Security standards may contain hundreds—or even thousands—of individual settings that experts recommend to improve system security. Most organizations simply don’t have the resources or expertise to develop their own standards. In this video, learn how vendors and third-party security organizations develop and create industry standards that may serve as the starting point for enterprise security efforts.
- [Narrator] Security configuration standards…may contain hundreds or even thousands…of individual settings that experts recommend…to improve system security.…While each of these settings is important,…most organizations simply don't have…the resources or expertise to develop…their own standards.…Fortunately, vendors and third party security organizations…develop and create industry standards…that may serve as an effective starting point…for enterprise security efforts.…
One of the most common sources of security standards…is the vendors who create devices, applications,…and operating systems.…After all, they know their products…better than anyone else…and they have a vested interest in helping you…operate it securely.…If you have a security breach,…it not only jeopardizes your organization…but also reflects poorly upon…the products that you use for security.…Here's an example of the security standards…offered by Microsoft.…The Microsoft Security Compliance Manager…is a tool that assists…with system configuration and management.…
Looking for study partners?Join the CISSP Exam study group
CISSP is the industry's gold standard certification, necessary for many mid- and senior-level information security positions. Learn about best practices needed to complete the second domain of the 2018 Certified Information Systems Security Professional (CISSP) exam: Asset Security. Instructor Mike Chapple explains the importance of data governance policies and roles, and how you can develop security baselines that leverage industry standards. Learn how to avoid liability by limiting data collection, and control your exposure with file encryption, system-level file permissions, and cloud storage security options. Plus, find out how to properly retain and dispose of sensitive information.
Find the companion study books at the Sybex test prep site and review the complete CISSP Body of Knowledge at https://www.isc2.org/cissp-domains/default.aspx.
- Understanding data security policies and roles
- Limiting data collection
- Developing security baselines
- Leveraging industry standards
- Restricting access to data with Windows and Linux file permissions
- Encrypting data
- Securing cloud storage