Time
33 hours 23 minutes
Difficulty
Beginner
CEU/CPE
33

Video Transcription

00:01
Hello and welcome back to Sai Berries 2019 Cop Tia Security Plus Certification Profession Course,
00:09
We're gonna continue our discussion on modern three, which is domain three. And the topic discussion will be architecture and design
00:18
this particular domain focus on at a high level, day to day type operations.
00:25
The expectation for this domain is that you understand the importance of technology and regulations, as was the pros and cons off certain technology and design choices and hard technology integrate with other technologies or in environment for maximum security.
00:44
Let's start to chew our first objective again, which encompasses this particular main, which is remaining three, which is 3.1.
00:51
Explain use cases and purpose for frameworks,
00:55
best practices and secure configuration guys.
01:00
The first item on our agenda is a pre assessment quiz
01:04
and in fact, is a true a false statement.
01:07
And it reads as follows
01:10
with a regulatory frameworks. You're trying to meet a specific regulation in an industry
01:17
as part of working with a specific technology or as part of a government organization.
01:23
Is this true or false?
01:26
In this case, if you select the true, you're absolutely correct
01:33
Here again is objective 3.1, which encompasses domain. Three with simply states explain use cases and purpose for frameworks, best practices and Secure Configuration Guys.
01:46
The sub categories within this particular objective are
01:49
industry standard frameworks and reference. It's architectures, regulatory,
01:55
non regulatory, national versus international and, lastly, industry specific frameworks.
02:02
So we look at industry standard frameworks and reference
02:06
architecture. First of all, we need to find exactly what regulatory is
02:09
now. Regulatory requirements are created by government agencies and are mandated by low regulation regulation. Other words can exist on an international, national or even a local level.
02:22
Non regulatory requirements are developed by agencies that provide technology metrics instead of development for the betterment of science and technology industry.
02:32
National versus International
02:35
Many countries may choose adopt a different framework,
02:38
and it's a specific framework. Friend was provide the foundation to Sprink in an organization secreted posture and got regulation compliance.
02:49
Then we come to benchmark, in other words, secure configuration guys benchmark and typically term in how much of a load a system device or servic and handled by comparing two or more systems or components of a system. The most common use of benchmark is a performance measurement to
03:09
this brings us to platform vendor specific guys.
03:13
First of all, we have a Web server. Now when you look at the Web server in terms of platform vendor specific guys, ah, Web server is a service software or hardware dedicate to running sets software that can satisfy worldwide Web plant requests.
03:28
Operating System is among the most important software that runs on a computer and managing computer memory and processes with all of this software and hardware
03:37
application Server is a software framework that provides both facilities to create
03:43
actual wear applications and a server environment to run them.
03:46
Never infrastructure devices. It is a component of the network that transport communication needed for data,
03:53
applications, services and multimedia.
03:55
Then we have our general purpose guys diesel security configures and guys that are generic in terms of their scope.
04:02
Continue on what I discussion of this particular object displaying use cases and purpose of frank for frameworks, best practice and cure configuration. We have some additional sub topic that encompasses dis objective. We could begin to turn our attention toward discussing Is was defining defense in depth. In other words, layout security. We also to find work
04:21
diversity is control diversity all way down to user training.
04:27
One of the first I'm going to take a look at subcategory of this particular jacket is defense in depth
04:31
and defense in depth focuses on a wider, holistic approach that includes components such as disaster recovery and forensic analysis.
04:41
Experts agree that the best approach to securing your environment is in fact, a leading defense
04:46
instead of relying on a single security solution, So you want to adhere to defense in depth
04:53
the defensive. That means use at multiple lancer security to defend your assets, You may act. What assets that we speaking about assets could be include people.
05:01
It concludes. Your computers,
05:03
it conclude the software. So these are things that we need to do in order to what pro actively protect, not assets or, in other words, defend those assets. Now, one thing that we can do to mitigate and exposed to it assets such as personnel above around what use awareness training. Now the other thing. I want to mention about defense in depth again.
05:24
Even if an attacker breaches one love your defense, you can you can have additional layers.
05:28
They keep that person out of your critical areas of your environment,
05:33
as mentioned earlier defensive. That means creating multiple layers of security defenses do which attacker must penetrate, also called layered security.
05:43
Then we have to look at bended diversity.
05:46
Vin University is a business concept that requires of a writer supplies for the purpose of goods and services for organization. Again, this is one key aspect of defense in depth. Employing vendor diversity, not having all the same product by one specific vendor.
06:01
That's one of things. If you look back at the voting machines, one of the reasons not. What a reason they're not able to hack into our burger machines by two reasons. First of all, they're not connected to the network. And secondly, they have Most states have different vendor type voting machines. So no, they don't have one particular model that they use.
06:20
So that's one way of what adding a layer of defense in terms for my security perspective,
06:26
dealing with an election,
06:27
then we have a term call control diversity. That means having different groups responsible for regulating access to your system.
06:34
Administrative controls consists of management constraints,
06:38
operational procedures and supplement administrative controls established to provide a set of level protection for resource is
06:46
technical bit. Sometime refer to ask our logical controls.
06:50
Then they come to use awareness or use the training. Training in uses one of the most important steps in your successful security program. Security Awareness program and policy. Embassies of a Quiet for regulatory Compliance particularly told my PC I deal with credit cards hipper. Was it Health Insurance Portability Accountability Act? Other words
07:11
PR
07:12
personal identifying information as well as other compliant purposes.
07:16
At this point time, we have our post assessment quiz again. This is a statement that you need determine whether or not the statement is either false or is it true?
07:26
So let's take a look. This statement you need to train used to understand their responsibilities, understand where that risk are and be able to identify threats such as fishing and social engineering. Is that true or false?
07:40
If you select the true, you're absolutely correct because your first line of defense against would be hackers is training your users to be identified, the various threats and obviously make you aware of it, or obviously provide that information up the chain so that people know exactly what's going on.
07:57
Let's don't talk to to what key takeaways from this particular video,
08:01
and they are as follows. We learned that defense, and that means using multiple layers of security to defend your assets.
08:09
We also learned that non directory frameworks are developed with similar goals to regulatory framework. In fact, the goal is to improve security by providing information and guidelines to organizations.
08:20
We also learned that regular requirements are created by government agency and are mandated by law. Regulations can exist on an international, national or local level
08:31
in our upcoming video, which we continue our discussion off domain number three and the top of discussion will be 3.2. Given a scenario, implement secure network architecture concepts.
08:43
See you in the next video.

Up Next

CompTIA Security+

Interested in the cybersecurity industry? The CompTIA Security+ is the gold standard for those looking to enter the cybersecurity industry. Join thousands of professionals who have gained this certification through this course and launched their careers in information security.

Instructed By

Instructor Profile Image
Jim Hollis
Independent Contractor
Instructor