Course description
In this course we will delve into the world of risk management. A security professional should be well versed in risk analysis and how to handle the risk the organization is exposed to. We will discuss the controls that can be implemented to reduce risk. Lastly, we will cover the best practices when it comes to risk management that are vital to an organization maintaining its business functions and processes. This course will cover the CompTIA Security+ objectives 2.1, 2.3, 2.8 and part of 2.7.
Prerequisites
This course assumes that the user has working knowledge of networks and networking. Ideally, the user should have their CompTIA Network+ certification, but can be replaced with networking experience.
Learning Paths
This course will help you prepare for the following certification and exam:
CompTIA Security+ Certification
SY0-401: CompTIA Security+
Meet the expert
Ryan Hendricks is an experienced instructor who teaches networking and security courses to IT professionals throughout the nation. He currently has the CompTIA Certified Technical Trainer (CTT+ Classroom) and the Cisco Certified Academy Instructor (CCAI) credentials. He holds certifications from (ISC)2, EC-Council, CompTIA, and Cisco. When not on the podium instructing, he delves into IT books, always looking to learn more and keep up with the latest security topics.
Course outline
Risk Management
Analysis (33:20)
- Introduction (00:27)
- Asset (01:36)
- Vulnerability (01:24)
- Threat (01:10)
- Risk (00:42)
- Risk Calculation (01:45)
- Quantitative Terms (02:23)
- Quantitative Terms, Cont. (01:09)
- Quantitative Example 1 (02:19)
- Quantitative Example 2 (01:17)
- Cost Benefit Analysis (01:08)
- CBA Example (00:49)
- CBA Example, Cont. (01:45)
- Qualitative Terms (00:43)
- Likelihood & Impact (01:13)
- Risk Reduction (01:00)
- Policies (00:43)
- Policy Support (00:59)
- Policy Example (02:25)
- Privacy Policy (01:00)
- Acceptable Use Policy (01:23)
- Security Policy (02:27)
- Mandatory Vacations (01:06)
- Job Rotation (01:11)
- Separation of Duties (00:14)
- Least Privilege (00:28)
- Summary (00:21)
Response (14:51)
- Introduction (00:21)
- Risk (00:50)
- Risk Avoidance (01:51)
- Risk Transference (02:21)
- Risk Mitigation (01:18)
- Risk Deterrence (00:48)
- Risk Acceptance (01:16)
- Risk Example (00:29)
- Risk Example, Avoidance (00:41)
- Risk Example, Transference (00:46)
- Risk Example, Mitigation (02:20)
- Risk Example, Acceptance (01:21)
- Summary (00:21)
Controls (21:18)
- Introduction (00:27)
- Risk Mitigation (00:31)
- Controls Types (01:24)
- Directive Controls (01:17)
- Preventative Controls (01:40)
- Deterrent Controls (01:28)
- Compensating Controls (01:19)
- Detective Controls (01:12)
- Corrective Controls (00:49)
- Recovery Controls (00:59)
- Risk Strategies (00:14)
- Change Management (03:13)
- Incident Management (01:05)
- User Rights and Permissions (01:56)
- Perform Routine Audits (00:48)
- Data Loss or Theft (00:56)
- Data Loss Prevention (01:29)
- Summary (00:24)
Best Practices (32:54)
- Introduction (00:23)
- Business Continuity (00:32)
- Business Impact Analysis (01:01)
- Identify Critical Systems (00:48)
- BIA Terminology (01:28)
- BIA Terminology, Cont. (00:55)
- Terminology Diagram (02:15)
- Terminology Example (01:50)
- BCP Testing (01:14)
- Continuity of Operations (01:16)
- IT Contingency Plan (01:02)
- Succession Planning (01:15)
- Single Point of Failure (01:20)
- High Availability (02:58)
- Redundancy (00:34)
- Spares (00:40)
- Fault Tolerance (00:27)
- Component Failure (01:21)
- RAID (00:25)
- RAID 0 (01:26)
- RAID 5 (00:41)
- Clustering (00:44)
- Servers (01:07)
- Disaster Recovery (00:39)
- Backups (00:46)
- Backup Schedule (03:17)
- Alternate Sites (01:55)
- Summary (00:21)