Security monitoring raises a series of legal and ethical issues. In this video, Mike Chapple explains the legal and privacy issues associated with collecting, storing, and analyzing security information in different jurisdictions.
- [Narrator] Security monitoring provides…Analysts with access to a wide variety of information.…Let's think for a moment about some…of the types of data that we have in our logs.…We might use a tool like Wireshark to sniff…network traffic, giving us real-time access…to packets that travel on the network.…We can use this access to reconstruct…a user's activity, and see everything…that they send and receive on the network.…We also have access to firewall logs that capture…connection activity to and from external systems.…
These logs give us an idea of the systems…involved in network communications.…Other log records provide other personal…and sensitive details about people's activity.…We might have access to the browsing history of users,…the contents of files that they store on servers,…personally identifiable information…about them stored in databases,…and geolocation information from mobile devices.…It's important to remember that just because we can…access this information doesn't mean that we should do so.…
Author
Mike Chapple
Updated
5/18/2018Released
1/11/2018- Risk management actions
- Ongoing risk management
- Risk management frameworks
- Scanning for threats and vulnerabilities
- Advanced vulnerability scanning
- Monitoring log files
- Code review and code tests
- Test coverage analysis
Skill Level Intermediate
Duration
Views
Q: This course was updated on 05/18/2018. What changed?
A: New videos were added that cover identifying threats, understanding attacks, technology and process remediation, remediating vulnerabilities, and security monitoring. In addition, the following topics were updated: risk management and monitoring log files.
-
Introduction
-
Welcome1m 26s
-
-
1. Risk Management
-
Risk management4m 52s
-
Quantitative risk assessment6m 41s
-
Risk management actions4m 3s
-
Ongoing risk management2m 26s
-
Risk management frameworks3m 47s
-
-
2. Threat Modeling
-
Identifying threats2m 21s
-
Understanding attacks4m 11s
-
-
3. Threat Assessment
-
Security assessment tools5m 21s
-
Assess threats3m 14s
-
Threat assessment techniques2m 41s
-
Penetration testing2m 36s
-
Interpreting CVSS scores3m 22s
-
Analyzing scan reports3m 59s
-
-
4. Remediating Vulnerabilites
-
Report scan results4m 43s
-
Prioritize remediation3m 46s
-
-
5. Security Monitoring
-
Monitor log files6m 20s
-
Visualization and reporting3m 22s
-
Compliance monitoring2m 45s
-
-
6. Software Testing
-
Code review2m 50s
-
Code tests2m 41s
-
Fuzz testing6m 44s
-
Interface testing3m 29s
-
Misuse case testing2m 37s
-
Test coverage analysis2m 44s
-
-
Conclusion
-
What's next?43s
-
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.
Share this video
Embed this video
Video: Legal and ethical issues in monitoring