SSCP Cert Prep: 1 Access Controls

Introduction

• Conducting cybersecurity operations
• What you need to know
• Study resources

1. The Security Triad

• The goals of information security
• Confidentiality
• Integrity
• Availability
• Ethics

2. Security Principles

• Accountability
• Privacy compliance
• Employee privacy
• Need to know and least privilege
• Separation of duties and responsibilities

3. Resource Security

• Physical asset management
• Software licensing
• Change and configuration management

4. Data Security

• Understanding data security
• Data security policies
• Data security roles
• Limiting data collection
• The data lifecycle

5. Security Standards

• Developing security baselines
• Leveraging industry standards
• Customizing security standards

6. Security Controls

• Security control selection and implementation
• Control frameworks
• Security policy framework

7. Assessing Security Controls

• Collect security process data
• Management review
• Security metrics
• Audits and assessments
• Control management

8. Awareness and Training

• Security awareness and training
• Compliance training
• User habits
• Social engineering
• Measuring compliance and security posture

9. Physical Security

• Site and facility design
• Data center environmental controls
• Data center environmental protection
• Physical access control
• Visitor management

Conclusion

• Continuing your studies