Week 10 | Ian Neil’s Security+ Study Materials

Week 10

Read Chapter 9

Chapter 10 – Governance, Risk and Compliance

Action – Ian’s Book

Key Elements

Read pages 295 – 331 taking notes

Complete all 54 review questions

Any review questions that are wrong or missing then go back into the chapter and read those areas

Action – Videos Professor Messer

https://www.professormesser.com/security-plus/sy0-601/sy0-601-video/sy0-601-comptia-security-plus-course/
1.6 Third Party Risks
5.2 Regulations, Standards and Frameworks

Security Regulations and Standards
Security Frameworks

5.3 Organizational Policies
5.4 Risk Management

Risk Management Types
Risk Analysis
Business Impact Analysis

5.5 Privacy and Data Breaches
Privacy and Data Breaches
Data Classifications
Enhancing Privacy
Data Roles and Responsibilities

Action – Lab Exercises (optional) 101 Labs
4 – Create a Dictionary Attack to Crack Online Passwords using Hydra
39 – Manual SQL Injection
62 – Cracking Basic Hashes with John the Ripper

CompTIA Security+ – 101Labs.net
Ian’s Website
PBQ – Attacks
Labs | Ian Neil’s Security+ Study Materials (securityplus.training)
Key Elements (Continued)
Regulations, Standards and Legislation

GDPR
PCI-DSS
ISO 27701
ISO 27002
ISO 27001
NIST
SOC Reports

Benchmarks
Privacy and Sensitive Data Concepts
Consequences of Privacy Breaches
Notifications of Breaches
Data Types
Classification
Privacy-Enhancing Technologies

Data Minimization
Data Masking
Tokenization
Anonymization

Data Roles and Responsibilities especially:

Data Owner
Data Steward
Data Custodian
DPO

Risk Management:

Risk Acceptance
Risk Transference
Risk Avoidance
Risk Mitigation
Classify the Asset
Legacy Systems
Multiparty
Intellectual Property (IP)

Risk Analysis

Risk Register
Risk Appetitee
Residual Risk
Qualitative Risk
Quantitative Risk
Heat Map

Calculating Loss – SLE/ARO/ALE
BIA/RPO/RTO/MTTR/MTBF
Threat Actors
Attack Vectors
Supply Chain
Threat Intelligence Sources
OSINT
NIST
MITRE/CVE/CVSS
Dark Web
Indicators of Compromise (IoC)
STIX
TAXII
Threat Maps
Research Sources
Personal Policies especially

AUP
Separation of Duties
Background Checks
Exit Interviews
Job Rotation
Mandatory Vacations

Third Party Risk

SLA
Supply Chain
Vendors
BPA
MOU/MOA
EOL/EOSL

Privacy Notice

Cookie	Duration	Description
_GRECAPTCHA	11 months	This cookie is used by Google Recaptcha
cookielawinfo-checkbox-advertisement	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Advertisement".
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	This cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent	11 months	This cookie Records the default button state of the corresponding category along with the status of CCPA.
viewed_cookie_policy	11 months	This cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not the user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_ga	11 months	This cookie is used by Google Analytics
_gat_gtag_UA_284627_22	11 months	This cookie is used by Google Analytics
_gid	11 months	This cookie is used by Google Analytics