Time
35 hours 10 minutes
Difficulty
Advanced
CEU/CPE
8

Video Transcription

00:00
Hello and welcome to the cyber re comp TIA certified advance security practices Certification. Preparation course. We're moving into a brand new model and this is marginal three, which is titled Organizational Security.
00:16
Now, let's take a look at the little object in order which will be covered during this particular marker number three. Now, these are some Top is gonna be taking a look at, ranging from security frameworks, security policies documented, operate security controls, participate in change management, participate in security awareness and training.
00:35
And last but least of which we don't have a key takeaway
00:37
taking a look at organization, security and some terms you need to know. So without further, let's begin by taking a look at section number one, which is titled Security Frameworks.
00:48
So again, this is section one. We're gonna be taking a look at.
00:51
These are the objectives of this particular section, and they are as follows we could begin my first of all. Answer the question. What does every security framework and why do I need one? And lastly, some key friend works at a widely used,
01:06
so we're not further. Let's take a look at a pre assessment course. Tin and the question is as follows.
01:11
What is a series of documented processes that are used to find policies and procedures around the implementation and the ongoing mandolin for security controls in an enterprise environment call? Is it a security framework?
01:26
V.
01:26
Regulatory compliance, See policy or change? Imagine
01:32
if you said like that, eh? You're absolutely correct. It's called a security framework. So in effect, a security friend is a serious of document. It processes that use it, find policies and procedures around the implementation and the ongoing management of every security controls and an enterprise environment. Now, one of the first thing you want to take a look at it
01:51
I t governess
01:53
When you think about IittIe governess, essentially, I think government provides a structure for light in the I t. Scratch the business strategy by following a formal framework organization can produce measurable results, tour, achieving their strategies and gold. A formal program also takes stakeholders interest into account
02:10
as well as the need of staff and the process they followed
02:14
In the big picture. I think Governess is an intricate part of overall enterprise governess.
02:22
Now let's take a look at security framework. Then the main port of having an empress security framework in place is reduced, the risk levels and the organs disposes to vulnerabilities. Other boards were talking about weaknesses.
02:34
The friend will issue a go to document in an emergency. For example, someone breaks into your system, but it outlines Della procedure designed to reduce your exposure to the wrists. In other words, we're talking about a tolerable uncertainty when you're going by the price of systematically admitting what we call a solid, every security framework
02:53
is gonna provide a host of avenges. If you are trying to steal confidence in the industry or
02:58
extenders a strong reputation with potential business partners as well as your customers,
03:04
we look at regulatory compliance. Not again. This is another interesting term. It's an ovulation and leases to again order words adherents. The laws, regulations, guidelines and specifications relevant to his business processes violation. Regular compliance regulations often result in legal punishment, including federal fines.
03:22
So again, here is a list of some ranging from P C i N. I s hip, a sock and so forth.
03:29
That brings us to a very interesting question.
03:31
What is that face? A critic friend. Why do I need one.
03:35
Obviously, the main point of having a infront security framework in place is to reduce your risk level. Other words. We're gonna get to what we call an acceptable level. Despite the fact offer all our best efforts, we still gonna have some what we call residual risk. Now the framework is your go to document in an emergency.
03:53
So so if, for example, someone breaks your system, But again, going outline your dental procedure designed to what? Reduce your exposure to these various risk
04:01
when we look at the campus security
04:03
framework.
04:04
Other words. There's some things that we have to consider.
04:08
Obviously, when you're going by the price of choosing frame, where their work to the organization I was It's not gonna be easy. It's going quite a lot of work on your behalf is, well,
04:16
also a simplified critic friend, where Doc, a domain model. So again something. What we have to think about with nothing but a federal security Mandarin act of 2002 which is a good example. You also have idol, which will be tough only bit about some of these in the upcoming slides. Not frank off flexible
04:31
and what it does is allow your organization of Dr Construct that fit their overall governess and compliance
04:38
planning tight with Kwame, it's
04:40
getting this taking a look and get out of security policy framework. Obviously, it's strategic and nature. It looks at compliant risk, financial risk, operational risk as well as other risks. For example, we think of my strategic risk. It's a broad category focus on events that may change how the organization obviously operate.
04:59
We also encourage what we call financial wrists, which is a potential impact
05:02
when the business fails to have adequate liquidity. Other words, enough money to meet its various obligations.
05:11
Now what the opposite of many different frameworks out there? One of the first, we'll take a look. It's called in this, which is called the National Institute Standards and Technology, which again is a federal agency within the United States Department comments. And really, essentially Miss Mission is to develop and promote measurements, standards and technology to enhance your port activity,
05:30
facilitate trade and improve the quality of life.
05:35
Here again is another example. When you think about the this cyber security framework, when you when you considered together again, we have five core function that provided strategic view of the life cycle of the organization's cyber security risk mansion, and it should be treated as a key reference point again. First of all we have identified,
05:55
we have again to protect.
05:57
We also had get half some other ones, which mentioned here we also have the tech.
06:00
We have respond, and also we have recovery.
06:04
Another friend would want to take a kind of brief look at it's called the I S 0 27 000 family and I again other words. 27,000 family. It's an international standard organization that developed again, its eyes so serious because it's a broad in scope.
06:21
Any type of size organization can benefit, obviously from being familiar with it and adopting this recommendations.
06:28
It's a system Make a potion manual sensitive Information Security, also known as again as infinite security and mansion system, includes Majin risk for people processes. That's what's your I T system
06:41
opposite. Continue again with the 27,000 family. It defines it secreted policy. It finds a scope. Obviously we're gonna have a clearly defined scope, will engage in what we call risk management or other words, rich successful and assess our risk. But before we go through the price of assessing our best, we need to. First of all, what identify those assets
06:59
we don't baby. That match does identified risk,
07:01
and we're gonna get them to what we call an acceptable level realizing that we cannot eliminate with. But what we can do is mitigate a minimize the impact of the various risk.
07:12
Then we have the PC at which again stands for the pavement. CART industries Security standard is widely accepted. Settle policies and procedures intended to what? Optimize again
07:21
again, the ah force that mansion about credit card industry to debt that cash transactions and so forth often achieve to a enforcing what we call tight controls. Surround the storage, transmission and processing of cardholder data
07:38
this again in some additional information. Regarding again, the payment card has 12 principal requirements. Build a maintain secure network protected attic. Your card data maintained vulnerably Program implements comb access control measures regularly. What you want. Also regularly Monta Intestinal Network and maintain increased security policy.
07:58
Then we come to it in this special publication. 800 desk. 53
08:01
Essential. This is a standard and guidelines to help your federal agencies and contractors meet the requirements set for by the federal Information Infinite or fisma again, the 800 Siri's reports on inference technology or the words researchers will. That's the guidelines
08:18
This down brings us again. To do what we call the trusted service's principal criteria and get an essential is a set of controls that issue lies and sought to and stopped. Three engagement. It has set of five trust principles with a focus on security. It looks availability
08:37
confident, yet almost sounds like I see a triad, if you recall. We mentioned that in previous presentations,
08:41
input processes, integrity as well as again privacy.
08:46
Then we have Corbett, which again is an organization security in integrity frame with a utilizes processes control object. This mantra, guidelines and maturity. Mullen To ensure the alignment of Artie with business. Essentially, it maps to the standard required for regulatory compliance.
09:03
Then we have the item, which again is a framework of best practices for delivering what we call. If this technology service is, it's a systematic approach to I t service management to help businesses managed their rest. Otherwise, we're gonna get those rest to an acceptable level.
09:20
Then we have another again interesting friend was called the Open Group Architectural Framework. It's a framework for enterprise architecture that provides an approach for designing, planning, implement and governing enterprising face technology type architecture.
09:35
Now let's take a look at a post assessment question. And of course, it is as follows. What is a worldwide worldwide payment card in just ended? Call. Is it eh?
09:46
Or is it B?
09:46
Is it C or D? If you said like the A, you're absolutely correct. It stands again. It's a worldwide payment card injury. Data security standard is initiated to ensure business process and car payments were secure, as well as help reduce card fraud.
10:03
Let's take a look at the review now doing this particular presentation. We went through the process again, identifying different types of information security frameworks and explain why we needed them. We also took a lesson. Keep Friend was the opposite. It a widely used
10:18
in upcoming presentation. We're moving on to Section two will be discussing security policies. Look forward to seeing you on the next video

Up Next

CompTIA CASP+

In this CASP+ certification course, you will learn all of the domains and concepts associated with the CompTIA Advanced Security Practitioner CAS-003 CASP+ Exam. Through this course you will be fully prepared to sit for your CompTIA CASP+ Exam!

Instructed By

Instructor Profile Image
Jim Hollis
Independent Contractor
Instructor