section 1A
Topic 1A – Security Concepts (SY0‑701)
Below is your “micro‑lecture” plus study aids for Topic 1A: Security Concepts from the Official CompTIA Security+ Student Guide. All page numbers refer to the PDF.
1. Learning objectives
By the end, you should be able to ➡
# | You can … | Why the exam cares |
1 | Define the CIA triad and non‑repudiation | Core of every security question |
2 | Map tasks to the NIST CSF five functions | “Which function is this?” appears constantly |
3 | Explain gap‑analysis purpose & output | Frequent scenario in performance‑based items |
4 | Describe the AAA/IAM process flow | Foundation for Identity & Access domains |
2. Key terms in plain English
Term | 1‑Sentence “ELI5” | Book ref. |
Confidentiality | Only the people you picked get to read it. | p. 2 |
Integrity | What’s stored/ sent is exactly what you meant. | p. 2 |
Availability | It’s there when the good guys need it. | p. 2 |
Non‑repudiation | “You can’t say you didn’t do that.” Digital receipts & signatures prove it. | p. 2 |
NIST CSF | 5‑step lifecycle—Identify, Protect, Detect, Respond, Recover. | p. 3 |
Gap analysis | Spreadsheet of “what we have” vs “what the framework says we need.” | p. 4 |
AAA (IAM) | Identify → Authenticate → Authorize → Account | p. 5‑6 |
Mnemonic aids
CIA → “Secret‑Real‑Here” (secret = C, real = I, here = A)
IP DRR song for CSF (“🎵 I‑P‑D‑R‑R”).
IAAA like saying “Yah!” four times.
3. Walk‑through of the concepts
CIA + Non‑repudiation
Think of a bank vault: C – only key‑holders enter; I – each stack of bills is numbered & sealed; A – the vault opens during business hours even if one lock jams. A CCTV recording of who opened which box adds non‑repudiation.
NIST Cybersecurity Framework (CSF)
Identify assets & risks → Protect with controls → Detect bad stuff → Respond to stop the bleeding → Recover to normal.
Exam trick: many tasks feel like “protection” but are actually identify (e.g., asset inventory) or detect (e.g., log review).
Gap analysis
Picture a scorecard: rows = CSF categories, columns = implemented controls, cells = ✓/✗. Missing ✓ are the “gaps.” Prioritize by CIA impact and set target dates. Expect a performance‑based simulation where you must pick which gap to fix first (tip: choose the one with highest likelihood × impact).
IAM & the AAA flow
Stage | Real‑world analogy | Typical tech |
Identification | Showing your driver’s licence at reception | Username, device UUID |
Authentication | Proving the licence is yours | Password, smart‑card, OTP |
Authorization | Security guard checks the door list | ACLs, roles, claims |
Accounting | Lobby camera + sign‑in sheet | Logs, SIEM alerts |
* You’ll later map factors (what you know/are/have) and models (RBAC, ABAC, etc.) to this flow. |
4. Quick “white‑board” diagram (re‑draw in your notes)
[Assets] ┌────────────────────────┐
↓ │ IDENTIFY │
┌───────────────┐ └────────┬───────────────┘
│ THREATS │ protect ▶ │ detect ◀─┐
└──────┬────────┘ ▼ │
│ ┌────────────────────────┐
└────────────▶│ PROTECT │
└────────────────────────┘
(continue arrow through Detect → Respond → Recover)
Re‑sketching cements memory!
5. Mini‑lab (20 min) – “See CIA on the wire”
Boot your Ubuntu VM & install Wireshark.
Capture traffic while logging into an HTTP site you host locally; note the plaintext credentials—confidentiality broken.
Switch to HTTPS (self‑signed cert). Repeat capture: contents are encrypted—C preserved.
Yank the network cable mid‑transfer: observe TCP retransmissions & browser error—A broken. Discuss I scenarios (corrupted packet flags).
6. Flash‑card set (sample 10 of 20)
Q | A |
List the five NIST CSF functions. | Identify, Protect, Detect, Respond, Recover |
What property does hashing support in the CIA triad? | Integrity |
Which AAA stage decides “what you can see”? | Authorization |
… | … |
(Full CSV deck sent separately on request.)
7. Review‑Activity answers (p. 17)
Confidentiality, Integrity, Availability.
Non‑repudiation.
Gap analysis report to a regulator.
Accounting.
AuthN proves identity; AuthZ grants specific rights.
Logs create an evidence trail that binds an action to a subject.
8. Self‑test (write answers before peeking)
Match each: Asset inventory, Encryption at rest, SIEM alert, Hot‑site fail‑over → which CSF function?
You enable Windows logon‑auditing. Which AAA component does that satisfy?
Give one business benefit of performing a gap analysis besides “better security.”
Answers: 1) Identify / Protect / Detect / Recover. 2) Accounting. 3) Demonstrates regulatory compliance, aids budgeting, etc.
9. What’s next?
Tomorrow’s AM block → Topic 1B (Security Controls) + hands‑on AAA log parsing.
If any point above felt shaky, DM me and we’ll schedule a 10‑minute clarifier.
Keep the momentum—14‑day sprint means mastery by repetition and labs. Let’s crush Topic 1B next!