Downloaded 24 times
More Related Content
![Overview of the Cyber Kill Chain [TM]](https://cdn.slidesharecdn.com/ss_thumbnails/cybersecuritykillchain8-161209191549-thumbnail.jpg?width=640&height=640&fit=bounds)
Similar to Comptia security plus domain SYO 701.pdf
Comptia security plus domain SYO 701.pdf
- 1.
- 2. Security Controls Categories Security Control FunctionalTypes Preventive: Stop incidents from happening; e.g., firewalls, antivirus software Corrective: Resolve incidents after they occur; e.g., patches, backups Detective: Identify and alert on incidents; e.g., intrusion detection systems, log monitors Administrative: Policies and procedures; e.g., security training, ackground checks Physical: Physical barriers; e.g., locks, security guards Technical: Technology-based controls; e.g., encryption, authentication mechanisms DOMAIN 1: GENERAL SECURITY CONCEPTS (12%) DOMAIN 1 1.1 COMPARE AND CONTRAST VARIOUS TYPES OF SECURITY CONTROLS www.infosectrain.com # l e a r n t o r i s e
- 3. www.infosectrain.com # l e a r n t o r i s e DOMAIN 1: GENERALSECURITY CONCEPTS (12%) DOMAIN 1 1.2 SUMMARIZE FUNDAMENTAL SECURITY CONCEPTS Core Principles Key Concepts Confidentiality: Ensuring information is not disclosed to unauthorized individuals; e.g., encryption Availability (CIA): Ensuring information is accessible when needed; e.g., redundancy Integrity: Ensuring information is not altered by unauthorized individuals; e.g., hashing Authentication, Authorization, Accounting (AAA): Identifying users, granting access, and tracking actions; e.g., login systems Non-repudiation: Preventing denial of action; e.g., digital signatures Zero Trust Model: Assuming all network traffic is untrusted; e.g., microsegmentation, least privilege access control Physical Security: Protecting physical assets; e.g., surveillance cameras Gap Analysis: Identifying differences between current and desired security postures; e.g., security assessments, vulnerability scanning
- 4. Managing Business ProcessChanges: Maintaining security; e.g., implementing new software Change Management in Security Technical Implications: Understanding how changes affect security; e.g., system upgrades, patching Integration of Security Measures: Ensuring new changes adhere to security policies; e.g., security reviews Documentation: Keeping records of changes; e.g., change logs www.infosectrain.com # l e a r n t o r i s e DOMAIN 1: GENERAL SECURITY CONCEPTS (12%) DOMAIN 1 1.3 EXPLAIN THE IMPORTANCE OF CHANGE MANAGEMENT PROCESSES AND THE IMPACT TO SECURITY
- 5. www.infosectrain.com # l e a r n t o r i s e DOMAIN 1: GENERALSECURITY CONCEPTS (12%) 1.4 EXPLAIN THE IMPORTANCE OF USING APPROPRIATE CRYPTOGRAPHIC SOLUTIONS DOMAIN 1 Encryption and Obfuscation: Protecting data confidentiality; e.g., AES encryption, VPNs Public Key Infrastructure (PKI): Framework for encryption and digital signatures; e.g., SSL certificates Hashing and Salting: Protecting stored passwords; e.g., password storage Blockchain and Open Public Ledgers: Ensuring data integrity in distributed systems; e.g., Bitcoin Certificates: Validating identities; e.g., HTTPS websites Digital Signatures: Ensuring data integrity and on-repudiation; e.g., email signing Key Stretching: Enhancing password security; e.g., PBKDF2, bcrypt Cryptographic Solutions for Security
- 6. To Get MoreInsights Through Our FREE FOUND THIS USEFUL? Courses | Workshops | eBooks | Checklists | Mock Tests LIKE FOLLOW SHARE