Time
7 hours 33 minutes
Difficulty
Advanced
CEU/CPE
8

Video Transcription

00:00
Hello and welcome to the Savary Cop Tia. Certified Advance Security practice. Nous certification. Preparation course.
00:10
Let's begin. My first are taking a look at margin on the two witches titled Vulnerability Management.
00:16
Now let's take a look at the little objectives and the order in which you could become it. Doing this particular course instruction. Obviously, we're going to cover a number. Different topics ranging from cyber security research, vulnerability assessment, vulnerably management particular. Got some key takeaways from this particular module and lastly, some terms you need to know
00:38
without further ado, let's begin by taking a look at cyber security research
00:44
again, this is section number one
00:46
tattle. Cyber security research
00:49
here again on objectives will be covered. Doing this particular section, we'll take a look at new cybersecurity World Introduction to cyber crimes. Why the increase in cyber intelligence isn't trends. Previous Defense Strategies Cybersecurity Industries Association will discuss the term threat modeling. Why threat Malan
01:07
also take a look at threat modeling in a nut shell.
01:11
We're going to summarize again in terms of looking at the threat models. We'll take a look at the Threat models methodology in terms of the features and lastly we'll be doing a review.
01:22
So let's turn our teacher first of all, to a pre assessment course and for this particular module.
01:26
And the question is as follows.
01:29
What is the information on this and uses to understand the threats that have will or currently targeting the organization? Call isn't a to an intelligence. Be integrity. See available Lee or D accounting.
01:42
If you said like that, eh? You're absolutely correct because threat, intelligence or cyber threat intelligence is information on this uses to understand the threats that have will or currently targeting the organization.
01:56
One other thing that's interesting. When we began this particular module, we learned that the new cybersecurity world other words. We're looking at a bold new world, obviously, the threats that we haven't encountered nowadays of becoming much more sophisticated and obviously what we need to do is take a more proactive stand toward what mitigating
02:14
because we cannot eliminate threat. But what we can do
02:16
we can minimize the impact toe overall network infrastructure.
02:22
Obviously we have some new tools, and service is that we can utilize to help us in this endeavor. We all said they look at it from organizational standpoint as well.
02:31
Another area of key concern ISS, cybercrime, cyber crime and terrorism obviously escalated during the recent years is becoming well organized. Its events technically is well financed. So obviously there are a lot of different things that we have to contend with that, particularly if you're gonna become a certified advance security practices.
02:50
Obviously, we have to adopt what we call a proactive stand
02:53
in regards to dealing with these various threats. So that begs the question. Why the increase in cyber intelligence? What we're saying is that we can see that the recent open source network has opposite compromise Disclosure. It's becoming more common, is used as a nation. Enabler is, he's still digits than two, obviously integrate what we call a spot.
03:15
So again, wiser increasing Simon telling opposite economic motivation, globalization, empowerment. We also see continuous national interest in the US directions, obviously, intentions. If you can't outshoot them, you can outspend him as obsolete will become very costly. Recover from these various breaches.
03:36
Let's not take a look again at the open Web Applications security project, which again is a obviously a worldwide not from not for profit again, short of organization and what it. Does it focus on improving the security of software? I'm mission officers make the software secure,
03:52
Obviously, one of the things that we look as a software development life cycle.
03:55
In the past, when you had these various programs, they create the various application. They were not really so much concerned, obviously, about security. In fact, security was considered an afterthought. Nowadays, security is an intricate part of software development. Life cycle.
04:13
So again, let's take a look at some incidents trends. What we still on the sea here? Obviously the events. This chart takes a look at the events for a year and also look at the investigator events per day as well.
04:24
Now forth our previous defense strategies. Obviously what we did was the block known attack patterns. We blocked known infiltration methods. They use the best tool developed again, honestly, back in 1998. But obviously the key is awareness is the key because these threats, as I mentioned before becoming much more sophisticated
04:44
and obviously there's a lot more money been put into this opposite there
04:47
these individuals engaged in activities off to receiving some form what we call a return on their investment
04:55
Now there are number of different cybersecurity Industry association that out there you have it. I s C Square again. You have again also the itself, which is the infamous security form. So again, we have a lot of different organizations. Really. What? Their main focuses its provide us with tools with the methods. Obviously with the knowledge
05:14
it was awareness the enable us obviously
05:16
to operate Maur from a proactive standpoint rather than what we call a reactive standpoint. So again we have a soccer. We also again have the Information Security Research Association. So again there are a host of various organizations out there that can assist us again. Obviously, And I endeavor trying to work
05:35
make eye network much more secure
05:38
to try to minimize the impact as well.
05:42
This brings us to what we term called threat intelligence. Now, when you apply threat intelligence, you can better defend your network base Assets both operational as well as strategically
05:51
threat intelligent, come from several sources, both internally as well as external.
05:57
It fuses what we call internal external threats, intelligence allows and oldest to create the most relevant inaccurate threat profile and also to rate and rank the value of threat intelligence sources as well.
06:10
This brings us to threaten Marlon, not threat. Marlon consists of assets. It looks at the threats as well as the attacks. Now one of the first thing we're going by the process of assessing our vulnerability from a threat and as we're vulnerable when they look at it, first of all, identify what? Oh, I asked. That's, uh, what they are, what we're trying to protect
06:29
off the threats. Live wherever there are, the Attackers go.
06:32
So again, what? We want to do it. First identify what are critical assets are again to terminal level again. Ah, vulnerability or other words. What's the risk to that particular asset? Whatever it may be,
06:45
there's some things that we can do from a proactive standpoint. We can you lies a term called threatened modeling. Now threaten modeling is the procedure for optimizing your network, secured by identifying the objectives and vulnerable, and then defining the counter marriages to prevent or mitigate the effects of threats to your systems. Now
07:03
the most reliable way is to understand the security implication of your system architecture.
07:08
You also wanna look at your business processes and system level security issues addressed those issues From a practice standpoint, you also need a sure that you get the most impact for your security investment.
07:20
This race again Thio Review of this point We discussed again the new cybersecurity world. We looked at the induction cyber crime. We see that it's increasing. We have that begs across. And why the increase in cyber intelligence? We discuss incident trans, previous defense strategies
07:38
Again, we look that could identify the various cybersecurity Industry Association
07:43
discuss to turn what in fact is threatened Island and wide threat modeling And what We're gonna move on in this presentation? We continue on by discussing the term. Why threat modeling in the upcoming presentation
07:56
again, some additional ones would be covered as well.
08:01
Now, in upcoming topics such a one, we're gonna continue on our discussion of the cyber security research. Look forward to seeing you on the next video

Up Next

CompTIA CASP+

In this course, you will learn all of the domains and concepts associated with the CompTIA Advanced Security Practitioner CAS-003 CASP+ Exam. Through this course you will be fully prepared to sit for your CompTIA A+ Exam!

Instructed By

Instructor Profile Image
Jim Hollis
Independent Contractor
Instructor