Certified Information Systems Security Professional, Part 1 of 9: Risk and Authentication
Interactive

Certified Information Systems Security Professional, Part 1 of 9: Risk and Authentication

LearnNow Online
Updated Aug 21, 2018

Course description

This course covers risk management and authentication. It will look at risk from a negative perspective or the likelihood of something bad happening. Topics covered will be plans, programs and infrastructure providing the foundation for all other domains including access control, validating, and verifying the use of resources. This course is part of a series covering the ISC(2) Certified Information Systems Security Professional or CISSP.

Each LearnNowOnline training course is made up of Modules (typically an hour in length). Within each module there are Topics (typically 15-30 minutes each) and Subtopics (typically 2-5 minutes each). There is a Post Exam for each Module that must be passed with a score of 70% or higher to successfully and fully complete the course.


Prerequisites

This series assumes a good understanding of enterprise networking and networking security.


Meet the expert

Kevin Henry

Kevin is an international author, consultant and international

speaker. He is the official course development writer for ISC2 CISSP, ISACA CRISC and mile2’s C)ISSO. Kevin has been educating IT professionals for over 30 years. He also provides cyber security consulting and support services for organizations around the world. Assisting them with setting up Information Security programs and addressing areas ranging from in-depth risk analysis to policy creation and security awareness.

Video Runtime

176 Minutes

Time to complete

236 Minutes

Course Outline

Risk Assessment

Risk Definitions (19:15)

  • Introduction (00:14)
  • Risk Management Flow (05:41)
  • Risk Definitions (00:55)
  • What Is the Value of an Asset (00:55)
  • What Is a Threat Source/Agent (01:25)
  • What Is a Threat (00:48)
  • What Is a Vulnerability (00:42)
  • Examples of Non-Obvious Vulnerabilties (02:12)
  • What Is a Control (01:27)
  • What is Likelihood (02:45)
  • What Is Impact (01:01)
  • Control Effectiveness (00:55)
  • Summary (00:08)

Risk Management (09:53)

  • Introduction (00:11)
  • Agenda (00:12)
  • Risk Management (04:44)
  • Risk Response and Monitoring (01:44)
  • Purpose of Risk Management (02:52)
  • Summary (00:08)

Risk Assessment (19:15)

  • Introduction (00:13)
  • Risk Assessment (04:42)
  • Why Is Risk Assessment Difficult (02:27)
  • Different Approaches to Analysis (01:16)
  • Quantitative Analysis (01:52)
  • Threat Analysis and Annual Loss Expectency (00:44)
  • Quantitative Analysis Continued (01:18)
  • ALE Value Uses (00:29)
  • Qualitative Analysis: Likelihood (01:32)
  • Qualitative Analysis - Impact (00:33)
  • Qualitative Analysis - Risk Level (00:52)
  • Qualitative Analysis Steps (03:04)
  • Summary (00:08)

Responding to Risk (08:54)

  • Introduction (00:14)
  • Completion of Risk Assessment (00:22)
  • Risk Response (01:11)
  • Management's Response to Identified Risks (06:57)
  • Summary (00:08)

Introduction to Security

Understanding Security (12:00)

  • Introduction (00:05)
  • What Is Information Security (01:37)
  • What Is Information Security Continued (01:26)
  • The Information Security Triad (06:47)
  • Understanding the Business (01:55)
  • Summary (00:08)

Security Controls (20:57)

  • Introduction (00:50)
  • Setting up a Security Program (03:48)
  • Enterprise Security Program (02:47)
  • Building a Foundation (01:49)
  • Planning Horizon Components (02:14)
  • Enterprise Security: The Business Requirements (01:22)
  • Enterprise Security Program Components (01:28)
  • Control Types (01:35)
  • "Soft" Controls (01:05)
  • Technical or Logical Controls (00:14)
  • Physical Controls (00:29)
  • Roadmap to Maturity (01:23)
  • Program Monitoring (01:39)
  • Summary (00:08)

Roles and Responsibilities (13:07)

  • Introduction (00:15)
  • Senior Management's Role in Security (02:54)
  • Security Roles and Responsibilities (04:41)
  • Roles and Responsibilties (01:40)
  • Agenda (00:05)
  • Security Program Components (00:46)
  • Information Security Policy (01:18)
  • Security Policy Review (00:31)
  • Implementing Policy (00:43)
  • Summary (00:08)

Human Resources (11:21)

  • Introduction (00:08)
  • Agenda (00:11)
  • Security and the Human Factors (00:29)
  • Employee Management (00:46)
  • Human Resources Issues (01:42)
  • Importance to Security (00:36)
  • Recruitment Issues (00:23)
  • Termination of Employment (01:09)
  • Human Resources Practices (01:21)
  • Types of Training (01:04)
  • Quality Training (00:35)
  • Informing Employees About Security (01:06)
  • Enforcement (00:41)
  • Security Enforcement Issues (00:41)
  • Summary (00:13)
  • Summary (00:08)

Authentication

Access Control Methodology (12:54)

  • Introduction (01:01)
  • Access Control Administration (01:44)
  • Accountability and Access Control (01:20)
  • Trusted Path (00:58)
  • Who Are You? (01:04)
  • Authentication Mechanism (00:34)
  • Strong Authentication (00:27)
  • Authorization (04:01)
  • Access Criteria (00:36)
  • Fraud Controls and Access Control Mechanisms (00:57)
  • Summary (00:08)

Biometrics and Passwords (24:31)

  • Introduction (00:06)
  • Biometric Technology (01:24)
  • Biometrics Enrollment Process (00:50)
  • Downfalls to Biometric Use (00:45)
  • Biometrics Error Types (02:00)
  • Biometrics Diagram (02:31)
  • Biometric System Types (02:14)
  • Agenda (00:10)
  • Passwords and PINs (01:05)
  • Password Shoulds (02:33)
  • Password Attacks (01:45)
  • Countermeasures for Password Cracking (01:52)
  • Cognitive Password (00:47)
  • One-Time Password Authentication (01:21)
  • Agenda (00:04)
  • Synchronous Token (01:07)
  • Asynchronous Token Device (00:16)
  • Cryptographic Keys (00:29)
  • Passphrase Authentication (00:37)
  • Memory Cards and Smart Cards (02:18)
  • Summary (00:08)

Single Sign-on (14:42)

  • Introduction (00:31)
  • Single Sign-on Technology (01:29)
  • Different Technologies (01:22)
  • Scripts and Directory Services (00:51)
  • Thin Clients (00:36)
  • Kerberos as a Single Sign-on Technology (00:20)
  • Tickets (01:04)
  • Kerberos Components Working Together (01:14)
  • Major Components of Kerberos (01:13)
  • Kerberos Authentication Steps (01:47)
  • Purpose of Kerberos (00:37)
  • Issues Pertaining to Kerberos (01:55)
  • SESAME as a Single Sign-on Technology (00:54)
  • Federated Authentication (00:34)
  • Summary (00:08)

Intrusion Detection Systems (09:06)

  • Introduction (00:23)
  • Host-Based IDS (01:22)
  • Network-Based IDS Sensors (00:42)
  • Types of IDSs (02:11)
  • Behavior-Based IDS (00:39)
  • IDS Response Mechanisms (00:42)
  • IDS Issues (01:32)
  • Trapping an Intruder (00:52)
  • Summary (00:30)
  • Summary (00:08)
;