IT Security/Objectives/General Security Concepts

1.1 Compare and contrast various types of security controls
  • Control types
    • Preventive
    • Deterrent
    • Detective
    • Corrective
    • Compensating
    • Directive

1.2 Summarize fundamental security concepts

1.3 Explain the importance of change management processes and the impact to security.

  • Business processes impacting security operation
    • Approval process
    • Ownership
    • Stakeholders
    • Impact analysis
    • Test results
    • Backout plan
    • Maintenance window
    • Standard operating procedure
  • Technical implications
    • Allow lists/deny lists
    • Restricted activities
    • Downtime
    • Service restart
    • Application restart
    • Legacy applications
    • Dependencies
  • Documentation
    • Updating diagrams
    • Updating policies/procedures
  • Version control

1.4 Explain the importance of using appropriate cryptographic solutions.

  • Public key infrastructure (PKI)
  • Encryption
    • Level
      • Full-disk
      • Partition
      • File
      • Volume
      • Database
      • Record
    • Transport/communication
    • Asymmetric
    • Symmetric
    • Key exchange
    • Algorithms
    • Key length

This article is issued from Wikiversity. The text is available under Creative Commons Attribution-Share Alike 4.0 unless otherwise noted. Additional terms may apply for the media files.