Chapter 2Compliance and Operational Security
CompTIA Security+ exam objectives covered in this chapter include the following:
2.1 Explain the importance of risk-relateda concepts.
- Control types
- Technical
- Management
- Operational
- False positives
- False negatives
- Importance of policies in reducing risk
- Privacy policy
- Acceptable use
- Security policy
- Mandatory vacations
- Job rotation
- Separation of duties
- Least privilege
- Risk calculation
- Likelihood
- ALE
- Impact
- SLE
- ARO
- MTTR
- MTTF
- MTBF
- Quantitative vs. qualitative
- Vulnerabilities
- Threat vectors
- Probability/threat likelihood
- Risk-avoidance, transference, acceptance, mitigation, deterrence
- Risks associated ...
- Control types
Get CompTIA Security+ Review Guide: Exam SY0-401, 3rd Edition now with O’Reilly online learning.
O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.