[Script Info]
Title: 
[Events]
Format: Layer, Start, End, Style, Name, MarginL, MarginR, MarginV, Effect, Text
Dialogue: 0,0:00:00.00,0:00:03.34,Default,,0000,0000,0000,,[MUSIC PLAYING]
Dialogue: 0,0:00:03.34,0:00:07.16,Default,,0000,0000,0000,,
Dialogue: 0,0:00:07.16,0:00:07.84,Default,,0000,0000,0000,,Hello, team.
Dialogue: 0,0:00:07.84,0:00:09.63,Default,,0000,0000,0000,,Good morning, good\Nafternoon, good evening.
Dialogue: 0,0:00:09.63,0:00:11.06,Default,,0000,0000,0000,,And today we are\Ngoing to discuss
Dialogue: 0,0:00:11.06,0:00:15.62,Default,,0000,0000,0000,,about CISA exam review, Domain\N5, Protection of Information
Dialogue: 0,0:00:15.62,0:00:16.49,Default,,0000,0000,0000,,Asset.
Dialogue: 0,0:00:16.49,0:00:20.43,Default,,0000,0000,0000,,I already made one video on\Ndomain 1, part 1 and part two,
Dialogue: 0,0:00:20.43,0:00:22.86,Default,,0000,0000,0000,,and I got a great\Nresponse on that video.
Dialogue: 0,0:00:22.86,0:00:25.16,Default,,0000,0000,0000,,And based on that, I\Nthought, let's continue
Dialogue: 0,0:00:25.16,0:00:26.55,Default,,0000,0000,0000,,the series of that session.
Dialogue: 0,0:00:26.55,0:00:28.71,Default,,0000,0000,0000,,And that is why I have\Nstarted with the Domain 5
Dialogue: 0,0:00:28.71,0:00:31.85,Default,,0000,0000,0000,,first because lot\Nof CISA aspirants
Dialogue: 0,0:00:31.85,0:00:33.96,Default,,0000,0000,0000,,are bit struggling\Nwith the Domain 5.
Dialogue: 0,0:00:33.96,0:00:38.00,Default,,0000,0000,0000,,So with that state of mind,\NI am making this video.
Dialogue: 0,0:00:38.00,0:00:40.31,Default,,0000,0000,0000,,If you are new to this\Nchannel, do subscribe and click
Dialogue: 0,0:00:40.31,0:00:43.23,Default,,0000,0000,0000,,on the bell icon so you should\Nnot miss any of my videos.
Dialogue: 0,0:00:43.23,0:00:45.75,Default,,0000,0000,0000,,And my name is Prabh Nair.
Dialogue: 0,0:00:45.75,0:00:50.13,Default,,0000,0000,0000,,For more information, you can\Nrefer my LinkedIn profile.
Dialogue: 0,0:00:50.13,0:00:52.25,Default,,0000,0000,0000,,So let's start with\Nthe first part.
Dialogue: 0,0:00:52.25,0:00:52.92,Default,,0000,0000,0000,,OK.
Dialogue: 0,0:00:52.92,0:00:56.45,Default,,0000,0000,0000,,The first part in this video,\Nin this particular session
Dialogue: 0,0:00:56.45,0:01:00.74,Default,,0000,0000,0000,,or in the Domain 5, we have\Ninformation asset security
Dialogue: 0,0:01:00.74,0:01:03.59,Default,,0000,0000,0000,,framework standard\Nand guideline.
Dialogue: 0,0:01:03.59,0:01:08.10,Default,,0000,0000,0000,,So when you're talking about\Nindustries, many industries,
Dialogue: 0,0:01:08.10,0:01:10.05,Default,,0000,0000,0000,,they basically use standards.
Dialogue: 0,0:01:10.05,0:01:13.94,Default,,0000,0000,0000,,They use frameworks\Nto build some kind
Dialogue: 0,0:01:13.94,0:01:17.15,Default,,0000,0000,0000,,of a controls and governance\Nin the organization.
Dialogue: 0,0:01:17.15,0:01:19.85,Default,,0000,0000,0000,,One example, we have\Na PCI DSS, which
Dialogue: 0,0:01:19.85,0:01:21.86,Default,,0000,0000,0000,,is used as a standard\Nfor all organization
Dialogue: 0,0:01:21.86,0:01:25.22,Default,,0000,0000,0000,,to process the payment cards.
Dialogue: 0,0:01:25.22,0:01:27.30,Default,,0000,0000,0000,,So this is the example\Nof industry standard.
Dialogue: 0,0:01:27.30,0:01:29.30,Default,,0000,0000,0000,,But compliance is not\Nrequired by the law
Dialogue: 0,0:01:29.30,0:01:34.13,Default,,0000,0000,0000,,because it is just used to\Nachieve the defined objectives.
Dialogue: 0,0:01:34.13,0:01:37.29,Default,,0000,0000,0000,,Then we have some standards\Nare found in many industries,
Dialogue: 0,0:01:37.29,0:01:39.83,Default,,0000,0000,0000,,including a health care,\Naccounting, audits,
Dialogue: 0,0:01:39.83,0:01:41.22,Default,,0000,0000,0000,,and telecommunication.
Dialogue: 0,0:01:41.22,0:01:43.65,Default,,0000,0000,0000,,In some industries, such\Nas electrical power,
Dialogue: 0,0:01:43.65,0:01:46.55,Default,,0000,0000,0000,,regulations require\Ncompliance with the standard.
Dialogue: 0,0:01:46.55,0:01:49.13,Default,,0000,0000,0000,,And to meet the\Nrequirement of a standard,
Dialogue: 0,0:01:49.13,0:01:52.97,Default,,0000,0000,0000,,framework is often used to\Ndescribe how the organization
Dialogue: 0,0:01:52.97,0:01:54.95,Default,,0000,0000,0000,,can achieve the compliance.
Dialogue: 0,0:01:54.95,0:01:58.23,Default,,0000,0000,0000,,Let's take an example.
Dialogue: 0,0:01:58.23,0:02:00.66,Default,,0000,0000,0000,,If you talk about\None scenario here.
Dialogue: 0,0:02:00.66,0:02:04.71,Default,,0000,0000,0000,,
Dialogue: 0,0:02:04.71,0:02:08.96,Default,,0000,0000,0000,,Every organization always\Nstart with the strategy.
Dialogue: 0,0:02:08.96,0:02:09.92,Default,,0000,0000,0000,,They create a strategy.
Dialogue: 0,0:02:09.92,0:02:12.96,Default,,0000,0000,0000,,
Dialogue: 0,0:02:12.96,0:02:16.53,Default,,0000,0000,0000,,Strategy is called\Nas a long-term plan.
Dialogue: 0,0:02:16.53,0:02:21.09,Default,,0000,0000,0000,,And then that\Nstrategy is further
Dialogue: 0,0:02:21.09,0:02:23.16,Default,,0000,0000,0000,,split into the tactical plan.
Dialogue: 0,0:02:23.16,0:02:26.82,Default,,0000,0000,0000,,
Dialogue: 0,0:02:26.82,0:02:30.10,Default,,0000,0000,0000,,And then we have a\Noperational plan.
Dialogue: 0,0:02:30.10,0:02:36.21,Default,,0000,0000,0000,,
Dialogue: 0,0:02:36.21,0:02:38.73,Default,,0000,0000,0000,,Now when you're talking\Nabout this strategy
Dialogue: 0,0:02:38.73,0:02:42.84,Default,,0000,0000,0000,,was created to meet\Nthe GDPR requirement.
Dialogue: 0,0:02:42.84,0:02:46.23,Default,,0000,0000,0000,,GDPR is a data\Nprivacy regulation EU.
Dialogue: 0,0:02:46.23,0:02:52.47,Default,,0000,0000,0000,,Now I have a company\Nin Kerala and they
Dialogue: 0,0:02:52.47,0:02:54.78,Default,,0000,0000,0000,,need to comply with the\NGDPR definitely because we
Dialogue: 0,0:02:54.78,0:02:56.94,Default,,0000,0000,0000,,have some employees--
Dialogue: 0,0:02:56.94,0:03:03.06,Default,,0000,0000,0000,,we have some employees here\Nwho are residing in Kerala
Dialogue: 0,0:03:03.06,0:03:08.34,Default,,0000,0000,0000,,and they're trying to access the\Ndata, which is based out in EU.
Dialogue: 0,0:03:08.34,0:03:11.62,Default,,0000,0000,0000,,And definitely, if you're\Ntrying to access the data of EU,
Dialogue: 0,0:03:11.62,0:03:14.19,Default,,0000,0000,0000,,you need to comply with GDPR.
Dialogue: 0,0:03:14.19,0:03:18.10,Default,,0000,0000,0000,,So that were clear the\NGDPR we need in the system.
Dialogue: 0,0:03:18.10,0:03:23.19,Default,,0000,0000,0000,,But the question is\Nthat, what controls
Dialogue: 0,0:03:23.19,0:03:28.41,Default,,0000,0000,0000,,we required by which we can\Nable to comply with the GDPR?
Dialogue: 0,0:03:28.41,0:03:33.63,Default,,0000,0000,0000,,So first thing what we did\Nwe introduced the framework.
Dialogue: 0,0:03:33.63,0:03:35.56,Default,,0000,0000,0000,,In Hindi, it is called dhaancha.
Dialogue: 0,0:03:35.56,0:03:40.14,Default,,0000,0000,0000,,In English, it is called\Nas a structure, which
Dialogue: 0,0:03:40.14,0:03:44.68,Default,,0000,0000,0000,,talk about the necessary\Npractice and procedures,
Dialogue: 0,0:03:44.68,0:03:47.23,Default,,0000,0000,0000,,which required to achieve\Nthe define objective.
Dialogue: 0,0:03:47.23,0:03:50.73,Default,,0000,0000,0000,,Here, I want a privacy\Nsystem by which
Dialogue: 0,0:03:50.73,0:03:53.46,Default,,0000,0000,0000,,I can basically compliance\Nmy people process
Dialogue: 0,0:03:53.46,0:03:55.33,Default,,0000,0000,0000,,technology with GDPR.
Dialogue: 0,0:03:55.33,0:03:57.91,Default,,0000,0000,0000,,So I want a privacy\Nmanagement system.
Dialogue: 0,0:03:57.91,0:04:02.05,Default,,0000,0000,0000,,So we found some frameworks for\Nthe privacy management systems.
Dialogue: 0,0:04:02.05,0:04:06.24,Default,,0000,0000,0000,,And they basically have\Na process and practices.
Dialogue: 0,0:04:06.24,0:04:08.28,Default,,0000,0000,0000,,So one of the\Nprocess in practice
Dialogue: 0,0:04:08.28,0:04:10.95,Default,,0000,0000,0000,,they say that, OK,\Nevery system required
Dialogue: 0,0:04:10.95,0:04:14.04,Default,,0000,0000,0000,,to be protected\Nwith the password.
Dialogue: 0,0:04:14.04,0:04:15.96,Default,,0000,0000,0000,,So they give me\None kind of freedom
Dialogue: 0,0:04:15.96,0:04:19.53,Default,,0000,0000,0000,,that, OK, I want a\Npassword in the system.
Dialogue: 0,0:04:19.53,0:04:22.29,Default,,0000,0000,0000,,But now the question\Nis that, should I
Dialogue: 0,0:04:22.29,0:04:24.99,Default,,0000,0000,0000,,go for a specific practice\Nand process, which
Dialogue: 0,0:04:24.99,0:04:26.97,Default,,0000,0000,0000,,is given as per the\Nframework, or should I
Dialogue: 0,0:04:26.97,0:04:31.17,Default,,0000,0000,0000,,go for any kind of a industry\Nstandard for a benchmark?
Dialogue: 0,0:04:31.17,0:04:35.25,Default,,0000,0000,0000,,And there, we basically\Nintroduce the standard.
Dialogue: 0,0:04:35.25,0:04:41.01,Default,,0000,0000,0000,,Now as per the ISO\N27001, they say
Dialogue: 0,0:04:41.01,0:04:43.59,Default,,0000,0000,0000,,that system must be protected\Nwith the password with the eight
Dialogue: 0,0:04:43.59,0:04:44.29,Default,,0000,0000,0000,,character.
Dialogue: 0,0:04:44.29,0:04:47.97,Default,,0000,0000,0000,,So this is something is\Na matrix we introduced.
Dialogue: 0,0:04:47.97,0:04:50.01,Default,,0000,0000,0000,,So that is why we say\Nfirst we introduce
Dialogue: 0,0:04:50.01,0:04:55.08,Default,,0000,0000,0000,,a framework, which helped\Nme to build the structure.
Dialogue: 0,0:04:55.08,0:04:57.28,Default,,0000,0000,0000,,Same like when you\Nare building a house,
Dialogue: 0,0:04:57.28,0:04:58.81,Default,,0000,0000,0000,,you first design the house.
Dialogue: 0,0:04:58.81,0:05:02.23,Default,,0000,0000,0000,,Here, I need a balcony,\Nhere you need a first floor,
Dialogue: 0,0:05:02.23,0:05:04.38,Default,,0000,0000,0000,,here we need a second floor,\Nhere we need a third--
Dialogue: 0,0:05:04.38,0:05:04.88,Default,,0000,0000,0000,,Sorry.
Dialogue: 0,0:05:04.88,0:05:07.53,Default,,0000,0000,0000,,We need a first room, second\Nroom, third room, and then
Dialogue: 0,0:05:07.53,0:05:10.08,Default,,0000,0000,0000,,we decide we need\Na bed in each room.
Dialogue: 0,0:05:10.08,0:05:11.68,Default,,0000,0000,0000,,So this is as per the design.
Dialogue: 0,0:05:11.68,0:05:14.40,Default,,0000,0000,0000,,But what is a standard bed?
Dialogue: 0,0:05:14.40,0:05:16.74,Default,,0000,0000,0000,,What is a standard sofa?
Dialogue: 0,0:05:16.74,0:05:19.24,Default,,0000,0000,0000,,What is a standard\Ndoor we required?
Dialogue: 0,0:05:19.24,0:05:22.03,Default,,0000,0000,0000,,So we used to say that\Nit should be ISO 9001
Dialogue: 0,0:05:22.03,0:05:23.98,Default,,0000,0000,0000,,or they have their own standard.
Dialogue: 0,0:05:23.98,0:05:25.92,Default,,0000,0000,0000,,So standard was\Nbasically introduced
Dialogue: 0,0:05:25.92,0:05:27.79,Default,,0000,0000,0000,,to measure the effectiveness.
Dialogue: 0,0:05:27.79,0:05:32.43,Default,,0000,0000,0000,,Standard was basically\Nintroduced to set the benchmark.
Dialogue: 0,0:05:32.43,0:05:34.71,Default,,0000,0000,0000,,So whenever we are\Nbuilding any kind
Dialogue: 0,0:05:34.71,0:05:39.73,Default,,0000,0000,0000,,of a system in the organization,\Nfirst we adopt the framework.
Dialogue: 0,0:05:39.73,0:05:42.37,Default,,0000,0000,0000,,The framework comes with\Na practice and procedures.
Dialogue: 0,0:05:42.37,0:05:44.82,Default,,0000,0000,0000,,And to enhance that\Npractice and procedure,
Dialogue: 0,0:05:44.82,0:05:46.93,Default,,0000,0000,0000,,then we can go for the\Nspecialization standard.
Dialogue: 0,0:05:46.93,0:05:49.66,Default,,0000,0000,0000,,In this example, I want\Nto comply with GDPR.
Dialogue: 0,0:05:49.66,0:05:52.01,Default,,0000,0000,0000,,I want a privacy system\Nin the organization.
Dialogue: 0,0:05:52.01,0:05:54.32,Default,,0000,0000,0000,,So I adopted one of\Nthe privacy framework.
Dialogue: 0,0:05:54.32,0:05:55.93,Default,,0000,0000,0000,,Now, in that privacy\Nframework, one
Dialogue: 0,0:05:55.93,0:05:58.52,Default,,0000,0000,0000,,of the practice and procedure\Nis must have a password.
Dialogue: 0,0:05:58.52,0:05:59.69,Default,,0000,0000,0000,,Now I have a two choice.
Dialogue: 0,0:05:59.69,0:06:01.45,Default,,0000,0000,0000,,I can create my\Nown password, which
Dialogue: 0,0:06:01.45,0:06:03.70,Default,,0000,0000,0000,,can be used because\Nframework can be modified
Dialogue: 0,0:06:03.70,0:06:05.87,Default,,0000,0000,0000,,as per your business objective.
Dialogue: 0,0:06:05.87,0:06:09.40,Default,,0000,0000,0000,,But if you basically adopt\Nthe standard because ISO
Dialogue: 0,0:06:09.40,0:06:11.90,Default,,0000,0000,0000,,claim you must have\Neight character password.
Dialogue: 0,0:06:11.90,0:06:13.94,Default,,0000,0000,0000,,So eight character\Nis a strong password.
Dialogue: 0,0:06:13.94,0:06:16.72,Default,,0000,0000,0000,,And tomorrow, when I claimed\Nin the industry that,
Dialogue: 0,0:06:16.72,0:06:21.28,Default,,0000,0000,0000,,yes, I am a ISO 27001 certified\Nbecause I am following
Dialogue: 0,0:06:21.28,0:06:22.46,Default,,0000,0000,0000,,their particular standard.
Dialogue: 0,0:06:22.46,0:06:25.39,Default,,0000,0000,0000,,Same like CISA, you\Nare pursuing just
Dialogue: 0,0:06:25.39,0:06:27.08,Default,,0000,0000,0000,,for knowledge that\Nis a framework.
Dialogue: 0,0:06:27.08,0:06:30.47,Default,,0000,0000,0000,,But in CISA, you need to\Nread those stuff also,
Dialogue: 0,0:06:30.47,0:06:32.14,Default,,0000,0000,0000,,which is not relevant\Nto your profile,
Dialogue: 0,0:06:32.14,0:06:33.52,Default,,0000,0000,0000,,but that is required\Nfor the exam
Dialogue: 0,0:06:33.52,0:06:35.32,Default,,0000,0000,0000,,because tomorrow you\Nare going to use CISA
Dialogue: 0,0:06:35.32,0:06:37.76,Default,,0000,0000,0000,,as a name standard in your CV.
Dialogue: 0,0:06:37.76,0:06:42.14,Default,,0000,0000,0000,,So that is why in the Domain\N5, the most important element,
Dialogue: 0,0:06:42.14,0:06:43.61,Default,,0000,0000,0000,,you need to know the frameworks.
Dialogue: 0,0:06:43.61,0:06:46.90,Default,,0000,0000,0000,,
Dialogue: 0,0:06:46.90,0:06:50.84,Default,,0000,0000,0000,,So that is why in the Domain\N5, the Domain 5 itself,
Dialogue: 0,0:06:50.84,0:06:54.25,Default,,0000,0000,0000,,starting with the auditing, the\Ninformation security management
Dialogue: 0,0:06:54.25,0:06:57.97,Default,,0000,0000,0000,,framework and ultimate goal of\Ninformation security management
Dialogue: 0,0:06:57.97,0:07:01.82,Default,,0000,0000,0000,,framework is to reduce the\Nrisk to an acceptable level.
Dialogue: 0,0:07:01.82,0:07:04.42,Default,,0000,0000,0000,,So we have a NIST\Nframework which
Dialogue: 0,0:07:04.42,0:07:06.56,Default,,0000,0000,0000,,talks about the\Nbest practice, how
Dialogue: 0,0:07:06.56,0:07:09.19,Default,,0000,0000,0000,,to achieve the cybersecurity, or\Nhow to achieve the information
Dialogue: 0,0:07:09.19,0:07:10.91,Default,,0000,0000,0000,,security in the organization.
Dialogue: 0,0:07:10.91,0:07:13.23,Default,,0000,0000,0000,,Let me show you the\Ndocument, how it look like.
Dialogue: 0,0:07:13.23,0:07:15.79,Default,,0000,0000,0000,,
Dialogue: 0,0:07:15.79,0:07:19.36,Default,,0000,0000,0000,,So this is the document\Nwe have for the NIST.
Dialogue: 0,0:07:19.36,0:07:23.95,Default,,0000,0000,0000,,If you can see that, they have\Norganized the entire process
Dialogue: 0,0:07:23.95,0:07:29.77,Default,,0000,0000,0000,,into some categories, like\Nidentifies where they are
Dialogue: 0,0:07:29.77,0:07:31.33,Default,,0000,0000,0000,,talking about we\Nneed a governance,
Dialogue: 0,0:07:31.33,0:07:33.13,Default,,0000,0000,0000,,and what is required\Nin the governance
Dialogue: 0,0:07:33.13,0:07:35.51,Default,,0000,0000,0000,,they talk about these\Nare the practices.
Dialogue: 0,0:07:35.51,0:07:38.47,Default,,0000,0000,0000,,And if you want to set\Nany kind of a benchmark
Dialogue: 0,0:07:38.47,0:07:40.30,Default,,0000,0000,0000,,against something, you\Nneed to claim we have
Dialogue: 0,0:07:40.30,0:07:43.82,Default,,0000,0000,0000,,a respective controls also.
Dialogue: 0,0:07:43.82,0:07:45.25,Default,,0000,0000,0000,,So you can see here.
Dialogue: 0,0:07:45.25,0:07:47.20,Default,,0000,0000,0000,,Then if I zoom it--
Dialogue: 0,0:07:47.20,0:07:50.08,Default,,0000,0000,0000,,now, if I join one\Ncompany and where
Dialogue: 0,0:07:50.08,0:07:53.83,Default,,0000,0000,0000,,I want the information security\Nas a system I want to introduce.
Dialogue: 0,0:07:53.83,0:07:57.71,Default,,0000,0000,0000,,So I can refer this NIST\Nframework based on my knowledge,
Dialogue: 0,0:07:57.71,0:07:59.66,Default,,0000,0000,0000,,I can go by step\Nby step process.
Dialogue: 0,0:07:59.66,0:08:02.93,Default,,0000,0000,0000,,They say, OK, as per the\Nframework control one,
Dialogue: 0,0:08:02.93,0:08:05.12,Default,,0000,0000,0000,,you must have an\Nasset management.
Dialogue: 0,0:08:05.12,0:08:07.63,Default,,0000,0000,0000,,Now in this case,\Nwhat is a subcategory,
Dialogue: 0,0:08:07.63,0:08:10.21,Default,,0000,0000,0000,,like physical device and\Nsystem within the organizations
Dialogue: 0,0:08:10.21,0:08:11.35,Default,,0000,0000,0000,,are inventoried.
Dialogue: 0,0:08:11.35,0:08:13.72,Default,,0000,0000,0000,,Software platforms\Nand applications
Dialogue: 0,0:08:13.72,0:08:16.22,Default,,0000,0000,0000,,within the organizations\Nare inventoried.
Dialogue: 0,0:08:16.22,0:08:19.46,Default,,0000,0000,0000,,Organization communications\Nand data flows are mapped.
Dialogue: 0,0:08:19.46,0:08:22.04,Default,,0000,0000,0000,,External information\Nsystems are cataloged.
Dialogue: 0,0:08:22.04,0:08:25.64,Default,,0000,0000,0000,,Resources are prioritized\Nbased on the classification
Dialogue: 0,0:08:25.64,0:08:29.44,Default,,0000,0000,0000,,criticality and business\Nvalue, and cyber security roles
Dialogue: 0,0:08:29.44,0:08:32.11,Default,,0000,0000,0000,,and responsibility for entire\Nworkforce in third party
Dialogue: 0,0:08:32.11,0:08:32.93,Default,,0000,0000,0000,,establish.
Dialogue: 0,0:08:32.93,0:08:36.92,Default,,0000,0000,0000,,Now they have a specific\Ncontrols for that in detail.
Dialogue: 0,0:08:36.92,0:08:38.99,Default,,0000,0000,0000,,So for that, we can\Nrefer the standard.
Dialogue: 0,0:08:38.99,0:08:41.60,Default,,0000,0000,0000,,So standard was introduced\Nto measure the effectiveness.
Dialogue: 0,0:08:41.60,0:08:44.08,Default,,0000,0000,0000,,So this is how we\Ncan basically adopt
Dialogue: 0,0:08:44.08,0:08:48.22,Default,,0000,0000,0000,,any framework I can basically\Nscope as per my business
Dialogue: 0,0:08:48.22,0:08:49.96,Default,,0000,0000,0000,,requirement by which\NI can eliminate
Dialogue: 0,0:08:49.96,0:08:52.49,Default,,0000,0000,0000,,the need for implementing\Nthis entire framework
Dialogue: 0,0:08:52.49,0:08:55.40,Default,,0000,0000,0000,,and tailor it as per\Nmy business choice.
Dialogue: 0,0:08:55.40,0:08:58.78,Default,,0000,0000,0000,,So this is what we called as a\Ninformation security framework
Dialogue: 0,0:08:58.78,0:09:01.18,Default,,0000,0000,0000,,or cyber security framework.
Dialogue: 0,0:09:01.18,0:09:05.62,Default,,0000,0000,0000,,Now coming back, so in\NDomain 5, the first part
Dialogue: 0,0:09:05.62,0:09:09.34,Default,,0000,0000,0000,,we talk about audit the\Ninformation security management
Dialogue: 0,0:09:09.34,0:09:12.97,Default,,0000,0000,0000,,framework so you can adopt\Nany kind of a benchmark, which
Dialogue: 0,0:09:12.97,0:09:15.62,Default,,0000,0000,0000,,is approved benchmark\Nfrom the organization.
Dialogue: 0,0:09:15.62,0:09:17.24,Default,,0000,0000,0000,,And based on that,\Nyou can assess.
Dialogue: 0,0:09:17.24,0:09:19.57,Default,,0000,0000,0000,,See, when we're talking\Nabout any governance,
Dialogue: 0,0:09:19.57,0:09:22.34,Default,,0000,0000,0000,,policy is the foundation\Nfor any governance.
Dialogue: 0,0:09:22.34,0:09:23.47,Default,,0000,0000,0000,,What is governance like?
Dialogue: 0,0:09:23.47,0:09:25.49,Default,,0000,0000,0000,,In order to manage kids at home.
Dialogue: 0,0:09:25.49,0:09:26.86,Default,,0000,0000,0000,,That is your governance.
Dialogue: 0,0:09:26.86,0:09:29.66,Default,,0000,0000,0000,,Manage country, run\Ncountry's operation.
Dialogue: 0,0:09:29.66,0:09:30.77,Default,,0000,0000,0000,,That is a governance.
Dialogue: 0,0:09:30.77,0:09:33.52,Default,,0000,0000,0000,,So governance is\Na-- governance is
Dialogue: 0,0:09:33.52,0:09:36.25,Default,,0000,0000,0000,,an important part of the\Norganization and policy is
Dialogue: 0,0:09:36.25,0:09:38.54,Default,,0000,0000,0000,,the foundation of governance.
Dialogue: 0,0:09:38.54,0:09:42.74,Default,,0000,0000,0000,,If I say policy, policy is\Nthe management statement.
Dialogue: 0,0:09:42.74,0:09:45.27,Default,,0000,0000,0000,,Policy is the management intent.
Dialogue: 0,0:09:45.27,0:09:47.76,Default,,0000,0000,0000,,Anything they want to\Nenforce in the organization,
Dialogue: 0,0:09:47.76,0:09:49.41,Default,,0000,0000,0000,,they create a policy for that.
Dialogue: 0,0:09:49.41,0:09:53.07,Default,,0000,0000,0000,,Example like every system must\Nbe protected with the password.
Dialogue: 0,0:09:53.07,0:09:54.12,Default,,0000,0000,0000,,So it's a policy.
Dialogue: 0,0:09:54.12,0:09:56.49,Default,,0000,0000,0000,,Password must be\Neight character.
Dialogue: 0,0:09:56.49,0:09:58.14,Default,,0000,0000,0000,,Now we introduce as a standard.
Dialogue: 0,0:09:58.14,0:10:01.19,Default,,0000,0000,0000,,Standard is a tool by which\Nwe enforce the policy.
Dialogue: 0,0:10:01.19,0:10:05.91,Default,,0000,0000,0000,,And how to create step by\Nstep eight character password.
Dialogue: 0,0:10:05.91,0:10:07.25,Default,,0000,0000,0000,,That is a written procedure.
Dialogue: 0,0:10:07.25,0:10:09.72,Default,,0000,0000,0000,,Procedure always in\Ndetail in nature.
Dialogue: 0,0:10:09.72,0:10:12.42,Default,,0000,0000,0000,,So policy is\Nstrategic in nature,
Dialogue: 0,0:10:12.42,0:10:16.82,Default,,0000,0000,0000,,standard is tactical in nature,\Nand procedure is basically
Dialogue: 0,0:10:16.82,0:10:18.36,Default,,0000,0000,0000,,operational in nature.
Dialogue: 0,0:10:18.36,0:10:22.01,Default,,0000,0000,0000,,We create a detailed procedure\Nwhich is easy for people
Dialogue: 0,0:10:22.01,0:10:24.32,Default,,0000,0000,0000,,to understand.
Dialogue: 0,0:10:24.32,0:10:29.07,Default,,0000,0000,0000,,Now next thing is called as a\Nsecurity awareness and training.
Dialogue: 0,0:10:29.07,0:10:30.95,Default,,0000,0000,0000,,Now let me explain the\Ndifferent-- thin line
Dialogue: 0,0:10:30.95,0:10:35.06,Default,,0000,0000,0000,,difference between the\Nawareness, training,
Dialogue: 0,0:10:35.06,0:10:36.56,Default,,0000,0000,0000,,and education.
Dialogue: 0,0:10:36.56,0:10:38.76,Default,,0000,0000,0000,,Awareness is a short term.
Dialogue: 0,0:10:38.76,0:10:41.72,Default,,0000,0000,0000,,I was in an impression that,\NOK, eight character password
Dialogue: 0,0:10:41.72,0:10:42.87,Default,,0000,0000,0000,,is a secure password.
Dialogue: 0,0:10:42.87,0:10:46.32,Default,,0000,0000,0000,,So I was using a 12345678.
Dialogue: 0,0:10:46.32,0:10:49.16,Default,,0000,0000,0000,,But when I attended any\Nawareness workshop which
Dialogue: 0,0:10:49.16,0:10:52.79,Default,,0000,0000,0000,,modify my behavior and now I\Nget to know eight character
Dialogue: 0,0:10:52.79,0:10:54.92,Default,,0000,0000,0000,,should not be only numeric.
Dialogue: 0,0:10:54.92,0:10:58.14,Default,,0000,0000,0000,,OK, so I start using a\Nalphanumeric and spatial.
Dialogue: 0,0:10:58.14,0:11:00.84,Default,,0000,0000,0000,,So that's something\Nmodify my behavior.
Dialogue: 0,0:11:00.84,0:11:03.59,Default,,0000,0000,0000,,The question is that how to\Nmeasure the effectiveness
Dialogue: 0,0:11:03.59,0:11:05.36,Default,,0000,0000,0000,,of the awareness training.
Dialogue: 0,0:11:05.36,0:11:06.98,Default,,0000,0000,0000,,By reviewing the\Nnumber of people
Dialogue: 0,0:11:06.98,0:11:08.79,Default,,0000,0000,0000,,participated in the\Nawareness program?
Dialogue: 0,0:11:08.79,0:11:10.13,Default,,0000,0000,0000,,No.
Dialogue: 0,0:11:10.13,0:11:13.16,Default,,0000,0000,0000,,As an auditor, I\Ncan able to evaluate
Dialogue: 0,0:11:13.16,0:11:17.27,Default,,0000,0000,0000,,the effectiveness of\Nawareness training
Dialogue: 0,0:11:17.27,0:11:21.35,Default,,0000,0000,0000,,is by seeing the number\Nof incidents reported.
Dialogue: 0,0:11:21.35,0:11:23.06,Default,,0000,0000,0000,,Let's take an example.
Dialogue: 0,0:11:23.06,0:11:26.39,Default,,0000,0000,0000,,Last week, we have conducted\Nthe awareness workshop.
Dialogue: 0,0:11:26.39,0:11:31.34,Default,,0000,0000,0000,,And at that time, we had\N70 incidents was reported.
Dialogue: 0,0:11:31.34,0:11:34.59,Default,,0000,0000,0000,,And this week, 140\Nincidents has been reported.
Dialogue: 0,0:11:34.59,0:11:38.25,Default,,0000,0000,0000,,It means people are now more\Naware about the incidents.
Dialogue: 0,0:11:38.25,0:11:40.86,Default,,0000,0000,0000,,So always remember\Nthe way-- in order
Dialogue: 0,0:11:40.86,0:11:42.96,Default,,0000,0000,0000,,to measure the effectiveness\Nof awareness training
Dialogue: 0,0:11:42.96,0:11:45.33,Default,,0000,0000,0000,,is increase in the\Nincident reports
Dialogue: 0,0:11:45.33,0:11:48.07,Default,,0000,0000,0000,,and decrease in a\Nsecurity violation.
Dialogue: 0,0:11:48.07,0:11:50.25,Default,,0000,0000,0000,,So awareness modify\Nthe behavior.
Dialogue: 0,0:11:50.25,0:11:53.49,Default,,0000,0000,0000,,Training modify the skill, and\Neducation modify your career.
Dialogue: 0,0:11:53.49,0:11:55.82,Default,,0000,0000,0000,,Like doing a CISA\Ntraining, serious training.
Dialogue: 0,0:11:55.82,0:11:57.78,Default,,0000,0000,0000,,See some training is a\Npart of a training which
Dialogue: 0,0:11:57.78,0:11:59.08,Default,,0000,0000,0000,,modify your skills.
Dialogue: 0,0:11:59.08,0:12:01.65,Default,,0000,0000,0000,,But annually you are\Nattending any college program
Dialogue: 0,0:12:01.65,0:12:03.37,Default,,0000,0000,0000,,that is called as an education.
Dialogue: 0,0:12:03.37,0:12:06.18,Default,,0000,0000,0000,,Another important thing\Nthat you must be familiar
Dialogue: 0,0:12:06.18,0:12:10.44,Default,,0000,0000,0000,,with that, which is called\Nas a data ownership.
Dialogue: 0,0:12:10.44,0:12:11.95,Default,,0000,0000,0000,,Data ownership.
Dialogue: 0,0:12:11.95,0:12:14.37,Default,,0000,0000,0000,,So data ownership is another\Nimportant thing we have
Dialogue: 0,0:12:14.37,0:12:16.05,Default,,0000,0000,0000,,that you must be aware about.
Dialogue: 0,0:12:16.05,0:12:18.12,Default,,0000,0000,0000,,In data ownership,\Nlike data owner
Dialogue: 0,0:12:18.12,0:12:21.16,Default,,0000,0000,0000,,is the one who ultimately\Naccountable for the data.
Dialogue: 0,0:12:21.16,0:12:23.52,Default,,0000,0000,0000,,So whenever you\Nclassifying any data,
Dialogue: 0,0:12:23.52,0:12:25.53,Default,,0000,0000,0000,,you basically speak\Nto the data owner
Dialogue: 0,0:12:25.53,0:12:29.10,Default,,0000,0000,0000,,only, because data owners are\Nbest positioned to tell you
Dialogue: 0,0:12:29.10,0:12:30.14,Default,,0000,0000,0000,,the value of the data.
Dialogue: 0,0:12:30.14,0:12:33.54,Default,,0000,0000,0000,,
Dialogue: 0,0:12:33.54,0:12:37.41,Default,,0000,0000,0000,,The next important\Nthing is called as a--
Dialogue: 0,0:12:37.41,0:12:39.43,Default,,0000,0000,0000,,yeah, can we transfer\Nthe data ownership?
Dialogue: 0,0:12:39.43,0:12:42.28,Default,,0000,0000,0000,,No, you can't transfer\Nthe data ownership.
Dialogue: 0,0:12:42.28,0:12:44.73,Default,,0000,0000,0000,,So on behalf of data\Nowner who manage
Dialogue: 0,0:12:44.73,0:12:47.22,Default,,0000,0000,0000,,the data is the data\Ncustodian because he
Dialogue: 0,0:12:47.22,0:12:50.25,Default,,0000,0000,0000,,is responsible for storing\Nand safeguarding the data.
Dialogue: 0,0:12:50.25,0:12:52.63,Default,,0000,0000,0000,,OK, like system analyst,\Ncomputer operator,
Dialogue: 0,0:12:52.63,0:12:55.30,Default,,0000,0000,0000,,database operator, they are the\Nones who are the data custodian.
Dialogue: 0,0:12:55.30,0:12:56.91,Default,,0000,0000,0000,,Let's take an example.
Dialogue: 0,0:12:56.91,0:12:58.21,Default,,0000,0000,0000,,I am the business owner.
Dialogue: 0,0:12:58.21,0:12:59.47,Default,,0000,0000,0000,,I produce one data.
Dialogue: 0,0:12:59.47,0:13:01.45,Default,,0000,0000,0000,,I bring more data\Nin the organization.
Dialogue: 0,0:13:01.45,0:13:04.35,Default,,0000,0000,0000,,Now I have a IM team,\NI have a database team
Dialogue: 0,0:13:04.35,0:13:07.03,Default,,0000,0000,0000,,who manage the data\Non behalf of me.
Dialogue: 0,0:13:07.03,0:13:08.38,Default,,0000,0000,0000,,I will say, hey, Eric.
Dialogue: 0,0:13:08.38,0:13:09.55,Default,,0000,0000,0000,,Please maintain my data.
Dialogue: 0,0:13:09.55,0:13:13.33,Default,,0000,0000,0000,,So here the Eric will maintain\Nthe protection of the data,
Dialogue: 0,0:13:13.33,0:13:15.25,Default,,0000,0000,0000,,but he will follow\Nall my guidelines
Dialogue: 0,0:13:15.25,0:13:17.16,Default,,0000,0000,0000,,according to that only\Nhe protect the data.
Dialogue: 0,0:13:17.16,0:13:18.78,Default,,0000,0000,0000,,I will clearly tell\Nhim, see, this data
Dialogue: 0,0:13:18.78,0:13:21.01,Default,,0000,0000,0000,,is basically based\Non EU customer
Dialogue: 0,0:13:21.01,0:13:23.05,Default,,0000,0000,0000,,so make sure you should\Nprotect effectively.
Dialogue: 0,0:13:23.05,0:13:25.26,Default,,0000,0000,0000,,So here I am a data\Nowner who instruct him
Dialogue: 0,0:13:25.26,0:13:26.65,Default,,0000,0000,0000,,that this is the EU data.
Dialogue: 0,0:13:26.65,0:13:29.77,Default,,0000,0000,0000,,If something goes wrong,\Nhe going to question me
Dialogue: 0,0:13:29.77,0:13:32.44,Default,,0000,0000,0000,,and it is a difficult-- it is\Ndifficult for me to answer.
Dialogue: 0,0:13:32.44,0:13:35.25,Default,,0000,0000,0000,,So here, the database\Nadministrator,
Dialogue: 0,0:13:35.25,0:13:38.31,Default,,0000,0000,0000,,based on my guidance,\Ngoing to protect the data.
Dialogue: 0,0:13:38.31,0:13:42.39,Default,,0000,0000,0000,,So data owner one is the\None who value the data,
Dialogue: 0,0:13:42.39,0:13:43.95,Default,,0000,0000,0000,,and data custodian--
Dialogue: 0,0:13:43.95,0:13:47.22,Default,,0000,0000,0000,,
Dialogue: 0,0:13:47.22,0:13:52.21,Default,,0000,0000,0000,,data custodian manage the\Ndata on behalf of data owner.
Dialogue: 0,0:13:52.21,0:13:55.99,Default,,0000,0000,0000,,The third is basically called\Nas a security administrator.
Dialogue: 0,0:13:55.99,0:13:58.23,Default,,0000,0000,0000,,Security administrator is\Nanother important position
Dialogue: 0,0:13:58.23,0:13:58.87,Default,,0000,0000,0000,,we have.
Dialogue: 0,0:13:58.87,0:14:02.16,Default,,0000,0000,0000,,He is responsible for providing\Nan adequate physical and logical
Dialogue: 0,0:14:02.16,0:14:04.90,Default,,0000,0000,0000,,security for the\Ninformation system,
Dialogue: 0,0:14:04.90,0:14:08.02,Default,,0000,0000,0000,,and also providing a security\Nto the data and equipments.
Dialogue: 0,0:14:08.02,0:14:11.68,Default,,0000,0000,0000,,So his role is more like a\Nimplementer kind of thing.
Dialogue: 0,0:14:11.68,0:14:13.56,Default,,0000,0000,0000,,Example, firewall administrator.
Dialogue: 0,0:14:13.56,0:14:14.17,Default,,0000,0000,0000,,OK.
Dialogue: 0,0:14:14.17,0:14:17.17,Default,,0000,0000,0000,,VAPT guys, control implementer.
Dialogue: 0,0:14:17.17,0:14:20.11,Default,,0000,0000,0000,,These are basically called\Nas security administrators.
Dialogue: 0,0:14:20.11,0:14:23.07,Default,,0000,0000,0000,,Then we have a new IT\Nusers, the one who basically
Dialogue: 0,0:14:23.07,0:14:24.25,Default,,0000,0000,0000,,join the organization.
Dialogue: 0,0:14:24.25,0:14:27.79,Default,,0000,0000,0000,,Make sure they should read and\Nagree to the security policies,
Dialogue: 0,0:14:27.79,0:14:30.04,Default,,0000,0000,0000,,keep login ID and\Npassword secret,
Dialogue: 0,0:14:30.04,0:14:31.95,Default,,0000,0000,0000,,create the quality\Npassword, lock all
Dialogue: 0,0:14:31.95,0:14:34.20,Default,,0000,0000,0000,,the terminals for the IT users.
Dialogue: 0,0:14:34.20,0:14:36.09,Default,,0000,0000,0000,,Next is we have a data users.
Dialogue: 0,0:14:36.09,0:14:38.10,Default,,0000,0000,0000,,Data user example\Nlike the IT users
Dialogue: 0,0:14:38.10,0:14:41.02,Default,,0000,0000,0000,,who are creating a data it is\Naccessed by the data user only.
Dialogue: 0,0:14:41.02,0:14:43.21,Default,,0000,0000,0000,,I have a team who create a data.
Dialogue: 0,0:14:43.21,0:14:46.81,Default,,0000,0000,0000,,OK, now you are basically\Nthe one who review this data.
Dialogue: 0,0:14:46.81,0:14:48.28,Default,,0000,0000,0000,,So you are the data user.
Dialogue: 0,0:14:48.28,0:14:50.55,Default,,0000,0000,0000,,So the responsibility\Nregarding a security
Dialogue: 0,0:14:50.55,0:14:52.59,Default,,0000,0000,0000,,and to be vigilant\Nregarding the monitoring
Dialogue: 0,0:14:52.59,0:14:54.93,Default,,0000,0000,0000,,of the unauthorized\Npeople in the work areas
Dialogue: 0,0:14:54.93,0:14:57.45,Default,,0000,0000,0000,,and comply with the\Ngeneral security guidelines
Dialogue: 0,0:14:57.45,0:14:58.63,Default,,0000,0000,0000,,and policies.
Dialogue: 0,0:14:58.63,0:15:02.25,Default,,0000,0000,0000,,So data users include the\Nexternal and internal user
Dialogue: 0,0:15:02.25,0:15:03.31,Default,,0000,0000,0000,,communities.
Dialogue: 0,0:15:03.31,0:15:05.98,Default,,0000,0000,0000,,Next, we have a\Ndocumented authorization.
Dialogue: 0,0:15:05.98,0:15:08.40,Default,,0000,0000,0000,,So data access should be\Nidentified and authorized
Dialogue: 0,0:15:08.40,0:15:09.22,Default,,0000,0000,0000,,in a writing.
Dialogue: 0,0:15:09.22,0:15:11.55,Default,,0000,0000,0000,,So as an IS auditor,\Nyou should review
Dialogue: 0,0:15:11.55,0:15:13.74,Default,,0000,0000,0000,,a sample of the\Nauthorization to determine
Dialogue: 0,0:15:13.74,0:15:16.33,Default,,0000,0000,0000,,if the proper level of written\Nauthority was provided.
Dialogue: 0,0:15:16.33,0:15:18.01,Default,,0000,0000,0000,,Example, I am an auditor.
Dialogue: 0,0:15:18.01,0:15:19.20,Default,,0000,0000,0000,,I am going for an audit.
Dialogue: 0,0:15:19.20,0:15:21.99,Default,,0000,0000,0000,,As per the audit, for this\Nkind of a permissions,
Dialogue: 0,0:15:21.99,0:15:23.95,Default,,0000,0000,0000,,we need an approval from\Nthe senior management.
Dialogue: 0,0:15:23.95,0:15:26.37,Default,,0000,0000,0000,,So we will ask for the\Nsample of an email which
Dialogue: 0,0:15:26.37,0:15:27.96,Default,,0000,0000,0000,,can confirm that\Nyou are authorized
Dialogue: 0,0:15:27.96,0:15:29.13,Default,,0000,0000,0000,,to access the document.
Dialogue: 0,0:15:29.13,0:15:32.40,Default,,0000,0000,0000,,And the similar pattern you\Ncan get in a CISA exam also.
Dialogue: 0,0:15:32.40,0:15:33.94,Default,,0000,0000,0000,,Like you are an auditor.
Dialogue: 0,0:15:33.94,0:15:37.08,Default,,0000,0000,0000,,You have discovered that some\Naccess has been attempted
Dialogue: 0,0:15:37.08,0:15:38.95,Default,,0000,0000,0000,,to access specific files.
Dialogue: 0,0:15:38.95,0:15:40.07,Default,,0000,0000,0000,,Now how to verify.
Dialogue: 0,0:15:40.07,0:15:40.99,Default,,0000,0000,0000,,What is the next step?
Dialogue: 0,0:15:40.99,0:15:43.54,Default,,0000,0000,0000,,The next step is we will\Nrequest for those exceptions.
Dialogue: 0,0:15:43.54,0:15:45.30,Default,,0000,0000,0000,,We request for\Nthe email exchange
Dialogue: 0,0:15:45.30,0:15:47.31,Default,,0000,0000,0000,,which say that, OK, you're\Nauthorized to access
Dialogue: 0,0:15:47.31,0:15:48.90,Default,,0000,0000,0000,,that particular documents.
Dialogue: 0,0:15:48.90,0:15:52.56,Default,,0000,0000,0000,,Next important thing we call\Nthat the terminated employee
Dialogue: 0,0:15:52.56,0:15:53.38,Default,,0000,0000,0000,,access.
Dialogue: 0,0:15:53.38,0:15:56.17,Default,,0000,0000,0000,,See, whenever any employee\Nleave the organization,
Dialogue: 0,0:15:56.17,0:15:58.00,Default,,0000,0000,0000,,we don't delete his account.
Dialogue: 0,0:15:58.00,0:15:59.32,Default,,0000,0000,0000,,We disable the account.
Dialogue: 0,0:15:59.32,0:16:01.93,Default,,0000,0000,0000,,The first step is notify\Nall the Department
Dialogue: 0,0:16:01.93,0:16:04.33,Default,,0000,0000,0000,,and the second step\Nis revoke his access.
Dialogue: 0,0:16:04.33,0:16:05.91,Default,,0000,0000,0000,,But the question\Ntalking about what
Dialogue: 0,0:16:05.91,0:16:09.72,Default,,0000,0000,0000,,is the best action that we have\Nto take against the terminated
Dialogue: 0,0:16:09.72,0:16:13.38,Default,,0000,0000,0000,,employee, the thing is\Nthat revoke his access.
Dialogue: 0,0:16:13.38,0:16:16.89,Default,,0000,0000,0000,,Termination is two-type:\Nvoluntary and involuntary.
Dialogue: 0,0:16:16.89,0:16:19.81,Default,,0000,0000,0000,,Voluntary termination\Nwhen employee resign,
Dialogue: 0,0:16:19.81,0:16:23.77,Default,,0000,0000,0000,,and involuntary termination\Nwhen company say ask to leave.
Dialogue: 0,0:16:23.77,0:16:26.67,Default,,0000,0000,0000,,But during this process,\Nduring a termination process,
Dialogue: 0,0:16:26.67,0:16:31.21,Default,,0000,0000,0000,,IS auditor need to review that\Nany terminated employer is
Dialogue: 0,0:16:31.21,0:16:33.52,Default,,0000,0000,0000,,having access to the\Nsystem, and that is also
Dialogue: 0,0:16:33.52,0:16:34.88,Default,,0000,0000,0000,,one of the biggest concern.
Dialogue: 0,0:16:34.88,0:16:37.75,Default,,0000,0000,0000,,If terminated employee\Nalready left the organization
Dialogue: 0,0:16:37.75,0:16:40.17,Default,,0000,0000,0000,,and he still has access\Nto the organization,
Dialogue: 0,0:16:40.17,0:16:41.42,Default,,0000,0000,0000,,then it's the biggest concern.
Dialogue: 0,0:16:41.42,0:16:43.21,Default,,0000,0000,0000,,So from an exam point\Nof view, remember
Dialogue: 0,0:16:43.21,0:16:45.50,Default,,0000,0000,0000,,this is one of the\Nbiggest concern we have.
Dialogue: 0,0:16:45.50,0:16:49.51,Default,,0000,0000,0000,,Whenever we implementing any\Nkind of a control, security
Dialogue: 0,0:16:49.51,0:16:51.76,Default,,0000,0000,0000,,baseline we have to follow.
Dialogue: 0,0:16:51.76,0:16:52.85,Default,,0000,0000,0000,,What is baseline?
Dialogue: 0,0:16:52.85,0:16:54.52,Default,,0000,0000,0000,,Baseline is a minimum\Nlevel of security
Dialogue: 0,0:16:54.52,0:16:56.63,Default,,0000,0000,0000,,that we need to\Nfollow in the system.
Dialogue: 0,0:16:56.63,0:16:58.76,Default,,0000,0000,0000,,Let me explain you\Nwith the reference.
Dialogue: 0,0:16:58.76,0:17:01.75,Default,,0000,0000,0000,,Now I want a baseline\Nfor my organization.
Dialogue: 0,0:17:01.75,0:17:02.57,Default,,0000,0000,0000,,OK.
Dialogue: 0,0:17:02.57,0:17:04.93,Default,,0000,0000,0000,,So I want a baseline in--
Dialogue: 0,0:17:04.93,0:17:11.74,Default,,0000,0000,0000,,So like-- example like--
Dialogue: 0,0:17:11.74,0:17:15.13,Default,,0000,0000,0000,,I want a baseline\Nfor my system so--
Dialogue: 0,0:17:15.13,0:17:17.35,Default,,0000,0000,0000,,for my systems.
Dialogue: 0,0:17:17.35,0:17:20.02,Default,,0000,0000,0000,,Baseline mean minimum security.
Dialogue: 0,0:17:20.02,0:17:22.93,Default,,0000,0000,0000,,I want a baseline like password.
Dialogue: 0,0:17:22.93,0:17:25.40,Default,,0000,0000,0000,,I want a baseline antivirus.
Dialogue: 0,0:17:25.40,0:17:28.72,Default,,0000,0000,0000,,And I want a baseline called\Nas a security solution.
Dialogue: 0,0:17:28.72,0:17:29.54,Default,,0000,0000,0000,,OK.
Dialogue: 0,0:17:29.54,0:17:32.92,Default,,0000,0000,0000,,So this is basically\Nthe baseline one,
Dialogue: 0,0:17:32.92,0:17:35.24,Default,,0000,0000,0000,,baseline two, baseline three.
Dialogue: 0,0:17:35.24,0:17:38.42,Default,,0000,0000,0000,,So example, we have a system\N1, system 2, and system 3.
Dialogue: 0,0:17:38.42,0:17:40.09,Default,,0000,0000,0000,,So in a system 1,\Npassword we require.
Dialogue: 0,0:17:40.09,0:17:42.61,Default,,0000,0000,0000,,That is a minimum thing we\Nneed in the organization
Dialogue: 0,0:17:42.61,0:17:43.99,Default,,0000,0000,0000,,in the system.
Dialogue: 0,0:17:43.99,0:17:45.95,Default,,0000,0000,0000,,Now, question is\Npassword is required.
Dialogue: 0,0:17:45.95,0:17:46.93,Default,,0000,0000,0000,,I agree.
Dialogue: 0,0:17:46.93,0:17:49.45,Default,,0000,0000,0000,,Now here I can refer a standard.
Dialogue: 0,0:17:49.45,0:17:50.27,Default,,0000,0000,0000,,OK.
Dialogue: 0,0:17:50.27,0:17:51.76,Default,,0000,0000,0000,,Can we go for the\Neight character?
Dialogue: 0,0:17:51.76,0:17:52.26,Default,,0000,0000,0000,,Yes.
Dialogue: 0,0:17:52.26,0:17:54.53,Default,,0000,0000,0000,,And then we decide\Nthe procedure.
Dialogue: 0,0:17:54.53,0:17:57.91,Default,,0000,0000,0000,,So if you notice, I started\Nwith the baseline of the system,
Dialogue: 0,0:17:57.91,0:17:59.20,Default,,0000,0000,0000,,like I want a password.
Dialogue: 0,0:17:59.20,0:18:02.17,Default,,0000,0000,0000,,Is a minimum I need a\Npassword in any system.
Dialogue: 0,0:18:02.17,0:18:05.89,Default,,0000,0000,0000,,I want antivirus and I want\Nfor the system security.
Dialogue: 0,0:18:05.89,0:18:07.58,Default,,0000,0000,0000,,Now with the\Nreference of password,
Dialogue: 0,0:18:07.58,0:18:11.47,Default,,0000,0000,0000,,I decided I will use eight\Ncharacter as a minimum password
Dialogue: 0,0:18:11.47,0:18:12.38,Default,,0000,0000,0000,,in the system.
Dialogue: 0,0:18:12.38,0:18:14.89,Default,,0000,0000,0000,,And then I will create\Na detailed procedure
Dialogue: 0,0:18:14.89,0:18:15.89,Default,,0000,0000,0000,,how to do that.
Dialogue: 0,0:18:15.89,0:18:18.79,Default,,0000,0000,0000,,So baseline come with the\Nstandard and procedure
Dialogue: 0,0:18:18.79,0:18:21.91,Default,,0000,0000,0000,,policy come with the\Nstandard and procedure.
Dialogue: 0,0:18:21.91,0:18:24.62,Default,,0000,0000,0000,,So you must be familiar\Nwith the security baseline.
Dialogue: 0,0:18:24.62,0:18:26.69,Default,,0000,0000,0000,,And whenever you\Nconducting an audit,
Dialogue: 0,0:18:26.69,0:18:28.22,Default,,0000,0000,0000,,you can adopt the baseline.
Dialogue: 0,0:18:28.22,0:18:29.89,Default,,0000,0000,0000,,As per that, you\Ncan able to conduct
Dialogue: 0,0:18:29.89,0:18:31.45,Default,,0000,0000,0000,,the audit in the organization.
Dialogue: 0,0:18:31.45,0:18:36.22,Default,,0000,0000,0000,,And any kind of a deviation you\Nidentified from what is agreed
Dialogue: 0,0:18:36.22,0:18:39.07,Default,,0000,0000,0000,,and what is there, you can\Ndocument that as a finding.
Dialogue: 0,0:18:39.07,0:18:42.04,Default,,0000,0000,0000,,So what is the best\Npractice we follow?
Dialogue: 0,0:18:42.04,0:18:46.12,Default,,0000,0000,0000,,So standard for security may\Nbe defined at a generic level,
Dialogue: 0,0:18:46.12,0:18:50.68,Default,,0000,0000,0000,,then for a specific machines,\Nor for a specific application
Dialogue: 0,0:18:50.68,0:18:52.45,Default,,0000,0000,0000,,system.
Dialogue: 0,0:18:52.45,0:18:55.51,Default,,0000,0000,0000,,So let's move to the next part.
Dialogue: 0,0:18:55.51,0:18:59.83,Default,,0000,0000,0000,,Next section is a very important\Nsection in Domain 5, privacy.
Dialogue: 0,0:18:59.83,0:19:02.11,Default,,0000,0000,0000,,First of all, let me\Nexplain you the difference
Dialogue: 0,0:19:02.11,0:19:08.95,Default,,0000,0000,0000,,between the privacy and secrecy.
Dialogue: 0,0:19:08.95,0:19:15.00,Default,,0000,0000,0000,,Privacy deal with the\Nindividual and secrecy
Dialogue: 0,0:19:15.00,0:19:16.13,Default,,0000,0000,0000,,deal with the organization.
Dialogue: 0,0:19:16.13,0:19:17.55,Default,,0000,0000,0000,,That's why in the\Norganization you
Dialogue: 0,0:19:17.55,0:19:20.26,Default,,0000,0000,0000,,have seen the top secret,\Nsecret, and all that.
Dialogue: 0,0:19:20.26,0:19:22.10,Default,,0000,0000,0000,,See, when the law\Nwas introduced,
Dialogue: 0,0:19:22.10,0:19:25.54,Default,,0000,0000,0000,,law introduced to protect\Nthe interest of the people.
Dialogue: 0,0:19:25.54,0:19:28.84,Default,,0000,0000,0000,,Now in different,\Ndifferent business sectors,
Dialogue: 0,0:19:28.84,0:19:30.71,Default,,0000,0000,0000,,we have different industries.
Dialogue: 0,0:19:30.71,0:19:36.64,Default,,0000,0000,0000,,Example, in India, we have\Na food, we have a insurance,
Dialogue: 0,0:19:36.64,0:19:38.92,Default,,0000,0000,0000,,we have a bank.
Dialogue: 0,0:19:38.92,0:19:42.38,Default,,0000,0000,0000,,Now, if you want to start any\Nkind of a insurance business,
Dialogue: 0,0:19:42.38,0:19:44.36,Default,,0000,0000,0000,,I need to comply with the IRDA.
Dialogue: 0,0:19:44.36,0:19:45.08,Default,,0000,0000,0000,,So what is this?
Dialogue: 0,0:19:45.08,0:19:45.95,Default,,0000,0000,0000,,This is the agency.
Dialogue: 0,0:19:45.95,0:19:48.01,Default,,0000,0000,0000,,This is the\Nregulation authority.
Dialogue: 0,0:19:48.01,0:19:49.84,Default,,0000,0000,0000,,And similar thing,\Nif I want to start
Dialogue: 0,0:19:49.84,0:19:51.79,Default,,0000,0000,0000,,any kind of a food\Nservices, I need
Dialogue: 0,0:19:51.79,0:19:54.82,Default,,0000,0000,0000,,to be comply with the FSSAI.
Dialogue: 0,0:19:54.82,0:19:57.79,Default,,0000,0000,0000,,So regulation\Nauthorities are basically
Dialogue: 0,0:19:57.79,0:20:01.36,Default,,0000,0000,0000,,introduced in every country to\Ncontrol a respective industries
Dialogue: 0,0:20:01.36,0:20:04.45,Default,,0000,0000,0000,,and to make sure that business\Nshould be comply under the law
Dialogue: 0,0:20:04.45,0:20:05.02,Default,,0000,0000,0000,,parameter.
Dialogue: 0,0:20:05.02,0:20:06.17,Default,,0000,0000,0000,,Compliance is nothing.
Dialogue: 0,0:20:06.17,0:20:08.86,Default,,0000,0000,0000,,It is all about act of abiding.
Dialogue: 0,0:20:08.86,0:20:12.34,Default,,0000,0000,0000,,So privacy is the\Nutmost priority
Dialogue: 0,0:20:12.34,0:20:14.92,Default,,0000,0000,0000,,in every organization\Nbecause directly
Dialogue: 0,0:20:14.92,0:20:16.99,Default,,0000,0000,0000,,map with the individual.
Dialogue: 0,0:20:16.99,0:20:21.47,Default,,0000,0000,0000,,So privacy significant\Naspect for the IS auditor
Dialogue: 0,0:20:21.47,0:20:23.90,Default,,0000,0000,0000,,also, especially in the light\Nof the global regulations,
Dialogue: 0,0:20:23.90,0:20:25.56,Default,,0000,0000,0000,,such as GDPR.
Dialogue: 0,0:20:25.56,0:20:29.01,Default,,0000,0000,0000,,GDPR basically is a national\Nprivacy regulation of EU,
Dialogue: 0,0:20:29.01,0:20:32.55,Default,,0000,0000,0000,,but US does not have a\Nnational privacy regulation.
Dialogue: 0,0:20:32.55,0:20:34.01,Default,,0000,0000,0000,,They have an industry-specific.
Dialogue: 0,0:20:34.01,0:20:36.78,Default,,0000,0000,0000,,Example, they have a--\Nfor the health sector,
Dialogue: 0,0:20:36.78,0:20:37.55,Default,,0000,0000,0000,,they have a HIPAA.
Dialogue: 0,0:20:37.55,0:20:40.38,Default,,0000,0000,0000,,For the finance,\Nthey have a GLBA.
Dialogue: 0,0:20:40.38,0:20:42.50,Default,,0000,0000,0000,,So this kind of\Nregulations we have.
Dialogue: 0,0:20:42.50,0:20:46.85,Default,,0000,0000,0000,,So to understand what is\Nthe level of privacy we need
Dialogue: 0,0:20:46.85,0:20:50.42,Default,,0000,0000,0000,,in the organization or what is\Nthe level of privacy control
Dialogue: 0,0:20:50.42,0:20:54.50,Default,,0000,0000,0000,,we need in the systems, we\Nperform the PIA, privacy impact
Dialogue: 0,0:20:54.50,0:20:55.11,Default,,0000,0000,0000,,assessment.
Dialogue: 0,0:20:55.11,0:20:58.76,Default,,0000,0000,0000,,And based on that, we implement\Nthe privacy management system
Dialogue: 0,0:20:58.76,0:21:00.03,Default,,0000,0000,0000,,in the organization.
Dialogue: 0,0:21:00.03,0:21:01.56,Default,,0000,0000,0000,,So what is a good practice?
Dialogue: 0,0:21:01.56,0:21:04.40,Default,,0000,0000,0000,,So if I say my organization--
Dialogue: 0,0:21:04.40,0:21:06.29,Default,,0000,0000,0000,,OK, if I say my\Norganization need
Dialogue: 0,0:21:06.29,0:21:09.59,Default,,0000,0000,0000,,to be comply with GDPR, example.
Dialogue: 0,0:21:09.59,0:21:11.88,Default,,0000,0000,0000,,So I need to comply\Nwith the GDPR.
Dialogue: 0,0:21:11.88,0:21:15.12,Default,,0000,0000,0000,,So what I need to do first\Nis I need to create a policy.
Dialogue: 0,0:21:15.12,0:21:18.36,Default,,0000,0000,0000,,So by the policy, I can\Ncomply my people, process,
Dialogue: 0,0:21:18.36,0:21:20.79,Default,,0000,0000,0000,,and technology to\Nbe with the GDPR.
Dialogue: 0,0:21:20.79,0:21:21.29,Default,,0000,0000,0000,,How?
Dialogue: 0,0:21:21.29,0:21:24.96,Default,,0000,0000,0000,,See, I cannot go to each and\Nevery individual and process,
Dialogue: 0,0:21:24.96,0:21:28.28,Default,,0000,0000,0000,,and technology and explain\Nabout the GDPR articles.
Dialogue: 0,0:21:28.28,0:21:31.92,Default,,0000,0000,0000,,So what we did, we include\Nthe GDPR information.
Dialogue: 0,0:21:31.92,0:21:33.74,Default,,0000,0000,0000,,So we translate the\NGDPR information
Dialogue: 0,0:21:33.74,0:21:35.76,Default,,0000,0000,0000,,as an intent in the policies.
Dialogue: 0,0:21:35.76,0:21:38.76,Default,,0000,0000,0000,,And then I enforce the\Npolicy in the organization.
Dialogue: 0,0:21:38.76,0:21:41.70,Default,,0000,0000,0000,,So where people process\Ntechnology need to be comply.
Dialogue: 0,0:21:41.70,0:21:44.96,Default,,0000,0000,0000,,So by comply with the\Nprivacy, you automatically
Dialogue: 0,0:21:44.96,0:21:46.50,Default,,0000,0000,0000,,comply with the GDPR.
Dialogue: 0,0:21:46.50,0:21:49.97,Default,,0000,0000,0000,,So this is how you can able to\Nbring the privacy best practices
Dialogue: 0,0:21:49.97,0:21:52.05,Default,,0000,0000,0000,,uniformity in the organization.
Dialogue: 0,0:21:52.05,0:21:53.57,Default,,0000,0000,0000,,That's why we say\Npolicy is the best
Dialogue: 0,0:21:53.57,0:21:56.64,Default,,0000,0000,0000,,tool to be compliant with\Nany regulatory requirement.
Dialogue: 0,0:21:56.64,0:21:58.82,Default,,0000,0000,0000,,And that is why senior\Nmanagement intentions
Dialogue: 0,0:21:58.82,0:22:01.17,Default,,0000,0000,0000,,comes in the policy only.
Dialogue: 0,0:22:01.17,0:22:05.76,Default,,0000,0000,0000,,So privacy has some good\Npractices that must be follow,
Dialogue: 0,0:22:05.76,0:22:08.33,Default,,0000,0000,0000,,like private data should\Nbe collected fairly
Dialogue: 0,0:22:08.33,0:22:09.99,Default,,0000,0000,0000,,in a open, transparent manner.
Dialogue: 0,0:22:09.99,0:22:14.51,Default,,0000,0000,0000,,So if I say this organization is\Nfollowing the effective privacy
Dialogue: 0,0:22:14.51,0:22:17.16,Default,,0000,0000,0000,,practice or they have a\Ngood privacy practice,
Dialogue: 0,0:22:17.16,0:22:20.00,Default,,0000,0000,0000,,how to check that is they\Ncollect the data fairly,
Dialogue: 0,0:22:20.00,0:22:21.21,Default,,0000,0000,0000,,open, transparent manner.
Dialogue: 0,0:22:21.21,0:22:23.18,Default,,0000,0000,0000,,Example you visit\None website which
Dialogue: 0,0:22:23.18,0:22:25.35,Default,,0000,0000,0000,,say how are they\Ngoing to use the data.
Dialogue: 0,0:22:25.35,0:22:28.67,Default,,0000,0000,0000,,They are going to explain\Nabout how they are basically
Dialogue: 0,0:22:28.67,0:22:29.52,Default,,0000,0000,0000,,managing data.
Dialogue: 0,0:22:29.52,0:22:32.03,Default,,0000,0000,0000,,So that shows their\Nprivacy best practice.
Dialogue: 0,0:22:32.03,0:22:35.75,Default,,0000,0000,0000,,And private data or privacy\Ndata should be kept securely
Dialogue: 0,0:22:35.75,0:22:37.55,Default,,0000,0000,0000,,throughout the lifecycle,\Nfrom the creation
Dialogue: 0,0:22:37.55,0:22:39.18,Default,,0000,0000,0000,,phase to the destruction.
Dialogue: 0,0:22:39.18,0:22:40.94,Default,,0000,0000,0000,,And the third most\Nimportant thing
Dialogue: 0,0:22:40.94,0:22:43.35,Default,,0000,0000,0000,,is that your private\Ndata should be accurate,
Dialogue: 0,0:22:43.35,0:22:47.31,Default,,0000,0000,0000,,it should be complete, and\Nit should be up to date.
Dialogue: 0,0:22:47.31,0:22:49.44,Default,,0000,0000,0000,,OK, so to best meet\Nthis challenge,
Dialogue: 0,0:22:49.44,0:22:50.93,Default,,0000,0000,0000,,management should\Nperform the PIA,
Dialogue: 0,0:22:50.93,0:22:54.00,Default,,0000,0000,0000,,and IS auditor can ask for\Nthe last review report.
Dialogue: 0,0:22:54.00,0:22:57.08,Default,,0000,0000,0000,,This is how as an auditor\Ncan able to validate
Dialogue: 0,0:22:57.08,0:23:02.21,Default,,0000,0000,0000,,as the company is compliance\Nwith any privacy practices.
Dialogue: 0,0:23:02.21,0:23:06.84,Default,,0000,0000,0000,,With the continuation\Nof the previous series,
Dialogue: 0,0:23:06.84,0:23:09.74,Default,,0000,0000,0000,,so this is the second\Npart of the Domain 5.
Dialogue: 0,0:23:09.74,0:23:11.12,Default,,0000,0000,0000,,And in this section,\Nwe are going
Dialogue: 0,0:23:11.12,0:23:16.04,Default,,0000,0000,0000,,to discuss about physical access\Nand environmental control.
Dialogue: 0,0:23:16.04,0:23:17.75,Default,,0000,0000,0000,,Physical access\Nenvironmental control
Dialogue: 0,0:23:17.75,0:23:20.50,Default,,0000,0000,0000,,is another important topic\Nwe have in our Domain 5,
Dialogue: 0,0:23:20.50,0:23:23.04,Default,,0000,0000,0000,,and it is a bit difficult\Nfor the people who
Dialogue: 0,0:23:23.04,0:23:25.05,Default,,0000,0000,0000,,are from a non-IT background.
Dialogue: 0,0:23:25.05,0:23:28.45,Default,,0000,0000,0000,,So as an IS auditor, you need\Nto evaluate these controls.
Dialogue: 0,0:23:28.45,0:23:30.54,Default,,0000,0000,0000,,And in many organizations,\Nthese controls
Dialogue: 0,0:23:30.54,0:23:33.19,Default,,0000,0000,0000,,are designed and implemented\Nby the facility management,
Dialogue: 0,0:23:33.19,0:23:36.69,Default,,0000,0000,0000,,not by the information\Nsecurity manager IT.
Dialogue: 0,0:23:36.69,0:23:39.36,Default,,0000,0000,0000,,One example I can give you\Nabout the physical access
Dialogue: 0,0:23:39.36,0:23:42.64,Default,,0000,0000,0000,,and environmental control is\NHVAC system, heat, ventilation,
Dialogue: 0,0:23:42.64,0:23:45.36,Default,,0000,0000,0000,,air conditioning.
Dialogue: 0,0:23:45.36,0:23:47.65,Default,,0000,0000,0000,,You have seen the AC\Nin your facilities.
Dialogue: 0,0:23:47.65,0:23:50.74,Default,,0000,0000,0000,,It is control from a system.
Dialogue: 0,0:23:50.74,0:23:53.10,Default,,0000,0000,0000,,We have a AC in the\Ndata center also,
Dialogue: 0,0:23:53.10,0:23:55.95,Default,,0000,0000,0000,,cooling system in the\Ndata center, which
Dialogue: 0,0:23:55.95,0:23:58.98,Default,,0000,0000,0000,,is used to maintain the optimum\Ntemperature by which we can
Dialogue: 0,0:23:58.98,0:24:02.01,Default,,0000,0000,0000,,able to maintain the\Nperformance of the hardware
Dialogue: 0,0:24:02.01,0:24:03.90,Default,,0000,0000,0000,,because excessive\Nheating of the hardware
Dialogue: 0,0:24:03.90,0:24:05.38,Default,,0000,0000,0000,,will impact the performance.
Dialogue: 0,0:24:05.38,0:24:07.57,Default,,0000,0000,0000,,So what controls we required?
Dialogue: 0,0:24:07.57,0:24:09.73,Default,,0000,0000,0000,,OK, that we need\Nto understand here.
Dialogue: 0,0:24:09.73,0:24:11.67,Default,,0000,0000,0000,,As an auditor, I\Nwill first obtain
Dialogue: 0,0:24:11.67,0:24:13.72,Default,,0000,0000,0000,,the approved list of controls.
Dialogue: 0,0:24:13.72,0:24:16.86,Default,,0000,0000,0000,,And then I will assess\Nthe existing control based
Dialogue: 0,0:24:16.86,0:24:18.07,Default,,0000,0000,0000,,on that particular parameter.
Dialogue: 0,0:24:18.07,0:24:20.39,Default,,0000,0000,0000,,And any kind of a\Ngap we identify,
Dialogue: 0,0:24:20.39,0:24:22.76,Default,,0000,0000,0000,,we will document\Nthat as a finding.
Dialogue: 0,0:24:22.76,0:24:25.60,Default,,0000,0000,0000,,So in this, when you're talking\Nabout the generic controls,
Dialogue: 0,0:24:25.60,0:24:27.53,Default,,0000,0000,0000,,we have a three\Ntype of controls.
Dialogue: 0,0:24:27.53,0:24:29.69,Default,,0000,0000,0000,,One is called as a\Nmanagerial control.
Dialogue: 0,0:24:29.69,0:24:32.42,Default,,0000,0000,0000,,It is also called as an\Nadministrative control.
Dialogue: 0,0:24:32.42,0:24:35.57,Default,,0000,0000,0000,,Then we have a technical, then\Nwe have a physical control.
Dialogue: 0,0:24:35.57,0:24:40.43,Default,,0000,0000,0000,,Managerial control is more like\Na direction, more like a order.
Dialogue: 0,0:24:40.43,0:24:42.82,Default,,0000,0000,0000,,Example like\Npost-COVID, the company
Dialogue: 0,0:24:42.82,0:24:48.85,Default,,0000,0000,0000,,has announced that you have\Nto join office from January
Dialogue: 0,0:24:48.85,0:24:52.76,Default,,0000,0000,0000,,and everyone must come with\Ntheir vaccination certificate.
Dialogue: 0,0:24:52.76,0:24:54.76,Default,,0000,0000,0000,,So this is a kind\Nof an order, which
Dialogue: 0,0:24:54.76,0:24:57.11,Default,,0000,0000,0000,,is used to control the\Nbehavior of the people.
Dialogue: 0,0:24:57.11,0:24:58.72,Default,,0000,0000,0000,,Now people know\Nthat, OK, we need
Dialogue: 0,0:24:58.72,0:25:01.07,Default,,0000,0000,0000,,to have that COVID\Nvaccination certificate.
Dialogue: 0,0:25:01.07,0:25:03.44,Default,,0000,0000,0000,,Then only we can able\Nto come to the facility.
Dialogue: 0,0:25:03.44,0:25:07.45,Default,,0000,0000,0000,,So it is like a control\Nto monitor and improve
Dialogue: 0,0:25:07.45,0:25:08.75,Default,,0000,0000,0000,,the behavior of the people.
Dialogue: 0,0:25:08.75,0:25:11.11,Default,,0000,0000,0000,,One more example of an\Nadministrative control
Dialogue: 0,0:25:11.11,0:25:14.42,Default,,0000,0000,0000,,is without vaccination\Ncertificate,
Dialogue: 0,0:25:14.42,0:25:15.85,Default,,0000,0000,0000,,no one is entered\Ninto the office.
Dialogue: 0,0:25:15.85,0:25:17.68,Default,,0000,0000,0000,,No one is supposed to\Nenter into the office.
Dialogue: 0,0:25:17.68,0:25:19.24,Default,,0000,0000,0000,,So it's a company announcement.
Dialogue: 0,0:25:19.24,0:25:21.84,Default,,0000,0000,0000,,So it is more like a\Nmanagerial control.
Dialogue: 0,0:25:21.84,0:25:23.90,Default,,0000,0000,0000,,Second, we have a\Ntechnical control.
Dialogue: 0,0:25:23.90,0:25:25.32,Default,,0000,0000,0000,,The technical\Ncontrol is something
Dialogue: 0,0:25:25.32,0:25:27.02,Default,,0000,0000,0000,,which is technical in nature.
Dialogue: 0,0:25:27.02,0:25:28.33,Default,,0000,0000,0000,,Example, firewall.
Dialogue: 0,0:25:28.33,0:25:33.37,Default,,0000,0000,0000,,Now it's not something you\Npick every packet and inspect.
Dialogue: 0,0:25:33.37,0:25:33.91,Default,,0000,0000,0000,,No, right?
Dialogue: 0,0:25:33.91,0:25:37.69,Default,,0000,0000,0000,,So there is a tool involved in\Nwhich we have created a rules.
Dialogue: 0,0:25:37.69,0:25:40.41,Default,,0000,0000,0000,,And based on the rule, the\Ntool will capture and block
Dialogue: 0,0:25:40.41,0:25:40.96,Default,,0000,0000,0000,,the packet.
Dialogue: 0,0:25:40.96,0:25:42.69,Default,,0000,0000,0000,,So there is a technical\Ncontrol there.
Dialogue: 0,0:25:42.69,0:25:46.42,Default,,0000,0000,0000,,Function is involved to\Nblock or detect the attacks.
Dialogue: 0,0:25:46.42,0:25:47.77,Default,,0000,0000,0000,,Then we have a physical control.
Dialogue: 0,0:25:47.77,0:25:49.86,Default,,0000,0000,0000,,Physical control is\Nlike a physical lock.
Dialogue: 0,0:25:49.86,0:25:50.41,Default,,0000,0000,0000,,OK.
Dialogue: 0,0:25:50.41,0:25:53.62,Default,,0000,0000,0000,,Placement of a security guard\Nwhich try to block physically.
Dialogue: 0,0:25:53.62,0:25:55.94,Default,,0000,0000,0000,,So we have a three\Ntype of controls.
Dialogue: 0,0:25:55.94,0:25:57.61,Default,,0000,0000,0000,,See, when you're\Ntalking about controls,
Dialogue: 0,0:25:57.61,0:26:00.30,Default,,0000,0000,0000,,control may be\Nproactive, which means
Dialogue: 0,0:26:00.30,0:26:02.89,Default,,0000,0000,0000,,they can attempt to\Nprevent an incident,
Dialogue: 0,0:26:02.89,0:26:05.43,Default,,0000,0000,0000,,and it can be\Nreactive, which allow
Dialogue: 0,0:26:05.43,0:26:09.34,Default,,0000,0000,0000,,the detection, containment,\Nand recovery from an incident.
Dialogue: 0,0:26:09.34,0:26:15.18,Default,,0000,0000,0000,,So proactive control are called\Nas a safeguard and reactive
Dialogue: 0,0:26:15.18,0:26:17.86,Default,,0000,0000,0000,,control are called\Nas a countermeasures.
Dialogue: 0,0:26:17.86,0:26:21.07,Default,,0000,0000,0000,,
Dialogue: 0,0:26:21.07,0:26:21.57,Default,,0000,0000,0000,,Sorry.
Dialogue: 0,0:26:21.57,0:26:30.51,Default,,0000,0000,0000,,
Dialogue: 0,0:26:30.51,0:26:31.06,Default,,0000,0000,0000,,OK.
Dialogue: 0,0:26:31.06,0:26:35.25,Default,,0000,0000,0000,,So that is basically\Ncalled as a countermeasure.
Dialogue: 0,0:26:35.25,0:26:37.59,Default,,0000,0000,0000,,So we have two type of controls.
Dialogue: 0,0:26:37.59,0:26:40.47,Default,,0000,0000,0000,,Example like before going--
Dialogue: 0,0:26:40.47,0:26:43.00,Default,,0000,0000,0000,,protect from COVID and all\Nthat we have vaccinations.
Dialogue: 0,0:26:43.00,0:26:45.76,Default,,0000,0000,0000,,So that is basically called\Nas a proactive control.
Dialogue: 0,0:26:45.76,0:26:48.63,Default,,0000,0000,0000,,But if vaccination\Nbecome ineffective,
Dialogue: 0,0:26:48.63,0:26:52.41,Default,,0000,0000,0000,,you got impacted with the\NCOVID, the reactive control
Dialogue: 0,0:26:52.41,0:26:53.97,Default,,0000,0000,0000,,is isolate yourself\Nfrom the family
Dialogue: 0,0:26:53.97,0:26:57.16,Default,,0000,0000,0000,,and then you can go for the\N14 days period of containment.
Dialogue: 0,0:26:57.16,0:27:00.96,Default,,0000,0000,0000,,So this is how we have a\Nproactive and reactive.
Dialogue: 0,0:27:00.96,0:27:03.51,Default,,0000,0000,0000,,So next point is called\Nas a control monitoring
Dialogue: 0,0:27:03.51,0:27:04.42,Default,,0000,0000,0000,,and effectiveness.
Dialogue: 0,0:27:04.42,0:27:06.81,Default,,0000,0000,0000,,Just implementing\Na control will not
Dialogue: 0,0:27:06.81,0:27:08.44,Default,,0000,0000,0000,,achieve the defined objectives.
Dialogue: 0,0:27:08.44,0:27:10.80,Default,,0000,0000,0000,,We need to also need to\Ncheck whether control
Dialogue: 0,0:27:10.80,0:27:11.97,Default,,0000,0000,0000,,is working effectively.
Dialogue: 0,0:27:11.97,0:27:14.75,Default,,0000,0000,0000,,It is same like we just\Nhire the security guard
Dialogue: 0,0:27:14.75,0:27:17.70,Default,,0000,0000,0000,,and now we trust that guard\Nthat he going to block everyone.
Dialogue: 0,0:27:17.70,0:27:18.26,Default,,0000,0000,0000,,No.
Dialogue: 0,0:27:18.26,0:27:22.01,Default,,0000,0000,0000,,We also see how effectively he\Nresponding to all the threats
Dialogue: 0,0:27:22.01,0:27:22.71,Default,,0000,0000,0000,,and everything.
Dialogue: 0,0:27:22.71,0:27:24.80,Default,,0000,0000,0000,,Same like when we\Nconfigure the firewall
Dialogue: 0,0:27:24.80,0:27:26.73,Default,,0000,0000,0000,,and simply creating a\Nrules in the firewall
Dialogue: 0,0:27:26.73,0:27:27.98,Default,,0000,0000,0000,,it doesn't meet my objectives.
Dialogue: 0,0:27:27.98,0:27:30.53,Default,,0000,0000,0000,,On a regular basis, we\Nneed to test the firewalls
Dialogue: 0,0:27:30.53,0:27:33.02,Default,,0000,0000,0000,,by sending a malformed\Npackets and see whether it
Dialogue: 0,0:27:33.02,0:27:34.86,Default,,0000,0000,0000,,can able to detect and block.
Dialogue: 0,0:27:34.86,0:27:38.37,Default,,0000,0000,0000,,So as a controller design\Nimplemented and operated,
Dialogue: 0,0:27:38.37,0:27:41.60,Default,,0000,0000,0000,,IS auditor should ensure the\Nlogs are enabled because that
Dialogue: 0,0:27:41.60,0:27:46.06,Default,,0000,0000,0000,,is how you can able to track the\Neffectiveness of the controls.
Dialogue: 0,0:27:46.06,0:27:48.02,Default,,0000,0000,0000,,And we also need to\Nensure as an auditor
Dialogue: 0,0:27:48.02,0:27:51.18,Default,,0000,0000,0000,,we need to ensure they are\Ntesting on a regular basis.
Dialogue: 0,0:27:51.18,0:27:51.72,Default,,0000,0000,0000,,OK.
Dialogue: 0,0:27:51.72,0:27:53.84,Default,,0000,0000,0000,,And the procedure should\Nbe developed by which they
Dialogue: 0,0:27:53.84,0:27:55.11,Default,,0000,0000,0000,,can able to test effectively.
Dialogue: 0,0:27:55.11,0:27:57.41,Default,,0000,0000,0000,,And as an IS auditor\Nshould also ensure
Dialogue: 0,0:27:57.41,0:27:59.96,Default,,0000,0000,0000,,they should have a capability\Nto monitor the controls
Dialogue: 0,0:27:59.96,0:28:03.21,Default,,0000,0000,0000,,and support the monitoring\Nsystem in the control design.
Dialogue: 0,0:28:03.21,0:28:06.92,Default,,0000,0000,0000,,
Dialogue: 0,0:28:06.92,0:28:10.07,Default,,0000,0000,0000,,Next thing is called as a\Nenvironmental exposures.
Dialogue: 0,0:28:10.07,0:28:13.24,Default,,0000,0000,0000,,See, environmental\Nexposures are due primarily
Dialogue: 0,0:28:13.24,0:28:16.09,Default,,0000,0000,0000,,to the naturally occurring\Nevents, such as lightning,
Dialogue: 0,0:28:16.09,0:28:20.75,Default,,0000,0000,0000,,storms, earthquake, volcanic\Neruptions, hurricanes,
Dialogue: 0,0:28:20.75,0:28:23.30,Default,,0000,0000,0000,,and extreme weather conditions.
Dialogue: 0,0:28:23.30,0:28:26.80,Default,,0000,0000,0000,,So one particular\Narea of concern,
Dialogue: 0,0:28:26.80,0:28:29.41,Default,,0000,0000,0000,,which is coming from an\Nenvironmental exposure,
Dialogue: 0,0:28:29.41,0:28:31.73,Default,,0000,0000,0000,,is called as a\Ndamage of equipments.
Dialogue: 0,0:28:31.73,0:28:33.56,Default,,0000,0000,0000,,Right now I'm doing\Nthis training.
Dialogue: 0,0:28:33.56,0:28:35.92,Default,,0000,0000,0000,,Suddenly there is a power\Nissue and it directly
Dialogue: 0,0:28:35.92,0:28:37.16,Default,,0000,0000,0000,,impacts my hardware.
Dialogue: 0,0:28:37.16,0:28:41.26,Default,,0000,0000,0000,,And because of that, my system\Nget shut down or it get restart,
Dialogue: 0,0:28:41.26,0:28:42.38,Default,,0000,0000,0000,,or it can damage.
Dialogue: 0,0:28:42.38,0:28:46.15,Default,,0000,0000,0000,,So as an auditor, the\Nbiggest concern for us
Dialogue: 0,0:28:46.15,0:28:48.14,Default,,0000,0000,0000,,is the damaging\Nof an equipments,
Dialogue: 0,0:28:48.14,0:28:49.97,Default,,0000,0000,0000,,because if the\Nequipment is damaged,
Dialogue: 0,0:28:49.97,0:28:52.37,Default,,0000,0000,0000,,then it directly impact\Nthe availability.
Dialogue: 0,0:28:52.37,0:28:54.97,Default,,0000,0000,0000,,We have a different kind\Nof a threats associated
Dialogue: 0,0:28:54.97,0:28:58.46,Default,,0000,0000,0000,,with the hardware equipment,\Nlike total failure,
Dialogue: 0,0:28:58.46,0:29:00.98,Default,,0000,0000,0000,,voltage reduce, spike, surge.
Dialogue: 0,0:29:00.98,0:29:02.83,Default,,0000,0000,0000,,So that's why we purchase\None system, which
Dialogue: 0,0:29:02.83,0:29:05.56,Default,,0000,0000,0000,,is called as a PCS, power\Nconditioning system.
Dialogue: 0,0:29:05.56,0:29:07.79,Default,,0000,0000,0000,,In your home, we\Ncalled as a stabilizer,
Dialogue: 0,0:29:07.79,0:29:10.22,Default,,0000,0000,0000,,which is used to stable\Nthe power supply.
Dialogue: 0,0:29:10.22,0:29:12.76,Default,,0000,0000,0000,,Along with that, we must\Nrequire the UPS and generator
Dialogue: 0,0:29:12.76,0:29:16.40,Default,,0000,0000,0000,,to prevent all the\Nuninterrupted interruptions.
Dialogue: 0,0:29:16.40,0:29:19.06,Default,,0000,0000,0000,,So these kind of controls\Nyou can basically
Dialogue: 0,0:29:19.06,0:29:23.29,Default,,0000,0000,0000,,introduce to prevent this\Nenvironmental exposures.
Dialogue: 0,0:29:23.29,0:29:26.59,Default,,0000,0000,0000,,The next important thing is\Ncalled as a physical access
Dialogue: 0,0:29:26.59,0:29:29.74,Default,,0000,0000,0000,,exposures and control from\Nthe auditing perspective.
Dialogue: 0,0:29:29.74,0:29:33.40,Default,,0000,0000,0000,,We also buy a alarm\Ncontrol panels--
Dialogue: 0,0:29:33.40,0:29:36.05,Default,,0000,0000,0000,,so we also buy alarm\Ncontrol panels,
Dialogue: 0,0:29:36.05,0:29:38.74,Default,,0000,0000,0000,,which is separated from\Na burglars or security
Dialogue: 0,0:29:38.74,0:29:41.15,Default,,0000,0000,0000,,system, which is\Nlocated on the premises.
Dialogue: 0,0:29:41.15,0:29:44.32,Default,,0000,0000,0000,,We also go for the\Nsmoke detectors.
Dialogue: 0,0:29:44.32,0:29:46.11,Default,,0000,0000,0000,,We have a smoke detector.
Dialogue: 0,0:29:46.11,0:29:50.74,Default,,0000,0000,0000,,
Dialogue: 0,0:29:50.74,0:29:54.05,Default,,0000,0000,0000,,It gives the early\Nwarning of the smoke.
Dialogue: 0,0:29:54.05,0:29:56.06,Default,,0000,0000,0000,,So this is the smoke\Ndetector we have.
Dialogue: 0,0:29:56.06,0:30:00.01,Default,,0000,0000,0000,,If there is a smoke in the\Nroom, it get alert and notify
Dialogue: 0,0:30:00.01,0:30:02.20,Default,,0000,0000,0000,,the concerned person.
Dialogue: 0,0:30:02.20,0:30:02.99,Default,,0000,0000,0000,,OK.
Dialogue: 0,0:30:02.99,0:30:06.76,Default,,0000,0000,0000,,So detector should produce the\Naudible alarm when activated.
Dialogue: 0,0:30:06.76,0:30:09.22,Default,,0000,0000,0000,,It should be linked to the\Nmonitoring system, but make sure
Dialogue: 0,0:30:09.22,0:30:11.56,Default,,0000,0000,0000,,this monitoring should\Nbe separate from the fire
Dialogue: 0,0:30:11.56,0:30:12.38,Default,,0000,0000,0000,,department.
Dialogue: 0,0:30:12.38,0:30:14.62,Default,,0000,0000,0000,,We also need a\Nvisual verification
Dialogue: 0,0:30:14.62,0:30:17.44,Default,,0000,0000,0000,,of the presence of water\Nand smoke detectors
Dialogue: 0,0:30:17.44,0:30:18.80,Default,,0000,0000,0000,,in the computer rooms.
Dialogue: 0,0:30:18.80,0:30:21.43,Default,,0000,0000,0000,,I'm sure you have seen the\Nbuckets in a red color.
Dialogue: 0,0:30:21.43,0:30:26.32,Default,,0000,0000,0000,,We also need a hand\Npull fire alarms that
Dialogue: 0,0:30:26.32,0:30:28.79,Default,,0000,0000,0000,,should be placed strategically\Nthroughout the facilities,
Dialogue: 0,0:30:28.79,0:30:30.70,Default,,0000,0000,0000,,and it should be\Nplaced in such a manner
Dialogue: 0,0:30:30.70,0:30:32.33,Default,,0000,0000,0000,,that it should give\Nthe visibility.
Dialogue: 0,0:30:32.33,0:30:33.80,Default,,0000,0000,0000,,That's an important thing.
Dialogue: 0,0:30:33.80,0:30:37.15,Default,,0000,0000,0000,,And that also, that\Nfire extinguisher
Dialogue: 0,0:30:37.15,0:30:41.27,Default,,0000,0000,0000,,should be tagged for inspection\Nand inspected at least annually.
Dialogue: 0,0:30:41.27,0:30:45.67,Default,,0000,0000,0000,,So as an auditor, if you want\Nto audit extinguishers and all
Dialogue: 0,0:30:45.67,0:30:47.57,Default,,0000,0000,0000,,that can check the\Nlast review period.
Dialogue: 0,0:30:47.57,0:30:49.82,Default,,0000,0000,0000,,If it's basically exceed\Nby more than one year,
Dialogue: 0,0:30:49.82,0:30:52.70,Default,,0000,0000,0000,,then you can raise that as\Na finding in your report.
Dialogue: 0,0:30:52.70,0:30:57.50,Default,,0000,0000,0000,,But before that, confirm why it\Ngot late, why there is a delay.
Dialogue: 0,0:30:57.50,0:31:02.23,Default,,0000,0000,0000,,But one more important thing\Nas a auditor, testing fire
Dialogue: 0,0:31:02.23,0:31:03.85,Default,,0000,0000,0000,,suppression system\Nis also expensive.
Dialogue: 0,0:31:03.85,0:31:06.50,Default,,0000,0000,0000,,The fire suppression system,\Nit's always expensive to test.
Dialogue: 0,0:31:06.50,0:31:08.87,Default,,0000,0000,0000,,And therefore, as\Nan IS auditor, they
Dialogue: 0,0:31:08.87,0:31:10.67,Default,,0000,0000,0000,,need to limit their\Ntest to review
Dialogue: 0,0:31:10.67,0:31:13.07,Default,,0000,0000,0000,,the documentations\Nto ensure system
Dialogue: 0,0:31:13.07,0:31:16.85,Default,,0000,0000,0000,,has been inspected and\Ntested within the last year.
Dialogue: 0,0:31:16.85,0:31:18.95,Default,,0000,0000,0000,,We also have a different\Nkind of controls,
Dialogue: 0,0:31:18.95,0:31:24.17,Default,,0000,0000,0000,,like we need a biometric,\Nsomething you are--
Dialogue: 0,0:31:24.17,0:31:26.39,Default,,0000,0000,0000,,OK, we can place\Nbecause that provide
Dialogue: 0,0:31:26.39,0:31:29.26,Default,,0000,0000,0000,,the appropriate type of\Naccountability in the data
Dialogue: 0,0:31:29.26,0:31:29.76,Default,,0000,0000,0000,,center.
Dialogue: 0,0:31:29.76,0:31:32.27,Default,,0000,0000,0000,,Because in data center, if you\Njust access the data center
Dialogue: 0,0:31:32.27,0:31:33.86,Default,,0000,0000,0000,,based on your ID\Ncard and all that,
Dialogue: 0,0:31:33.86,0:31:36.16,Default,,0000,0000,0000,,tomorrow you can\Ndeny it was not you
Dialogue: 0,0:31:36.16,0:31:37.89,Default,,0000,0000,0000,,who accessed the data center.
Dialogue: 0,0:31:37.89,0:31:40.31,Default,,0000,0000,0000,,You can tell him that,\NOK, I misplaced my card
Dialogue: 0,0:31:40.31,0:31:43.37,Default,,0000,0000,0000,,and everything, so might\Nbe in my absence someone
Dialogue: 0,0:31:43.37,0:31:45.48,Default,,0000,0000,0000,,has used the card and\Naccessed the data center.
Dialogue: 0,0:31:45.48,0:31:49.02,Default,,0000,0000,0000,,So data center need to prefer\Nthe strongest accountability,
Dialogue: 0,0:31:49.02,0:31:53.79,Default,,0000,0000,0000,,and that is why we need a\Nbiometric in the data center.
Dialogue: 0,0:31:53.79,0:31:56.18,Default,,0000,0000,0000,,But when you're talking\Nabout the biometric,
Dialogue: 0,0:31:56.18,0:31:59.43,Default,,0000,0000,0000,,the biometric is vulnerable\Nfor the two errors.
Dialogue: 0,0:31:59.43,0:32:04.43,Default,,0000,0000,0000,,One is called as a FAR and\None is called as a FRR.
Dialogue: 0,0:32:04.43,0:32:07.85,Default,,0000,0000,0000,,False acceptance\Nrate, where false user
Dialogue: 0,0:32:07.85,0:32:08.99,Default,,0000,0000,0000,,accepted by the machine.
Dialogue: 0,0:32:08.99,0:32:10.41,Default,,0000,0000,0000,,Example, I am not\Nauthorized user,
Dialogue: 0,0:32:10.41,0:32:12.69,Default,,0000,0000,0000,,but machine has accepted\Nme as an authorized.
Dialogue: 0,0:32:12.69,0:32:15.87,Default,,0000,0000,0000,,It has happened sometime when\NI try to mimic someone voice.
Dialogue: 0,0:32:15.87,0:32:18.94,Default,,0000,0000,0000,,They assume it is actually\Nauthorized user and give me
Dialogue: 0,0:32:18.94,0:32:19.44,Default,,0000,0000,0000,,access.
Dialogue: 0,0:32:19.44,0:32:21.63,Default,,0000,0000,0000,,That is called as a\Nfalse acceptance rate.
Dialogue: 0,0:32:21.63,0:32:23.57,Default,,0000,0000,0000,,It is a biggest\Nconcern for an auditor.
Dialogue: 0,0:32:23.57,0:32:27.59,Default,,0000,0000,0000,,And false rejection rate where\Nthe authorized user falsely
Dialogue: 0,0:32:27.59,0:32:28.92,Default,,0000,0000,0000,,rejected by the machine.
Dialogue: 0,0:32:28.92,0:32:33.65,Default,,0000,0000,0000,,Example, like-- example, like\NI came back from the office
Dialogue: 0,0:32:33.65,0:32:36.21,Default,,0000,0000,0000,,and I was wearing\Ngloves and all that.
Dialogue: 0,0:32:36.21,0:32:38.49,Default,,0000,0000,0000,,My hands are completely\Ndry and all that.
Dialogue: 0,0:32:38.49,0:32:42.84,Default,,0000,0000,0000,,So when I'm trying to place my\Nfingers or thumb on the scanner,
Dialogue: 0,0:32:42.84,0:32:44.16,Default,,0000,0000,0000,,it has failed to recognize.
Dialogue: 0,0:32:44.16,0:32:46.50,Default,,0000,0000,0000,,So this is basically\Nbecause of FRR.
Dialogue: 0,0:32:46.50,0:32:50.06,Default,,0000,0000,0000,,So the point where FAR and\NFRR basically intersect,
Dialogue: 0,0:32:50.06,0:32:51.87,Default,,0000,0000,0000,,that is the best optimum point.
Dialogue: 0,0:32:51.87,0:32:57.29,Default,,0000,0000,0000,,So that is the most important\Nthing we need to consider.
Dialogue: 0,0:32:57.29,0:32:59.90,Default,,0000,0000,0000,,Another important point\Nthat we need to understand
Dialogue: 0,0:32:59.90,0:33:01.29,Default,,0000,0000,0000,,is security guards.
Dialogue: 0,0:33:01.29,0:33:05.81,Default,,0000,0000,0000,,Security guards are very useful\Nif supplemental by the video
Dialogue: 0,0:33:05.81,0:33:07.56,Default,,0000,0000,0000,,cameras and lock doors.
Dialogue: 0,0:33:07.56,0:33:11.42,Default,,0000,0000,0000,,So guards should be supplied\Nby an external agency that
Dialogue: 0,0:33:11.42,0:33:13.31,Default,,0000,0000,0000,,should be bonded to\Nprotect the organization
Dialogue: 0,0:33:13.31,0:33:14.64,Default,,0000,0000,0000,,from all kind of losses.
Dialogue: 0,0:33:14.64,0:33:17.06,Default,,0000,0000,0000,,We don't hire the\Nin-house security guards
Dialogue: 0,0:33:17.06,0:33:19.50,Default,,0000,0000,0000,,because this is how\Nfrauds are possible.
Dialogue: 0,0:33:19.50,0:33:22.62,Default,,0000,0000,0000,,So we outsource a third-party\Nagencies which hire them,
Dialogue: 0,0:33:22.62,0:33:26.18,Default,,0000,0000,0000,,and this is how we separate\Nthe job activities.
Dialogue: 0,0:33:26.18,0:33:29.57,Default,,0000,0000,0000,,So let's move to the next part.
Dialogue: 0,0:33:29.57,0:33:33.05,Default,,0000,0000,0000,,The next section is called\Nas the identity and access
Dialogue: 0,0:33:33.05,0:33:33.81,Default,,0000,0000,0000,,management.
Dialogue: 0,0:33:33.81,0:33:37.70,Default,,0000,0000,0000,,See, we have IAAA,\Nidentification, authentication,
Dialogue: 0,0:33:37.70,0:33:39.17,Default,,0000,0000,0000,,and authorization.
Dialogue: 0,0:33:39.17,0:33:48.41,Default,,0000,0000,0000,,Identification, authentication,\Nand authorization.
Dialogue: 0,0:33:48.41,0:33:50.29,Default,,0000,0000,0000,,Suppose I went to airport.
Dialogue: 0,0:33:50.29,0:33:53.21,Default,,0000,0000,0000,,
Dialogue: 0,0:33:53.21,0:33:55.70,Default,,0000,0000,0000,,I went to airport and I\Nsay, hey, my name is Prabh,
Dialogue: 0,0:33:55.70,0:33:58.56,Default,,0000,0000,0000,,and I'm traveling from\NTrivandrum to Delhi.
Dialogue: 0,0:33:58.56,0:34:01.14,Default,,0000,0000,0000,,So they will check\Nmy name in the list.
Dialogue: 0,0:34:01.14,0:34:03.75,Default,,0000,0000,0000,,Yes, they confirm\Nmy name in the list.
Dialogue: 0,0:34:03.75,0:34:05.63,Default,,0000,0000,0000,,But they also need\Nto confirm, is it
Dialogue: 0,0:34:05.63,0:34:07.44,Default,,0000,0000,0000,,a same Prabh who claimed to be?
Dialogue: 0,0:34:07.44,0:34:09.09,Default,,0000,0000,0000,,I will show my Aadhaar card.
Dialogue: 0,0:34:09.09,0:34:12.65,Default,,0000,0000,0000,,I will show my PAN\Ncard that basically
Dialogue: 0,0:34:12.65,0:34:14.18,Default,,0000,0000,0000,,prove, yes, I am Prabh.
Dialogue: 0,0:34:14.18,0:34:15.81,Default,,0000,0000,0000,,So that is called as\Nan authentication,
Dialogue: 0,0:34:15.81,0:34:17.09,Default,,0000,0000,0000,,the person who claimed to be.
Dialogue: 0,0:34:17.09,0:34:19.52,Default,,0000,0000,0000,,And based on that,\Nthey give me the access
Dialogue: 0,0:34:19.52,0:34:23.33,Default,,0000,0000,0000,,to a specific seat, that is\Ncalled as an authorization.
Dialogue: 0,0:34:23.33,0:34:29.06,Default,,0000,0000,0000,,Under the authorization, we\Nalso use the access control.
Dialogue: 0,0:34:29.06,0:34:31.20,Default,,0000,0000,0000,,So we have a different\Ntype of access control.
Dialogue: 0,0:34:31.20,0:34:34.26,Default,,0000,0000,0000,,But in CISA, they talk about\Ntwo type of access control.
Dialogue: 0,0:34:34.26,0:34:36.66,Default,,0000,0000,0000,,One is called as a mandatory\Nand one is called DAC.
Dialogue: 0,0:34:36.66,0:34:38.39,Default,,0000,0000,0000,,What is DAC?
Dialogue: 0,0:34:38.39,0:34:41.66,Default,,0000,0000,0000,,DAC stands for\Ndiscretionary, which is also
Dialogue: 0,0:34:41.66,0:34:43.04,Default,,0000,0000,0000,,called as a distribution.
Dialogue: 0,0:34:43.04,0:34:46.77,Default,,0000,0000,0000,,
Dialogue: 0,0:34:46.77,0:34:49.37,Default,,0000,0000,0000,,Before marriage,\Nmy life, my rule.
Dialogue: 0,0:34:49.37,0:34:53.01,Default,,0000,0000,0000,,Same like that, which is called\Nas a distributed access control.
Dialogue: 0,0:34:53.01,0:34:55.01,Default,,0000,0000,0000,,What is the meaning\Nof that is, suppose
Dialogue: 0,0:34:55.01,0:34:57.94,Default,,0000,0000,0000,,this is the system we\Nhave, system A. OK.
Dialogue: 0,0:34:57.94,0:35:03.82,Default,,0000,0000,0000,,So we have a user 1, we have a\Nuser 2, and we have a user 3.
Dialogue: 0,0:35:03.82,0:35:07.93,Default,,0000,0000,0000,,User 1 login into the system\Nand he create a folder,
Dialogue: 0,0:35:07.93,0:35:10.39,Default,,0000,0000,0000,,but he deny user 2 and user 3.
Dialogue: 0,0:35:10.39,0:35:14.37,Default,,0000,0000,0000,,User 2 login into the folder,\Nuser login to the system,
Dialogue: 0,0:35:14.37,0:35:15.61,Default,,0000,0000,0000,,and he create a folder.
Dialogue: 0,0:35:15.61,0:35:17.68,Default,,0000,0000,0000,,He deny user 1 and user 3.
Dialogue: 0,0:35:17.68,0:35:20.49,Default,,0000,0000,0000,,User 3 login into the\Nsystem, he create a folder,
Dialogue: 0,0:35:20.49,0:35:22.59,Default,,0000,0000,0000,,and he deny other two.
Dialogue: 0,0:35:22.59,0:35:24.70,Default,,0000,0000,0000,,So same your\Nworkgroup environment.
Dialogue: 0,0:35:24.70,0:35:28.18,Default,,0000,0000,0000,,When you login into your laptop\Nor desktop, you create a folder.
Dialogue: 0,0:35:28.18,0:35:30.72,Default,,0000,0000,0000,,You deny your family member.
Dialogue: 0,0:35:30.72,0:35:33.70,Default,,0000,0000,0000,,One of your family member has\Naccess to that particular system
Dialogue: 0,0:35:33.70,0:35:35.53,Default,,0000,0000,0000,,and they create the\Nfolder, they deny other.
Dialogue: 0,0:35:35.53,0:35:38.19,Default,,0000,0000,0000,,So this is called as a\Ndiscretionary, distributed
Dialogue: 0,0:35:38.19,0:35:40.62,Default,,0000,0000,0000,,access control, where\Nthe multiple parties are
Dialogue: 0,0:35:40.62,0:35:43.42,Default,,0000,0000,0000,,involved in giving an\Nauthorizing access.
Dialogue: 0,0:35:43.42,0:35:45.21,Default,,0000,0000,0000,,But when we're talking\Nabout the mandatory,
Dialogue: 0,0:35:45.21,0:35:49.21,Default,,0000,0000,0000,,it is a default system access\Nused in a military and all that.
Dialogue: 0,0:35:49.21,0:35:51.31,Default,,0000,0000,0000,,And the best example\Nis in your windows,
Dialogue: 0,0:35:51.31,0:35:53.64,Default,,0000,0000,0000,,if you really want\Nto modify the CMD
Dialogue: 0,0:35:53.64,0:35:55.83,Default,,0000,0000,0000,,or you want to access\Nany application,
Dialogue: 0,0:35:55.83,0:35:57.67,Default,,0000,0000,0000,,you need to run as\Nan administrator.
Dialogue: 0,0:35:57.67,0:35:58.81,Default,,0000,0000,0000,,That is a mandatory thing.
Dialogue: 0,0:35:58.81,0:36:00.27,Default,,0000,0000,0000,,So it's an access\Ncontrol, which is
Dialogue: 0,0:36:00.27,0:36:02.71,Default,,0000,0000,0000,,default embedded in the system.
Dialogue: 0,0:36:02.71,0:36:04.95,Default,,0000,0000,0000,,And that is called as\Na centralized access
Dialogue: 0,0:36:04.95,0:36:07.72,Default,,0000,0000,0000,,control, which is also\Ncalled as an NDAC.
Dialogue: 0,0:36:07.72,0:36:10.33,Default,,0000,0000,0000,,So MAC is a system-based access.
Dialogue: 0,0:36:10.33,0:36:12.03,Default,,0000,0000,0000,,They have a predefined logics.
Dialogue: 0,0:36:12.03,0:36:14.74,Default,,0000,0000,0000,,In CMD, if you want to\Nperform some admin command,
Dialogue: 0,0:36:14.74,0:36:16.44,Default,,0000,0000,0000,,you need to run as a CMD.
Dialogue: 0,0:36:16.44,0:36:18.39,Default,,0000,0000,0000,,In the Linux, if\Nyou want to perform
Dialogue: 0,0:36:18.39,0:36:21.76,Default,,0000,0000,0000,,any kind of a admin activity,\Nyou need to run sudo command.
Dialogue: 0,0:36:21.76,0:36:24.75,Default,,0000,0000,0000,,It is a mandatory\Naccess control.
Dialogue: 0,0:36:24.75,0:36:28.26,Default,,0000,0000,0000,,So when you're talking\Nabout authentication,
Dialogue: 0,0:36:28.26,0:36:31.66,Default,,0000,0000,0000,,authentication basically\Nhas a three factors.
Dialogue: 0,0:36:31.66,0:36:33.87,Default,,0000,0000,0000,,Something you know, which\Nis your password, which
Dialogue: 0,0:36:33.87,0:36:36.64,Default,,0000,0000,0000,,is easy to compromise;\Nsomething you have,
Dialogue: 0,0:36:36.64,0:36:39.85,Default,,0000,0000,0000,,which is called as a ownership,\Nand something you are,
Dialogue: 0,0:36:39.85,0:36:42.28,Default,,0000,0000,0000,,which is a biometric, and\Nsomewhere you are nowadays.
Dialogue: 0,0:36:42.28,0:36:46.12,Default,,0000,0000,0000,,So token device and one-time\Npassword is something you have,
Dialogue: 0,0:36:46.12,0:36:47.50,Default,,0000,0000,0000,,which is called as a ownership.
Dialogue: 0,0:36:47.50,0:36:49.33,Default,,0000,0000,0000,,Next is called as\Na single sign-on.
Dialogue: 0,0:36:49.33,0:36:50.97,Default,,0000,0000,0000,,Single sign-on means\Nyou log in once
Dialogue: 0,0:36:50.97,0:36:53.07,Default,,0000,0000,0000,,and access the\Nmultiple resources.
Dialogue: 0,0:36:53.07,0:36:55.08,Default,,0000,0000,0000,,An example, imagine like--
Dialogue: 0,0:36:55.08,0:36:57.66,Default,,0000,0000,0000,,
Dialogue: 0,0:36:57.66,0:37:00.46,Default,,0000,0000,0000,,when you're talking about a\Nsingle sign-on, one example
Dialogue: 0,0:37:00.46,0:37:01.87,Default,,0000,0000,0000,,we have about Gmail.
Dialogue: 0,0:37:01.87,0:37:05.20,Default,,0000,0000,0000,,So you open the gmail.com,\Nyou log in to the Gmail,
Dialogue: 0,0:37:05.20,0:37:10.17,Default,,0000,0000,0000,,and from there, you open\Ndoc, D-O-C, dot google.com.
Dialogue: 0,0:37:10.17,0:37:11.50,Default,,0000,0000,0000,,It doesn't ask for the password.
Dialogue: 0,0:37:11.50,0:37:12.73,Default,,0000,0000,0000,,Then you type YouTube.
Dialogue: 0,0:37:12.73,0:37:14.08,Default,,0000,0000,0000,,It doesn't ask for the password.
Dialogue: 0,0:37:14.08,0:37:15.21,Default,,0000,0000,0000,,Then you type any document.
Dialogue: 0,0:37:15.21,0:37:16.54,Default,,0000,0000,0000,,It doesn't ask for the password.
Dialogue: 0,0:37:16.54,0:37:18.49,Default,,0000,0000,0000,,When you open Drive, it\Ndoesn't ask for the password.
Dialogue: 0,0:37:18.49,0:37:20.56,Default,,0000,0000,0000,,So that is the best\Nexample of single sign-on.
Dialogue: 0,0:37:20.56,0:37:22.05,Default,,0000,0000,0000,,You need to authenticate once.
Dialogue: 0,0:37:22.05,0:37:24.93,Default,,0000,0000,0000,,And based on that, you can able\Nto access any number of services
Dialogue: 0,0:37:24.93,0:37:25.84,Default,,0000,0000,0000,,of a Gmail.
Dialogue: 0,0:37:25.84,0:37:29.23,Default,,0000,0000,0000,,But single sign-on is a concept\Nwe use within a one domain.
Dialogue: 0,0:37:29.23,0:37:31.41,Default,,0000,0000,0000,,But federation, I'm\Nsorry for the spelling.
Dialogue: 0,0:37:31.41,0:37:32.06,Default,,0000,0000,0000,,In hurry.
Dialogue: 0,0:37:32.06,0:37:32.56,Default,,0000,0000,0000,,I'm sorry.
Dialogue: 0,0:37:32.56,0:37:34.09,Default,,0000,0000,0000,,I can correct that.
Dialogue: 0,0:37:34.09,0:37:37.38,Default,,0000,0000,0000,,So federation is basically where\Nyou authenticate with one domain
Dialogue: 0,0:37:37.38,0:37:38.65,Default,,0000,0000,0000,,and access the other domain.
Dialogue: 0,0:37:38.65,0:37:41.40,Default,,0000,0000,0000,,So federation we use\Nbetween the two companies,
Dialogue: 0,0:37:41.40,0:37:42.84,Default,,0000,0000,0000,,between the two domain.
Dialogue: 0,0:37:42.84,0:37:57.61,Default,,0000,0000,0000,,Example like we have a\Nbooking.com and we have a Gmail.
Dialogue: 0,0:37:57.61,0:38:02.47,Default,,0000,0000,0000,,I'm sure you have noticed\Nuser went to booking.com.
Dialogue: 0,0:38:02.47,0:38:04.70,Default,,0000,0000,0000,,Now booking.com\Ngiving him option,
Dialogue: 0,0:38:04.70,0:38:07.16,Default,,0000,0000,0000,,log in with your\NGoogle ID or sign up.
Dialogue: 0,0:38:07.16,0:38:11.26,Default,,0000,0000,0000,,Definitely to save time, I will\Nselect login with the Gmail ID.
Dialogue: 0,0:38:11.26,0:38:13.99,Default,,0000,0000,0000,,So booking.com redirect\Nuser to the Gmail.
Dialogue: 0,0:38:13.99,0:38:16.39,Default,,0000,0000,0000,,To the Gmail, I will\Nbasically provide my username
Dialogue: 0,0:38:16.39,0:38:19.09,Default,,0000,0000,0000,,and password, and against that\NGmail provide the authorization
Dialogue: 0,0:38:19.09,0:38:22.18,Default,,0000,0000,0000,,ticket, and that authentication\Nticket or authorization ticket
Dialogue: 0,0:38:22.18,0:38:24.43,Default,,0000,0000,0000,,I will provide to Booking,\Nwhich confirm, yes, you are
Dialogue: 0,0:38:24.43,0:38:25.69,Default,,0000,0000,0000,,the authorized user of Gmail.
Dialogue: 0,0:38:25.69,0:38:28.13,Default,,0000,0000,0000,,And based on that booking.com,\Nprovide the resource.
Dialogue: 0,0:38:28.13,0:38:31.21,Default,,0000,0000,0000,,So in this case, Gmail\Nis the identity provider
Dialogue: 0,0:38:31.21,0:38:34.15,Default,,0000,0000,0000,,who verify your identity\Nand booking.com is
Dialogue: 0,0:38:34.15,0:38:36.29,Default,,0000,0000,0000,,a service provider who\Nprovide you services.
Dialogue: 0,0:38:36.29,0:38:43.01,Default,,0000,0000,0000,,So federation is basically used\Nacross the multiple systems.
Dialogue: 0,0:38:43.01,0:38:45.52,Default,,0000,0000,0000,,Biometric establish\Nthe strongest form
Dialogue: 0,0:38:45.52,0:38:47.54,Default,,0000,0000,0000,,of accountability,\Nwhich cannot be spoofed.
Dialogue: 0,0:38:47.54,0:38:49.61,Default,,0000,0000,0000,,So we have a two scanners.
Dialogue: 0,0:38:49.61,0:38:50.58,Default,,0000,0000,0000,,One is called retina.
Dialogue: 0,0:38:50.58,0:38:53.38,Default,,0000,0000,0000,,
Dialogue: 0,0:38:53.38,0:38:57.25,Default,,0000,0000,0000,,And we have a second\Nis called as a iris.
Dialogue: 0,0:38:57.25,0:39:03.97,Default,,0000,0000,0000,,Iris is-- so when you're\Ntalking about retina,
Dialogue: 0,0:39:03.97,0:39:06.65,Default,,0000,0000,0000,,retina scan the blood\Nvessel of your eyes.
Dialogue: 0,0:39:06.65,0:39:12.10,Default,,0000,0000,0000,,OK, very accurate, but difficult\Nto implement because it has
Dialogue: 0,0:39:12.10,0:39:14.95,Default,,0000,0000,0000,,acceptance issues,\Nwhereas the iris
Dialogue: 0,0:39:14.95,0:39:16.58,Default,,0000,0000,0000,,is accurate with acceptance.
Dialogue: 0,0:39:16.58,0:39:18.41,Default,,0000,0000,0000,,If you ask me which\Nwas more accurate,
Dialogue: 0,0:39:18.41,0:39:20.35,Default,,0000,0000,0000,,retina is more accurate\Nbecause difficult
Dialogue: 0,0:39:20.35,0:39:22.31,Default,,0000,0000,0000,,to spoof someone's\Nblood vessels.
Dialogue: 0,0:39:22.31,0:39:26.20,Default,,0000,0000,0000,,But iris is a second\Nbest accept and accurate.
Dialogue: 0,0:39:26.20,0:39:28.55,Default,,0000,0000,0000,,When we are going for\Nthe biometric solutions,
Dialogue: 0,0:39:28.55,0:39:31.97,Default,,0000,0000,0000,,as an auditor, we also need\Nto check the privacy policy
Dialogue: 0,0:39:31.97,0:39:35.05,Default,,0000,0000,0000,,because implementing a biometric\Nsystem in the organization
Dialogue: 0,0:39:35.05,0:39:36.83,Default,,0000,0000,0000,,requires the user acceptance.
Dialogue: 0,0:39:36.83,0:39:39.52,Default,,0000,0000,0000,,OK, so acceptance\Nfor the solution
Dialogue: 0,0:39:39.52,0:39:41.18,Default,,0000,0000,0000,,is very less in\Nthe organization.
Dialogue: 0,0:39:41.18,0:39:43.24,Default,,0000,0000,0000,,So we need to review the\Ndata privacy policies
Dialogue: 0,0:39:43.24,0:39:46.25,Default,,0000,0000,0000,,and see how they're going\Nto use the biometric data.
Dialogue: 0,0:39:46.25,0:39:49.63,Default,,0000,0000,0000,,So let me explain you how the\Nbiometric enrollment works.
Dialogue: 0,0:39:49.63,0:39:51.86,Default,,0000,0000,0000,,So whenever you\Nregister for biometric,
Dialogue: 0,0:39:51.86,0:39:53.86,Default,,0000,0000,0000,,suppose this is the\Nscanner we have.
Dialogue: 0,0:39:53.86,0:39:55.83,Default,,0000,0000,0000,,Suppose this is the\Nscanner we have.
Dialogue: 0,0:39:55.83,0:39:59.38,Default,,0000,0000,0000,,
Dialogue: 0,0:39:59.38,0:40:04.13,Default,,0000,0000,0000,,So you place your fingers or you\Nplace your thumb on the scanner.
Dialogue: 0,0:40:04.13,0:40:10.30,Default,,0000,0000,0000,,Scanner will capture the image\Nand stored in a form of minutes.
Dialogue: 0,0:40:10.30,0:40:11.80,Default,,0000,0000,0000,,Minutes we call it--
Dialogue: 0,0:40:11.80,0:40:13.72,Default,,0000,0000,0000,,minutes or metrics we call.
Dialogue: 0,0:40:13.72,0:40:17.80,Default,,0000,0000,0000,,Or you can say in\Na form of template.
Dialogue: 0,0:40:17.80,0:40:19.91,Default,,0000,0000,0000,,It store in a form of template.
Dialogue: 0,0:40:19.91,0:40:22.18,Default,,0000,0000,0000,,So next time when\Nyou place finger,
Dialogue: 0,0:40:22.18,0:40:26.05,Default,,0000,0000,0000,,it basically scan and\Ngenerate that template
Dialogue: 0,0:40:26.05,0:40:28.61,Default,,0000,0000,0000,,and compare against\Nthe stored template.
Dialogue: 0,0:40:28.61,0:40:29.87,Default,,0000,0000,0000,,If it match, it give access.
Dialogue: 0,0:40:29.87,0:40:32.77,Default,,0000,0000,0000,,So this is-- they do like a\None-to-many or many-to-many
Dialogue: 0,0:40:32.77,0:40:34.42,Default,,0000,0000,0000,,identification.
Dialogue: 0,0:40:34.42,0:40:36.53,Default,,0000,0000,0000,,Next important\Nthing audit login.
Dialogue: 0,0:40:36.53,0:40:38.89,Default,,0000,0000,0000,,It's very important\Nto log everything
Dialogue: 0,0:40:38.89,0:40:41.81,Default,,0000,0000,0000,,by which we can able to\Ntrack the accountability.
Dialogue: 0,0:40:41.81,0:40:44.33,Default,,0000,0000,0000,,So audit logging is\Nanother important practice
Dialogue: 0,0:40:44.33,0:40:45.58,Default,,0000,0000,0000,,we need to follow.
Dialogue: 0,0:40:45.58,0:40:50.17,Default,,0000,0000,0000,,The next solution we have a\NDLP, data leak prevention.
Dialogue: 0,0:40:50.17,0:40:53.50,Default,,0000,0000,0000,,Ultimate objective of DLP\Nis to ensure data should not
Dialogue: 0,0:40:53.50,0:40:55.72,Default,,0000,0000,0000,,live in an unauthorized manner.
Dialogue: 0,0:40:55.72,0:40:59.92,Default,,0000,0000,0000,,You have seen a lot of employees\Nuse their confidential data
Dialogue: 0,0:40:59.92,0:41:02.54,Default,,0000,0000,0000,,and they try to send on\Ntheir public portals.
Dialogue: 0,0:41:02.54,0:41:06.02,Default,,0000,0000,0000,,So we need to prevent\Nthis data exfiltration.
Dialogue: 0,0:41:06.02,0:41:07.96,Default,,0000,0000,0000,,Data exfiltration\Ndefinition means
Dialogue: 0,0:41:07.96,0:41:12.55,Default,,0000,0000,0000,,data should not leave the\Norganization environment.
Dialogue: 0,0:41:12.55,0:41:15.86,Default,,0000,0000,0000,,So we have a DLP here,\Nwe have DLP here.
Dialogue: 0,0:41:15.86,0:41:17.53,Default,,0000,0000,0000,,So example I connect\Nthe pen drive
Dialogue: 0,0:41:17.53,0:41:18.95,Default,,0000,0000,0000,,and trying to copy the data.
Dialogue: 0,0:41:18.95,0:41:21.26,Default,,0000,0000,0000,,That is also data leaving\Nin an unauthorized manner,
Dialogue: 0,0:41:21.26,0:41:23.53,Default,,0000,0000,0000,,but DLP there will try to block.
Dialogue: 0,0:41:23.53,0:41:26.36,Default,,0000,0000,0000,,You opening a Gmail and try\Nto upload data on a Gmail.
Dialogue: 0,0:41:26.36,0:41:28.67,Default,,0000,0000,0000,,So there is an endpoint\NDLP or network-based DLP
Dialogue: 0,0:41:28.67,0:41:30.17,Default,,0000,0000,0000,,will try to block the content.
Dialogue: 0,0:41:30.17,0:41:34.73,Default,,0000,0000,0000,,So ultimate goal of a DLP is to\Nprevent the data exfiltration.
Dialogue: 0,0:41:34.73,0:41:37.60,Default,,0000,0000,0000,,It is not a solution\Nintroduced to monitor what is
Dialogue: 0,0:41:37.60,0:41:39.12,Default,,0000,0000,0000,,coming from outside to inside.
Dialogue: 0,0:41:39.12,0:41:39.62,Default,,0000,0000,0000,,No.
Dialogue: 0,0:41:39.62,0:41:42.94,Default,,0000,0000,0000,,It is a solution which monitor\Nwhat is leaving the organization
Dialogue: 0,0:41:42.94,0:41:43.91,Default,,0000,0000,0000,,data.
Dialogue: 0,0:41:43.91,0:41:45.72,Default,,0000,0000,0000,,What is leaving the\Norganization control.
Dialogue: 0,0:41:45.72,0:41:48.33,Default,,0000,0000,0000,,Because internal threat\Nis a difficult threat.
Dialogue: 0,0:41:48.33,0:41:50.22,Default,,0000,0000,0000,,It's a concern for\Nthe organization
Dialogue: 0,0:41:50.22,0:41:54.70,Default,,0000,0000,0000,,and it is the biggest\Nthreat for the organization.
Dialogue: 0,0:41:54.70,0:42:00.62,Default,,0000,0000,0000,,The next thing we have network\Nand endpoint security, most
Dialogue: 0,0:42:00.62,0:42:02.69,Default,,0000,0000,0000,,important section of Domain 5.
Dialogue: 0,0:42:02.69,0:42:05.72,Default,,0000,0000,0000,,Now we have a different\Ntype of circuits.
Dialogue: 0,0:42:05.72,0:42:06.54,Default,,0000,0000,0000,,What is circuit?
Dialogue: 0,0:42:06.54,0:42:10.04,Default,,0000,0000,0000,,Circuit is a link by which\Nwe transfer the data.
Dialogue: 0,0:42:10.04,0:42:12.78,Default,,0000,0000,0000,,So when you're talking about\Ncircuit, the first circuit
Dialogue: 0,0:42:12.78,0:42:14.49,Default,,0000,0000,0000,,they are talking about\Ndedicated circuit.
Dialogue: 0,0:42:14.49,0:42:22.55,Default,,0000,0000,0000,,So we have a user A and we have\Na user B. Same like the circuit
Dialogue: 0,0:42:22.55,0:42:27.05,Default,,0000,0000,0000,,is a link which is basically\Nup between the two party.
Dialogue: 0,0:42:27.05,0:42:30.06,Default,,0000,0000,0000,,And you send the data\Nthrough this link.
Dialogue: 0,0:42:30.06,0:42:33.51,Default,,0000,0000,0000,,Another example is\Nyou call your friend.
Dialogue: 0,0:42:33.51,0:42:34.58,Default,,0000,0000,0000,,So what you have to do?
Dialogue: 0,0:42:34.58,0:42:36.12,Default,,0000,0000,0000,,You need to dial his number.
Dialogue: 0,0:42:36.12,0:42:39.63,Default,,0000,0000,0000,,And once you dial his number,\Nthe link will be established.
Dialogue: 0,0:42:39.63,0:42:40.86,Default,,0000,0000,0000,,And then you communicate.
Dialogue: 0,0:42:40.86,0:42:43.50,Default,,0000,0000,0000,,And once it is done,\Nyou basically discard.
Dialogue: 0,0:42:43.50,0:42:45.06,Default,,0000,0000,0000,,But that is a circuit.
Dialogue: 0,0:42:45.06,0:42:47.07,Default,,0000,0000,0000,,But that is not a dedicated.
Dialogue: 0,0:42:47.07,0:42:48.63,Default,,0000,0000,0000,,It is a temporary circuit.
Dialogue: 0,0:42:48.63,0:42:51.33,Default,,0000,0000,0000,,But dedicated circuit\Nis link is always up.
Dialogue: 0,0:42:51.33,0:42:53.31,Default,,0000,0000,0000,,Whenever you dial,\Nit will be available.
Dialogue: 0,0:42:53.31,0:42:55.41,Default,,0000,0000,0000,,Second is called as\Na switch circuit.
Dialogue: 0,0:42:55.41,0:42:58.04,Default,,0000,0000,0000,,Switch circuit I gave you the\Nexample of the switch circuit
Dialogue: 0,0:42:58.04,0:43:00.80,Default,,0000,0000,0000,,is you dial the person\Nnumber, you temporarily
Dialogue: 0,0:43:00.80,0:43:03.38,Default,,0000,0000,0000,,establish the connection,\Nyou are done, and you finish.
Dialogue: 0,0:43:03.38,0:43:05.79,Default,,0000,0000,0000,,You are done with that and\Nyou can discard the things.
Dialogue: 0,0:43:05.79,0:43:08.27,Default,,0000,0000,0000,,So that is the difference\Nbetween the dedicated and switch
Dialogue: 0,0:43:08.27,0:43:08.97,Default,,0000,0000,0000,,circuit.
Dialogue: 0,0:43:08.97,0:43:11.19,Default,,0000,0000,0000,,We also have a packet\Nswitching technology.
Dialogue: 0,0:43:11.19,0:43:14.51,Default,,0000,0000,0000,,Packet switching technology\Ntoday is used in a 4G.
Dialogue: 0,0:43:14.51,0:43:16.70,Default,,0000,0000,0000,,I am sure you have\Nseen the Jio, Airtel,
Dialogue: 0,0:43:16.70,0:43:19.50,Default,,0000,0000,0000,,and all that offer the packet\Nswitching technology only.
Dialogue: 0,0:43:19.50,0:43:21.45,Default,,0000,0000,0000,,That is why if you\Ndo the WhatsApp call,
Dialogue: 0,0:43:21.45,0:43:23.60,Default,,0000,0000,0000,,it has a better quality\Nthan the voice call
Dialogue: 0,0:43:23.60,0:43:26.60,Default,,0000,0000,0000,,because packet switching\Nwas primarily introduced
Dialogue: 0,0:43:26.60,0:43:28.11,Default,,0000,0000,0000,,for the data transfer.
Dialogue: 0,0:43:28.11,0:43:29.34,Default,,0000,0000,0000,,Let's take an example.
Dialogue: 0,0:43:29.34,0:43:32.06,Default,,0000,0000,0000,,We have a system\NA, we have a system
Dialogue: 0,0:43:32.06,0:43:36.45,Default,,0000,0000,0000,,B. So this is my internet.
Dialogue: 0,0:43:36.45,0:43:37.83,Default,,0000,0000,0000,,We have a routers here.
Dialogue: 0,0:43:37.83,0:43:42.99,Default,,0000,0000,0000,,So what packet switching\Ndoes, we have a data here,
Dialogue: 0,0:43:42.99,0:43:44.67,Default,,0000,0000,0000,,data divided into packets.
Dialogue: 0,0:43:44.67,0:43:46.40,Default,,0000,0000,0000,,So some packets goes\Nthrough this route
Dialogue: 0,0:43:46.40,0:43:48.65,Default,,0000,0000,0000,,and some packet goes\Nthrough this route.
Dialogue: 0,0:43:48.65,0:43:52.43,Default,,0000,0000,0000,,And by end of the day, it\Nget delivered to the B.
Dialogue: 0,0:43:52.43,0:43:55.62,Default,,0000,0000,0000,,It doesn't give assurance in\Nwhat state it basically receive,
Dialogue: 0,0:43:55.62,0:43:57.18,Default,,0000,0000,0000,,but they just send the data.
Dialogue: 0,0:43:57.18,0:43:59.39,Default,,0000,0000,0000,,That is where the packet\Nswitching is primarily
Dialogue: 0,0:43:59.39,0:44:02.61,Default,,0000,0000,0000,,designed for the data transfer,\Nnot for the voice transfer.
Dialogue: 0,0:44:02.61,0:44:04.68,Default,,0000,0000,0000,,That's why if you're\Nin your 4G phone,
Dialogue: 0,0:44:04.68,0:44:07.68,Default,,0000,0000,0000,,you can see the V-O-L-T-E. OK.
Dialogue: 0,0:44:07.68,0:44:10.50,Default,,0000,0000,0000,,And your landline, it's\Nnot having a dial up tones.
Dialogue: 0,0:44:10.50,0:44:11.73,Default,,0000,0000,0000,,It has some other tones.
Dialogue: 0,0:44:11.73,0:44:15.14,Default,,0000,0000,0000,,So today your all\Ncalls is basically
Dialogue: 0,0:44:15.14,0:44:18.71,Default,,0000,0000,0000,,done through VoIP by using\Na packet switching only.
Dialogue: 0,0:44:18.71,0:44:21.53,Default,,0000,0000,0000,,You also need to understand\Nthe different type of networks,
Dialogue: 0,0:44:21.53,0:44:24.32,Default,,0000,0000,0000,,like LAN, which is basically\Na group of computers
Dialogue: 0,0:44:24.32,0:44:28.43,Default,,0000,0000,0000,,within the organization, a group\Nof system over the internet that
Dialogue: 0,0:44:28.43,0:44:33.14,Default,,0000,0000,0000,,is called as a WAN, and access\Nthe storage is called as a SAN.
Dialogue: 0,0:44:33.14,0:44:37.08,Default,,0000,0000,0000,,DNS is a service which translate\Nname to IP and IP to name.
Dialogue: 0,0:44:37.08,0:44:39.68,Default,,0000,0000,0000,,Let's take an example\Nof the smartphone.
Dialogue: 0,0:44:39.68,0:44:42.53,Default,,0000,0000,0000,,It is difficult for you to\Nremember your friend's number.
Dialogue: 0,0:44:42.53,0:44:45.38,Default,,0000,0000,0000,,So what you did, you saved the\Nfriend's number with the name
Dialogue: 0,0:44:45.38,0:44:49.23,Default,,0000,0000,0000,,because human mind remember\Nalphabets over the numbers.
Dialogue: 0,0:44:49.23,0:44:51.93,Default,,0000,0000,0000,,So if I want to call\Nmy friend Pankaj.
Dialogue: 0,0:44:51.93,0:44:54.12,Default,,0000,0000,0000,,So I will type Pankaj Delhi.
Dialogue: 0,0:44:54.12,0:44:57.30,Default,,0000,0000,0000,,So it will see by name and\Nit map with the number.
Dialogue: 0,0:44:57.30,0:44:58.67,Default,,0000,0000,0000,,So automatically\Ndial the number.
Dialogue: 0,0:44:58.67,0:45:01.65,Default,,0000,0000,0000,,Same like you open a\Nbrowser type google.com.
Dialogue: 0,0:45:01.65,0:45:04.07,Default,,0000,0000,0000,,They send the request to\Na specific server which
Dialogue: 0,0:45:04.07,0:45:06.44,Default,,0000,0000,0000,,translate the name\Nto IP, and then it
Dialogue: 0,0:45:06.44,0:45:09.03,Default,,0000,0000,0000,,will redirect you to the\Nparticular web server,
Dialogue: 0,0:45:09.03,0:45:09.63,Default,,0000,0000,0000,,like this way.
Dialogue: 0,0:45:09.63,0:45:13.67,Default,,0000,0000,0000,,So we client and we\Nhave a DNS server here.
Dialogue: 0,0:45:13.67,0:45:16.35,Default,,0000,0000,0000,,And this is my web server.
Dialogue: 0,0:45:16.35,0:45:18.63,Default,,0000,0000,0000,,So client has\Nrequested google.com.
Dialogue: 0,0:45:18.63,0:45:19.83,Default,,0000,0000,0000,,That request goes to DNS.
Dialogue: 0,0:45:19.83,0:45:20.63,Default,,0000,0000,0000,,DNS said, no, boss.
Dialogue: 0,0:45:20.63,0:45:23.49,Default,,0000,0000,0000,,Google.com on 1.1.1.1.
Dialogue: 0,0:45:23.49,0:45:26.28,Default,,0000,0000,0000,,And this is how it\Nredirect to 1.1.1.
Dialogue: 0,0:45:26.28,0:45:28.38,Default,,0000,0000,0000,,And then web server\Nprovide the content.
Dialogue: 0,0:45:28.38,0:45:31.58,Default,,0000,0000,0000,,So DNS is a service which\Ntranslate name to IP and IP
Dialogue: 0,0:45:31.58,0:45:32.43,Default,,0000,0000,0000,,to name.
Dialogue: 0,0:45:32.43,0:45:34.50,Default,,0000,0000,0000,,The next thing is\Ncalled as a DHCP.
Dialogue: 0,0:45:34.50,0:45:37.10,Default,,0000,0000,0000,,DHCP is a service\Nwhich basically
Dialogue: 0,0:45:37.10,0:45:40.21,Default,,0000,0000,0000,,provide the automated IP\Naddress to all the systems.
Dialogue: 0,0:45:40.21,0:45:42.91,Default,,0000,0000,0000,,It is difficult to manage\Nthe IPs in every system.
Dialogue: 0,0:45:42.91,0:45:45.39,Default,,0000,0000,0000,,So what I need, I want\Na one centralized server
Dialogue: 0,0:45:45.39,0:45:49.15,Default,,0000,0000,0000,,from where I need to assign the\NIP address to all the clients.
Dialogue: 0,0:45:49.15,0:45:52.24,Default,,0000,0000,0000,,The next important topic\Nis called as a topology.
Dialogue: 0,0:45:52.24,0:45:55.19,Default,,0000,0000,0000,,Topology is provide the\Nlayout of the network.
Dialogue: 0,0:45:55.19,0:45:57.97,Default,,0000,0000,0000,,And then we have a media type.
Dialogue: 0,0:45:57.97,0:46:00.30,Default,,0000,0000,0000,,So we have a twisted\Npair and fiber optic.
Dialogue: 0,0:46:00.30,0:46:02.01,Default,,0000,0000,0000,,Twisted pair are\Ntwisted together
Dialogue: 0,0:46:02.01,0:46:03.82,Default,,0000,0000,0000,,by which it reduces\Nthe attenuation.
Dialogue: 0,0:46:03.82,0:46:04.65,Default,,0000,0000,0000,,What is attenuation?
Dialogue: 0,0:46:04.65,0:46:06.13,Default,,0000,0000,0000,,Is loss of signal.
Dialogue: 0,0:46:06.13,0:46:10.71,Default,,0000,0000,0000,,Fiber optic is basically\Nproviding a very effective
Dialogue: 0,0:46:10.71,0:46:14.67,Default,,0000,0000,0000,,speed, and it is having a low\Nlatency and better than twisted
Dialogue: 0,0:46:14.67,0:46:18.24,Default,,0000,0000,0000,,pair to send the sensitive data.
Dialogue: 0,0:46:18.24,0:46:22.21,Default,,0000,0000,0000,,So this is the first part\Nof this particular series.
Dialogue: 0,0:46:22.21,0:46:24.90,Default,,0000,0000,0000,,I'm planning to make\Nanother series next week
Dialogue: 0,0:46:24.90,0:46:27.19,Default,,0000,0000,0000,,and we'll see what can be done.
Dialogue: 0,0:46:27.19,0:46:29.50,Default,,0000,0000,0000,,This is just a first\Npart of the Domain 5.
Dialogue: 0,0:46:29.50,0:46:32.82,Default,,0000,0000,0000,,If you find this video useful,\Ndo share your feedback and do
Dialogue: 0,0:46:32.82,0:46:34.83,Default,,0000,0000,0000,,let me know what are\Nthe other videos should
Dialogue: 0,0:46:34.83,0:46:36.16,Default,,0000,0000,0000,,I make on the CISA?
Dialogue: 0,0:46:36.16,0:46:38.09,Default,,0000,0000,0000,,Thank you.