title
Free CISSP Training Video | CISSP Tutorial Online Part 1
description
🔥Post Graduate Program In Cyber Security: https://www.simplilearn.com/pgp-cyber-security-certification-training-course?utm_campaign=CCSP-JWqd_qaR81g&utm_medium=Descriptionff&utm_source=youtube
🔥IIIT Bangalore Advanced Executive Program In Cybersecurity (India Only): https://www.simplilearn.com/pgp-advanced-executive-program-in-cyber-security?utm_campaign=SCE-IIITBangaloreCS&utm_medium=DescriptionFF&utm_source=youtube
🔥Cyber Security Masters Program (Discount Code - YTBE15): https://www.simplilearn.com/cyber-security-expert-master-program-training-course?utm_campaign=SCE-MasterCS&utm_medium=DescriptionFF&utm_source=youtube
Certified information systems security professional
this is an introduction video of CISSP Offered by simplilearn.com
and this video is consists of two lessons where it begins from the introduction of CISSP and its objectives that it defines CISSP, explains about (ISC)², benefits of CISSP, CISSP Certification requirements, and describes CISSP exam.
CISSP Certification Training: https://www.simplilearn.com/cyber-security/cissp-certification-training?utm_campaign=Free-CISSP-Training-Video-CISSP-Tutorial-Online-Part-1-JWqd_qaR81g&utm_medium=SC&utm_source=youtube
🔥IIIT Bangalore Advanced Executive Program In Cybersecurity (India Only): https://www.simplilearn.com/pgp-advanced-executive-program-in-cyber-security?utm_campaign=SCE-IIITBangaloreCS&utm_medium=DescriptionFF&utm_source=youtube
🔥Cyber Security Masters Program (Discount Code - YTBE15): https://www.simplilearn.com/cyber-security-expert-master-program-training-course?utm_campaign=SCE-MasterCS&utm_medium=DescriptionFF&utm_source=youtube
#cissptrainingvideos2017 #cissp #cissptraining #cisspcertification #cissptrainingvideos #cissptutorial
🔥 Enroll for FREE CISSP Course & Get your Completion Certificate: https://www.simplilearn.com/learn-cloud-security-basics-skillup?utm_campaign=CCSP&utm_medium=Description&utm_source=youtube
🔥IIIT Bangalore Advanced Executive Program In Cybersecurity (India Only): https://www.simplilearn.com/pgp-advanced-executive-program-in-cyber-security?utm_campaign=SCE-IIITBangaloreCS&utm_medium=DescriptionFF&utm_source=youtube
🔥Cyber Security Masters Program (Discount Code - YTBE15): https://www.simplilearn.com/cyber-security-expert-master-program-training-course?utm_campaign=SCE-MasterCS&utm_medium=DescriptionFF&utm_source=youtube
➡️ About Post Graduate Program In Cyber Security
This Post Graduate Program in Cyber Security will help you learn comprehensive approaches to protecting your infrastructure and securing data, including risk analysis, mitigation, and compliance. You will get foundational to advanced skills through industry-leading cyber security certification courses that are part of the program.
âś… Key Features
- Simplilearn Post Graduate Certificate
- Masterclasses from MIT Faculty
- Featuring Modules from MIT SCC and EC-Council
- 8X higher interaction in live online classes conducted by industry experts
- Simplilearn's JobAssist helps you get noticed by top hiring companies
- Industry case studies in cyber security
- Access to CEH Pro Version
- 25+ hands-on projects
- Capstone project in 3 domains
- MIT CSAIL Professional Programs Community
âś… Skills Covered
- Advanced Hacking Concepts
- Network Packet Analysis
- Ethical Hacking
- IDS Firewalls and Honeypots
- Security and Risk Management
- Network Security
- Software Development Security
- Cryptography OSI and TCPIP Models
- Identity and Access Management
- Security Assessment and Testing
- Trojans Backdoors and Countermeasures
- Mobile and Web Technologies
👉 Learn More at: https://www.simplilearn.com/pgp-cyber-security-certification-training-course?utm_campaign=CCSP-JWqd_qaR81g&utm_medium=Description&utm_source=youtube
🔥IIIT Bangalore Advanced Executive Program In Cybersecurity (India Only): https://www.simplilearn.com/pgp-advanced-executive-program-in-cyber-security?utm_campaign=SCE-IIITBangaloreCS&utm_medium=DescriptionFF&utm_source=youtube
🔥Cyber Security Masters Program (Discount Code - YTBE15): https://www.simplilearn.com/cyber-security-expert-master-program-training-course?utm_campaign=SCE-MasterCS&utm_medium=DescriptionFF&utm_source=youtube
🔥🔥 Interested in Attending Live Classes? Call Us: IN - 18002127688 / US - +18445327688
detail
{'title': 'Free CISSP Training Video | CISSP Tutorial Online Part 1', 'heatmap': [{'end': 1218.839, 'start': 1111.602, 'weight': 0.782}, {'end': 1371.878, 'start': 1310.84, 'weight': 0.73}, {'end': 1473.496, 'start': 1409.65, 'weight': 0.73}, {'end': 1614.277, 'start': 1497.56, 'weight': 0.797}, {'end': 1950.429, 'start': 1844.406, 'weight': 1}, {'end': 3074.118, 'start': 3013.792, 'weight': 0.704}], 'summary': 'This free cissp training video covers cissp certification, including its governance, curriculum, and significance, benefits such as a 25% increase in earnings, exam requirements with 250 multiple choice questions, information security governance, risk management, cia principles, information risk management process, qualitative risk analysis techniques, and security measures including awareness training and management support.', 'chapters': [{'end': 496.819, 'segs': [{'end': 62.57, 'src': 'embed', 'start': 27.526, 'weight': 0, 'content': [{'end': 31.707, 'text': 'management and or controls that assure the security of business environments.', 'start': 27.526, 'duration': 4.181}, {'end': 42.869, 'text': 'CISSP was the first credential in the field of information to meet the stringent requirements of ISO IEC standard 17024.', 'start': 32.787, 'duration': 10.082}, {'end': 48.49, 'text': 'CISSP is an objective measure of excellence and a globally recognized standard of achievement.', 'start': 42.869, 'duration': 5.621}, {'end': 62.57, 'text': 'In June 2004, the CISSP became the first information security credential accredited by ANSI ISO IEC standard 17024-2003 accreditation.', 'start': 49.426, 'duration': 13.144}], 'summary': 'Cissp is the first infosec credential meeting iso iec 17024 standard, globally recognized.', 'duration': 35.044, 'max_score': 27.526, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/JWqd_qaR81g/pics/JWqd_qaR81g27526.jpg'}, {'end': 161.667, 'src': 'embed', 'start': 133.649, 'weight': 2, 'content': [{'end': 141.035, 'text': 'The CISSP is governed by the International Information Systems Security Certification Consortium, or ISC Square.', 'start': 133.649, 'duration': 7.386}, {'end': 147.66, 'text': 'The CISSP curriculum covers subject matter in a variety of information security topics.', 'start': 142.116, 'duration': 5.544}, {'end': 153.985, 'text': 'The CISSP examination is based on the Common Body of Knowledge, or CBK.', 'start': 149.362, 'duration': 4.623}, {'end': 161.667, 'text': 'The CVK is Taxonomy, a collection of topics relevant to information security professionals around the world.', 'start': 155.202, 'duration': 6.465}], 'summary': 'Cissp certification covers a wide range of infosec topics based on the cbk.', 'duration': 28.018, 'max_score': 133.649, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/JWqd_qaR81g/pics/JWqd_qaR81g133649.jpg'}, {'end': 279.416, 'src': 'embed', 'start': 201.05, 'weight': 1, 'content': [{'end': 214.62, 'text': 'ISC Square is comprised of a global team of top information security professionals and managed by professional staff who work together with regional and topical advisory boards to tackle any and all new information security issues with zeal.', 'start': 201.05, 'duration': 13.57}, {'end': 224.708, 'text': 'ISC Square develops and maintains the ISC Square CBK, or the Common Body of Knowledge, a compendium of information security topics.', 'start': 215.841, 'duration': 8.867}, {'end': 229.632, 'text': 'Let us look at the various domains in CISSP in the next screen.', 'start': 225.569, 'duration': 4.063}, {'end': 239.801, 'text': 'The CISSP domains are drawn from various information security topics within the ISE Square Common Body of Knowledge, or CBK.', 'start': 231.738, 'duration': 8.063}, {'end': 246.063, 'text': 'It is updated annually, which reflects the up-to-date best practices worldwide in the domains.', 'start': 240.521, 'duration': 5.542}, {'end': 251.405, 'text': 'The CISSP CBK consists of the following 10 domains.', 'start': 247.263, 'duration': 4.142}, {'end': 254.826, 'text': 'Information Security Governance and Risk Management.', 'start': 252.425, 'duration': 2.401}, {'end': 260.466, 'text': 'access control, telecommunications and network security.', 'start': 255.743, 'duration': 4.723}, {'end': 263.347, 'text': 'security architecture and design.', 'start': 260.466, 'duration': 2.881}, {'end': 266.469, 'text': 'physical or environmental security.', 'start': 263.347, 'duration': 3.122}, {'end': 267.469, 'text': 'software development.', 'start': 266.469, 'duration': 1}, {'end': 270.511, 'text': 'security cryptography.', 'start': 267.469, 'duration': 3.042}, {'end': 279.416, 'text': 'business continuity and disaster recovery planning, legal regulations, investigations and compliance and operations security.', 'start': 270.511, 'duration': 8.905}], 'summary': 'Isc square manages the isc square cbk, updated annually, covering 10 domains of information security.', 'duration': 78.366, 'max_score': 201.05, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/JWqd_qaR81g/pics/JWqd_qaR81g201050.jpg'}, {'end': 394.263, 'src': 'embed', 'start': 331.274, 'weight': 6, 'content': [{'end': 337.28, 'text': 'Telecommunications and Network Security discusses network structures, transmission methods,', 'start': 331.274, 'duration': 6.006}, {'end': 343.546, 'text': 'transport formats and security measures used to provide availability, integrity and confidentiality.', 'start': 337.28, 'duration': 6.266}, {'end': 351.734, 'text': 'It covers network architecture and design, communication channels, network components and network attacks.', 'start': 344.467, 'duration': 7.267}, {'end': 361.602, 'text': 'Security Architecture and Design contains the concepts, principles, structures and standards used to design, implement,', 'start': 353.479, 'duration': 8.123}, {'end': 371.205, 'text': 'monitor and secure operating systems, equipment, networks, applications and those controls used to enforce various levels of confidentiality,', 'start': 361.602, 'duration': 9.603}, {'end': 372.886, 'text': 'integrity and availability.', 'start': 371.205, 'duration': 1.681}, {'end': 382.089, 'text': 'It covers fundamental concepts of security models, capabilities of information systems, countermeasure principles, and vulnerabilities and threats.', 'start': 373.926, 'duration': 8.163}, {'end': 387.321, 'text': 'Physical or environmental security addresses the threats,', 'start': 383.78, 'duration': 3.541}, {'end': 394.263, 'text': "vulnerabilities and countermeasures that can be utilized to protect the enterprise's resources and sensitive information physically.", 'start': 387.321, 'duration': 6.942}], 'summary': 'Telecom and network security covers network structures, transmission methods, and security measures, while security architecture and design encompasses concepts for designing and securing operating systems, networks, and applications.', 'duration': 62.989, 'max_score': 331.274, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/JWqd_qaR81g/pics/JWqd_qaR81g331274.jpg'}, {'end': 440.321, 'src': 'embed', 'start': 412.391, 'weight': 5, 'content': [{'end': 420.721, 'text': 'It covers systems development lifecycle or SDLC, application environment and security controls, and effectiveness of application security.', 'start': 412.391, 'duration': 8.33}, {'end': 429.896, 'text': 'Cryptography is the principles, means, and methods of disguising information to ensure its integrity, confidentiality, and authenticity.', 'start': 422.093, 'duration': 7.803}, {'end': 440.321, 'text': 'It covers encryption concepts, digital signatures, cryptanalytic attacks, public key infrastructure or PKI, and information hiding alternatives.', 'start': 430.757, 'duration': 9.564}], 'summary': 'Overview of sdlc, application security, and cryptography including encryption concepts, digital signatures, and pki.', 'duration': 27.93, 'max_score': 412.391, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/JWqd_qaR81g/pics/JWqd_qaR81g412391.jpg'}], 'start': 1.564, 'title': 'Cissp certification and it security fundamentals', 'summary': 'Provides an overview of the cissp certification and its governance, curriculum, and significance, including details on isc2 and the 10 domains of cissp. it also covers fundamental concepts of risk management, access control, network security, and more.', 'chapters': [{'end': 302.993, 'start': 1.564, 'title': 'Cissp certification overview', 'summary': 'Provides an overview of the cissp certification, including its governance, curriculum, and significance as the first information security certification to meet iso iec standard 17024, along with details on isc2 and the 10 domains of cissp. the isc square is a global not-for-profit leader in educating and certifying information security professionals with a team of top information security professionals and managed by professional staff, and the cissp cbk consists of 10 domains covering various information security topics within the cbk, updated annually.', 'duration': 301.429, 'highlights': ['The CISSP is the first certification in information security which is globally recognized and is an objective measure of excellence, meeting the stringent requirements of ISO IEC standard 17024.', 'The International Information Systems Security Certification Consortium, ISC Square, is a global not-for-profit leader in educating and certifying information security professionals, with a team of top information security professionals and managed by professional staff.', 'The CISSP Common Body of Knowledge (CBK) consists of 10 domains covering various information security topics within the CBK, updated annually, reflecting the up-to-date best practices worldwide in the domains.', 'The CISSP certification covers subject matter in a variety of information security topics and is a globally recognized standard of achievement, governed by the International Information Systems Security Certification Consortium, ISC Square.', 'The CISSP curriculum includes 10 domains: Information Security Governance and Risk Management, Access Control, Telecommunications and Network Security, Security Architecture and Design, Physical or Environmental Security, Software Development Security, Cryptography, Business Continuity and Disaster Recovery Planning, Legal Regulations, Investigations, and Compliance, and Operations Security.']}, {'end': 496.819, 'start': 302.993, 'title': 'It security fundamentals', 'summary': 'Covers the fundamental concepts of risk management, access control, network security, security architecture and design, physical security, software development security, cryptography, business continuity and disaster recovery planning, legal regulations, investigations, and compliance, and operation security.', 'duration': 193.826, 'highlights': ['The chapter covers the fundamental concepts of risk management, access control, network security, security architecture and design, physical security, software development security, cryptography, business continuity and disaster recovery planning, legal regulations, investigations, and compliance, and operation security.', "Physical or environmental security addresses the threats, vulnerabilities and countermeasures that can be utilized to protect the enterprise's resources and sensitive information physically.", 'Telecommunications and Network Security discusses network structures, transmission methods, transport formats and security measures used to provide availability, integrity and confidentiality.', 'Security Architecture and Design contains the concepts, principles, structures and standards used to design, implement, monitor and secure operating systems, equipment, networks, applications and those controls used to enforce various levels of confidentiality, integrity and availability.', 'Cryptography is the principles, means, and methods of disguising information to ensure its integrity, confidentiality, and authenticity.']}], 'duration': 495.255, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/JWqd_qaR81g/pics/JWqd_qaR81g1564.jpg', 'highlights': ['The CISSP is the first certification in information security which is globally recognized and is an objective measure of excellence, meeting the stringent requirements of ISO IEC standard 17024.', 'The CISSP Common Body of Knowledge (CBK) consists of 10 domains covering various information security topics within the CBK, updated annually, reflecting the up-to-date best practices worldwide in the domains.', 'The CISSP certification covers subject matter in a variety of information security topics and is a globally recognized standard of achievement, governed by the International Information Systems Security Certification Consortium, ISC Square.', 'The International Information Systems Security Certification Consortium, ISC Square, is a global not-for-profit leader in educating and certifying information security professionals, with a team of top information security professionals and managed by professional staff.', 'The CISSP curriculum includes 10 domains: Information Security Governance and Risk Management, Access Control, Telecommunications and Network Security, Security Architecture and Design, Physical or Environmental Security, Software Development Security, Cryptography, Business Continuity and Disaster Recovery Planning, Legal Regulations, Investigations, and Compliance, and Operations Security.', 'Cryptography is the principles, means, and methods of disguising information to ensure its integrity, confidentiality, and authenticity.', 'Security Architecture and Design contains the concepts, principles, structures and standards used to design, implement, monitor and secure operating systems, equipment, networks, applications and those controls used to enforce various levels of confidentiality, integrity and availability.', 'Telecommunications and Network Security discusses network structures, transmission methods, transport formats and security measures used to provide availability, integrity and confidentiality.', "Physical or environmental security addresses the threats, vulnerabilities and countermeasures that can be utilized to protect the enterprise's resources and sensitive information physically.", 'The chapter covers the fundamental concepts of risk management, access control, network security, security architecture and design, physical security, software development security, cryptography, business continuity and disaster recovery planning, legal regulations, investigations, and compliance, and operation security.']}, {'end': 1054.3, 'segs': [{'end': 550.441, 'src': 'embed', 'start': 524.022, 'weight': 0, 'content': [{'end': 529.447, 'text': 'CISSP offers a career differentiator with enhanced credibility and marketability.', 'start': 524.022, 'duration': 5.425}, {'end': 539.133, 'text': 'CISSP provides the exclusive benefits of valuable resources such as peer networking and idea exchange for ISC Square members.', 'start': 530.808, 'duration': 8.325}, {'end': 550.441, 'text': 'CISSP indicates that certified information security professionals earn a worldwide average of 25% more than their non-certified counterparts,', 'start': 540.835, 'duration': 9.606}], 'summary': 'Cissp certification offers 25% higher average earnings and valuable resources for information security professionals.', 'duration': 26.419, 'max_score': 524.022, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/JWqd_qaR81g/pics/JWqd_qaR81g524022.jpg'}, {'end': 627.208, 'src': 'embed', 'start': 577.165, 'weight': 1, 'content': [{'end': 583.611, 'text': 'CISSP improves the credibility and value of the employees in the organization to a higher rank,', 'start': 577.165, 'duration': 6.446}, {'end': 587.074, 'text': 'as the ISC2 certifications are recognized internationally.', 'start': 583.611, 'duration': 3.463}, {'end': 593.912, 'text': 'It offers an increased credibility and goodwill for the organization when working with vendors and contractors.', 'start': 588.01, 'duration': 5.902}, {'end': 603.076, 'text': 'CISSP empowers the employees with a universal language, circumventing ambiguity with industry accepted terms and practices.', 'start': 595.053, 'duration': 8.023}, {'end': 608.858, 'text': "It validates the organization's commitment and years of experience gained in the industry.", 'start': 604.596, 'duration': 4.262}, {'end': 618.04, 'text': 'It requires the Continuing Professional Education, or CPE, credits to ensure that CISSP professionals improve their skills.', 'start': 610.273, 'duration': 7.767}, {'end': 627.208, 'text': 'CISSP certifies certification mandate requirements of the organization when dealing with service providers or subcontractors.', 'start': 619.661, 'duration': 7.547}], 'summary': 'Cissp certification adds credibility, value, and universal language to employees, requiring cpe credits for skill improvement.', 'duration': 50.043, 'max_score': 577.165, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/JWqd_qaR81g/pics/JWqd_qaR81g577165.jpg'}, {'end': 681.458, 'src': 'embed', 'start': 657.915, 'weight': 4, 'content': [{'end': 667.364, 'text': 'Five years of direct full-time professional security work experience in two or more of the ten domains of the ISC-Square Common Body of Knowledge or CBK.', 'start': 657.915, 'duration': 9.449}, {'end': 676.313, 'text': 'Four years of direct full-time professional security work experience in two or more of the ten domains of the CISSP-CBK,', 'start': 668.525, 'duration': 7.788}, {'end': 681.458, 'text': 'with the four-year college degree or additional credential from the ISC-Square approved list.', 'start': 676.313, 'duration': 5.145}], 'summary': 'Five years of security work experience in two isc-square cbk domains, or four years with cissp-cbk and a college degree.', 'duration': 23.543, 'max_score': 657.915, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/JWqd_qaR81g/pics/JWqd_qaR81g657915.jpg'}, {'end': 798.445, 'src': 'embed', 'start': 768.663, 'weight': 3, 'content': [{'end': 774.248, 'text': 'please refer to the Endorsement Assistance Guidelines for additional information about the endorsement requirements.', 'start': 768.663, 'duration': 5.585}, {'end': 778.112, 'text': 'Maintain the CISSP certification.', 'start': 775.69, 'duration': 2.422}, {'end': 782.076, 'text': 'Recertification is required every three years.', 'start': 779.673, 'duration': 2.403}, {'end': 787.801, 'text': 'Recertification is accomplished through Continuing Professional Education, or CPE.', 'start': 783.417, 'duration': 4.384}, {'end': 791.805, 'text': 'A total of 120 credits is required every three years.', 'start': 788.341, 'duration': 3.464}, {'end': 798.445, 'text': 'A minimum of 20 CPEs must be posted during each year of the three-year certification cycle.', 'start': 793.041, 'duration': 5.404}], 'summary': 'Maintain cissp certification through 120 cpes every 3 years.', 'duration': 29.782, 'max_score': 768.663, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/JWqd_qaR81g/pics/JWqd_qaR81g768663.jpg'}, {'end': 850.344, 'src': 'embed', 'start': 821.607, 'weight': 5, 'content': [{'end': 828.996, 'text': 'Under the following circumstances and with appropriate documentation, candidates are eligible to waive one year of professional experience.', 'start': 821.607, 'duration': 7.389}, {'end': 834.743, 'text': "One year waiver of the professional experience requirement based on a candidate's education.", 'start': 830.478, 'duration': 4.265}, {'end': 841.591, 'text': 'Candidates can substitute a maximum of one year of direct full-time security professional work experience.', 'start': 836.124, 'duration': 5.467}, {'end': 850.344, 'text': 'The substitution is possible only if the candidate have a four-year college degree or advanced degree in information security from the U.S..', 'start': 842.557, 'duration': 7.787}], 'summary': 'Candidates can waive one year of experience based on education, with a maximum substitution of one year for security work experience, if holding a relevant us degree.', 'duration': 28.737, 'max_score': 821.607, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/JWqd_qaR81g/pics/JWqd_qaR81g821607.jpg'}, {'end': 959.003, 'src': 'embed', 'start': 912.719, 'weight': 6, 'content': [{'end': 913.72, 'text': 'Examination format.', 'start': 912.719, 'duration': 1.001}, {'end': 922.103, 'text': 'The CISSP examination consists of 250 multiple choice questions with four choices each.', 'start': 914.44, 'duration': 7.663}, {'end': 926.605, 'text': '225 questions are graded, 25 are not, for research purpose.', 'start': 922.803, 'duration': 3.802}, {'end': 933.308, 'text': 'There may be scenario-based questions, which may have more than one multiple choice question associated with it.', 'start': 927.585, 'duration': 5.723}, {'end': 937.367, 'text': 'These questions will be specifically identified in the test booklet.', 'start': 934.284, 'duration': 3.083}, {'end': 943.272, 'text': 'Each of these exams contain 25 questions which are included for research purposes only.', 'start': 938.308, 'duration': 4.964}, {'end': 946.655, 'text': 'The research questions are not specifically identified.', 'start': 944.133, 'duration': 2.522}, {'end': 951.58, 'text': 'There is no penalty for guessing, so candidates should not leave any item unanswered.', 'start': 947.276, 'duration': 4.304}, {'end': 959.003, 'text': 'Examination Duration The maximum duration of the CISSP exam is 6 hours.', 'start': 952.901, 'duration': 6.102}], 'summary': 'Cissp exam: 250 multiple-choice qs, 225 graded, max 6hrs', 'duration': 46.284, 'max_score': 912.719, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/JWqd_qaR81g/pics/JWqd_qaR81g912719.jpg'}], 'start': 497.94, 'title': 'Cissp certification', 'summary': 'Discusses the benefits of cissp certification, such as a 25% average increase in earnings, enhanced credibility, and marketability, and outlines the exam requirements, including eligibility criteria for a one-year waiver of professional experience, exam format with 250 multiple choice questions, and retake policies with waiting periods of 30, 90, and 180 days after unsuccessful attempts.', 'chapters': [{'end': 820.32, 'start': 497.94, 'title': 'Benefits of cissp certification', 'summary': 'Discusses the benefits of cissp certification for professionals and employers, including a 25% average increase in earnings, enhanced credibility, and marketability, and the commitment and years of experience gained in the industry, as well as the certification mandate requirements.', 'duration': 322.38, 'highlights': ['CISSP indicates that certified information security professionals earn a worldwide average of 25% more than their non-certified counterparts, according to the Global Information Security Workforce Study. CISSP certification leads to a 25% average increase in earnings for certified information security professionals.', "CISSP offers an increased credibility and goodwill for the organization when working with vendors and contractors. CISSP enhances the organization's credibility and goodwill when collaborating with vendors and contractors.", "It validates the organization's commitment and years of experience gained in the industry. CISSP certification validates the commitment and years of experience gained by professionals in the industry.", 'A total of 120 credits is required every three years. A minimum of 20 CPEs must be posted during each year of the three-year certification cycle. CISSP certification requires professionals to obtain 120 credits every three years, with a minimum of 20 CPEs annually.', 'Five years of direct full-time professional security work experience in two or more of the ten domains of the ISC-Square Common Body of Knowledge or CBK. Professionals need five years of direct full-time security work experience in two or more of the ten domains to qualify for CISSP certification.']}, {'end': 1054.3, 'start': 821.607, 'title': 'Cissp examination requirements', 'summary': 'Outlines the eligibility criteria for a one-year waiver of professional experience based on education, the format of the cissp examination consisting of 250 multiple choice questions, and the policy for retaking the exam, including waiting periods of 30, 90, and 180 days after unsuccessful attempts.', 'duration': 232.693, 'highlights': ['Candidates can substitute a maximum of one year of direct full-time security professional work experience if they have a four-year college degree or advanced degree in information security from the U.S. National Center of Academic Excellence in Information Security or regional equivalent. This highlights the eligibility criteria for a one-year waiver of professional experience based on education, emphasizing the option to substitute work experience with a qualifying degree.', 'The CISSP examination consists of 250 multiple choice questions with four choices each, with 225 questions graded and 25 included for research purposes. This detail provides the format of the CISSP examination, specifying the number of questions, grading criteria, and the inclusion of research-based questions.', "Policy for retaking the exam via CBT after an unsuccessful attempt includes waiting periods of 30, 90, and 180 days from the date of the candidate's previous attempts. This highlight outlines the specific waiting periods for retaking the CISSP exam after unsuccessful attempts, guiding candidates on the timeline for reattempting the exam."]}], 'duration': 556.36, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/JWqd_qaR81g/pics/JWqd_qaR81g497940.jpg', 'highlights': ['CISSP certification leads to a 25% average increase in earnings for certified information security professionals.', "CISSP enhances the organization's credibility and goodwill when collaborating with vendors and contractors.", 'CISSP certification validates the commitment and years of experience gained by professionals in the industry.', 'CISSP certification requires professionals to obtain 120 credits every three years, with a minimum of 20 CPEs annually.', 'Professionals need five years of direct full-time security work experience in two or more of the ten domains to qualify for CISSP certification.', 'This highlights the eligibility criteria for a one-year waiver of professional experience based on education, emphasizing the option to substitute work experience with a qualifying degree.', 'This detail provides the format of the CISSP examination, specifying the number of questions, grading criteria, and the inclusion of research-based questions.', 'This highlight outlines the specific waiting periods for retaking the CISSP exam after unsuccessful attempts, guiding candidates on the timeline for reattempting the exam.']}, {'end': 1381.505, 'segs': [{'end': 1081.845, 'src': 'embed', 'start': 1055.26, 'weight': 0, 'content': [{'end': 1061.021, 'text': 'The exam fee is US$599 for both paper-based test and computer-based test.', 'start': 1055.26, 'duration': 5.761}, {'end': 1063.342, 'text': 'Examination type.', 'start': 1062.502, 'duration': 0.84}, {'end': 1072.023, 'text': 'From September 1, 2012, ISC Square offers only computer-based testing, or CBT, for all of its certification exams.', 'start': 1064.222, 'duration': 7.801}, {'end': 1081.845, 'text': 'For candidates located in areas outside of a 75-mile radius from an approved testing center, a case-by-case basis paper-based exam is offered.', 'start': 1072.883, 'duration': 8.962}], 'summary': 'Isc square exam fee is us$599 for both paper-based and computer-based tests, with cbt being the only option since september 1, 2012.', 'duration': 26.585, 'max_score': 1055.26, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/JWqd_qaR81g/pics/JWqd_qaR81g1055260.jpg'}, {'end': 1218.839, 'src': 'heatmap', 'start': 1101.476, 'weight': 1, 'content': [{'end': 1110.622, 'text': 'documentation and implementation of policies, standards, procedures and guidelines that ensure confidentiality, integrity and availability.', 'start': 1101.476, 'duration': 9.146}, {'end': 1120.705, 'text': 'Information Security Governance and Risk Management is one of the ten domains of the Common Body of Knowledge for the CISSP Certification Exam.', 'start': 1111.602, 'duration': 9.103}, {'end': 1124.446, 'text': 'This domain focuses on risk analysis and mitigation.', 'start': 1121.445, 'duration': 3.001}, {'end': 1132.409, 'text': 'It also details security governance or the organizational structure required for a successful information security program.', 'start': 1125.086, 'duration': 7.323}, {'end': 1136.33, 'text': 'The objectives of this domain will be listed in the following screen.', 'start': 1132.989, 'duration': 3.341}, {'end': 1145.111, 'text': 'After completing this domain, you will be able to recognize the importance of information security management.', 'start': 1138.368, 'duration': 6.743}, {'end': 1152.854, 'text': 'recognize the importance of confidentiality, integrity and availability, which are the foundation for information security.', 'start': 1145.111, 'duration': 7.743}, {'end': 1156.175, 'text': 'list the types of information classification.', 'start': 1152.854, 'duration': 3.321}, {'end': 1159.797, 'text': 'describe security policy implementation.', 'start': 1156.175, 'duration': 3.622}, {'end': 1163.678, 'text': 'describe information risk analysis and risk management.', 'start': 1159.797, 'duration': 3.881}, {'end': 1167.94, 'text': 'define the process of managing personnel security and managing security functions.', 'start': 1163.678, 'duration': 4.262}, {'end': 1175.03, 'text': 'Kevin Butler is a security administrator in the Network Firewalls Division at Nutri Worldwide Inc.', 'start': 1169.465, 'duration': 5.565}, {'end': 1178.393, 'text': 'He is preparing for his CISSP exam.', 'start': 1175.811, 'duration': 2.582}, {'end': 1184.318, 'text': 'He started his preparation by reading a historical case of a competitor of Nutri Worldwide Inc.', 'start': 1179.274, 'duration': 5.044}, {'end': 1189.723, 'text': 'This competitor company had failed to understand the importance of information security.', 'start': 1185.179, 'duration': 4.544}, {'end': 1195.392, 'text': 'The company had planned their business continuity strategy without continuous involvement of IT.', 'start': 1190.629, 'duration': 4.763}, {'end': 1200.495, 'text': 'Only the IT security inputs were taken without the team playing an active role.', 'start': 1196.252, 'duration': 4.243}, {'end': 1206.578, 'text': 'The business continuity planning, or BCP, was weak in the areas of IT security.', 'start': 1201.455, 'duration': 5.123}, {'end': 1211.441, 'text': 'When the headquarters was hit by a tornado, there was a huge information leak,', 'start': 1207.099, 'duration': 4.342}, {'end': 1215.864, 'text': 'since data protection measures at the time of a natural disaster were not well planned for.', 'start': 1211.441, 'duration': 4.423}, {'end': 1218.839, 'text': 'The IT tried their best to prevent this.', 'start': 1216.877, 'duration': 1.962}], 'summary': 'Information security governance focuses on risk analysis, governance structure, and cissp certification exam preparation.', 'duration': 22.97, 'max_score': 1101.476, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/JWqd_qaR81g/pics/JWqd_qaR81g1101476.jpg'}, {'end': 1218.839, 'src': 'embed', 'start': 1190.629, 'weight': 3, 'content': [{'end': 1195.392, 'text': 'The company had planned their business continuity strategy without continuous involvement of IT.', 'start': 1190.629, 'duration': 4.763}, {'end': 1200.495, 'text': 'Only the IT security inputs were taken without the team playing an active role.', 'start': 1196.252, 'duration': 4.243}, {'end': 1206.578, 'text': 'The business continuity planning, or BCP, was weak in the areas of IT security.', 'start': 1201.455, 'duration': 5.123}, {'end': 1211.441, 'text': 'When the headquarters was hit by a tornado, there was a huge information leak,', 'start': 1207.099, 'duration': 4.342}, {'end': 1215.864, 'text': 'since data protection measures at the time of a natural disaster were not well planned for.', 'start': 1211.441, 'duration': 4.423}, {'end': 1218.839, 'text': 'The IT tried their best to prevent this.', 'start': 1216.877, 'duration': 1.962}], 'summary': 'Bcp lacked it involvement, causing data leak during tornado; it acted to prevent it.', 'duration': 28.21, 'max_score': 1190.629, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/JWqd_qaR81g/pics/JWqd_qaR81g1190629.jpg'}, {'end': 1378.183, 'src': 'heatmap', 'start': 1298.45, 'weight': 2, 'content': [{'end': 1305.113, 'text': 'it becomes easier to align information security to organizational goals and protect organizational assets.', 'start': 1298.45, 'duration': 6.663}, {'end': 1310.84, 'text': 'Information security can be aligned with organizational goals,', 'start': 1307.358, 'duration': 3.482}, {'end': 1317.482, 'text': 'mission and objectives by reducing the risk posed by information security threats and with senior management support.', 'start': 1310.84, 'duration': 6.642}, {'end': 1320.984, 'text': 'As a security professional in an organization,', 'start': 1318.523, 'duration': 2.461}, {'end': 1326.226, 'text': 'you will be directly responsible for minimizing and managing risk through appropriate activities and controls.', 'start': 1320.984, 'duration': 5.242}, {'end': 1334.15, 'text': "You must have a thorough knowledge of the organization's IT assets as well as its goals, mission, and objectives.", 'start': 1327.767, 'duration': 6.383}, {'end': 1339.873, 'text': "Influencing an organization's core activities requires the support of senior management.", 'start': 1335.225, 'duration': 4.648}, {'end': 1347.826, 'text': 'This support comes in the form of priorities and resources that permit security professionals to be closely involved with key activities.', 'start': 1340.674, 'duration': 7.152}, {'end': 1351.904, 'text': 'As an organization, NutriWorld Inc.', 'start': 1349.702, 'duration': 2.202}, {'end': 1356.647, 'text': 'would like to focus on improving the security of communication channels in this financial year.', 'start': 1351.984, 'duration': 4.663}, {'end': 1361.691, 'text': 'To achieve this goal, the General Manager of IT Security, Hilda Jacob,', 'start': 1357.348, 'duration': 4.343}, {'end': 1371.878, 'text': 'announced in her recent address to the team that all security administrators and IT analysts in the IT Security Division need to complete the CISSP certification.', 'start': 1361.691, 'duration': 10.187}, {'end': 1378.183, 'text': 'Kevin Butler is a Security Administrator in the Network Firewalls Division at Nutri Worldwide.', 'start': 1372.719, 'duration': 5.464}], 'summary': 'Align information security with organizational goals, reduce risk, and improve communication security at nutriworld inc.', 'duration': 79.733, 'max_score': 1298.45, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/JWqd_qaR81g/pics/JWqd_qaR81g1298450.jpg'}], 'start': 1055.26, 'title': 'Cissp certification and governance', 'summary': 'Covers the cissp certification course, which costs us$599, shifted to computer-based testing from september 1, 2012, and emphasizes information security governance and risk management. it also highlights a case study on weak business continuity planning leading to bankruptcy, and stresses aligning information security with organizational goals for asset protection.', 'chapters': [{'end': 1167.94, 'start': 1055.26, 'title': 'Cissp certification course overview', 'summary': 'Covers the cissp certification course, including exam fees of us$599, the shift to computer-based testing from september 1, 2012, and the focus on information security governance and risk management, with an emphasis on risk analysis and mitigation, security governance, and the importance of information security management.', 'duration': 112.68, 'highlights': ['The exam fee is US$599 for both paper-based test and computer-based test, with ISC Square offering only computer-based testing from September 1, 2012, for all certification exams.', "Information Security Governance and Risk Management involves the identification of an organization's information assets and the development, documentation, and implementation of policies, standards, procedures, and guidelines that ensure confidentiality, integrity, and availability.", 'This domain focuses on risk analysis and mitigation, security governance, and the importance of information security management, with objectives including recognizing the importance of confidentiality, integrity, and availability, listing types of information classification, describing security policy implementation, information risk analysis and risk management, as well as managing personnel security and security functions.']}, {'end': 1381.505, 'start': 1169.465, 'title': 'Importance of information security governance', 'summary': 'Highlights the importance of information security governance and risk management through a case study of a company that faced bankruptcy due to weak business continuity planning, and emphasizes the role of aligning information security with organizational goals, mission, and objectives for protecting organizational assets.', 'duration': 212.04, 'highlights': ["The competitor company's weak business continuity planning led to a huge data leak during a natural disaster, causing them to file for bankruptcy within a few years.", 'Information security governance and risk management were emphasized through a case study, illustrating the consequences of overlooking these aspects.', 'The importance of aligning information security with organizational goals, mission, and objectives was stressed, as it helps in protecting organizational assets by reducing the risk posed by information security threats and gaining senior management support.', "As an organization, NutriWorld Inc. aims to improve the security of communication channels by having all security administrators and IT analysts in the IT Security Division complete the CISSP certification, highlighting the organization's focus on enhancing information security."]}], 'duration': 326.245, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/JWqd_qaR81g/pics/JWqd_qaR81g1055260.jpg', 'highlights': ['ISC Square offers only computer-based testing for all certification exams from September 1, 2012, at a fee of US$599.', "Information Security Governance and Risk Management involves identifying an organization's information assets and ensuring confidentiality, integrity, and availability.", 'The importance of aligning information security with organizational goals for asset protection was stressed, emphasizing senior management support.', 'A case study highlighted the consequences of weak business continuity planning, leading to bankruptcy due to a data leak during a natural disaster.']}, {'end': 1888.837, 'segs': [{'end': 1473.496, 'src': 'heatmap', 'start': 1402.788, 'weight': 0, 'content': [{'end': 1408.39, 'text': 'Is this statement a mission, goal, or objective statement? This is a mission statement.', 'start': 1402.788, 'duration': 5.602}, {'end': 1415.712, 'text': 'Mission statement is a statement of the purpose of an organization, company, or person and its reason for existence.', 'start': 1409.65, 'duration': 6.062}, {'end': 1423.054, 'text': 'It guides the actions of the company, tells its overall goal, provides a path, and guides management in decision making.', 'start': 1416.412, 'duration': 6.642}, {'end': 1428.045, 'text': 'Let us proceed to the next topic, information security management.', 'start': 1424.744, 'duration': 3.301}, {'end': 1434.807, 'text': 'This topic, information security management, describes the controls an organization implements to manage risk.', 'start': 1428.705, 'duration': 6.102}, {'end': 1443.109, 'text': 'In this topic, we will look at some important definitions, learn about information security governance and describe security controls,', 'start': 1435.627, 'duration': 7.482}, {'end': 1446.149, 'text': 'organizational processes and service level agreements.', 'start': 1443.109, 'duration': 3.04}, {'end': 1452.431, 'text': 'We will also discuss how to manage third party governance and learn about privacy requirements and compliance.', 'start': 1446.81, 'duration': 5.621}, {'end': 1459.769, 'text': 'Governance ensures that security strategies are aligned with business objectives and are consistent with regulations.', 'start': 1453.866, 'duration': 5.903}, {'end': 1473.496, 'text': 'The IT Governance Institute defines security governance as security governance is the set of responsibilities and practices exercised by the board and executive management with the goal of providing strategic direction,', 'start': 1460.449, 'duration': 13.047}], 'summary': 'A mission statement guides organizations, including security governance for aligning strategies with business objectives and regulations.', 'duration': 43.361, 'max_score': 1402.788, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/JWqd_qaR81g/pics/JWqd_qaR81g1402788.jpg'}, {'end': 1614.277, 'src': 'heatmap', 'start': 1497.56, 'weight': 0.797, 'content': [{'end': 1508.784, 'text': 'Governance is intended to guarantee that appropriate information security activities are being performed to ensure that risks are reduced and information security investments are appropriately directed.', 'start': 1497.56, 'duration': 11.224}, {'end': 1516.147, 'text': 'It also ensures that the executive management has visibility of the program and improving the effectiveness of the program.', 'start': 1509.584, 'duration': 6.563}, {'end': 1519.808, 'text': 'We will learn about security controls in the following screen.', 'start': 1516.907, 'duration': 2.901}, {'end': 1527.806, 'text': 'Security controls are measures taken to safeguard an information system from attacks against the confidentiality,', 'start': 1521.621, 'duration': 6.185}, {'end': 1530.769, 'text': 'integrity and availability of the information system.', 'start': 1527.806, 'duration': 2.963}, {'end': 1536.374, 'text': 'The common term of confidentiality, integrity, and availability is CIA.', 'start': 1531.67, 'duration': 4.704}, {'end': 1542.739, 'text': 'Note that the terms safeguard and countermeasure are sometimes used as synonyms for security control.', 'start': 1537.094, 'duration': 5.645}, {'end': 1548.784, 'text': 'Security controls are selected and applied based on a risk assessment of the information system.', 'start': 1543.56, 'duration': 5.224}, {'end': 1557.533, 'text': 'The risk assessment process identifies system threats and vulnerabilities, and then security controls are selected to reduce or mitigate the risk.', 'start': 1549.591, 'duration': 7.942}, {'end': 1560.294, 'text': 'There are three types of security controls.', 'start': 1558.213, 'duration': 2.081}, {'end': 1567.095, 'text': 'They are administrative security controls, technical security controls, and physical security controls.', 'start': 1560.874, 'duration': 6.221}, {'end': 1570.016, 'text': 'Let us look at each type in the following screen.', 'start': 1567.755, 'duration': 2.261}, {'end': 1577.899, 'text': 'Service Level Agreements, or SLA, is a formally defined level of service provided by an organization.', 'start': 1572.276, 'duration': 5.623}, {'end': 1586.002, 'text': 'Within the context of security management, SLAs may be defined for many activities, including security incident response.', 'start': 1578.539, 'duration': 7.463}, {'end': 1592.946, 'text': 'A security team may be required to mobilize within a stipulated period of time when a security incident has been called.', 'start': 1586.703, 'duration': 6.243}, {'end': 1594.887, 'text': 'Security alert delivery.', 'start': 1593.746, 'duration': 1.141}, {'end': 1602.651, 'text': 'Security alerts, which may be bulletins of threats or vulnerabilities, may need to be delivered to recipients within a stipulated period of time.', 'start': 1595.487, 'duration': 7.164}, {'end': 1604.872, 'text': 'Security investigation.', 'start': 1603.591, 'duration': 1.281}, {'end': 1611.455, 'text': 'A security investigator may be required to respond to a call for assistance within a stipulated period of time.', 'start': 1604.892, 'duration': 6.563}, {'end': 1614.277, 'text': 'Policy and procedure review.', 'start': 1612.776, 'duration': 1.501}], 'summary': 'Governance ensures effective info security activities, with 3 types of controls and slas for incident response.', 'duration': 116.717, 'max_score': 1497.56, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/JWqd_qaR81g/pics/JWqd_qaR81g1497560.jpg'}, {'end': 1592.946, 'src': 'embed', 'start': 1543.56, 'weight': 2, 'content': [{'end': 1548.784, 'text': 'Security controls are selected and applied based on a risk assessment of the information system.', 'start': 1543.56, 'duration': 5.224}, {'end': 1557.533, 'text': 'The risk assessment process identifies system threats and vulnerabilities, and then security controls are selected to reduce or mitigate the risk.', 'start': 1549.591, 'duration': 7.942}, {'end': 1560.294, 'text': 'There are three types of security controls.', 'start': 1558.213, 'duration': 2.081}, {'end': 1567.095, 'text': 'They are administrative security controls, technical security controls, and physical security controls.', 'start': 1560.874, 'duration': 6.221}, {'end': 1570.016, 'text': 'Let us look at each type in the following screen.', 'start': 1567.755, 'duration': 2.261}, {'end': 1577.899, 'text': 'Service Level Agreements, or SLA, is a formally defined level of service provided by an organization.', 'start': 1572.276, 'duration': 5.623}, {'end': 1586.002, 'text': 'Within the context of security management, SLAs may be defined for many activities, including security incident response.', 'start': 1578.539, 'duration': 7.463}, {'end': 1592.946, 'text': 'A security team may be required to mobilize within a stipulated period of time when a security incident has been called.', 'start': 1586.703, 'duration': 6.243}], 'summary': 'Security controls are selected based on risk assessment; 3 types of controls exist; slas define service levels and response times.', 'duration': 49.386, 'max_score': 1543.56, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/JWqd_qaR81g/pics/JWqd_qaR81g1543560.jpg'}, {'end': 1663.531, 'src': 'embed', 'start': 1635.928, 'weight': 4, 'content': [{'end': 1639.01, 'text': 'Organizations outsource different functions for many reasons,', 'start': 1635.928, 'duration': 3.082}, {'end': 1646.016, 'text': "including redirecting energy on the organization's core competencies and controlling the efficient use of capital and other resources.", 'start': 1639.01, 'duration': 7.006}, {'end': 1652.88, 'text': 'There are some information security risks associated with the outsourcing of business process to third parties,', 'start': 1646.974, 'duration': 5.906}, {'end': 1657.905, 'text': 'including loss of control of confidential information, accountability and compliance.', 'start': 1652.88, 'duration': 5.025}, {'end': 1660.228, 'text': 'Let us look at each of these now.', 'start': 1658.746, 'duration': 1.482}, {'end': 1663.531, 'text': 'Loss of control of confidential information.', 'start': 1661.229, 'duration': 2.302}], 'summary': 'Outsourcing helps focus on core competencies, but poses information security risks.', 'duration': 27.603, 'max_score': 1635.928, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/JWqd_qaR81g/pics/JWqd_qaR81g1635928.jpg'}, {'end': 1749.083, 'src': 'embed', 'start': 1725.7, 'weight': 5, 'content': [{'end': 1733.89, 'text': 'Secure outsourcing can be achieved by periodic on-site assessments, document exchange and document reviews, and policy and process reviews.', 'start': 1725.7, 'duration': 8.19}, {'end': 1735.972, 'text': 'Let us look at each of these now.', 'start': 1734.671, 'duration': 1.301}, {'end': 1746.3, 'text': 'On-site assessment of IT governance includes a review of all the formal and ad hoc IT governance mechanisms and interviews of key business and IT personnel.', 'start': 1737.293, 'duration': 9.007}, {'end': 1749.083, 'text': 'Document exchange and document review.', 'start': 1747.261, 'duration': 1.822}], 'summary': 'Secure outsourcing achieved through on-site assessments, document exchange, and policy reviews.', 'duration': 23.383, 'max_score': 1725.7, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/JWqd_qaR81g/pics/JWqd_qaR81g1725700.jpg'}, {'end': 1798.537, 'src': 'embed', 'start': 1770.142, 'weight': 6, 'content': [{'end': 1773.944, 'text': 'In the next screen, we will learn about the privacy requirements and compliance.', 'start': 1770.142, 'duration': 3.802}, {'end': 1782.387, 'text': 'Outsourcing is using a third party to provide information technology support services that were previously performed in-house.', 'start': 1776.305, 'duration': 6.082}, {'end': 1785.649, 'text': 'Offshoring is outsourcing to another country.', 'start': 1783.308, 'duration': 2.341}, {'end': 1789.815, 'text': 'Offshoring can increase privacy and regulatory issues.', 'start': 1786.934, 'duration': 2.881}, {'end': 1792.976, 'text': 'Let us look at an example to understand this.', 'start': 1790.935, 'duration': 2.041}, {'end': 1798.537, 'text': "For a U.S. medical transcription organization's data offshored to India.", 'start': 1793.976, 'duration': 4.561}], 'summary': 'Learning about privacy requirements and compliance, offshoring can increase privacy and regulatory issues, e.g., u.s. medical transcription data offshored to india.', 'duration': 28.395, 'max_score': 1770.142, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/JWqd_qaR81g/pics/JWqd_qaR81g1770142.jpg'}, {'end': 1878.091, 'src': 'embed', 'start': 1852.512, 'weight': 7, 'content': [{'end': 1859.497, 'text': 'While doing so, he lists out the distinguishing points about governance and management to ensure he understands the difference between the two.', 'start': 1852.512, 'duration': 6.985}, {'end': 1868.805, 'text': 'Governance is associated with providing an oversight, enacting policies, establishing accountability, resources planning, and strategic planning.', 'start': 1860.678, 'duration': 8.127}, {'end': 1878.091, 'text': 'Management, on the other hand, involves implementation, enforcement of policies, handling responsibilities, resource planning, and project planning.', 'start': 1869.767, 'duration': 8.324}], 'summary': 'Governance involves oversight, policies, and strategic planning, while management focuses on implementation and project planning.', 'duration': 25.579, 'max_score': 1852.512, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/JWqd_qaR81g/pics/JWqd_qaR81g1852512.jpg'}], 'start': 1382.606, 'title': 'Understanding mission statements and information security governance', 'summary': 'Covers the importance of mission statements in guiding organizational actions, the role of information security management in managing risk, and the types of security controls used to safeguard information systems. it also covers security management and outsourcing, including service level agreements, security alert delivery, investigation, and risks and methods for secure outsourcing.', 'chapters': [{'end': 1567.095, 'start': 1382.606, 'title': 'Understanding mission statements and information security governance', 'summary': 'Covers the importance of mission statements in guiding organizational actions, the role of information security management in managing risk, and the types of security controls used to safeguard information systems.', 'duration': 184.489, 'highlights': ['Mission statement is a statement of the purpose of an organization and guides its overall goal and management decisions. Defines the purpose of an organization and its role in guiding actions and decision-making. Provides clarity on the function of a mission statement.', 'Information security management involves implementing controls to manage risk, including governance, security controls, and compliance with privacy requirements. Emphasizes the importance of managing risk through governance, security controls, and compliance. Highlights the key aspects of information security management.', 'Security controls are measures to safeguard an information system and are selected based on a risk assessment of the system, including administrative, technical, and physical security controls. Details the types of security controls and their selection based on risk assessment. Provides clarity on the purpose and types of security controls.']}, {'end': 1888.837, 'start': 1567.755, 'title': 'Security management and outsourcing', 'summary': 'Covers service level agreements, security alert delivery, investigation, and outsourcing in security management, including risks and methods for secure outsourcing.', 'duration': 321.082, 'highlights': ['Service Level Agreements (SLAs) may be defined for security incident response, security alert delivery, and investigation, requiring mobilization and response within stipulated periods of time. SLAs can be defined for security incident response, security alert delivery, and investigation, necessitating timely mobilization and response.', 'Outsourcing of business processes to third parties presents information security risks, including loss of control of confidential information, accountability, and compliance. Outsourcing to third parties poses risks such as loss of control of confidential information, accountability, and compliance.', 'Secure outsourcing methods include periodic on-site assessments, document exchange and review, and policy and process reviews to ensure the security of outsourced data. Secure outsourcing practices involve on-site assessments, document exchange and review, and policy and process reviews to safeguard outsourced data.', "Offshoring can raise privacy and regulatory issues, requiring thorough risk analysis and adherence to laws and regulations beyond the country's jurisdiction. Offshoring may lead to privacy and regulatory concerns, necessitating comprehensive risk analysis and compliance beyond jurisdictional laws.", 'Governance involves oversight, policy enactment, and strategic planning, while management entails policy enforcement and project planning. Governance encompasses oversight, policy enactment, and strategic planning, whereas management involves policy enforcement and project planning.']}], 'duration': 506.231, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/JWqd_qaR81g/pics/JWqd_qaR81g1382606.jpg', 'highlights': ['Mission statement guides organizational actions and decision-making.', 'Information security management emphasizes managing risk through governance, security controls, and compliance.', 'Security controls are selected based on a risk assessment of the system, including administrative, technical, and physical security controls.', 'Service Level Agreements (SLAs) can be defined for security incident response, security alert delivery, and investigation, necessitating timely mobilization and response.', 'Outsourcing to third parties poses risks such as loss of control of confidential information, accountability, and compliance.', 'Secure outsourcing practices involve on-site assessments, document exchange and review, and policy and process reviews to safeguard outsourced data.', 'Offshoring may lead to privacy and regulatory concerns, necessitating comprehensive risk analysis and compliance beyond jurisdictional laws.', 'Governance encompasses oversight, policy enactment, and strategic planning, whereas management involves policy enforcement and project planning.']}, {'end': 3021.237, 'segs': [{'end': 2019.313, 'src': 'embed', 'start': 1963.323, 'weight': 0, 'content': [{'end': 1968.588, 'text': 'Confidentiality, integrity, and availability are the foundation for information security.', 'start': 1963.323, 'duration': 5.265}, {'end': 1973.275, 'text': 'CIA forms the basis on which the information security is built.', 'start': 1969.654, 'duration': 3.621}, {'end': 1980.938, 'text': 'Confidentiality, integrity, and availability work together to provide assurance that systems and data remain secure.', 'start': 1974.035, 'duration': 6.903}, {'end': 1984.759, 'text': 'Every part of CIA triad is equally important.', 'start': 1981.978, 'duration': 2.781}, {'end': 1990.781, 'text': 'Depending on the data and IT resource, different prioritization of the three will be required.', 'start': 1985.439, 'duration': 5.342}, {'end': 1994.182, 'text': 'In the next screen, we will learn about confidentiality.', 'start': 1991.381, 'duration': 2.801}, {'end': 2001.761, 'text': 'The principle of confidentiality asserts that information and functions can be accessed only by authorized parties.', 'start': 1995.697, 'duration': 6.064}, {'end': 2009.806, 'text': 'Private information about citizens has resulted in the proliferation of information systems operated by both government and industry.', 'start': 2002.802, 'duration': 7.004}, {'end': 2019.313, 'text': 'Typically, a personal profile containing many items of basic information are established when an individual begins a relationship with an organization.', 'start': 2010.627, 'duration': 8.686}], 'summary': 'Cia triad is crucial for information security, with confidentiality ensuring authorized access to personal information.', 'duration': 55.99, 'max_score': 1963.323, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/JWqd_qaR81g/pics/JWqd_qaR81g1963323.jpg'}, {'end': 2130.216, 'src': 'embed', 'start': 2088.944, 'weight': 4, 'content': [{'end': 2097.53, 'text': 'Other threats to confidentiality are unprotected downloaded files, unprotected networks, and unauthorized programs like Trojan horses and viruses.', 'start': 2088.944, 'duration': 8.586}, {'end': 2103.554, 'text': 'Social engineering attack, which uses social skills to obtain information, is another threat.', 'start': 2098.53, 'duration': 5.024}, {'end': 2106.276, 'text': 'The next screen will focus on integrity.', 'start': 2104.354, 'duration': 1.922}, {'end': 2115.312, 'text': 'The principle of integrity asserts that information and functions can be added, altered, or removed only by authorized people and means.', 'start': 2107.97, 'duration': 7.342}, {'end': 2119.933, 'text': 'Integrity is achieved through a role-based access control,', 'start': 2116.332, 'duration': 3.601}, {'end': 2124.434, 'text': 'which is the generic name for a mechanism that controls the actions performed by individuals.', 'start': 2119.933, 'duration': 4.501}, {'end': 2130.216, 'text': 'Information may be stored in a database of tables consisting of tables, rows, and fields.', 'start': 2125.535, 'duration': 4.681}], 'summary': 'Threats to confidentiality include unprotected files and networks, with integrity ensuring authorized access and control.', 'duration': 41.272, 'max_score': 2088.944, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/JWqd_qaR81g/pics/JWqd_qaR81g2088944.jpg'}, {'end': 2243.476, 'src': 'embed', 'start': 2211.789, 'weight': 6, 'content': [{'end': 2215.051, 'text': 'In other words, systems should be available and in function.', 'start': 2211.789, 'duration': 3.262}, {'end': 2219.333, 'text': 'A good example for availability would be network load balancing.', 'start': 2215.991, 'duration': 3.342}, {'end': 2227.741, 'text': 'Availability is multifaceted and involves separate safeguards and mechanisms to ensure that systems and data are available when needed.', 'start': 2220.635, 'duration': 7.106}, {'end': 2235.589, 'text': 'These safeguards range from firewalls and antivirus software to resilient architectures for disaster recovery planning.', 'start': 2228.622, 'duration': 6.967}, {'end': 2243.476, 'text': 'Availability covers nearly all the aspects of data security that directly or indirectly protects a system from any harm.', 'start': 2236.629, 'duration': 6.847}], 'summary': 'Availability is crucial for systems, with examples like network load balancing and various safeguards such as firewalls and antivirus software.', 'duration': 31.687, 'max_score': 2211.789, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/JWqd_qaR81g/pics/JWqd_qaR81g2211789.jpg'}, {'end': 2418.126, 'src': 'embed', 'start': 2373.39, 'weight': 10, 'content': [{'end': 2376.953, 'text': 'The objectives of information classification are discussed in this screen.', 'start': 2373.39, 'duration': 3.563}, {'end': 2382.123, 'text': 'The objective of an information classification scheme varies from sector to sector.', 'start': 2377.841, 'duration': 4.282}, {'end': 2388.107, 'text': 'In general, the information classification is done to minimize risks on sensitive information.', 'start': 2382.784, 'duration': 5.323}, {'end': 2393.97, 'text': 'Information classification has the longest history in the government or military sectors.', 'start': 2389.407, 'duration': 4.563}, {'end': 2396.191, 'text': 'In these sectors,', 'start': 2394.871, 'duration': 1.32}, {'end': 2403.956, 'text': 'information classification is used primarily to prevent the unauthorized disclosure of information and the resultant failure of confidentiality.', 'start': 2396.191, 'duration': 7.765}, {'end': 2411.563, 'text': 'A commercial or private sector company might wish to employ classification to maintain a competitive edge in a tough marketplace.', 'start': 2405.02, 'duration': 6.543}, {'end': 2418.126, 'text': 'There might also be other sound legal reasons for a company to employ information classification,', 'start': 2412.504, 'duration': 5.622}], 'summary': 'Information classification aims to minimize risks, with a focus on confidentiality and competitive advantage.', 'duration': 44.736, 'max_score': 2373.39, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/JWqd_qaR81g/pics/JWqd_qaR81g2373390.jpg'}, {'end': 2496.04, 'src': 'embed', 'start': 2468.223, 'weight': 7, 'content': [{'end': 2473.206, 'text': "The unauthorized disclosure of this information could cause some damage to the country's national security.", 'start': 2468.223, 'duration': 4.983}, {'end': 2475.628, 'text': 'The third level is confidential.', 'start': 2474.167, 'duration': 1.461}, {'end': 2479.581, 'text': 'This is the information designed to be of a confidential nature.', 'start': 2476.618, 'duration': 2.963}, {'end': 2485.268, 'text': "The unauthorized disclosure of this information may cause damage to the country's national security.", 'start': 2480.342, 'duration': 4.926}, {'end': 2492.296, 'text': 'This level applies to the documents labeled between sensitive but unclassified and secret insensitivity.', 'start': 2486.309, 'duration': 5.987}, {'end': 2496.04, 'text': 'The fourth level is sensitive but unclassified.', 'start': 2493.578, 'duration': 2.462}], 'summary': 'Unauthorized disclosure could damage national security at multiple sensitivity levels.', 'duration': 27.817, 'max_score': 2468.223, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/JWqd_qaR81g/pics/JWqd_qaR81g2468223.jpg'}, {'end': 2558.232, 'src': 'embed', 'start': 2530.171, 'weight': 9, 'content': [{'end': 2538.014, 'text': 'The information classification scheme followed by the commercial or private establishments has four levels confidential, private,', 'start': 2530.171, 'duration': 7.843}, {'end': 2539.334, 'text': 'sensitive and public.', 'start': 2538.014, 'duration': 1.32}, {'end': 2542.055, 'text': 'The highest level is confidential.', 'start': 2540.375, 'duration': 1.68}, {'end': 2548.998, 'text': 'This classification applies to the sensitive business information that is intended strictly for use within the organization.', 'start': 2542.915, 'duration': 6.083}, {'end': 2558.232, 'text': 'The unauthorized disclosure of such information can seriously and adversely affect the organization, its stockholders, business partners or customers.', 'start': 2549.929, 'duration': 8.303}], 'summary': 'Commercial establishments use a 4-level information classification scheme, with the highest level being confidential.', 'duration': 28.061, 'max_score': 2530.171, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/JWqd_qaR81g/pics/JWqd_qaR81g2530171.jpg'}, {'end': 2683.992, 'src': 'embed', 'start': 2663.217, 'weight': 8, 'content': [{'end': 2672.884, 'text': 'Classification can be decided based on certain conditions which the information satisfies, such as value, age, useful life, and personal associations.', 'start': 2663.217, 'duration': 9.667}, {'end': 2678.188, 'text': 'Value is the commonly used criteria for classifying the data in private sector.', 'start': 2673.764, 'duration': 4.424}, {'end': 2683.992, 'text': 'If the information is valuable to an organization or its competitors, it needs to be classified.', 'start': 2678.968, 'duration': 5.024}], 'summary': 'Data classification is based on value and other conditions such as age and useful life. valuable data must be classified.', 'duration': 20.775, 'max_score': 2663.217, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/JWqd_qaR81g/pics/JWqd_qaR81g2663217.jpg'}, {'end': 2780.613, 'src': 'embed', 'start': 2754.253, 'weight': 12, 'content': [{'end': 2761.016, 'text': 'Kevin has understood the importance of information, its criticality to a company, and importance of assigning a value to it.', 'start': 2754.253, 'duration': 6.763}, {'end': 2766.203, 'text': 'Network Firewalls division has a lot of information that is created and maintained.', 'start': 2762, 'duration': 4.203}, {'end': 2770.346, 'text': 'However, Kevin recognizes not all the information is critical.', 'start': 2766.783, 'duration': 3.563}, {'end': 2775.65, 'text': 'He would like to do a high-level classification on the information accessible to him.', 'start': 2771.247, 'duration': 4.403}, {'end': 2780.613, 'text': 'What are the different information classification levels Kevin would need to use?', 'start': 2776.851, 'duration': 3.762}], 'summary': 'Kevin recognizes importance of information, wants to classify it by value.', 'duration': 26.36, 'max_score': 2754.253, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/JWqd_qaR81g/pics/JWqd_qaR81g2754253.jpg'}, {'end': 2871.87, 'src': 'embed', 'start': 2840.715, 'weight': 13, 'content': [{'end': 2847.617, 'text': 'Building a good security policy lays foundation for the successful implementation of security-related projects in the future.', 'start': 2840.715, 'duration': 6.902}, {'end': 2854.8, 'text': "This is an important measure to reduce the risk of unacceptable use of any of the company's information resources.", 'start': 2848.595, 'duration': 6.205}, {'end': 2863.463, 'text': "The first step towards enhancing a company's security is the introduction of a precise yet enforceable security policy,", 'start': 2855.916, 'duration': 7.547}, {'end': 2871.87, 'text': 'informing staff on the various aspects of their responsibilities, general use of company resources and explaining how to handle sensitive information.', 'start': 2863.463, 'duration': 8.407}], 'summary': 'Implementing a precise security policy reduces risk and enhances staff awareness.', 'duration': 31.155, 'max_score': 2840.715, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/JWqd_qaR81g/pics/JWqd_qaR81g2840715.jpg'}, {'end': 2964.483, 'src': 'embed', 'start': 2934.233, 'weight': 14, 'content': [{'end': 2938.695, 'text': 'The functional implementation policies are subsets of general organizational policy.', 'start': 2934.233, 'duration': 4.462}, {'end': 2943.897, 'text': 'A policy is implemented using standards, guidelines, procedures, and baselines.', 'start': 2939.615, 'duration': 4.282}, {'end': 2947.995, 'text': 'As shown in the flowchart, standards, guidelines,', 'start': 2944.753, 'duration': 3.242}, {'end': 2956.279, 'text': 'procedures and baselines are the tactical tools used to achieve and support the directives in the security policy which is considered the strategic goal.', 'start': 2947.995, 'duration': 8.284}, {'end': 2964.483, 'text': 'As you can see from the policy hierarchy chart and figure, policies are considered the first and highest level of documentation,', 'start': 2957.219, 'duration': 7.264}], 'summary': 'Functional implementation policies are strategic, supported by tactical tools such as standards, guidelines, procedures, and baselines.', 'duration': 30.25, 'max_score': 2934.233, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/JWqd_qaR81g/pics/JWqd_qaR81g2934233.jpg'}], 'start': 1889.818, 'title': 'Importance of cia in information security', 'summary': 'Emphasizes the importance of confidentiality, integrity, and availability (cia) in information security, serving as the industry standard, and discusses principles, threats, and examples for each principle, along with the need for information classification and security policies.', 'chapters': [{'end': 2039.242, 'start': 1889.818, 'title': 'Importance of cia in information security', 'summary': 'Highlights the importance of confidentiality, integrity, and availability (cia) in information security, as the foundation for secure systems and data, serving as the industry standard for computer security, and emphasizes the principle of confidentiality in accessing information.', 'duration': 149.424, 'highlights': ['Confidentiality, integrity, and availability (CIA) are the foundation for information security, serving as the industry standard for computer security. CIA forms the basis on which the information security is built, providing assurance that systems and data remain secure.', 'The principle of confidentiality asserts that information and functions can be accessed only by authorized parties. Confidentiality emphasizes the importance of authorized access to information and functions, particularly in the context of personal information stored in organizational systems.', 'Private information about citizens has resulted in the proliferation of information systems operated by both government and industry. The increasing need to store private information has led to the widespread use of information systems by government and industry, highlighting the significance of maintaining confidentiality.']}, {'end': 2258.261, 'start': 2040.276, 'title': 'Data security principles', 'summary': 'Explains the principles of confidentiality, integrity, and availability in data security, highlighting threats and examples for each principle, including unauthorized disclosure, integrity violations, and availability safeguards.', 'duration': 217.985, 'highlights': ['Military secrets, which are highly confidential information, can be accessed only by authorized personnel. Emphasizes the importance of confidentiality and restricted access to highly sensitive information.', 'Threats to confidentiality include hackers, masqueraders, unauthorized user activity, unprotected downloaded files, unprotected networks, and unauthorized programs like Trojan horses and viruses. Enumerates various threats to confidentiality, emphasizing the need for robust security measures to prevent unauthorized access and data breaches.', 'The concept of integrity governs which individuals are able to modify which tables, rows, and fields in the database. Explains the role-based access control and its significance in maintaining data integrity.', 'Availability is multifaceted and involves separate safeguards and mechanisms to ensure that systems and data are available when needed. Highlights the complexity of ensuring availability and the need for diverse safeguards to maintain system functionality.']}, {'end': 2749.731, 'start': 2259.863, 'title': 'Information classification', 'summary': 'Discusses the need for information classification, its objectives, government and private sector classification schemes, and the criteria for classifying information, emphasizing the importance of classification in safeguarding valuable data and minimizing risks.', 'duration': 489.868, 'highlights': ['The government or military sector classification has five levels: Top secret, secret, confidential, sensitive but unclassified (SBU), and unclassified, with each level having specific criteria and consequences for unauthorized disclosure. The government or military sector classification has five levels, including Top secret, secret, confidential, sensitive but unclassified (SBU), and unclassified. Each level has specific criteria and consequences for unauthorized disclosure, with Top secret being the highest level and unauthorized disclosure causing exceptionally severe damage to national security.', 'The need for information classification is driven by the varying value of data to an organization, with some data being crucial for strategic decision-making and the protection of trade secrets, formulas, and new product information. The need for information classification is driven by the varying value of data to an organization. Some data is crucial for strategic decision-making and the protection of trade secrets, formulas, and new product information, with the loss of such data potentially causing significant problems for the enterprise and the marketplace.', 'Information classification in the commercial sector comprises four levels: confidential, private, sensitive, and public, with specific examples provided for each level to illustrate the types of information falling within each category. Information classification in the commercial sector comprises four levels: confidential, private, sensitive, and public, with specific examples provided for each level to illustrate the types of information falling within each category. For example, confidential information includes new product development and trade secrets, while private information covers personal data such as medical information and salary levels.', 'The primary purpose of information classification is to enhance confidentiality, integrity, and availability, while minimizing the risk to the information and achieving an efficient cost-to-benefit ratio. The primary purpose of information classification is to enhance confidentiality, integrity, and availability, while minimizing the risk to the information and achieving an efficient cost-to-benefit ratio, aiming to generate maximum benefits from the available resources and budget.', 'The objectives of information classification include minimizing risks on sensitive information, enhancing confidentiality, and complying with privacy laws and regulatory requirements, with variations in objectives across different sectors. The objectives of information classification include minimizing risks on sensitive information, enhancing confidentiality, and complying with privacy laws and regulatory requirements, with variations in objectives across different sectors. For instance, government or military sectors primarily use classification to prevent unauthorized disclosure of information and protect national security.']}, {'end': 3021.237, 'start': 2754.253, 'title': 'Information classification and security policies', 'summary': 'Discusses the importance of information classification, the levels of information classification, the foundation and importance of security policies, and the tactical tools used to achieve and support security directives, with a notable example of a bad security policy.', 'duration': 266.984, 'highlights': ['The chapter discusses the importance of information classification and its levels, along with the foundation and importance of security policies. Kevin recognizes the importance of information and the need to assign a value to it, while also understanding the different information classification levels such as confidential, private, sensitive, and public.', "The chapter emphasizes the importance of security policies as the foundation for sound security implementation. Security policies are crucial for implementing effective security controls, and they involve creating a foundation of policies, standards, guidelines, and procedures to reduce the risk of unacceptable use of company's information resources.", 'The chapter explains the tactical tools used to achieve and support security directives, with an example of a bad security policy from NutriWorldwide Inc. The functional implementation policies are subsets of general organizational policy, implemented using standards, guidelines, procedures, and baselines, while the example of a bad security policy from NutriWorldwide Inc. demonstrates the missing element of scope.']}], 'duration': 1131.419, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/JWqd_qaR81g/pics/JWqd_qaR81g1889818.jpg', 'highlights': ['CIA forms the basis for information security, providing assurance that systems and data remain secure.', 'Confidentiality emphasizes the importance of authorized access to information and functions.', 'The increasing need to store private information has led to the widespread use of information systems by government and industry.', 'Emphasizes the importance of confidentiality and restricted access to highly sensitive information.', 'Enumerates various threats to confidentiality, emphasizing the need for robust security measures.', 'Explains the role-based access control and its significance in maintaining data integrity.', 'Highlights the complexity of ensuring availability and the need for diverse safeguards to maintain system functionality.', 'The government or military sector classification has five levels, each with specific criteria and consequences for unauthorized disclosure.', 'The need for information classification is driven by the varying value of data to an organization.', 'Information classification in the commercial sector comprises four levels, with specific examples provided for each level.', 'The primary purpose of information classification is to enhance confidentiality, integrity, and availability, while minimizing the risk to the information.', 'The objectives of information classification include minimizing risks on sensitive information, enhancing confidentiality, and complying with privacy laws and regulatory requirements.', 'Kevin recognizes the importance of information and the need to assign a value to it, understanding different information classification levels.', 'Security policies are crucial for implementing effective security controls, involving creating a foundation of policies, standards, guidelines, and procedures.', 'The functional implementation policies are subsets of general organizational policy, implemented using standards, guidelines, procedures, and baselines.']}, {'end': 3747.87, 'segs': [{'end': 3074.118, 'src': 'embed', 'start': 3022.558, 'weight': 0, 'content': [{'end': 3025.901, 'text': 'Let us proceed to the next topic, information risk management.', 'start': 3022.558, 'duration': 3.343}, {'end': 3033.684, 'text': 'Information Risk Management focuses on finding the level of risk associated with a given activity or asset and how to handle it.', 'start': 3026.798, 'duration': 6.886}, {'end': 3041.65, 'text': 'In this topic, we will look at the security definitions and discuss Information Risk Management or IRM in detail.', 'start': 3034.585, 'duration': 7.065}, {'end': 3050.137, 'text': 'Information. Risk Management, or IRM, is the process of identifying and assessing the risk,', 'start': 3044.573, 'duration': 5.564}, {'end': 3055.202, 'text': 'reducing it to an acceptable level and implementing the right mechanisms to maintain that level.', 'start': 3050.137, 'duration': 5.065}, {'end': 3064.972, 'text': 'Risk management process involves establishing the context, identifying the risks, analyzing the risks, evaluating the risks and finally,', 'start': 3056.246, 'duration': 8.726}, {'end': 3065.732, 'text': 'treating the risks.', 'start': 3064.972, 'duration': 0.76}, {'end': 3074.118, 'text': 'The risk management process minimizes the impact of threats realized and provides a foundation for effective management decision making.', 'start': 3066.713, 'duration': 7.405}], 'summary': 'Information risk management assesses, reduces, and maintains risk levels to minimize impact of threats.', 'duration': 51.56, 'max_score': 3022.558, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/JWqd_qaR81g/pics/JWqd_qaR81g3022558.jpg'}, {'end': 3271.015, 'src': 'embed', 'start': 3244.654, 'weight': 2, 'content': [{'end': 3253.758, 'text': 'We will also look at the risk analysis team, steps for risk analysis, information and assets valuation, and types of risk analysis.', 'start': 3244.654, 'duration': 9.104}, {'end': 3262.082, 'text': 'Then, we will take a look at the steps for quantitative risk analysis and understand qualitative risk analysis with examples.', 'start': 3254.739, 'duration': 7.343}, {'end': 3266.471, 'text': 'We will also compare quantitative and qualitative risk analysis.', 'start': 3263.029, 'duration': 3.442}, {'end': 3271.015, 'text': 'Finally, we will learn about countermeasure selection and handling risk.', 'start': 3267.212, 'duration': 3.803}], 'summary': 'The training covers risk analysis, including steps, valuation, types, and comparison of quantitative and qualitative analysis, as well as countermeasure selection.', 'duration': 26.361, 'max_score': 3244.654, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/JWqd_qaR81g/pics/JWqd_qaR81g3244654.jpg'}, {'end': 3376.824, 'src': 'embed', 'start': 3344.915, 'weight': 6, 'content': [{'end': 3346.976, 'text': 'Risk analysis mainly has four goals.', 'start': 3344.915, 'duration': 2.061}, {'end': 3351.2, 'text': 'It helps the organization in identifying its assets and their values.', 'start': 3347.777, 'duration': 3.423}, {'end': 3354.783, 'text': 'It helps in identifying the vulnerabilities and threats.', 'start': 3352.101, 'duration': 2.682}, {'end': 3359.367, 'text': 'It helps to measure the possibility and impact of these latent threats.', 'start': 3355.744, 'duration': 3.623}, {'end': 3365.673, 'text': 'It helps in providing an economic balance between the cost of the countermeasure and the impact of the threat.', 'start': 3360.368, 'duration': 5.305}, {'end': 3372.041, 'text': 'For effective risk analysis, an organization needs to form a risk analysis team.', 'start': 3367.179, 'duration': 4.862}, {'end': 3376.824, 'text': 'A risk analysis team consists of individuals from many or all departments.', 'start': 3372.922, 'duration': 3.902}], 'summary': 'Risk analysis aims to identify assets, vulnerabilities, and threats and measure their impact for economic balance.', 'duration': 31.909, 'max_score': 3344.915, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/JWqd_qaR81g/pics/JWqd_qaR81g3344915.jpg'}, {'end': 3573.564, 'src': 'embed', 'start': 3546.653, 'weight': 5, 'content': [{'end': 3549.774, 'text': 'Let us look at the types of risk analysis in the following screen.', 'start': 3546.653, 'duration': 3.121}, {'end': 3556.897, 'text': 'There are two types of approaches to risk analysis, quantitative and qualitative.', 'start': 3551.875, 'duration': 5.022}, {'end': 3566.121, 'text': 'Quantitative analysis uses risk calculations that attempt to predict the level of monetary losses and the percentage of chance for each type of threat.', 'start': 3557.777, 'duration': 8.344}, {'end': 3568.422, 'text': 'Quantitative is more objective.', 'start': 3566.781, 'duration': 1.641}, {'end': 3573.564, 'text': 'Qualitative analysis does not use calculations, but is more situation and scenario based.', 'start': 3569.162, 'duration': 4.402}], 'summary': 'Risk analysis has two approaches: quantitative and qualitative, with quantitative being more objective.', 'duration': 26.911, 'max_score': 3546.653, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/JWqd_qaR81g/pics/JWqd_qaR81g3546653.jpg'}, {'end': 3654.704, 'src': 'embed', 'start': 3604.683, 'weight': 3, 'content': [{'end': 3609.928, 'text': 'These parameters include SLE, EF, ARO, and ALE.', 'start': 3604.683, 'duration': 5.245}, {'end': 3616.313, 'text': 'Single loss expectancy, or SLE, is a dollar amount that is assigned to a single event.', 'start': 3611.029, 'duration': 5.284}, {'end': 3620.957, 'text': "that represents the company's potential loss amount if a specific threat were to take place.", 'start': 3616.313, 'duration': 4.644}, {'end': 3626.983, 'text': "It represents an organization's loss from a single threat and is derived from the following formula.", 'start': 3621.898, 'duration': 5.085}, {'end': 3635.21, 'text': 'Single loss expectancy equals asset value in dollars, multiplied by exposure factor in percentage,', 'start': 3627.783, 'duration': 7.427}, {'end': 3641.535, 'text': 'where exposure factor or EF represents the percentage of loss that a realized threat could have on a certain asset.', 'start': 3635.21, 'duration': 6.325}, {'end': 3647.561, 'text': 'SLE is primarily defined to create the annualized loss expectancy, ALE.', 'start': 3642.498, 'duration': 5.063}, {'end': 3654.704, 'text': 'It is occasionally used by itself to describe a disastrous event for a business impact assessment, BIA.', 'start': 3648.401, 'duration': 6.303}], 'summary': 'Parameters sle, ef, aro, and ale quantify potential loss for risk assessment.', 'duration': 50.021, 'max_score': 3604.683, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/JWqd_qaR81g/pics/JWqd_qaR81g3604683.jpg'}], 'start': 3022.558, 'title': 'Information risk management and its process', 'summary': 'Discusses information risk management (irm) and its process, covering risk identification, assessment, and mitigation to maintain an acceptable level. it emphasizes quantitative risk analysis and its parameters, providing a comprehensive understanding of irm.', 'chapters': [{'end': 3074.118, 'start': 3022.558, 'title': 'Information risk management', 'summary': 'Delves into information risk management (irm), which involves identifying, assessing, and minimizing risks to maintain an acceptable level, setting the foundation for effective management decision making.', 'duration': 51.56, 'highlights': ['Information Risk Management involves identifying, assessing, and minimizing risks to maintain an acceptable level, providing the foundation for effective management decision making.', 'The risk management process includes establishing the context, identifying the risks, analyzing the risks, evaluating the risks, and treating the risks.', 'IRM focuses on finding the level of risk associated with an activity or asset and how to handle it.']}, {'end': 3747.87, 'start': 3075.258, 'title': 'Information risk management process', 'summary': 'Covers the information risk management process, including risk analysis, security definitions, risk analysis goals, risk analysis team, steps for risk analysis, information and assets valuation, and types of risk analysis, with a focus on quantitative risk analysis and its parameters.', 'duration': 672.612, 'highlights': ['The chapter covers the information risk management process, including risk analysis, security definitions, risk analysis goals, risk analysis team, steps for risk analysis, information and assets valuation, and types of risk analysis, with a focus on quantitative risk analysis and its parameters. This highlight covers the key topics of the transcript, providing an overview of the information risk management process, risk analysis, and its various components.', 'Annualized loss expectancy, or ALE, is the annually expected financial loss to an organization from a threat. Provides a specific definition and explanation of annualized loss expectancy (ALE) and its significance in assessing financial loss from threats.', "Single loss expectancy, or SLE, is a dollar amount that is assigned to a single event, representing the company's potential loss amount if a specific threat were to take place. Explains the concept of single loss expectancy (SLE) and its role in quantifying potential loss from specific threats.", 'Quantitative analysis uses risk calculations that attempt to predict the level of monetary losses and the percentage of chance for each type of threat. Describes the approach of quantitative risk analysis, emphasizing its focus on predicting monetary losses and the probability of threats.', 'The goals of risk analysis mainly include identifying assets and their values, vulnerabilities and threats, measuring the possibility and impact of threats, and providing an economic balance between the cost of countermeasures and the impact of the threat. Outlines the key goals of risk analysis, encompassing asset identification, vulnerability assessment, threat measurement, and cost-effectiveness of countermeasures.']}], 'duration': 725.312, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/JWqd_qaR81g/pics/JWqd_qaR81g3022558.jpg', 'highlights': ['IRM involves identifying, assessing, and minimizing risks to maintain an acceptable level, providing the foundation for effective management decision making.', 'The risk management process includes establishing the context, identifying the risks, analyzing the risks, evaluating the risks, and treating the risks.', 'The chapter covers the information risk management process, including risk analysis, security definitions, risk analysis goals, risk analysis team, steps for risk analysis, information and assets valuation, and types of risk analysis, with a focus on quantitative risk analysis and its parameters.', 'Annualized loss expectancy, or ALE, is the annually expected financial loss to an organization from a threat.', "Single loss expectancy, or SLE, is a dollar amount that is assigned to a single event, representing the company's potential loss amount if a specific threat were to take place.", 'Quantitative analysis uses risk calculations that attempt to predict the level of monetary losses and the percentage of chance for each type of threat.', 'The goals of risk analysis mainly include identifying assets and their values, vulnerabilities and threats, measuring the possibility and impact of threats, and providing an economic balance between the cost of countermeasures and the impact of the threat.']}, {'end': 4449.905, 'segs': [{'end': 3778.462, 'src': 'embed', 'start': 3747.87, 'weight': 0, 'content': [{'end': 3751.093, 'text': 'Let us learn about qualitative risk analysis in this screen.', 'start': 3747.87, 'duration': 3.223}, {'end': 3758.138, 'text': 'Qualitative analysis techniques include judgment, best practices, intuition, and experience.', 'start': 3752.033, 'duration': 6.105}, {'end': 3770.168, 'text': 'Examples of qualitative techniques to gather data are Delphi, brainstorming, storyboarding, focus groups, surveys, questionnaires, checklists,', 'start': 3759.379, 'duration': 10.789}, {'end': 3771.89, 'text': 'one-on-one meetings and interviews.', 'start': 3770.168, 'duration': 1.722}, {'end': 3778.462, 'text': 'The risk analysis team will determine the best technique for the threats that need to be assessed,', 'start': 3773.035, 'duration': 5.427}], 'summary': 'Qualitative risk analysis uses techniques like delphi, brainstorming, and surveys to gather data for threat assessment.', 'duration': 30.592, 'max_score': 3747.87, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/JWqd_qaR81g/pics/JWqd_qaR81g3747870.jpg'}, {'end': 3835.897, 'src': 'embed', 'start': 3791.659, 'weight': 1, 'content': [{'end': 3798.58, 'text': 'The threat probability and the impact are given different ratings like high, medium, and low based on some assumptions.', 'start': 3791.659, 'duration': 6.921}, {'end': 3806.462, 'text': 'For example, although the probability of fire is low, when it occurs, it has a high impact on the organization.', 'start': 3799.32, 'duration': 7.142}, {'end': 3809.802, 'text': 'Countermeasure for this threat is a fire extinguisher.', 'start': 3807.362, 'duration': 2.44}, {'end': 3812.383, 'text': 'Some more examples are given in the table.', 'start': 3810.663, 'duration': 1.72}, {'end': 3817.967, 'text': 'In the following screen, let us look at some examples of qualitative analysis.', 'start': 3813.464, 'duration': 4.503}, {'end': 3826.952, 'text': 'Delphi technique is the most important qualitative technique from the point of view of the exam.', 'start': 3821.829, 'duration': 5.123}, {'end': 3835.897, 'text': 'It is a group decision method used to ensure that each member gives an honest opinion of what he or she thinks the result of a particular threat will be.', 'start': 3827.832, 'duration': 8.065}], 'summary': 'Threats are rated by probability and impact, with examples like fire, countered by a fire extinguisher. qualitative analysis includes the delphi technique.', 'duration': 44.238, 'max_score': 3791.659, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/JWqd_qaR81g/pics/JWqd_qaR81g3791659.jpg'}, {'end': 3909.652, 'src': 'embed', 'start': 3881.125, 'weight': 3, 'content': [{'end': 3885.249, 'text': 'The ideas are submitted to a group of decision makers for consideration and action.', 'start': 3881.125, 'duration': 4.124}, {'end': 3896.949, 'text': 'The risk analysis team management, risk analysis tools and culture of the company will dictate which approach, whether quantitative or qualitative,', 'start': 3887.967, 'duration': 8.982}, {'end': 3898.35, 'text': 'risk analysis will be used.', 'start': 3896.949, 'duration': 1.401}, {'end': 3905.711, 'text': "The goal of both approaches is to estimate a company's real risk and to rank the severity of the threats,", 'start': 3899.15, 'duration': 6.561}, {'end': 3909.652, 'text': 'so the correct countermeasures can be put into place within a practical budget.', 'start': 3905.711, 'duration': 3.941}], 'summary': 'Ideas are submitted for risk analysis to estimate real risk and rank severity for practical countermeasures.', 'duration': 28.527, 'max_score': 3881.125, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/JWqd_qaR81g/pics/JWqd_qaR81g3881125.jpg'}, {'end': 3963.555, 'src': 'embed', 'start': 3929.015, 'weight': 4, 'content': [{'end': 3933.5, 'text': 'This requires another type of analysis, called a cost-benefit analysis.', 'start': 3929.015, 'duration': 4.485}, {'end': 3942.356, 'text': 'A commonly used cost-benefit calculation for a given safeguard is ALE before implementing safeguard minus.', 'start': 3934.392, 'duration': 7.964}, {'end': 3945.797, 'text': 'ALE after implementing safeguard minus.', 'start': 3942.356, 'duration': 3.441}, {'end': 3949.759, 'text': 'annual cost of safeguard equals value of safeguard to the company.', 'start': 3945.797, 'duration': 3.962}, {'end': 3951.749, 'text': 'For example,', 'start': 3950.708, 'duration': 1.041}, {'end': 3963.555, 'text': 'if the ALE of the threat of a fire bringing down a web server is $10,000 prior to implementing the suggested safeguard and the ALE is $2,000 after implementing the safeguard,', 'start': 3951.749, 'duration': 11.806}], 'summary': 'Cost-benefit analysis calculates $8,000 annual value of safeguard.', 'duration': 34.54, 'max_score': 3929.015, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/JWqd_qaR81g/pics/JWqd_qaR81g3929015.jpg'}, {'end': 4131.305, 'src': 'embed', 'start': 4103.584, 'weight': 5, 'content': [{'end': 4108.345, 'text': 'The following are the conceptual formulas to calculate total risk and residual risk.', 'start': 4103.584, 'duration': 4.761}, {'end': 4113.993, 'text': 'Total risk equals threats multiplied by vulnerabilities multiplied by asset value.', 'start': 4109.229, 'duration': 4.764}, {'end': 4117.415, 'text': 'Residual risk can be derived using two formulas.', 'start': 4114.693, 'duration': 2.722}, {'end': 4126.202, 'text': 'One is residual risk equals total risk multiplied by control gaps, where a control gap is the protection that a countermeasure cannot provide.', 'start': 4118.216, 'duration': 7.986}, {'end': 4131.305, 'text': 'The second formula is residual risk equals total risk minus countermeasures.', 'start': 4126.822, 'duration': 4.483}], 'summary': 'Formulas for total risk and residual risk calculation provided.', 'duration': 27.721, 'max_score': 4103.584, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/JWqd_qaR81g/pics/JWqd_qaR81g4103584.jpg'}], 'start': 3747.87, 'title': 'Qualitative risk analysis', 'summary': 'Discusses qualitative risk analysis techniques like delphi, brainstorming, and surveys to assess threats based on probability and impact, and determine corresponding countermeasures. it also emphasizes the importance of risk management, including cost-benefit analysis and residual risk calculation, for managing personnel security and best work practices.', 'chapters': [{'end': 3812.383, 'start': 3747.87, 'title': 'Qualitative risk analysis', 'summary': 'Discusses qualitative risk analysis techniques, such as delphi, brainstorming, and surveys, to assess threats based on probability and impact, and determine corresponding countermeasures.', 'duration': 64.513, 'highlights': ['The qualitative analysis techniques for risk assessment include Delphi, brainstorming, storyboarding, focus groups, surveys, questionnaires, checklists, one-on-one meetings and interviews. Qualitative analysis techniques for risk assessment are Delphi, brainstorming, and surveys, which provide various methods to gather data for threat assessment.', 'The threat probability and impact are rated as high, medium, or low based on certain assumptions. Threat probability and impact are categorized as high, medium, or low, allowing for a structured assessment of the severity of the threats.', 'Example of a threat with low probability but high impact is fire, for which a fire extinguisher is a countermeasure. The example of a low probability, high impact threat is fire, and its countermeasure is a fire extinguisher, illustrating the importance of addressing severe threats regardless of their probability.']}, {'end': 4449.905, 'start': 3813.464, 'title': 'Qualitative analysis and risk management', 'summary': 'Discusses qualitative analysis techniques, such as the delphi method, and the importance of risk management, including cost-benefit analysis and residual risk calculation, with an emphasis on managing personnel security and best work practices.', 'duration': 636.441, 'highlights': ['The Delphi technique is the most important qualitative technique, with two methods: consensus Delphi and modified Delphi method. The Delphi technique is highlighted as the most important qualitative analysis method, with a focus on consensus Delphi and modified Delphi methods.', "The goal of both qualitative and quantitative risk analysis is to estimate a company's real risk and rank the severity of threats for implementing correct countermeasures within a practical budget. The goal of both qualitative and quantitative risk analysis is to estimate real risk and prioritize threats for implementing cost-effective countermeasures.", 'The value of a safeguard to the company is calculated using the cost-benefit analysis, considering factors like ALE, TCO, and ROI. The value of a safeguard is determined through cost-benefit analysis, considering factors such as ALE, TCO, and ROI.', 'Residual risk is calculated using formulas, including total risk multiplied by control gaps and total risk minus countermeasures, with the importance of managing personnel security and best work practices emphasized. The calculation of residual risk involves formulas based on total risk and control gaps, as well as the significance of managing personnel security and best work practices.']}], 'duration': 702.035, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/JWqd_qaR81g/pics/JWqd_qaR81g3747870.jpg', 'highlights': ['The qualitative analysis techniques for risk assessment include Delphi, brainstorming, storyboarding, focus groups, surveys, questionnaires, checklists, one-on-one meetings and interviews.', 'The threat probability and impact are rated as high, medium, or low based on certain assumptions.', 'The Delphi technique is the most important qualitative technique, with two methods: consensus Delphi and modified Delphi method.', "The goal of both qualitative and quantitative risk analysis is to estimate a company's real risk and rank the severity of threats for implementing correct countermeasures within a practical budget.", 'The value of a safeguard to the company is calculated using the cost-benefit analysis, considering factors like ALE, TCO, and ROI.', 'Residual risk is calculated using formulas, including total risk multiplied by control gaps and total risk minus countermeasures, with the importance of managing personnel security and best work practices emphasized.']}, {'end': 4864.168, 'segs': [{'end': 4522.063, 'src': 'embed', 'start': 4490.782, 'weight': 0, 'content': [{'end': 4495.364, 'text': 'Security awareness training is an essential activity which should be carried out by the organization.', 'start': 4490.782, 'duration': 4.582}, {'end': 4506.708, 'text': 'The importance of security awareness training includes Security awareness training helps the organization understand the importance of security to the company as a whole and to each individual.', 'start': 4496.164, 'duration': 10.544}, {'end': 4515.732, 'text': "It helps users understand the expected responsibilities and acceptable behaviors and non-compliance consequences from an individual's perspective.", 'start': 4507.889, 'duration': 7.843}, {'end': 4522.063, 'text': "The security awareness training is performed to modify employees' behavior and attitude towards security.", 'start': 4516.618, 'duration': 5.445}], 'summary': "Security awareness training is crucial for modifying employees' behavior and attitude towards security.", 'duration': 31.281, 'max_score': 4490.782, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/JWqd_qaR81g/pics/JWqd_qaR81g4490782.jpg'}, {'end': 4614.729, 'src': 'embed', 'start': 4590.128, 'weight': 2, 'content': [{'end': 4595.611, 'text': 'training also helps to provide guidance surrounding the performance of particular security or risk management functions.', 'start': 4590.128, 'duration': 5.483}, {'end': 4599.885, 'text': 'It provides information on the security and risk management functions.', 'start': 4596.624, 'duration': 3.261}, {'end': 4602.446, 'text': 'Let us discuss education.', 'start': 4601.185, 'duration': 1.261}, {'end': 4610.908, 'text': 'The main objective of education is to integrate all the security skills, as well as competencies, into a common body of knowledge,', 'start': 4603.586, 'duration': 7.322}, {'end': 4614.729, 'text': 'adding a multidisciplinary study of concepts, issues and principles.', 'start': 4610.908, 'duration': 3.821}], 'summary': 'Training and education integrate security skills and competencies into a common body of knowledge.', 'duration': 24.601, 'max_score': 4590.128, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/JWqd_qaR81g/pics/JWqd_qaR81g4590128.jpg'}, {'end': 4656.093, 'src': 'embed', 'start': 4630.448, 'weight': 6, 'content': [{'end': 4638.331, 'text': 'For an organization to achieve the desired results of its security program, it must communicate the what, how, and why of security to its employees.', 'start': 4630.448, 'duration': 7.883}, {'end': 4643.514, 'text': 'The table represents the steps to develop and implement a good security awareness training program.', 'start': 4638.992, 'duration': 4.522}, {'end': 4656.093, 'text': 'The steps to develop and implement a good security awareness training program are identify training requirements within the organization,', 'start': 4644.864, 'duration': 11.229}], 'summary': 'Effective security program requires clear communication and structured training approach.', 'duration': 25.645, 'max_score': 4630.448, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/JWqd_qaR81g/pics/JWqd_qaR81g4630448.jpg'}, {'end': 4765.299, 'src': 'embed', 'start': 4704.015, 'weight': 3, 'content': [{'end': 4707.498, 'text': 'Security program is an inevitable function of every organization.', 'start': 4704.015, 'duration': 3.483}, {'end': 4710.561, 'text': 'Hence, managing the security function is vital.', 'start': 4707.898, 'duration': 2.663}, {'end': 4714.183, 'text': 'The importance of managing security function is given below.', 'start': 4711.341, 'duration': 2.842}, {'end': 4720.155, 'text': 'Security function helps in the evaluation of the effectiveness of the security program,', 'start': 4715.174, 'duration': 4.981}, {'end': 4724.416, 'text': 'identify deficiencies and prioritize the things that require improvement.', 'start': 4720.155, 'duration': 4.261}, {'end': 4730.158, 'text': 'Through proper collection, analysis and reporting of the necessary information.', 'start': 4725.436, 'duration': 4.722}, {'end': 4735.559, 'text': 'managing security function facilitates decision making, performance improvement and accountability.', 'start': 4730.158, 'duration': 5.401}, {'end': 4743.861, 'text': 'Well organized management of the security function of an organization will result in the effective and efficient implementation of security controls.', 'start': 4736.439, 'duration': 7.422}, {'end': 4749.591, 'text': 'Efficient management of the security function will ensure that the assets are well protected.', 'start': 4745.123, 'duration': 4.468}, {'end': 4756.683, 'text': 'Managing the security function ensures proper allocation of budget for security as per the business requirement.', 'start': 4750.833, 'duration': 5.85}, {'end': 4765.299, 'text': 'Kevin Butler, Security Administrator, received a mail from Elijah Wyatt, Head IT Security Nutri Worldwide,', 'start': 4758.254, 'duration': 7.045}], 'summary': 'Effective security function management ensures evaluation, improvement, and accountability for organizations.', 'duration': 61.284, 'max_score': 4704.015, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/JWqd_qaR81g/pics/JWqd_qaR81g4704015.jpg'}, {'end': 4812.192, 'src': 'embed', 'start': 4785.759, 'weight': 1, 'content': [{'end': 4790.781, 'text': 'Proper budget and resources are allocated to help maintain the security posture of the organization.', 'start': 4785.759, 'duration': 5.022}, {'end': 4795.524, 'text': 'What is the most important requirement for effectively managing the security function?', 'start': 4791.702, 'duration': 3.822}, {'end': 4801.847, 'text': 'The support of senior management is the most important requirement for effectively managing the security function.', 'start': 4796.564, 'duration': 5.283}, {'end': 4805.729, 'text': 'Let us summarize the topics covered in this domain.', 'start': 4803.268, 'duration': 2.461}, {'end': 4812.192, 'text': "The organization's security program should be aligned with the organization's goals, mission and objectives.", 'start': 4806.989, 'duration': 5.203}], 'summary': "Senior management support is crucial for effective security management, with alignment to organization's goals.", 'duration': 26.433, 'max_score': 4785.759, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/JWqd_qaR81g/pics/JWqd_qaR81g4785759.jpg'}], 'start': 4450.965, 'title': 'Security measures', 'summary': 'Emphasizes the significance of security awareness training in enhancing overall security and modifying employee behavior. it also discusses methods of security training and the importance of managing security functions, including its impact, effectiveness evaluation, decision-making facilitation, and resource allocation, while stressing the need for senior management support.', 'chapters': [{'end': 4680.959, 'start': 4450.965, 'title': 'Security awareness training', 'summary': "Emphasizes the importance of security awareness training, including its role in improving overall security, modifying employees' behavior, and implementing controls. it also discusses the methods of security training, such as awareness, training, and education, and the steps to develop and implement a good security awareness training program.", 'duration': 229.994, 'highlights': ["Security awareness training is essential for improving overall security of the organization, modifying employees' behavior and attitude towards security, and helping the organization understand the importance of security. Security awareness training brings improvement in the overall security of the organization and helps modify employees' behavior and attitude towards security.", 'Training aims to produce relevant and needed security skills and competency and provides guidance surrounding the performance of particular security or risk management functions. Training aims to produce relevant security skills and provides guidance on security or risk management functions.', 'Education aims to integrate all security skills and competencies into a common body of knowledge, which can aid the organization in fulfilling security program objectives. Education integrates security skills and competencies into a common body of knowledge, aiding the organization in fulfilling security program objectives.', 'The steps to develop and implement a good security awareness training program include identifying training requirements, establishing training objectives, setting training program goals, and effectively relaying information security requirements to motivate personnel for compliance. The steps include identifying training requirements, establishing objectives, setting program goals, and effectively relaying information security requirements to motivate compliance.']}, {'end': 4864.168, 'start': 4681.899, 'title': 'Managing security function', 'summary': 'Discusses the importance of managing security function, including its impact, effectiveness evaluation, decision making facilitation, and resource allocation, emphasizing the need for senior management support.', 'duration': 182.269, 'highlights': ['The support of senior management is the most important requirement for effectively managing the security function.', 'Efficient management of the security function will ensure that the assets are well protected.', 'Proper budget and resources are allocated to help maintain the security posture of the organization.', 'Security function helps in the evaluation of the effectiveness of the security program, identify deficiencies and prioritize the things that require improvement.', 'Through proper collection, analysis and reporting of the necessary information, managing security function facilitates decision making, performance improvement and accountability.']}], 'duration': 413.203, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/JWqd_qaR81g/pics/JWqd_qaR81g4450965.jpg', 'highlights': ["Security awareness training is essential for improving overall security of the organization, modifying employees' behavior and attitude towards security, and helping the organization understand the importance of security.", 'The support of senior management is the most important requirement for effectively managing the security function.', 'Training aims to produce relevant and needed security skills and competency and provides guidance surrounding the performance of particular security or risk management functions.', 'Efficient management of the security function will ensure that the assets are well protected.', 'Education aims to integrate all security skills and competencies into a common body of knowledge, which can aid the organization in fulfilling security program objectives.', 'Proper budget and resources are allocated to help maintain the security posture of the organization.', 'The steps to develop and implement a good security awareness training program include identifying training requirements, establishing training objectives, setting training program goals, and effectively relaying information security requirements to motivate personnel for compliance.', 'Security function helps in the evaluation of the effectiveness of the security program, identify deficiencies and prioritize the things that require improvement.', 'Through proper collection, analysis and reporting of the necessary information, managing security function facilitates decision making, performance improvement and accountability.']}], 'highlights': ['CISSP certification leads to a 25% average increase in earnings for certified information security professionals.', 'The CISSP Common Body of Knowledge (CBK) consists of 10 domains covering various information security topics within the CBK, updated annually, reflecting the up-to-date best practices worldwide in the domains.', 'The CISSP certification covers subject matter in a variety of information security topics and is a globally recognized standard of achievement, governed by the International Information Systems Security Certification Consortium, ISC Square.', 'The CISSP curriculum includes 10 domains: Information Security Governance and Risk Management, Access Control, Telecommunications and Network Security, Security Architecture and Design, Physical or Environmental Security, Software Development Security, Cryptography, Business Continuity and Disaster Recovery Planning, Legal Regulations, Investigations, and Compliance, and Operations Security.', "CISSP enhances the organization's credibility and goodwill when collaborating with vendors and contractors.", 'CISSP certification validates the commitment and years of experience gained by professionals in the industry.', "Information Security Governance and Risk Management involves identifying an organization's information assets and ensuring confidentiality, integrity, and availability.", 'The risk management process includes establishing the context, identifying the risks, analyzing the risks, evaluating the risks, and treating the risks.', 'The chapter covers the information risk management process, including risk analysis, security definitions, risk analysis goals, risk analysis team, steps for risk analysis, information and assets valuation, and types of risk analysis, with a focus on quantitative risk analysis and its parameters.', 'The qualitative analysis techniques for risk assessment include Delphi, brainstorming, storyboarding, focus groups, surveys, questionnaires, checklists, one-on-one meetings and interviews.', "Security awareness training is essential for improving overall security of the organization, modifying employees' behavior and attitude towards security, and helping the organization understand the importance of security."]}