Chapter 2

Compliance and Operational Security

COMPTIA SECURITY+ EXAM OBJECTIVES COVERED IN THIS CHAPTER INCLUDE THE FOLLOWING:

  • 2.1 Explain risk-related concepts.
    • Control types
      • Technical
      • Management
      • Operational
    • False positives
    • Importance of policies in reducing risk
      • Privacy policy
      • Acceptable use
      • Security policy
      • Mandatory vacations
      • Job rotation
      • Separation of duties
      • Least privilege
    • Risk calculation
      • Likelihood
      • ALE
      • Impact
    • Quantitative vs. qualitative
    • Risk avoidance, transference, acceptance, mitigation, deterrence
    • Risks associated to cloud computing and virtualization
  • 2.2 Carry out appropriate risk mitigation strategies.
    • Implement security controls based on risk.
    • Change management.
    • Incident management.
    • User rights and permissions reviews. ...

Get CompTIA Security+™: Review Guide, Second Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.