Certified Information Systems Security Professional, Part 1 of 9: Risk and Authentication
with expert Kevin Henry
Course description
This course covers risk management and authentication. It will look at risk from a negative perspective or the likelihood of something bad happening. Topics covered will be plans, programs and infrastructure providing the foundation for all other domains including access control, validating, and verifying the use of resources. This course is part of a series covering the ISC(2) Certified Information Systems Security Professional or CISSP.
Prerequisites
This series assumes a good understanding of enterprise networking and networking security.
Learning Paths
This course will help you prepare for the following certification and exam:
Certified Information Systems Security Professional
Meet the expert
Kevin is an international author, consultant and international
speaker. He is the official course development writer for ISC2 CISSP, ISACA CRISC and mile2’s C)ISSO. Kevin has been educating IT professionals for over 30 years. He also provides cyber security consulting and support services for organizations around the world. Assisting them with setting up Information Security programs and addressing areas ranging from in-depth risk analysis to policy creation and security awareness.
speaker. He is the official course development writer for ISC2 CISSP, ISACA CRISC and mile2’s C)ISSO. Kevin has been educating IT professionals for over 30 years. He also provides cyber security consulting and support services for organizations around the world. Assisting them with setting up Information Security programs and addressing areas ranging from in-depth risk analysis to policy creation and security awareness.
Course outline
Risk Assessment
Risk Definitions (19:15)
- Introduction (00:14)
- Risk Management Flow (05:41)
- Risk Definitions (00:55)
- What Is the Value of an Asset (00:55)
- What Is a Threat Source/Agent (01:25)
- What Is a Threat (00:48)
- What Is a Vulnerability (00:42)
- Examples of Non-Obvious Vulnerabilties (02:12)
- What Is a Control (01:27)
- What is Likelihood (02:45)
- What Is Impact (01:01)
- Control Effectiveness (00:55)
- Summary (00:08)
Risk Management (09:53)
- Introduction (00:11)
- Agenda (00:12)
- Risk Management (04:44)
- Risk Response and Monitoring (01:44)
- Purpose of Risk Management (02:52)
- Summary (00:08)
Risk Assessment (19:15)
- Introduction (00:13)
- Risk Assessment (04:42)
- Why Is Risk Assessment Difficult (02:27)
- Different Approaches to Analysis (01:16)
- Quantitative Analysis (01:52)
- Threat Analysis and Annual Loss Expectency (00:44)
- Quantitative Analysis Continued (01:18)
- ALE Value Uses (00:29)
- Qualitative Analysis: Likelihood (01:32)
- Qualitative Analysis - Impact (00:33)
- Qualitative Analysis - Risk Level (00:52)
- Qualitative Analysis Steps (03:04)
- Summary (00:08)
Responding to Risk (08:54)
- Introduction (00:14)
- Completion of Risk Assessment (00:22)
- Risk Response (01:11)
- Management's Response to Identified Risks (06:57)
- Summary (00:08)
Introduction to Security
Understanding Security (12:00)
- Introduction (00:05)
- What Is Information Security (01:37)
- What Is Information Security Continued (01:26)
- The Information Security Triad (06:47)
- Understanding the Business (01:55)
- Summary (00:08)
Security Controls (20:57)
- Introduction (00:50)
- Setting up a Security Program (03:48)
- Enterprise Security Program (02:47)
- Building a Foundation (01:49)
- Planning Horizon Components (02:14)
- Enterprise Security: The Business Requirements (01:22)
- Enterprise Security Program Components (01:28)
- Control Types (01:35)
- "Soft" Controls (01:05)
- Technical or Logical Controls (00:14)
- Physical Controls (00:29)
- Roadmap to Maturity (01:23)
- Program Monitoring (01:39)
- Summary (00:08)
Roles and Responsibilities (13:07)
- Introduction (00:15)
- Senior Management's Role in Security (02:54)
- Security Roles and Responsibilities (04:41)
- Roles and Responsibilties (01:40)
- Agenda (00:05)
- Security Program Components (00:46)
- Information Security Policy (01:18)
- Security Policy Review (00:31)
- Implementing Policy (00:43)
- Summary (00:08)
Human Resources (11:21)
- Introduction (00:08)
- Agenda (00:11)
- Security and the Human Factors (00:29)
- Employee Management (00:46)
- Human Resources Issues (01:42)
- Importance to Security (00:36)
- Recruitment Issues (00:23)
- Termination of Employment (01:09)
- Human Resources Practices (01:21)
- Types of Training (01:04)
- Quality Training (00:35)
- Informing Employees About Security (01:06)
- Enforcement (00:41)
- Security Enforcement Issues (00:41)
- Summary (00:13)
- Summary (00:08)
Authentication
Access Control Methodology (12:54)
- Introduction (01:01)
- Access Control Administration (01:44)
- Accountability and Access Control (01:20)
- Trusted Path (00:58)
- Who Are You? (01:04)
- Authentication Mechanism (00:34)
- Strong Authentication (00:27)
- Authorization (04:01)
- Access Criteria (00:36)
- Fraud Controls and Access Control Mechanisms (00:57)
- Summary (00:08)
Biometrics and Passwords (24:31)
- Introduction (00:06)
- Biometric Technology (01:24)
- Biometrics Enrollment Process (00:50)
- Downfalls to Biometric Use (00:45)
- Biometrics Error Types (02:00)
- Biometrics Diagram (02:31)
- Biometric System Types (02:14)
- Agenda (00:10)
- Passwords and PINs (01:05)
- Password Shoulds (02:33)
- Password Attacks (01:45)
- Countermeasures for Password Cracking (01:52)
- Cognitive Password (00:47)
- One-Time Password Authentication (01:21)
- Agenda (00:04)
- Synchronous Token (01:07)
- Asynchronous Token Device (00:16)
- Cryptographic Keys (00:29)
- Passphrase Authentication (00:37)
- Memory Cards and Smart Cards (02:18)
- Summary (00:08)
Single Sign-on (14:42)
- Introduction (00:31)
- Single Sign-on Technology (01:29)
- Different Technologies (01:22)
- Scripts and Directory Services (00:51)
- Thin Clients (00:36)
- Kerberos as a Single Sign-on Technology (00:20)
- Tickets (01:04)
- Kerberos Components Working Together (01:14)
- Major Components of Kerberos (01:13)
- Kerberos Authentication Steps (01:47)
- Purpose of Kerberos (00:37)
- Issues Pertaining to Kerberos (01:55)
- SESAME as a Single Sign-on Technology (00:54)
- Federated Authentication (00:34)
- Summary (00:08)
Intrusion Detection Systems (09:06)
- Introduction (00:23)
- Host-Based IDS (01:22)
- Network-Based IDS Sensors (00:42)
- Types of IDSs (02:11)
- Behavior-Based IDS (00:39)
- IDS Response Mechanisms (00:42)
- IDS Issues (01:32)
- Trapping an Intruder (00:52)
- Summary (00:30)
- Summary (00:08)