Security Procedures - CompTIA Security+ SY0-701 - 5.1

Professor Messer
9 Dec 202307:02

Summary

TLDRThe video script discusses essential security procedures in organizations, emphasizing change management to prevent downtime and errors. It outlines steps including risk assessment, formal plans, and approval processes via a change control board. The script also covers onboarding and offboarding processes, the importance of playbooks for incident response, and the integration of SOAR platforms for automation. It highlights the need for continuous monitoring and updating of security postures, governance structures, and the unique considerations for public sector organizations.

Takeaways

  • 🔄 Change management ensures systematic processes for changes in systems to prevent downtime and errors.
  • 📋 Steps in change management include determining the scope, assessing risk, and creating a formal plan.
  • ✅ A change control board approves and schedules changes, ensuring there's a backup plan.
  • 👋 Onboarding involves providing new hires with necessary resources and ensuring they have the right permissions.
  • 🚪 Offboarding includes managing user assets and data, and disabling accounts to retain important information.
  • 📚 Playbooks outline step-by-step procedures for specific events like data breaches or ransomware recovery.
  • 🤖 SOAR platforms integrate and automate tasks across diverse systems to improve efficiency.
  • 🔍 Continuous monitoring and updating of processes are essential to maintain security and efficiency.
  • 🛡️ Governance involves a board setting objectives and committees implementing them, with different approaches for public and private sectors.
  • 🏛️ Public sector governance focuses on legal, administrative, and political issues with meetings open to the public.

Q & A

  • What is the primary purpose of change management in an organization?

    -The primary purpose of change management is to ensure there are processes and procedures in place for every change made to systems, which helps prevent downtime, confusion, and mistakes during changes.

  • What are the initial steps taken in the change management process?

    -The initial steps in change management include determining the scope of the change, assessing the risk involved, and creating a formal plan for the change.

  • What is the role of a change control board in an organization?

    -A change control board is responsible for analyzing all proposed changes, approving and scheduling them, and ensuring there is a backup plan in case something goes wrong during the change process.

  • Why is it important to document changes made during the change management process?

    -Documenting changes is important so that everyone is aware of what was modified in the systems, which aids in transparency and traceability.

  • What does the onboarding process involve for a new hire or a transfer in an organization?

    -The onboarding process involves providing the new hire with the employee handbook or acceptable use policies, creating new accounts for network access, assigning the correct rights and permissions, and providing necessary technology such as laptops and mobile devices.

  • Why is it crucial to create formal offboarding policies and procedures?

    -Formal offboarding policies and procedures are crucial to ensure a structured approach to handling user assets, data management, and account disabling when an employee leaves the organization.

  • What is the significance of maintaining playbooks in an organization?

    -Playbooks are significant as they define a set of steps to be followed in case of specific events, such as a data breach or ransomware attack, providing a clear and structured response plan.

  • How can a SOAR platform help in automating security processes?

    -A SOAR (Security Orchestration, Automation, and Response) platform helps by integrating many third-party products into one platform, automating connections between diverse systems, and allowing security teams to focus on more important work.

  • What does it mean to constantly monitor and revise processes and procedures in an organization?

    -Constantly monitoring and revising processes and procedures means staying updated with new technologies, updating security postures, creating additional playbooks, and ensuring that all procedures account for emerging threats.

  • What is the role of a board in the governance structure of an organization?

    -In the governance structure, a board, which may be a board of directors, sets broad objectives and tasks for a committee to follow, providing direction and approving or providing feedback on completed tasks.

  • What are the differences between centralized and decentralized governance in an organization?

    -Centralized governance involves one group making decisions for the entire organization, while decentralized governance allows decisions to be made by those closer to the tasks, such as individuals doing the particular jobs.

Outlines

00:00

🛠️ Change Management and Organizational Security Practices

This paragraph outlines the critical role of change management within an organization. It details the steps involved in the change management process, from determining the scope of changes to obtaining approval from stakeholders. The importance of a change control board is emphasized, which is responsible for analyzing, approving, and scheduling changes, as well as ensuring a backup plan is in place. The paragraph also discusses the necessity of documenting changes for transparency and reviews the onboarding and offboarding processes, highlighting the security team's role in providing new hires with necessary policies and access rights. Additionally, it touches on the creation of formal offboarding procedures to manage user assets and data upon departure. The concept of maintaining playbooks for various scenarios, such as data breaches or ransomware recovery, is introduced, emphasizing the integration of these into automated processes via a SOAR platform to streamline security operations.

05:01

🏛️ Governance Structures and Organizational Decision Making

The second paragraph delves into the governance structure of organizations, starting with the role of a board, which sets broad objectives for committees to implement. It explains the committee's function in taking direction from the board and working towards meeting set goals, which are then presented back for approval or feedback. The paragraph distinguishes between public and private sector governance, noting the public sector's focus on legal, administrative, and political issues, with an emphasis on transparency through open meetings. It also explores different governance approaches, such as centralized and decentralized models, and how they affect decision-making within an organization. The summary underscores the importance of selecting a governance model that best fits the organization's needs.

Mindmap

Keywords

💡Change Management

Change management is a set of processes and procedures to manage changes to an organization's systems. It ensures changes are made systematically to prevent downtime, confusion, and mistakes. In the script, it's highlighted that change management involves determining the scope, assessing risks, creating a formal plan, and getting approval from a change control board.

💡Change Control Board

A change control board is a group responsible for reviewing, approving, and scheduling changes within an organization. They ensure there is a backup plan and document the changes. The script mentions that this board analyzes proposed changes to minimize risks and maintain system integrity.

💡Onboarding

Onboarding is the process of integrating new hires or internal transfers into an organization. It involves providing new employees with handbooks, acceptable use policies, and creating user accounts with appropriate permissions. The script discusses the security team's role in onboarding to ensure new hires are ready to perform their job functions securely.

💡Offboarding

Offboarding is the procedure followed when an employee leaves the organization. It includes managing the return of hardware, securing data, and disabling accounts to prevent unauthorized access. The script emphasizes the importance of having formal policies to handle the assets and data of departing employees.

💡Playbooks

Playbooks are detailed guides that outline step-by-step procedures for handling specific events, such as data breaches or ransomware attacks. They help ensure a consistent and effective response. The script highlights that organizations create and update playbooks to improve efficiency and security.

💡SOAR Platform

SOAR stands for Security, Orchestration, Automation, and Response. It's a platform that integrates various security tools and automates routine tasks, allowing security teams to focus on more critical issues. The script describes how SOAR platforms streamline security operations by connecting diverse systems.

💡Governance

Governance refers to the framework of policies, procedures, and practices that guide an organization's operations. It can be centralized, with a single group making decisions, or decentralized, allowing different groups to make decisions. The script discusses governance structures in both private and public sectors, emphasizing their role in achieving organizational goals.

💡Centralized Governance

Centralized governance is a structure where decision-making authority is concentrated in a single group or entity. This approach ensures uniformity and consistency across the organization. The script contrasts it with decentralized governance, explaining its suitability for certain organizations.

💡Decentralized Governance

Decentralized governance distributes decision-making authority among various groups or individuals within an organization. This approach allows for more localized and specialized decision-making. The script describes how decentralized governance can empower those directly involved in specific tasks.

💡Emerging Threats

Emerging threats refer to new and evolving security risks that organizations must address. These threats require constant monitoring and updating of security processes and playbooks. The script emphasizes the importance of adapting to emerging threats to maintain a robust security posture.

Highlights

Change management procedures help prevent downtime, confusion, and mistakes when changes are made in an organization.

Determining the scope of changes, such as modifying a single server or multiple devices, is the first step in change management.

Assessing the risk associated with changes is crucial, especially when dealing with entire operating systems or specific applications.

A formal plan and end user approval are necessary before implementing changes.

Most organizations have a change control board to analyze, approve, and schedule changes, ensuring there is always a backup plan.

Documenting completed changes is important so everyone knows what was modified.

Onboarding involves providing new hires with employee handbooks, creating new accounts, and assigning correct rights and permissions.

Offboarding includes determining the fate of user assets and data, disabling accounts to preserve important decryption keys and data.

Organizations maintain playbooks to define steps for specific events, such as data breaches or ransomware recovery.

Integrating playbooks into a SOAR platform helps automate mundane tasks and allows security teams to focus on more critical work.

Constantly monitoring and revising processes and procedures ensures a stronger security posture and efficient playbooks.

Emerging threats require updates to playbooks, processes, and procedures to mitigate new vulnerabilities.

Governance structures often start with a board setting broad objectives for committees of subject matter experts.

Public sector governance differs from private organizations, focusing on legal, administrative, and political issues with meetings open to the public.

Governance can be centralized, with one group making decisions, or decentralized, with decisions made by those performing specific jobs.

Transcripts

play00:01

One of the most common security procedures

play00:04

for almost any organization is one

play00:06

related to change management.

play00:08

Change management assures that we

play00:10

have a set of processes and procedures each time

play00:13

a change is made to any of our systems.

play00:16

By putting in these checks and balances,

play00:18

we can help prevent downtime, confusion,

play00:20

and mistakes that come when changes are

play00:22

being made in the organization.

play00:24

With change management, there are a series

play00:26

of steps in the entire process.

play00:29

We start with the process of determining

play00:31

what the scope might be for this change.

play00:33

Are we modifying a single server?

play00:35

Are we modifying multiple devices?

play00:37

And are we updating an entire operating

play00:39

system or a single file?

play00:41

We also need to know how risky it will be to make this change.

play00:44

Are we making a change to an entire operating system

play00:47

or will this risk only affect one specific application

play00:51

running on that device?

play00:52

We will also need a formal plan for the change

play00:55

to understand exactly what part of these systems

play00:58

will be changing, and then we'll need

play01:00

to get approval from the end user

play01:02

that these changes can indeed be made.

play01:04

Most organizations will have a change control board.

play01:07

This board is responsible for analyzing all of the proposed

play01:10

changes and then approving and scheduling those changes.

play01:14

The change control board will also

play01:16

look to see that there is a backup plan.

play01:19

So if something doesn't go well during the change process,

play01:22

there's always a way to get back to where we started.

play01:24

And once that change is completed,

play01:26

we can document those changes so that everyone knows what

play01:29

was modified on those systems.

play01:31

Security teams also deal with onboarding.

play01:34

This is the process of bringing someone

play01:36

into the organization, either a new hire or a transfer

play01:40

from another department.

play01:42

During this onboarding process, the security team

play01:44

will provide the new hire with the employee handbook or a list

play01:48

of the acceptable use policies that

play01:50

will need to be signed off and approved by the new hire.

play01:53

New accounts will need to be created

play01:55

so the user can log in to the network,

play01:57

and we'll also need to make sure that the correct rights

play02:00

and permissions are associated with this particular user.

play02:03

All that's left is to give the new hire their laptop,

play02:06

mobile device, and any other technologies they'll

play02:08

need to perform their job function,

play02:10

and they are now part of the network and can log in.

play02:14

Just as we have formal policies and procedures for onboarding,

play02:18

we also need to create formal policies and procedures

play02:22

for offboarding.

play02:23

This way, we know exactly what should

play02:25

happen with all of the user's assets

play02:27

when they decide to leave the organization.

play02:29

These procedures answer questions

play02:31

such as what happens to the hardware that has been assigned

play02:34

to this user and, perhaps more importantly, what

play02:37

happens to the data that is saved on that hardware.

play02:39

It's also a good best practice to disable

play02:42

the account associated with the user in case

play02:45

there are encrypted files or anything else

play02:47

that may need to be retrieved later.

play02:49

If we were to delete these accounts,

play02:51

it's very possible that we could lose important decryption

play02:54

keys or important data that may be stored on those accounts.

play02:58

It's also very common for organizations

play03:00

to maintain a series of playbooks.

play03:03

These playbooks define a set of steps

play03:05

that should be followed in the case of a particular event.

play03:08

For example, if you need to investigate a data breach,

play03:11

there should be a playbook that describes

play03:13

exactly what should be done first, what should

play03:15

be done second, and so on.

play03:17

The same thing might apply to recover from ransomware.

play03:20

There should be a separate playbook for that, as well.

play03:23

There are obviously, then, a large number of playbooks

play03:26

that would be created providing that step-by-step overview

play03:29

of exactly what to do and when to do it.

play03:32

Once we create this series of steps,

play03:35

we can also integrate them into more of an automated process.

play03:39

This is often integrated into a SOAR platform.

play03:42

That stands for Security, Orchestration, Automation,

play03:44

and Response.

play03:46

This SOAR platform allows us to integrate

play03:48

many third-party products into one single platform

play03:51

and be able to automate connections between all

play03:54

of those very diverse systems.

play03:56

This means we can automate some of the more mundane tasks

play03:59

and have the security teams concentrate on doing much more

play04:02

important work.

play04:04

Technology never stops integrating.

play04:06

There are always new technologies and new processes

play04:09

that we need to integrate into our environments.

play04:12

That's why we need to constantly monitor

play04:14

and in some cases revise the processes and procedures

play04:17

that we use on a daily basis.

play04:20

For example, we may need to update and create

play04:22

a stronger security posture.

play04:24

That means that we would need to tighten our change control

play04:27

process.

play04:28

We may need to create additional playbooks.

play04:30

There may be an acquisition of additional technologies

play04:33

required and anything else that can

play04:35

help us make our environment even more secure.

play04:38

We might also want to look through our existing playbooks

play04:41

and see if there's opportunities to make those playbooks more

play04:44

efficient or more secure.

play04:46

We might also want to create new playbooks

play04:48

if we happen to have installed new technologies

play04:50

into our infrastructure.

play04:52

We also have to keep an eye on any emerging threats.

play04:55

Attackers are always finding new ways to get into systems

play04:58

or take advantage of vulnerabilities,

play05:01

and we need to make sure that our playbooks, our processes,

play05:03

and all of our procedures take into account these new emerging

play05:07

threats.

play05:09

The governance structure for many organizations

play05:11

starts with a board.

play05:12

Sometimes this is a board of directors.

play05:15

It's a panel of specialists that set

play05:17

the tasks or the series of requirements

play05:19

for a committee to follow.

play05:21

These are usually very broad objectives,

play05:23

and it's left up to the committee

play05:25

to determine the best way to implement those objectives.

play05:28

Committees usually exist of subject matter experts

play05:31

and may include a member of the board as part of the committee.

play05:34

The committee will take direction

play05:36

from the board at what task needs to be accomplished,

play05:39

and then they'll work on putting the next steps together

play05:42

to meet those particular goals.

play05:44

Once that task has been completed,

play05:45

it can be presented to the board for approval

play05:48

or to have the board provide additional feedback or changes.

play05:52

If you're working in the public sector, which

play05:54

would be a government organization,

play05:56

then there are a different set of policies and procedures.

play05:59

Many of the concerns associated with a governmental agency

play06:03

would be around legal issues, administrative requirements,

play06:06

and, in many cases, political issues.

play06:08

The presentation and scope of this information

play06:11

is also very different than a private organization.

play06:14

Since a governmental agency is working for the people,

play06:17

all of these meetings tend to be open to the public.

play06:19

And for both public and private organizations,

play06:22

there are different ways to approach governance.

play06:25

One is through a centralized form,

play06:27

and the other would be decentralized.

play06:30

With centralized governance, there

play06:31

tends to be one group that handles the decisions

play06:34

for the entire organization.

play06:36

With decentralized governance, those decisions

play06:39

can be made by others, specifically those who may even

play06:42

be doing those particular jobs.

play06:44

There's no right or wrong way to present

play06:46

this type of governance, but it needs

play06:48

to be one that works best for that particular organization.

Browse More Related Video

Security Policies - CompTIA Security+ SY0-701 - 5.1

Incident Planning - CompTIA Security+ SY0-701 - 4.8

Security Standards - CompTIA Security+ SY0-701 - 5.1

PAD253 T11

Third-party Risk Assessment - CompTIA Security+ SY0-701 - 5.3

Como descomplicar seu processo de não conformidades com o Qualiex

Rate This

5.0 / 5 (0 votes)

Summary
Outlines
Mindmap
Keywords
Highlights
Transcripts
Related Tags
Change ManagementSecurity ProceduresRisk AssessmentOnboarding ProcessOffboarding PoliciesPlaybooksSOAR PlatformAutomationGovernanceCompliance