Good morning and welcome to Cyber Aires comp T I Advanced Security Practitioner Preparation course. My name is Kelly Hander Han, and I'm your subject matter expert. I currently, of course, hold the cast certification C I s s p
project management professional in several of the security related certifications.
So on welcome you and we'll be going through the following material throughout this class. So there are seven basic domains that will be covering the very 1st 1 we're going to start with is gonna be cryptography and cryptography related tools.
The second that will be discussing is a very, very large topic called Enterprise Computing. And this is essentially all those elements for consideration when you're in an enterprise network. So when we talk about an enterprise were generally talking about a large scale environment,
and you can certainly see that that would cover a large variety of topics everything from
network authentication, cryptographic support, transport layer protocols, uh, radius and many other things, virtual ization, and so on. So that's a very large chapter. It's also a very large chapter on the exam as well
Host and application security. So whereas enterprise securities focusing more on the network as a whole and how all the elements interact. Application and host securities focusing on a single specific computer, a local host,
Ah, security analysis, being able to scan the network and look for vulnerabilities and weaknesses. And then, of course, taking that a step further and finding out, can I penetrate those weaknesses? So, of course, vulnerability assessments pin testing here, but also, from the perspective of just staying aware of what's going on in your network
everything starts with risk. And this is a very big chapter, a CZ. Well, it should be, because every single decision you make in regards to network security is gonna have its origin and risk. And we're gonna talk about the significance of cost benefit ratios and the fact that there is no security for the sake of security
securities, only important as it supports the business. And that's what the risk domain is all about, how we evaluate our assets, how we look at threats and vulnerabilities and how we apply a cost effective solution for mitigation.
All right, after you do a risk analysis within your organization, you become aware of the threats and vulnerabilities mitigating strategies, then it's time to write policy and policy comes, of course, from senior management. Kind of a broad statement of a company's commitment to security
and policy would give way to standards, procedures,
baselines and guidelines will talk about each of those. And really, you could kind of sum this up is thinking about I t. Security governance.
And then the last section will talk about his organizational security once again, kind of taking all of these pieces and integrating them to support the security missions of the organization. So we do have the seven domains that will be covering.
Generally speaking, if you were to pick out any one of these domains,
biggest ones to focus on would be enterprise computing hosted application security
and risk those would be the ones that I would focus on the heaviest.
All right, so moving along the very first chapter that we're gonna cover is cryptography, and we'll talk about some basics of cryptography, cryptographic tools and the various concepts of how they all come together and work