5 hours 58 minutes
Welcome back to cyber is is of course, I'm your instructor. Brad Roads. Let's jump into secure operations.
So in this video, we're gonna talk about the infamous or the famous I Triple A, which we'll get to in a second. We'll talk about policy standards, procedures and guidelines, paperwork. Everybody's absolute favorite thing. We're gonna talk about a couple of technologies that we see in secure operations DLP data loss prevention and Z T A zero trust
So one of the things we do in secure operations is make sure the right people. So this is the people side of things can actually get onto the systems they need to and get access to the things that they need to. And so we do that via the I triple A process that's identification, proving who you are.
That's authentication. That's passwords, multi factor authentication, etcetera, right
when we do authorizations, and that's where you hear terms like mandatory access control, discretionary access control. Do you have access to the things that you need to? And then, of course, we talk about accountability, and that's logging what people are doing on these systems. Um, if we're not blogging, what folks are doing. How can we actually validate that? They're doing things within
the authorities that they have, even if they have authenticated to our system. So
the people side of the house we do. I triple A
next in the process, decided the House. We have those documentation, things, policies, standards, procedures and guidelines. And there's really these pictures here. Help us to define that policies. Tell us why we do something right. Um, I'm sure all of you working awesome organizations, and it's really good to know why you do certain things. That's why we have policies.
A standards are tell us what we do or what to do or what to use. Right. So maybe everybody in our company is supposed to use Macs or Windows laptops, and that's the standard we specify. The standard procedures are the how it's the step by step instructions of how to get something done to create that consistently consistency
we've talked about previously.
And then guidelines are recommendations. You should do this. You shouldn't do that. Like, for example, maybe you don't want to click on that link. Maybe you do right. Or maybe there is a recommendations around what happens when you get something that feels like a fish.
Next, we have the technology side of things, and there's obviously a lot of technologies that we can use to support secure operations. These are not all of them, obviously, but these are two of the big ones we see out there today. One is data loss prevention. So obviously one of the big challenges we see in the industry today,
his data leaking out, whether it's cloud based data, local based data, etcetera, etcetera. And so
we have to have in their systems out there that you come procure for data loss prevention and their automated and they're great. Um, you know, is Bob emailing stuff outside of the organization that he shouldn't? Well, let's data loss prevention. That's how we catch it. Three other one and we've talked about C T A. R zero trust architectural earlier, and that's where we look at policy enforcement of
access to resource is those could be systems.
This could be data. Those could be actual components. Those could be actual operation. Anything can be enforced from this policy enforcement point in a Z t A, and that allows us to meet compliance, Understand the activity, Do that. I triple A stuff that we talked about previously. And that's a technology solution set that you might see out there.
So in this lesson, we reviewed I Triple A. We talked about policy standards, procedures and guidelines, and then we highlighted a couple of technology areas and keep in mind, we're looking at people process and technology. So I triple A is people stuff. Policy standards, procedures and guidelines is process stuff,
and GOP and Zita are examples of technology that we can use
in this space. We'll see you next time.
ISC2 CISSP Practice Test: Certified Information Systems Security Professional
There is a growing need for information security leaders who possess the depth of expertise ...
Certified Information Systems Security Professional (CISSP)
CISSP is the basis of advanced information assurance knowledge for IT professionals. Often referred to ...
19 CEU/CPE Hours Available
Certificate of Completion Offered