THE FOLLOWING COMPTIA SECURITY+ EXAM OBJECTIVES ARE COVERED IN THIS CHAPTER:
3.2 Explain common access control models and the differences between each.
MAC
DAC
Role and Rule based access control
3.6 Summarize the various authentication models and identify the components of each.
One, two, and three-factor authentication
Single sign-on
4.6 Execute proper logging procedures and evaluate the results.
Security application
DNS
Firewall
Antivirus
4.7 Conduct periodic audits of system security settings.
User access and rights review
Storage and retention policies
6.1 Explain redundancy planning and its components.
Hot site
Cold site
Warm Site
Backup generator
Single point of failure
RAID
Spare parts
Redundant servers
Redundant ISP
UPS
Redundant connections
6.2 Implement disaster recovery procedures.
Planning
Disaster recovery exercises
Backup techniques and practices—storage
Schemes
Restoration
6.4 Identify and explain applicable legislation and organizational policies.
Secure disposal of computers
Acceptable use policies
Password complexity
Change management
Classification of information
Mandatory vacations
Personally Identifiable Information (PII)
Due care
Due diligence
Due process
SLA
Security-related HR policy
User education and awareness training
While this chapter focuses on the topic of policies, it is far from the first time the subject has appeared in this book. As a security professional, you must strive not only to prevent losses, but also to make contingency plans for recovering from any losses that do occur. Plans are the building blocks on which your company is built, and policies are the tools used to implement those plans.
This chapter deals with the crucial aspects of business continuity, vendor support, security policies and procedures, and privilege management from an operations perspective. A solid grasp of these concepts will help you prepare for the exam because they appear in multiple objectives. It will also help you become a more proficient and professional security team member. The process of working with, helping to design, and maintaining security in your organization is a tough job. It requires dedication, vigilance, and a sense of duty to your organization.
3.16.165.255