WEBVTT

1
00:00:00.000 --> 00:00:01.180
foreign [Music]

2
00:00:20.340 --> 00:00:32.220
Okay, so welcome back and for this next
session. We're talking about security

3
00:00:32.220 --> 00:00:38.760
policies and standards and this is part one. 
There are a lot of questions in this topic area

4
00:00:40.200 --> 00:00:49.620
and so we're going to go ahead and jump in
here and get started. Okay, so the first question
 
5 1:01.140
involves CSP access. The question reads: You
have been asked to enable corporate role-based

6
00:01:01.140 --> 00:01:09.540
security and client antivirus validation
for access to your cloud systems provider.

7
00:01:10.500 --> 00:01:20.640
Which security service should you use to
accomplish this? Okay, who wants to go first?

8
00:01:25.020 --> 00:01:32.580
This is a guess but would it be the
second one? Client encryption? Yeah, so, 

9
00:01:33.180 --> 00:01:40.380
okay so I would then ask you what
do you think that has to do with

10
00:01:41.040 --> 00:01:45.780
corporate role-based security
and anti-virus validation?

11
00:01:48.900 --> 00:01:58.980
Whatever you're thinking. I was
just thinking it was encryption so it would

12
00:01:58.980 --> 00:02:07.920
protect the stuff but the client's stuff but, um, I'm
not sure if that answer now; I don't know. That's

13
00:02:07.920 --> 00:02:17.700
okay; that's why we're here. So the second
thing I would ask you to consider is as you look

14
00:02:17.700 --> 00:02:27.180
at the answer choices - DDoS mitigation, client
encryption, Cloud access security broker and TPM - 

15
00:02:28.620 --> 00:02:34.920
there are a couple of things to consider
with these choices: The first one is the usual

16
00:02:36.300 --> 00:02:45.240
acronyms - acronyms everywhere - so, first thing then is what is TPM does

17
00:02:45.240 --> 00:02:54.480
anyone know what that is or what it stands
for? TPM is a Trusted Platform Module.

18
00:02:55.140 --> 00:03:01.200
It's basically a piece of
hardware embedded in a host computer,

19
00:03:03.480 --> 00:03:13.620
so it does enable encryption
and security to a point.

20
00:03:15.720 --> 00:03:24.900
But we are being asked about a security
service, okay, now you can kind of look at TPM

21
00:03:24.900 --> 00:03:33.060
and go, "Yeah that provides a service, kind of, but not in the context of this question."

22
00:03:34.020 --> 00:03:46.560
So, I would say TPM is the answer that is most
incorrect or at least one of them, to me. 

23
00:03:48.600 --> 00:03:52.560
What are these other answers, which of these other answers

24
00:03:54.780 --> 00:03:58.800
is a security service or is not a security service?

25
00:04:00.900 --> 00:04:05.700
Of the first three that are left which
one do you think is not a security service?

26
00:04:08.280 --> 00:04:10.860
Would it be number two,

27
00:04:13.020 --> 00:04:20.700
client encryption? I mean,
I'm going to say that client encryption,

28
00:04:20.700 --> 00:04:26.160
to my thinking here, is the misdirector
because it kind of could be a service.

29
00:04:27.780 --> 00:04:33.540
But DDoS? First of all, what
is DDoS? Anybody know what that is?

30
00:04:36.240 --> 00:04:47.280
Okay so DDoS - again more acronyms, gotta
love it - Distributed Denial of Service. Okay,

31
00:04:49.080 --> 00:04:55.560
um, one of the classic examples of this is and this really just doesn't happen much

32
00:04:55.560 --> 00:05:03.900
any more because everybody's you know gotten to
the point where they just don't allow you know

33
00:05:03.900 --> 00:05:11.700
ICMP PING requests to hit their servers or allow
their servers to respond to them; they're typically

34
00:05:11.700 --> 00:05:22.140
just dropped or reflected back. But back in the old
days, it was one of the first where you

35
00:05:22.140 --> 00:05:28.560
could just keep throwing these PING requests at
a server. I mean the thing would get really busy

36
00:05:28.560 --> 00:05:35.400
trying to respond to something that we really just
use nowadays to, you know, test for connectivity.

37
00:05:37.200 --> 00:05:44.580
And that was a very early type
of Denial of Service kind of attack.

38
00:05:45.300 --> 00:05:56.940
Distributed Denial of Service typically
uses botnets. So that is really - DDoS

39
00:05:56.940 --> 00:06:04.920
is an attack now mitigating this attack yeah
it kind of could be a security service but

40
00:06:06.420 --> 00:06:13.200
to me it's still more incorrect than client
encryption and so when I look at this question

41
00:06:13.980 --> 00:06:21.960
and, if I'm trying to narrow down the solutions, 
the answer it's going to be either, in my mind,

42
00:06:21.960 --> 00:06:30.660
client encryption or Cloud access security
broker. So, when I see a situation like this

43
00:06:32.040 --> 00:06:38.820
and maybe I'm struggling between two answers and
again, you know, you're trying to pick the best

44
00:06:38.820 --> 00:06:47.100
answer. So, I go back to the question and I read
it again and - this is an excellent test-taking tip - 

45
00:06:48.240 --> 00:06:53.460
whenever I take certification exams
to, for example, renew a certification

46
00:06:54.420 --> 00:06:59.760
even though, you know, I've been doing
this a while and, you know, I'm always

47
00:06:59.760 --> 00:07:06.960
preparing for the exam and I always use
the technique of reading the question twice.

48
00:07:07.560 --> 00:07:12.120
But what I like to do is I read the first
time look through the answers of choices,

49
00:07:12.840 --> 00:07:20.400
see if anything stands out is obviously wrong
or out of context with the question and, as I

50
00:07:20.400 --> 00:07:26.400
said in this case, the first and last answers
would be more incorrect or out of context.

51
00:07:27.240 --> 00:07:32.220
So I go back through again and I look
at enable corporate role-based security,

52
00:07:33.360 --> 00:07:43.800
role-based security, and client anti-virus
validation and then Cloud systems provider

53
00:07:45.300 --> 00:07:52.320
and when I put those pieces together one of
the two remaining answers sort of stands out

54
00:07:52.320 --> 00:08:01.800
as a little more pertinent a little more to the
point in the context of this question. Which one

55
00:08:01.800 --> 00:08:07.560
do you think that would be? Client encryption or
Cloud access security broker? Cloud access security

56
00:08:07.560 --> 00:08:16.920
broker. Yeah, the service that you're going to get
is enforcement of proper security measures okay

57
00:08:16.920 --> 00:08:26.040
and, you know, sort of the broker - the organization
that functions as a cloud access security broker - 

58
00:08:27.540 --> 00:08:33.900
is definitely going to ensure that
security measures are implemented

59
00:08:33.900 --> 00:08:42.540
between Cloud solution and the customer
organization. That is what their job is, okay?

60
00:08:43.260 --> 00:08:52.140
And so you can consider them as enforcement
points enabling enterprise security policies

61
00:08:52.140 --> 00:08:59.220
to be applied when the organization is
trying to access the cloud resources

62
00:09:00.300 --> 00:09:06.540
and, you know; it's kind of like anything else:
it's a service if you're paying for it and

63
00:09:06.540 --> 00:09:14.520
whoever's selling it wants to stay in business,
they're going to do a good job, okay. So in context

64
00:09:15.240 --> 00:09:24.480
this stands out as the correct answer and in
fact it is. Let's move on to the next one.

65
00:09:31.080 --> 00:09:36.780
So this question involves data concepts.
Which of the following describes a message

66
00:09:36.780 --> 00:09:43.560
for website visitors detailing how
their data will be processed and used?

67
00:09:44.160 --> 00:09:53.640
Your choices are: privacy notice, public disclosure,
terms of agreement or information life








68
00:09:53.640 --> 00:10:02.340
cycle document. What do you think? Terms
of agreement? 

69
00:10:04.500 --> 00:10:07.980
Anybody else? Any other suggestions?

70
00:10:10.680 --> 00:10:12.840
Information life cycle document?

71
00:10:13.920 --> 00:10:22.020
Information life cycle document, okay.

72
00:10:22.860 --> 00:10:28.740
So both that answer and terms of
agreement are not correct in this context.

73
00:10:31.020 --> 00:10:40.080
Terms of agreement basically is a document
that outlines the rules and conditions of

74
00:10:40.080 --> 00:10:49.200
a relationship between two parties in the most general sense. Information life cycle document - 

75
00:10:50.460 --> 00:10:55.980
so information has a life cycle
within the business basically

76
00:10:55.980 --> 00:11:04.020
from the time it's created, distributed,
used, maintained, and then disposed of.

77
00:11:06.060 --> 00:11:16.080
So that's that's a lot of stuff
for a message for website visitors

78
00:11:17.280 --> 00:11:21.000
detailing how their data
will be processed and used.

79
00:11:23.040 --> 00:11:29.280
Okay, so if we rule out those last two suggestions

80
00:11:30.240 --> 00:11:33.900
that leaves us with privacy
notice and public disclosure.

81
00:11:37.320 --> 00:11:45.000
Which of those two do you think is
correct, is the best answer? Public disclosure.

******Garbled*******82
00:11:47.580 --> 00:12:00.780
it's there well maybe all right public disclosure
Okay, so the the correct answer here Privacy notice. 

83
00:12:04.440 --> 00:12:10.440
Public disclosure - If you're uncertain of the context
of public disclosure or the meaning of it 

84
00:12:10.440 --> 00:12:20.220
as well, okay, can be a misdirector so, you know,
public disclosure typically involves 

85
00:12:20.220 --> 00:12:30.420
regulations and laws that govern the organization.
Okay, so for example, if you have a security breach

86
00:12:30.420 --> 00:12:37.320
and you're a large organization maybe your
retailer you know something else banking

87
00:12:39.000 --> 00:12:47.220
you may be required to make a public statement
about a serious security incident and you may

88
00:12:47.220 --> 00:12:55.260
have to disclose the details of the type of
information that has been breached. Okay, so that's

89
00:12:55.260 --> 00:13:02.880
really at the heart of what public disclosure is
and that just leaves us with privacy notice and

90
00:13:03.780 --> 00:13:14.280
again if you look at the context of the question.
We're told a message for website visitors

91
00:13:15.180 --> 00:13:23.640
detailing how their data will be used and in
that context privacy notice makes the most sense.

92
00:13:24.840 --> 00:13:30.420
of course now you know it means that you have to
understand something about the sort of

93
00:13:30.420 --> 00:13:36.900
formal meanings of the other terms like public
disclosure, terms of agreement - which is a little

94
00:13:36.900 --> 00:13:44.880
too general - and then information life cycle
document, which is this big thing that is way

95
00:13:44.880 --> 00:13:52.020
beyond the scope or way out of context for what's
being described in this question. This make sense?

96
00:13:54.480 --> 00:14:01.560
So, do you hear me? Yes, I can hear you. So
at this point I was confusing this sometimes you

97
00:14:01.560 --> 00:14:06.600
know you know certain websites they'll have you
do like a terms of agreement and I feel like it

98
00:14:06.600 --> 00:14:11.880
kind of…Does it encompass everything or like when
you're just signing and checking does it also are

99
00:14:11.880 --> 00:14:18.720
the privacy notices in the terms of agreement?
See, the difference is that you're really not

100
00:14:18.720 --> 00:14:25.620
agreeing to anything if you're just visiting a
website, right, and you're … maybe you have to enter

101
00:14:25.620 --> 00:14:30.840
some information. I mean, who knows, maybe, you know, 
they want an email address or something because

102
00:14:30.840 --> 00:14:39.060
you're gonna - I don't know - you're gonna download
something that's beneficial to you somehow. Okay, so

103
00:14:39.600 --> 00:14:47.340
you really being told that you, know, we're going
to provide this to you but this is how we're going

104
00:14:47.340 --> 00:14:56.040
to use your data. okay in an agreement it's going
to be a little more formalized than that because

105
00:14:56.040 --> 00:15:02.280
they're going to be rules and conditions
of the relationship it's it's kind of like

106
00:15:02.880 --> 00:15:09.360
entering into a more formalized business
relationship with this entity or this organization.

107
00:15:10.260 --> 00:15:19.020
You're just a website visitor and this is just
a message that tells you how your data, if any,

108
00:15:19.020 --> 00:15:27.540
will be processed and used and that really does
fall under the heading of a privacy notice, okay?

109
00:15:27.540 --> 00:15:32.880
That makes more sense, thank you. All right, let’s move on to the next question.

110
00:15:38.640 --> 00:15:43.860
Okay, so this involves data
security and the scenario is:

111
00:15:45.120 --> 00:15:48.840
Paul's son is turning 10 years old in a month

112
00:15:50.040 --> 00:15:57.540
and he's been asking for a trampoline for his
birthday. Paul decides to buy the trampoline online

113
00:15:58.800 --> 00:16:05.100
and have it delivered to their house. I think
that they meant to say Paul's dad or somebody

114
00:16:06.960 --> 00:16:15.540
so once - oh no it's Paul's son who's turning
10 years old. Well, my mistake. So Paul

115
00:16:15.540 --> 00:16:21.540
decides to buy the trampoline online and have it
delivered to their house once he purchases the

116
00:16:21.540 --> 00:16:29.100
trampoline and looks at his emailed confirmation
receipt he notices that there are a bunch of x's

117
00:16:29.100 --> 00:16:36.600
in front of the last four digits of his credit
card number. What method is this an example of

118
00:16:36.600 --> 00:16:49.020
and your choices are: Data Hashing, Data
Aggregation, Data Tokenization, or Data Masking. Okay, 

119
00:16:49.620 --> 00:16:59.460
so let's see what are you thinking on this one?
Data hashing. Okay,

120
00:17:00.660 --> 00:17:07.140
um, is there a reason that that sticks out to you?
I kind of was doing something like this so it

121
00:17:07.140 --> 00:17:11.640
might be I remember before this but I might
have I might have gotten the term incorrect

122
00:17:11.640 --> 00:17:16.980
but I do remember covering this and that kind
of sticks out to me. Maybe it's masking.

123
00:17:18.120 --> 00:17:26.640
Well it's not data hashing. Okay. So a hash and
data hashing or the creation of a hash value

124
00:17:27.360 --> 00:17:34.740
ensures data integrity and basically what what
happens is there's a mathematical algorithm that's

125
00:17:34.740 --> 00:17:41.520
it's often just called a hashing algorithm and
it takes in data and generates a hash value.

126
00:17:42.120 --> 00:17:49.680
What it's typically used for is that the
hash is sent with the data and the reason

127
00:17:49.680 --> 00:17:55.440
it's sent is so that when it gets to the
receiving end the destination system can

128
00:17:55.440 --> 00:18:01.800
run the same data through a hashing algorithm, the
same hashing algorithm, and generate a hash value.

129
00:18:03.180 --> 00:18:10.500
I think the most common place that
I've seen is personally is downloading

130
00:18:11.280 --> 00:18:19.980
some software and especially stuff that's - well
not especially it could be open source it could

131
00:18:19.980 --> 00:18:28.260
be something you pay for and it's often done
so that you the customer have a way to verify

132
00:18:28.260 --> 00:18:36.600
the integrity of the download that you just made
because if it you know the integrity was suspect

133
00:18:36.600 --> 00:18:43.620
then you probably wouldn't you know decompress
the file or run the program right because it

134
00:18:43.620 --> 00:18:50.580
could be it could be it could have been messed
with. Okay, so it's definitely not Data Hashing

135
00:18:50.580 --> 00:18:57.900
and now that leaves Aggregation and
Tokenization…

136
00:18:57.900 --> 00:19:04.020
And also data masking, so it leaves us with three
choices and of the three choices - Aggregating,

137
00:19:04.740 --> 00:19:12.720
Tokenizing or Masking - which of those three do you
think would be the least correct? We're trying to

138
00:19:12.720 --> 00:19:18.600
whittle this down here, trying to
narrow the results down to the correct one.

139
00:19:21.600 --> 00:19:23.640
So what is Aggregation?

140
00:19:25.860 --> 00:19:37.620
Okay, if you think about it and if you've
ever seen, for example, Local Area Network

141
00:19:37.620 --> 00:19:46.140
segment - and and we're talking wired
here not wireless just to keep it simple. You 

142
00:19:46.140 --> 00:19:54.540
would often see what we would call a layer two
switch and the layer 2 switch acts as an

143
00:19:54.540 --> 00:20:05.160
aggregation point. In other words, it aggregates or
collects signals from end users or hosts. Okay, so

144
00:20:06.480 --> 00:20:13.620
a common example of this could be you know you're you're having your friends

145
00:20:13.620 --> 00:20:20.520
over for LAN party. Okay, so you have a small
switch and you invite all your friends over

146
00:20:20.520 --> 00:20:25.500
and you're like okay everybody plug in we're
gonna you know play Call of Duty and you know

147
00:20:26.400 --> 00:20:33.180
crash each other's planes and so on and so
forth. So what’s happening is the switch is

148
00:20:33.180 --> 00:20:43.020
the aggregation point so aggregation and
specifically data aggregation is taking

149
00:20:43.020 --> 00:20:53.100
and summarizing say a large pool of data for some
other purpose, usually high-level analysis. Okay, so

150
00:20:55.260 --> 00:21:06.300
you can take lots of data from different databases
and organize it into a simpler, easier-to-

151
00:21:06.300 --> 00:21:17.460
use medium or usually doing something
like uh utilizing sums, averages, or means

152
00:21:17.460 --> 00:21:23.760
as references for this big pool of
data that you're trying to summarize.

153
00:21:24.900 --> 00:21:30.780
So that doesn't sound like what Paul is seeing on

154
00:21:31.380 --> 00:21:41.160
his receipt so that really leaves us with
tokenization or masking. Of those two choices, 

155
00:21:41.820 --> 00:21:47.580
what do you think it is when instead of printing
out the whole 16 digits of a credit card number,

156
00:21:48.720 --> 00:21:56.460
X's are printed out and only the last
four digits are preserved as numbers?

157
00:21:58.680 --> 00:22:02.880
Does that sound like tokenizing
or masking? What do you think?

158
00:22:05.340 --> 00:22:14.640
Masking? Yeah, that's correct the answer is
masking. When we talk about data tokenization

159
00:22:15.300 --> 00:22:27.300
so this is when you have sensitive information
and it is substituted with a non-relevant data

160
00:22:27.300 --> 00:22:34.560
string and we would call that a token, okay.
And so the string is then stored in a data map

161
00:22:35.100 --> 00:22:43.860
and you know can be looked up to convert the token
back to the sensitive data as you need to and

162
00:22:43.860 --> 00:22:50.520
in fact it's a common technique for storing credit
card information so that credit card data is not

163
00:22:50.520 --> 00:23:00.900
stored with the customer data. So we kind
of replace the sensitive stuff with tokens. What 

164
00:23:00.900 --> 00:23:08.460
this scenario describes is definitely called Data
Masking and that is that we are absolutely masking

165
00:23:09.060 --> 00:23:21.000
the other 12 digits of the credit card number with
X’s. Let’s go on to the next one.

166
00:23:25.080 --> 00:23:32.760
So this question involves data types
and the question is: Which of the following

167
00:23:32.760 --> 00:23:42.960
is not an example of PII? Your choices are:
A static IP address when someone browses the web;

168
00:23:43.980 --> 00:23:55.260
An IP address that is dynamically assigned by the
ISP; A social security number or; Biometric data.

169
00:23:57.000 --> 00:24:05.340
So the name of the game here
again is acronyms. Let’s start with PII. 

170
00:24:07.320 --> 00:24:09.720
What does that mean? What does that stand for?

171
00:24:12.480 --> 00:24:23.040
Is it Personally Identifiable Information? Absolutely is, yes, very good Morgan; wonderful. Okay, 

172
00:24:23.040 --> 00:24:32.280
so we're looking for the choice that is not an
example of PII so let's start at the bottom with

173
00:24:32.280 --> 00:24:43.620
Biometric Data. Do you think that's
PII? Yes. Yeah. so something like a fingerprint - 

174
00:24:44.940 --> 00:24:49.380
that's personally identifiable information. What about a social security number?

175
00:24:50.640 --> 00:24:59.880
Well, okay, so they're all supposed to be unique
and unique to us so that would be PII. We're

176
00:24:59.880 --> 00:25:06.300
still looking for an example or one of the
choices that's not PII, so now that leaves

177
00:25:06.300 --> 00:25:16.140
us with IP addresses: one that is dynamically
assigned and one that is statically assigned.

178
00:25:19.140 --> 00:25:26.640
So what do you think? Would it be the
dynamic one? Okay and why do you think that?

179
00:25:27.360 --> 00:25:33.660
Because static is staying in one place
and dynamic it's just like it's multiple

180
00:25:33.660 --> 00:25:47.640
and changes. So an IP address that is
dynamically assigned by the ISP is if you release

181
00:25:47.640 --> 00:25:56.040
your IP address and you need to renew it or your
system does it on your behalf which happens okay?

182
00:25:58.560 --> 00:26:05.220
An IP address is grabbed out of the pool
of free addresses and assigned to your host

183
00:26:06.180 --> 00:26:13.980
so it's not predictable it's not
identifiable. A static IP address

184
00:26:13.980 --> 00:26:23.280
on the other hand is chosen and statically
assigned and it sticks and so if it sticks

185
00:26:24.240 --> 00:26:32.760
it's referenceable and can be PII. So in this
question and in this context, an IP address

186
00:26:32.760 --> 00:26:46.440
that is dynamically assigned by the ISP is not an
example of PII. Okay, all right, moving on Data Types (2): 

187
00:26:46.440 --> 00:26:58.740
Can you explain what PII stands for again? Yes, PII stands for Personally Identifiable Information.

188
00:27:00.840 --> 00:27:08.340
and so the examples are things like your
Social Security Number, your fingerprint,

189
00:27:11.040 --> 00:27:26.220
um could be a retina scan: anything
that can be used to identify you personally. 

190
00:27:28.440 --> 00:27:39.900
All right. Thank you. You're welcome. Data Types (2): Which of the following examples is the

191
00:27:39.900 --> 00:27:49.620
least appropriate use of PII; least
appropriate. Your choices are: A law

192
00:27:49.620 --> 00:27:56.040
enforcement agent using a person's driver's
license to look up their criminal history;

193
00:27:58.080 --> 00:28:03.600
Using a facial scanner to log into a smartphone;

194
00:28:05.460 --> 00:28:17.700
Storing PII data on unencrypted laptops; or
Using PII to help users reset a password?

195
00:28:20.100 --> 00:28:29.340
The third one. The third one, storing PII
data on unencrypted laptops. Yeah, absolutely,

196
00:28:30.480 --> 00:28:38.280
in other words if they're unencrypted and that's
kind of an interesting phrase on encrypted laptops.

197
00:28:38.280 --> 00:28:47.160
but clearly we mean you know a lack of say
hold disk or full disk encryption or file system

198
00:28:47.160 --> 00:28:56.160
encryption So if I'm storing credit card numbers
Social Security Numbers other information that

199
00:28:56.160 --> 00:29:02.160
is personally identifiable to anyone then
that is absolutely the least appropriate

200
00:29:02.160 --> 00:29:08.460
because it's in an unencrypted or plain text
format and that means anybody who has access to

201
00:29:08.460 --> 00:29:17.160
the machine or who gets into it is going to be
able to see that and use that information. 

202
00:29:19.500 --> 00:29:28.500
Facial scanners? I'm sure many of you use if
you're running a Windows operating system you

203
00:29:28.500 --> 00:29:34.680
may use Windows Hello or maybe just in your
smartphone, you know when you push the button

204
00:29:34.680 --> 00:29:43.080
and it scans your face and logs you in that way
that's appropriate law enforcement agent using

205
00:29:43.080 --> 00:29:51.480
a person's driver's license to look up their
criminal history. If they've been stopped

206
00:29:52.320 --> 00:30:00.660
and hopefully for reasonable purposes then that's
within their purview to look up and see if someone

207
00:30:00.660 --> 00:30:08.520
they've pulled over for some violation has a
criminal history. Helping users reset a password.

208
00:30:09.240 --> 00:30:16.920
Sure. But number three is the correct
answer in this question. Okay, let's move on.

209
00:30:23.160 --> 00:30:38.040
Data Types (3) the question is: PHI data is
blank. So once again our old friends the acronyms.

210
00:30:39.480 --> 00:30:52.260
PHI data is: Not very sensitive because it can
be changed; Extremely sensitive but can be changed;

211
00:30:53.100 --> 00:31:01.380
Not very sensitive but it cannot be changed; or
Extremely sensitive because it cannot be changed.

212
00:31:02.460 --> 00:31:16.260
So this is kind of one of those wordsmithing
problems. The way the answer choices are 

213
00:31:16.260 --> 00:31:23.220
worded but the key to this question of
course is knowing what PHI stands for so

214
00:31:24.900 --> 00:31:26.760
what does PHI stand for?	

215
00:31:31.440 --> 00:31:39.540
Is that personal or protected health
information? It absolutely is Protected

216
00:31:39.540 --> 00:31:47.340
Health Information. So now we get to read the choices again. Now this question…

217
00:31:48.420 --> 00:31:54.780
remember what I said earlier that when I take
certification exams that I always have this habit

218
00:31:54.780 --> 00:32:02.400
of reading a question at least twice and there's
a lot of good reasons for that especially someone

219
00:32:02.400 --> 00:32:09.960
say in my position who's been doing this for so
long - believe it or not - you know sometimes I

220
00:32:09.960 --> 00:32:15.240
see something and I just want to jump right at it
because I know that I've got the correct answer.

221
00:32:16.020 --> 00:32:28.800
And yeah maybe I do maybe. Test makers test creators are very good at making

222
00:32:28.800 --> 00:32:38.100
you think that so my habit of course is to read
the question at least twice in this instance this

223
00:32:38.100 --> 00:32:47.640
is where you're going to read the possible answers
twice because there's not much of a question now

224
00:32:48.420 --> 00:32:55.620
once you know that PHI is protected health
information now you have to go through the

225
00:32:55.620 --> 00:33:04.260
answers again and see you know is there anything
that can be obviously discounted or is there

226
00:33:04.260 --> 00:33:11.700
something that sticks out as making good sense to
you So we're talking about health information

227
00:33:13.200 --> 00:33:21.240
now probably at this point we've all experienced
having to go to the doctor okay for something

228
00:33:22.140 --> 00:33:28.620
and of course they have your medical records
or your protected health information on file.

229
00:33:30.000 --> 00:33:40.320
Keeping that in mind, now read the choices: Is it Not very sensitive because it can be changed?

230
00:33:43.080 --> 00:33:50.280
What do you think about that answer? That's
incorrect. Yeah, and what about it really

231
00:33:50.280 --> 00:33:55.860
hits you as that is completely wrong?
The not sensitive part? Yeah, absolutely. 

232
00:33:56.700 --> 00:34:04.380
Because you know my my health information is very
sensitive and there are only certain people or

233
00:34:04.980 --> 00:34:13.140
professional or professional organizations that I
want to have it. So when I see “not very sensitive,” 

234
00:34:14.640 --> 00:34:20.760
I'm almost I don't even care really what comes
after that because I know it's very sensitive, okay

235
00:34:21.420 --> 00:34:27.780
Well in this context now they're saying the only
other two choices are extremely sensitive and I'm

236
00:34:27.780 --> 00:34:32.100
gonna go with that I don't have heartburn
with that at all it's extremely sensitive.

237
00:34:32.820 --> 00:34:39.240
So now we have to read the rest of the
phrase: “extremely sensitive but can be changed”

238
00:34:39.240 --> 00:34:48.480
or “extremely sensitive because it cannot be
changed” which of those two do you think is correct?

239
00:34:50.940 --> 00:35:01.800
Extremely sensitive but it can be changed?
Okay, so when you go to the doctor and

240
00:35:01.800 --> 00:35:07.320
they they have to pull up your medical records
because you know it gives them a baseline of

241
00:35:08.040 --> 00:35:12.780
how you were say a year ago. Let’s say
it's a yearly checkup or something 

242
00:35:15.480 --> 00:35:17.640
and they need this reference point. 

243
00:35:20.100 --> 00:35:22.920
But you said it can be changed.

244
00:35:25.800 --> 00:35:26.880
What does that mean?

245
00:35:29.100 --> 00:35:34.920
Your health can change, the status of your health
can change? Okay, and so let me ask you this then: 

246
00:35:34.920 --> 00:35:40.260
And I agree with that yes the status of your
health can change hopefully for the better.

247
00:35:41.400 --> 00:35:46.560
So when that happens, where does
that go in your medical record?

248
00:35:50.640 --> 00:35:57.480
Does it go in the end of the record that's from
a year ago or the end of the record that is today?

249
00:35:59.640 --> 00:36:08.640
I'd say the more recent/ Yes, more recent. So it's appended to your medical record.

250
00:36:11.040 --> 00:36:13.860
Now you can look at that… 

251
00:36:16.080 --> 00:36:22.080
it can be changed right because we've added
new information that's the whole record.

252
00:36:23.640 --> 00:36:30.960
But the past, the pre-existing record,
cannot be changed because if it is

253
00:36:30.960 --> 00:36:39.000
changed then your health care provider may get
the wrong information or have a wrong picture

254
00:36:39.840 --> 00:36:49.800
of your health. Do you see what I'm getting at here? So it really is extremely sensitive because

255
00:36:49.800 --> 00:36:58.740
it cannot be changed; in other words, the Integrity
of your health record needs to stay intact

256
00:36:58.740 --> 00:37:08.520
so that the doctors know exactly where your
health is coming from and then they can better

257
00:37:08.520 --> 00:37:16.740
determine if the changes they're seeing now
are good changes or maybe not-so-good changes,

258
00:37:19.260 --> 00:37:24.240
it definitely makes a difference and that's
why the answer is extremely sensitive because

259
00:37:24.240 --> 00:37:35.460
it cannot be changed. Okay, does this make sense to everyone? Let’s move on right now: 

260
00:37:38.340 --> 00:37:47.100
Data Types (4): Which one of the
following is considered proprietary data?

261
00:37:47.100 --> 00:37:57.840
Your choices are: Password; Company statistics;
Brainstorming notes or; Manufacturing processes

262
00:37:59.340 --> 00:38:05.160
Anybody want to take a stab at this one? Passwords. 

263
00:38:05.880 --> 00:38:18.180
Okay so password is proprietary data. Why? Because that's like the key to

264
00:38:18.180 --> 00:38:27.240
having access to information and the system. Okay, so I would agree that it’s private data.

265
00:38:29.520 --> 00:38:37.080
Can it be changed? Yes, and typically it can be changed without 

266
00:38:37.920 --> 00:38:45.720
being detrimental to your well-being or
well-being of something that you own?

267
00:38:48.360 --> 00:38:51.420
Yes it can be changed. 

26.8
00:38:52.440 --> 00:39:00.360
All right, so not really proprietary
data. What about company statistics?

269
00:39:03.480 --> 00:39:09.900
Can't be changed? That's an excellent question so

270
00:39:11.160 --> 00:39:17.400 
company statistics so, for example, you know
companies put out annual reports which talk

271
00:39:17.400 --> 00:39:23.040
about their financial positions and maybe
there's legal Information as well and if

272
00:39:23.040 --> 00:39:31.200
it took place in the past it cannot be changed
should not be changed but it's a proprietary,

273
00:39:33.540 --> 00:39:39.540
in other words, if the company statistics were to
make it into public hands would it be detrimental

274
00:39:39.540 --> 00:39:47.220
to the company? The answer is the last one; the way you kind of described it it would be

275
00:39:47.220 --> 00:39:57.180
the manufacturing process. Very good. That is that is correct; a manufacturing process is

276
00:39:57.180 --> 00:40:06.900
definitely proprietary data. It is something that
had to be perhaps researched or a company had to

277
00:40:06.900 --> 00:40:15.360
find a particular expert in a particular field;
it had to be developed, created, and possibly then

278
00:40:15.360 --> 00:40:24.660
used to create some type of product and in order
for this company to maintain its competitive edge

279
00:40:26.580 --> 00:40:30.240
we would not want the
manufacturing process information

280
00:40:31.320 --> 00:40:36.540
to get out. It would be proprietary
it would be like a company secret.

281
00:40:37.860 --> 00:40:46.560
So yes the answer to this question is definitely
manufacturing processes. Let’s move on.

282
00:40:48.060 --> 00:40:51.480
Whoops I hit the wrong thing. 

283
00:40:54.300 --> 00:40:54.840
Okay

284
00:40:58.020 --> 00:41:05.760
Okay so this one involves the
IEEE 802.1X standard.

285
00:41:08.040 --> 00:41:16.800
The question: What best describes the
purpose of the IEEE 802.1x standard?

286
00:41:18.060 --> 00:41:25.080
Your choices are: Sending data over a wireless
connection once it has been encrypted;

287
00:41:26.520 --> 00:41:31.320
Gaining access to a network
based on an eight-digit PIN;

288
00:41:33.000 --> 00:41:39.240
A secure way to support various authentication
methods like smart cards, certificates, fingerprint

289
00:41:39.240 --> 00:41:47.340
scanners, and one-time passwords; or Not
activating a Network's Port until the

290
00:41:47.340 --> 00:41:56.340
switch has authenticated the connected
device? Okay, so what do you think here: 

291
00:41:58.380 --> 00:42:03.300
And clearly this involves
understanding what 802.1x is.

292
00:42:05.520 --> 00:42:10.320
Does anybody know? I don't
off the bat what 802.1x is? 

293
00:42:14.460 --> 00:42:16.680
Okay, so

294
00:42:20.640 --> 00:42:28.500
if you don't know that and and let's just say that
yeah you really do but maybe you're in the exam

295
00:42:28.500 --> 00:42:34.260
and you kind of get rattled right or your your
mind has wandered or you're in a testing room

296
00:42:34.260 --> 00:42:41.280
and you know someone you know three
computers down from you is busy banging out an

297
00:42:41.280 --> 00:42:50.100
essay or something and the the noise of the keys is just distracting me, when you finally refocus

298
00:42:51.480 --> 00:42:57.840
and you look at this information especially
the responses your choices are: sending data

299
00:42:59.100 --> 00:43:02.760
once it's been encrypted;

300
00:43:05.040 --> 00:43:06.120
gaining access, 

301
00:43:08.700 --> 00:43:19.560
a secure way to support authentication methods; or
not activating a network's port until a device

302
00:43:19.560 --> 00:43:28.320
has been authenticated? Okay, given those four
choices, which one of those is not like the others?

303
00:43:31.320 --> 00:43:35.100
Someone take a guess which
one is not like the others.

304
00:43:38.640 --> 00:43:49.320
Yes, sending data. Okay the
other three choices - gaining access to a network;

305
00:43:50.700 --> 00:43:52.080
authenticating;

306
00:43:54.420 --> 00:44:05.040
and again authenticating a connected device - so
there's a good chance that we can eliminate the

307
00:44:05.040 --> 00:44:13.560
first answer choice. Okay, now of course, you're
going to study, you're going to prepare before

308
00:44:13.560 --> 00:44:20.280
you take the exam. once you've calmed down from
or gotten over whatever has distracted you

309
00:44:20.280 --> 00:44:27.360
and you've looked at the question in the context
like we just did. You’re now down to three choices:

310
00:44:28.860 --> 00:44:34.860
Gaining access to a network based on
an eight digit PIN - that's the qualifier.

311
00:44:36.000 --> 00:44:38.400
The first thought is gaining access to a network.

312
00:44:39.360 --> 00:44:44.940
In the next response a secure way
to support various authentication

313
00:44:44.940 --> 00:44:51.600
methods like smart cards, certificates.
Again, things that help you gain access.

314
00:44:53.220 --> 00:45:00.480
Or the fourth answer: not authenticating or not activating the network's port until the

315
00:45:00.480 --> 00:45:05.400
switch authenticates the connected device. That's
just another way of authenticating something.

316
00:45:05.400 --> 00:45:12.780
So these things might start making it come
back to you when you realize what they're saying.

317
00:45:14.940 --> 00:45:25.680
Hopefully you'll remember that 802.1X is a IEEE
standard for port-based network access control.

318
00:45:26.880 --> 00:45:35.760
So right off the bat we're looking at
network access and we're looking at authentication.

319
00:45:36.960 --> 00:45:47.580
I’m not sure anybody can probably recall
network access being based on an eight-digit PIN.

320
00:45:51.060 --> 00:45:57.960
I'm sitting here thinking
about it and and I can’t. However,

321
00:45:59.460 --> 00:46:05.880
smart cards, certificates, fingerprint scanners,
one-time passwords: those things make sense.

322
00:46:06.720 --> 00:46:15.180
But it also makes sense about authenticating
a connected device. We are talking

323
00:46:15.180 --> 00:46:25.740
about network access. In fact that's what the
standard says: port-based network access control.

324
00:46:27.120 --> 00:46:41.100
If you can recall that, then the thing that begins
to become clear is that connected devices are

325
00:46:41.100 --> 00:46:52.140
connected to switches via ports. And the choice “Not activating a network's port until the switch

326
00:46:52.140 --> 00:47:02.100
has authenticated the connected device” is correct.
The bit that we've just gone through

327
00:47:02.760 --> 00:47:09.840
is kind of an example of using the information
there and hopefully some of the information

328
00:47:09.840 --> 00:47:16.440
that you prepared for but you know maybe
you've forgotten it a little bit or maybe it's one

329
00:47:16.440 --> 00:47:23.520
of your weaker points. Just being
able to look at it and choose the right answer

330
00:47:23.520 --> 00:47:30.180
after reading through it and spending a little
time, you may be able to derive the correct answer.

331
00:47:30.720 --> 00:47:37.380
It's another test taking strategy. The thing
is it typically has to happen fairly quickly.

332
00:47:38.220 --> 00:47:46.140
One other thing to consider in
taking certification exams is that

333
00:47:48.420 --> 00:47:54.420
you have a bank of time because they're all timed and you'll know up front before you go into

334
00:47:54.420 --> 00:48:01.740
it how much time you have and so if
you have - let's say you have you know

335
00:48:01.740 --> 00:48:09.180
90 questions and maybe you have 90 minutes to
take the exam so that's a minute per question.

336
00:48:10.020 --> 00:48:15.780
But there will be questions that you come across
that perhaps are knowledge based and things that

337
00:48:15.780 --> 00:48:21.660
you know really well; for some reason they were
just really easy to learn or they really resonated

338
00:48:21.660 --> 00:48:29.100
with me and you look at a question and even you'll
read it twice right you'll know the answer and in

339
00:48:29.100 --> 00:48:35.280
15 seconds or so you're done you've answered
the question successfully and you've moved on.

340
00:48:36.300 --> 00:48:42.120
The way to think about that is it's great
that you can answer in 15 seconds but now

341
00:48:42.120 --> 00:48:51.420
you have 45 more seconds back in the bank
okay and the more this happen the more time

342
00:48:52.140 --> 00:48:59.160
- sort of extra time - you have in the bank, the
less you have to worry when you come to a

343
00:48:59.160 --> 00:49:06.000
question (perhaps like this one) where it takes you
a minute or a minute and a half to read through

344
00:49:06.000 --> 00:49:15.240
and derive an answer. So what I'm telling
you is that the things you know really well

345
00:49:16.380 --> 00:49:24.060
can serve you well when you're working on the
questions that for one reason or another you

346
00:49:24.060 --> 00:49:32.040
may not know well or maybe not at this moment.
Let's move on to the next one.

347
00:49:35.640 --> 00:49:37.980
Okay

348
00:49:39.420 --> 00:49:52.200
This one involves ISO standards: An organization
observes ISO standards 27017 and 27018. What kind

349
00:49:52.200 --> 00:49:59.340
of security standards is this organization
reviewing? And this is one of those situations

350
00:49:59.340 --> 00:50:07.980
where you just have to know the standard.
Does anybody have an idea for this one

351
00:50:10.740 --> 00:50:12.360
Or want to take a guess?

352
00:50:16.680 --> 00:50:24.720
Amina? Go ahead just
throw a guess out there. 

353
00:50:32.400 --> 00:50:43.380
The fourth one? Legal liability factors?No. Okay, these 

354
00:50:43.380 --> 00:50:52.260
standards involve cloud security. All right, and and you simply just have to know

355
00:50:53.220 --> 00:51:00.780
that 27017 certification demonstrates
cloud service security to users

356
00:51:01.500 --> 00:51:12.300
and 27018 ensures that personal data is processed
securely. This is a straight-up knowledge-based

357
00:51:12.300 --> 00:51:19.860
kind of question because you're given two
standards, you're asked what kind of security

358
00:51:21.540 --> 00:51:27.120
basically are these standards involving and
then you're just given choices straight out.

359
00:51:27.840 --> 00:51:33.120
So this is one of those that you come across
and you either know it and you answer it

360
00:51:33.120 --> 00:51:38.400
or you look at it and maybe you try to think
and remember you know you should study your

361
00:51:38.400 --> 00:51:47.400
ISO standards or you didn't and you guess
and then you move on. If you know for a fact you

362
00:51:47.400 --> 00:51:55.380
don't know this okay maybe it got missed
you take your best guess and you move on.

363
00:51:57.420 --> 00:52:02.220
We're still good here.

364
00:52:04.260 --> 00:52:09.000
We’re gonna go to the next question here.

365
00:52:11.880 --> 00:52:22.140
NIST framework - so the question is: Where
the _____  focuses on practical cybersecurity

366
00:52:22.140 --> 00:52:32.100
for businesses, the ______ is more prescriptive and
principally intended for use by federal agencies.

367
00:52:33.000 --> 00:52:44.220
So you're given answer pairs: CIS/CIA; CSF/CIA; CIS/RMF; CSF/RMF. 

368
00:52:45.960 --> 00:52:58.680
Acronyms - God alone. So this question depends fairly
heavily on you knowing what the acronyms are but

369
00:52:58.680 --> 00:53:08.160
you also get the clue in the question. One of these
in the first part of the pair focuses on practical

370
00:53:08.160 --> 00:53:17.880
cyber security for businesses; the second one
in the pairs suggested is prescriptive and

371
00:53:17.880 --> 00:53:27.360
principally intended for use by federal agencies. Anybody have a selection for this question?

372
00:53:30.120 --> 00:53:33.600
Or want to take a guess? CIS/CIA?

373
00:53:35.700 --> 00:53:48.120
Okay, no, that is not correct. 

374
00:53:49.620 --> 00:53:52.260
CIS stands for Center for Internet Security;

375
00:53:53.640 --> 00:54:05.460
CIA is the fundamental goals of information
security which are what? Anybody know? Basic stuff.

376
00:54:07.740 --> 00:54:10.560
Okay, I'll give you a hint: The
first one is confidentiality.

377
00:54:12.780 --> 00:54:13.560
I is what?

378
00:54:15.660 --> 00:54:21.060
okay so it's Integrity and the last
one is Availability. The correct answer

379
00:54:23.580 --> 00:54:31.560
is the last answer: CSF being Cybersecurity
Framework and it was initially developed

380
00:54:31.560 --> 00:54:38.820
for critical infrastructure and RMF
stands for Risk Management Framework.

381
00:54:39.720 --> 00:54:47.880
It's more prescriptive and it was designed
with the federal government in mind originally.

382
00:54:48.900 --> 00:54:56.640
So a few facts there that you have to know and
also knowing the acronyms and I can't say it

383
00:54:56.640 --> 00:55:08.160
enough: Like ‘em, love ‘em, hate ‘em. Acronyms are
everywhere. Let's get in another one

384
00:55:10.920 --> 00:55:13.560
Let's see here where are. 

385
00:55:17.640 --> 00:55:27.720
Your organization requires you to change
your password every 180 days as well as ensure

386
00:55:27.720 --> 00:55:38.160
that the passwords cannot be changed more than
once within a 180-day interval. You want to match

387
00:55:38.160 --> 00:55:45.360
your organization's configuration settings with
your personal configuration settings so everything

388
00:55:45.360 --> 00:55:51.420
is organized. Which of the following should you
configure to match your organization settings?

389
00:55:52.680 --> 00:56:01.680
So your choices are: Maximum password age; Password
history; Password reviews or; Minimum password age.

390
00:56:02.940 --> 00:56:10.740
When you look at this question
the important information is here:

391
00:56:12.180 --> 00:56:22.620
Your organization requires you to change your
password every 180 days and here: Ensure that

392
00:56:22.620 --> 00:56:34.140
the passwords cannot be changed more than once
within a 180-day interval. What do you think

393
00:56:34.140 --> 00:56:41.340
we're talking about: Is it maximum password
age, history, reuse, or minimum password age?

394
00:56:41.880 --> 00:56:51.060
Minimum password age? Minimum password age - that
is correct. How did you come to that? It's like

395
00:56:51.720 --> 00:56:59.940
the minimum is 180 days, right? Yes you have to have
it that, you can't change it before that time.

396
00:57:00.660 --> 00:57:06.840
What do you think is the purpose
of doing this - setting a minimum password age?

397
00:57:08.880 --> 00:57:13.920
And it makes sense because a lot of people
would do it if they could get away with it.

398
00:57:16.740 --> 00:57:25.500
Please, go ahead. Where people keep
changing their password and like every few,

399
00:57:27.120 --> 00:57:31.800
every - what was it - every so often so they can
get to a password that they want? I don't know if

400
00:57:31.800 --> 00:57:39.240
that’s. Yeah, that’s definitely heading in
the right direction. People would revert to their

401
00:57:39.240 --> 00:57:45.000
old passwords that maybe they're comfortable
with after an enforced password change.

402
00:57:46.500 --> 00:57:56.040
But if you have a minimum password age, once you
change it it has to stay for that 180-day interval.

403
00:57:57.420 --> 00:58:07.320
So it's a best practice and it's also
you should know used often very often with 

404
00:58:07.320 --> 00:58:16.320
password history and what that does is it keeps
users from reverting back to, say, a list of old

405
00:58:16.320 --> 00:58:25.200
passwords. Maybe the list is five passwords
long or maybe it's time based.