Time
10 hours 32 minutes
Difficulty
Beginner
CEU/CPE
11

Video Transcription

00:00
Welcome to the Cyber. A video Siris on Company, A Security plus 5 +01 certification and example.
00:07
I'm your Structure. We're on Warner.
00:10
This video covers the security plus exam objective number three. Dottie
00:14
explained how resiliency and automation strategies reduce risk.
00:19
Both resilience and automation Strategies help mitigate organizational risks.
00:25
Resilience is the organizational capacity to continue at acceptable levels of service. When a disruption to vital processes or systems occurs.
00:34
Automation can range anywhere from a basic script
00:37
the automated collective Action systems.
00:40
It includes functions such as course of action, continuous monitoring and configuration validation.
00:46
In this video, I'll cover the following topics.
00:49
Automation in scripting,
00:52
continuous monitoring
00:53
configuration validation through the use of master images, non persistence and templates, elasticity, scalability, distributive allocation, redundancy, fault tolerance, high availability
01:07
and leveraging raid storage
01:11
automation reduces risks through repeatable processes and automated courses of action that greatly increased the organization's capability to detect and respond to threats.
01:22
Automation systems or frameworks were used for courses of action required. The following characteristics of interoperability extends ability and industry standards
01:30
that should be based on privacy protections from the ground up, and international technical standards
01:38
should also have the capability to deal with system attack attempts and effectively identify false positives.
01:46
Automation and scripting also leverages sophisticated monitors and censors included with continuous monitoring
01:53
operating system. Scripting language is, you may see include Lynn eggshells such as Bash or K Shell
02:00
and Windows Power Shell.
02:02
A framework provides a system baseline using that standard template,
02:07
and when you leverage a baseline for your operating systems and applications, it reduces your organizational risk.
02:15
You're also able to compare your current state against that desirable state.
02:21
Templates could be helpful in the risk assessment process by providing a means to summarize and document results of threat source identification,
02:29
characterization, vulnerabilities and impacts. Typical templates include scales for evaluating the threats and deciding the best responses to them.
02:38
Refer to section 3.1 for common framework. Such a ce n'est Esso and P C. I.
02:46
A Master image is another known method for reducing organizational risk. It's the use of a gold image for operating systems, either desktops or server. Already based, lined and secured,
03:00
it's creating a model operating system version that is cleans. It's already been verified and strengthened also could be used for those system restores. So you have a desktop that has malware. You load your gold image to restore, and that way you know it's good and clean with no viruses.
03:19
Keep in mind a master image does need to be kept separate and secure.
03:23
In section 3.7, I talked about Cloud Security for review in terms of managing cloud risk.
03:31
The concepts include non persistent using temporary system images, a snapshot of a known good state.
03:39
The elasticity in scalability is a benefit of cloud computing. Where you can adjust those resource is has needed
03:49
with virtual ization cloud. You also get high availability where you can maintain duplicate copies of the same operating system and applications on two separate systems.
04:00
It provides measures such as redundancy fell over mirroring, and they're used to keep service's and systems operational.
04:09
Redundancy goes with high availability
04:12
terms of replicating systems at multiple sites.
04:15
This is also associated with fail over
04:18
load balancing and distributive allocation
04:23
means distributing the burden across multiple systems. Instead of just having one Web server, you'll have to load balanced Web servers that way one is not overburdened, say on a busy web traffic day.
04:35
Be aware of these cloud mitigation risks and refer to section 3.7 for more information.
04:43
Fault tolerance is another resiliency strategy you should be familiar with for your organization. It's the ability of a system to sustain operations in the event of a failure. You should have key components available, spare parts and electrical power.
04:59
Most servers have multiple power outlets, so in case there's a power source fail, the other will automatically go into effect.
05:08
You can also use other methods for power protection. Such a surge protection, using an uninterruptible power supply ups
05:16
and leveraging backup power generators.
05:19
All of these air strategies for fault tolerance.
05:26
The most common approach to data availability and redundancy with disk storage is redundant. Array of inexpensive desks, also known as raid
05:35
raid, organizes multiple disks into a large, high performance logical disc.
05:41
In other words, if you were at half three hard drive, you can configure them to look like one large higher drives.
05:47
Disk arrays are created to stripe data across multiple disks and access them in parallel.
05:56
Large array of discs are highly vulnerable to disk failures.
06:00
To solve this problem, you can use redundancy in the form of error coding error, correcting codes to tolerate disk failures.
06:08
With this method, a redundant disc array can retain data for much longer time
06:13
than unprotected single disk
06:15
with multiple disks and arrayed scheme. A system can stay up and running when it single disk fails,
06:20
as well as during the time the replacement disc is being installed and the data is being restored.
06:28
You should be for familiar with the different types
06:30
of raid that is available
06:32
to striping. Disc mirroring. Destroy Ping with parody.
06:38
See your study material form or information about rate storage.
06:43
Let's practice with a quiz question.
06:46
Question. Which risk mitigation techniques uses a standard disk image for system restoration upon breach or failure?
06:55
The answer is
06:57
a
06:58
master image, also known as a gold image.
07:01
This concludes the video for section 3.8 explained how resiliency and automation strategies reduce information technology and security risk

Up Next

CompTIA Security+

CompTIA Security Plus certification is a great place to start learning IT or cybersecurity. Take advantage of Cybrary's free Security+ training.

Instructed By

Instructor Profile Image
Ron Woerner
CEO, President, Chief Consultant at RWX Security Solutions LLC
Instructor