10 hours 32 minutes
Welcome to the Cyber. A video Siris on Company, A Security plus 5 +01 certification and example.
I'm your Structure. We're on Warner.
This video covers the security plus exam objective number three. Dottie
explained how resiliency and automation strategies reduce risk.
Both resilience and automation Strategies help mitigate organizational risks.
Resilience is the organizational capacity to continue at acceptable levels of service. When a disruption to vital processes or systems occurs.
Automation can range anywhere from a basic script
the automated collective Action systems.
It includes functions such as course of action, continuous monitoring and configuration validation.
In this video, I'll cover the following topics.
Automation in scripting,
configuration validation through the use of master images, non persistence and templates, elasticity, scalability, distributive allocation, redundancy, fault tolerance, high availability
and leveraging raid storage
automation reduces risks through repeatable processes and automated courses of action that greatly increased the organization's capability to detect and respond to threats.
Automation systems or frameworks were used for courses of action required. The following characteristics of interoperability extends ability and industry standards
that should be based on privacy protections from the ground up, and international technical standards
should also have the capability to deal with system attack attempts and effectively identify false positives.
Automation and scripting also leverages sophisticated monitors and censors included with continuous monitoring
operating system. Scripting language is, you may see include Lynn eggshells such as Bash or K Shell
and Windows Power Shell.
A framework provides a system baseline using that standard template,
and when you leverage a baseline for your operating systems and applications, it reduces your organizational risk.
You're also able to compare your current state against that desirable state.
Templates could be helpful in the risk assessment process by providing a means to summarize and document results of threat source identification,
characterization, vulnerabilities and impacts. Typical templates include scales for evaluating the threats and deciding the best responses to them.
Refer to section 3.1 for common framework. Such a ce n'est Esso and P C. I.
A Master image is another known method for reducing organizational risk. It's the use of a gold image for operating systems, either desktops or server. Already based, lined and secured,
it's creating a model operating system version that is cleans. It's already been verified and strengthened also could be used for those system restores. So you have a desktop that has malware. You load your gold image to restore, and that way you know it's good and clean with no viruses.
Keep in mind a master image does need to be kept separate and secure.
In section 3.7, I talked about Cloud Security for review in terms of managing cloud risk.
The concepts include non persistent using temporary system images, a snapshot of a known good state.
The elasticity in scalability is a benefit of cloud computing. Where you can adjust those resource is has needed
with virtual ization cloud. You also get high availability where you can maintain duplicate copies of the same operating system and applications on two separate systems.
It provides measures such as redundancy fell over mirroring, and they're used to keep service's and systems operational.
Redundancy goes with high availability
terms of replicating systems at multiple sites.
This is also associated with fail over
load balancing and distributive allocation
means distributing the burden across multiple systems. Instead of just having one Web server, you'll have to load balanced Web servers that way one is not overburdened, say on a busy web traffic day.
Be aware of these cloud mitigation risks and refer to section 3.7 for more information.
Fault tolerance is another resiliency strategy you should be familiar with for your organization. It's the ability of a system to sustain operations in the event of a failure. You should have key components available, spare parts and electrical power.
Most servers have multiple power outlets, so in case there's a power source fail, the other will automatically go into effect.
You can also use other methods for power protection. Such a surge protection, using an uninterruptible power supply ups
and leveraging backup power generators.
All of these air strategies for fault tolerance.
The most common approach to data availability and redundancy with disk storage is redundant. Array of inexpensive desks, also known as raid
raid, organizes multiple disks into a large, high performance logical disc.
In other words, if you were at half three hard drive, you can configure them to look like one large higher drives.
Disk arrays are created to stripe data across multiple disks and access them in parallel.
Large array of discs are highly vulnerable to disk failures.
To solve this problem, you can use redundancy in the form of error coding error, correcting codes to tolerate disk failures.
With this method, a redundant disc array can retain data for much longer time
than unprotected single disk
with multiple disks and arrayed scheme. A system can stay up and running when it single disk fails,
as well as during the time the replacement disc is being installed and the data is being restored.
You should be for familiar with the different types
of raid that is available
to striping. Disc mirroring. Destroy Ping with parody.
See your study material form or information about rate storage.
Let's practice with a quiz question.
Question. Which risk mitigation techniques uses a standard disk image for system restoration upon breach or failure?
The answer is
master image, also known as a gold image.
This concludes the video for section 3.8 explained how resiliency and automation strategies reduce information technology and security risk
CompTIA Security Plus certification is a great place to start learning IT or cybersecurity. Take advantage of Cybrary's free Security+ training.