Risk Management and Incident Response for CASP (CAS-002)

CompTIA Advanced Security Practitioner is an advanced-level security certification for security professionals in an enterprise, government, or military environment. This course covers domain 2 of the CompTIA CAS-002 certification exam.
Course info
Level
Advanced
Updated
Nov 9, 2016
Duration
1h 49m
Table of contents
Course Overview
Introduction to Risk Management and Incident Response
Risk Mitigation, Planning, Strategies, and Controls
Comparing Security, Privacy Policies, and Procedures
Incident Response and Recovery Procedures
Description
Course info
Level
Advanced
Updated
Nov 9, 2016
Duration
1h 49m
Description

Threats are coming from all directions, from script kiddies to state-sponsored hacking organizations; every company and every network is a target. In this course, Risk Management and Incident Response for CASP (CAS-002), you'll first learn how to interpret business and industry influences associated with security risks. Next, you will learn about risk mitigation planning, strategies, and controls. Finally, you'll learn how to conduct incident response and recovery procedures. By the end of this course, you'll have the knowledge needed to both pass the CompTIA CAS-002 certification exam and help secure your company's IT assets from attack.

About the author
About the author

Chris is a lifelong learner and professional information technologist, trainer and IT Manager. Married with 3 children, Chris is interested in martial arts, working out, spending time with family and friends and being creative whenever possible.

More from the author
More courses by Christopher Rees
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
Hey everyone. I'm Christopher Rees and welcome to my course Risk Management and Incident Response. Which is part of the Comp T Advanced Security Practitioner Exam CAS-002. So in addition to being a trainer at Pluralsight, I'm also a former law enforcement officer who specializes in computer crimes. And I have over 30 years of Enterprise IT experience. I've been training students from all over the world on various technologies since 1998. So, why watch this course? Well, as everyone knows, IT security is a hot topic. New breeches are discovered every day. Companies are constantly at risk. Every company, whether public, or private, every government, and even every military around the world needs qualified and competent IT security professionals to ensure their critical IT assets are secured. Threats are coming from all directions at all times. Everything from Script Kitties to state sponsored hacking organizations every company, and every network is a target. So this course covers the main two of the CompTIA CAS-002 certification exam. And it's jam packed full of information on the concepts, methods, and tools used to conduct business, mergers and divestitures. As well as understanding, calculating, and most importantly minimizing risk as these data breaches occur. So a few things we'll cover in this course. Some issues and concerns around mergers and acquisitions. Some regulatory requirements, issues you need to be aware of. And the ever-changing boundaries within a company's infrastructure and their perimeter. Also, risk calculation and mitigation concepts and strategies. We'll talk about best practices around the creation of business documents, contracts, and operating agreements. And also handling data breeches through Ediscovery best practices dealing with both internal, and external threats. So by the end of this course, you'll have the knowledge needed to pass both the CompTIA, CAS-002 certification exam and help secure your companies IT assets from attack. The US Military Council counts the CAS-002 certification exam for both the DOD-8570, and also the 8140 information assurance requirements. Before beginning this course, however, you should be familiar with CompTIA Security Plus. That's a prerequisite for this course. So the information contained here along with the content in Security Plus will provide you with the information needed for the CAS-002 certification exam. So I hope you will join me on this journey to become CompTIA CAS certified with the Risk Management and Incident Response course here at Pluralsight.

Risk Mitigation, Planning, Strategies, and Controls
Hey, welcome back to Pluralsight. I'm your instructor, Christopher Rees. And in this module we're going to cover Risk Mitigation, Planning, Strategies and Controls. So in this module, we have a few things I want to go over. And remember, some of this that's actually in this module is covered in Security Plus so we're going to cover the things that are new for CASP002 that's not covered in Security Plus, okay. So again, this is the delta between those two. So go back and refer to the spreadsheet that you can download that will show you what is covered in the Security Plus or CASP002. So we're going to cover classifying information types into levels of CIA or confidentiality, integrity and availability based upon the organization or industry. We'll also cover incorporating stakeholder input into those CIA decisions. We'll cover implementing technical controls based on CIA, the requirements and the policies of the organization. We'll also cover determining the aggregate score of the CIA. And then we'll also talk about extreme scenario planning and worst case scenario, alright. So that way we can understand how we would react if and when those situations do arise, alright. And then we'll also talk about determining the minimum required security controls based upon that aggregate score. So we know what we need to put in place to mitigate the threats that are most likely to occur or most impactful. We'll talk about the risk and management process, exemptions, deterrence, inherent risk and then residual risk. So let's go ahead and get started.

Comparing Security, Privacy Policies, and Procedures
Hey, welcome back to Pluralsight. I'm your instructor, Christopher Rees, and we're going to cover security, privacy policies, and procedures based on organizational requirements. So let's go ahead and see what we have to cover in this session. So, we're going to cover the use of common business documents to support security. Alright, so we're going to talk about Interconnection Security Agreements, or ISAs, we'll talk about Operating Level Agreements, or OLAs, also Non-Disclosure Agreements and NDAs. (laughs) Alright, so this the module of acronyms, apparently. So we'll also talk about using general privacy principles for sensitive information. Alright, think PII or personally identifiable information. And that will be supporting the development of policies that contain employment and termination procedures, and also training and awareness for users.

Incident Response and Recovery Procedures
Hey, welcome back to Pluralsight. I'm your instructor, Christopher Rees, and in this module, we're going to cover Incident Response and Recovery Procedures. So, a couple main areas. We're going to talk about e-discovery and that deals mainly with electronic inventory and asset control, data retention policies, data recovery and storage, talk about data ownership, data handling and then legal holds. All of the things that revolve around e-discovery, electronic investigations, what we need to be aware of when you're investigating those types of incidents. Alright then we'll also talk about data breaches, incident response in general, what happens when someone breaches the perimeter or breaches the defense, or even an internal attack. So detection and collection, we'll talk about data analytics, and how we can use mitigation techniques to minimize the threat, minimize the breach. Also, privacy policy violations, and that deals mainly with PII, or personally identifiable information. We'll talk briefly about criminal actions and then also, insider threats. So let's go ahead and get started.