Time
7 hours 35 minutes
Difficulty
Intermediate
CEU/CPE
12

Video Transcription

00:01
Hey, guys, Welcome to another episode in the S S c p exam Prep Siri's I'm your host, Peter Simple alone.
00:09
This is the sixth lesson in the second to me
00:13
so far in domain to we've looked at the code of Ethics which documents the behavior required as an S S c p practitioner. We've looked at the C I A triangle, which is the foundation of cybersecurity.
00:27
You've looked at buildings, security architectures and then controlling them with
00:32
managerial,
00:33
operational and technical controls. We've looked at building security plants which are detailed documents describing all of the security in systems we've looked at had build secure systems and how secure systems reduced system vulnerability.
00:51
We've looked at data how to manage it, use it, keep it safe and dispose of it when it's done. And we're also look at certain aspects of data leakage prevention, specifically different types of strategies and different controls in their strategies.
01:07
In this lesson, today we will be looking at some more expects of data leakage prevention, specifically how policies, procedures, guidelines and baselines enforce DLP.
01:19
Let's get started.
01:22
Let's take a little bit closer. What a policy document is, especially the format
01:26
policy formats, security policy and formats include following elements such as The objective,
01:34
which provides context. Gives a lot of background information really state the overall purpose off. Why the security policy has been created.
01:45
You have the policy statement
01:47
what must be done to meet the policy objectives, and this is usually intertwined with of management's expectations for the policy,
01:57
the applicability who this policy applies to. Does this apply to organizational Employs Emily. A specific group to a specific group of employees within the organization, or maybe possibly the general public that needs to be determined.
02:14
How will this policy be enforced?
02:17
Will be enforced using
02:20
more men zero controls, maybe some technical or operational controls
02:25
and consequences for noncompliance, though. If you do not follow the policy, what will be your punishment?
02:35
Rolls responsibilities? Who was responsible for this policy? What kind of person is responsible for reviewing, approving, enforcing or adhering themselves or others to the policy
02:47
and review? Is this policy being updated, rework tweets and looked at on a timely periodic basis?
02:58
Standards, guidelines and procedures?
03:00
A Standard is a formal, documented requirement that's that's uniform criteria for a specific technology configuration or method standards. Air followed as common practice but are not always formally documented. Some of these become formalized
03:19
as an organization may grow bigger,
03:22
or they might just stay Maur less informal. But a standard is
03:27
necessary to have the same amount of everything across the board.
03:32
A subset of a standard is known as a baseline, which is a detailed configuration standard
03:38
that includes specific security. Center
03:42
baseline is like a checklist for configuring security parameters and should be considered the norm off security at all times.
03:52
A guideline is more off a recommended practice. If you want to achieve a desired result, it is not is mandatory to follow a guideline as it is a standard,
04:03
and procedures are step by step implementation. Instructions
04:08
for performing a specific task or goal.
04:12
Different poor components of procedure are things such as purpose. Why is this procedure being performed?
04:20
Is the African bait
04:25
applicability?
04:27
Who was responsible for following this procedure and what are this? See the circumstances surrounding it?
04:33
One of the steps taken to perform the procedure Is it, you know, one after the other? Or is it first couple steps? Then
04:44
if this
04:46
jumped in this step, if something else, go to another step.
04:49
The board have figures in a procedure to depict a workflow or screenshots. Justin help prevent those from getting lost if they become to an area off, where they're not sure what they should be doing.
05:03
And decision points yes, no questions whose answers result and branching to different steps in a procedure.
05:11
All of these components are found in procedures, but it is not necessary for all of them to be in the same procedure.
05:17
In today's lecture, we've taken a look at policies and standards, both of which enforce data leakage. Prevention
05:27
policies are the documentation off what users should and should not do when handling data and standards are the norm in cyber security. On how to handle data
05:42
with time.
05:43
Ah, formal written document that sets expectations for House security will be implemented and managed in an organization. Is that a
05:53
procedure?
05:54
Hey,
05:55
policy,
05:56
See Standard
05:58
and
05:59
guy want.
06:01
If you said be you work. React.
06:04
Remember, policy is the document which details how security will be implemented while procedure standard and guidelines are all different parts of a policy.
06:17
Thanks for watching guys. I hope you learned a lot and I'll see you next time

Up Next

Systems Security Certified Professional (SSCP)

Obtaining your SSCP certification signifies that you possess the ability to tackle the operational demands and responsibilities of security practitioners, including authentication, security testing, intrusion detection/prevention, incident response and recovery, attacks and countermeasures, cryptography, malicious code countermeasures, and more.

Instructed By

Instructor Profile Image
Pete Cipolone
Cyber Security Analyst and Programmer
Instructor