O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

SSCP Video Course Domain 2 - Security Operations and Administration

Video Description

Security Operations and Administration

Shon Harris

The fast, powerful way to prepare for your SSCP exam!

Get all the hands-on training you need to pass (ISC)²’s tough SSCP exam, get certified, and move forward in your IT security career! In this online video, the world’s #1 information security trainer walks you through every skill and concept you’ll need to master. This online video contains over four and a half hours of training adapted from Shon Harris’s legendary five-day SSCP boot camps–including realistic labs, scenarios, case studies, and animations designed to build and test your knowledge in real-world settings!

Comprehensive coverage of SSCP domains of knowledge:

     .    Security Definitions

     .    Common Open Standards

     .    Backups

     .    Remote Access

     .    Support Systems

     .    Common Criteria

About the Shon Harris Security Series

This online video is part of a complete library of books, online services, and videos designed to help security professionals enhance their skills and prepare for their certification exams. Every product in this series reflects Shon Harris’s unsurpassed experience in teaching IT security professionals.

Category: Security

System Requirements

OPERATING SYSTEM: Windows 2000, XP, or Vista; Mac OS X 10.4 (Tiger) or later
MULTIMEDIA: DVD drive; 1024 x 768 or higher display; sound card with speakers
COMPUTER: 500MHz or higher CPU; 128MB RAM or more

Table of Contents

  1. Course Introduction 00:17:17
  2. Domain 2 - Security Operations and Administration 00:01:41
  3. Mainframe Days 00:00:50
  4. In the Good Old Days - Who Knew? 00:02:27
  5. Today's Environment 00:01:36
  6. Security Definitions 00:01:15
  7. Vulnerabilities 00:00:46
  8. Examples of Some Vulnerabilities that Are Not Always Obvious 00:02:10
  9. Risk - What Does It Really Mean? 00:02:10
  10. Relationships 00:02:02
  11. Who Deals with Risk? 00:01:18
  12. Overall Business Risk 00:01:30
  13. Who? 00:00:44
  14. AIC Triad 00:00:48
  15. Availability 00:00:51
  16. Integrity 00:01:06
  17. Confidentiality 00:00:48
  18. Who Is Watching? 00:02:05
  19. Social Engineering 00:04:06
  20. What Security People Are Really Thinking 00:01:14
  21. Security Concepts 00:01:00
  22. Security? 00:04:57
  23. The Bad Guys Are Motivated 00:02:38
  24. Open Standards 00:00:14
  25. Common Open Standards 00:01:42
  26. Without Standards 00:01:04
  27. Soft Controls 00:04:42
  28. Holistic Security 00:00:41
  29. Not Always So Easy 00:00:40
  30. What Is First? 00:02:17
  31. Different Types of Law 00:03:22
  32. How Is Liability Determined? 00:01:22
  33. Examples of Due Diligence 00:02:01
  34. Prudent Person Rule 00:02:31
  35. Prudent Person 00:00:19
  36. Components of Security Program 00:00:49
  37. A Layered Approach 00:01:22
  38. In Security, You Never Want Any Surprises 00:00:52
  39. Building Foundation (1) 00:00:46
  40. Security Roadmap 00:03:30
  41. Functional and Assurance Requirements 00:00:56
  42. Building Foundation (2) 00:01:27
  43. Most Organizations 00:02:47
  44. Silo Security Structure 00:01:22
  45. Islands of Security Needs and Tools 00:00:33
  46. Get Out of a Silo Approach 00:01:38
  47. Approach to Security Management 00:01:05
  48. Result of Battling Management 00:00:27
  49. Industry Best Practices Standards 00:01:12
  50. ISO/IEC 17799 00:01:12
  51. Numbering 00:01:11
  52. New ISO Standards 00:01:27
  53. COBIT 00:01:14
  54. COBIT - Control Objectives 00:01:38
  55. Information Technology Infrastructure Library 00:01:54
  56. Security Governance 00:05:00
  57. Security Program Components 00:00:28
  58. Policy Framework 00:01:04
  59. Organizational Policy 00:00:54
  60. Policy Approved - Now What? 00:00:52
  61. Issue-Specific Policies 00:00:45
  62. System-Specific Policies 00:01:38
  63. Standards 00:02:14
  64. Baseline (1) 00:01:18
  65. Data Collection for Metrics (1) 00:01:16
  66. Guidelines 00:00:34
  67. Procedures 00:00:36
  68. Tying Them Together 00:01:17
  69. Program Support 00:00:42
  70. Senior Management's Role 00:01:05
  71. Security Roles 00:04:07
  72. Information Classification 00:00:55
  73. Data Leakage 00:00:45
  74. Do You Want to End Up in the News? 00:00:53
  75. Types of Classification Levels 00:00:47
  76. Data Protection Levels 00:00:53
  77. Classification Program Steps 00:02:02
  78. Information Classification Components 00:01:03
  79. Classification Levels 00:00:41
  80. Information Classification Criteria 00:01:14
  81. Criteria Example 00:00:34
  82. Or Not 00:00:45
  83. Information Owner Requirements 00:00:50
  84. Clearly Labeled 00:01:01
  85. Testing Classification Program 00:00:59
  86. Employee Management 00:01:13
  87. Employee Position and Management 00:00:47
  88. Hiring and Firing Issues 00:04:49
  89. Security Awareness and Training 00:01:52
  90. Training Characteristics 00:00:34
  91. Awareness 00:00:39
  92. Security Enforcement Issues 00:00:53
  93. Computer Operations 00:00:57
  94. What Do We Have? 00:00:46
  95. Hardware Protection 00:01:01
  96. ITIL - Problem Management 00:01:35
  97. Problem Management Procedures for Processing Problems 00:01:26
  98. Data Output Controls 00:00:21
  99. Administrative Controls Personnel Controls 00:03:02
  100. Security Operations Personnel 00:01:09
  101. Change Control 00:00:55
  102. Another Example 00:00:45
  103. Agenda 1 00:00:58
  104. Library Maintenance 00:01:06
  105. Media Labels 00:00:30
  106. Media Controls 00:00:50
  107. Software Escrow 00:01:22
  108. Media Reuse 00:02:47
  109. Zeroization 00:02:01
  110. Physical Destruction 00:00:45
  111. Why Not Just Delete the Files? 00:01:46
  112. Mainframes 00:00:59
  113. Agenda 2 00:00:38
  114. HSM 00:01:08
  115. Off-Line 00:00:08
  116. Backup Types 00:01:08
  117. Incremental Backup 00:01:15
  118. Incremental 00:02:35
  119. Differential Backup 00:02:02
  120. Backup Protection 00:01:17
  121. Agenda 3 00:01:17
  122. Mean Time Between Failure 00:00:59
  123. Single Point of Failure 00:03:22
  124. Mirroring Data 00:00:43
  125. Disk Duplexing 00:00:43
  126. Redundant Array of Independent Disks 00:05:37
  127. Massive Array of Inactive Disks (MAID) 00:00:50
  128. Redundant Array of Independent Tapes (RAIT) 00:00:34
  129. Serial Advanced Technology Architecture 00:00:50
  130. SAN 00:01:13
  131. Fault Tolerance 00:02:05
  132. Redundancy Mechanism 00:01:13
  133. Backup Configuration Files 00:01:18
  134. Trusted Recovery of Software 00:01:10
  135. After System Crash 00:00:51
  136. Security Concerns 00:01:32
  137. Agenda 4 00:00:04
  138. Contingency Planning 00:01:19
  139. Agenda 5 00:03:20
  140. Remote Access 00:01:31
  141. Administering Systems Remotely 00:01:36
  142. Facsimile Security 00:01:32
  143. Support Systems 00:01:24
  144. Configuration Management (2) 00:02:24
  145. Change Control Roles in CM 00:03:02
  146. Configuration Management Plan 00:01:19
  147. Change Control-Security Environment 00:01:21
  148. Process of Change Management 00:01:34
  149. Baseline (2) 00:01:25
  150. Risk-based Cost Effective Controls 00:02:44
  151. Software Programming 00:00:31
  152. Security Considered at Each Phase 00:04:24
  153. Waterfall Model 00:01:41
  154. WaterFall Stages 00:01:20
  155. Requirement Analysis 00:01:16
  156. Design 00:01:02
  157. Development 00:02:07
  158. Verification 00:01:45
  159. Operation and Maintenance 00:02:28
  160. Iterative Development Model 00:02:33
  161. Exploratory Model 00:02:29
  162. Rapid Application Development (RAD) Model 00:01:39
  163. Spiral Model 00:04:33
  164. Reuse Model 00:01:35
  165. Computer Aided Software Engineering Model (CASE) 00:05:08
  166. Extreme Programming 00:01:54
  167. Trusted Computer System Evaluation Criteria (TCSEC) 00:01:10
  168. TCSEC 00:00:40
  169. TCSEC Rating Breakdown 00:01:58
  170. Evaluation Criteria - ITSEC 00:01:21
  171. ITSEC Ratings 00:01:12
  172. Common Criteria 00:00:27
  173. Security Functional Requirements 00:00:46
  174. Common Criteria Components 00:02:03
  175. Common Criteria Requirements 00:00:40
  176. Common Criteria Outline 00:01:09
  177. Certification versus Accreditation 00:00:38
  178. Security Levels 00:01:01
  179. Modes of Operation 00:03:13
  180. MAC Modes (Cont.) 00:00:40
  181. Sets of Ethics 00:03:26
  182. Computer Ethics Institute 00:00:36
  183. Internet Architecture Board 00:02:04
  184. Domain 2 Review 00:01:43