CompTIA CySA Domain 5 Compliance and Assessment.pptx

CompTIA CySA+ Domain 5: Compliance
and Assessment
www.infosectrain.com | sales@infosectrain.com

CYSA+ Domains:
1.Threat and Vulnerability Management
2.Software and Systems Security
3.Security Operations and Monitoring
4.Incident Response
5.Compliance & Assessment
In this blog, we will discuss the fifth domain of CySA+: Compliance and Assessments.
In this domain, you will understand three important concepts:
1.The importance of data privacy and protection
2.Security concepts in support of organizations’ risk mitigation
3.Policies, frameworks, procedures, and controls are critical

1. Importance of data privacy and protection
In any organization, there are many key pieces of information like
loyalty schemes, customer data, transactions, employee records, or
data collection that need to be protected from unauthorized access.
Protecting sensitive data is very important because it may contain
information about your current staff, business partners, clients, and
shareholders.
Data privacy is important since individuals who engage online need to
trust that their data will be handled carefully. Organizations use data
protection practices in order to demonstrate to their customers and
users that they can be trusted with their data.
In this concept, you will learn:

1.Privacy vs. Security: Privacy and security are intertwined. Privacy refers to
whatever control you have over your personal information and how it is
utilized. Consider the privacy terms that you are required to read and agree
to when you download new smartphone apps. In contrast, security relates
to how your personal information is safeguarded, like your data and various
facts about you.
2.Technical controls: Technical controls use a variety of technologies to
minimize vulnerabilities. A few examples of technical controls are firewalls,
encryption, IDSs, the principle of least privilege, and antivirus software.
3.Non-technical controls: Unlike technical controls, non-technical controls
include such actions and things as procedures, administrative policies, and
standards for the full range of information security, including privacy
domains and assigned responsibilities.

2. Security concepts in support of organizations’ risk mitigation
In this section, you will understand the below-mentioned concepts:
1. Risk identification process: Risk identification is the process of determining
which risks may harm the project. The main advantage of this procedure is that
it documents current risks and offers the project team information and the
capacity to predict occurrences.
2. Risk prioritization: The process of deciding which risks to act on first is known
as risk prioritizing. This should be based on the likelihood of a risk and its
potential consequence. Risk prioritizing may be accomplished by assessing the
risks to your company to decide which ones are more likely to occur and which
ones will have a greater impact. For evaluation, a risk prioritization matrix might
be employed.
3. Business impact analysis: A business impact analysis (BIA) is the process of
identifying the criticality of company activities and the resources required to
maintain operational resilience and continuity of operations during and after a
business interruption.
4. Training and exercises: In this section, you will learn about:

 Red team: A “red team” is a group that pretends to be an enemy or rival
and gives security input from that vantage point. Red teams are utilized
in a variety of sectors, including cybersecurity, airport security, the
military, and intelligence organizations.
 Blue team: A blue team is a group of people that analyze information
systems to assure security, uncover security holes, test the efficacy of
each security measure, and ensure that all security measures remain
effective after installation.
 The White team: The team oversees and evaluates the cyber defense
competition. They are also in charge of documenting ratings for the Blue
Teams on usability and security supplied by the Green and Red Teams,
respectively. The White Team also examines security reports and grades
them based on accuracy and countermeasures.

3. Policies, frameworks, procedures, and controls
In this section, you will learn about:
1. Frameworks: A security framework is a collection of national and international
cybersecurity regulations and practices designed to protect vital infrastructure. It
contains detailed recommendations for businesses on how to handle personal
information contained in systems in order to reduce their exposure to security-
related threats.
2. Policies and procedures: This section reveals:
 Password policy: A password policy is a collection of guidelines to improve
computer security by helping users create and use strong passwords. A password
policy is frequently included in an organization’s formal policies and may be taught
as part of security awareness training.
 Acceptable use policy: A company’s acceptable use policy should refer to the safe
and ethical use of email and the internet as a whole. A code of conduct outlines
the acceptable use policy, such as what websites users can access, how they can
log on to the network, etc.
 Data retention: Data retention rules govern the maintenance of persistent data
and records to fulfill legal and corporate data archiving needs.

3.Control types: There are a few different control types; they are:
 Managerial control: A person with managerial control has the power, directly
or indirectly, to direct or cause the direction of the management or policies of
the organization, whether by exercising voting rights, by contract, or in any
other manner.
 Operational Control: Operational control refers to the authority to handle
subordinate forces, including organizing and operating them, assigning tasks,
determining objectives, and giving authoritative directions required to
complete the mission.
 Preventive control: A preventative control prevents a loss or an error from
occurring. Physical property protection and segregation of duties are examples
of preventive controls. Generally, these controls are built into a process so that
they are applied continuously.

CySA+ with InfosecTrain:
InfosecTrain is one of the leading training platforms that offers consultancy
services, certifications, and training on cybersecurity and information security.
Our accredited trainer will help you gain the analytic skills to detect and defend
against cyberattacks in an organization. Our courses are available in live
instructor-led and self-paced sessions, making it easy to complete your training
journey. Join InfosecTrain’s CompTIA CySA+ training program to get cyber
analytic skills that can enhance your career in the cyber world.

About InfosecTrain
• Established in 2016, we are one of the finest
Security and Technology Training and
Consulting company
• Wide range of professional training programs,
certifications & consulting services in the IT
and Cyber Security domain
• High-quality technical services, certifications
or customized training programs curated with
professionals of over 15 years of combined
experience in the domain

Our Endorsements

Why InfosecTrain Global Learning Partners
Flexible modes
of Training
Tailor Made
Training
Post training
completion
Certified and
Experienced Instructors
Access to the
recorded
sessions

Our Trusted Clients

Contact us
Get your workforce reskilled
by our certified and
experienced instructors!
IND: 1800-843-7890 (Toll Free) / US: +1 657-221-1127 /
UK : +44 7451 208413
sales@infosectrain.com
www.infosectrain.com

CompTIA CySA Domain 5 Compliance and Assessment.pptx

Recommended

Recommended

More Related Content

Similar to CompTIA CySA Domain 5 Compliance and Assessment.pptx

Similar to CompTIA CySA Domain 5 Compliance and Assessment.pptx (20)

More from Infosectrain3

More from Infosectrain3 (20)

Recently uploaded

Recently uploaded (20)

CompTIA CySA Domain 5 Compliance and Assessment.pptx