Time
7 hours 35 minutes
Difficulty
Intermediate
CEU/CPE
12

Video Transcription

00:03
everyone. Welcome to the S S c P exam Prep Siri's I'm your host, Peter Simple Bloom This is the lesson five in the second domain.
00:13
So far in the second domain, we've looked at the code of ethics, which is the recommended behavior often SSC keep practitioner. We've looked at the C I A Triad, which is the main foundation of cybersecurity. We've looked at building security architectures, designing secure frameworks in which we can build different systems
00:33
and how to control those security architectures using managerial,
00:37
technical and operational controls.
00:39
We've looked at system security plans. We've looked at secure development and life's like black positions, which means building code in a very secure and safe manner.
00:51
We've looked at assistant of system vulnerabilities and secure development, which is how using secure development can reduce system vulnerabilities.
01:00
And we've looked at data. How did manage it, keep its state, how to use it for our purposes and how to dispose of it when we're done with it.
01:08
This lesson we will be looking at data weekend prevented prevention specifically what DLP is how do to use it using different strategies
01:19
and different types of operational, technical and managerial controls to use within DLP.
01:26
Let's get started.
01:30
So what the heck is the lt
01:33
they link? And prevention is the concept or practice of preventing data from being leaked to the outside world. So being prevented data from
01:47
leaking out off the organization, it maintains the integrity of the data.
01:53
They're going to kinds of DLP strategies when trying to prevent data leakage. The first is the prevention of data to mobile devices or host based components, and the second is to prevent the leakage of data through the Internet or email, otherwise known as network based.
02:15
Both the strategies
02:16
look at different functions, which include David Discovery
02:22
labeling,
02:23
policy creation,
02:24
content detection in monitoring, prevention or blocking,
02:29
and reporting
02:30
all effective data leakage. Prevention strategies include
02:36
both of these functions.
02:38
Let's look at that a little bit more closely.
02:40
The first step in any data leakage prevention strategy is the process of day to discovery.
02:47
This is where people go through different files and data bases across the network to Loki sensitive data. You can't protect your sense of data if you don't know where it is, so it's important to know exactly where it is. And once you know where it is.
03:06
You can design additional safeguards,
03:08
such as policies or access control message mechanisms or something of that nature to protect your data.
03:16
The second step is to label the sensitive data, give it a tag number or some sort of identify, so you can properly monitor it as a data gets moved from Point A to point B on the network.
03:31
Once this is done, it's important to create a policy
03:36
which specifies, Have this content monitoring, and the usage of this data can be applied and where this In this policy, you can define rules for copying or transmitting that data.
03:49
Typically using a combination of Prue defined labels, keywords and regular expression.
03:57
The next step is content detection and monitoring.
04:00
This is looking at the data as it travels through the network and out of the network through any animal perimeter gateway device.
04:12
So if the date is leaving the network or the host computer to go on a USB or to another network, you wanna take it. Take a serious deep look,
04:24
especially all the way down the packet level, to determine
04:28
what's going on with this data, and why's it going or coming in.
04:32
If
04:33
this is the transfer of data is in violation of the policy, which we created a couple steps above. You definitely want to prevent or block this data from happening.
04:45
Once this prevention or blocking occurs, you want to report the violation off the data policy and keep an eye out on in case this is trying again
04:58
that you want in the report, you want to show what policy was violated.
05:01
The source. I p for this policy and the logging account under which the violation heard
05:09
technical controls. We have looked at this before because a quick re fresh remember technical controls our controls that the computer system execute
05:18
these controls provide order, be in protection from any unauthorized use or misuse.
05:26
Following categories use technical controls, identification and authentication,
05:30
logical access controls,
05:32
public access controls
05:35
and order trends.
05:36
Let's look at these a little bit. Mork Loose,
05:42
regardless of who accesses, the system is important for the SS IKI practitioner to be aware of the identification and authentication security controls which are used to filter in people who are allowed and two block people who are not allowed
06:00
from accessing the system
06:02
so authentication control mechanisms and how to control changes should be documented in this section.
06:11
If passwords are the authentication message mechanism, then pass for actions need to be defined.
06:16
This is things like your having your past would be a certain amount of characters or having your password to be
06:26
one uppercase, one lover case, one number or one symbol
06:30
or not using any word that is associated with your first or last name.
06:38
Basic policy policies on passwords need to be defined in the identification and authentication mechanism.
06:46
Policies for bypassing the authentication should be provided.
06:53
So if someone needs to get around the authentication mechanism either through a back door or some type of maintenance hook, there should be a standard off steps a person could take and the minute administrator should take in order to get around the system.
07:06
There should be a number off invalid access attempts, so
07:12
you type in the wrong password three times in a row.
07:15
Then you should be locked out for 10 or 15 minutes.
07:20
There should be procedures for key management,
07:25
which is
07:26
really document documentation for the distribution, storage, entry and disposal off different keys and encryption and decryption keys,
07:38
and the last part is how biometric and toting controls are to be used and implemented throughout the system.
07:46
Logical access controls these controls. Authorize or restrict the activities of users.
07:51
A logical access Controls
07:55
should include the discussion off hardware and software features that Onley permit authorized access to the system.
08:03
Topics and logical access controls. Or the granting off access rights and privileges, which is authorization. What a user can do once they have been authenticated
08:15
temporal restrictions only being able to access things
08:18
during certain times of the day
08:22
detection mechanisms
08:24
for unauthorized people in actions. So this is any kind of technical control in I. D. S. I. D. P s. Things will talk about a little bit later.
08:37
Timeout, period. So if you get the wrong password for
08:43
so many times in a row, then you get locked out of the system for a time.
08:48
E encryption off sensitive files in order to protect the integrity of the data that's in there.
08:54
House separation of duties isn't forced. Where two people
08:58
cannot do two different parts of the same task
09:03
and have often access control lists are reviewed. I think it's important to review access control list
09:09
on a regular basis in order to keep them updated and have them to be as effective as possible. The last topic is the regulation of the delegation off access permission.
09:22
Who can give access permissions to who they're always must be somebody checking somebody
09:28
public access controls.
09:31
If the general public has access to the system, there should be different topics which describe or detail what the general public can do and what they can't. These kinds of topics are information classifications. What data is considered to be public knowledge and what data is considered to be
09:50
private or confidential or even mint secret.
09:54
You should be forms of identification and authentication. If everyone in the public should have
10:01
present themselves as somebody to the system, and then that must be proven through one of the authentication mechanisms, which we talked about in domain one.
10:11
There should be limitations on read or write privileges,
10:16
what a person can read or what they could modify or delete.
10:22
There should be a separation, a very distinct separation of public and private systems.
10:28
Public system should be for general
10:30
access, while private systems should be four
10:35
organizations. People of a specific group,
10:39
things like that.
10:41
Order trails and user confidentiality. There must always be a trail. Everything everybody does,
10:46
no matter what. In case they do something they're not supposed to do, The order trail can be followed
10:54
and requirements for system and a data availability
10:58
will. This is the be up 90% of the time 99% of the time, 100% of the ton. What are the requirements for this
11:07
or interests?
11:09
Regardless of who is able to access the system,
11:11
the S S C P practitioner should be able to describe any security controls that are used to protect the system's integrity.
11:20
Topics for audit trails include things like
11:24
on it trail reviews,
11:26
how often they are reviewed by whom under what conditions.
11:31
This is where audit trails are looked over by people to ensure that
11:37
all the systems and the controls and the access control mechanisms are all working
11:43
as expected,
11:45
tracing user actions
11:48
to the actions of the user. Are they in line with the policies and procedures for any system
11:56
safeguards to protect user privacy and personal information
12:00
during audit trail reviews. So this is to protect the confidentiality integrity of user data so certain things might be blocked out. War scrubbed such as Social Security numbers, birth places, passwords, that pen thing,
12:18
the recording
12:20
or appropriate information and intrusion
12:24
and the separation of duties are those who administer the access control function and those who administer the audit trail. Are they the same person, or are they different people?
12:35
Operational controls,
12:37
operation patrols, as we've talked about before, our controls executed by people and the DLP
12:46
topics of operational controls are things such as the change management,
12:52
configuration, management and authorization.
12:54
These are all different aspects of operational controls, which we will be going over. Another lesson.
13:01
Managerial controls.
13:03
These controls focus that on the management of the computer security program and the management off risk through security policy.
13:13
What is the security policy? Security Policy is a formal written document
13:16
that sets expectations
13:20
for how security will be implemented in any organization
13:24
example of security policies of things like
13:28
email, removed, access
13:30
and encryption. Basically, they are a how to guide
13:35
to implementing and managing security and procedures.
13:39
In today's lecture, we discussed different types off daily good prevention. We've looked at the two types of the two most common types of systems that host based and network based. And we've also won't that technical, operational and managerial controls which enforced beta leakage prevention.
14:00
Quiz time
14:01
deal P strategies, use host and network components
14:05
which perform
14:07
the following functions except a policy creation.
14:11
Be data discovery.
14:13
See guidelines or D labeling.
14:20
If you pick see, then you are correct. Remember, functions include policy creation. Didn't discovery labeling while guidelines are simply just suggested best practices.
14:33
Thanks for watching guys. I really hope you learned a lot and I'll see you next time.

Up Next

Systems Security Certified Professional (SSCP)

Obtaining your SSCP certification signifies that you possess the ability to tackle the operational demands and responsibilities of security practitioners, including authentication, security testing, intrusion detection/prevention, incident response and recovery, attacks and countermeasures, cryptography, malicious code countermeasures, and more.

Instructed By

Instructor Profile Image
Pete Cipolone
Cyber Security Analyst and Programmer
Instructor