Professional Documents
Culture Documents
Lesson 1 NT E
C E
Comparing Security Roles and Security
L Controls
N A
SIO
S
OFE
P R
C I S
A
R
Topic 1A N T E
C E
Compare and Contrast InformationLSecurity Roles
N A
S IO
S
OFE
P R
C I S
A
CompTIA Security+ Lesson 1 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 2
Information Security
• CIA Triad
E R
• Confidentiality
N T
• Information should only be known to certain people
C E
• Integrity
A L
• Data is stored and transferred as intendedNand that any modification is
authorized
S IO
• Availability E S
O
• Information is accessible Fthose authorized to view or modify it
to
• Non-repudiation PR
I S
• Subjects cannot
C deny creating or modifying data
A
CompTIA Security+ Lesson 1 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 3
Cybersecurity Framework
E R
N T
C E
A L
IO N
S S
F E
R O
S P
C I
A
CompTIA Security+ Lesson 1 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 4
Information Security Competencies
R
• Overall responsibility
E
T (CSO)
• Chief Security Officer
N
(CISO)C
E
• Chief Information Security Officer
A L
• Managerial
N
I•OTechnical
S S Information Systems Security
F E •
Officer (ISSO)
R O • Non-technical
S P
C I • Due care/liability
A
Image credit: Shannon Fagan © 123rf.com.
CompTIA Security+ Lesson 1 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 6
Information Security Business Units
CompTIA Security+ Lesson 1 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 7
R
Topic 1B N T E
C E
Compare and Contrast Security Control
L and Framework
Types NA IO
S S
F E
R O
S P
C I
A
CompTIA Security+ Lesson 1 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 8
Syllabus Objectives Covered
• Technical
E R
• Controls implemented in operating
N T
systems, software, and security appliances
C E
• Operational L
• Controls that depend on a person for N A
implementation
S IO
• Managerial
E S
•
O Fof the system
Controls that give oversight
P R
I S
AC
CompTIA Security+ Lesson 1 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 10
Security Control Functional Types (1)
• Preventive
Physically or logically restricts
•
unauthorized access E R
• N
Operates before an attack T
• DetectiveC E
• May
A L not prevent or deter access, but
N it will identify and record any
IO attempted or successful intrusion
S S • Operates during an attack
OFE • Corrective
Responds to and fixes an incident
P R •
and may also prevent its
Images © 123rf.com.
C I S reoccurrence
A • Operates after an attack
CompTIA Security+ Lesson 1 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 11
Security Control Functional Types (2)
• Physical
E R
• Controls such as alarms, gateways, and locks that deter access
N Tto premises and
hardware
C E
• Deterrent
A L
I
an attacker from attempting an intrusionO N
• May not physically or logically prevent access, but psychologically discourages
• Compensating S S
F E
• Substitutes for a principal control
R O
S P
I
AC
CompTIA Security+ Lesson 1 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 12
NIST Cybersecurity Framework
• Importance of frameworks
E R
• Objective statement of current capabilities
N T
• Measure progress towards a target capability
C E
•
A L
Verifiable statement for regulatory compliance reporting
•
IO N
National Institute of Standards and Technology (NIST)
SS
• Cybersecurity Framework (CSF)
• Risk Management FrameworkE (RMF)
O F Standards (FIPS)
• Federal Information Processing
• Special PublicationsR
S P
I
AC
CompTIA Security+ Lesson 1 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 13
ISO and Cloud Frameworks
CompTIA Security+ Lesson 1 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 15
Regulations, Standards, and Legislation
• Due diligence
E R
• Sarbanes-Oxley Act (SOX)
N T
• Computer Security Act (1987)
C E
•
A L
Federal Information Security Management Act (FISMA)
• General Data Protection Regulation (GDPR)
O N
• National, territory, or state laws SI
• Gramm–Leach–Bliley Act (GLBA) E S
O Fand Accountability Act (HIPAA)
• Health Insurance Portability
P
• California Consumer RPrivacy Act (CCPA)
•
C S
Payment Card IIndustry Data Security Standard (PCI DSS)
A
CompTIA Security+ Lesson 1 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 16
R
Lesson 1 N T E
C E
Summary L
N A
S IO
ES
O F
P R
C I S
A
CompTIA Security+ Lesson 1 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 17