Implementing Audit Standards

This lesson covers what is necessary to know in order to pass the exam, some things needed are being able to recognize different types of technical attacks and motives of malicious users. Participants also need to know about different types of encryption. [toggle_content title="Transcript"] Alright, that gets us to the end of the module. So let’s cover our exam essentials for module 5. First thing we need to think about is being able to verify the effectiveness of our logical controls, or our technical controls. Then we talked about the various mechanisms that are used for the perimeter defense. We looked at different kinds of technical attacks. We talked a little bit about the motives of attackers and hackers and why they do what they do. We also covered some details about various forms of biometrics to provide enhanced authentication. We talked about the difference between the physical access controls and logical or technical controls versus management controls. They all have their roles to play and we need to understand where those different controls are appropriate to be used. Then we talked about public key and private key encryption. Remember, this is symmetric versus asymmetric encryption. Symmetric uses the same key to encrypt and decrypt. Whereas asymmetric has a public and private key pair. We know that management has to control the encryption, or the crypto system, managing the distribution of key pairs, managing the crypto keys, perhaps using a key escrow device, or a system. We also talked a little bit about VPNs and why that’s important for having a secure method for remote access. If you remember, we had IPSec VPNS with transport mode and tunnel mode. Then lastly we spoke a little bit about IDS systems. These could be network-based, host-based, neural-based or statistical. Okay, the last task for the module, then, is to do all of your review questions. Good luck on the test. [/toggle_content]
Recommended Study Material
Learn on the go.
The app designed for the modern cyber security professional.
Get it on Google Play Get it on the App Store

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play

Support Cybrary

Donate Here to Get This Month's Donor Badge

Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?