WEBVTT 00:00:01.270 --> 00:00:05.250 Let's review the important topics we've looked at in the Security 00:00:05.250 --> 00:00:08.890 Operations for the Certified in Cybersecurity course. 00:00:10.040 --> 00:00:16.400 We broke this course into four major sections, data security, security 00:00:16.400 --> 00:00:22.290 operations and administration, security awareness training, and we finished off 00:00:22.290 --> 00:00:26.120 with a review of some of the exam tips and techniques. 00:00:27.300 --> 00:00:31.470 When we looked at data security, we saw that it was important that 00:00:31.470 --> 00:00:36.280 we protect our data through things like ownership, classification, 00:00:36.280 --> 00:00:41.400 labels, and having a retention policy, which ended with, of 00:00:41.400 --> 00:00:43.380 course, secure destruction. 00:00:44.750 --> 00:00:46.910 When we looked at cryptography, we said it was 00:00:46.910 --> 00:00:49.550 important to understand the terminology, 00:00:49.890 --> 00:00:55.320 plaintext and clear text, to encrypt the actual crypto system and 00:00:55.320 --> 00:01:00.390 the algorithm or mathematical formula that it used, and the key, 00:01:00.390 --> 00:01:02.560 also known as the crypto variable. 00:01:03.030 --> 00:01:06.590 We looked at the output of the crypto system being 00:01:06.600 --> 00:01:09.210 cipher text or the cryptogram. 00:01:10.420 --> 00:01:16.010 We can transmit or store our data in an insecure area, but when 00:01:16.010 --> 00:01:22.020 it's received, it needs to be then decrypted so that the receiver 00:01:22.030 --> 00:01:24.890 will have the actual message itself. 00:01:25.710 --> 00:01:30.510 We said there were two types of algorithms, symmetric that used the same 00:01:30.510 --> 00:01:33.890 key in both the encryption and decryption process. 00:01:34.260 --> 00:01:36.900 It was really good for confidentiality, 00:01:37.180 --> 00:01:41.520 relatively fast, and good for encrypting streaming content. 00:01:42.140 --> 00:01:45.740 But we also looked at asymmetric algorithms, which 00:01:45.740 --> 00:01:47.960 are based on the use of a key pair, 00:01:48.050 --> 00:01:52.420 a private key, and, from that, a public key that was 00:01:52.420 --> 00:01:54.950 computed and could be shared with anybody. 00:01:56.560 --> 00:02:01.800 We said that the public key was the result of a one‑way function. 00:02:02.060 --> 00:02:04.940 It's something that was computed from the private 00:02:04.940 --> 00:02:07.450 key, but could not be reversed. 00:02:08.940 --> 00:02:12.970 We also looked at message authentication codes that were used to 00:02:12.970 --> 00:02:17.130 verify integrity. And when we look at things like hashing, for 00:02:17.130 --> 00:02:21.320 example, we are looking at integrity of the message that we can 00:02:21.320 --> 00:02:23.360 store it or transmit it. 00:02:24.590 --> 00:02:28.440 We looked at security monitoring so we're aware of changes in 00:02:28.440 --> 00:02:31.400 our risk level, which could be affected by things like 00:02:31.410 --> 00:02:33.300 changes in the value of the asset. 00:02:33.590 --> 00:02:37.370 Things that used to be important might not be as important anymore. 00:02:37.380 --> 00:02:40.620 And other newly emerging things could be the things 00:02:40.620 --> 00:02:42.320 that really need to be protected. 00:02:43.200 --> 00:02:48.380 There are changes in threats and newly discovered vulnerabilities, as well as 00:02:48.380 --> 00:02:54.760 sometimes a focus of attacks by hacking and advanced persistent threat groups on 00:02:54.760 --> 00:03:01.390 certain industry sectors or types of systems. In security operations and 00:03:01.390 --> 00:03:07.340 administration, we looked how important it was to maintain proper change control 00:03:07.350 --> 00:03:14.220 and configuration management and have policies that guided how people could do 00:03:14.220 --> 00:03:16.360 their jobs on a daily basis. 00:03:17.340 --> 00:03:22.570 We looked at security awareness training, it's often called the best security 00:03:22.570 --> 00:03:28.000 control we have, and how we address things in our training such as social 00:03:28.000 --> 00:03:34.430 engineering and password protection, practical useful knowledge that all the 00:03:34.430 --> 00:03:36.820 people in our organization should have. 00:03:38.420 --> 00:03:43.150 Then we looked at the exam. We reviewed some tips and techniques to help 00:03:43.150 --> 00:03:47.030 you pass, and that was looking at the exam outline, 00:03:47.250 --> 00:03:50.900 doing sample questions, and having a study plan. 00:03:51.880 --> 00:03:57.770 Congratulations. You now have completed all of the courses in 00:03:57.770 --> 00:04:01.470 this certification journey. But it's good to review and 00:04:01.470 --> 00:04:03.970 understand all the topics we've covered. 00:04:04.310 --> 00:04:08.690 Don't just memorize, but understand why is this important, what are they 00:04:08.690 --> 00:04:13.610 trying to get across, what's the intent here, not just memorization of 00:04:13.610 --> 00:04:19.820 definitions. Do the sample questions you have in the study guide. And now 00:04:19.820 --> 00:04:25.580 that you've completed the last course, go back and review. But be confident, 00:04:26.050 --> 00:04:31.050 share your experiences, and be a force for change in your world.