Chapter 2
Compliance and Operational Security
COMPTIA SECURITY+ EXAM OBJECTIVES COVERED IN THIS CHAPTER INCLUDE THE FOLLOWING:
- 2.1 Explain risk-related concepts.
- Control types
- Technical
- Management
- Operational
- False positives
- Importance of policies in reducing risk
- Privacy policy
- Acceptable use
- Security policy
- Mandatory vacations
- Job rotation
- Separation of duties
- Least privilege
- Risk calculation
- Likelihood
- ALE
- Impact
- Quantitative vs. qualitative
- Risk avoidance, transference, acceptance, mitigation, deterrence
- Risks associated to cloud computing and virtualization
- Control types
- 2.2 Carry out appropriate risk mitigation strategies.
- Implement security controls based on risk.
- Change management.
- Incident management.
- User rights and permissions reviews. ...