Security+ Certification/Compliance and Operational Security
Compliance and Operational Security
- Control types
- Technical
- Management
- Operational
- False positives
- Importance of policies in reducing risk
- Privacy policy
- Acceptable use
- Security policy
- Mandatory vacations
- Job rotation
- Separation of duties
- Least privilege
- Risk calculation
- Likelihood
- ALE
- Impact
- Quantitative vs. qualitative
- Risk-avoidance, transference, acceptance, mitigation, deterrence
- Risks associated to Cloud Computing and Virtualization
Carry out appropriate risk mitigation strategies
- Implement security controls based on risk
- Change management
- Incident management
- User rights and permissions reviews
- Perform routine audits
- Implement policies and procedures to prevent data loss or theft
Execute appropriate incident response procedures
- Basic forensic procedures
- Order of volatility
- Capture system image
- Network traffic and logs
- Capture video
- Record time offset
- Take hashes
- Screenshots
- Witnesses
- Track man hours and expense
- Damage and loss control
- Chain of custody
- Incident response: first responder
|
|
Compare and contrast aspects of business continuity
- Business impact analysis
- Removing single points of failure
- Business continuity planning and testing
- Continuity of operations
- Disaster recovery
- IT contingency planning
- Succession planning
Explain the impact and proper use of environmental controls
- HVAC
- Fire suppression
- EMI shielding
- Hot and cold aisles
- Environmental monitoring
- Temperature and humidity controls
- Video monitoring
Execute disaster recovery plans and procedures
- Backup / backout contingency plans or policies
- Backups, execution and frequency
- Redundancy and fault tolerance
- Hardware
- RAID
- Clustering
- Load balancing
- Servers
- High availability
- Cold site, hot site, warm site
Mean time to restore, mean time between failures, recovery time objectives and recovery point objectives