9781111640125_IM_ch14

Security+ Guide to Network Security Fundamentals

Info iconThis preview shows pages 1–4. Sign up to view the full content.

View Full Document Right Arrow Icon
Security+ Guide to Network Security Fundamentals, Fourth Edition 14-1 Chapter 14 Risk Mitigation At a Glance Instructor’s Manual Table of Contents Overview Objectives Teaching Tips Quick Quizzes Class Discussion Topics Additional Projects Additional Resources Key Terms
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Security+ Guide to Network Security Fundamentals, Fourth Edition 14-2 Lecture Notes Overview The evolution of the security field has seen a shift in focus from fear to attempts at true business alignment. Like other areas of support, the information security area must be able to quantify and measure success. In terms of information security, we do this by understanding the residual risk to the organization. You will discover in this chapter how to control risk and implement many of the foundation documents that are the basis for controlling risk, which are the policies that control behavior of personnel. Chapter Objectives Explain how to control risk List the types of security policies Describe how awareness and training can provide increased security Teaching Tips Controlling Risk 1. Define the following terms and be sure that the students understand them. a. Threat. A type of action that has the potential to cause harm. b. Threat agent. A person or element that has the power to carry out a threat. c. Vulnerability. A flaw or weakness that allows a threat agent to bypass security. d. Risk. The likelihood that the threat agent will exploit the vulnerability. 2. Discuss the classifications of risks. User Table 14-1 to illustrate your discussion. 3. Explain that a privilege is a subject’s access level over an object, such as a user’s ability to open a payroll file. 4. Discuss privilege management and the purpose of privilege auditing. 5. Use Figure 14-1 to illustrate sample user access and rights review. 6. Explain that change management refers to a methodology for making modifications and keeping track of those changes. 7. Note that the duties of the CMT include: a. Review proposed changes. b. Ensure that the risk and impact of the planned change are clearly understood. c. Recommend approval, disapproval, deferral, or withdrawal of a requested change. d. Communicate proposed and approved changes to coworkers.
Background image of page 2
Security+ Guide to Network Security Fundamentals, Fourth Edition 14-3 8. Explain that incident response may be defined as the components required to identify, analyze, and contain that incident. 9. Define incident management as the “framework” and functions required to enable incident response and incident handling within an organization. Reducing Risk Through Policies 1. Explain that security policy is a way to reduce risks. 2. Emphasize that it is important to know what a security policy is, how to balance trust and control, the process for designing a policy, and what the different types of policies are.
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 4
This is the end of the preview. Sign up to access the rest of the document.

This document was uploaded on 03/01/2012.

Page1 / 11

9781111640125_IM_ch14 - Security+ Guide to Network Security...

This preview shows document pages 1 - 4. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online