O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

CompTIA Security+ SY0-201 Video Course Domain 6 - Organizational Security

Video Description

Organizational Security

Shon Harris

The fast, powerful way to prepare for your CompTIA Security+ exam!

Get all the hands-on training you need to pass (ISC)²’s tough SSCP exam, get certified, and move forward in your IT security career! In this online video, the world’s #1 information security trainer walks you through every skill and concept you’ll need to master. This online video contains over seven hours of training adapted from Shon Harris’s legendary five-day SSCP boot camps–including realistic labs, scenarios, case studies, and animations designed to build and test your knowledge in real-world settings!

Comprehensive coverage of CompTIA Security+ domains of knowledge:

     .    Security Definitions

     .    Mirroring Data

     .    Data Recovery

     .    Components of a Security Program

     .    Information Classification

     .    Security Enforcement Issues

About the Shon Harris Security Series

This online video is part of a complete library of books, online services, and videos designed to help security professionals enhance their skills and prepare for their certification exams. Every product in this series reflects Shon Harris’s unsurpassed experience in teaching IT security professionals.

Category: Security

System Requirements

OPERATING SYSTEM: Windows 2000, XP, or Vista; Mac OS X 10.4 (Tiger) or later
MULTIMEDIA: DVD drive; 1024 x 768 or higher display; sound card with speakers
COMPUTER: 500MHz or higher CPU; 128MB RAM or more

Table of Contents

  1. Course Introduction 00:06:59
  2. Domain 6 - Organizational Security 00:01:15
  3. Mainframe Days 00:00:50
  4. In the Good Old Days - Who Knew? 00:02:27
  5. Today's Environment 00:01:36
  6. Security Definitions 00:01:15
  7. Vulnerabilities 00:00:46
  8. Examples of Some Vulnerabilities that Are Not Always Obvious 00:02:10
  9. Risk - What Does It Really Mean? 00:02:10
  10. Relationships 00:02:02
  11. Who Deals with Risk? 00:01:18
  12. Overall Business Risk 00:01:30
  13. Who? 00:00:44
  14. AIC Triad 00:00:48
  15. Availability 00:00:51
  16. Integrity 00:01:06
  17. Confidentiality 00:00:48
  18. Who Is Watching? 00:02:05
  19. Social Engineering 00:04:06
  20. What Security People Are Really Thinking 00:01:14
  21. Security Concepts 00:01:00
  22. Security? 00:04:57
  23. The Bad Guys Are Motivated 00:02:20
  24. If Not Obscurity - Then What? 00:00:32
  25. Common Open Standards 00:01:42
  26. Without Standards 00:01:27
  27. Logical and Physical Controls 00:00:55
  28. Are There Gaps? 00:03:12
  29. Understanding Drivers 00:00:54
  30. Not Always So Easy 00:00:40
  31. Different Types of Backups 00:01:49
  32. Backup Types 00:01:08
  33. Incremental Backup 00:01:15
  34. Incremental 00:02:35
  35. Differential Backup 00:02:02
  36. Backup Protection 00:01:17
  37. Agenda 3 00:01:17
  38. Mean Time Between Failure 00:00:59
  39. Single Point of Failure 00:00:50
  40. Redundant and Fault Tolerance 00:02:32
  41. Mirroring Data 00:00:43
  42. Disk Duplexing 00:00:43
  43. Redundant Array of Independent Disks 00:05:37
  44. Massive Array of Inactive Disks (MAID) 00:00:50
  45. Redundant Array of Independent Tapes (RAIT) 00:00:34
  46. Serial Advanced Technology Architecture 00:00:50
  47. SAN 00:01:13
  48. Fault Tolerance 00:02:05
  49. Redundancy Mechanism 00:01:40
  50. Some Threats to Computer Operations 00:00:51
  51. Trusted Recovery of Software 00:01:10
  52. After System Crash 00:00:51
  53. Security Concerns 00:01:32
  54. Needs for BCP 00:00:38
  55. Is Your Organization Prepared? 00:02:33
  56. Is Your Company Prepared? 00:00:38
  57. 9/11 Changed Mentalities About BCP 00:00:55
  58. Disaster Affected Many 00:00:42
  59. America Is Rebuilding 00:00:36
  60. Partial FEMA Disaster List for 2005 00:01:06
  61. DRP Focus 00:00:33
  62. BCP Focus 00:00:43
  63. Comparing the Two 00:00:45
  64. What Is the Purpose of a BCP? 00:02:26
  65. More Reasons to Have Plans in Place 00:02:02
  66. Framework 00:00:39
  67. BCP Is a Core Component of Every Security Program 00:01:01
  68. Steps of BCP Process 00:01:57
  69. Different BCP Model 00:01:15
  70. Documentation 00:00:37
  71. Documentation and Approval 00:00:31
  72. BCP Policy Outlines 00:01:11
  73. BCP Policy Sample 00:00:32
  74. Who Is In Charge and Who Can We Blame? 00:01:52
  75. What's Needed In a Team? 00:00:51
  76. BCP Development Team 00:01:31
  77. Project Sizing 00:01:44
  78. Properly Determining Scope Is Important 00:00:50
  79. BCP Risk Analysis Steps 00:02:11
  80. BIA Steps 00:01:28
  81. Information from Different Sources 00:01:18
  82. Analysis 00:01:09
  83. Critical Functions 00:03:08
  84. Interdependencies 00:00:45
  85. Well, Of Course an Organization Knows How It Works! 00:00:54
  86. Business Silos 00:02:37
  87. Identifying Functions' Resources 00:02:05
  88. Who Connects to Who? 00:00:38
  89. BIA Steps (Cont.) 00:02:00
  90. MTD 00:00:31
  91. Example 00:01:53
  92. MTD Definitions 00:01:15
  93. BIA Steps (Cont.) 00:02:54
  94. Thinking Outside of the Box What If 00:00:55
  95. Biological Threats 00:00:46
  96. BIA Steps (Cont.) 00:00:56
  97. Potential Disasters 00:02:26
  98. Risk Approach 00:00:42
  99. Ranking by Risk Level 00:01:02
  100. Potential Losses 00:01:14
  101. Include All RISK Components 00:00:31
  102. What Have We Completed Up to Now? 00:02:29
  103. BIA Steps (Cont.) 00:01:27
  104. Alternate Business Process Procedures 00:02:36
  105. Business Process Reconstruction 00:01:46
  106. Recovery Strategies (Cont.) 00:00:55
  107. Facility Backups - Hot Site 00:00:52
  108. Facility Backups - Warm Site 00:00:58
  109. Facility Backups - Cold Site 00:00:43
  110. Compatibility Issues with Offsite Facility 00:02:04
  111. Tertiary Sites 00:00:56
  112. Subscription Costs 00:02:17
  113. Multiple Processing Centers 00:00:51
  114. Location, Location, Location 00:01:08
  115. Other Offsite Approaches 00:01:51
  116. Security Does Not Stop 00:01:12
  117. More Options 00:02:01
  118. Rolling Hot Site 00:00:58
  119. Recovery Strategies (Cont.) 00:00:41
  120. Supply and Technology Recovery 00:01:44
  121. VoIP 00:01:07
  122. Equipment Replacement 00:03:23
  123. What Items Need to Be Considered? 00:01:31
  124. Priorities 00:01:05
  125. Executive Succession Planning 00:01:43
  126. User Environment Recovery 00:03:01
  127. Co-Location 00:00:51
  128. Data Recovery 00:01:52
  129. Backup Redundancy 00:01:52
  130. Recovering Data 00:00:41
  131. Automated Backup Technologies 00:02:05
  132. Tape Vaulting 00:01:59
  133. Data Recovery (Cont.) 00:00:41
  134. Clustering for Fault Tolerance 00:01:30
  135. Disk or Database Shadowing 00:01:27
  136. Which Option to Use 00:00:31
  137. Cost Effective Measures 00:01:14
  138. Resources, Time, Solutions 00:00:46
  139. Determining Recovery Solutions 00:01:31
  140. Cost and Recovery Times 00:01:08
  141. BIA Steps (Cont.) 00:00:56
  142. Recovery Solutions 00:00:48
  143. Preventative Measures 00:01:18
  144. Reviewing Insurance 00:00:50
  145. Results from the BIA 00:01:12
  146. Now Ready to Develop the Plan 00:01:50
  147. Products That Can Help 00:01:05
  148. Plan Components 00:01:39
  149. External Groups 00:01:29
  150. Activation Phase 00:00:38
  151. Damage Assessment 00:01:39
  152. Notifying Personnel 00:01:16
  153. Plan Activation 00:00:42
  154. Emergency Response 00:01:22
  155. Recovery Procedures 00:00:45
  156. Documentation of Recovery Steps 00:01:28
  157. Reconstitution Phase 00:02:37
  158. Who Goes First? 00:00:56
  159. Disaster Hit - Now What? 00:01:05
  160. Termination of BCP 00:01:05
  161. Life Cycle 00:01:00
  162. Backup of the Backup Plan 00:01:12
  163. Types of Tests to Choose From 00:03:49
  164. Test Objectives 00:01:02
  165. Training Requirements 00:01:22
  166. Lessons Learned 00:00:36
  167. What Is Success? 00:00:51
  168. Out of Date? 00:01:01
  169. Keeping It Current 00:00:52
  170. Change Control 00:00:58
  171. Resulting Plan Should Contain 00:01:24
  172. Phases of the BCP 00:00:54
  173. Why Incident Response? 00:02:41
  174. Incident Response Alarms 00:01:37
  175. Threats 00:00:45
  176. Incident Response Framework 00:05:04
  177. Preparation and Planning 00:02:29
  178. IRT - Incident Response Team 00:03:55
  179. Incident Response Team - Mission 00:02:03
  180. Incident Response Team - Objectives 00:04:49
  181. Incident Response Team - Priorities 00:02:14
  182. Incident Response Team - Liaisons 00:05:28
  183. Detection 00:01:29
  184. Chain of Custody (2) 00:01:34
  185. Poking Into Network Traffic 00:01:01
  186. Snort 00:02:13
  187. Containment 00:01:00
  188. Containment - Some Considerations 00:02:45
  189. Notification 00:02:18
  190. Investigation 00:01:42
  191. Rules of Evidence 00:02:08
  192. Acceptable Evidence 00:02:18
  193. Exclusionary Rules 00:00:55
  194. Evidence Recognition 00:00:53
  195. Evidence Discovery 00:01:46
  196. Search and Seizure 00:02:01
  197. Network Monitoring 00:04:48
  198. Reviewing System Logs 00:01:52
  199. Interviewing 00:01:16
  200. Terminating the Investigation 00:01:21
  201. Recovery 00:00:56
  202. Response 00:01:19
  203. Follow-Up 00:03:33
  204. Electronic Forensic 00:01:57
  205. Media Analysis Procedures 00:00:44
  206. Media Analysis - IACIS Framework 00:02:53
  207. Step 1 - Sterile Media 00:00:57
  208. Step 2 - Legal Software 00:01:00
  209. Step 3 - Physical Examination of the Evidence 00:01:51
  210. Step 4 - Avoid Altering the Evidence 00:02:29
  211. Step 5 - Capture Date/Time and CMOS (RTC/NVRAM) Information 00:01:56
  212. Step 6 - Create an Exact Image 00:00:56
  213. Step 7 - Logically Examine the Image 00:01:54
  214. Step 8 - Examine the Boot Record Data and User-Defined Files 00:01:05
  215. Step 9 - Recover and Examine All Deleted Files 00:01:36
  216. Step 10 - Create a Listing of All Files 00:01:05
  217. Step 11 - Examine Unallocated Space for Lost or Hidden Data 00:00:56
  218. Step 12 - Examine File Slack 00:02:51
  219. Step 13 - Examine All User Created Files 00:02:15
  220. Step 14 - Unlock and Examine Password-Protected Files 00:01:14
  221. Step 15 - Create Printouts of All of the Apparent Evidence 00:01:41
  222. Step 16 - Examine Executable Files and Run Applications 00:01:32
  223. Step 17 - Write the Forensic Analysis Report 00:01:30
  224. Components of Security Program 00:00:49
  225. A Layered Approach 00:01:22
  226. In Security, You Never Want Any Surprises 00:00:52
  227. Building Foundation 00:00:46
  228. Security Roadmap 00:03:30
  229. Functional and Assurance Requirements 00:00:56
  230. Building Foundation 00:01:27
  231. Most Organizations 00:02:47
  232. Silo Security Structure 00:01:22
  233. Islands of Security Needs and Tools 00:00:33
  234. Get Out of a Silo Approach 00:00:32
  235. Security Is a Process 00:01:06
  236. Approach to Security Management 00:01:05
  237. Result of Battling Management 00:00:27
  238. Industry Best Practices Standards 00:01:29
  239. Pieces and Parts 00:00:54
  240. Numbering 00:01:11
  241. New ISO Standards 00:01:27
  242. COBIT 00:01:14
  243. COBIT - Control Objectives 00:01:09
  244. Measurements 00:00:29
  245. Information Technology Infrastructure Library 00:01:54
  246. Security Governance 00:05:28
  247. Policy Framework 00:01:58
  248. Policy Approved - Now What? 00:00:52
  249. Issue-Specific Policies 00:01:05
  250. System-Specific Policies 00:01:18
  251. Standards 00:02:14
  252. Baseline 00:01:18
  253. Data Collection for Metrics 00:01:16
  254. Guidelines 00:00:34
  255. Procedures 00:00:36
  256. Tying Them Together 00:01:17
  257. Program Support 00:00:42
  258. Senior Management's Role 00:01:05
  259. Security Roles 00:01:11
  260. Custodian 00:00:33
  261. Auditor 00:01:19
  262. Access 00:01:04
  263. Information Classification 00:00:55
  264. Data Leakage 00:00:45
  265. Do You Want to End Up In the News? 00:00:53
  266. Types of Classification Levels 00:00:47
  267. Data Protection Levels 00:00:53
  268. Classification Program Steps 00:02:02
  269. Information Classification Components 00:00:24
  270. Procedures and Guidelines 00:00:39
  271. Classification Levels 00:00:41
  272. Information Classification Criteria 00:01:14
  273. Criteria Example 00:00:34
  274. Or Not 00:00:45
  275. Information Owner Requirements 00:00:50
  276. Clearly Labeled 00:01:01
  277. Information Classification 00:00:59
  278. Employee Management 00:01:13
  279. Employee Position and Management 00:00:47
  280. Hiring and Firing Issues 00:02:15
  281. A Few More Items 00:00:20
  282. Unfriendly Termination 00:02:13
  283. Security Awareness and Training 00:01:52
  284. Training Characteristics 00:00:34
  285. Awareness 00:00:39
  286. Security Enforcement Issues 00:00:53
  287. PII 00:01:45
  288. Domain 6 Review 00:01:00
  289. Course Closure 00:04:34