Time
7 hours 33 minutes
Difficulty
Advanced
CEU/CPE
8

Video Transcription

00:00
Hello and welcome back The Sigh Berry, 2019 Cop Tia Certified Van Secreted Practitioners Certification papers. Of course,
00:11
this is Martin. I'm a one, and a title is risk management
00:16
here again. The objectives which encompasses this particular module, ranging from understanding security concepts, understanding, threats and vulnerabilities. Understanding, risk assessment risk Mansion. Then we have a key takeaway, which is titled Cyber Security Fundamentals. So without further ado, let's turn our attention to what Section one
00:35
we just titled Understanding Security Concepts
00:39
here again are the objectives which encompasses Section one
00:42
We're going to begin by First are discussing the state of infant security today.
00:46
Take a look at the sea. I try it,
00:49
discuss classified assets, Look at Qi standards and guidelines, discussed controls and kind of marriages, Goes and Physical Security and last Vassilis, which this least of which, in other words, events and incidents.
01:03
So without further ado, let's turn our ticket or a pre assessment question, and the question is as follows. Which of the following terms indicates that the information is to be read only by those people for whom is intended? Isn't a come to jelly be integrity,
01:21
see availability or D accounting.
01:25
If you said like a, you're absolutely correct because companies Sally is a concept. We do it frequently in real life. For instance,
01:34
we expect doctors to keep our medical records confidential, and we trust our friends and keep my secrets confidential.
01:41
The business world finds company galley as the characteristics of a resource that ensures access is restricted only to permit it uses applications or computer systems.
01:53
This brings us to the state of it. My security. Today, according to the 2019 global State of Embassy Security survey,
02:01
digitalization has increased every security spending. The number security instance. Detective continues to drop along with the average financial laws due to cyber security attacks. However, the financial loss per instance continued to climb
02:15
over the past year. Over this. Believe that top source they have noticed a security incident were current employees opposite? That's your biggest risk.
02:23
You have your former employees. Also, you have your unknown hackers.
02:30
So before we start securing your environment, you need to have a fundamental understanding of the standard concepts of security. So when you look at security, some of the things you have to consider what you're trying to protect,
02:43
why does it need to be protected? And what are you put tech minute from?
02:51
We look at the C I A triumph.
02:53
It's an important security concept because all security controls mechanisms safeguards are impotent to about one arm or off these protection types.
03:04
All your risk, your threats and vulnerabilities. Imagine, for the potential capacity to compromise one are all off what we call the C. I. A. Try at principal
03:14
this try as the basis for create a holistic security plan to protect all your organization critical and sensitive assets. When you look at infant security world, the sea, I represent something we ascribe to attain rather than the agency of the United States government.
03:30
It stands for company jolly integrity and available E. On the unified attributes off infamous security program.
03:38
So when you look a company galleon of the words come to jelly, basically is it prevents the disclose of data or information to unauthorized entity
03:49
and Terry ensure that the data is protected from unauthorized modification or data corruption
03:55
available means ensuring that the data is accessible, went and where it's needed.
04:00
So let's look at confidentiality.
04:04
If Mason needs to be disclosed to authorize and it is for business processes, for example, and authorized employees accessing from it's about the prototype under development on a server
04:15
company has purpose isn't company. Allie is to ensure that the information is not disclosed to unauthorized, and it is, for example, company jealous, often achieved by encryption.
04:28
Then we look at integrity.
04:30
If Misha has to be consistent and not onto a modified without established, approved policies or procedures and technique is to maintain the consistency of the embassy. Internally, it's well, f externally.
04:44
This is to prevent unauthorized modification by authorized energy, for example, and update to a database record is made with approval and techniques. Also to prevent unauthorized modification by authorized entities, for example, with malicious code is inserted in a Web application by an unethical hacker.
05:04
In this scenario, hacker has order words and authorized any may modify an application to extend its procedures.
05:12
Other words
05:13
make some kind of update in other words, that perhaps they are not authorized to do, particularly because we're looking at hackers.
05:19
Then we have availability availabilities to ensure that Information Associates service is available to authorize entities as and when required, for example, in an attack on a network do
05:32
the now serves attack. Sometimes an authorized update to an application may stop. Certain essential service is and will constitute what we call our breach and availability requirement. For example, inadvertently tipping over a server power cable make constitutes unavailability of breach. In other words,
05:51
so who implements the CIA trad
05:55
in this particular dog when we see the confidentiality integrity, as was availability?
06:00
First of all, we looked on the comedy Jolly. We see the user. We see the IittIe administrated and network administrator the human resources. So four. These are the ones who implement what we call the CIA trap
06:12
on integrity. Have the user's. We had the I T administrated and network administrator him resources as well as see Imagine. But then, when we look over to availability, we see the item minutes Crater, that network administrator, 1/3 party vendor or Internet service providers.
06:29
So when you look at classified assets when you're going through the price actually identifying again, obviously performing what we call a risk assessment one of the first thing or other words imploring risk management first thing you need to do is what to identify your assets once you identify your *** that you need to go through a process of what we call
06:47
systematically classifying your assets. Now an asset is
06:51
in any data device or any component of environment that supports your information related activities. An example of it also could be intangible
07:01
or could be intangible, for example,
07:04
and tiger means it's something that you cannot touch. It could be a corporate image or intellectual property such as a patent, and as that can be, hard. Where it could be software, it could be data. It could be processed products or infrastructure that that is a value to an organization and hence needs protection
07:24
the level protection based on the value asset to that particular business.
07:30
This brings us to risk pantry, as I mentioned earlier. Risk managers, in fact, forward looking.
07:36
So when you look at risk man, first of all, a risk is the probably off a loss.
07:42
You have a vulnerability, which again is a system weakness, and you have a threat, which you call potential harm. So risk is a lightening of the lost will occur losses Kerwin a threat, exposes of vulnerability, other words or weakness owners, they all sizes face risk
07:59
risk cannot be again cannot be eliminated. Risk Henry. Somehow. What altered?
08:03
Other risks are minor and can be a set that without another thought, companies use risk management techniques to identify and different. Eight severe gris from your minor risks.
08:16
We look at a threat. Is any circumstances event with the potential harm and invasive resource by exploring a vulnerability so again they could be categorized as natural. Other words come on the floor. It could be unintentional, Which again, being a file of water or loss of utility service is it Give the intentional, such as a bomb off I'll water and
08:37
for theft.
08:37
You can also be intentional, mean non physical threats such as fraud,
08:41
hacking, identity theft as well as social engineering.
08:46
When you think about a risk, a risk is considered a Taliban. Certain risk is a possible of suffering. A loss is a potential future harm that my occur due to some present action.
08:58
Every organization has risks.
09:01
Now there are some bonus days. They have what would higher degree of what we call a risk appetite now risk appetite is a level risk it always a super PAC to accept in pursuit of his objectives and before action is deemed necessary to reduce the risk
09:16
that there are three types of meds you have probably, which is a major of like the hood.
09:20
Impact is a measure of the laws that Kirk, when that threat is realized, your risk exposing is it helps to imagine the magnitude of the wrist.
09:31
This brings us to the different types of risk. You have technical risk, which again includes problem with languages, project size, project functionality. You have management risk, which includes a lack of manager experience and lack of planning
09:43
We have also financial risks include cast blow capital and budget risk budget issues. In other words,
09:50
we have a project which was the effect of project schedule Resource. We also have product wrist, which effective product quality. Also a person nervous because personal pose the greatest risk in terms to our organization.
10:05
This brings us to review during this particular course of destruction, we highlighted the topic's off the state of every security. Today we took a look at the CIA track. We don't how to classify assets. Well, what exactly what asset is discussed? Keep standards and guidelines, controls and comma marriages goes in physical security and also events in incidents. So
10:24
look forward to seeing the very next video
10:26
and our upcoming top. You're gonna continue on discussion of Section One understanding security concepts.
10:33
Look for to see you in a very next video.

Up Next

CompTIA CASP+

In this course, you will learn all of the domains and concepts associated with the CompTIA Advanced Security Practitioner CAS-003 CASP+ Exam. Through this course you will be fully prepared to sit for your CompTIA A+ Exam!

Instructed By

Instructor Profile Image
Jim Hollis
Independent Contractor
Instructor