CompTIA Security+ exam objectives covered in this chapter include the following:

1. 2.1 Explain the importance of risk-relateda concepts.
   • Control types
     • Technical
     • Management
     • Operational
   • False positives
   • False negatives
   • Importance of policies in reducing risk
     • Privacy policy
     • Acceptable use
     • Security policy
     • Mandatory vacations
     • Job rotation
     • Separation of duties
     • Least privilege
     • Risk calculation
     • Likelihood
     • ALE
     • Impact
     • SLE
     • ARO
     • MTTR
     • MTTF
     • MTBF
   • Quantitative vs. qualitative
   • Vulnerabilities
   • Threat vectors
   • Probability/threat likelihood
   • Risk-avoidance, transference, acceptance, mitigation, ­deterrence
   • Risks associated ...