From the course: CompTIA Security+ (SY0-701) Cert Prep

Security program management and oversight

From the course: CompTIA Security+ (SY0-701) Cert Prep

Security program management and oversight

- [Instructor] The fifth domain of the security plus exam security program management and oversight makes up 20% of the questions on the test. It has six objectives. In the first objective, you'll learn to summarize elements of effective security governance. These include guidelines, policies, standards, and procedures. You'll also need to understand external governance considerations, governance structures, and roles, and responsibilities for systems and data. The second objective asks you to explain the elements of the risk management process. You'll need to know about risk identification, risk assessment, and risk analysis. You'll need to explain the role of a risk register and risk reporting, and understand how an organization's risk tolerance and risk appetite relate to each other. You'll need to be able to conduct a business impact analysis and describe different risk management strategies. The third objective of this domain asks you to explain the processes associated with third party risk assessment and management. This includes vendor assessment, vendor selection, agreement types, vendor monitoring, questionnaires, and rules of engagement. The fourth objective requires that you summarize elements of effective security compliance. You'll need to know compliance reporting, the consequences of non-compliance, compliance monitoring, and privacy. In the fifth objective, you'll need to explain the types and purposes of audits and assessments. You'll learn about attestation and internal and external assessments. You'll also learn about penetration testing. The final objective requires that you implement security awareness practices when you're given a scenario. This includes an understanding of phishing attacks, the recognition of unusual behavior, user guidance and training, reporting and monitoring, development and execution. Now, that's a lot of material, but we're going to get you through it all. Once you've completed the courses in this series, you'll be ready to face these questions on this security plus exam.

Contents