Everand Logo

Welcome to Everand!

  • Discover millions of ebooks, audiobooks, and so much more with a free trial

    Only $11.99/month after trial. Cancel anytime.

    Concise Guide to CompTIA Security +
    Concise Guide to CompTIA Security +
    Concise Guide to CompTIA Security +
    Ebook106 pages1 hour

    Concise Guide to CompTIA Security +

    By alasdair gilchrist

    3/5

    ()

    Read preview

    About this ebook

    The concise guide to the CompTIA + security certification is a fast track book for those that wish to pursue the CompTIA + security certification. It covers every objective of the syllabus with explanations for beginners yet it is still concise and focused so that those with a good understanding of IT and cyber security can master the course work in a matter of hours without having to trawl through 300 pages of text they already know.

    LanguageEnglish
    Publisheralasdair gilchrist
    Release dateApr 20, 2015
    ISBN9781513096766
    Concise Guide to CompTIA Security +

    Read more from Alasdair Gilchrist

    Related to Concise Guide to CompTIA Security +

    Related ebooks

    Security For You

    View More
    View More

    Related podcast episodes

    Related articles

    • Article

      “Someone Who Under Takes A Ransomware Attack Isn’t A Hacker, They’re An Attacker”

      Aug 12, 2021

      If you’ve ever attended an infosec or cybersecurity event, you will no doubt have noticed the preponderance of “Hacking is NOT a Crime” stickers. In 2018, some 500 such stickers were handed out at the DEF CON 26 event, the following year 5,000 were d

      7 min read

    • Article

      Hacker’s Manual

      Nov 17, 2020

      Hacker’s Manual
      1 min read

    • Article

      Network Attacks

      Sep 21, 2020

      Though less common than malware and social engineering, network-based attacks are still a threat to every computer and mobile user, and everyone should have at least a basic understanding of what they are and how to avoid them. So this month let’s lo

      4 min read

    • Article

      Hacker’s Manual

      Mar 2, 2021

      Hacker’s Manual
      1 min read

    • Article

      Introducing Kali

      Mar 2, 2021

      Introducing Kali
      4 min read

    • Article

      Staying Safe In The Cloud

      Jul 22, 2019

      Staying Safe In The Cloud
      4 min read

    • Article

      Introducing Kali

      Nov 17, 2020

      Introducing Kali
      4 min read

    • Article

      How Do You Know You Are Okay?

      May 27, 2019

      How Do You Know You Are Okay?
      2 min read

    • Article

      Privacy: The Price Of Trust

      Aug 17, 2021

      How will cybersecurity and data privacy evolve over the next decade? We’re hearing from our customers that cybersecurity and data privacy are increasingly becoming board-level conversations. Companies will start to think about privacy, security, vend

      1 min read

    • Article

      Taking Guard

      Sep 2, 2021

      Taking Guard
      6 min read

    • Article

      The Role Of AI In Cybersecurity

      Apr 18, 2023

      The Role Of AI In Cybersecurity
      4 min read

    • Article

      Security Megatrends

      Jun 24, 2018

      The US-based Security Industry Association’s security megatrends report released last year indicated that there is strong evidence of fighting back against cyber criminal activity. Here are some of the megatrends it identified that have particular va

      1 min read

    • Article

      Protect Yourself Online

      Dec 9, 2023

      Protect Yourself Online
      2 min read

    • Article

      Business Endpoint Protection

      Nov 11, 2021

      Business Endpoint Protection
      3 min read

    • Article

      Zero Trust

      Sep 11, 2022

      Zero Trust
      2 min read

    • Article

      Ask The Expert

      Mar 28, 2019

      In our most recent edition of FM magazine, we outlined our plans to introduce a new column, ‘Ask the Expert’. We are excited at the prospect that this column will help our FM industry here in Australia and we anticipate it developing and evolving as

      6 min read

    Related categories

    Reviews for Concise Guide to CompTIA Security +

    3/5

    2 ratings0 reviews

    What did you think?

    Tap to rate

    Review must be at least 10 words

      Book preview

      Concise Guide to CompTIA Security + - alasdair gilchrist

      Organization Security and Compliance

      1 1.01- Risk Related Concepts

      Risk Assessment

      Asset Identification

      Risk Analysis

      Risk Likelihood and Impact

      Solutions and Countermeasures

      Risk Management Options

      Using Organizational Policy to Reduce Risk

      Security Policies

      Physical Access Security Policies

      Access Control Policy

      Network Security Policies

      Acceptable Use Policy

      Due Care, Diligence & Process

      Privacy Policy

      Human Resources Policies

      Objective 1.02 – Implementing Appropriate Risk Mitigation Strategies

      Objective 1.03 – Integrate with Third Parties

      Interoperability Agreements

      Service Level Agreements

      Business Partners Agreements (BPA)

      Interconnection Security Agreements

      Privacy Considerations

      Risk Awareness

      Unauthorized Data Sharing

      Data Ownership

      Data Backup

      Verification of Adherence

      Security Training and Incident Response

      Objective 2.01 – Social Engineering

      Threat Awareness

      Security Metrics

      Data and Documentation

      Standards and Guidelines

      IT documentation

      Best Practices

      Clean desk policy

      Personally Owned Devices

      Data Handling

      Instant messaging

      P2P Applications

      Social Network/Media

      Regulatory Compliance

      Objective 2.02 - Execute Appropriate Incident Response

      Incident Identification

      First Responders

      Incident Isolation

      Damage and loss control

      Data Breaches

      Escalation Policy

      Reporting and Notification

      Mitigation and Recovery

      Objective 2.03 – Implement Basic Forensic Procedures

      Collection and Preservation of Evidence

      Order of Volatility

      Capture a System Image

      Network and System Logs

      Time Offset

      Use Hashing to protect Evidence Integrity

      Chain of Custody

      Interview Witnesses

      Track Resources

      Big Data Analysis

      Business Continuity and Disaster Recovery

      Objective 3.01 – Compare and contrast aspects of business continuity

      Risk Analysis

      Disaster Recovery and IT Contingency Plans

      Objective 3.02 Execute Disaster Recovery Plans and Procedures

      Service Levels

      Redundant Servers

      Data Backup Planning

      Objective 3.03 – Select the Appropriate control to meet security needs

      Objective 3.04 – Explain the Impact and Proper Use of Environmental Controls

      Location Planning

      Cryptography and Encryption Basics

      Objective 4.01 - Utilize the concepts of cryptography

      Information Assurance

      Objective 4.02 – Use and Apply Appropriate Cryptographic Tools and Products

      Asymmetric Encryption Algorithms

      Public Key Infrastructure

      Objective 5.01 – Explain the core concepts of Public Key Infrastructure

      Digital Certificates

      Objective 5.02 – Management and Associated Components

      Access Control

      Objective 6.01 – Explain the fundamental concepts and best practices related to authentication, authorization and access control

      Users and Resources

      Objective 6.02 – Implementing Appropriate Security Controls When Performing Account Management

      Authentication And Authorization

      Objective 7.01 - Authentication and Identity Management

      Network Security

      Objective 8.0.1 – Implementing security functionality on network devices and other technologies

      Firewalls

      Objectives 8.02 – Compounds

      Secure Network Administration

      Objective 9.01 – Understand the OSI model

      Objective 9.03 – Identify Commonly Used Default Network Ports

      Objective 9.04 - Analyze and Differentiate Among Types of Network Attack

      Objective 9.05 - Apply and Implement Secure Network Administration Principles

      Securing Wireless Networks

      Objective 10.01 – Implementing wireless networks in a secure manner

      Objective 10.02 – Analyze and Differentiate Among Types of Wireless Attacks

      Objective 11.01 – Analyze and differentiate among type of malware

      Objective 11.02 – Carry Out Appropriate Procedures to Establish Host Security

      Objective 11.03 – Understanding Mobile Security Concepts and Technologies

      Security Management

      Objective 12.01

      Objective 12.02 – Explain the Importance of application security

      Objective 12.03 – Explain the Importance of Data security

      Monitoring for Security Threats

      13.01 – Analyze and differentiate among types of mitigation and deterrent techniques

      Security Posture

      Objective 14.02 – Within the realm of Vulnerability assessment, explain the proper use of penetration testing versus vulnerability scanning.

      Organization Security and Compliance

      Today companies are responsible for implementing reasonable security measures to protect their customers and their own data. This is a sea change from previous common practice, where the business considered security to be an offshoot of IT and a discipline that they needed to define and support. IT would then apply to the best of their ability and knowledge sufficient security and control methods to protect the network and the corporate data. However, some major security breaches in large corporate networks changed that approach and the business leaders such as the CEO and CFO can now be held responsible for any noncompliance and willful neglect of reasonable security measures. For that reason businesses must be diligent in designing security policies that govern how the organization uses the computer networks, protects and distributes its data and offers secure services to customers. These policies will include rules on company internet use, customer data privacy, company structure and human resources hiring and termination procedures. It is the responsibility of the business to ensure due diligence when constructing and implementing sufficient security controls and policy via risk assessment and mitigation strategies. The company is also responsible for disseminating that information throughout the company by way of security awareness training.

      1 1.01- Risk Related Concepts

      Risk management is the act of identifying, assessing and mitigating the risk of potential security issues that may affect the company's operations and assets. There are several risk related concepts that a security practitioner should be aware.

      Risk Assessment – is used to assess current risks, their probability and potential impact the aim being to discover and implement controls to mitigate the risk

      Risk Management Options – the potential optional available to manage risk are, avoidance, transference, acceptance, mitigation and deterrence

      Risk Control Types – the categories of risk are, management, operational and technical each control type is a separate but cooperative layer in the overall risk management strategy

      Organizational policy – These are the best practices that should include physical access controls, environmental controls, network and system security, secure application design and identity and access management of entities.

      With regards risk control types; management risk control is concerned with high-level risk management, assessment and mitigation plans that define the overall organizational security of the company. Technical risk controls are the actual technical measures deployed to deal with the operational and management security risks. Operational risk deals with the security of the day-to-day organizational business activity.

      Operational risk controls

      Enjoying the preview?
      Page 1 of 1