Secure Operations
Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Time
5 hours 58 minutes
Difficulty
Intermediate
CEU/CPE
6
Video Transcription
00:00
>> Welcome back to cyber.
00:00
Yes of course, I'm your instructor Brad Ross.
00:00
Let's jump into secure operations.
00:00
In this video we're going to talk about the infamous
00:00
or the famous IAAA which we'll get to in a second.
00:00
We'll talk about policies, standards, procedures,
00:00
and guidelines, paperwork,
00:00
everybody's absolute favorite thing.
00:00
Then we're going to talk about a couple of
00:00
technologies that we see in secure operations,
00:00
DLP, data loss prevention and
00:00
ZTA, zero trust architecture.
00:00
One of the things we do in secure operations,
00:00
is make sure the right people,
00:00
so this is the people side of things,
00:00
can actually get on to the systems they need to,
00:00
and get access to the things that they need to.
00:00
We do that via the IAAA process.
00:00
That's identification, proving who you are.
00:00
That's authentication, that's passwords,
00:00
multi factor authentication, etc.
00:00
When we do authorizations and that's where you hear terms
00:00
like mandatory access control,
00:00
discretionary access control.
00:00
Do you have access to the things that you need to?
00:00
Then of course, we talk about accountability and that's
00:00
logging what people are doing on these systems.
00:00
If we're not logging what folks are doing,
00:00
how can we actually validate that they're
00:00
doing things within the authorities that they have,
00:00
even if they have authenticated to our systems.
00:00
The people side of the house, we do IAAA.
00:00
Next, in the process of side of the house,
00:00
we have those documentation things,
00:00
policies, standards, procedures, and guidelines.
00:00
There's really these pictures
00:00
here help us to define them.
00:00
Policies, tell us why we do something.
00:00
I'm sure all of you work in awesome organizations
00:00
and it's really good to know why you do certain things.
00:00
That's why we have policies.
00:00
Standards tell us what we do,
00:00
or what to do, or what to use.
00:00
Maybe everybody in our company is supposed
00:00
to use Macs or Windows laptops,
00:00
and that's the standard,
00:00
and we specify the standard.
00:00
Procedures are the how.
00:00
It's the step by step instructions
00:00
of how to get something done to
00:00
create that consistency we've talked about previously.
00:00
Then guidelines are recommendations.
00:00
You should do this, you shouldn't do that.
00:00
For example, maybe you don't want to click
00:00
on that link, maybe you do,
00:00
or maybe there is a recommendations
00:00
around what happens when you get
00:00
something that feels like a fish.
00:00
Next, we have the technology side of things and there's
00:00
obviously a lot of
00:00
technologies that we can
00:00
use to support secure operations.
00:00
These are not all of them obviously,
00:00
but these are two of the big ones we see out there today.
00:00
One is data loss prevention.
00:00
Obviously one of the big challenges we see in
00:00
the industry today is data leaking out,
00:00
whether it's Cloud based data,
00:00
local based data, etc.
00:00
We have to have in their systems out there that
00:00
you can procure for data loss prevention,
00:00
and they're automated and they're great.
00:00
Is Bob emailing stuff
00:00
outside the organization that he shouldn't?
00:00
Well, let's take loss prevention,
00:00
that's how we catch it.
00:00
The other one, and we've talked about ZTA or
00:00
zero trust architecture earlier.
00:00
That's where we look at
00:00
policy enforcement of access to resources.
00:00
Those could be systems, those could be data,
00:00
those could be actual components,
00:00
those could be actual offers.
00:00
Anything can be enforced from
00:00
this policy enforcement point in a ZTA.
00:00
That allows us to meet
00:00
compliance, understand the activity,
00:00
do that IAAA stuff that we talked about
00:00
previously and that's a technology solution
00:00
set that you might see out there.
00:00
In this lesson, we reviewed IAAA,
00:00
we've talked about policies,
00:00
standards, procedures, and guidelines,
00:00
and then we highlighted a couple of technology areas.
00:00
Keep in mind, we're looking at
00:00
people process and technology,
00:00
so I AAA is people's stuff.
00:00
Policies, standards, procedures and
00:00
guidelines is processes stuff,
00:00
and DLP and ZTA are examples of technology that we
00:00
can use in this space. We'll see you next time.
Up Next
Similar Content
