Hello and welcome back to Sai Berries 2019 Cop Tia Security Plus Certification Profession Course,
We're gonna continue our discussion on modern three, which is domain three. And the topic discussion will be architecture and design
this particular domain focus on at a high level, day to day type operations.
The expectation for this domain is that you understand the importance of technology and regulations, as was the pros and cons off certain technology and design choices and hard technology integrate with other technologies or in environment for maximum security.
Let's start to chew our first objective again, which encompasses this particular main, which is remaining three, which is 3.1.
Explain use cases and purpose for frameworks,
best practices and secure configuration guys.
The first item on our agenda is a pre assessment quiz
and in fact, is a true a false statement.
And it reads as follows
with a regulatory frameworks. You're trying to meet a specific regulation in an industry
as part of working with a specific technology or as part of a government organization.
Is this true or false?
In this case, if you select the true, you're absolutely correct
Here again is objective 3.1, which encompasses domain. Three with simply states explain use cases and purpose for frameworks, best practices and Secure Configuration Guys.
The sub categories within this particular objective are
industry standard frameworks and reference. It's architectures, regulatory,
non regulatory, national versus international and, lastly, industry specific frameworks.
So we look at industry standard frameworks and reference
architecture. First of all, we need to find exactly what regulatory is
now. Regulatory requirements are created by government agencies and are mandated by low regulation regulation. Other words can exist on an international, national or even a local level.
Non regulatory requirements are developed by agencies that provide technology metrics instead of development for the betterment of science and technology industry.
National versus International
Many countries may choose adopt a different framework,
and it's a specific framework. Friend was provide the foundation to Sprink in an organization secreted posture and got regulation compliance.
Then we come to benchmark, in other words, secure configuration guys benchmark and typically term in how much of a load a system device or servic and handled by comparing two or more systems or components of a system. The most common use of benchmark is a performance measurement to
this brings us to platform vendor specific guys.
First of all, we have a Web server. Now when you look at the Web server in terms of platform vendor specific guys, ah, Web server is a service software or hardware dedicate to running sets software that can satisfy worldwide Web plant requests.
Operating System is among the most important software that runs on a computer and managing computer memory and processes with all of this software and hardware
application Server is a software framework that provides both facilities to create
actual wear applications and a server environment to run them.
Never infrastructure devices. It is a component of the network that transport communication needed for data,
applications, services and multimedia.
Then we have our general purpose guys diesel security configures and guys that are generic in terms of their scope.
Continue on what I discussion of this particular object displaying use cases and purpose of frank for frameworks, best practice and cure configuration. We have some additional sub topic that encompasses dis objective. We could begin to turn our attention toward discussing Is was defining defense in depth. In other words, layout security. We also to find work
diversity is control diversity all way down to user training.
One of the first I'm going to take a look at subcategory of this particular jacket is defense in depth
and defense in depth focuses on a wider, holistic approach that includes components such as disaster recovery and forensic analysis.
Experts agree that the best approach to securing your environment is in fact, a leading defense
instead of relying on a single security solution, So you want to adhere to defense in depth
the defensive. That means use at multiple lancer security to defend your assets, You may act. What assets that we speaking about assets could be include people.
It concludes. Your computers,
it conclude the software. So these are things that we need to do in order to what pro actively protect, not assets or, in other words, defend those assets. Now, one thing that we can do to mitigate and exposed to it assets such as personnel above around what use awareness training. Now the other thing. I want to mention about defense in depth again.
Even if an attacker breaches one love your defense, you can you can have additional layers.
They keep that person out of your critical areas of your environment,
as mentioned earlier defensive. That means creating multiple layers of security defenses do which attacker must penetrate, also called layered security.
Then we have to look at bended diversity.
Vin University is a business concept that requires of a writer supplies for the purpose of goods and services for organization. Again, this is one key aspect of defense in depth. Employing vendor diversity, not having all the same product by one specific vendor.
That's one of things. If you look back at the voting machines, one of the reasons not. What a reason they're not able to hack into our burger machines by two reasons. First of all, they're not connected to the network. And secondly, they have Most states have different vendor type voting machines. So no, they don't have one particular model that they use.
So that's one way of what adding a layer of defense in terms for my security perspective,
dealing with an election,
then we have a term call control diversity. That means having different groups responsible for regulating access to your system.
Administrative controls consists of management constraints,
operational procedures and supplement administrative controls established to provide a set of level protection for resource is
technical bit. Sometime refer to ask our logical controls.
Then they come to use awareness or use the training. Training in uses one of the most important steps in your successful security program. Security Awareness program and policy. Embassies of a Quiet for regulatory Compliance particularly told my PC I deal with credit cards hipper. Was it Health Insurance Portability Accountability Act? Other words
personal identifying information as well as other compliant purposes.
At this point time, we have our post assessment quiz again. This is a statement that you need determine whether or not the statement is either false or is it true?
So let's take a look. This statement you need to train used to understand their responsibilities, understand where that risk are and be able to identify threats such as fishing and social engineering. Is that true or false?
If you select the true, you're absolutely correct because your first line of defense against would be hackers is training your users to be identified, the various threats and obviously make you aware of it, or obviously provide that information up the chain so that people know exactly what's going on.
Let's don't talk to to what key takeaways from this particular video,
and they are as follows. We learned that defense, and that means using multiple layers of security to defend your assets.
We also learned that non directory frameworks are developed with similar goals to regulatory framework. In fact, the goal is to improve security by providing information and guidelines to organizations.
We also learned that regular requirements are created by government agency and are mandated by law. Regulations can exist on an international, national or local level
in our upcoming video, which we continue our discussion off domain number three and the top of discussion will be 3.2. Given a scenario, implement secure network architecture concepts.
See you in the next video.