Scribd Logo
Upload

Welcome to Scribd!

  • Comptia Security+ Certification Support Skills: 5.6 Security Policies and Training

    Uploaded by

    Nur Intan Sari
    9 views11 pages

    Original Title

    G634ENG_05_06

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    9 views11 pages

    Comptia Security+ Certification Support Skills: 5.6 Security Policies and Training

    Uploaded by

    Nur Intan Sari

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 11

    CompTIA Security+ Certification

    Support Skills
    5.6 Security Policies and Training

    This courseware is copyrighted © 2015 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to accompany
    the courseware may be copied, photocopied, reproduced, or re-used in any form or by any means without permission in writing from a director of gtslearning
    International Limited. Violation of these laws will lead to prosecution. All trademarks, service marks, products, or services are trademarks or registered trademarks
    of their respective holders and are acknowledged by the publisher.
    All gtslearning products are supplied on the basis of a single copy of a course per student. Additional resources that may be made available from gtslearning may
    only be used in conjunction with courses sold by gtslearning. No material changes to these resources are permitted without express written permission by a director
    of gtslearning. These resources may not be used in conjunction with content from any other supplier.
    If you suspect that this course has been copied or distributed illegally, please telephone or email gtslearning.
    Objectives
    • Describe the use of
    security policy and
    standards and guidelines
    • Understand the
    importance of operational
    policies in reducing risk
    • Understand the use of
    privacy and acceptable
    usage policies
    • Understand the
    importance of security
    awareness training
    446
    5.6 Security Policies and Training
    Corporate Security Policy

    446
    5.6 Security Policies and Training
    HR Policies
    • Recruitment (on-
    boarding)
    o Secure interview process
    o Employee screening

    • Operations
    o Employee policies (eg
    acceptable use)
    o Training and education

    • Termination /
    separation (off-
    boarding)
    448
    5.6 Security Policies and Training
    Operational Policies
    • Reduce risk of insider attacks
    • SOPs
    • Shared authority (N of M)
    • Least privilege
    • Auditing
    • Mandatory vacations
    • Job rotation
    • Whistleblowing
    • Prevent tailgating
    • Password behaviors
    • Clean desk
    449
    5.6 Security Policies and Training
    Privacy and Employee Conduct
    • Acceptable Use Policies
    o Internet
    o Personal devices / BYOD (Bring Your Own Device)

    • Privacy in the workplace

    451
    5.6 Security Policies and Training
    Standards and Best Practice
    • Standard - a standard is a measure by which to
    evaluate compliance with the policy
    • Procedure / SOP (Standard Operating
    Procedure) - step-by-step listing of the actions
    that must be completed for any given task
    • Guidance / best practice - guidelines exist for
    areas of policy where there are no procedures

    453
    5.6 Security Policies and Training
    Compliance and Laws
    • Due diligence
    • Legislation
    o Sarbanes-Oxley Act (SOX)
    o The Computer Security Act
    o Gramm–Leach–Bliley Act
    (GLBA)
    o Health Insurance Portability and
    Accountability Act (HIPAA)

    • Civil liabilities
    • Industry standards /
    regulations
    o Payment Card Industry Data
    Security Standard (PCI DSS)
    454
    5.6 Security Policies and Training
    Security Policy Training and User Habits
    • Overview of the organization's security policies and the penalties for
    non-compliance
    • Incident response identification and reporting procedures
    • Site security procedures, restrictions, and advice, including safety drills,
    escorting guests, use of secure areas, and use of personal devices
    • Data handling, including document confidentiality, PII, backup,
    encryption, and so on
    • Password and account management plus security features of PCs and
    mobile devices
    • Awareness of social engineering and malware threats, including
    phishing, websites exploits, and spam plus alerting methods for new
    threats
    • Secure use of software such as browsers and email clients plus
    appropriate use of internet access, including social networking sites
    455
    5.6 Security Policies and Training
    Role-based Training
    • Role-based training
    o Appropriate language
    o Level of technical content

    • Follow up and gather training metrics

    456
    5.6 Security Policies and Training
    Review
    • Describe the use of security
    policy and standards and
    guidelines
    • Understand the importance
    of operational policies in
    reducing risk
    • Understand the use of
    privacy and acceptable
    usage policies
    • Understand the importance
    of security awareness
    training
    458
    5.6 Security Policies and Training

    You might also like