Security Operations and Administration

1. Section Objective

Hello and welcome to Section 4 of the Security Operations and Administration Code. Now in the section, we are going to take a look at a couple of points. We are going to learn about security operations and organisations and the administration. Let's start with the first video section objectives. In this video we are going to take a look at a couple of points. We are going to learn about the objectives of this section, and I'm going to explain the points. So let's talk about the section objectives, or what we are going to learn here in this section. So first of all, we are going to learn about asset management and how you can manage your assets and technologies inside your network. We'll learn about change management: how you are going to change your systems inside your network, how you can manage them, and configuration management: how you can check or monitor the configuration of your systems. We will also learn about impact management and how attack can impact your organization. training. That is why security training is useful for your organization's physical security operation. That's how you can secure your systems inside your network and acceptable use policy, which is what policies you should follow inside your organization. So these are the topics we are going to cover here in this section. In the next video, we are going to learn about asset management and change management.

2. Asset Management and Change Management

Hello and welcome to AssetManagement and Change Management. Now in this video we are going to take a look at a couple of points. We are going to learn first of all what assessment management is and the process is. We will also learn about change management. So let's talk about first of all, what is asset management? It is about business processes. It is designed to manage the lifecycle of technology assets. So how are you going to manage your assets inside your organization? How are you going to manage your software, hardware, and technology inside your organization? So that is an asset management process. It can reduce cost and risk in a network. Yeah, it's true. Because if you are managing your systems properly, if you are taking care of your software and hardware, it is obviously going to reduce the cost of the team as well as the machines and the risk inside the network. It can improve productivity using asset management. So if you're performing asset management, if you're managing your network or systems, then it is going to improve productivity, right? For example, if you have a server and you are using old or outdated software, obviously it is not going to improve your productivity. But if you are managing your server, if you are performing patch management, it is going to improve productivity because you are using the latest versions of software inside it. If you know more about asset management, So, what exactly is asset management, and what are the components that make it up? So first of all, asset management contains your systems. They can be client machines or they can be server machines. So these are in asset management, then the software and hardware you are using inside your network. So the software you use inside your systems or servers, the hardware, the network level hardware you use, and then the employees or people. So this all makes asset management. All right. Now let's talk about what change management is. So it controls addition, deletion, or modification in systems, correct? So, with the help of asset management, we manage our technology or assets inside our network. Now if you want to add something,delete something, or modify something inside your system, then it is in the change management process. You are changing something, right? Examples are things like hardware or software. So, if you are removing any hardware from the system or attempting to change the software, these are considered change management processes. So if you want to know about the criteria of change management, these are the criteria of budget, schedule, resource, and security. So first of all, you need to take care of the budget. What budget do you have and what can you do in that budget? What software or hardware can you purchase or can you change inside your network? Schedule You need to schedule that when you are changing the assets inside your system or network resources, what resources you have and security. We need to take care of security issues with the software or hardware we are changing. Is it more secure or not? So these are the criteria and we need to take care of these criteria. In the next video, we are going to learn about configuration management and impact management.

3. Configuration Management and Impact Management

Hello and welcome to Configuration Management and Impact Management. Now in this video we are going to take a look at a couple of points we are going to learn about. First of all, what is configuration management and the components? We will also learn about impact management. So let's talk about what is configured configuration management and what the use of configuration management is. So here you can see the first point that it is a process to establish and maintain consistency of a product's performance. That's true. So in this process, for example, organisations try to check the performance of the product or the software or hardware inside your network. It is widely used by engineering organizations, so it is widely used by engineering organizations, and they try to check the product's performance on a regular basis. So these are the components. For example, in configuration management, we take care of software, the performance of software that is outdated or not, or whether we need to change it or not. So we can check the performance of software and we can use change management to change it. If we want source code, we also analyse the source code of our software's hardware. So we also check the hardware, the performance of the hardware, if the hardware is able to detect the vulnerabilities or not, if the hardware is able to filter the traffic or not, which is coming from outside the network. So we can check the performance and product performance inside configuration management. These are the processes in configuration management. First and foremost, plan and manage how you will proceed with inconfiguration management, identification, and identification of various types of systems, hardware, software control, accounting, and finally auditing the entire network. So you can perform auditing, you can check your network, you can check the software and hardware, and that's how you can manage your network with the help of configuration management. Now let's talk about impact management. What is impact management and what is the work? So it is a process to measure the outcomes. So you can see it is going to measure the impact of this attack. For example, if an attack happens inside your network, another attack will happen inside your network. So it is going to provide you with information about the impact of this attack, its vulnerability or weakness inside your system. So these are the components in impact management: what, who, how much contribution and risk. You need to remember the components here. You can now, for example, investigate what impacts, who is responsible for them, how much they will affect your organization, the contributions of its stakeholders and attackers, and the reasoning behind them. So these are the components within impact management. In the next video, we are going to learn about security training and physical security operations.

4. Security Training and Physical Security Operations

Hello and welcome to securitytraining and physical security operations. Now, in this video, we are going to take a look at a couple of points. First of all, we will learn about security training in organisations and security operations. So let's talk first about what security training is and why we need it. So security training is an important part of the organization. That's true because, without security training, it is very hard to secure your network awareness about the latest trades. So, organisations need to provide the latest trade information to their employees so that they can secure their network websites or applications. So that's why awareness is very important in organizations. So this is a very simple example here. If the employee of an organisation is unskilled, the person has no idea about the latest rates, and the person cannot save your network from the latest attacks. So, if an attacker attempts to breach your network, the employee will not save you. all right? That's why security training is important. Provide information about the latest threats to employees, and then they can become skilled employees after security training and can perform network monitoring. They can gather information about vulnerabilities inside your network and then secure your network, right? So that's why training is very important. So give your employees security training so they can protect your network. Physical Security Operations: Physical security is important to protect systems in a network. That's true. Examples are like the sensitive data which is available in your database or the software that you are using, the hardware, the network, or the whole network inside your organization. So that's why you need to secure this data. So if you have a database on your server and you want to secure it, you have to use physical security operations. If you want to secure your software or hardware, then you have to use these operations. It includes protection from fire, theft, or natural disasters. So these are the components of physical security operations like access control, surveillance, and testing. So how can employees access your systems? Is there any authentication or not? Our systems are password protected or not. So that's how you're going to monitor your network and test your applications, software, or hardware inside your network using access control surveillance. As a result, auditing is also necessary in physical security operations. So this is all about security training and physical security operations. In the next video, we are going to learn about AUP policy enforcement.

5. AUP Policy Enforcement

Hello and welcome to the fifth video of section four of the AUP policy enforcement. Now in this video we are going to take a look at a couple of points. We are going to learn about policy enforcement. I am going to explain the points. Now let's talk about AUP. So what is a UP accessible acceptable use policy? The first point is that it is also called "fair use policy" in organizations. So this is a policy for how you are going to use the systems and services in your organization, right? That is an acceptable use policy. It is a set of rules applied by the owner, creator, and administrator. That's true because these are the rules. These are the policies that are created by the owner, the creator, or the administrator of the network. right? These are basically security policies that employees should follow. It is a common practise in organizations. Yeah, if you are working in an organization, organizations should have this kind of policy and every employee should follow this policy to stay secure and secure their network. These policies are required in any organization. So it's common practice. New members have to sign up first. Yeah, that's true. If a person is joining the organisation and he's a new member, he has to first sign the AUPacceptable Use Policy that he will follow it. Right. Then he could join examples of policies limiting unlimited internet access. Yeah, bandwidth is basically internet bandwidth. So if you are restricting the bandwidth, So that is a simple example of an acceptable use policy in an organization. Now, if we talk about the examples of acceptable use policy, the first is the screenshot capture policy. So the admin of the network can use this policy to capture the screenshots of the client machines. email policy. So, what you are sending or what you are receiving can be monitored under this acceptable use policy. Instant messaging chat policy What you use within your system, what messaging system you use, and what messages you send or receive in organisations can all be monitored. That policy, that what websites you are visiting, is regarding your work. You are visiting useless websites. So that should be monitored in acceptable usepolicies, application policies, what applications you are using, and what applications you have downloaded inside your systems. That should be monitored. Because of applications, the whole network can be compromised by an attacker. right? So these are the examples of acceptable use policies inside organizations. Now let's talk about the topics which we have covered and what we have learned in this section. So we have learned about asset management and change management and how you can check your systems and your technologies inside your network and, if they are outdated, how you can change them with the help of change management,configuration management, and impact management. That's how you can monitor the configuration of your systems and how you can respond at the time of attack. We have learned why security training is very useful and why you should provide security training to your employees' physical security operations. What are the various physical security operations in an organisation and AUP policy enforcement? So what is the acceptable use policy or fair use policy in an organisation and why should employees follow it inside the organisation to stay secure? So these are the topics we covered in this section. If we talk about the sections, then we have learned about various security operations and management systems. This is all about this section. In the next section, we are going to learn about security policies and terminologies.

ExamSnap's ISC SSCP Practice Test Questions and Exam Dumps, study guide, and video training course are complicated in premium bundle. The Exam Updated are monitored by Industry Leading IT Trainers with over 15 years of experience, ISC SSCP Exam Dumps and Practice Test Questions cover all the Exam Objectives to make sure you pass your exam easily.