Hey, guys, Welcome to another episode in the S S c p exam Prep Siri's I'm your host, Peter Simple alone.
This is the sixth lesson in the second to me
so far in domain to we've looked at the code of Ethics which documents the behavior required as an S S c p practitioner. We've looked at the C I A triangle, which is the foundation of cybersecurity.
You've looked at buildings, security architectures and then controlling them with
operational and technical controls. We've looked at building security plants which are detailed documents describing all of the security in systems we've looked at had build secure systems and how secure systems reduced system vulnerability.
We've looked at data how to manage it, use it, keep it safe and dispose of it when it's done. And we're also look at certain aspects of data leakage prevention, specifically different types of strategies and different controls in their strategies.
In this lesson, today we will be looking at some more expects of data leakage prevention, specifically how policies, procedures, guidelines and baselines enforce DLP.
Let's take a little bit closer. What a policy document is, especially the format
policy formats, security policy and formats include following elements such as The objective,
which provides context. Gives a lot of background information really state the overall purpose off. Why the security policy has been created.
You have the policy statement
what must be done to meet the policy objectives, and this is usually intertwined with of management's expectations for the policy,
the applicability who this policy applies to. Does this apply to organizational Employs Emily. A specific group to a specific group of employees within the organization, or maybe possibly the general public that needs to be determined.
How will this policy be enforced?
Will be enforced using
more men zero controls, maybe some technical or operational controls
and consequences for noncompliance, though. If you do not follow the policy, what will be your punishment?
Rolls responsibilities? Who was responsible for this policy? What kind of person is responsible for reviewing, approving, enforcing or adhering themselves or others to the policy
and review? Is this policy being updated, rework tweets and looked at on a timely periodic basis?
Standards, guidelines and procedures?
A Standard is a formal, documented requirement that's that's uniform criteria for a specific technology configuration or method standards. Air followed as common practice but are not always formally documented. Some of these become formalized
as an organization may grow bigger,
or they might just stay Maur less informal. But a standard is
necessary to have the same amount of everything across the board.
A subset of a standard is known as a baseline, which is a detailed configuration standard
that includes specific security. Center
baseline is like a checklist for configuring security parameters and should be considered the norm off security at all times.
A guideline is more off a recommended practice. If you want to achieve a desired result, it is not is mandatory to follow a guideline as it is a standard,
and procedures are step by step implementation. Instructions
for performing a specific task or goal.
Different poor components of procedure are things such as purpose. Why is this procedure being performed?
Who was responsible for following this procedure and what are this? See the circumstances surrounding it?
One of the steps taken to perform the procedure Is it, you know, one after the other? Or is it first couple steps? Then
jumped in this step, if something else, go to another step.
The board have figures in a procedure to depict a workflow or screenshots. Justin help prevent those from getting lost if they become to an area off, where they're not sure what they should be doing.
And decision points yes, no questions whose answers result and branching to different steps in a procedure.
All of these components are found in procedures, but it is not necessary for all of them to be in the same procedure.
In today's lecture, we've taken a look at policies and standards, both of which enforce data leakage. Prevention
policies are the documentation off what users should and should not do when handling data and standards are the norm in cyber security. On how to handle data
Ah, formal written document that sets expectations for House security will be implemented and managed in an organization. Is that a
If you said be you work. React.
Remember, policy is the document which details how security will be implemented while procedure standard and guidelines are all different parts of a policy.
Thanks for watching guys. I hope you learned a lot and I'll see you next time