Information security professionals tackle a wide variety of risks in their roles. These vary from earthquakes and tornadoes to hackers and viruses. In this video, learn how information security professionals assess the various threats facing their organizations.
- Information security professionals…tackle a wide variety of risks in their roles.…These vary from earthquakes and tornadoes…to hackers and viruses.…The sheer quantity of forces aligned against you…may sometimes be a little overwhelming.…Fortunately, we have risk assessment tools…at our disposal that can help us prioritize our response.…First we need a common language.…In everyday life people often use the terms…threat, vulnerability, and risk interchangeably.…
They are actually three different concepts.…A threat is some external force…that jeopardizes the security…of your information and systems.…Threats might be naturally occurring…such as hurricanes and wildfires,…or manmade such as hacking and terrorism.…You can't normally control…what threats are out there.…They exist independently.…Vulnerabilities are weaknesses in your security controls…that a threat might exploit…to undermine the confidentiality, integrity,…or availability of your information or systems.…
These might include missing patches,…promiscuous firewall rules,…
Looking for study partners?Join the CISSP Exam study group
Learn about security assessment and testing practices needed to prepare for the Certified Information Systems Security Professional (CISSP) exam. CISSP—the industry's gold standard certification—is necessary for many top jobs. This course helps you approach the exam with confidence by providing coverage of key topics, including threat assessment, log monitoring, and software testing. It also covers disaster recovery and security process assessment. Students who complete this course will be prepared to answer questions on the sixth CISSP exam domain: Security Assessment and Testing.
Find the companion study books at the Sybex test prep site and review the complete CISSP Body of Knowledge at https://www.isc2.org/cissp-domains/default.aspx.
Note: This course is part of a series releasing throughout 2018. A completed Learning Path of the series will be available once all the courses are released.
- Using security assessment tools
- Scanning for vulnerabilities
- Threat assessment techniques
- Performing penetration testing
- Reviewing monitor logs
- Performing code reviews
- Performing fuzz testing and misuse case testing
- Analyzing coverage
- Assessing disaster recovery sites and backups
- Testing BC/DR plans
- Collecting security process data and metrics
- Auditing and control management