Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Meeting the Cybersecurity Skills Challenge with CompTIA Security+

160 views

Published on

In this document:
- Meeting the Cybersecurity Skills Challenge with CompTIA Security+
- Measuring CompTIA Security+ Difficulty
- Why Hybrid Testing Approaches Work Best
- Mapping the NICE Cybersecurity Workforce Framework

Published in: Career
  • Be the first to comment

  • Be the first to like this

Meeting the Cybersecurity Skills Challenge with CompTIA Security+

  1. 1. • Risk: Identify risk and participate in risk mitigation activities. • Operational Security: Provide infrastructure, application, information and operational security. • Security Controls: Apply security controls to maintain confidentiality, integrity and availability. • Technology and Troubleshooting: Identify appropriate technologies and products and troubleshoot security events and incidents. • Governance: Operate with an awareness of applicable policies, laws and regulations. CompTIA Security+ certification validates foundational cybersecurity skills. As cybersecurity skills grow more complex, the baseline continues to rise. These trends are reflected in the Security+ exam, which has become more difficult over the years. Why? The Subject Matter Experts who participate in our job task analysis workshops report that their jobs are more complicated. Their employers expect them to know more and do more than ever before. This change is reflected in the exam objectives they help write for CompTIA, which in turn produces a more difficult exam that is harder to pass. CompTIA exams reflect a maturing cybersecurity landscape that is becoming more challenging. Security+ addresses the increased diversity of knowledge, skills and abilities (KSAs) required of today’s cybersecurity professionals and validates the baseline cybersecurity skills required to perform effectively on the job. The CompTIA Security+ certification is a vendor-neutral, internationally recognized credential used by organizations and security professionals around the globe to validate foundation- and intermediate-level cybersecurity KSAs. Topics include: Individuals entering the cybersecurity profession now need to do more than list, identify and define security techniques. They are expected to interpret, apply and configure solutions. Meeting the Cybersecurity Skills Challenge with CompTIA Security+ In this document: • Meeting the Cybersecurity Skills Challenge with CompTIA Security+ • Measuring CompTIA Security+ Difficulty • Why Hybrid Testing Approaches Work Best • Mapping the NICE Cybersecurity Work- force Framework of the exam objectives require application or analysis of domain knowledge, an increase of 19 percent over the previous exam 63% Measuring CompTIA Security+ Difficulty Using Bloom’s Taxonomy as an organizing principle to discuss the difficulty level of the exam illustrates the emphasis on the application of KSAs, rather than the simple recall of information. Looking at the exam objectives, 63 percent require candidates to demonstrate their knowledge at Bloom’s Level 3 (apply) and Level 4 (analyze). The following table summarizes the percentage of certification exam objectives that fall into each of Bloom’s level. 1
  2. 2. Bloom’s Level and Description Level of Complexity SY0-301 (Previous Exam) SY0-401 (Current Exam) Level 1: Remembering/Recalling Information The candidate is able to recall, restate and remember learned information. Basic 5% 0% Level 2: Understanding/Explaining Ideas or Concepts The learner grasps the meaning of information by interpreting and translating what has been learned. Low 53% 37% Level 3: Applying Knowledge and Skills The learner makes use of information in a new situation from the one in which it was learned. Moderate 11% 5% Level 4: Analyzing The learner breaks learned information into parts to best understand that information in an attempt to identify evidence for a conclusion. High 31% 58% Level 5: Evaluating The learner makes decisions based on in depth reflection, criticism and assessment. Level 6: Creating The learner creates new ideas and information using what has been previously learned. Security+ Executive Summary Why Hybrid Testing Approaches Work Best Over the past several years, cybersecurity practitioners and educators have debated as to which of the following is more important to validate: 1. An individual’s conceptual knowledge, as validated by “linear” multiple choice items, or 2. Performance associated with a particular job or responsibility, as validated by performance-based items. Advocates for each of these two aspects of validation often hold one of the approaches as superior over the other, with most individuals favoring only performance-based items. CompTIA regards this rift in opinion as a false dilemma. Both domain knowledge expertise and practical skills are absolutely vital and should be a part of any serious competency training and validation process. Both knowledge- and performance-based aspects are necessary for training, and nothing can substitute for hands-on learning. The same principle applies to assessment. This is why CompTIA adopted performance-based items into its certification exams starting in 2011. To emphasize the growing complexity, the current SY0-401 exam contains almost twice as many Level 4 objectives than the previous SY0-301 exam. As a result of this increased level of competence individuals need to demonstrate, the current exam has more scenario-based, or story- based, items, which require individuals to weigh several facts and issues and make an appropriate choice based on the information given. CompTIA has verified that these questions are clearly worded and that qualified individuals have sufficient time to complete the items. Additionally, the current Security+ exam has more objectives that lend themselves to simulation-based questions. The SY0-301 exam had six objectives that required individuals to go through simulations or answer scenario-based questions, and the current SY0-401 exam contains 12 such objectives. 2
  3. 3. Work Role Description Matching CompTIA Security+ Objectives (Samples) Cyber Defense Infrastructure Support Specialist PR-INF-001 Tests, implements, deploys, maintains and administers the infrastructure hardware and software. 1.1 — Implement security configuration parameters on network devices and other technologies 1.2 — Given a scenario, use secure network administration principles 1.3 — Explain network design elements and components 1.4 — Given a scenario, implement common protocols and services 1.5 — Given a scenario, troubleshoot security issues related to wireless networking Security Control Assessor SP-RM-002 Conducts independent comprehensive assessments of the management, operational and technical security controls and control enhancements employed within or inherited by an information technology (IT) system to determine the overall effectiveness of the controls (as defined in NIST 800-37). 2.1 — Explain the importance of risk-related concepts 2.2 — Summarize the security implications of integrating systems and data with third parties 2.3 — Given a scenario, implement appropriate risk mitigation strategies 2.8 — Summarize risk management best practices 2.9 — Given a scenario, select the appropriate control to meet the goals of security 5.1 — Compare and contrast the function and purpose of authentication services 5.2 — Given a scenario, select the appropriate authentication, authorization or access control 5.3 — Install and configure security controls when performing account management, based on best practices Secure Software Assessor SP-DEV-002 Analyzes the security of new or existing computer applications, software or specialized utility programs and provides actionable results. 1.1 — Implement security configuration parameters on network devices and other technologies 2.2 — Summarize the security implications of integrating systems and data with third parties 3.5 — Explain types of application attacks 3.6 — Analyze a scenario and select the appropriate type of mitigation and deterrent techniques 4.1 — Explain the importance of application security controls and techniques 4.2 — Summarize mobile security concepts and technologies 4.3 — Given a scenario, select the appropriate solution to establish host security The following CompTIA exams contain roughly 10 percent performance-based items: On average, it takes a test taker roughly one-third of the examination time to complete these performance- based items. Performance-based items include simulations of technology solutions and story-based items that require advanced cognitive thinking on the part of the successful test taker. Mapping the NICE Cybersecurity Workforce Framework CompTIA Security+ aligns to the following five work roles identified by the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework (NCWF), draft NIST special publication 800-181: In addition, many work roles are built upon the baseline skills taught in Security+. Following are examples of some of the work roles that contain approximately 50 percent of Security+ skills: This mapping is a sample of how CompTIA’s certification standards map to key elements of the NICE framework. Security+ Executive Summary • Cyber Defense Infrastructure Support Specialist, PR-INF-001 • Security Control Assessor, SP-RM-002 • Secure Software Assessor, SP-DEV-002 • Research and Development Specialist, SP-RD-001 • System Testing and Evaluation Specialist, SP-TE-001 • Systems Security Analyst, OM-AN-001 • Cyber Defense Analyst, PR-DA-001 • Cyber Defense Incident Responder, PR-IR-001 • Vulnerability Assessment Analyst, PR-VA-001 A+ | Network+ | Security+ | Cybersecurity Analyst (CSA+) | CompTIA Advanced Security Practitioner (CASP) 3
  4. 4. Work Role Description Matching CompTIA Security+ Objectives (Samples) Research and Development Specialist SP-RD-001 Conducts software and systems engineering and software systems research in order to develop new capabilities, ensuring cybersecurity is fully integrated. Conducts comprehensive technology research to evaluate potential vulnerabilities in cyberspace systems. 2.1 — Explain the importance of risk-related concepts 3.1 — Explain types of malware 3.2 — Summarize various types of attacks 3.3 — Summarize social engineering attacks and the associated effectiveness with each attack 3.4 — Explain types of wireless attacks 3.5 — Explain types of application attacks 3.6 — Analyze a scenario and select the appropriate type of mitigation and deterrent techniques 3.7 — Given a scenario, use appropriate tools and techniques to discover security threats and vulnerabilities 4.1 — Explain the importance of application security controls and techniques 4.2 — Summarize mobile security concepts and technologies 4.3 — Given a scenario, select the appropriate solution to establish host security 4.4 — Implement the appropriate controls to ensure data security 4.5 — Compare and contrast alternative methods to mitigate security risks in static environments 5.1 — Compare and contrast the function and purpose of authentication services 5.2 — Given a scenario, select the appropriate authentication, authorization or access control System Testing and Evaluation Specialist SP-TE-001 Plans, prepares and executes tests of systems to evaluate results against specifications and requirements as well as analyze/report test results. 2.8 — Summarize risk management best practices 2.9 — Given a scenario, select the appropriate control to meet the goals of security 3.8 — Explain the proper use of penetration testing versus vulnerability scanning 4.3 — Given a scenario, select the appropriate solution to establish host security The following work roles contain approximately 50 percent Security+ skills: Systems Security Analyst OM-AN-001 Analyzes and develops the integration, testing, operations and maintenance of systems security. 2.1 — Explain the importance of risk-related concepts 2.2 — Summarize the security implications of integrating systems and data with third parties 2.3 — Given a scenario, implement appropriate risk mitigation strategies 2.4 — Given a scenario, implement basic forensic procedures 2.5 — Summarize common incident response procedures 2.6 — Explain the importance of security- related awareness and training 2.7 — Compare and contrast physical security and environmental controls 2.8 — Summarize risk management best practices 2.9 — Given a scenario, select the appropriate control to meet the goals of security 6.1 — Given a scenario, utilize general cryptography concepts 6.2 — Given a scenario, use appropriate cryptographic methods 6.3 — Given a scenario, use appropriate public key infrastructure (PKI), certificate management and associated components Security+ Executive Summary 4
  5. 5. Work Role Description Matching CompTIA Security+ Objectives (Samples) Cyber Defense Analyst PR-DA-001 Uses data collected from a variety of cyber-defense tools (e.g., intrusion detection system (IDS) alerts, firewalls, network traffic logs) to analyze events that occur within their environments for the purposes of mitigating threats. 3.1 — Explain types of malware 3.2 — Summarize various types of attacks 3.3 — Summarize social engineering attacks and the associated effectiveness with each attack 3.4 — Explain types of wireless attacks 3.5 — Explain types of application attacks 3.6 — Analyze a scenario and select the appropriate type of mitigation and deterrent techniques 3.7 — Given a scenario, use appropriate tools and techniques to discover security threats and vulnerabilities 4.1 — Explain the importance of application security controls and techniques 4.2 — Summarize mobile security concepts and technologies 4.3 — Given a scenario, select the appropriate solution to establish host security 4.4 — Implement the appropriate controls to ensure data security 4.5 — Compare and contrast alternative methods to mitigate security risks in static environments Cyber Defense Incident Responder PR-IR-001 Investigates, analyzes and responds to cyber-incidents within the network environment or enclave. 2.4 — Given a scenario, implement basic forensic procedures 2.5 — Summarize common incident response procedures 3.6 — Analyze a scenario and select the appropriate type of mitigation and deterrent techniques Vulnerability Assessment Analyst PR-VA-001 Performs assessments of systems and networks within the network environment or enclave and identifies where those systems/networks deviate from acceptable configurations, enclave policy or local policy. Measures effectiveness of defense-in-depth architecture against known vulnerabilities. 3.7 — Given a scenario, use appropriate tools and techniques to discover security threats and vulnerabilities 3.8 — Explain the proper use of penetration testing versus vulnerability scanning LEARN MORE For government inquiries contact: GovernmentSales@CompTIA.org. For corporate inquiries contact: Jennifer Herroon at jherroon@CompTIA.org Security+ Executive Summary 5
  6. 6. © 2017 CompTIA Properties, LLC, used under license by CompTIA Certifications, LLC. All rights reserved. All certification programs and education related to such programs are operated exclusively by CompTIA Certifications, LLC. CompTIA is a registered trademark of CompTIA Properties, LLC in the U.S. and internationally. Other brands and company names mentioned herein may be trademarks or service marks of CompTIA Properties, LLC or of their respective owners. Reproduction or dissemination prohibited without written consent of CompTIA Properties, LLC. Printed in the U.S. 03724-Apr2017 Security+ Executive Summary 6

×