CompTIA Security+ Exam SY0-701 Lesson 1 PDF
Document Details
Uploaded by ReverentJasper5892
Lovely Professional University
2023
Tags
Summary
This document covers the fundamental concepts of cybersecurity and the CompTIA Security+ Exam SY0-701. It focuses on core topics such as information security, security controls, and the cybersecurity framework. Key topics include confidentiality, integrity, and availability.
Full Transcript
CompTIA Security+ Exam SY0-701 Lesson 1 Summarizing Fundamental Security Concepts Copyright © 2023 CompTIA, Inc. All Rights Reserved. | CompTIA.org 1 Objectives Summarize information security concepts Compare an...
CompTIA Security+ Exam SY0-701 Lesson 1 Summarizing Fundamental Security Concepts Copyright © 2023 CompTIA, Inc. All Rights Reserved. | CompTIA.org 1 Objectives Summarize information security concepts Compare and contrast security control types Describe security roles and responsibilities 2 Lesson 1 Topic 1A Security Concepts Copyright © 2023 CompTIA, Inc. All Rights Reserved. | CompTIA.org 3 Information Security Confidentiality​ Information should only be read by authorized persons Integrity​ Data is stored and transferred as intended and any modification is authorized​ Availability​ Information is accessible to those authorized to view or modify it​ Non-repudiation​ Persons cannot deny creating or modifying data​ 4 Cybersecurity Framework 5 Gap Analysis 6 Access Control 7 Review Security Concepts Activity: Information security CIA triad Cybersecurity framework Gap analysis Access control IAM and AAA 8 Lab Activity Assisted Lab: Exploring the Lab Environment Assisted Lab: Perform System Configuration Gap Analysis 9 Lesson 1 Topic 1B Security Controls Copyright © 2023 CompTIA, Inc. All Rights Reserved. | CompTIA.org 10 Security Control Categories​ Managerial​ Give oversight of system​ Operational​ Relies on a person for implementation​ Technical​ Implemented in operating systems, software, and security appliances​ Physical Devices that mediate access to premises and hardware 11 Security Control Functional Types (1)​ Preventive​ Physically or logically restricts unauthorized access​ Operates before an attack​ Detective​ Identifies attempted or successful intrusion​s Operates during an attack​ Corrective​ Images © 123rf.com. Responds to and fixes an incident and may prevent its reoccurrence​ Operates after an attack​​ 12 Security Control Functional Types (2)​ Directive​ Enforces a rule of behavior Deterrent​ Psychologically discourages intrusion​s Compensating​ Substitutes for a principal control​ Associated with framework compliance measures 13 Information Security Roles and Responsibilities​ Overall responsibility​ Chief Information Officer (CIO)​ Chief Security Officer (CSO)​ Managerial​ Technical​ Information Systems Security Officer (ISSO)​ Non-technical​ Image credit: Shannon Fagan © 123rf.com. Due care/liability​ 14 Information Security Competencies​ Risk assessments and testing​ Specifying, sourcing, installing, and configuring secure devices and software​ Access control and user privileges​ Auditing logs and events​ Incident response​and reporting Business continuity and disaster recovery​ Security training and education programs​ 15 Information Security Business Units​ Security Operations Center (SOC)​ DevSecOps​ Development, security, and operations​ Incident response​ Cyber incident response team (CIRT)​ Image © gorodenkoff 123RF.com 16 Review Security Controls Activity: Security control categories​ Managerial, operational, technical, physical Security control functional types Preventive, detective, corrective plus directive, deterrent, compensating Information security roles and responsibilities​ Information security competencies​ Information security business units​ SOC, DevSecOps, and CIRT 17 Lab Activity Assisted Lab: Configuring Examples of Security Control Types 18 CompTIA Security+ Exam SY0-701 Lesson 1 Summary Copyright © 2023 CompTIA, Inc. All Rights Reserved. | CompTIA.org 19
