Chapter 8. Security Policies and Procedures

THE FOLLOWING COMPTIA SECURITY+ EXAM OBJECTIVES ARE COVERED IN THIS CHAPTER:

  • 3.2 Explain common access control models and the differences between each.

    • MAC

    • DAC

    • Role and Rule based access control

  • 3.6 Summarize the various authentication models and identify the components of each.

    • One, two, and three-factor authentication

    • Single sign-on

  • 4.6 Execute proper logging procedures and evaluate the results.

    • Security application

    • DNS

    • Firewall

    • Antivirus

  • 4.7 Conduct periodic audits of system security settings.

    • User access and rights review

    • Storage and retention policies

  • 6.1 Explain redundancy planning and its components.

    • Hot site

    • Cold site

    • Warm Site

    • Backup generator

    • Single point of failure

    • RAID

    • Spare parts

    • Redundant servers

    • Redundant ISP

    • UPS

    • Redundant connections

  • 6.2 Implement disaster recovery procedures.

    • Planning

    • Disaster recovery exercises

    • Backup techniques and practices—storage

    • Schemes

    • Restoration

  • 6.4 Identify and explain applicable legislation and organizational policies.

    • Secure disposal of computers

    • Acceptable use policies

    • Password complexity

    • Change management

    • Classification of information

    • Mandatory vacations

    • Personally Identifiable Information (PII)

    • Due care

    • Due diligence

    • Due process

    • SLA

    • Security-related HR policy

    • User education and awareness training

While this chapter focuses on the topic of policies, it is far from the first time the subject has appeared in this book. As a security professional, you must strive not only to prevent losses, but also to make contingency plans for recovering from any losses that do occur. Plans are the building blocks on which your company is built, and policies are the tools used to implement those plans.

This chapter deals with the crucial aspects of business continuity, vendor support, security policies and procedures, and privilege management from an operations perspective. A solid grasp of these concepts will help you prepare for the exam because they appear in multiple objectives. It will also help you become a more proficient and professional security team member. The process of working with, helping to design, and maintaining security in your organization is a tough job. It requires dedication, vigilance, and a sense of duty to your organization.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.16.165.255