Week 10
Read Chapter 9
Chapter 10 – Governance, Risk and Compliance
Action – Ian’s Book Key Elements
Read pages 295 – 331 taking notes
Complete all 54 review questions
Any review questions that are wrong or missing then go back into the chapter and read those areas
Action – Videos Professor Messer
https://www.professormesser.com/security-plus/sy0-601/sy0-601-video/sy0-601-comptia-security-plus-course/
1.6 Third Party Risks
5.2 Regulations, Standards and Frameworks

  • Security Regulations and Standards
  • Security Frameworks

5.3 Organizational Policies
5.4 Risk Management

  • Risk Management Types
  • Risk Analysis
  • Business Impact Analysis

5.5 Privacy and Data Breaches
Privacy and Data Breaches
Data Classifications
Enhancing Privacy
Data Roles and Responsibilities

Action – Lab Exercises (optional) 101 Labs
4 – Create a Dictionary Attack to Crack Online Passwords using Hydra
39 – Manual SQL Injection
62 – Cracking Basic Hashes with John the Ripper

CompTIA Security+ – 101Labs.net
Ian’s Website
PBQ – Attacks
Labs | Ian Neil’s Security+ Study Materials (securityplus.training)
Key Elements (Continued)
Regulations, Standards and Legislation

  • GDPR
  • PCI-DSS
  • ISO 27701
  • ISO 27002
  • ISO 27001
  • NIST
  • SOC Reports

Benchmarks
Privacy and Sensitive Data Concepts
Consequences of Privacy Breaches
Notifications of Breaches
Data Types
Classification
Privacy-Enhancing Technologies

  • Data Minimization
  • Data Masking
  • Tokenization
  • Anonymization

Data Roles and Responsibilities especially:

  • Data Owner
  • Data Steward
  • Data Custodian
  • DPO
Risk Management:

  • Risk Acceptance
  • Risk Transference
  • Risk Avoidance
  • Risk Mitigation
  • Classify the Asset
  • Legacy Systems
  • Multiparty
  • Intellectual Property (IP)

Risk Analysis

  • Risk Register
  • Risk Appetitee
  • Residual Risk
  • Qualitative Risk
  • Quantitative Risk
  • Heat Map

Calculating Loss – SLE/ARO/ALE
BIA/RPO/RTO/MTTR/MTBF
Threat Actors
Attack Vectors
Supply Chain
Threat Intelligence Sources
OSINT
NIST
MITRE/CVE/CVSS
Dark Web
Indicators of Compromise (IoC)
STIX
TAXII
Threat Maps
Research Sources
Personal Policies especially

  • AUP
  • Separation of Duties
  • Background Checks
  • Exit Interviews
  • Job Rotation
  • Mandatory Vacations

Third Party Risk

  • SLA
  • Supply Chain
  • Vendors
  • BPA
  • MOU/MOA
  • EOL/EOSL

Privacy Notice