IT Security/Objectives/General Security Concepts

1.1 Compare and contrast various types of security controls

edit

  • Control types
    • Preventive
    • Deterrent
    • Detective
    • Corrective
    • Compensating
    • Directive

1.2 Summarize fundamental security concepts

edit

1.3 Explain the importance of change management processes and the impact to security.

edit
  • Business processes impacting security operation
    • Approval process
    • Ownership
    • Stakeholders
    • Impact analysis
    • Test results
    • Backout plan
    • Maintenance window
    • Standard operating procedure

  • Technical implications
    • Allow lists/deny lists
    • Restricted activities
    • Downtime
    • Service restart
    • Application restart
    • Legacy applications
    • Dependencies
  • Documentation
    • Updating diagrams
    • Updating policies/procedures
  • Version control

1.4 Explain the importance of using appropriate cryptographic solutions.

edit
  • Public key infrastructure (PKI)
  • Encryption
    • Level
      • Full-disk
      • Partition
      • File
      • Volume
      • Database
      • Record
    • Transport/communication
    • Asymmetric
    • Symmetric
    • Key exchange
    • Algorithms
    • Key length