Read pages 295 – 331 taking notes |
Complete all 54 review questions |
Any review questions that are wrong or missing then go back into the chapter and read those areas |
Action – Videos Professor Messer |
https://www.professormesser.com/security-plus/sy0-601/sy0-601-video/sy0-601-comptia-security-plus-course/
1.6 Third Party Risks
5.2 Regulations, Standards and Frameworks
- Security Regulations and Standards
- Security Frameworks
5.3 Organizational Policies
5.4 Risk Management
- Risk Management Types
- Risk Analysis
- Business Impact Analysis
5.5 Privacy and Data Breaches
Privacy and Data Breaches
Data Classifications
Enhancing Privacy
Data Roles and Responsibilities
|
Action – Lab Exercises (optional) 101 Labs
4 – Create a Dictionary Attack to Crack Online Passwords using Hydra
39 – Manual SQL Injection
62 – Cracking Basic Hashes with John the Ripper
CompTIA Security+ – 101Labs.net
Ian’s Website
PBQ – Attacks
Labs | Ian Neil’s Security+ Study Materials (securityplus.training)
Key Elements (Continued)
Regulations, Standards and Legislation
- GDPR
- PCI-DSS
- ISO 27701
- ISO 27002
- ISO 27001
- NIST
- SOC Reports
Benchmarks
Privacy and Sensitive Data Concepts
Consequences of Privacy Breaches
Notifications of Breaches
Data Types
Classification
Privacy-Enhancing Technologies
- Data Minimization
- Data Masking
- Tokenization
- Anonymization
Data Roles and Responsibilities especially:
- Data Owner
- Data Steward
- Data Custodian
- DPO
|
|
Risk Management:
- Risk Acceptance
- Risk Transference
- Risk Avoidance
- Risk Mitigation
- Classify the Asset
- Legacy Systems
- Multiparty
- Intellectual Property (IP)
Risk Analysis
- Risk Register
- Risk Appetitee
- Residual Risk
- Qualitative Risk
- Quantitative Risk
- Heat Map
Calculating Loss – SLE/ARO/ALE
BIA/RPO/RTO/MTTR/MTBF
Threat Actors
Attack Vectors
Supply Chain
Threat Intelligence Sources
OSINT
NIST
MITRE/CVE/CVSS
Dark Web
Indicators of Compromise (IoC)
STIX
TAXII
Threat Maps
Research Sources
Personal Policies especially
- AUP
- Separation of Duties
- Background Checks
- Exit Interviews
- Job Rotation
- Mandatory Vacations
Third Party Risk
- SLA
- Supply Chain
- Vendors
- BPA
- MOU/MOA
- EOL/EOSL
Privacy Notice
|