Part 3 of 5 in the Systems Security Certified Practitioner (SSCP®) series. This series will prepare you for the Systems Security Certified Practitioner (SSCP®) certification. Learn about cool topics like access controls, security operations, security administration, monitoring, analysis, risks, responses, recovery, cryptography, networks, communication, malicious code, and malicious activity. This training course is the perfect entry-level course for someone looking to launch their career in security or advance their current security position.
Incident Handling Analysis Hi, I'm Tony Northrup for TrainSignal and in this video lesson for the SSCP certificate exam, I'm going to cover the Incident Handling Analysis process, this is what you do when somebody breaks into your network. So it's really an important lesson. Oh my God a compromise occurred and sometimes the scariest part is that somebody already knows. Compromises happen all the time and we simply aren't aware of them, so often it's a good thing that you discovered the compromise. Another name for the incident handling process is incident management. There's not a standard process for it, there's not some open ISC or ISO, no organization has created a defined list of steps for this, but here are four common steps and every incident handling process I've seen follows basically the same process. I'm going to go into each of these steps in more detail later, but up first is identifying a repot and by the time you start this process the identify part of that has already occurred. Somebody has figured out there was a compromise, that's why the process started and then you're onto reporting, which is writing down all the information you can from the first responder and maybe starting the investigate process where you diagnose the problem and you scan the networks and you learn as much about the attack as you possibly can. Once you figure out what happened, when it started, who did it, etc. then you start to recover from it. Maybe you restore things from backups or you install some new patches to prevent it happening again and as part of that process you test it to make sure it's really fixed and finally, it's the debrief phase. Sometimes they call this post mortem and here you break down what happened, what went wrong, how can you prevent it from happening in the future, and how did the incident handling process itself go.
Business Continuity Plan Hi this is Tony Northrup for TrainSignal and this video lesson for the SSCP certification covers Business Continuity Planning. What is Business Continuity? That's figuring out what your most important stuff is and getting it working as soon as possible when things go wrong. Some people call is Business Continuity and Resiliency Planning, BCRP. Some people call it Continuity of Operations Planning, COOP. I'll say Business Continuity is a superset of disaster recovery. In other words, disaster recovery is part of Business Continuity and I covered disaster recovery in a later lesson. Basically Business Continuity covers everything from power outages and employees leaving on vacation to disasters, but disaster recovery focus primarily on the really serious stuff, floods, fires, earthquakes, etc. So as part of Business Continuity of course you have to consider all the different things that could go wrong, but your Business Continuity plan is going to define what to fix first and how to fix it. So of course, we have to prioritize all the different assets in the organization and figure out how to back them up, and we'll store them. I like to just call Business Continuity your Plan B because of course your Plan A is nothing breaks and everything just continues working, but what happens when things go wrong, Plan B.