Risk Management for CompTIA Security+

By Christopher Rees
Ever organization needs IT security to maintain a strong cybersecurity posture. This course will teach you the equally important concepts around managing risk and ensuring a companies critical assets are secure and available.
Play course overview
Course info
Rating
(28)
Level
Beginner
Updated
Oct 30, 2017
Duration
3h 21m
Table of contents
Course Overview
Course Overview 2m
Understanding Organizational Policies, Plans, and Procedures
Introduction 1m The Security Cycle and Standard Operating Procedures 2m Interoperability Agreements and SLAs 2m Business Partner Agreement (BPA) 1m Memorandum of Understanding (MOU) 2m Interconnection Security Agreement (ISA) 1m Importance of Policies in Reducing Risk 2m Mandatory Vacations 2m Separation of Duties 1m Job Rotation 1m Clean Desk, Background Checks, Exit Interviews 4m Data Ownership and User Types 2m Executive Users 3m Social Media Networks / Applications 2m Personal Email 2m
Business Impact Analysis Concepts
Introduction 1m Module Goal 1m Risk Calculation, MTBF, MTTF, and MTTR 1m BIA Key Terminology, WRT, and MTD 5m Mission Essential Functions 2m Identification of Critical Systems 2m Single Point of Failure 2m Determining Impact 1m Privacy Impact and Threshold Assessments 4m
Understanding Risk Management Processes and Concepts
Introduction 2m Threat Assessment 2m Risk Calculation 1m Likelihood of Threat 1m Impact of Threat 1m Qualitative and Quantitative Analysis 3m Loss Calculation Terms and Example 3m Testing 1m Managing Risk 3m Risk Avoidance 1m Change Management 6m Incident Management 2m Module Review 1m
Following Incident Response Procedures
Introduction 1m Who Should Watch and Why Should You Care? 3m Incident Types and Category Definitions 4m Team Models 1m Staffing Model 1m Outsourcing Considerations 2m Incident Notification and Escalation 2m Notifying Outside Agencies and Communication 2m Exercises 2m Incident Response Process 2m Preparation 2m Detection and Analysis 3m Stopping the Spread, Eradication, and Recovery 3m Module Review 1m
Reviewing the Fundamentals of Digital Forensics
Introduction 1m Computer Forensics 3m Order of Volatility 5m Chain of Custody 3m Legal Hold 1m First Responder Best Practices 5m Capture a System Image 4m Network Traffic and Logs 4m Capture Video 1m Record Time Offset 3m Take Hashes 2m Screenshots 1m Witnesses 2m Preservation 2m Recovery 1m Strategic Intelligence/Counterintelligence Gathering 1m Track Man House and Expense 3m Module Review 1m
Defining Disaster Recovery and Continuity of Operation
Introduction 1m Backup Plans / Policies 1m Backup Execution / Frequency 1m Cold Site, Hot Site, and Warm Site 3m Order or Restoration 2m Backup Types and Incremental vs. Differential 3m Geographic Considerations 3m Business Continuity Planning and Testing 3m Risk Assessment and Continuity of Operations 2m Disaster Recovery 3m IT Contingency Planning 3m Succession Planning 1m Tabletop Exercises 2m Module Overview 1m
Comparing and Contrasting Various Types of Controls
Introduction 1m Module Goal 1m Threat Types 1m Types of Access Controls 1m Deterrent 0m Preventive 1m Detective 1m Corrective/Recovery and Compensating 1m Security Countermeasures and Module Review 1m
Performing Data Security and Privacy Practices
Introduction 1m Why Should You Care? 2m Non-digital Data Destruction and Burning 2m Shredding 1m Pulping 1m Pulverizing 1m Degaussing 2m Purging 1m Wiping vs. Deleting 3m Data Classification, PII, and PHI 3m Data Owner 1m Data Steward/Custodian 1m Privacy Officer 1m Data Retention 2m Legal and Compliance 3m
Description
Course info
Rating
(28)
Level
Beginner
Updated
Oct 30, 2017
Duration
3h 21m
Description

Managing risk is a critical component of an organizations security posture. In this course, Risk Management for CompTIA Security+, you'll learn how to assess a company's risk across each area within IT. First, you'll explore the various methods used to assess risk like SLE, ALE, and ARO. Next, you'll learn the fundamentals of computer forensics, including maintaining chain of custody, legal holds, and data acquisition techniques. Finally, you'll discover the principals of disaster recovery, maintaining highly available infrastructure, and business continuity basics. By the end of the course, you'll understand what's required to assess an organization's operational risk, the methods used to conduct a forensic investigation, and how to keep a business operational leveraging disaster recovery and business continuity concepts.

About the author
Christopher Rees
About the author

Chris is a lifelong learner and professional information technologist, trainer and IT Manager. Married with 3 children, Chris is interested in martial arts, working out, spending time with family and friends and being creative whenever possible.

More from the author
Security Management: A Case Study
Advanced
1h 7m
Jun 2, 2020
Law, Ethics, and Security Compliance Management
Intermediate
2h 8m
Mar 18, 2020
Security Leadership through Effective Communication
Advanced
1h 14m
Dec 24, 2019
More courses by Christopher Rees
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
Hey everyone, my name is Christopher Rees, and welcome to my course on Risk Management for CompTIA Security+. In addition to being a trainer here at Pluralsight, I'm also a former law enforcement officer who specialized in computer crimes, and I have over 20 years of Enterprise IT experience. I've also been training students from all over the world since 1998. In this course, we'll cover the various concepts associated with risk management, which at first might not sound like the most glamorous topic when it comes to security, but trust me, if you embrace these concepts, you'll look like a rock star to your peers and to executive management. After all, at the end of the day, it's about minimizing risk and maximizing profits. So some of the major topics that we'll cover will include various operating agreements between companies, third parties, contractors, and so forth. We'll talk about personnel management as it pertains to security and risk. We'll talk about threat assessment and risk assessment concepts. We'll also cover the basics of forensics, maintaining chain of custody, legal holds, and so forth. We'll talk about business impact analysis and business continuity concepts, also data security including proper data classification, handling, and secure disposal or sanitization techniques. By the end of this course, you'll know the key concepts and technologies required to properly assess and manage risk, as well as maintain continuity of operations for your company, no matter how big or small or what industry. Before beginning the course, having some exposure to CompTIA's A+ and/or Network+ concepts is helpful, but it's not a requirement. So from here, you should feel comfortable diving into more advanced security topics with courses on CompTIA's Advanced Security Practitioner and also Malware Analysis: The Big Picture. So I hope you'll join me on this journey to learn risk management with the Risk Management for CompTIA Security+ course here at Pluralsight.

You're the smartest person in the room

PROVE IT

Your team won't just close the skills gap

THEY'LL HURDLE IT