The security standards offered by industry experts are an excellent starting point for an organization’s own security standards, but they are rarely ready to use out of the box and often require customization to meet the organization’s security requirements. In this video, learn how organizations add, remove, and modify controls to develop their own security standards.
- [Narrator] The security standards offered…by industry experts are an excellent starting point…for an organization's own security standards,…but they are rarely ready to use out of the box…and often require customization…to meet the organization's…security and business requirements.…Organizations often start with industry-developed…baselines and then add, remove,…and modify controls to develop their own security standards.…The purpose of these customization efforts…is to scope and tailor the standard…to meet the organization's specific needs.…
For example, an industry standard might suggest…using full disk encryption to protect stored data…on an end point and suggest the use…of AES encryption with a 128, 192,…or 256-bit key.…The organization, however, might be…under a more stringent compliance requirement…that mandates the use of 256-bit keys…and specifically prohibits the use…of 128 or 192-bit keys.…In this case, the organization might use…the benchmark standard but modify it…to require the use of a 256-bit key,…
Looking for study partners?Join the CISSP Exam study group
CISSP is the industry's gold standard certification, necessary for many mid- and senior-level information security positions. Learn about best practices needed to complete the second domain of the 2018 Certified Information Systems Security Professional (CISSP) exam: Asset Security. Instructor Mike Chapple explains the importance of data governance policies and roles, and how you can develop security baselines that leverage industry standards. Learn how to avoid liability by limiting data collection, and control your exposure with file encryption, system-level file permissions, and cloud storage security options. Plus, find out how to properly retain and dispose of sensitive information.
Find the companion study books at the Sybex test prep site and review the complete CISSP Body of Knowledge at https://www.isc2.org/cissp-domains/default.aspx.
- Understanding data security policies and roles
- Limiting data collection
- Developing security baselines
- Leveraging industry standards
- Restricting access to data with Windows and Linux file permissions
- Encrypting data
- Securing cloud storage