开始时间: 05/14/2018 持续时间: Unknown
Security operations and administration is the task of identifying an organization's information assets and the documentation needed for policy implementation, standards, procedures, and guidelines to ensure confidentiality, integrity, and availability. You will understand the process necessary for working with management and information owners, custodians, and users so that proper data classifications are defined. This will ensure the proper handling of all hard copy and electronic information. The Security operations and Administration course addresses basic security concepts and the application of those concepts in the day to day operation and administration of enterprise computer systems and the information that they host.Ethical considerations in general, and the (ISC)2 Code of Ethics in particular, provide the backdrop for any discussion of information security and SSCP candidates will be tested on both. Information security professionals often find themselves in positions of trust and must be beyond reproach in every way.Several core principles of information security stand above all others and this domain covers these principles in some depth. It can be said that the CIA triad of confidentiality, integrity and availability forms the basis for almost everything that we do in information security and the SSCP candidate must not only fully understand these principles but be able to apply them in all situations. additional security concepts covered in this domain include privacy, least privilege, non-repudiation and the separation of duties. Course Objectives 1. Define Code of Ethics 2. Describe the security concepts 3. Document and operate security controls 4. Describe the asset management process 5. Implement compliance controls 6. Assess compliance controls 7. Describe the change management process 8. Contribute to the security awareness training program 9. Contribute to physical security operations
Module Topics: (ISC)2 Code of Ethics, Organizational Code of Ethics, There are usually three types of controls, managerial (sometimes called administrative), Technical (sometimes called logical), and physical (sometimes called operational), Deterrent, Preventative, Detective, and Corrective Controls. Understand and Comply with Code of Ethics: In (ISC)2 Code of Ethics, you will learn about Code of Ethics, and Code of Ethics Canons. In Organizational Code of Ethics, you will learn about how a code of ethics applies to security practitioners, and applying ethical principles. Understand Security Concepts: In Confidentiality, you will learn about consequences of a breach, and ensuring confidentiality. In integrity, you will learn about consequences of integrity failure, availability, and consequences of availability failures. You will also Non-Repudiation. In Privacy, you will understand core guidelines. In least privilege, you will learn about least privilege and cots Applications. You will understand the concept of separation of duties and defense in depth, examples approaches, and additional controls. In Risk based Controls, you will learn about risk assessment data. Security concepts also covers accountability and authorization.