Certified Information Systems Security Professional, Part 7 of 9: Malware and Business Continuity
with expert Kevin Henry
Course description
Malicious software exists in many forms. This course will cover many types of malware including worms, Trojans, viruses along with rootkits and back-doors. It then will cover business continuity, hot and cold sites, redundancy, and backups. Finally it will look at specifics of how to recover from disasters and and how it ties into risk management. This course is part of a series covering the ISC(2) Certified Information Systems Security Professional (CISSP).
Prerequisites
This series assumes a good understanding of enterprise networking and networking security. This is part 7 of a 9 part series.
Learning Paths
This course will help you prepare for the following certification and exam:
Certified Information Systems Security Professional
Meet the expert
Kevin is an international author, consultant and international
speaker. He is the official course development writer for ISC2 CISSP, ISACA CRISC and mile2’s C)ISSO. Kevin has been educating IT professionals for over 30 years. He also provides cyber security consulting and support services for organizations around the world. Assisting them with setting up Information Security programs and addressing areas ranging from in-depth risk analysis to policy creation and security awareness.
speaker. He is the official course development writer for ISC2 CISSP, ISACA CRISC and mile2’s C)ISSO. Kevin has been educating IT professionals for over 30 years. He also provides cyber security consulting and support services for organizations around the world. Assisting them with setting up Information Security programs and addressing areas ranging from in-depth risk analysis to policy creation and security awareness.
Course outline
Database Security and System Development
Database Models (18:47)
- Introduction (00:09)
- Database Models (00:38)
- Database Models: Hierarchical and Distributed (01:12)
- Database Models: Relational (00:44)
- Database Systems (01:01)
- Database Models: Relational Components (00:52)
- Foreign Key (01:31)
- Database Component (01:49)
- Database Security Mechanisms (01:14)
- Database Data Integrity Controls (01:58)
- Add-On Security (01:23)
- Database Security Issues (01:14)
- Controlling Access (01:43)
- Database Integrity (00:51)
- Data Warehousing (01:05)
- Data Mining (01:10)
- Summary (00:08)
Software Development (17:31)
- Introduction (00:08)
- Artificial Intelligence (02:33)
- Expert System Components (00:45)
- Artificial Neural Networks (01:03)
- Software Development Models (03:17)
- Project Development: Phases III, IV, and V (01:56)
- Project Development: Phases VI and VII (00:36)
- Verification vs. Validation (00:45)
- Evaluating the Resulting Product (01:27)
- Controlling How Changes Take Place (01:05)
- Change Control Process (01:45)
- Administrative Controls (01:58)
- Summary (00:08)
Malware Attacks (23:11)
- Introduction (00:08)
- Malware Attacks (00:42)
- Virus (02:08)
- More Malware (02:44)
- Rootkits and Backdoors (02:14)
- DDoS Attack Types (01:05)
- Escalation of Privilege (01:23)
- DDoS Issues (02:21)
- Buffer Overflow (02:55)
- Mail Bombing and Email Links (00:54)
- Phishing (02:22)
- Replay Attack (00:23)
- Cross-Site Scripting Attack (01:21)
- Timing Attacks (01:14)
- More Advanced Attacks (00:32)
- Summary (00:29)
- Summary (00:08)
Business Continuity
Project Initiation (14:12)
- Introduction (00:05)
- Phases of Plan (00:56)
- Pieces of the BCP (00:47)
- BCP Development (02:55)
- Where Do We Start (02:46)
- Why Is BCP a Hard Sell to Management (02:22)
- Understanding the Organization (02:01)
- BCP Committee (02:08)
- Summary (00:08)
Business Impact Analysis (27:35)
- Introduction (00:06)
- BCP Risk Analysis (01:25)
- Identifying Threats and Vulnerabilties (00:55)
- Categories (01:04)
- How to Identify the Critical Company Functions (01:24)
- Loss Criteria (00:54)
- Interdependencies (00:26)
- Choosing Offsite Services (00:36)
- Functions' Resources (02:51)
- Calculating MTD (01:05)
- Recovery Point Objective (02:22)
- Recovery Strategies (01:33)
- What Items Need to Be Considered in a Recovery (02:24)
- Facility Backups (02:30)
- Compatibility Issues with Offsite Facility (00:48)
- Which Do We Use? (02:36)
- Choosing Site Location (00:54)
- Other Offsite Approaches (01:53)
- BCP Plans Become out of Date (01:11)
- Summary (00:22)
- Summary (00:08)
Disaster Recovery
Disaster Preparation (14:08)
- Introduction (00:11)
- Proper Planning (01:16)
- Executive Succession Planning (00:33)
- Preventing a Disaster (01:11)
- Preventative Measures (03:18)
- Backup/Redundancy Options (01:00)
- Disk Shadowing (02:18)
- Hierarchical Storage Management (01:53)
- SAN (00:52)
- Co-Location (00:35)
- Other Options (00:48)
- Summary (00:08)
Development Plan (23:59)
- Introduction (00:12)
- Review: Results from the BIA (07:01)
- Now What (01:35)
- Priorities (00:18)
- Plan Objectives (02:10)
- Defining Roles (02:28)
- The Plan (01:04)
- Types of BC Plans (01:15)
- Recovery (00:56)
- Damage Assessment (01:31)
- Coordination Procedures (01:10)
- Sequence of Recovery Options (00:35)
- Relocate to the Alternate Facility (01:17)
- Restoration of Primary Site (01:19)
- Return to Normal Operations (00:56)
- Summary (00:08)
Emergency Response (14:03)
- Introduction (00:06)
- Environment (01:56)
- Operational Planning (01:10)
- Emergency Response (00:49)
- Revieing Insurance (00:58)
- When Is the Danger Over (01:22)
- Testing and Drills (02:04)
- Types of Tests (04:13)
- What Is Success (00:49)
- Summary (00:23)
- Summary (00:08)