Learn your way! Get started

Certified information Systems Security Professional, Part 1: Risk and Authentication

with expert Kevin Henry


Watch trailer


Course at a glance

Included in these subscriptions:

  • Dev & IT Pro Video
  • Dev & IT Pro Power Pack

Release date 3/22/2018
Level Beginner
Runtime 2h 56m
Closed captioning N/A
Transcript N/A
eBooks / courseware N/A
Hands-on labs N/A
Sample code N/A
Exams Included


Enterprise Solutions

Need reporting, custom learning tracks, or SCORM? Learn More



Course description

This course covers risk management and authentication. it will look at risk from a negative perspective or the likelihood of something bad happening. Topics covered will be plans, programs and infrastructure providing the foundation for all other domains including access control, validating, and verifying the use of resources.

Prerequisites

This is part 1 of the series

Learning Paths

This course will help you prepare for the following certification and exam:
Certified Information Systems Security Professional

Meet the expert

Kevin Henry Kevin is an international author, consultant and international speaker. He is the official course development writer for ISC2 CISSP, ISACA CRISC and mile2’s C)ISSO. Kevin has been educating IT professionals for over 30 years. He also provides cyber security consulting and support services for organizations around the world. Assisting them with setting up Information Security programs and addressing areas ranging from in-depth risk analysis to policy creation and security awareness.


Course outline



Risk Assessment

Risk Definitions (19:15)
  • Introduction (00:14)
  • Risk Management Flow (05:41)
  • Risk Definitions (00:55)
  • What Is the Value of an Asset (00:55)
  • What Is a Threat Source/Agent (01:25)
  • What Is a Threat (00:48)
  • What Is a Vulnerability (00:42)
  • Examples of Non-Obvious Vulnerabilties (02:12)
  • What Is a Control (01:27)
  • What is Likelihood (02:45)
  • What Is Impact (01:01)
  • Control Effectiveness (00:55)
  • Summary (00:08)
Risk Management (09:53)
  • Introduction (00:11)
  • Agenda (00:12)
  • Risk Management (04:44)
  • Risk Response and Monitoring (01:44)
  • Purpose of Risk Management (02:52)
  • Summary (00:08)
Risk Assessment (19:15)
  • Introduction (00:13)
  • Risk Assessment (04:42)
  • Why Is Risk Assessment Difficult (02:27)
  • Different Approaches to Analysis (01:16)
  • Quantitative Analysis (01:52)
  • Threat Analysis and Annual Loss Expectency (00:44)
  • Quantitative Analysis Continued (01:18)
  • ALE Value Uses (00:29)
  • Qualitative Analysis: Likelihood (01:32)
  • Qualitative Analysis - Impact (00:33)
  • Qualitative Analysis - Risk Level (00:52)
  • Qualitative Analysis Steps (03:04)
  • Summary (00:08)
Responding to Risk (08:54)
  • Introduction (00:14)
  • Completion of Risk Assessment (00:22)
  • Risk Response (01:11)
  • Management's Response to Identified Risks (06:57)
  • Summary (00:08)

Introduction to Security

Understanding Security (12:00)
  • Introduction (00:05)
  • What Is Information Security (01:37)
  • What Is Information Security Continued (01:26)
  • The Information Security Triad (06:47)
  • Understanding the Business (01:55)
  • Summary (00:08)
Security Controls (20:57)
  • Introduction (00:50)
  • Setting up a Security Program (03:48)
  • Enterprise Security Program (02:47)
  • Building a Foundation (01:49)
  • Planning Horizon Components (02:14)
  • Enterprise Security: The Business Requirements (01:22)
  • Enterprise Security Program Components (01:28)
  • Control Types (01:35)
  • "Soft" Controls (01:05)
  • Technical or Logical Controls (00:14)
  • Physical Controls (00:29)
  • Roadmap to Maturity (01:23)
  • Program Monitoring (01:39)
  • Summary (00:08)
Roles and Responsibilities (13:07)
  • Introduction (00:15)
  • Senior Management's Role in Security (02:54)
  • Security Roles and Responsibilities (04:41)
  • Roles and Responsibilties (01:40)
  • Agenda (00:05)
  • Security Program Components (00:46)
  • Information Security Policy (01:18)
  • Security Policy Review (00:31)
  • Implementing Policy (00:43)
  • Summary (00:08)
Human Resources (11:21)
  • Introduction (00:08)
  • Agenda (00:11)
  • Security and the Human Factors (00:29)
  • Employee Management (00:46)
  • Human Resources Issues (01:42)
  • Importance to Security (00:36)
  • Recruitment Issues (00:23)
  • Termination of Employment (01:09)
  • Human Resources Practices (01:21)
  • Types of Training (01:04)
  • Quality Training (00:35)
  • Informing Employees About Security (01:06)
  • Enforcement (00:41)
  • Security Enforcement Issues (00:41)
  • Summary (00:13)
  • Summary (00:08)

Authentication

Access Control Methodology (12:54)
  • Introduction (01:01)
  • Access Control Administration (01:44)
  • Accountability and Access Control (01:20)
  • Trusted Path (00:58)
  • Who Are You? (01:04)
  • Authentication Mechanism (00:34)
  • Strong Authentication (00:27)
  • Authorization (04:01)
  • Access Criteria (00:36)
  • Fraud Controls and Access Control Mechanisms (00:57)
  • Summary (00:08)
Biometrics and Passwords (24:31)
  • Introduction (00:06)
  • Biometric Technology (01:24)
  • Biometrics Enrollment Process (00:50)
  • Downfalls to Biometric Use (00:45)
  • Biometrics Error Types (02:00)
  • Biometrics Diagram (02:31)
  • Biometric System Types (02:14)
  • Agenda (00:10)
  • Passwords and PINs (01:05)
  • Password Shoulds (02:33)
  • Password Attacks (01:45)
  • Countermeasures for Password Cracking (01:52)
  • Cognitive Password (00:47)
  • One-Time Password Authentication (01:21)
  • Agenda (00:04)
  • Synchronous Token (01:07)
  • Asynchronous Token Device (00:16)
  • Cryptographic Keys (00:29)
  • Passphrase Authentication (00:37)
  • Memory Cards and Smart Cards (02:18)
  • Summary (00:08)
Single Sign-on (14:42)
  • Introduction (00:31)
  • Single Sign-on Technology (01:29)
  • Different Technologies (01:22)
  • Scripts and Directory Services (00:51)
  • Thin Clients (00:36)
  • Kerberos as a Single Sign-on Technology (00:20)
  • Tickets (01:04)
  • Kerberos Components Working Together (01:14)
  • Major Components of Kerberos (01:13)
  • Kerberos Authentication Steps (01:47)
  • Purpose of Kerberos (00:37)
  • Issues Pertaining to Kerberos (01:55)
  • SESAME as a Single Sign-on Technology (00:54)
  • Federated Authentication (00:34)
  • Summary (00:08)
Intrusion Detection Systems (09:06)
  • Introduction (00:23)
  • Host-Based IDS (01:22)
  • Network-Based IDS Sensors (00:42)
  • Types of IDSs (02:11)
  • Behavior-Based IDS (00:39)
  • IDS Response Mechanisms (00:42)
  • IDS Issues (01:32)
  • Trapping an Intruder (00:52)
  • Summary (00:30)
  • Summary (00:08)