Concise Guide to CompTIA Security +
3/5
()
About this ebook
The concise guide to the CompTIA + security certification is a fast track book for those that wish to pursue the CompTIA + security certification. It covers every objective of the syllabus with explanations for beginners yet it is still concise and focused so that those with a good understanding of IT and cyber security can master the course work in a matter of hours without having to trawl through 300 pages of text they already know.
Read more from Alasdair Gilchrist
Concise Guide to OTN optical transport networks Rating: 4 out of 5 stars4/5REST API Design Control and Management Rating: 4 out of 5 stars4/5Spreadsheets To Cubes (Advanced Data Analytics for Small Medium Business): Data Science Rating: 0 out of 5 stars0 ratingsGoogle Cloud Platform an Architect's Guide Rating: 5 out of 5 stars5/5Google Cloud Platform for Data Engineering: From Beginner to Data Engineer using Google Cloud Platform Rating: 5 out of 5 stars5/5An Executive Guide to Identity Access Management - 2nd Edition Rating: 4 out of 5 stars4/5Concise Guide to DWDM Rating: 5 out of 5 stars5/5A Practical Guide Wireshark Forensics Rating: 5 out of 5 stars5/5Six Sigma Yellow Belt Certification Study Guide Rating: 0 out of 5 stars0 ratingsA Concise Guide to Microservices for Executive (Now for DevOps too!) Rating: 1 out of 5 stars1/5Supply Chain 4.0: From Stocking Shelves to Running the World Fuelled by Industry 4.0 Rating: 3 out of 5 stars3/5A Concise Guide to Object Orientated Programming Rating: 0 out of 5 stars0 ratingsGoogle Cloud Platform - Networking Rating: 0 out of 5 stars0 ratingsThe Certified Ethical Hacker Exam - version 8 (The concise study guide) Rating: 3 out of 5 stars3/5Digital Success: A Holistic Approach to Digital Transformation for Enterprises and Manufacturers Rating: 0 out of 5 stars0 ratingsThe Layman's Guide GDPR Compliance for Small Medium Business Rating: 5 out of 5 stars5/5Concise and Simple Guide to IP Subnets Rating: 5 out of 5 stars5/5Why Industry 4.0 Sucks! Rating: 0 out of 5 stars0 ratingsA Last Minute Hands-on Guide to GDPR Readiness Rating: 0 out of 5 stars0 ratingsGDPR for DevOp(Sec) - The laws, Controls and solutions Rating: 5 out of 5 stars5/5Tackling Fraud Rating: 4 out of 5 stars4/5PSD2 - Open Banking for DevOps(Sec) Rating: 5 out of 5 stars5/5The Concise Guide to SSL/TLS for DevOps Rating: 5 out of 5 stars5/5An Introduction to SDN Intent Based Networking Rating: 5 out of 5 stars5/5ChatGPT Will Won't Save The World Rating: 0 out of 5 stars0 ratingsFinTech Rising: Navigating the maze of US & EU regulations Rating: 5 out of 5 stars5/5The Concise Guide to the Internet of Things for Executives Rating: 4 out of 5 stars4/5SRS - How to build a Pen Test and Hacking Platform Rating: 2 out of 5 stars2/5Management Accounting for New Managers Rating: 1 out of 5 stars1/5
Related to Concise Guide to CompTIA Security +
Related ebooks
The Certified Ethical Hacker Exam - version 8 (The concise study guide) Rating: 3 out of 5 stars3/5Cyber Security A Complete Guide - 2020 Edition Rating: 0 out of 5 stars0 ratingsSecurity Engineering: CISSP, #3 Rating: 0 out of 5 stars0 ratingsThe Information Systems Security Officer's Guide: Establishing and Managing a Cyber Security Program Rating: 0 out of 5 stars0 ratingsCyber Essentials: A Pocket Guide Rating: 5 out of 5 stars5/5Cybersecurity Design Principles: Building Secure Resilient Architecture Rating: 0 out of 5 stars0 ratingsComputer Incident Response and Forensics Team Management: Conducting a Successful Incident Response Rating: 4 out of 5 stars4/5Security + Study Guide and DVD Training System Rating: 4 out of 5 stars4/5CompTIA Cloud+ Certification All-in-One Exam Guide (Exam CV0-003) Rating: 5 out of 5 stars5/5CompTIA CySA+ Cybersecurity Analyst Certification Passport (Exam CS0-002) Rating: 5 out of 5 stars5/5CompTIA Security+ Certification Study Guide, Fourth Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5Mike Meyers' CompTIA Security+ Certification Guide, Third Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5CompTIA Security+ All-in-One Exam Guide, Sixth Edition (Exam SY0-601)) Rating: 3 out of 5 stars3/5CompTIA Security+ Certification Study Guide: Exam SY0-201 3E Rating: 0 out of 5 stars0 ratingsCompTIA CySA+ Practice Tests: Exam CS0-002 Rating: 0 out of 5 stars0 ratingsCompTIA Security+ Certification Practice Exams, Fourth Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5CompTIA PenTest+ Study Guide: Exam PT0-001 Rating: 0 out of 5 stars0 ratingsCompTIA Network+ Certification Study Guide: Exam N10-004: Exam N10-004 2E Rating: 4 out of 5 stars4/5Comptia Network+ In 21 Days N10-006 Study Guide: Comptia 21 Day 900 Series, #3 Rating: 0 out of 5 stars0 ratingsMike Meyers CompTIA Security+ Certification Passport, Sixth Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5Comptia A+ 220-902 Q & A Study Guide: Comptia 21 Day 900 Series, #4 Rating: 0 out of 5 stars0 ratingsCEH Certified Ethical Hacker All-in-One Exam Guide, Third Edition Rating: 4 out of 5 stars4/5CASP+ CompTIA Advanced Security Practitioner Study Guide: Exam CAS-003 Rating: 0 out of 5 stars0 ratingsNetwork+ Study Guide & Practice Exams Rating: 4 out of 5 stars4/5Mike Meyers' CompTIA Network+ Certification Passport, Sixth Edition (Exam N10-007) Rating: 1 out of 5 stars1/5SSCP Systems Security Certified Practitioner Study Guide and DVD Training System Rating: 0 out of 5 stars0 ratingsComptia A+ 220-901 Q & A Study Guide: Comptia 21 Day 900 Series, #2 Rating: 5 out of 5 stars5/5Mike Meyers' CompTIA A+ Certification Passport, Sixth Edition (Exams 220-901 & 220-902) Rating: 4 out of 5 stars4/5
Security For You
CompTIA Network+ Review Guide: Exam N10-008 Rating: 0 out of 5 stars0 ratingsHacking For Dummies Rating: 4 out of 5 stars4/5Mike Meyers CompTIA Security+ Certification Passport, Sixth Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5CompTIA Security+ Certification Study Guide, Fourth Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5Network+ Study Guide & Practice Exams Rating: 4 out of 5 stars4/5IAPP CIPP / US Certified Information Privacy Professional Study Guide Rating: 0 out of 5 stars0 ratingsWireless Hacking 101 Rating: 4 out of 5 stars4/5Cybersecurity For Dummies Rating: 4 out of 5 stars4/5How to Become Anonymous, Secure and Free Online Rating: 5 out of 5 stars5/5Make Your Smartphone 007 Smart Rating: 4 out of 5 stars4/5CompTIA Security+ Study Guide: Exam SY0-601 Rating: 5 out of 5 stars5/5Hacking : The Ultimate Comprehensive Step-By-Step Guide to the Basics of Ethical Hacking Rating: 5 out of 5 stars5/5How to Hack Like a Pornstar Rating: 5 out of 5 stars5/5Tor and the Dark Art of Anonymity Rating: 5 out of 5 stars5/5CompTIA CySA+ Cybersecurity Analyst Certification Passport (Exam CS0-002) Rating: 5 out of 5 stars5/5Windows Registry Forensics: Advanced Digital Forensic Analysis of the Windows Registry Rating: 4 out of 5 stars4/5Cybersecurity: The Beginner's Guide: A comprehensive guide to getting started in cybersecurity Rating: 5 out of 5 stars5/5Social Engineering: The Science of Human Hacking Rating: 3 out of 5 stars3/5Mike Meyers' CompTIA Security+ Certification Guide, Third Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5The Cyber Attack Survival Manual: Tools for Surviving Everything from Identity Theft to the Digital Apocalypse Rating: 0 out of 5 stars0 ratingsCompTIA CySA+ Practice Tests: Exam CS0-002 Rating: 0 out of 5 stars0 ratingsCompTIA Network+ Certification Guide (Exam N10-008): Unleash your full potential as a Network Administrator (English Edition) Rating: 0 out of 5 stars0 ratingsUltimate Guide for Being Anonymous: Hacking the Planet, #4 Rating: 5 out of 5 stars5/5Blockchain Basics: A Non-Technical Introduction in 25 Steps Rating: 5 out of 5 stars5/5The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers Rating: 4 out of 5 stars4/5
Reviews for Concise Guide to CompTIA Security +
2 ratings0 reviews
Book preview
Concise Guide to CompTIA Security + - alasdair gilchrist
Organization Security and Compliance
1 1.01- Risk Related Concepts
Risk Assessment
Asset Identification
Risk Analysis
Risk Likelihood and Impact
Solutions and Countermeasures
Risk Management Options
Using Organizational Policy to Reduce Risk
Security Policies
Physical Access Security Policies
Access Control Policy
Network Security Policies
Acceptable Use Policy
Due Care, Diligence & Process
Privacy Policy
Human Resources Policies
Objective 1.02 – Implementing Appropriate Risk Mitigation Strategies
Objective 1.03 – Integrate with Third Parties
Interoperability Agreements
Service Level Agreements
Business Partners Agreements (BPA)
Interconnection Security Agreements
Privacy Considerations
Risk Awareness
Unauthorized Data Sharing
Data Ownership
Data Backup
Verification of Adherence
Security Training and Incident Response
Objective 2.01 – Social Engineering
Threat Awareness
Security Metrics
Data and Documentation
Standards and Guidelines
IT documentation
Best Practices
Clean desk policy
Personally Owned Devices
Data Handling
Instant messaging
P2P Applications
Social Network/Media
Regulatory Compliance
Objective 2.02 - Execute Appropriate Incident Response
Incident Identification
First Responders
Incident Isolation
Damage and loss control
Data Breaches
Escalation Policy
Reporting and Notification
Mitigation and Recovery
Objective 2.03 – Implement Basic Forensic Procedures
Collection and Preservation of Evidence
Order of Volatility
Capture a System Image
Network and System Logs
Time Offset
Use Hashing to protect Evidence Integrity
Chain of Custody
Interview Witnesses
Track Resources
Big Data Analysis
Business Continuity and Disaster Recovery
Objective 3.01 – Compare and contrast aspects of business continuity
Risk Analysis
Disaster Recovery and IT Contingency Plans
Objective 3.02 Execute Disaster Recovery Plans and Procedures
Service Levels
Redundant Servers
Data Backup Planning
Objective 3.03 – Select the Appropriate control to meet security needs
Objective 3.04 – Explain the Impact and Proper Use of Environmental Controls
Location Planning
Cryptography and Encryption Basics
Objective 4.01 - Utilize the concepts of cryptography
Information Assurance
Objective 4.02 – Use and Apply Appropriate Cryptographic Tools and Products
Asymmetric Encryption Algorithms
Public Key Infrastructure
Objective 5.01 – Explain the core concepts of Public Key Infrastructure
Digital Certificates
Objective 5.02 – Management and Associated Components
Access Control
Objective 6.01 – Explain the fundamental concepts and best practices related to authentication, authorization and access control
Users and Resources
Objective 6.02 – Implementing Appropriate Security Controls When Performing Account Management
Authentication And Authorization
Objective 7.01 - Authentication and Identity Management
Network Security
Objective 8.0.1 – Implementing security functionality on network devices and other technologies
Firewalls
Objectives 8.02 – Compounds
Secure Network Administration
Objective 9.01 – Understand the OSI model
Objective 9.03 – Identify Commonly Used Default Network Ports
Objective 9.04 - Analyze and Differentiate Among Types of Network Attack
Objective 9.05 - Apply and Implement Secure Network Administration Principles
Securing Wireless Networks
Objective 10.01 – Implementing wireless networks in a secure manner
Objective 10.02 – Analyze and Differentiate Among Types of Wireless Attacks
Objective 11.01 – Analyze and differentiate among type of malware
Objective 11.02 – Carry Out Appropriate Procedures to Establish Host Security
Objective 11.03 – Understanding Mobile Security Concepts and Technologies
Security Management
Objective 12.01
Objective 12.02 – Explain the Importance of application security
Objective 12.03 – Explain the Importance of Data security
Monitoring for Security Threats
13.01 – Analyze and differentiate among types of mitigation and deterrent techniques
Security Posture
Objective 14.02 – Within the realm of Vulnerability assessment, explain the proper use of penetration testing versus vulnerability scanning.
Organization Security and Compliance
Today companies are responsible for implementing reasonable security measures to protect their customers and their own data. This is a sea change from previous common practice, where the business considered security to be an offshoot of IT and a discipline that they needed to define and support. IT would then apply to the best of their ability and knowledge sufficient security and control methods to protect the network and the corporate data. However, some major security breaches in large corporate networks changed that approach and the business leaders such as the CEO and CFO can now be held responsible for any noncompliance and willful neglect of reasonable security measures. For that reason businesses must be diligent in designing security policies that govern how the organization uses the computer networks, protects and distributes its data and offers secure services to customers. These policies will include rules on company internet use, customer data privacy, company structure and human resources hiring and termination procedures. It is the responsibility of the business to ensure due diligence when constructing and implementing sufficient security controls and policy via risk assessment and mitigation strategies. The company is also responsible for disseminating that information throughout the company by way of security awareness training.
1 1.01- Risk Related Concepts
Risk management is the act of identifying, assessing and mitigating the risk of potential security issues that may affect the company's operations and assets. There are several risk related concepts that a security practitioner should be aware.
Risk Assessment – is used to assess current risks, their probability and potential impact the aim being to discover and implement controls to mitigate the risk
Risk Management Options – the potential optional available to manage risk are, avoidance, transference, acceptance, mitigation and deterrence
Risk Control Types – the categories of risk are, management, operational and technical each control type is a separate but cooperative layer in the overall risk management strategy
Organizational policy – These are the best practices that should include physical access controls, environmental controls, network and system security, secure application design and identity and access management of entities.
With regards risk control types; management risk control is concerned with high-level risk management, assessment and mitigation plans that define the overall organizational security of the company. Technical risk controls are the actual technical measures deployed to deal with the operational and management security risks. Operational risk deals with the security of the day-to-day organizational business activity.
Operational risk controls