SlideShare a Scribd company logo

CompTIA Security+.pptx

Download as PPTX, PDF
K
KiranKumar24546

Security+

Technology
1 of 19
CompTIA Security+ Study Guide (SY0-501) Chapter 1: Managing Risk
Chapter 1: Managing Risk • Explain how resiliency and automation strategies reduce risk • Explain the importance of policies, plans, and procedures related to organizational security
Threat Assessment • Threats can be categorized as environmental, manmade, and internal vs. external • Risk assessment (risk analysis) – Risk assessment • Deals with the threats, vulnerabilities, and impacts of a loss of information-processing capabilities or information itself – Key components of risk assessment • Risks to which the organization is exposed • Risks that need addressing • Coordination with BIA
Computing Risk Assessment • Methods of measurement – Annualized rate of occurrence (ARO) • Likelihood, often from historical data, of an event occurring within a year – ARO can be used in conjunction with: • Single loss expectancy (SLE) • Annual loss expectancy (ALE) • Formula: SLE x ARO = ALE
Computing Risk Assessment Continued • Risk assessment can be qualitative or quantitative – Qualitative • Opinion-based and subjective – Quantitative • Cost-based and objective
Risk Measurements • MTBF: Mean Time Between Failures • MTTF: Mean Time To Failure • MTTR: Mean Time To Restore • RTO: Recovery Time Objective • RPO: Recovery Point Objective
Acting on Your Risk Assessment • Risk avoidance – Involves identifying a risk and making the decision to no longer engage in actions associated with that risk • Risk transference – Sharing some of the burden of the risk with someone else • Risk mitigation – Accomplished anytime steps are taken to reduce risk
Acting on Your Risk Assessment • Risk acceptance – Often the choice you must make when the cost of implementing any of the other choices exceeds the value of the harm that would occur if the risk came to fruition
Risks and Cloud Computing • Cloud computing – Using the Internet to host services and data instead of hosting it locally • Three ways to implement cloud computing 1. Platform as a Service 2. Software as a Service 3. Infrastructure as a Service
Risks and Cloud Computing • Risk-related issues associated with cloud computing – Regulatory compliance – User privileges – Data integration/segregation
Risks Associated with Virtualization • Breaking out of the virtual machine • Network and security controls can intermingle – Hypervisor: the virtual machine monitoring the software that allows the virtual machines to exist
Developing Policies, Standards, and Guidelines • Implementing policies – Policies provide people in an organization with guidance about their expected behavior – Well-written policies are clear and concise and outline the consequences when they are not followed
Key Areas of a Good Policy • Scope statement – Outlines what the policy intends to accomplish and which documents, laws, and practices the policy addresses • Policy overview statement – Provides goal of the policy, why it’s important, and how to comply with it • Policy statement – Should be as clear and unambiguous as possible • Accountability statement – Provides additional information to readers about who to contact if a problem is discovered • Exception statement – Provides specific guidance about the procedure or process that must be followed in order to deviate from the policy
Chapter 1: Measuring and Weighing Risk Incorporating standards: five points 1. Scope and purpose 2. Roles and responsibilities 3. Reference documents 4. Performance criteria 5. Maintenance and administrative requirements
Following Guidelines • Guidelines – Help an organization implement or maintain standards by providing information on how to accomplish policies and maintain standards Four Minimum Contents of Good Guidelines 1. Scope and purpose 2. Roles and responsibilities 3. Guideline statements 4. Operational considerations
Business Policies Primary Areas of Concern • Mandatory vacations • Job rotation • Separation of duties • Clean desk • Background checks • Nondisclosure • Onboarding • Continuing education • Exit interviews • Role-based awareness
Business Policies Primary Areas of Concern Continued • Acceptable use policies (AUP) • Adverse actions • General security policies • Network/application policies
• False positives – Events that aren’t really incidents • Risk management best practices – Business impact analysis (BIA) Chapter 1: Measuring and Weighing Risk
Redundant Array of Independent Disks • Redundant array of independent disks (RAID) – A technology that uses multiple disks to provide fault tolerance Several designations for RAID levels • RAID Level 0 RAID 0 is disk striping. • RAID Level 1 RAID 1 is disk mirroring. • RAID Level 3 RAID 3 is disk striping with a parity disk. • RAID Level 5 RAID 5 is disk striping with parity

Recommended

CISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security ConceptsCISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security ConceptsKarthikeyan Dhayalan
 
Building an Analytics Enables SOC
Building an Analytics Enables SOCBuilding an Analytics Enables SOC
Building an Analytics Enables SOCSplunk
 
Domain 1 - Security and Risk Management
Domain 1 - Security and Risk ManagementDomain 1 - Security and Risk Management
Domain 1 - Security and Risk ManagementMaganathin Veeraragaloo
 
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 ruleWalk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 ruleEnterpriseGRC Solutions, Inc.
 
Security policies
Security policiesSecurity policies
Security policiesNishant Pahad
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتReZa AdineH
 
CompTIA Security+ SY0-601 Domain 1
CompTIA Security+ SY0-601 Domain 1CompTIA Security+ SY0-601 Domain 1
CompTIA Security+ SY0-601 Domain 1ShivamSharma909
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterMichael Nickle
 

Recommended

CISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security ConceptsCISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security ConceptsKarthikeyan Dhayalan
 
Building an Analytics Enables SOC
Building an Analytics Enables SOCBuilding an Analytics Enables SOC
Building an Analytics Enables SOCSplunk
 
Domain 1 - Security and Risk Management
Domain 1 - Security and Risk ManagementDomain 1 - Security and Risk Management
Domain 1 - Security and Risk ManagementMaganathin Veeraragaloo
 
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 ruleWalk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 ruleEnterpriseGRC Solutions, Inc.
 
Security policies
Security policiesSecurity policies
Security policiesNishant Pahad
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتReZa AdineH
 
CompTIA Security+ SY0-601 Domain 1
CompTIA Security+ SY0-601 Domain 1CompTIA Security+ SY0-601 Domain 1
CompTIA Security+ SY0-601 Domain 1ShivamSharma909
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterMichael Nickle
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testingAbu Sadat Mohammed Yasin
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security GovernancePriyanka Aash
 
Data Center Security
Data Center SecurityData Center Security
Data Center SecurityCisco Canada
 
Vulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingVulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingYvonne Marambanyika
 
Vulnerability and Patch Management
Vulnerability and Patch ManagementVulnerability and Patch Management
Vulnerability and Patch Managementn|u - The Open Security Community
 
Information security in todays world
Information security in todays worldInformation security in todays world
Information security in todays worldSibghatullah Khattak
 
Vulnerability Assessment
Vulnerability AssessmentVulnerability Assessment
Vulnerability Assessmentprimeteacher32
 
Cyber Security Best Practices
Cyber Security Best PracticesCyber Security Best Practices
Cyber Security Best PracticesEvolve IP
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)Ahmad Haghighi
 
Incident response
Incident responseIncident response
Incident responseAnshul Gupta
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewTandhy Simanjuntak
 
Access Controls
Access ControlsAccess Controls
Access Controlsprimeteacher32
 
Cissp Training PPT
Cissp Training PPTCissp Training PPT
Cissp Training PPTADEPT TECHNOLOGY
 
SOC Cyber Security
SOC Cyber SecuritySOC Cyber Security
SOC Cyber SecuritySteppa Cyber Security
 
Iso 27001 Checklist
Iso 27001 ChecklistIso 27001 Checklist
Iso 27001 ChecklistCraig Willetts ISO Expert
 
Introduction to Cyber Resilience
Introduction to Cyber ResilienceIntroduction to Cyber Resilience
Introduction to Cyber ResiliencePeter Wood
 
Security management concepts and principles
Security management concepts and principlesSecurity management concepts and principles
Security management concepts and principlesDivya Tiwari
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber SecurityStephen Lahanas
 
Cloud Security
Cloud SecurityCloud Security
Cloud SecurityAWS User Group Bengaluru
 
Shields Up Presentation.pdf
Shields Up Presentation.pdfShields Up Presentation.pdf
Shields Up Presentation.pdfPMIUKChapter
 
Lesson 3
Lesson 3Lesson 3
Lesson 3MLG College of Learning, Inc
 
Internal Audit Best Practices for Safety, Environment, and Quality Audits
Internal Audit Best Practices for Safety, Environment, and Quality AuditsInternal Audit Best Practices for Safety, Environment, and Quality Audits
Internal Audit Best Practices for Safety, Environment, and Quality AuditsNimonik
 

More Related Content

What's hot

Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testingAbu Sadat Mohammed Yasin
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security GovernancePriyanka Aash
 
Data Center Security
Data Center SecurityData Center Security
Data Center SecurityCisco Canada
 
Vulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingVulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingYvonne Marambanyika
 
Information security in todays world
Information security in todays worldInformation security in todays world
Information security in todays worldSibghatullah Khattak
 
Vulnerability Assessment
Vulnerability AssessmentVulnerability Assessment
Vulnerability Assessmentprimeteacher32
 
Cyber Security Best Practices
Cyber Security Best PracticesCyber Security Best Practices
Cyber Security Best PracticesEvolve IP
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)Ahmad Haghighi
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewTandhy Simanjuntak
 
Introduction to Cyber Resilience
Introduction to Cyber ResilienceIntroduction to Cyber Resilience
Introduction to Cyber ResiliencePeter Wood
 
Security management concepts and principles
Security management concepts and principlesSecurity management concepts and principles
Security management concepts and principlesDivya Tiwari
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber SecurityStephen Lahanas
 
Shields Up Presentation.pdf
Shields Up Presentation.pdfShields Up Presentation.pdf
Shields Up Presentation.pdfPMIUKChapter
 

What's hot (20)

Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testing
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security Governance
 
Data Center Security
Data Center SecurityData Center Security
Data Center Security
 
Vulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingVulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration Testing
 
Vulnerability and Patch Management
Vulnerability and Patch ManagementVulnerability and Patch Management
Vulnerability and Patch Management
 
Information security in todays world
Information security in todays worldInformation security in todays world
Information security in todays world
 
Vulnerability Assessment
Vulnerability AssessmentVulnerability Assessment
Vulnerability Assessment
 
Cyber Security Best Practices
Cyber Security Best PracticesCyber Security Best Practices
Cyber Security Best Practices
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)
 
Incident response
Incident responseIncident response
Incident response
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An Overview
 
Access Controls
Access ControlsAccess Controls
Access Controls
 
Cissp Training PPT
Cissp Training PPTCissp Training PPT
Cissp Training PPT
 
SOC Cyber Security
SOC Cyber SecuritySOC Cyber Security
SOC Cyber Security
 
Iso 27001 Checklist
Iso 27001 ChecklistIso 27001 Checklist
Iso 27001 Checklist
 
Introduction to Cyber Resilience
Introduction to Cyber ResilienceIntroduction to Cyber Resilience
Introduction to Cyber Resilience
 
Security management concepts and principles
Security management concepts and principlesSecurity management concepts and principles
Security management concepts and principles
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber Security
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
 
Shields Up Presentation.pdf
Shields Up Presentation.pdfShields Up Presentation.pdf
Shields Up Presentation.pdf
 

Similar to CompTIA Security+.pptx

Internal Audit Best Practices for Safety, Environment, and Quality Audits
Internal Audit Best Practices for Safety, Environment, and Quality AuditsInternal Audit Best Practices for Safety, Environment, and Quality Audits
Internal Audit Best Practices for Safety, Environment, and Quality AuditsNimonik
 
EUCI Mapping Cybersecurity to CIP
EUCI Mapping Cybersecurity to CIPEUCI Mapping Cybersecurity to CIP
EUCI Mapping Cybersecurity to CIPScott Baron
 
Internal financial control - how ready are you - Webinar
Internal financial control - how ready are you - WebinarInternal financial control - how ready are you - Webinar
Internal financial control - how ready are you - WebinarAli Zeeshan
 
Cybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationCybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationMcKonly & Asbury, LLP
 
SLVA - Security monitoring and reporting itweb workshop
SLVA - Security monitoring and reporting itweb workshopSLVA - Security monitoring and reporting itweb workshop
SLVA - Security monitoring and reporting itweb workshopSLVA Information Security
 
It Audit Expectations High Detail
It Audit Expectations High DetailIt Audit Expectations High Detail
It Audit Expectations High Detailecarrow
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewShankar Subramaniyan
 
Presentation OHSAS 18001
Presentation OHSAS 18001Presentation OHSAS 18001
Presentation OHSAS 18001Gary Wong
 
Microsoft InfoSec for cloud and mobile
Microsoft InfoSec for cloud and mobileMicrosoft InfoSec for cloud and mobile
Microsoft InfoSec for cloud and mobileVijayananda Mohire
 
Oliver Laloux's The 'One Approach' - Integrating Risk Management, Governance ...
Oliver Laloux's The 'One Approach' - Integrating Risk Management, Governance ...Oliver Laloux's The 'One Approach' - Integrating Risk Management, Governance ...
Oliver Laloux's The 'One Approach' - Integrating Risk Management, Governance ...SAMTRAC International
 
RbM Webinar Slides- A Practical Guide for Getting Your RBM Program Up and Run...
RbM Webinar Slides- A Practical Guide for Getting Your RBM Program Up and Run...RbM Webinar Slides- A Practical Guide for Getting Your RBM Program Up and Run...
RbM Webinar Slides- A Practical Guide for Getting Your RBM Program Up and Run...TRI, the risk-based monitoring company
 
SiteFM Managing an Effective Safety Committee
SiteFM Managing an Effective Safety CommitteeSiteFM Managing an Effective Safety Committee
SiteFM Managing an Effective Safety CommitteeMichele Thompson
 
Step by-step for risk analysis and management-yaser aljohani
Step by-step for risk analysis and management-yaser aljohaniStep by-step for risk analysis and management-yaser aljohani
Step by-step for risk analysis and management-yaser aljohaniyaseraljohani
 
Step by-step for risk analysis and management-yaser aljohani
Step by-step for risk analysis and management-yaser aljohaniStep by-step for risk analysis and management-yaser aljohani
Step by-step for risk analysis and management-yaser aljohaniYaser Alrefai
 
Operational Excellence in Oil and Gas Loss Prevention
Operational Excellence in Oil and Gas Loss PreventionOperational Excellence in Oil and Gas Loss Prevention
Operational Excellence in Oil and Gas Loss PreventionMichael Marshall, PE
 
D1 security and risk management v1.62
D1 security and risk management v1.62D1 security and risk management v1.62
D1 security and risk management v1.62AlliedConSapCourses
 

Similar to CompTIA Security+.pptx (20)

Lesson 3
Lesson 3Lesson 3
Lesson 3
 
Internal Audit Best Practices for Safety, Environment, and Quality Audits
Internal Audit Best Practices for Safety, Environment, and Quality AuditsInternal Audit Best Practices for Safety, Environment, and Quality Audits
Internal Audit Best Practices for Safety, Environment, and Quality Audits
 
EUCI Mapping Cybersecurity to CIP
EUCI Mapping Cybersecurity to CIPEUCI Mapping Cybersecurity to CIP
EUCI Mapping Cybersecurity to CIP
 
Internal financial control - how ready are you - Webinar
Internal financial control - how ready are you - WebinarInternal financial control - how ready are you - Webinar
Internal financial control - how ready are you - Webinar
 
CISSP Chapter 1 Risk Management
CISSP Chapter 1 Risk ManagementCISSP Chapter 1 Risk Management
CISSP Chapter 1 Risk Management
 
Cybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationCybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your Organization
 
SLVA - Security monitoring and reporting itweb workshop
SLVA - Security monitoring and reporting itweb workshopSLVA - Security monitoring and reporting itweb workshop
SLVA - Security monitoring and reporting itweb workshop
 
It Audit Expectations High Detail
It Audit Expectations High DetailIt Audit Expectations High Detail
It Audit Expectations High Detail
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process Overview
 
Presentation OHSAS 18001
Presentation OHSAS 18001Presentation OHSAS 18001
Presentation OHSAS 18001
 
Microsoft InfoSec for cloud and mobile
Microsoft InfoSec for cloud and mobileMicrosoft InfoSec for cloud and mobile
Microsoft InfoSec for cloud and mobile
 
Oliver Laloux's The 'One Approach' - Integrating Risk Management, Governance ...
Oliver Laloux's The 'One Approach' - Integrating Risk Management, Governance ...Oliver Laloux's The 'One Approach' - Integrating Risk Management, Governance ...
Oliver Laloux's The 'One Approach' - Integrating Risk Management, Governance ...
 
RbM Webinar Slides- A Practical Guide for Getting Your RBM Program Up and Run...
RbM Webinar Slides- A Practical Guide for Getting Your RBM Program Up and Run...RbM Webinar Slides- A Practical Guide for Getting Your RBM Program Up and Run...
RbM Webinar Slides- A Practical Guide for Getting Your RBM Program Up and Run...
 
SiteFM Managing an Effective Safety Committee
SiteFM Managing an Effective Safety CommitteeSiteFM Managing an Effective Safety Committee
SiteFM Managing an Effective Safety Committee
 
Step by-step for risk analysis and management-yaser aljohani
Step by-step for risk analysis and management-yaser aljohaniStep by-step for risk analysis and management-yaser aljohani
Step by-step for risk analysis and management-yaser aljohani
 
Step by-step for risk analysis and management-yaser aljohani
Step by-step for risk analysis and management-yaser aljohaniStep by-step for risk analysis and management-yaser aljohani
Step by-step for risk analysis and management-yaser aljohani
 
Operational Excellence in Oil and Gas Loss Prevention
Operational Excellence in Oil and Gas Loss PreventionOperational Excellence in Oil and Gas Loss Prevention
Operational Excellence in Oil and Gas Loss Prevention
 
Auditing
AuditingAuditing
Auditing
 
ch14.ppt
ch14.pptch14.ppt
ch14.ppt
 
D1 security and risk management v1.62
D1 security and risk management v1.62D1 security and risk management v1.62
D1 security and risk management v1.62
 

Recently uploaded

APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 

Recently uploaded (20)

APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 

CompTIA Security+.pptx

  • 1. CompTIA Security+ Study Guide (SY0-501) Chapter 1: Managing Risk
  • 2. Chapter 1: Managing Risk • Explain how resiliency and automation strategies reduce risk • Explain the importance of policies, plans, and procedures related to organizational security
  • 3. Threat Assessment • Threats can be categorized as environmental, manmade, and internal vs. external • Risk assessment (risk analysis) – Risk assessment • Deals with the threats, vulnerabilities, and impacts of a loss of information-processing capabilities or information itself – Key components of risk assessment • Risks to which the organization is exposed • Risks that need addressing • Coordination with BIA
  • 4. Computing Risk Assessment • Methods of measurement – Annualized rate of occurrence (ARO) • Likelihood, often from historical data, of an event occurring within a year – ARO can be used in conjunction with: • Single loss expectancy (SLE) • Annual loss expectancy (ALE) • Formula: SLE x ARO = ALE
  • 5. Computing Risk Assessment Continued • Risk assessment can be qualitative or quantitative – Qualitative • Opinion-based and subjective – Quantitative • Cost-based and objective
  • 6. Risk Measurements • MTBF: Mean Time Between Failures • MTTF: Mean Time To Failure • MTTR: Mean Time To Restore • RTO: Recovery Time Objective • RPO: Recovery Point Objective
  • 7. Acting on Your Risk Assessment • Risk avoidance – Involves identifying a risk and making the decision to no longer engage in actions associated with that risk • Risk transference – Sharing some of the burden of the risk with someone else • Risk mitigation – Accomplished anytime steps are taken to reduce risk
  • 8. Acting on Your Risk Assessment • Risk acceptance – Often the choice you must make when the cost of implementing any of the other choices exceeds the value of the harm that would occur if the risk came to fruition
  • 9. Risks and Cloud Computing • Cloud computing – Using the Internet to host services and data instead of hosting it locally • Three ways to implement cloud computing 1. Platform as a Service 2. Software as a Service 3. Infrastructure as a Service
  • 10. Risks and Cloud Computing • Risk-related issues associated with cloud computing – Regulatory compliance – User privileges – Data integration/segregation
  • 11. Risks Associated with Virtualization • Breaking out of the virtual machine • Network and security controls can intermingle – Hypervisor: the virtual machine monitoring the software that allows the virtual machines to exist
  • 12. Developing Policies, Standards, and Guidelines • Implementing policies – Policies provide people in an organization with guidance about their expected behavior – Well-written policies are clear and concise and outline the consequences when they are not followed
  • 13. Key Areas of a Good Policy • Scope statement – Outlines what the policy intends to accomplish and which documents, laws, and practices the policy addresses • Policy overview statement – Provides goal of the policy, why it’s important, and how to comply with it • Policy statement – Should be as clear and unambiguous as possible • Accountability statement – Provides additional information to readers about who to contact if a problem is discovered • Exception statement – Provides specific guidance about the procedure or process that must be followed in order to deviate from the policy
  • 14. Chapter 1: Measuring and Weighing Risk Incorporating standards: five points 1. Scope and purpose 2. Roles and responsibilities 3. Reference documents 4. Performance criteria 5. Maintenance and administrative requirements
  • 15. Following Guidelines • Guidelines – Help an organization implement or maintain standards by providing information on how to accomplish policies and maintain standards Four Minimum Contents of Good Guidelines 1. Scope and purpose 2. Roles and responsibilities 3. Guideline statements 4. Operational considerations
  • 16. Business Policies Primary Areas of Concern • Mandatory vacations • Job rotation • Separation of duties • Clean desk • Background checks • Nondisclosure • Onboarding • Continuing education • Exit interviews • Role-based awareness
  • 17. Business Policies Primary Areas of Concern Continued • Acceptable use policies (AUP) • Adverse actions • General security policies • Network/application policies
  • 18. • False positives – Events that aren’t really incidents • Risk management best practices – Business impact analysis (BIA) Chapter 1: Measuring and Weighing Risk
  • 19. Redundant Array of Independent Disks • Redundant array of independent disks (RAID) – A technology that uses multiple disks to provide fault tolerance Several designations for RAID levels • RAID Level 0 RAID 0 is disk striping. • RAID Level 1 RAID 1 is disk mirroring. • RAID Level 3 RAID 3 is disk striping with a parity disk. • RAID Level 5 RAID 5 is disk striping with parity