CompTIA exam study guide presentations by instructor Brian Ferrill, PACE-IT (Progressive, Accelerated Certifications for Employment in Information Technology)
"Funded by the Department of Labor, Employment and Training Administration, Grant #TC-23745-12-60-A-53"
Learn more about the PACE-IT Online program: www.edcc.edu/pace-it
2. Page 2
Instructor, PACE-IT Program – Edmonds Community College
Areas of Expertise Industry Certifications
PC Hardware
Network Administration
IT Project Management
Network Design
User Training
IT Troubleshooting
Qualifications Summary
Education
M.B.A., IT Management, Western Governor’s University
B.S., IT Security, Western Governor’s University
Entrepreneur, executive leader, and proven manger
with 10+ years of experience turning complex issues
into efficient and effective solutions.
Strengths include developing and mentoring diverse
workforces, improving processes, analyzing
business needs and creating the solutions
required— with a focus on technology.
5. Page 5
No matter how a security
control is implemented, it
always has a goal—to keep
systems and data or
personnel and facilities safe.
In some cases, these end goals can be combined;
however, in most cases, they are deployed
separately to achieve the goal. It is not uncommon
for the categories to work together to increase the
overall security of the data and systems.
When the focus is on systems and data, the security
control can be placed into one of three categories.
The categories are: confidentiality, integrity, and
availability (CIA).
Goals of security controls.
6. Page 6
Goals of security controls.
– Confidentiality.
» Using technological controls to ensure that only authorized
personnel can gain access to the information.
• Access control/permissions: explicitly establishing who can
access the information; the person requesting access must
have explicit permission to be able to do so.
• Encryption: using an algorithm to make data unreadable
unless the appropriate security key is present; encryption can
be placed at multiple levels (e.g., file level, storage level, or
the communication channel level).
• Steganography: concealing data (e.g., a text file) within a
graphic file; the person receiving the graphic file must use
steganography software to read the secured data.
» In many cases, access control/permissions and encryption are
used together to increase the confidentiality of data or systems.
7. Page 7
Goals of security controls.
– Integrity.
» Using technological controls to ensure that, when data is sent
from a source, exactly the same data is received at the
destination—in short, authenticating the data.
• Hashing: using a mathematical algorithm to verify that no
change has occurred to the data in transit; once received, the
hashed value of the data is used to ensure that integrity has
been maintained.
• Certificates: a cryptographic means of transporting or
exchanging security keys. Ensures the integrity of the security
keys.
• Digital signatures: using a combination of certificates and
security keys to authenticate the sender of a message or
data—in short, ensuring the integrity of the source.
» Integrity controls are often used in conjunction with
confidentiality controls.
8. Page 8
Goals of security controls.
– Availability.
» Using various control types to ensure that data and systems
are always available when required.
• Fault tolerance: ensuring that that even in the case of a
failure, data is available; can be achieved through multiple
methods (e.g., RAID or server clustering).
• Redundancy: ensuring that systems are always available by
using multiple units (e.g., using a partial mesh topology to
guard against the failure of a network switch).
• Backups: ensuring that data can be recovered in the case of
loss or corruption.
• Patching: ensuring that systems and data are available by
keeping operating systems and configuration files up to
date—a safeguard against common system attacks.
10. Page 10
Security controls should also
be put in place to ensure the
safety of personnel and
facilities.
Often, the responsibility for securing systems and data are
separated from the responsibility to secure personnel and
facilities (but not always). Without the people and facilities, the
systems and data will not do much good. Some security goals
should be put in place with this in mind.
These controls should cover disasters (e.g., fire or earthquake),
personal safety (e.g., all parking lots have adequate lighting), and
outside threats (e.g., controlling access to the facility). The
controls also need to be tested on a periodic basis to ensure that
all people know and understand them.
Goals of security controls.
11. Page 11
Goals of security controls.
When implementing security controls for systems and data, the controls can
usually be broken down into one of three categories: confidentiality,
integrity, or availability (CIA). Confidentiality: uses controls to ensure that
only authorized personnel can gain access to the information. Integrity:
uses controls to ensure that when data is sent from a source that exactly
the same data is received at the destination. Availability: uses controls to
ensure that data and systems are always available when required.
Topic
Confidentiality, integrity, and
availability controls.
Summary
Security controls should also be put in place to ensure the safety of
personnel and facilities. The responsibility for personnel and facility security
is often separated from the responsibility for systems and data security (but
not always). Security controls should be put in place to cover disasters,
personal safety, and to guard against outside threats. All safety controls
should be periodically tested.
Safety controls.
13. This workforce solution was 100 percent funded by a $3 million grant awarded by the
U.S. Department of Labor's Employment and Training Administration. The solution was
created by the grantee and does not necessarily reflect the official position of the U.S.
Department of Labor. The Department of Labor makes no guarantees, warranties, or
assurances of any kind, express or implied, with respect to such information, including
any information on linked sites and including, but not limited to, accuracy of the
information or its completeness, timeliness, usefulness, adequacy, continued availability
or ownership. Funded by the Department of Labor, Employment and Training
Administration, Grant #TC-23745-12-60-A-53.
PACE-IT is an equal opportunity employer/program and auxiliary aids and services are
available upon request to individuals with disabilities. For those that are hearing
impaired, a video phone is available at the Services for Students with Disabilities (SSD)
office in Mountlake Terrace Hall 159. Check www.edcc.edu/ssd for office hours. Call
425.354.3113 on a video phone for more information about the PACE-IT program. For
any additional special accommodations needed, call the SSD office at 425.640.1814.
Edmonds Community College does not discriminate on the basis of race; color; religion;
national origin; sex; disability; sexual orientation; age; citizenship, marital, or veteran
status; or genetic information in its programs and activities.