Governance, Risk, and Compliance for CompTIA Security+

By Christopher Rees
Proper governance, compliance, and risk assessment are an important part of any organization’s overall success. This course will teach you how to implement proper controls, assess risk, and limit your company’s exposure.
Play course overview
Course info
Level
Beginner
Updated
Jan 25, 2021
Duration
2h 37m
Table of contents
Course Overview
Course Overview 2m
Comparing and Contrasting Various Types of Controls
Module Overview 1m Goals of the Module 1m Threat Types 1m Types of Access Control (Managerial, Operational, and Physical) 1m Deterrent 0m Preventive 1m Detective 1m Corrective / Recovery and Compensating 1m Module Review 0m
Applicable Regulations, Standards, or Frameworks that Impact a Security Organization
Module Overview 1m Privacy and Compliance Challenges 5m GDPR and Key Terminology 2m GDPR Key Terms and Data Processing Principles 2m Six Legal Grounds for Processing Personal Data 1m GDPR Compliance and Penalties 1m Compliance Frameworks 3m NIST and the Cyber-security Framework (CSF) 1m PCI-DSS 1m Enterprise Security Framework (ESF) 1m NIST SP 800-53 and ISO 27001 3m Cloud Security Alliance (CSA) 1m SSAE 18, SOC 1, 2, and 3 3m Benchmarks and Secure Configuration Guides 2m Systems Hardening 3m Vendor and Control Diversity 2m Module Review 0m
Implementing Policies within Organizational Security
Module Overview 1m Importance of Policies in Reducing Risk 0m Job Rotation 2m Mandatory Vacations 1m Separation of Duties 1m Least Privilege 1m Clean Desk Policies 1m Background Checks, NDAs, and Role-based Awareness Training 2m Use Cases for Monitoring 2m Things Typically Monitored 2m Balancing What's Reasonable 1m New Tools Are Constantly Developed 1m Monitoring Social Media 1m Employee Protections 1m Onboarding / Offboarding 1m Culture and Creating a Culture of Security 2m Setting the Stage 1m Awareness Training 1m Skills Training 2m Funding and Executive Buy-in 1m Continuous Improvement 1m Wired Brain Coffee's Approach to Training 2m Technology Diversity 1m Vendor Diversity 1m Service-level Agreement (SLA) 1m Memorandum of Understanding (MOU) and Master Services Agreement (MSA) 2m Business Partner Agreement (BPA) 1m EOL / EOS 2m Data Retention 1m User Account 1m Shared, Generic, Guest, and Service Accounts 2m Privileged Accounts 1m Change Management 2m Asset Management 2m
Review the Risk Management Process and Concepts
Module Overview 1m Risk Types 3m Managing Risk 1m Risk Management Defined 1m Risk Management Concepts 3m Strategic Options 2m Risk Register, Risk Matrix, and Heat Map 1m Risk Control Self-assessment (RCSA) 3m Risk Awareness (Inherent, Residual, Control, and Risk Appetite) 1m Regulatory Examples 1m Gramm-Leach-Bliley Act (GLBA) 1m HIPAA 1m HITECH Act 2m Sarbanes-Oxley Act (SOX) 3m GDPR 1m Qualitative and Quantitative Analysis 3m Risk Calculation 1m Likelihood of Threat 1m Impact of Threat 1m Loss Calculation Terms (ALE, SLE, and ARO) 3m Threat Assessment (Disaster) 2m Additional Risk Calculation Terms (MTBF, MTTF, and MTTR) 1m Business Impact Analysis: Key Terminology 5m Mission Essential Functions 2m Identification of Critical Systems 2m Single Point of Failure (SPOF) 2m Order of Restoration 2m Phased Approach 1m Identifying Most Critical Systems First 2m Risk Assessment 1m Continuity of Operations 1m IT Contingency Planning 3m
Privacy and Sensitive Data Concepts and Considerations
Module Overview 1m Company Obligations to Protect Security 2m Potential Damages from Mishandled Data 1m Incident Notification and Escalation 2m Notifying Outside Agencies 1m Data Classification 3m Privacy-enhancing Technologies, Data Masking, and Tokenization 2m Anonymization and Pseudo-anonymization 1m Data Owner 1m Data Controller and Processor 0m Data Steward / Custodian 1m Privacy Officer 1m Information Lifecycle 2m Privacy Impact Assessment 2m Terms of Agreement and Privacy Notice 2m
Description
Course info
Level
Beginner
Updated
Jan 25, 2021
Duration
2h 37m
Description

Regulations, privacy, compliance, and ensuring your customer’s data is secure are becoming increasingly important while at the same time becoming increasingly complex. As new regulations are introduced, a company’s responsibilities continue to increase. In this course, Governance, Risk, and Compliance for CompTIA Security+, you’ll learn to properly assess your company’s risk across all facets of the organization. First, you’ll explore the various types of controls that can be put in place to limit exposure. Next, you’ll discover several methodologies, frameworks, and best practices needed to develop policy and ensure compliance. Finally, you’ll learn how to create a business impact analysis and properly classify data, along with the technologies required to safeguard that data. When you’re finished with this course, you’ll have the skills and knowledge of risk management and compliance needed to ensure your organization is properly governing employee and customer data, complying with local, state, and federal regulations, and properly assessing risk.

About the author
Christopher Rees
About the author

Chris is a lifelong learner and professional information technologist, trainer and IT Manager. Married with 3 children, Chris is interested in martial arts, working out, spending time with family and friends and being creative whenever possible.

More from the author
CompTIA Security+: Exam Briefing
Beginner
19m
May 4, 2021
Operations and Incident Response for CompTIA Security+
Beginner
3h 54m
Jan 19, 2021
More courses by Christopher Rees
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
Hey everyone, my name is Christopher Rees, and welcome to my course on Governance, Risk, and Compliance for CompTIA Security+. When it comes to demonstrating cybersecurity knowledge, Security+ is one of the premier certifications for those who are entering or advancing their careers in cybersecurity. Whether your role was in the public sector, private sector, military or federal government, understanding how to implement secure solutions is crucial to defending against attacks, whether internal, external, on‑prem or in the cloud. Maintaining compliance, managing risk, and implementing proper and appropriate data governance policies is not a nice‑to‑have, it's an essential component of a company's overall success. Identifying and managing risk can mean the difference between barely surviving and thriving in the event of a data breach or other cyber incident. In this course, we're going to cover the critical elements associated with IT and security operations, specifically around governance, managing risk, and ensuring compliance. Some of the major topics that we'll cover include various controls to manage risk; regulations and key frameworks to help manage risk, compliance, and also governance; analyzing and minimizing risk using these tools and processes; along with business impact analysis and risk assessments. By the end of this course, you'll have a good understanding of the skills, tools, and knowledge required to identify and manage risk in your environment, along with ways to ensure compliance with applicable policies and regulations. In addition, you'll also have the knowledge required to articulate this information to management and partner organizations. Before beginning this course, you should be familiar with general IT and cybersecurity concepts. So I hope you'll join me on this journey to learn more about managing risk in your environment as we dig into the Governance, Risk, and Compliance for CompTIA Security+ course here at Pluralsight.

You're the smartest person in the room

PROVE IT

Your team won't just close the skills gap

THEY'LL HURDLE IT