Presentation is loading. Please wait.

Presentation is loading. Please wait.

CompTIA Security+ Study Guide (SY0-401)

Published byIrène Moreau Modified over 5 years ago

Similar presentations

Presentation on theme: "CompTIA Security+ Study Guide (SY0-401)"— Presentation transcript:

1 CompTIA Security+ Study Guide (SY0-401)
Chapter 11: Security Administration

2 Chapter 11: Security Administration
Summarize the security implications of integrating systems and data with third parties. Explain the importance of security related awareness and training. Given a scenario, select the appropriate control to meet the goals of security. Summarize mobile security concepts and technologies. Compare and contrast alternative methods to mitigate security risks in static environments.

3 Third-Party Integration
Transitioning Ongoing Operations

4 Providing Education and Training
Organization’s training and educational programs need to be tailored for at least three different audiences: The organization as a whole (the so-called rank and file employees) Management Technical staff

5 Training Topics Clean Desk Policy
Compliance with Laws, Best Practices, and Standards Data Handling Dealing with Personally-Owned Devices Personally Identifiable Information Prevent Tailgating

6 Training Topics Continued
Safe Internet Habits Smart Computing Habits Social Networking Dangers The Need for All Computing to Be Safe The Value of Strong Passwords Understanding Data Labeling and Handling What to Do When Disposing of Old Media Responding to Hoaxes

7 Classifying Information
Three Primary Categories of Information: Public Use Internal Use Restricted Use

8 Chapter 11: Security Administration
Private Information intended only for use internally in the organization. Internal Information includes personnel records, financial working documents, ledgers, customer lists, and virtually any other information that is needed to run a business. Restricted Information could seriously damage the organization if disclosed. It includes proprietary processes, trade secrets, strategic information, and marketing plans. placed on a need-to-know basis

9 Information Access Controls
Access control defines the methods used to ensure that users of your network can access only what they’re authorized to access. Implicit Denies Least Privilege Job Rotation

10 Complying with Privacy and Security Regulations
Regulatory and governmental agencies are key components of a security management policy. As a security professional, you must stay current with these laws because you’re one of the primary agents to ensure compliance.

11 Regulations Health Insurance Portability and Accountability Act (HIPAA) a regulation that mandates national standards and procedures for the storage, use, and transmission of personal medical information. The Gramm-Leach-Bliley Act also known as the Financial Modernization Act of 1999, requires financial institutions to develop privacy notices and to notify customers that they are entitled to privacy.

12 Regulations The Computer Fraud and Abuse Act (CFAA)
this act gives federal authorities, primarily the FBI, the ability to prosecute hackers, spammers, and others as terrorists. The Family Educational Rights and Privacy Act (FERPA) dictates that educational institutions may not release information to unauthorized parties without the express permission of the student or, in the case of a minor, the parents of the student. The Computer Security Act of 1987 requires federal agencies to identify and protect computer systems that contain sensitive information.

13 Regulations Cyberspace Electronic Security Act (CESA)
gives law enforcement the right to gain access to encryption keys and cryptography methods. Cyber Security Enhancement Act of 2002 allows federal agencies relatively easy access to ISPs and other data-transmission facilities to monitor communications of individuals suspected of committing computer crimes using the Internet. The Patriot Act This law gives the U.S. government extreme latitude in pursuing criminals who commit terrorist acts.

14 Chapter 11: Security Administration
Mobile Devices BYOD Issues Alternative Methods to Mitigate Security Risks Control redundancy and diversity SCADA (Supervisory Control and Data Acquisition)

Download ppt "CompTIA Security+ Study Guide (SY0-401)"

Similar presentations

IT Security Policy Framework

IT Security Policy Framework
University Data Classification Table* Level 5Level 4 Information that would cause severe harm to individuals or the University if disclosed. Level 5 information.

University Data Classification Table* Level 5Level 4 Information that would cause severe harm to individuals or the University if disclosed. Level 5 information.
HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.

HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.
Security Vulnerabilities and Conflicts of Interest in the Provider-Clearinghouse*-Payer Model Andy Podgurski and Bret Kiraly EECS Department & Sharona.

Security Vulnerabilities and Conflicts of Interest in the Provider-Clearinghouse*-Payer Model Andy Podgurski and Bret Kiraly EECS Department & Sharona.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.

Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.

HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.
HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website: www.mc.vanderbilt.edu/HIPAA.

HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website:
Confidentiality and HIPAA

Confidentiality and HIPAA
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
NAU HIPAA Awareness Training

NAU HIPAA Awareness Training
Today’s Schools face:  Numerous State and Federal Regulations  Reduced Technology Funding  More Stringent Guidelines for Technology Use.

Today’s Schools face:  Numerous State and Federal Regulations  Reduced Technology Funding  More Stringent Guidelines for Technology Use.
Regulatory Issues in Campus Computing Privacy and Security in a Digital World Presented by David Gleason, Esq. University Counsel University of Maryland,

Regulatory Issues in Campus Computing Privacy and Security in a Digital World Presented by David Gleason, Esq. University Counsel University of Maryland,
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.

Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.
Springfield Technical Community College Security Awareness Training.

Springfield Technical Community College Security Awareness Training.
Presented by: Dan Landsberg August 12, 2011. Agenda  What is Social Media?  Social Media’s Professional Side  Benefits of Social Media  Regulatory.

Presented by: Dan Landsberg August 12, Agenda  What is Social Media?  Social Media’s Professional Side  Benefits of Social Media  Regulatory.
Security Controls – What Works

Security Controls – What Works
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.

HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.
ELECTRONIC MEDICAL RECORDS By Group 5 members: Kinal Patel David A. Ronca Tolulope Oke.

ELECTRONIC MEDICAL RECORDS By Group 5 members: Kinal Patel David A. Ronca Tolulope Oke.

Similar presentations

Ads by Google