CompTIA exam study guide presentations by instructor Brian Ferrill, PACE-IT (Progressive, Accelerated Certifications for Employment in Information Technology) "Funded by the Department of Labor, Employment and Training Administration, Grant #TC-23745-12-60-A-53" Learn more about the PACE-IT Online program: www.edcc.edu/pace-it

1. Risk and security
related concepts.

2. Page 2
Instructor, PACE-IT Program – Edmonds Community College
Areas of Expertise Industry Certifications
 PC Hardware
 Network Administration
 IT Project Management
 Network Design
 User Training
 IT Troubleshooting
Qualifications Summary
Education
 M.B.A., IT Management, Western Governor’s University
 B.S., IT Security, Western Governor’s University
Entrepreneur, executive leader, and proven manger
with 10+ years of experience turning complex issues
into efficient and effective solutions.
Strengths include developing and mentoring diverse
workforces, improving processes, analyzing
business needs and creating the solutions
required— with a focus on technology.

3. Page 3
– The big picture of recovery.
– Concepts and terms.
PACE-IT.

4. Page 4
Risk and security related concepts.

5. Page 5
Standards and policies are
used to help ensure that
everyone is on the same
page at the same time.
All organizations should review their operations and create
standards and policies that suit their needs. Once they are
created, the standards and policies should be adhered to.
By stressing the importance of standards and policies, risks to an
organization can be reduced and security can be strengthened.
All policies and standards should be reviewed on a periodic basis
to help ensure that they remain relevant and be updated as
necessary.
Risk and security related concepts.

6. Page 6
– Disaster recovery plan (DRP).
» A disaster is any event or emergency that goes beyond the
normal response resources (e.g., earthquake or flood).
• The longer a business is not able to function, the more
damage is done.
» DRPs detail the steps to recover from a disaster situation (e.g.,
offsite backups and fallback sites).
• They also have sections dealing with how to help ensure
employee safety.
– Business continuity plan (BCP).
» A sub-element of the DRP, a BCP includes an impact analysis
of the business effects of down systems.
• The impact analysis helps to identify single points of failure in
the business system.
» A BCP helps to prioritize what systems or processes need to
be brought back first to get the organization operational again.
• It identifies mission critical systems, processes, and data.
» A BCP helps to guide the creation of the DRP.
Risk and security related concepts.

7. Page 7
Risk and security related concepts.

8. Page 8
– Single point of failure.
» A single point of failure is a system or component that, if it goes
down, has a major impact on operations (e.g., a key router that
fails and prevents customers from ordering products).
» Once identified, these failure points can be mitigated through
several different methods such as:
• Redundant systems (e.g., a backup router or redundant
power supply).
• System redesign (e.g., removal of the point of failure through
a redesign of the system (e.g., adding an additional router).
– UPS (uninterruptable power supply).
» A UPS will mitigate power issues that can have a negative
impact on sensitive networking components.
• Conditions the incoming power to remove spikes and sags in
the current, ensuring that the current flow is even.
• Helps to ensure continued operation for a given period of time
in the case of complete electrical power supply loss).
Risk and security related concepts.

9. Page 9
– First responders.
» The first people to discover or respond to the security issue.
• Ideally, it will be someone who has been properly trained in
how to deal with the situation.
» Within the network security realm, first responders can play a
key role in mitigating damage and collecting evidence.
– Data breach.
» Any unauthorized access to data, particularly to sensitive data.
• Breaches may be unintentional or intentional.
• Breaches may occur internally or externally.
» The severity of the breach is greatly determined by the
sensitivity of the data accessed.
» Data breaches can be very expensive to organizations.
• Loss of reputation, which can lead to loss of revenue.
• Loss of business secrets.
• Fines or penalties levied by governments or other
organizations.
Risk and security related concepts.

10. Page 10
Risk and security related concepts.
User awareness and training.
Greatly reducing
security risks.
Quite often, the weakest link in the
security chain is the users. The risks
can be reduced by making the users
properly aware of security and
security threats.
Penetration testing.
Finding weak spots and
hardening the system.
Actively and aggressively testing the
whole IT system in an effort to find
weak spots. This can include using
social engineering methods. The
data generated is used to harden the
IT system to mitigate risk.
Vulnerability scanning.
Finding network holes
and plugging them.
Mostly done through the use of
automated software, networks are
probed for vulnerabilities (e.g., open
ports or protocols). Once identified,
these holes into the network can be
plugged.

11. Page 11
Risk and security related concepts.
Organizations should establish and enforce standards and policies. These
will help to mitigate any risks. DRPs are developed and used to help
recover from a disaster. A BCP is a sub-element of a DRP. They identify
systems and components that are mission critical to an organization and
create plans to mitigate the loss of those identified elements.
Topic
The big picture of recovery.
Summary
A single point of failure is when there is a single point where a failure would
create business discontinuity. Network administrators strive to remove them
from their systems. A UPS is used to mitigate power issues. First
responders are the people who first notice and respond to security issues.
Ideally, the first responder will have been properly trained. A data breach is
any unauthorized access to an organization's data. User awareness and
training is used to mitigate risks associated at the user level. Penetration
testing is the review of a whole system looking for weaknesses that can
then be hardened. Vulnerability scanning is usually an automated process
that looks for weaknesses in networks so that any holes can be plugged.
Concepts and terms.

12. Page 12
THANK YOU!

13. This workforce solution was 100 percent funded by a $3 million grant awarded by the
U.S. Department of Labor's Employment and Training Administration. The solution was
created by the grantee and does not necessarily reflect the official position of the U.S.
Department of Labor. The Department of Labor makes no guarantees, warranties, or
assurances of any kind, express or implied, with respect to such information, including
any information on linked sites and including, but not limited to, accuracy of the
information or its completeness, timeliness, usefulness, adequacy, continued availability
or ownership. Funded by the Department of Labor, Employment and Training
Administration, Grant #TC-23745-12-60-A-53.
PACE-IT is an equal opportunity employer/program and auxiliary aids and services are
available upon request to individuals with disabilities. For those that are hearing
impaired, a video phone is available at the Services for Students with Disabilities (SSD)
office in Mountlake Terrace Hall 159. Check www.edcc.edu/ssd for office hours. Call
425.354.3113 on a video phone for more information about the PACE-IT program. For
any additional special accommodations needed, call the SSD office at 425.640.1814.
Edmonds Community College does not discriminate on the basis of race; color; religion;
national origin; sex; disability; sexual orientation; age; citizenship, marital, or veteran
status; or genetic information in its programs and activities.