Time
7 hours 33 minutes
Difficulty
Advanced
CEU/CPE
8

Video Transcription

00:00
Hello and welcome back to Cy Berries. Come Tere Certified Van Security Practice. Tres Certification Preparation course. This is a continuation of marginal one, which is titled Risk Mattress.
00:13
These are objectives or worse, they learn Objective, which encompasses pickle module. Let's not turn our attention toward discussion off understanding, threats and vulnerabilities.
00:24
This is Section two of this particular presentation
00:28
here. Get on the objectives which encompass this section two, ranging from hot identified threats and vulnerabilities,
00:34
parent of threats and vulnerabilities and, lastly, source sources of vulnerabilities. In other words,
00:41
let's not turn toward a pre assessment question, and the question is as follows, which turns refer to anything that has the potential to cause serious harm to a computer system. Isn't a competent Aly Bey integrity see availability or D threat
01:00
if he, in fact, used to let the D you're absolutely correct. So without further, let's turn out to Georgia discussion off threats. Now, threats are potential for vulnerabilities. To turn into a tax on your computer systems, your networks and Maur, they put individual computer systems and business computers at rest our words
01:19
a Taliban certainty,
01:22
so our vulnerabilities have to be fixed. So the attacker cannot infiltrate the system and caused damage that's conclude anything ranging from viruses, Children's back. Those toe outright attacks from hackers often term blended threat is more accurate
01:38
as the majority threats involved multiple exports.
01:42
For example, Ahh Hacker might use a phishing, attack the game information about a network and break into a network.
01:51
The next Adam Is I a chart here, which again it breaks it down. We have a two actual columns, won this title, intentional threats, and then we have intentional threats. When we look ATT, unintentional threats, for example, we have to consider environmental. So just fire wind lightning.
02:08
Then we also have human lifetime. Human can be unintentional threats as well. You get, for example, could be a keystroke error procedure, air or programming bub.
02:19
Then they can also be a threat can also be intentional. Other words. Individuals like, for example, hackers. This is intentional. You have criminals or you craft even having this going to employ. These are considered intentional threats. We always have organization that has a deal specifically with advanced, persistent threats,
02:38
which again you have. Criminal organization needs to be considered internal threats as well as
02:42
opposition research This brings us to the types of threats. Again, we have
02:47
the force Password attack dictionary, password attack, your I P address, moving hijack and replay attacks, as well as a man in the middle type of taxis. A call considered different types of threats.
03:01
You're getting some additional threats. We have masquerading social engineering, fishing
03:07
freaking, also forming so again needs its examples off the different types of threats.
03:13
When you look at a vulnerability as I mentioned earlier of vulnerable, it's considered a weakness. For example, in cybersecurity, term refers to a flaw in your system, as was leaving it open to attack
03:23
of on ability. Also referred to any type of weakness and your computer system itself. Perhaps it could be a set of procedures or anything that leaves that infant security exposed to that threat
03:35
Here. Get us some examples of vulnerabilities ranging from defective software always down to insufficient. We done, missy.
03:45
We look at risk identification, imagining techniques.
03:49
First of all, risk is considered a total uncertainty.
03:53
These now, in this chart we see this identification. We see threats and vulnerabilities.
03:58
Then we also have some techniques from which, for a man's perspective, that weak. What can reduce a mitigate These risk? Remember, risk cannot be eliminated. But again, in this case where mantra techniques could understand, you could imprint control measures plan are history and so forth. So these are some things you're gonna do
04:15
proactively to try to what mitigate a. Minimize the impact
04:20
and when you're identifying risk is too apparent. That risk with vulnerable as we see illustrating this chart threats are matching to exist. Invulnerable is to determine the lightness of a risk. Remember, arrest is a telephone uncertainty. So again, the threat. Here we have an ex employee
04:38
and then what we're doing, parent. What vulnerability and ex employee who still has access to your system. So that's very that's why so crucial when when employees makes a decision that they're gonna lead, Gordon says, you need to make sure you expedite the process off. Other words reducing that are limiting their access to your system's.
04:57
We can also access to proprietary data
04:59
again. Disick of all is what we call a threat action.
05:02
The next chart here has still deals with threats and minimally Paris ah, threat source could be a fire, ordinary indigent person off vulnerability can be, oh, other worst moments of weakness. Other words to my sprinklers used to suppress your five damage. We also a threat action with getting the Sprinkle system is turned off
05:21
some additional threats of wannabe, apparently to be aware of a threat source. Keeping unauthorized users such as hackers off vulnerable. It could be identified flow and your system design
05:31
in the case. New patches are not. Apply it that poses of audibly.
05:35
You also threaten actual, which again deals with unauthorized access to your files.
05:42
This another, another chart that gives us some additional information regarding the vulnerability threat. Pairing examples in this case will just take a look at one. Here again, we have wannabe. What we do is parent the vulnerability with the threat. So here, getting at first when we have our vulnerabilities are terminated. Employee ID's are not removed from the system.
06:00
The threat source is what
06:02
your terminated employees
06:04
through inaction down into your company network and assessing proprietary information. What we want to do is expect the process. When employees make decision, they're gonna leave organization. We didn't make sure we expedite the process or what
06:16
accident again, removing their access to those systems.
06:23
The importance of risk management for it's meant to be affected. The risk man tracked it must be supported by all members of your organization.
06:30
This goes along with building a culture and security management understanding by personnel. Their roles in response to these things are very important, particularly look at risk. Risk. Manage. Fundamentally speaking is very important to an organization because it provides it means for what, us too, in terms of managing those Taliban uncertainties.
06:48
So what? Rhys Majin identify the threats and vulnerabilities
06:51
it reduces again the adverse impact and improve your resistance survivability and also shows a need for risk reduction. At this point time, we have a post assessment question and the question is as follows we should follow in terms of first to a Florida system can leave it open to attack. Is it a full mobility?
07:11
Be integrity, see availability or D threat.
07:16
If you said like the air you absolutely creates called a vulnerability
07:20
during this particular presentation, we don't have to identify threats and vulnerabilities. We discussed the pairing of threats and vulnerabilities and also the sources off vulnerability and our upcoming presentation will be taking a look at Section three Understanding risk assessment.
07:36
Look forward to Syrian, a very next video

Up Next

CompTIA CASP+

In this course, you will learn all of the domains and concepts associated with the CompTIA Advanced Security Practitioner CAS-003 CASP+ Exam. Through this course you will be fully prepared to sit for your CompTIA A+ Exam!

Instructed By

Instructor Profile Image
Jim Hollis
Independent Contractor
Instructor