best practice for Web security?

09:03

Best practice for servers, any type of physical security.

09:07

Best practices exist for every aspect of cybersecurity, and they're also flexible.

09:13

The best part about best practices. It's a very general template which can be modeled or tailored to your organization.

09:22

It's important to address the needs of the organization's first,

09:26

but once once that's taken care off, trying to incorporate the best practices into those needs of your organization.

09:33

In today's lecture, we discussed the I S C. To code of ethics, which is the standard of behavior for S S C P

09:43

practitioners.

09:45

We looked at the C I A triangle, which is the most fundamental aspect of cybersecurity.

09:50

Any type of cyber security can be traced back to either confidentiality,

09:56

integrity or availability.

09:58

We also look that non repudiation and privacy

10:03

now repudiation that the center cannot deny that they sent a message and privacy, which is a 10,000 level overview off.

10:11

How to protect yourself and your data.

10:15

We have looked at best practices which are time tested methods for implementing cybersecurity in your organization.

10:24

Chris Time, which the following principle supports confidentiality.

10:28

A defense in depth.

10:30

Be dual control.

10:31

See Sarbanes Oxley or D, please privilege.

10:37

If you said d that you were correct, remember, at least privilege is the minimal amount of work necessary for someone to do their job.