< All CompTIA Security+ Notes

technobaba | CompTIA Security+ | Module 2

By: Clouds | Related Course: CompTIA Security+ | Published: August 16, 2016 | Modified: August 19, 2016
Join Cybrary

NotepadGoals of Security

1. CIA Triad.

Confidentiality

Integrity

Availability

How to’s:

Confidentiality.(Encryption, Access Controls, Steganography.)

Integrity.(Digital signatures, Certificates, Non-Repudiation).

Availability.(Redundancy, FAult tolerance, Patching).

 


NotepadImportance of Security.

1.Security policies and procedures training to employee.

(Rules as how to create passwd, Rules to train the emplye.)

2. Role based treaining, relevant to their job training.

3. PII training(CReditcard, PIN etc.)

4. Proper information classificatio.(Private ,Confidential,Top secret)

5. Data labelling.

6. Data must be destroyed properly after used considerin g its importance.

7. InCompliance with standards (HIPAA, ISO 27000, PCIDSS).

8. Password complexity , Password Sharing with other employee.

9. Clean desk policy.(Do not keep important data on desk unattended)


NotepadIncident Response procedures.

1. Preparation

2. Incident identification.

3. Escalation and Notification.

4. Mitigation Steps.

5. Lessons Learned.

6. Reporting.

7. Recovery Procedure.

8. First Responder.

9. Data Breach

10. Damage and loss control.

 

 


NotepadInfo Sec-2

1. Tailgating: Preventin(man trap i.e. two door verification, turnstyle door).

2. Personally owned devices (Limit use i.e. USB, Mobile phone.).

3.Educate about new threats.

4. Limit use of social sites.(possible for data leakage). 


Notepadphysical sec

1. Heating Ventilation and Air Conditioning Design. 

a. Independent power source.

b. Positive air pressure.(when poeple comes in air goes out.

c. Protect intake vents.

d. Emergency  Cutoffs.

e. Fire Suppression.

2. EMI sheilding.

3. Cold aisles and Hot Aisles .

4. Envionmental monitoring(Flood, Humidity, Air level etc.)

5. Physical security.(Hardware locks, Mantraps, Video Surveillance, Fencing, Access lists, Proper Lighting, Signs, Guards, Barricades, Bollards, Biometric Controls, Proximity readers{RFID}, Motion detecters..).

6. 

 


NotepadRisk Managt Practcs.

Business Impact Analysis.

-Identify Critical system and components.

        -Automated or Ensure People know.

Remove Single Point of Failure.(Where one thing fails bring down whole system)

Periodically Risk Assessment.

Continuity of operations.(Even after attack make sure your services are up i.e. UPS for power failure.)

Disaster recovery plan needs to be created before a disaster happen and need to be periodically updated and tested.

IT Contingency plan.(i.e. what if questions.)

Fault tolerance, Load balancer.

Disaster Recovery Concepts.

   -Back up plans/policies(Who, What, When, Where to    store.)

   -Backup Frequency

Readiness of site,

Hot Site.

Warm Site.

Cold Site.

 

 

 

 

 


NotepadRisk mitigation Strategies.

1. Change Managmt.(Why change, Impact of change, results of change,Changes by proper review. ).

2. Incident Managmt.

3. User right and permission.

4. Routine Audits.

5. policies to prevent data loss and threft.

6.Data loss prevention.


< All CompTIA Security+ Notes
Join Cybrary

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

 

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel