Chapter 2Compliance and Operational Security

CompTIA Security+ exam objectives covered in this chapter include the following:

  1. correct 2.1 Explain the importance of risk-relateda concepts.
    • Control types
      • Technical
      • Management
      • Operational
    • False positives
    • False negatives
    • Importance of policies in reducing risk
      • Privacy policy
      • Acceptable use
      • Security policy
      • Mandatory vacations
      • Job rotation
      • Separation of duties
      • Least privilege
      • Risk calculation
      • Likelihood
      • ALE
      • Impact
      • SLE
      • ARO
      • MTTR
      • MTTF
      • MTBF
    • Quantitative vs. qualitative
    • Vulnerabilities
    • Threat vectors
    • Probability/threat likelihood
    • Risk-avoidance, transference, acceptance, mitigation, ­deterrence
    • Risks associated ...

Get CompTIA Security+ Review Guide: Exam SY0-401, 3rd Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.