The security standards offered by industry experts are an excellent starting point for an organization’s own security standards, but they are rarely ready to use out of the box and often require customization to meet the organization’s security requirements. In this video, learn how organizations add, remove, and modify controls to develop their own security standards.
- [Narrator] The security standards offered…by industry experts are an excellent starting point…for an organization's own security standards,…but they are rarely ready to use out of the box…and often require customization…to meet the organization's…security and business requirements.…Organizations often start with industry-developed…baselines and then add, remove,…and modify controls to develop their own security standards.…The purpose of these customization efforts…is to scope and tailor the standard…to meet the organization's specific needs.…
For example, an industry standard might suggest…using full disk encryption to protect stored data…on an end point and suggest the use…of AES encryption with a 128, 192,…or 256-bit key.…The organization, however, might be…under a more stringent compliance requirement…that mandates the use of 256-bit keys…and specifically prohibits the use…of 128 or 192-bit keys.…In this case, the organization might use…the benchmark standard but modify it…to require the use of a 256-bit key,…
Find the companion study books at the Sybex test prep site and review the complete CISSP Body of Knowledge at https://www.isc2.org/cissp-domains/default.aspx.
Note: This course is part of a series releasing throughout 2018. A completed Learning Path of the series will be available once all the courses are released.
- Understanding data security policies and roles
- Limiting data collection
- Developing security baselines
- Leveraging industry standards
- Restricting access to data with Windows and Linux file permissions
- Encrypting data
- Securing cloud storage