7 hours 35 minutes
Hello, everyone. Welcome to Domaine two of the S S. C. P. Example. I'm your host, Peter Simple In
remain to focuses on security operations and administration
In this domain, we take a look at the identification and management off company's assets on the documentation and creation of policies, procedures, standards, guidelines and baselines of policies,
all of which support the three core pillars of cyber security which are confidentiality, integrity and availability.
In this first lesson,
we take a look at
the code of ethics and the C I A. Try it and beyond
the code of ethics is the standard for good behavior. As an SS CP practitioner and the CIA, Triad represents the three main pillars of confidentiality, integrity and availability. Let's get started.
Let's start off the lesson with the code of ethics.
The code of ethics is the absolute standard off professionalism and the necessary qualification of being an SS cp practitioner.
It's important because the code of ethics is what separates us from the bad guys.
Being S S C P certified is a big responsibility, and practitioners need to really act accordingly. Therefore, mandatory tenants off the code of ethics. These must be followed at the bare minimal. These are the minimum requirements
versus to protect society, the Commonwealth and the infrastructure
act honorably, honestly, justly, responsibly and legally
provide diligent and competence, service the principles and advance and protect the profession.
These are the four main tenants of the code of ethics. There's also some the code of ethics cannons,
which are things like Tell the truth, be competent,
be respectful, you know, honor the trust and privilege given to you among other things.
Both the ethics and the ethics cannons must be followed.
There are serious consequences for any violations of condoms are subject to disciplinary action by the I S C. To Ethics Committee.
And as a punishment, the S S C P certification could be revoked.
Let's talk about the C I A Triad and beyond
the C I. A. Triad is the
main principle foundation of cyber security. It is the most fundamental thing in cyber security.
Everything is cyber security can come back to the sea. I try it.
C i A Triad is composed of three major components
which are confidentiality,
information is made available on a need to know basis.
This is dictated by an organization's conduct and principles.
If confidentiality is breached, then finds legal trouble, loss of confidence, these things are all followed. As a consequence,
Confidentiality supports the concept of least privilege, which is the minimum requirement to do your job.
Information is kept confidential through access controls and security models. Things that we've looked at in the first domain.
The second pillar of cybersecurity is integrity.
The way information is recorded, used and maintained.
Keeping the data pure and not letting it get tarnished
is the main job of integrity.
The key to ensuring this integrity is toe have knowledge of the state of information
at all times.
This can be done by creating a baseline off what the data should look like
on a normal basis.
Once you have this baseline, you can check the data against the baseline at any given time.
If the conditions of the data are the same in both the baseline and the current state, then integrity is maintained.
If they are different than integrity is not being maintained.
It's impossible to talk about integrity without talking about the Sarbanes Oxley Act.
This act mandates controls over financial reporting.
Integrity is dictated by laws and regulations. And every time there's a conversation about laws, regulations and integrity, the Star Banes Oxley Act will come up.
There are serious consequences if integrity is not
Integrity failure includes calculation errors and inaccurate reporting, which then leads to uninformed business decisions and in inadmissible evidence in court.
The last pillar
of the C. I. A. Triad is availability
being able to access information when you need it?
Availability is defined in terms of
arts use and read.
S L. A. Is service level agreements, which is the amount off time
that a system is guaranteed.
Art CEOs. The recovery time objective,
which focuses on once the system or data, is unavailable. What is the maximum period of time it will take for it to come up and be available once again
redundant array of independent discs,
which is really a backup in case data gets destroyed or becomes unusable. The backup data can be inserted and replays and take the police off the data that was destroyed or is no longer usable. Well, look, it s l. A's are to use and raid
later on in this domain
availability. Well, if your things are not available vendors, service interruption, a loss of revenue and loss of trust,
so time to get to the beyond part of the C. I. A. Triad and beyond.
First aspect of the beyond consists of non repudiation.
Non repudiation is a service that ensures that a sender cannot deny a message was sent,
and the integrity of the message is intact.
This is accomplished through digital signatures and public key infrastructure,
just to give a brief overview of public key infrastructure. Think of two keys
key a key be
if something is encrypted with Ki ay, it can only be decrypted with TB and vice versa.
The key's only worked with each other,
so when a person
signs a document,
with one of the keys.
So then, when the message is sent to the other person, they can decrypt it with the other key.
And that. And since the two keys can Onley encrypt and decrypt each other,
that insurers that the sender cannot deny that the message was sent since it was encrypted with their key.
The second aspect
off the beyond is the privacy factor, which is the rights and obligations individuals organizations with the collection with respect to the collection user retention off personal data,
different laws and regulations exist to protect individuals and companies.
Privacy is really a high level, high level overview and concept on how to protect your personal information. It's more of the high to how to guide for personal data. An example of privacy is Europe's eunuch GDP. Our general data privacy regulations.
when designing and implementing a security program always tried to combine the needs of the organization with the industry's best practice.
What's the best practice? While a best practice is, a defined method has been tested and proven to consistently lied to desired results.
There's a best practice for every aspect of cybersecurity. So if you're looking for email security,
there's a best practice. There's a template which could be followed, which, when implemented, will help you maintain good email security.
What's best practice for Web security?
Best practice for servers, any type of physical security.
Best practices exist for every aspect of cybersecurity, and they're also flexible.
The best part about best practices. It's a very general template which can be modeled or tailored to your organization.
It's important to address the needs of the organization's first,
but once once that's taken care off, trying to incorporate the best practices into those needs of your organization.
In today's lecture, we discussed the I S C. To code of ethics, which is the standard of behavior for S S C P
We looked at the C I A triangle, which is the most fundamental aspect of cybersecurity.
Any type of cyber security can be traced back to either confidentiality,
integrity or availability.
We also look that non repudiation and privacy
now repudiation that the center cannot deny that they sent a message and privacy, which is a 10,000 level overview off.
How to protect yourself and your data.
We have looked at best practices which are time tested methods for implementing cybersecurity in your organization.
Chris Time, which the following principle supports confidentiality.
A defense in depth.
Be dual control.
See Sarbanes Oxley or D, please privilege.
If you said d that you were correct, remember, at least privilege is the minimal amount of work necessary for someone to do their job.
Have you guys learned a lot? Thanks for watching