CompTIA Security_ Deluxe Study Guide_ SY0-201 - Emmett Dulaney [247]
Your job as a security professional includes keeping yourself up-to-date on current issues as well as informing affected parties of changes occurring in the industry and new threats. Numerous trade publications and websites are available to help you and to educate decision makers in your organization.
The process of raising sensitivity about security is part of a security-awareness program. This program should include communications about the nature of the issues, education about policies and procedures, and clear support from management.
For an organization to stay on top of security issues, it must keep operating systems, applications, and network devices up-to-date. Policies must be kept current as the environment changes, and personal development initiatives of individuals must be considered. This helps the organization stay current and provides a growing base of knowledge.
Numerous security and privacy regulations affect security management and your environment. These laws or acts govern privacy, security, and the use of information systems and resources. Become aware of them and the impact they have on your organization.
Exam Essentials
Be able to explain the process used to educate an organization about security issues. The four major aspects of a security management policy are communications, user awareness, education, and online resources. Communication should be ongoing and help the organization make decisions about security requirements and threats. A user-awareness program helps individuals in an organization understand how to implement policies, procedures, and technologies to ensure effective security. A wealth of online information is available to help you learn about current trends in the field. One of your primary responsibilities should be staying current on threats and trends.
Understand the elements of documentation needed to maintain an effective security management program. The documentation that an organization needs to develop for an effective security management process includes numerous policies. The collection of these policies is based on the best practices in the industry; they provide a comprehensive guide for developing an effective security program.
Hands-On Labs
The labs in this chapter are as follows:
Lab 9.1: Configure Windows Automatic Updates
Lab 9.2: Run the Microsoft Baseline Security Analyzer
Lab 9.1: Configure Windows Automatic Updates
One of the most important things you can do to keep your systems secure is to keep them up-to-date. In this lab, you’ll turn on Automatic Updates for a Windows XP Professional workstation:
1. Start the System applet by choosing Start Control Panel System.
2. Click the Automatic Updates tab.
3. Check the Keep My Computer Up To Date option (with some service packs, this becomes simply an Automatic radio button).
4. In the Settings section, choose the Download the Updates Automatically and Notify Me When They Are Ready to Be Installed radio button (based upon the version of service pack you have installed, this option may not be present).
5. Click OK, and exit the System applet.
This option allows the operating system to download and install updates as they become available. Some updates—such as service packs—usually require a reboot in order to be active after the installation.
Lab 9.2: Run the Microsoft Baseline Security Analyzer
The Microsoft Baseline Security Analyzer (MBSA) currently works with Microsoft Windows Sever 2003/2008, as well as Windows Vista, Windows XP, and Windows 2000. It allows you to scan a system and identify weaknesses and misconfigurations. To run MBSA, follow these steps:
1. Log in with administrator privileges and download the latest version of MBSA from http://technet.microsoft.com/en-us/security/cc184924.aspx.
2. When prompted, choose