CompTIA CySA+ Domain 5: Compliance and Assessment - PowerPoint PPT Presentation

About This Presentation
Title:

CompTIA CySA+ Domain 5: Compliance and Assessment

Description:

The CompTIA Cybersecurity Analyst (CySA+) certification is the industry standard for demonstrating that cybersecurity professionals can analyze data and interpret the results to detect vulnerabilities, threats, and risks to an organization. It is offered by CompTIA, a nonprofit trade organization that provides vendor-neutral certification in a range of IT fields. – PowerPoint PPT presentation

Number of Views:34
Slides: 17
Provided by: infosectrain

less

Transcript and Presenter's Notes

Title: CompTIA CySA+ Domain 5: Compliance and Assessment


1
CompTIA CySA Domain 5 Compliance and
Assessment
www.infosectrain.com sales_at_infosectrain.com
2
www.infosectrain.com sales_at_infosectrain.com
3
  • CYSA Domains
  • Threat and Vulnerability Management
  • Software and Systems Security
  • Security Operations and Monitoring
  • Incident Response
  • Compliance Assessment
  • In this blog, we will discuss the fifth domain of
    CySA Compliance and Assessments.
  • In this domain, you will understand three
    important concepts
  • The importance of data privacy and protection
  • Security concepts in support of organizations
    risk mitigation
  • Policies, frameworks, procedures, and controls
    are critical

www.infosectrain.com sales_at_infosectrain.com
4
1. Importance of data privacy and protection In
any organization, there are many key pieces of
information like loyalty schemes, customer data,
transactions, employee records, or data
collection that need to be protected from
unauthorized access. Protecting sensitive data is
very important because it may contain information
about your current staff, business partners,
clients, and shareholders. Data privacy is
important since individuals who engage online
need to trust that their data will be handled
carefully. Organizations use data protection
practices in order to demonstrate to their
customers and users that they can be trusted with
their data. In this concept, you will learn
www.infosectrain.com sales_at_infosectrain.com
5
  1. Privacy vs. Security Privacy and security are
    intertwined. Privacy refers to whatever control
    you have over your personal information and how
    it is utilized. Consider the privacy terms that
    you are required to read and agree to when you
    download new smartphone apps. In contrast,
    security relates to how your personal information
    is safeguarded, like your data and various facts
    about you.
  2. Technical controls Technical controls use a
    variety of technologies to minimize
    vulnerabilities. A few examples of technical
    controls are firewalls, encryption, IDSs, the
    principle of least privilege, and antivirus
    software.
  3. Non-technical controls Unlike technical
    controls, non-technical controls include such
    actions and things as procedures, administrative
    policies, and standards for the full range of
    information security, including privacy domains
    and assigned responsibilities.

www.infosectrain.com sales_at_infosectrain.com
6
  • 2. Security concepts in support of organizations
    risk mitigation
  • In this section, you will understand the
    below-mentioned concepts
  • Risk identification process Risk identification
    is the process of determining which risks may
    harm the project. The main advantage of this
    procedure is that it documents current risks and
    offers the project team information and the
    capacity to predict occurrences.
  • Risk prioritization The process of deciding
    which risks to act on first is known as risk
    prioritizing. This should be based on the
    likelihood of a risk and its potential
    consequence. Risk prioritizing may be
    accomplished by assessing the risks to your
    company to decide which ones are more likely to
    occur and which ones will have a greater impact.
    For evaluation, a risk prioritization matrix
    might be employed.
  • Business impact analysis A business impact
    analysis (BIA) is the process of identifying the
    criticality of company activities and the
    resources required to maintain operational
    resilience and continuity of operations during
    and after a business interruption.
  • Training and exercises In this section, you will
    learn about





www.infosectrain.com sales_at_infosectrain.com
7
  • Red team A red team is a group that pretends
    to be an enemy or rival and gives security input
    from that vantage point. Red teams are utilized
    in a variety of sectors, including cybersecurity,
    airport security, the military, and intelligence
    organizations.
  • Blue team A blue team is a group of people that
    analyze information systems to assure security,
    uncover security holes, test the efficacy of each
    security measure, and ensure that all security
    measures remain effective after installation.
  • The White team The team oversees and evaluates
    the cyber defense competition. They are also in
    charge of documenting ratings for the Blue Teams
    on usability and security supplied by the Green
    and Red Teams, respectively. The White Team also
    examines security reports and grades them based
    on accuracy and countermeasures.





www.infosectrain.com sales_at_infosectrain.com
8
  • 3. Policies, frameworks, procedures, and controls
  • In this section, you will learn about
  • Frameworks A security framework is a collection
    of national and international cybersecurity
    regulations and practices designed to protect
    vital infrastructure. It contains detailed
    recommendations for businesses on how to handle
    personal information contained in systems in
    order to reduce their exposure to
    security-related threats.
  • Policies and procedures This section reveals
  • Password policy A password policy is a
    collection of guidelines to improve computer
    security by helping users create and use strong
    passwords. A password policy is frequently
    included in an organizations formal policies and
    may be taught as part of security awareness
    training.
  • Acceptable use policy A companys acceptable use
    policy should refer to the safe and ethical use
    of email and the internet as a whole. A code of
    conduct outlines the acceptable use policy, such
    as what websites users can access, how they can
    log on to the network, etc.
  • Data retention Data retention rules govern the
    maintenance of persistent data and records to
    fulfill legal and corporate data archiving needs.





www.infosectrain.com sales_at_infosectrain.com
9
  • Control types There are a few different control
    types they are
  • Managerial control A person with managerial
    control has the power, directly or indirectly, to
    direct or cause the direction of the management
    or policies of the organization, whether by
    exercising voting rights, by contract, or in any
    other manner.
  • Operational Control Operational control refers
    to the authority to handle subordinate forces,
    including organizing and operating them,
    assigning tasks, determining objectives, and
    giving authoritative directions required to
    complete the mission.
  • Preventive control A preventative control
    prevents a loss or an error from occurring.
    Physical property protection and segregation of
    duties are examples of preventive controls.
    Generally, these controls are built into a
    process so that they are applied continuously.





www.infosectrain.com sales_at_infosectrain.com
10
CySA with InfosecTrain InfosecTrain is one of
the leading training platforms that offers
consultancy services, certifications, and
training on cybersecurity and information
security. Our accredited trainer will help you
gain the analytic skills to detect and defend
against cyberattacks in an organization. Our
courses are available in live instructor-led and
self-paced sessions, making it easy to complete
your training journey. Join InfosecTrains CompTIA
CySA training program to get cyber analytic
skills that can enhance your career in the cyber
world.




www.infosectrain.com sales_at_infosectrain.com
11
About InfosecTrain
  • Established in 2016, we are one of the finest
    Security and Technology Training and Consulting
    company
  • Wide range of professional training programs,
    certifications consulting services in the IT
    and Cyber Security domain
  • High-quality technical services, certifications
    or customized training programs curated with
    professionals of over 15 years of combined
    experience in the domain

www.infosectrain.com sales_at_infosectrain.com
12
Our Endorsements
www.infosectrain.com sales_at_infosectrain.com
13
Why InfosecTrain
Global Learning Partners
Access to the recorded sessions
Certified and Experienced Instructors
Flexible modes of Training
Tailor Made Training
Post training completion
www.infosectrain.com sales_at_infosectrain.com
14
Our Trusted Clients
www.infosectrain.com sales_at_infosectrain.com
15
(No Transcript)
16
Contact us
Get your workforce reskilled by our certified and
experienced instructors!
IND 1800-843-7890 (Toll Free) / US 1
657-221-1127 / UK 44 7451 208413
sales_at_infosectrain.com
www.infosectrain.com
Write a Comment
User Comments (0)
About PowerShow.com