Chapter 1
Measuring and Weighing Risk
The Following CompTIA Security+ Exam Objectives Are Covered in This Chapter:
- 1.3 Distinguish and differentiate network design elements and compounds.
- Cloud computing: Platform as a Service; Software as a Service; Infrastructure as a Service
- 2.1 Explain risk related concepts.
- Control types: Technical; Management; Operational
- False positives
- Importance of policies in reducing risk: Privacy policy; Acceptable use; Security policy; Mandatory vacations; Job rotation; Separation of duties; Least privilege
- Risk calculation; Likelihood; ALE; Impact
- Quantitative vs. Qualitative
- Risk avoidance, transference, acceptance, mitigation, deterrence
- Risk associated to Cloud Computing and Virtualization
- 2.2 Carry out ...
