Domain 5 Agenda

Module 1: Understand Data Security

Domain 5
Module 2: Understand System
Security Operations Hardening
Module 3: Understand Best Practice
Security Policies
Module 4: Understand Security Awareness
Training
 Module 1: Understand Data Security

1. Concepts of security operations

2. Data handling best practices.
3. Key concepts of logging and monitoring.
4. Different types of encryption and their common uses

3
 Hardening

Hardening is the process of applying

secure configurations (to reduce the
attack surface)

1. Remove unnecessary services

2. Update software and firmware
3. Enable firewalls
4. Use strong authentication with MFA
5. Conduct regular security
assessments
4
 Data Lifecycle

Create Share Archive

Store Use Destroy

5
 Data Handling Practices

Data
Classification
The process of recognizing
the organizational impacts if
the information suffers any
security compromises
related to its characteristics
of Confidentiality, Integrity
and Availability.

6
 Data Handling Practices

Data Confidential
Labeling
Adding descriptive
Internal
metadata or tags to data
to provide context and
improve data management
and security
Public

7
 Data Handling Practices
Data
Retention
The practice of storing data for a
specific period of time, after which
it is either deleted or archived.
The retention period is usually
determined by legal or regulatory
requirements, business needs, or
security policies.

8
 Data Handling Practices

Data
Destruction
The process of destroying data
stored on tapes, hard disks and
other forms of electronic media
so that it is completely
Remanence
unreadable and cannot be Residual information
accessed or used for remaining on storage
unauthorized purposes. media after clearing.
9
 Data Destruction Options

It is also called Multiple overwrites Physically damaging

“overwriting” or of the storage or destroying a data
“zeroizing” which is device using special storage device using
writing multiple software that Shredding or
patterns of random ensures that the Crushing for
values throughout original data cannot example
all storage media be recovered by any
means 10
 Event Logging and Monitoring
Security Information and
Event Management (SIEM) is a
security solution that helps
organizations recognize
potential security threats and
vulnerabilities before they have
a chance to disrupt business
operations. SIEM offers real-
time monitoring and analysis of
events as well as tracking and
logging of security data for
compliance or auditing
purposes.
11
 Ingress & Egress Monitoring

Egress Ingress

12
 Encryption
Cryptography, or cryptology, is the practice and study of
techniques for secure communication and data

Encryption is the process of encoding information. This process

converts the original representation of the information, known as
plaintext, into an alternative form known as ciphertext.

13
Cryptanalysis: the process of
analyzing cryptographic security systems to
breach them and gain access to the
contents of encrypted messages, even if the
cryptographic key is unknown.

Cryptanalysis attacks/methods:
• Brute force attack
• Frequency analysis
• Side-channel attacks
• Ciphertext-only attack
• Known ciphertext/plaintext pairs
• Chosen plaintext or chosen ciphertext
14
15
 Symmetric Cryptography

⦿ Same/single/shared/session key in
both the encryption and the decryption
processes
⦿ Key cannot be sent in the same channel
as the encrypted message (out-of-Band)
⦿ The biggest disadvantage of symmetric
key cryptography is key management.
For two parties to communicate
securely, they must share the same key.
This can be difficult to manage, especially
if there are many parties involved or if
the key needs to be changed frequently. 16
 Asymmetric Cryptography

⦿ Asymmetric encryption uses one key to

encrypt and a different key to decrypt
the input plaintext.
⦿ Each party (sender/receiver) must
generate a key pair (private and public
keys)
⦿ Private key is kept secret
⦿ Public key can be shared
⦿ A Public Key Infrastructure (PKI)
implementation is required to ensure
the strength of the key generation
process
17
 Cryptography Advantages

⦿ Confidentiality ⦿ Integrity & Authentication

Encryption provides confidentiality Encryption provides both integrity and

by scrambling data using a secret key authenticity by using cryptographic
or algorithm so that it is unreadable mechanisms to ensure that data has not
to anyone who does not have the been tampered with and that the
corresponding key to decrypt it. identity of the sender is verified.

18
 Integrity & Authentication
⦿ Hash functions ⦿ Digital Signatures
A hash function is a one-way A digital signature is a mathematical
mathematical algorithm that takes in technique used to ensure the authenticity,
an input message of arbitrary length integrity, and non-repudiation of electronic
and produces a fixed-size output. messages. It is a cryptographic code that is
attached to the electronic message, and it is
unique to the signer.

(Private Key)

19
 Password Hashing and Salting
Hash collision

No Salting
With Salting
20
Digital Signatures

21
 Domain 5 Agenda
Domain 5 Module 1: Understand Data Security

Security Operations Module 2: Understand System Hardening

& Configuration Management
Module 3: Understand Best Practice
Security Policies
Module 4: Understand Security Awareness
Training
 Hardening

Hardening is the process of applying

secure configurations (to reduce the
attack surface)
1. Remove unnecessary services
2. Update software and firmware
(Patching)
3. Enable firewalls
4. Use strong authentication with MFA
5. Conduct regular security
assessments
3
 Configuration Management

Configuration Management (CM) is

the process of identifying, organizing,
testing, approving and managing the
changes made to a system's
components throughout their lifecycle.

This includes hardware, software,

documentation, and other related items.

4
 Configuration Management
Components
A validation process that involves testing
Defining the minimum level of protection
and analysis, to verify that nothing was
that can be used as a reference point
broken by a newly applied change

Change Verification
Identification Baseline
Control & Audit

Defining and identifying the systems An update process for requesting changes
that need to be managed to a baseline, system or component

5
 Inventory

A list of hardware, software, and

other IT assets that an organization
possesses. This includes all devices,
such as computers, servers, mobile
devices, routers, switches, and
other networking equipment, as
well as software applications,
databases, and other digital assets.

6
 Domain 5 Agenda
Domain 5 Module 1: Understand Data Security

Security Operations Module 2: Understand System Hardening

& Configuration Management
Module 3: Understand Best Practice
Security Policies
Module 4: Understand Security Awareness
Training
3
 Data Handling/Protection Policy

Data Handling Policy is a security policy dedicated to standardizing the

use, monitoring, and management of data. The main goal of this policy is
to protect and secure all data consumed, managed, and stored by the
organization.
It is made available to company employees, as well as third parties,
responsible for handling or processing sensitive data.

The policy defines:

• Data ownership
• Data classification
• Access authorization
• Data monitoring and logging
• Employee Training
4
 Password Policies and Guidelines

A Password Policy a set of requirements for passwords in an

organization. This can include requirements related to the
length and complexity of the password, the expiration period,
password reuse and disallowing known breached passwords.

A password policy is often part of an organization's official

regulations and should describe senior leadership's
commitment to ensuring secure access to data. It may be also
taught as part of security awareness training.

5
 Acceptable Use Policy (AUP)

An acceptable use policy (AUP) is a document

stipulating constraints and practices that a user must
agree to for access to a corporate network, the internet
or other resources

Each employee should be required to sign a

copy of the AUP before being granted access to
information, systems or network resources

6
 Bring Your Own Device (BYOD)

BYOD (Bring Your Own Device) is a policy that

allows employees in an organization to use their
personally owned devices for work-related activities.

A BYOD policy is best

implemented and enforced with
the support of a BYOD security
solutions, which is also called
Mobile Device Management
(MDM)

7
 Privacy Policy
• Personally Identifiable Information (PII)
Examples: social security number (SSN), passport number,
driver's license number, taxpayer identification number,
patient identification number, financial account number, or
credit card number.

• electronic Protected Health Information (ePHI)

Examples: Medical records and lab tests

A privacy policy is a statement or legal document (in

privacy law) that discloses some or all of the ways a party
gathers, uses, discloses, and manages a customer or client's
data.
8
 Change Management Policy

Change Management Policy is the

guiding standard that describes the
procedures for and specifies the rules
and levels of authorization required to
approve, different types of Changes.

Change management is the discipline

of transitioning from the current state
to a future state

9
 Security Awareness Training
❑ Humans are the weakest link in cybersecurity

❑ 88-95% of all successful cyberattacks are caused by human error

❑ Social engineering refers to all techniques aimed at talking a target

into revealing specific information or performing a specific action for
illegitimate reasons.
o Phishing
o Vishing
o Pretexting
o Baiting
o Tailgating
10
 Security Awareness Training
❑ The purpose of awareness training is to make sure everyone knows
what is expected of them, based on responsibilities and
accountabilities

Awareness Training Education

Changing user Targeted for IT security
attitudes/behavior to Teaching people the professionals and
realize the importance skills that will enable focuses on developing
of security and the them to perform their the ability and vision to
adverse consequences jobs more effectively perform complex, multi-
of its failure disciplinary activities.

11