馃攳
Security Regulations and Standards - SY0-601 CompTIA Security+ : 5.2 - YouTube
Channel: unknown
[2]
along with all the other tasks
[3]
associated with an it security
[5]
professional
[6]
you will also be asked to follow certain
[8]
compliance guidelines
[10]
these are guidelines based on a series
[12]
of regulations laws or policies in your
[14]
particular geography
[16]
or for your particular line of work this
[19]
can also cover many aspects of an
[21]
organization's business
[22]
you may find that there are regulations
[24]
regarding the type of data that you save
[27]
other regulations may be based around
[29]
the finances of the organization
[31]
and yet others are based around keeping
[33]
credit card transactions private
[35]
as you can see these are varied in their
[37]
scope and it will be up to you
[39]
as the security team to make sure that
[41]
the organization is following
[43]
all of these compliance regulations one
[45]
of the reasons you're going to track
[47]
this so closely
[48]
is that there could be significant
[50]
penalties associated
[52]
with not following these regulations for
[55]
example your organization can be fined
[57]
and in some cases those fines
[59]
can go into the millions of dollars
[61]
there could be incarceration or jail
[63]
time
[64]
associated with not following these
[65]
regulations and
[67]
worst case for you certainly is the loss
[70]
of employment
[71]
if you're responsible for any of this
[73]
compliance in your organization it's
[75]
important to understand the scope
[76]
it may be based on your local geography
[79]
there may be national laws
[80]
it may be based on a particular
[82]
territory your organization works in
[84]
or maybe based on a single city or state
[88]
some of these rules and regulations are
[89]
specific to a single country
[91]
and others may be international laws
[93]
that everyone in the world must follow
[97]
as you've probably seen your private
[99]
information is available on many
[100]
different websites across the internet
[103]
to address this the european union
[105]
created a policy called
[107]
the gdpr this is the general data
[109]
protection regulation
[111]
the gdpr is a set of rules and
[113]
regulations that allows someone in the
[115]
eu to control what happens with their
[117]
private information
[118]
this private information could be a name
[120]
and address it might be your phone
[122]
number
[123]
it could be related to medical
[124]
information or anything else that would
[126]
be specific to you
[128]
this regulation allows you to understand
[131]
where your information is stored
[133]
and it prevents this information from
[135]
being exported outside of the european
[137]
union
[138]
it also puts the control of this data
[140]
back into your hands
[142]
you can contact any of the websites in
[144]
the eu
[145]
ask to have your information removed and
[147]
they will remove it because that's part
[149]
of the requirements of the gdpr
[152]
another requirement of the gdpr is that
[154]
every website provides detailed
[156]
information about their privacy policy
[159]
so you should be able to visit any of
[160]
these websites look at their privacy
[163]
policy
[163]
and understand exactly what information
[165]
they're gathering and what they're doing
[167]
with that information
[169]
if you're part of an organization that
[171]
collects and stores credit card details
[173]
then you may be subject to the pci dss
[177]
this is the payment card industry data
[179]
security standard
[180]
and the focus of these rules is to
[182]
provide protection for
[184]
credit card transactions pci dss is a
[187]
series of guidelines that's administered
[189]
by the payment card
[190]
industry this is not a national set of
[193]
laws or an
[194]
international series of regulations it's
[196]
instead managed by these private
[198]
organizations
[199]
and there are series of objectives that
[201]
these rules are based on the first is
[203]
that
[203]
you need to be able to build and
[205]
maintain a secure network and systems
[207]
if someone is sending credit card
[208]
information we want to be sure that
[210]
nobody can look into your network or
[212]
your systems
[213]
and be able to see that credit card
[215]
detail the card holder data as part of
[217]
that transaction needs to be protected
[220]
and there needs to be some type of
[221]
management of vulnerabilities so that
[223]
all of your systems are always
[225]
up to date and always patched we also
[227]
want to manage who would have access to
[229]
this credit card information
[231]
so every organization that stores credit
[233]
cards also needs to have
[234]
a strong access control measure in place
[237]
to be sure that all of these policies
[239]
are in place there should be ongoing
[241]
testing
[241]
and we want to be sure there are
[243]
existing security policies to address
[245]
all of these controls around credit card
[248]
numbers
[248]
to be sure that all of these controls
[250]
are in place and working there should be
[252]
periodic audits and tests
[254]
and we need to be sure that our existing
[256]
security policies
[257]
include all of these controls for credit
[259]
card information
[272]
you
Most Recent Videos:
You can go back to the homepage right here: Homepage