Governance, Risk, and Compliance for CompTIA Security+

سرفصل های دوره

Proper governance, compliance, and risk assessment are an important part of any organization’s overall success. This course will teach you how to implement proper controls, assess risk, and limit your company’s exposure.

1. Course Overview

1. Course Overview

2. Comparing and Contrasting Various Types of Controls

1. Module Overview

2. Goals of the Module

3. Threat Types

4. Types of Access Control (Managerial, Operational, and Physical)

5. Deterrent

6. Preventive

7. Detective

8. Corrective - Recovery and Compensating

9. Module Review

3. Applicable Regulations, Standards, or Frameworks

01. Module Overview

02. Privacy and Compliance Challenges

03. GDPR and Key Terminology

04. GDPR Key Terms and Data Processing Principles

05. Six Legal Grounds for Processing Personal Data

06. GDPR Compliance and Penalties

07. Compliance Frameworks

08. NIST and the Cyber-security Framework (CSF)

09. PCI-DSS

10. Enterprise Security Framework (ESF)

11. NIST SP 800-53 and ISO 27001

12. Cloud Security Alliance (CSA)

13. SSAE 18, SOC 1, 2, and 3

14. Benchmarks and Secure Configuration Guides

15. Systems Hardening

16. Vendor and Control Diversity

17. Module Review

4. Implementing Policies within Organizational Security

01. Module Overview

02. Importance of Policies in Reducing Risk

03. Job Rotation

04. Mandatory Vacations

05. Separation of Duties

06. Least Privilege

07. Clean Desk Policies

08. Background Checks, NDAs, and Role-based Awareness Training

09. Use Cases for Monitoring

10. Things Typically Monitored

11. Balancing What's Reasonable

12. New Tools Are Constantly Developed

13. Monitoring Social Media

14. Employee Protections

15. Onboarding - Offboarding

16. Culture and Creating a Culture of Security

17. Setting the Stage

18. Awareness Training

19. Skills Training

20. Funding and Executive Buy-in

21. Continuous Improvement

22. Wired Brain Coffee's Approach to Training

23. Technology Diversity

24. Vendor Diversity

25. Service-level Agreement (SLA)

26. Memorandum of Understanding (MOU) and Master Services Agreement (MSA)

27. Business Partner Agreement (BPA)

28. EOL - EOS

29. Data Retention

30. User Account

31. Shared, Generic, Guest, and Service Accounts

32. Privileged Accounts

33. Change Management

34. Asset Management

5. Review the Risk Management Process and Concepts

01. Module Overview

02. Risk Types

03. Managing Risk

04. Risk Management Defined

05. Risk Management Concepts

06. Strategic Options

07. Risk Register, Risk Matrix, and Heat Map

08. Risk Control Self-assessment (RCSA)

09. Risk Awareness (Inherent, Residual, Control, and Risk Appetite)

10. Regulatory Examples

11. Gramm-Leach-Bliley Act (GLBA)

12. HIPAA

13. HITECH Act

14. Sarbanes-Oxley Act (SOX)

15. GDPR

16. Qualitative and Quantitative Analysis

17. Risk Calculation

18. Likelihood of Threat

19. Impact of Threat

20. Loss Calculation Terms (ALE, SLE, and ARO)

21. Threat Assessment (Disaster)

22. Additional Risk Calculation Terms (MTBF, MTTF, and MTTR)

23. Business Impact Analysis- Key Terminology

24. Mission Essential Functions

25. Identification of Critical Systems

26. Single Point of Failure (SPOF)

27. Order of Restoration

28. Phased Approach

29. Identifying Most Critical Systems First

30. Risk Assessment

31. Continuity of Operations

32. IT Contingency Planning

6. Privacy and Sensitive Data Concepts and Considerations

01. Module Overview

02. Company Obligations to Protect Security

03. Potential Damages from Mishandled Data

04. Incident Notification and Escalation

05. Notifying Outside Agencies

06. Data Classification

07. Privacy-enhancing Technologies, Data Masking, and Tokenization

08. Anonymization and Pseudo-anonymization

09. Data Owner

10. Data Controller and Processor

11. Data Steward - Custodian

12. Privacy Officer

13. Information Lifecycle

14. Privacy Impact Assessment

15. Terms of Agreement and Privacy Notice

179,000 تومان

افزودن به سبد خرید

خرید دانلودی فوری

در این روش نیاز به افزودن محصول به سبد خرید و تکمیل اطلاعات نیست و شما پس از وارد کردن ایمیل خود و طی کردن مراحل پرداخت لینک های دریافت محصولات را در ایمیل خود دریافت خواهید کرد.

تولید کننده: PluralSight