An organization starts with security plan, and then policies are created to help execute and enforce the security objectives. Join Lisa Bock as she explores creating the security plan, key players involved, data classification systems, and the control families that are used when enforcing policies.
- [Voiceover] In order to take steps to reduce the risk…to information assets, an organization starts…with a security plan…and then policies are created to help execute…and enforce the organization security objectives.…If an organization does not have a well-defined…security plan, steps should be taken to create one.…A guideline for developing a security plan…can be found at NIST.…In this website shows special publication 800-18,…a guide for developing security plans…for federal information systems.…
Now you might not be a federal information system,…but you could modify this to meet your own needs.…Creating the plan is a multidisciplinary approach…as it is an everyone's best interest to improve…the protection of information systems and the resources.…It is an overview of what security controls are required…and a cost effect of plan for meeting the requirements…that protect the confidentiality, integrity…and availability of the information systems.…
The plan should outline responsibilities on appropriate…behavior of anyone who interacts with the system…
Security expert Lisa Bock starts with an overview of ethical hacking and the role of the ethical hacker. She reviews the kinds of threats networks face, and introduces the five phases of ethical hacking, from reconnaissance to covering your tracks. She also covers penetration-testing techniques and tools. The materials map directly to the "Introduction to Ethical Hacking" competency from the CEH Body of Knowledge, and provide an excellent jumping off point for the next courses in this series.
Note: Our Ethical Hacking series will map to the 18 parts of the EC-Council's certification exam. Find more courses in the series on Lisa's author page.
- Ethical hacking principles
- Managing incidents
- Creating security policies
- Protecting data
- Conducting penetration testing
- Hacking in phases