Presentation is loading. Please wait.

Presentation is loading. Please wait.

CompTIA Security+ Study Guide (SY0-401)

Similar presentations


Presentation on theme: "CompTIA Security+ Study Guide (SY0-401)"— Presentation transcript:

1 CompTIA Security+ Study Guide (SY0-401)
Chapter 11: Security Administration

2 Chapter 11: Security Administration
Summarize the security implications of integrating systems and data with third parties. Explain the importance of security related awareness and training. Given a scenario, select the appropriate control to meet the goals of security. Summarize mobile security concepts and technologies. Compare and contrast alternative methods to mitigate security risks in static environments.

3 Third-Party Integration
Transitioning Ongoing Operations

4 Providing Education and Training
Organization’s training and educational programs need to be tailored for at least three different audiences: The organization as a whole (the so-called rank and file employees) Management Technical staff

5 Training Topics Clean Desk Policy
Compliance with Laws, Best Practices, and Standards Data Handling Dealing with Personally-Owned Devices Personally Identifiable Information Prevent Tailgating

6 Training Topics Continued
Safe Internet Habits Smart Computing Habits Social Networking Dangers The Need for All Computing to Be Safe The Value of Strong Passwords Understanding Data Labeling and Handling What to Do When Disposing of Old Media Responding to Hoaxes

7 Classifying Information
Three Primary Categories of Information: Public Use Internal Use Restricted Use

8 Chapter 11: Security Administration
Private Information intended only for use internally in the organization. Internal Information includes personnel records, financial working documents, ledgers, customer lists, and virtually any other information that is needed to run a business. Restricted Information could seriously damage the organization if disclosed. It includes proprietary processes, trade secrets, strategic information, and marketing plans. placed on a need-to-know basis

9 Information Access Controls
Access control defines the methods used to ensure that users of your network can access only what they’re authorized to access. Implicit Denies Least Privilege Job Rotation

10 Complying with Privacy and Security Regulations
Regulatory and governmental agencies are key components of a security management policy. As a security professional, you must stay current with these laws because you’re one of the primary agents to ensure compliance.

11 Regulations Health Insurance Portability and Accountability Act (HIPAA) a regulation that mandates national standards and procedures for the storage, use, and transmission of personal medical information. The Gramm-Leach-Bliley Act also known as the Financial Modernization Act of 1999, requires financial institutions to develop privacy notices and to notify customers that they are entitled to privacy.

12 Regulations The Computer Fraud and Abuse Act (CFAA)
this act gives federal authorities, primarily the FBI, the ability to prosecute hackers, spammers, and others as terrorists. The Family Educational Rights and Privacy Act (FERPA) dictates that educational institutions may not release information to unauthorized parties without the express permission of the student or, in the case of a minor, the parents of the student. The Computer Security Act of 1987 requires federal agencies to identify and protect computer systems that contain sensitive information.

13 Regulations Cyberspace Electronic Security Act (CESA)
gives law enforcement the right to gain access to encryption keys and cryptography methods. Cyber Security Enhancement Act of 2002 allows federal agencies relatively easy access to ISPs and other data-transmission facilities to monitor communications of individuals suspected of committing computer crimes using the Internet. The Patriot Act This law gives the U.S. government extreme latitude in pursuing criminals who commit terrorist acts.

14 Chapter 11: Security Administration
Mobile Devices BYOD Issues Alternative Methods to Mitigate Security Risks Control redundancy and diversity SCADA (Supervisory Control and Data Acquisition)


Download ppt "CompTIA Security+ Study Guide (SY0-401)"

Similar presentations


Ads by Google