Scribd
Upload
99 views19 pages

SY0-701 Security Concepts Overview

The document outlines fundamental security concepts including confidentiality, integrity, availability, and non-repudiation. It categorizes security controls into managerial, operational, technical, and physical types, and describes their functional types such as preventive, detective, and corrective. Additionally, it highlights the roles and responsibilities in information security, competencies required, and relevant business units like SOC and DevSecOps.

Uploaded by

Đức Duy Huỳnh
Copyright
© All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
99 views19 pages

SY0-701 Security Concepts Overview

The document outlines fundamental security concepts including confidentiality, integrity, availability, and non-repudiation. It categorizes security controls into managerial, operational, technical, and physical types, and describes their functional types such as preventive, detective, and corrective. Additionally, it highlights the roles and responsibilities in information security, competencies required, and relevant business units like SOC and DevSecOps.

Uploaded by

Đức Duy Huỳnh
Copyright
© All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

CompTIA Security+ Exam SY0-701

Lesson 1
Summarizing Fundamental Security
Concepts

Copyright © 2023 CompTIA, Inc. All Rights Reserved. | [Link]


1
Objectives
• Summarize information security concepts
• Compare and contrast security control types
• Describe security roles and responsibilities

2
Lesson 1

Topic 1A
Security Concepts

Copyright © 2023 CompTIA, Inc. All Rights Reserved. | [Link]


3
Information Security
• Confidentiality
• Information should only be read by authorized persons

• Integrity
• Data is stored and transferred as intended and any modification is authorized

• Availability
• Information is accessible to those authorized to view or modify it

• Non-repudiation
• Persons cannot deny creating or modifying data

4
Cybersecurity Framework

5
Gap Analysis

6
Access Control

7
Review Activity: Security Concepts
• Information security
• CIA triad

• Cybersecurity framework
• Gap analysis
• Access control
• IAM and AAA

8
Lab Activity
• Assisted Lab: Exploring the Lab Environment
• Assisted Lab: Perform System Configuration Gap Analysis

9
Lesson 1

Topic 1B
Security Controls

Copyright © 2023 CompTIA, Inc. All Rights Reserved. | [Link]


10
Security Control Categories
• Managerial
• Give oversight of system
• Operational
• Relies on a person for implementation
• Technical
• Implemented in operating systems,
software, and security appliances
• Physical
• Devices that mediate access to premises
and hardware
11
Security Control Functional Types (1)
• Preventive
• Physically or logically
restricts unauthorized access
• Operates before an attack

• Detective
• Identifies attempted or successful
intrusions
• Operates during an attack

• Corrective
Images © [Link].
• Responds to and fixes an incident and may
prevent its reoccurrence
• Operates after an attack
12
Security Control Functional Types (2)
• Directive
• Enforces a rule of behavior

• Deterrent
• Psychologically discourages intrusions

• Compensating
• Substitutes for a principal control
• Associated with framework compliance measures

13
Information Security Roles and Responsibilities
• Overall responsibility
• Chief Information Officer (CIO)
• Chief Security Officer (CSO)
• Managerial
• Technical
• Information Systems Security
Officer (ISSO)
• Non-technical
Image credit: Shannon Fagan © [Link]. • Due care/liability

14
Information Security Competencies
• Risk assessments and testing
• Specifying, sourcing, installing, and configuring secure devices and
software
• Access control and user privileges
• Auditing logs and events
• Incident response and reporting
• Business continuity and disaster recovery
• Security training and education programs
15
Information Security Business Units
• Security Operations Center
(SOC)
• DevSecOps
• Development, security,
and operations

• Incident response
• Cyber incident response
team (CIRT) Image © gorodenkoff [Link]

16
Review Activity: Security Controls
• Security control categories
• Managerial, operational, technical, physical

• Security control functional types


• Preventive, detective, corrective plus directive, deterrent, compensating

• Information security roles and responsibilities


• Information security competencies
• Information security business units
• SOC, DevSecOps, and CIRT
17
Lab Activity
• Assisted Lab: Configuring Examples of Security Control Types

18
CompTIA Security+ Exam SY0-701

Lesson 1
Summary

Copyright © 2023 CompTIA, Inc. All Rights Reserved. | [Link]


19

You might also like