Assessments and Audits
Shon Harris
The fast, powerful way to prepare for your CompTIA Security+ exam!
Get all the hands-on training you need to pass (ISC)²’s tough SSCP exam, get certified, and move forward in your IT security career! In this online video, the world’s #1 information security trainer walks you through every skill and concept you’ll need to master. This online video contains over two and a …
Assessments and Audits
Shon Harris
The fast, powerful way to prepare for your CompTIA Security+ exam!
Get all the hands-on training you need to pass (ISC)²’s tough SSCP exam, get certified, and move forward in your IT security career! In this online video, the world’s #1 information security trainer walks you through every skill and concept you’ll need to master. This online video contains over two and a half hours of training adapted from Shon Harris’s legendary five-day SSCP boot camps–including realistic labs, scenarios, case studies, and animations designed to build and test your knowledge in real-world settings!
Comprehensive coverage of CompTIA Security+ domains of knowledge:
. Risk Management
. Risk Types
. Remote Access
. Testing Steps
. Network Performance Monitoring
. Safe Disposal
About the Shon Harris Security Series
This online video is part of a complete library of books, online services, and videos designed to help security professionals enhance their skills and prepare for their certification exams. Every product in this series reflects Shon Harris’s unsurpassed experience in teaching IT security professionals.
Category: Security
System Requirements
OPERATING SYSTEM: Windows 2000, XP, or Vista; Mac OS X 10.4
(Tiger) or later
MULTIMEDIA: DVD drive; 1024 x 768 or higher display; sound card
with speakers
COMPUTER: 500MHz or higher CPU; 128MB RAM or more
Course Introduction 00:06:59
Domain 4 - Assessments and Audits 00:00:56
Risk Management 00:00:56
Why Is Risk Management Difficult? 00:01:24
Necessary Level of Protection Is Different for Each Organization 00:00:56
Security Team/Committee 00:01:42
Risk Management Process 00:00:30
Planning Stage - Team 00:01:05
Planning Stage - Scope 00:02:04
Planning Stage - Analysis Method 00:01:01
Risk Management Tools 00:01:50
Defining Acceptable Levels 00:02:24
Acceptable Risk Level 00:00:52
Collecting and Analyzing Data Methods 00:01:04
What Is a Company Asset? 00:00:48
Data Collection - Identify Assets 00:01:01
Data Collection - Assigning Values 00:01:34
Asset Value 00:01:03
Data Collection - Identify Threats 00:01:20
Data Collection - Calculate Risks 00:01:38
Scenario Based - Qualitative 00:00:43
Risk Approach 00:00:40
Qualitative Analysis Steps 00:00:56
Want Real Answers? 00:00:53
Qualitative Risk Analysis Ratings 00:01:02
Quantitative Analysis Steps 00:01:37
How Often Will This Happen? 00:00:37
ARO Values and Their Meaning 00:03:27
ALE Value Uses 00:00:48
Relationships 00:00:29
Calculate Risks - ALE Example 00:01:46
Your Turn! 00:00:20
ALE Calculation 00:00:56
Can a Purely Quantitative Analysis Be Accomplished? 00:01:25
Risk Types 00:00:39
Examples of Types of Losses 00:00:35
Delayed Loss 00:00:50
Cost/Benefit Analysis 00:00:58
Cost of a Countermeasure 00:01:21
Cost/Benefit Analysis Countermeasure Criteria 00:02:55
Calculating Cost/Benefit 00:01:01
Controls 00:02:01
Quantitative Analysis 00:02:09
Qualitative Analysis Disadvantages 00:00:49
Can You Get Rid of All Risk? 00:02:34
Uncertainty Analysis 00:01:11
Dealing with Risk 00:01:20
Management’s Response to Identified Risks 00:01:51
Risk Acceptance 00:01:42
Risk Analysis Process Summary 00:01:08
Remote Access Security 00:03:16
Remote Access 00:01:31
Administering Systems Remotely 00:01:36
Facsimile Security 00:01:32
Support Systems 00:01:24
Agenda 6 00:00:58
Testing for Vulnerabilities 00:01:05
Vulnerability Assessments 00:00:15
Security Testing Issues 00:02:07
Vulnerability Scanning 00:00:48
Basic Scanner 00:00:55
Data Leakage - Keystroke Logging 00:00:58
Password Cracking 00:02:10
One of Many Tools 00:00:35
War Dialing 00:00:39
PhoneSweep 00:00:36
Wardialing Output 00:00:27
War Driving 00:00:40
Wireless Reconnaissance Output 00:01:27
Wireless Attacks 00:01:19
Penetration Testing 00:02:52
Testing Steps 00:01:19
Testing Methodology 00:02:58
Automated Pen Testing Tools Canvas Operation 00:01:00
Penetration Testing 00:01:18
Automated Pen Testing Tools Core Impact Operation 00:00:37
Post-Testing and Assessment Steps 00:02:14
Penetration Testing Variations 00:00:55
Types of Testing 00:01:17
Protection Mechanism - Honeypot 00:01:49
Log Reviews 00:01:05
Nmap 00:01:20
Nmap - Options 00:00:51
Nmap - Command line 00:00:46
Nmap (2) 00:00:36
Zenmap 00:00:20
OVAL 00:04:37
Network Performance Monitoring 00:01:17
Network Monitoring 00:01:00
Network Monitoring - Features 00:01:41
System Monitoring 00:03:28
Performance Baseline 00:01:23
Establishing a Performance Baseline 00:01:21
Monitoring Methodologies 00:00:04
Signature Based Monitoring 00:00:49
Behavior Based Monitoring 00:01:10
Anomaly Based Monitoring 00:01:12
Statistical Based Monitoring 00:00:35
Log Management 00:03:04
Logging Activities 00:01:19
Log Reviews 00:01:49
Security Logs 00:01:02
Protecting Access to System Logs 00:01:00
Accountability = Auditing Events 00:01:14
Auditing 00:01:07
Privilege Auditing 00:00:41
Usage Auditing 00:00:46
Escalation Auditing 00:00:43
Retention and Storage 00:00:38
Retention and Storage Policies 00:01:27
Data Retention and Storage 00:02:02
Resource Protection 00:00:52
Library Maintenance 00:01:06
Media Labels 00:01:19
Software Escrow 00:01:27
Weak Link 00:00:17
Liabilities of Insecure Disposal of Information 00:00:24
Devastating to the Company 00:01:17
Safe Disposal 00:00:16
Degaussing 00:00:27
Zeroization 00:01:30
Physical Destruction 00:00:20
Remaining Data 00:00:25
Why Not Just Delete the Files? 00:01:46
Domain 4 Review 00:01:05