SSCP Cert Prep: 3 Risk Identification, Monitoring, and Analysis

SSCP Cert Prep: 3 Risk Identification, Monitoring, and Analysis

English | MP4 | AVC 1280×720 | AAC 48KHz 2ch | 2h 10m | 330 MB

Jump start your career in IT by earning the (ISC)2 Systems Security Certified Practitioner (SSCP) certification. In this installment of the SSCP Cert Prep series, instructor Mike Chapple covers the objectives of Risk Identification, Monitoring, and Analysis, the third domain of the SSCP exam. Topics include quantitative risk assessment, risk visibility and reporting, vulnerability assessment tools, and security assessment techniques. In addition, learn about security information and event management (SIEM) systems, visualization and reporting, software testing, and more.

Topics include:

  • Risk management actions
  • Ongoing risk management
  • Risk management frameworks
  • Scanning for threats and vulnerabilities
  • Advanced vulnerability scanning
  • Monitoring log files
  • Code review and code tests
  • Test coverage analysis
Table of Contents

Introduction
1 Welcome

Risk Management
2 Risk management
3 Quantitative risk assessment
4 Risk management actions
5 Ongoing risk management
6 Risk management frameworks
7 Risk visibility and reporting

Threat Modeling
8 Identifying threats
9 Understanding attacks
10 Technology and process remediation

Threat Assessment
11 Security assessment tools
12 Scan for threats and vulnerabilities
13 Assess threats
14 Threat assessment techniques
15 Penetration testing
16 Advanced vulnerability scanning
17 Common Vulnerability Scoring System CVSS
18 Interpreting CVSS scores
19 Analyzing scan reports

Remediating Vulnerabilites
20 Report scan results
21 Prioritize remediation
22 Create a remediation workflow
23 Barriers to vulnerability remediation

Security Monitoring
24 Monitor log files
25 Security information and event management
26 Continuous security monitoring
27 Visualization and reporting
28 Compliance monitoring
29 Legal and ethical issues in monitoring

Software Testing
30 Code review
31 Code tests
32 Fuzz testing
33 Interface testing
34 Misuse case testing
35 Test coverage analysis

Conclusion
36 What s next