The security standards offered by industry experts are an excellent starting point for an organization’s own security standards, but they are rarely ready to use out of the box and often require customization to meet the organization’s security requirements. In this video, you will learn how organizations add, remove, and modify controls to develop their own security standards.
- [Narrator] The security standards offered…by industry experts are an excellent starting point…for an organization's own security standards,…but they are rarely ready to use out of the box,…and often require customization to meet the organization's…security and business requirements.…Organizations often start with industry developed…baselines, and then add, remove and modify controls…to develop their own security standards.…The purpose of these customization efforts is…to scope and tailor the standard to meet the organization's…specific needs.…
For example, an industry standard might suggest…using full disk encryption to protect stored data…on an end point, and suggest the use of AES encryption…with a 128, 192 or 256-bit key.…The organization however, might be under…a more stringent compliance requirement that mandates…the use of 256-bit keys, and specifically prohibits…the use of 128 or 192-bit keys.…In this case, the organization might use…the benchmark standard but modify it to require…the use of a 256-bit key, removing the options…
Members who take all eight courses in the series will be prepared to take and pass the CISSP exam. Find the companion study books at the Sybex test prep site and review the complete CISSP Body of Knowledge at https://www.isc2.org/cissp-domains/default.aspx.
- Understanding data security policies and roles
- Limiting data collection
- Developing security baselines
- Leveraging industry standards
- Restricting access to data with Windows and Linux file permissions
- Encrypting data
- Securing cloud storage