CompTIA CySA+ (CS0-002) Cert Prep: 7 Compliance and Assessment

Introduction

• Compliance and assessment
• What you should know
• Study resources

1. Privacy

• Privacy and security
• Limiting data collection
• Privacy compliance
• Privacy assessments

2. Security Governance

• Aligning security with the business
• Organizational processes
• Security roles and responsibilities
• Security control selection
• Control frameworks

3. Nontechnical Controls

• Information classification
• Data security policies
• Data security roles
• Data sovereignty

4. Data Controls

• Data anonymization
• Data obfuscation
• Don't use the last four digits of SSNs
• Data loss prevention
• Information rights management

5. Risk Management

• Risk assessment
• Quantitative risk assessment
• Risk treatment options
• Risk management frameworks
• Risk visibility and reporting

6. Assessing Security Processes

• Management review
• Metrics and measurements
• Audits and assessments
• Control management
• Certification and accreditation
• Maturity models

7. Supply Chain Assessment

• Managing vendor relationships
• Vendor agreements
• Vendor information management

8. Security Policies

• Security policy framework
• Security policies

Conclusion

• What's next