IT Security/Operational/Risk
This lesson covers risk concepts.
Objectives and Skills
editObjectives and skills for the risk concepts portion of Security+ certification include:[1]
- Explain the importance of risk related concepts.
- Control types
- Technical
- Management
- Operational
- False positives
- False negatives
- Importance of policies in reducing risk
- Privacy policy
- Acceptable use
- Security policy
- Mandatory vacations
- Job rotation
- Separation of duties
- Least privilege
- Risk calculation
- Likelihood
- ALE
- Impact
- SLE
- ARO
- MTTR
- MTTF
- MTBF
- Quantitative vs. qualitative
- Vulnerabilities
- Threat vectors
- Probability / threat likelihood
- Risk-avoidance, transference, acceptance, mitigation, deterrence
- Risks associated with Cloud Computing and Virtualization
- Recovery time objective and recovery point objective
- Control types
Readings
editMultimedia
edit- YouTube: Control Types - CompTIA Security+ SY0-401: 2.1
- YouTube: False Positives and False Negatives - CompTIA Security+ SY0-401: 2.1
- YouTube: Reducing Risk with Security Policies - CompTIA Security+ SY0-401: 2.1
- YouTube: Calculating Risk - CompTIA Security+ SY0-401: 2.1
- YouTube: Quantitative and Qualitative Risk Assessment - CompTIA Security+ SY0-401: 2.1
- YouTube: Vulnerabilities, Threat Vectors, and Probability - CompTIA Security+ SY0-401: 2.1
- YouTube: Risk Avoidance - CompTIA Security+ SY0-401: 2.1
- YouTube: Risks with Cloud Computing and Virtualization - CompTIA Security+ SY0-401: 2.1
- YouTube: Recovery Time Objectives - CompTIA Security+ SY0-401: 2.1