Risk, Response and Recovery
Shon Harris
The fast, powerful way to prepare for your SSCP exam!
Get all the hands-on training you need to pass (ISC)²’s tough SSCP exam, get certified, and move forward in your IT security career! In this online video, the world’s #1 information security trainer walks you through every skill and concept you’ll need to master. This online video contains almost six hours of training adapted …
Risk, Response and Recovery
Shon Harris
The fast, powerful way to prepare for your SSCP exam!
Get all the hands-on training you need to pass (ISC)²’s tough SSCP exam, get certified, and move forward in your IT security career! In this online video, the world’s #1 information security trainer walks you through every skill and concept you’ll need to master. This online video contains almost six hours of training adapted from Shon Harris’s legendary five-day SSCP boot camps–including realistic labs, scenarios, case studies, and animations designed to build and test your knowledge in real-world settings!
Comprehensive coverage of SSCP domains of knowledge:
. Risk Management
. Project Sizing
. Potential Disasters
. Equipment Replacement
. Computer Forensics
. Network Monitoring
About the Shon Harris Security Series
This online video is part of a complete library of books, online services, and videos designed to help security professionals enhance their skills and prepare for their certification exams. Every product in this series reflects Shon Harris’s unsurpassed experience in teaching IT security professionals.
Category: Security
System Requirements
OPERATING SYSTEM: Windows 2000, XP, or Vista; Mac OS X 10.4
(Tiger) or later
MULTIMEDIA: DVD drive; 1024 x 768 or higher display; sound card
with speakers
COMPUTER: 500MHz or higher CPU; 128MB RAM or more
Course Introduction 00:17:17
Domain 3 - Risk, Response and Recovery 00:01:00
Risk Management 00:00:56
Why Is Risk Management Difficult? 00:01:24
Necessary Level of Protection Is Different for Each Organization 00:00:56
Security Team/Committee 00:01:42
Risk Management Process 00:00:44
Analysis Paralysis 00:00:51
Planning Stage - Scope 00:02:04
Planning Stage - Analysis Method 00:01:01
Risk Management Tools 00:01:50
Defining Acceptable Levels 00:02:24
Acceptable Risk Level 00:00:52
Collecting and Analyzing Data Methods 00:01:04
What Is a Company Asset? 00:00:48
Data Collection - Identify Assets 00:01:01
Data Collection - Assigning Values 00:01:34
Asset Value 00:01:03
Data Collection - Identify Threats 00:01:20
Data Collection - Calculate Risks 00:01:38
Scenario Based - Qualitative 00:00:43
Risk Approach (1) 00:00:40
Qualitative Analysis Steps 00:00:56
Want Real Answers? 00:00:53
Qualitative Risk Analysis Ratings 00:01:21
Quantitative Analysis (1) 00:01:19
How Often Will This Happen? 00:00:37
ARO Values and Their Meaning 00:06:51
ALE Calculation 00:00:56
Can a Purely Quantitative Analysis Be Accomplished? 00:01:25
Risk Types 00:00:39
Examples of Types of Losses 00:00:35
Delayed Loss 00:00:50
Cost/Benefit Analysis 00:00:58
Cost of a Countermeasure 00:01:21
Cost/Benefit Analysis Countermeasure Criteria 00:02:55
Calculating Cost/Benefit 00:01:01
Controls 00:00:30
Control Selection Requirements 00:01:31
Quantitative Analysis (2) 00:01:39
Qualitative Analysis Approach 00:00:30
Qualitative Analysis Disadvantages 00:00:49
Can You Get Rid of All Risk? 00:00:21
Calculating Residual Risk 00:02:13
Uncertainty Analysis 00:01:11
Dealing with Risk 00:01:20
Management’s Response to Identified Risks 00:01:51
Risk Acceptance 00:01:42
Risk Analysis Process Summary 00:01:08
Needs for BCP 00:00:38
Is Your Organization Prepared? 00:02:33
Is Your Company Prepared? 00:00:38
9/11 Changed Mentalities About BCP 00:00:55
Disaster Affected Many 00:00:42
America Is Rebuilding 00:00:36
Partial FEMA Disaster List for 2005 00:00:53
Do We Have a Plan? 00:02:15
What Is the Purpose of a BCP? 00:02:26
More Reasons to Have Plans in Place 00:02:02
Framework 00:00:39
BCP Is a Core Component of Every Security Program 00:01:01
Steps of BCP Process 00:01:56
Different BCP Model 00:01:15
Documentation 00:01:08
BCP Policy Outlines 00:01:43
Who Is In Charge and Who Can We Blame? 00:01:52
What’s Needed In a Team? 00:00:51
BCP Development Team 00:01:31
Project Sizing 00:01:44
Properly Determining Scope Is Important 00:00:50
BCP Risk Analysis Steps 00:02:11
BIA Steps 00:01:28
Information from Different Sources 00:01:18
Analysis 00:01:09
Critical Functions 00:03:08
Interdependencies 00:00:45
Well, Of Course an Organization Knows How It Works! 00:00:54
Business Silos 00:02:16
BIA Steps (Cont.) 00:02:26
Who Connects to Who? 00:00:38
BIA Steps (Cont.) 00:02:00
MTD 00:00:31
Example 00:01:52
MTD Definitions 00:01:15
BIA Steps (Cont.) 00:02:54
Thinking Outside of the Box What If.. 00:00:55
Biological Threats 00:00:46
BIA Steps (Cont.) 00:00:56
Potential Disasters 00:02:26
Risk Approach (2) 00:00:42
Ranking by Risk Level 00:01:02
Potential Losses 00:01:14
Include All RISK Components 00:03:00
BIA Steps (Cont.) 00:01:27
Alternate Business Process Procedures 00:02:36
Business Process Reconstruction 00:02:03
Facility Recovery 00:00:38
Facility Backups - Hot Site 00:00:52
Facility Backups - Warm Site 00:00:58
Facility Backups - Cold Site 00:00:43
Compatibility Issues with Offsite Facility 00:02:04
Tertiary Sites 00:00:56
Subscription Costs 00:02:17
Multiple Processing Centers 00:00:51
Location, Location, Location 00:01:08
Other Offsite Approaches 00:01:51
Security Does Not Stop 00:01:12
More Options 00:02:01
Rolling Hot Site 00:00:58
Recovery Strategies (Cont.) 00:00:41
Supply and Technology Recovery 00:01:44
VoIP 00:01:07
Equipment Replacement 00:03:23
What Items Need to Be Considered? 00:01:31
Priorities 00:00:09
Anything Else? 00:00:42
Replacements 00:01:43
Recovery Strategies (Cont.) 00:03:14
Co-Location 00:00:51
Data Recovery 00:01:52
Backup Redundancy 00:01:52
Recovering Data 00:00:41
Automated Backup Technologies 00:02:04
Tape Vaulting 00:01:59
Data Recovery (Cont.) 00:00:41
Clustering for Fault Tolerance 00:01:30
Disk or Database Shadowing 00:01:27
Which Option to Use 00:00:31
Cost Effective Measures 00:01:14
Resources, Time, Solutions 00:00:46
Determining Recovery Solutions 00:01:31
Cost and Recovery Times 00:00:54
Proactive 00:01:10
Recovery Solutions 00:00:48
Preventative Measures 00:01:18
Reviewing Insurance 00:00:50
Results from the BIA 00:01:12
Now Ready to Develop the Plan 00:01:50
Products That Can Help 00:01:05
Plan Components 00:01:39
External Groups 00:01:25
Policy Components 00:00:43
Damage Assessment 00:01:39
Notifying Personnel 00:01:16
Plan Activation 00:00:42
Emergency Response 00:00:47
Policy Components (Cont.) 00:00:35
Recovery Procedures 00:00:45
Documentation of Recovery Steps 00:01:12
Policy Components (Cont.) 00:02:41
Returning to Original Facility 00:01:09
Disaster Hit - Now What? 00:01:05
Termination of BCP 00:01:05
Life Cycle 00:00:48
Who Has the Plan? 00:00:51
Results 00:00:32
Types of Tests to Choose From 00:03:49
Test Objectives 00:01:02
Training Requirements 00:01:22
Lessons Learned 00:00:36
What Is Success? 00:00:51
Out of Date? 00:01:01
Keeping It Current 00:00:52
Change Control 00:00:58
Resulting Plan Should Contain.. 00:01:24
Phases of the BCP 00:00:54
Agenda 2 00:02:43
Countries Working Together 00:01:00
Security Principles for International Use 00:00:39
Determine If a Crime Has Indeed Been Committed 00:00:49
Bringing In Law Enforcement 00:01:41
Citizen versus Law Enforcement Investigation 00:01:50
Role of Evidence In a Trial 00:00:34
Evidence Requirements 00:00:37
Chain of Custody (1) 00:00:59
How Is Evidence Processed? 00:01:19
Hearsay Evidence 00:01:07
Agenda 3 00:02:17
Evidence Collection Topics 00:01:57
Computer Forensics 00:02:08
Hidden Secrets 00:05:26
Trying to Trap the Bad Guy 00:04:09
Companies Can Be Found Liable 00:03:06
Why Incident Response? 00:02:41
Incident Response Alarms 00:01:37
Threats 00:00:45
Incident Response Framework 00:05:04
Preparation and Planning 00:02:29
IRT - Incident Response Team 00:03:55
Incident Response Team - Mission 00:02:03
Incident Response Team - Objectives 00:04:49
Incident Response Team - Priorities 00:02:14
Incident Response Team - Liaisons 00:05:28
Detection 00:01:29
Chain of Custody (2) 00:01:34
Poking into Network Traffic 00:01:01
Snort 00:02:13
Containment 00:01:00
Containment - Some Considerations 00:02:45
Notification 00:02:18
Investigation 00:01:42
Rules of Evidence 00:02:08
Acceptable Evidence 00:02:18
Exclusionary Rules 00:00:55
Evidence Recognition 00:00:53
Evidence Discovery 00:01:46
Search and Seizure 00:02:01
Network Monitoring 00:04:48
Reviewing System Logs 00:01:52
Interviewing 00:01:16
Terminating the Investigation 00:01:21
Recovery 00:00:56
Response 00:01:18
Follow-Up 00:03:33
Electronic Forensic 00:01:57
Media Analysis Procedures 00:00:44
Media Analysis - IACIS Framework 00:02:53
Step 1 - Sterile Media 00:00:57
Step 2 - Legal Software 00:01:00
Step 3 - Physical Examination of the Evidence 00:01:51
Step 4 - Avoid Altering the Evidence 00:02:29
Step 5 - Capture Date/Time and CMOS (RTC/NVRAM) Information 00:01:56
Step 6 - Create an Exact Image 00:00:56
Step 7 - Logically Examine the Image 00:01:54
Step 8 - Examine the Boot Record Data and User-Defined Files 00:01:05
Step 9 - Recover and Examine All Deleted Files 00:01:36
Step 10 - Create a Listing of All Files 00:01:05
Step 11 - Examine Unallocated Space for Lost or Hidden Data 00:00:56
Step 12 - Examine File Slack 00:02:51
Step 13 - Examine All User Created Files 00:02:20
Step 14 - Unlock and Examine Password-Protected Files 00:01:14
Step 15 - Create Printouts of All of the Apparent Evidence 00:01:41
Step 16 - Examine Executable Files and Run Applications 00:01:32
Step 17 - Write the Forensic Analysis Report 00:01:30
Domain 3 Review 00:02:28