Title: CompTIA CySA+ Domain 5: Compliance and Assessment
1CompTIA CySA Domain 5 Compliance and
Assessment
www.infosectrain.com sales_at_infosectrain.com
2www.infosectrain.com sales_at_infosectrain.com
3- CYSA Domains
- Threat and Vulnerability Management
- Software and Systems Security
- Security Operations and Monitoring
- Incident Response
- Compliance Assessment
- In this blog, we will discuss the fifth domain of
CySA Compliance and Assessments. - In this domain, you will understand three
important concepts - The importance of data privacy and protection
- Security concepts in support of organizations
risk mitigation - Policies, frameworks, procedures, and controls
are critical
www.infosectrain.com sales_at_infosectrain.com
41. Importance of data privacy and protection In
any organization, there are many key pieces of
information like loyalty schemes, customer data,
transactions, employee records, or data
collection that need to be protected from
unauthorized access. Protecting sensitive data is
very important because it may contain information
about your current staff, business partners,
clients, and shareholders. Data privacy is
important since individuals who engage online
need to trust that their data will be handled
carefully. Organizations use data protection
practices in order to demonstrate to their
customers and users that they can be trusted with
their data. In this concept, you will learn
www.infosectrain.com sales_at_infosectrain.com
5- Privacy vs. Security Privacy and security are
intertwined. Privacy refers to whatever control
you have over your personal information and how
it is utilized. Consider the privacy terms that
you are required to read and agree to when you
download new smartphone apps. In contrast,
security relates to how your personal information
is safeguarded, like your data and various facts
about you. - Technical controls Technical controls use a
variety of technologies to minimize
vulnerabilities. A few examples of technical
controls are firewalls, encryption, IDSs, the
principle of least privilege, and antivirus
software. - Non-technical controls Unlike technical
controls, non-technical controls include such
actions and things as procedures, administrative
policies, and standards for the full range of
information security, including privacy domains
and assigned responsibilities.
www.infosectrain.com sales_at_infosectrain.com
6- 2. Security concepts in support of organizations
risk mitigation - In this section, you will understand the
below-mentioned concepts - Risk identification process Risk identification
is the process of determining which risks may
harm the project. The main advantage of this
procedure is that it documents current risks and
offers the project team information and the
capacity to predict occurrences. - Risk prioritization The process of deciding
which risks to act on first is known as risk
prioritizing. This should be based on the
likelihood of a risk and its potential
consequence. Risk prioritizing may be
accomplished by assessing the risks to your
company to decide which ones are more likely to
occur and which ones will have a greater impact.
For evaluation, a risk prioritization matrix
might be employed. - Business impact analysis A business impact
analysis (BIA) is the process of identifying the
criticality of company activities and the
resources required to maintain operational
resilience and continuity of operations during
and after a business interruption. - Training and exercises In this section, you will
learn about
www.infosectrain.com sales_at_infosectrain.com
7- Red team A red team is a group that pretends
to be an enemy or rival and gives security input
from that vantage point. Red teams are utilized
in a variety of sectors, including cybersecurity,
airport security, the military, and intelligence
organizations. - Blue team A blue team is a group of people that
analyze information systems to assure security,
uncover security holes, test the efficacy of each
security measure, and ensure that all security
measures remain effective after installation. - The White team The team oversees and evaluates
the cyber defense competition. They are also in
charge of documenting ratings for the Blue Teams
on usability and security supplied by the Green
and Red Teams, respectively. The White Team also
examines security reports and grades them based
on accuracy and countermeasures.
www.infosectrain.com sales_at_infosectrain.com
8- 3. Policies, frameworks, procedures, and controls
- In this section, you will learn about
- Frameworks A security framework is a collection
of national and international cybersecurity
regulations and practices designed to protect
vital infrastructure. It contains detailed
recommendations for businesses on how to handle
personal information contained in systems in
order to reduce their exposure to
security-related threats. - Policies and procedures This section reveals
- Password policy A password policy is a
collection of guidelines to improve computer
security by helping users create and use strong
passwords. A password policy is frequently
included in an organizations formal policies and
may be taught as part of security awareness
training. - Acceptable use policy A companys acceptable use
policy should refer to the safe and ethical use
of email and the internet as a whole. A code of
conduct outlines the acceptable use policy, such
as what websites users can access, how they can
log on to the network, etc. - Data retention Data retention rules govern the
maintenance of persistent data and records to
fulfill legal and corporate data archiving needs.
www.infosectrain.com sales_at_infosectrain.com
9- Control types There are a few different control
types they are - Managerial control A person with managerial
control has the power, directly or indirectly, to
direct or cause the direction of the management
or policies of the organization, whether by
exercising voting rights, by contract, or in any
other manner. - Operational Control Operational control refers
to the authority to handle subordinate forces,
including organizing and operating them,
assigning tasks, determining objectives, and
giving authoritative directions required to
complete the mission. - Preventive control A preventative control
prevents a loss or an error from occurring.
Physical property protection and segregation of
duties are examples of preventive controls.
Generally, these controls are built into a
process so that they are applied continuously.
www.infosectrain.com sales_at_infosectrain.com
10CySA with InfosecTrain InfosecTrain is one of
the leading training platforms that offers
consultancy services, certifications, and
training on cybersecurity and information
security. Our accredited trainer will help you
gain the analytic skills to detect and defend
against cyberattacks in an organization. Our
courses are available in live instructor-led and
self-paced sessions, making it easy to complete
your training journey. Join InfosecTrains CompTIA
CySA training program to get cyber analytic
skills that can enhance your career in the cyber
world.
www.infosectrain.com sales_at_infosectrain.com
11About InfosecTrain
- Established in 2016, we are one of the finest
Security and Technology Training and Consulting
company - Wide range of professional training programs,
certifications consulting services in the IT
and Cyber Security domain - High-quality technical services, certifications
or customized training programs curated with
professionals of over 15 years of combined
experience in the domain
www.infosectrain.com sales_at_infosectrain.com
12Our Endorsements
www.infosectrain.com sales_at_infosectrain.com
13Why InfosecTrain
Global Learning Partners
Access to the recorded sessions
Certified and Experienced Instructors
Flexible modes of Training
Tailor Made Training
Post training completion
www.infosectrain.com sales_at_infosectrain.com
14Our Trusted Clients
www.infosectrain.com sales_at_infosectrain.com
15(No Transcript)
16Contact us
Get your workforce reskilled by our certified and
experienced instructors!
IND 1800-843-7890 (Toll Free) / US 1
657-221-1127 / UK 44 7451 208413
sales_at_infosectrain.com
www.infosectrain.com