Knowt
Note
Studied by 19 peopleNoteStudied by 5 peopleNoteStudied by 4 peopleNoteStudied by 5 peopleNoteStudied by 9 peopleNoteStudied by 10 people
CompTIA_Security__Complete_Study_Guide_Exam_SY0-701-20-47
2 General Security Concepts
2.1 Security Controls
Security controls are essential mechanisms, policies, or procedures that protect an organization’s assets and data.
Their primary role is to reduce risk by preventing, detecting, or mitigating potential threats.
Understanding various types of security controls is vital for implementing secure infrastructures and passing the CompTIA Security+ SY0-701 exam.
Prevent, Detect, React model is useful for categorizing controls.
2.1.1 Categories of Security Controls
Technical Controls
Implemented through technology (often called logical controls).
Examples: firewalls, intrusion detection systems (IDS), encryption.
Managerial Controls
Focus on governance and administrative aspects of an organization’s security program.
Examples: risk assessments, data classification policies, security training programs.
Operational Controls
Involve procedures that act upon managerial guidance, typically technology-driven but requiring human action.
Examples: backup procedures, incident response activities, awareness training.
Physical Controls
Deal with tangible aspects of information security.
Examples: security cameras, biometric scanners, door locks, visitor logs.
2.1.2 Types of Security Controls
Preventive Controls
Stop an event/action from occurring.
Examples: firewalls, access control lists, strong authentication methods.
Deterrent Controls
Aim to discourage a potential attacker.
Examples: surveillance signs, visible security personnel.
Detective Controls
Discover or identify unwanted activities or issues.
Examples: system monitoring, auditing, IDS.
Corrective Controls
Aim to rectify or lessen the damage caused by a security incident.
Examples: patch management, restoration plans.
Compensating Controls
Secondary controls provided when primary controls cannot be applied.
Example: multi-factor authentication (MFA) as a substitute for smart cards.
Directive Controls
Focus on directing behaviors via guidelines or policies.
Example: mandatory password change policies.
2.1.3 Case Studies
Healthcare Organization: Used database encryption and risk assessments for patient data privacy.
Online Retailer: Deployed Web Application Firewalls (WAF) and intrusion detection systems (IDS) to counter cyber-attacks.
2.1.4 Summary
Understanding security controls is fundamental in crafting a robust information security strategy by categorizing into technical, managerial, operational, and physical types, as well as preventive, deterrent, detective, corrective, compensating, and directive controls.
2.1.5 Key Points
Security controls maintain the integrity, availability, and confidentiality of information systems.
Categorization of controls helps in effective implementation and strategizing.
2.1.6 Review Questions
What are the four main categories of security controls?
Give examples of preventive and detective controls.
What is the primary function of directive controls?
How do compensating controls differ from corrective controls?
2.1.7 Practical Exercises
Map out security controls in your organization.
Create flashcards for types and categories of controls.
2.2 Fundamental Security Concepts
Understanding foundational security principles is essential for the CompTIA Security+ SY0-701 exam.
2.2.1 Confidentiality, Integrity, and Availability (CIA)
Confidentiality: Ensures authorized access only.
Examples: password protection, encryption, secure communication.
Integrity: Ensures data accuracy and trustworthiness.
Measures: checksums, digital signatures, hashing.
Availability: Ensures resources are accessible to authorized users.
Measures: backup systems, fault tolerance.
2.2.2 Non-repudiation
Assures that a specific operation has occurred and was initiated by a specific entity.
Digital signatures and strong authentication mechanisms support non-repudiation.
2.2.3 Authentication, Authorization, and Accounting (AAA)
Authentication: Verifying identity.
Authorization: Determining access levels.
Accounting: Tracking activities.
2.2.4 Gap Analysis
Identifies security posture gaps to assess effectiveness of controls and need for more.
2.2.5 Zero Trust
Assumes no trust by default, even inside the network perimeter.
2.2.6 Physical Security
Secures physical assets and infrastructure.
Measures: bollards, access control vestibules, video surveillance.
2.2.7 Deception and Disruption Technology
Utilizes honeypots and similar tools to mislead attackers and gather information.
2.2.8 Summary
Comprehending fundamental concepts is vital in cybersecurity.
2.2.9 Key Points
CIA forms the basis of security considerations.
Non-repudiation authenticates transactions.
AAA is crucial for identity management.
2.2.10 Review Questions
What does the CIA triad stand for?
Explain non-repudiation.
Describe the AAA model.
What is Zero Trust?
2.2.11 Practical Exercises
Create a CIA triad diagram.
List potential physical security measures for an office setup.
2.3 Importance of Change Management Processes
Essential for maintaining security in changing environments.
2.3.1 Business Processes Impacting Security Operations
Approval Process: Formal approval for proposed changes.
Ownership: Designate responsible individuals for changes.
Stakeholders: Keep informed to manage expectations.
Impact Analysis: Assess potential impacts on security.
Test Results: Document results from tests to evaluate feasibility.
Backout Plan: Prepare for reversible changes.
Maintenance Window: Schedule changes during off-peak hours.
Standard Operating Procedure (SOP): Document steps for implementation.
2.3.2 Technical Implications
Changes might not require updates to access control lists or allow/deny lists to minimize risk.
Assess downtime implications during changes.
2.3.3 Documentation
Update network diagrams and policies post-change.
2.3.4 Version Control
Essential for auditing changes and rolling back if necessary.
2.3.5 Summary
A well-managed change process minimizes security vulnerabilities.
2.3.6 Key Points
Change ownership and stakeholder communication are vital.
Rigorous testing and documentation are necessary.
Version control acts as a safety measure.
2.3.7 Review Questions
Why is approval necessary in change management?
What is a backout plan?
Why is version control important?
What technical implications should be considered?
2.3.8 Practical Exercises
Create a mock change management form.
Draft a simple SOP for a common change.
2.4 Cryptographic Solutions
Essential for securing data and communications.
2.4.1 Public Key Infrastructure (PKI)
Crucial for creating and managing digital certificates aiding secure communications.
2.4.2 Encryption
Converts plain text to unreadable format.
Types include full-disk, partition, volume, database, and record.
2.4.3 Asymmetric & Symmetric Encryption
Asymmetric uses different keys for encryption/decryption, symmetric uses the same.
2.4.4 Key Exchange
Uses mechanisms like Diffie-Hellman for secure key exchange.
2.4.5 Algorithms
Common algorithms include AES, DES, and RSA. Key Length correlates to strength.
2.4.6 Tools and Hardware
TPM: Stores RSA encryption keys for the host system.
HSM: Safeguards keys and performs cryptographic operations.
2.4.7 Obfuscation, Steganography, Tokenization, Data Masking
Techniques for hiding data within other data or replacing sensitive information.
2.4.8 Hashing and Salting
Hashing transforms data into fixed-length strings; salting adds randomness to enhance security.
2.4.9 Digital Signatures
Verifies the authenticity of digital documents.
2.4.10 Blockchain and Certificates
Blockchain offers a secure public ledger; certificate authorities manage digital certificates.
2.4.11 Summary
Cryptography secures data and communications; several methods are tailored to specific needs.
2.4.12 Key Points
PKI is foundational for communication security.
Encryption can be applied in various ways.
Utilizing TPM and HSM enhances security.
2.4.13 Review Questions
Differences between public key and private key?
What levels of encryption exist and why select one?
Role of HSM?
How does key stretching enhance password security?
2.4.14 Practical Exercises
Set up an encrypted email service.
Use a simple steganography tool.
3 Threats, Vulnerabilities, and Mitigations
3.1 Common Threat Actors and Motivations
Understand types of threat actors and their motivations for better anticipation and mitigation.
3.1.1 Threat Actors
Nation-State Actors: Highly skilled groups focused on national interests; examples include espionage activities.
Unskilled Attackers: Limited skill using standard tools; motivations often include notoriety and thrill.
Hacktivists: Individuals targeting institutions for social/political reasons.
Insider Threats: Malicious activities from individuals inside organizations with privileged access.
Organized Crime: Groups engaged in cybercrime for financial gain, utilizing sophisticated methods.
Shadow IT: Unauthorized use of IT solutions within organizations.
3.1.2 Attributes of Actors
Can be internal or external with varying funding and sophistication.
3.1.3 Motivations
Include exfiltration, espionage, service disruption, blackmail, financial gain, and philosophical or revenge-related reasons.
3.1.4 Summary
Knowing threat actors aids in developing targeted defense strategies.
3.1.5 Review Questions
How do nation-state actors differ from unskilled attackers?
Describe a hacktivism example.
Insider threat scenarios can be both intentional and unintentional; explain.
Motivation associated with organized crime?
Security risks from Shadow IT?
3.1.6 Key Points
Awareness of threat actor types and motivations enhances security protocols.
3.1.7 Practical Exercises
Create a profile of threat actors for an organization.
Develop a matrix comparing attributes of different threat actors.
NoteStudied by 19 peopleNoteStudied by 5 peopleNoteStudied by 4 peopleNoteStudied by 5 peopleNoteStudied by 9 peopleNoteStudied by 10 people