Comptia Security+ 701

Module 1 : Security Concepts

1.1 : Security Control Types
 Technical Security
● Implementing secure network systems, detecting ● Wireless Security: Securing wireless networks
and preventing attacks, managing access using encryption like WPA2/WPA3, securing
controls, and ensuring data security. access points, and mitigating wireless attacks
● Appliances and Devices: Knowledge of firewalls, such as rogue access points and evil twin
IDS/IPS, routers, switches, and proxies used to attacks.
protect network infrastructure. ● Endpoint Security: Implementing security
● Secure Protocols: IPSec for VPN (Virtual Private measures on endpoint devices such as
Network), SSL/TLS for secure communication antivirus/antimalware software, host-based
over the internet, and SSH for secure remote firewalls, and endpoint encryption.
access.
 Managerial Security
● Security Governance: Establishing a framework ● Security Compliance: Ensuring compliance with
for roles and responsibilities, security policies and relevant laws, regulations, and industry standards
procedures, and compliance with regulatory related to information security, privacy, and data
requirements and industry standards.
protection, such as GDPR, HIPAA, and PCI DSS.
● Security Risk Management: Identifying and
● Disaster Recovery Planning: Developing plans to
prioritizing security risks to the organization's
assets, and using risk mitigation strategies to ensure the organization can continue operating
reduce the impact of potential threats. during and after a disruptive event, such as a
● Security Training: Developing training programs natural disaster, cyber attack, or equipment
for employees to educate them about security failure.
risks and best practices, and to promote a
security-conscious culture within the
organization.
 Operational Security
● Operational Security are controls managed by ● Incident Response: Establishing procedures for
human people instead of using computer detecting, analyzing, and responding to security
systems and machines. incidents, including incident containment,
● Personnel Security: Background checks, security
eradication, and recovery.
clearances, and security awareness training for
● Change Management: Implementing processes
employees and ensure the integrity of the
workforce. for managing changes to IT systems,
● Security Patrols: Protect physical assets, such as applications, and infrastructure to minimize
data centers, servers, and networking equipment security risks and ensure system integrity and
using security guard surveillance. availability.
 Physical Security
● Perimeter Security: Fences, gates, walls, and ● Surveillance Systems: Installing cameras, motion
barriers, to prevent unauthorized access. Used at sensors, and other monitoring devices to observe
both internal and external entries. and record activities within and around the
● Access Control Systems: Regulate and monitor premises.
entry to buildings, rooms, and sensitive areas, ● Intrusion Detection Systems (IDS): Deploying IDS
sensors and alarms to detect unauthorized entry
such as keypads, card readers, biometric
within secure areas, and triggering alerts or
scanners, and turnstiles.
notifications to security personnel for response.
● Security Personnel: Employing guards and
● Environmental Controls: Implementing measures
receptionists, to monitor and control access to
to protect physical assets through the use of
facilities, respond to incidents, and enforce
HVAC systems, fire suppression systems, and
security policies and procedures. backup power sources.
 Preventive Controls
● Preventive Controls mitigate potential risks ● Patch Management: Regularly applying updates,
before they occur. These controls are designed to patches, and fixes to software applications,
stop unauthorized access, malicious activities, or operating systems, and firmware to address
security breaches from happening in the first
known vulnerabilities and security weaknesses.
place.
● Antivirus/Antimalware Software: Designed to
● Firewalls: Hardware devices or software
applications that monitor and control incoming detect, quarantine, and remove malicious
and outgoing network traffic based on software (such as viruses, worms, Trojans, and
predetermined security rules. spyware) from computer systems and networks.
● Access Control Lists (ACLs): ACLs are security
rules or lists that dictate what users or systems
are allowed or denied access to specific
resources, such as files, directories, or network
services.
 Deterrent Controls
● Deterrent security controls discourage attackers ● Security Lighting: Installing exterior lighting to
from attempting to breach security or carry out improve visibility and deter criminal activity.
malicious activities. Deterrents aim to create a Well-lit areas are less attractive to potential
perception of risk dissuading the attempting an intruders who prefer to operate in the dark.
attack. ● Alarms and Audible Sirens: Installing alarm
● Security Signage and Warning Notices: Placing systems that trigger audible sirens or alerts
signs and notices in visible locations to inform draws attention to the situation and may
potential intruders about the presence of security discourage intruders from continuing their
measures, such as surveillance cameras, alarms, attempts.
and access control systems.
● Physical Obstacles: Installing fences, gates,
bollards, and barriers, to control access to
facilities and prevent unauthorized entry.
 Detective Controls
● Detective security controls identify and detect ● Intrusion Detection Systems (IDS): IDS systems
security incidents after they have occurred. These monitor network traffic for signs of suspicious or
controls are crucial for monitoring and analyzing malicious activity, such as unauthorized access
systems, networks, and user behavior to identify attempts, known attack patterns, or abnormal
security breaches or policy violations. behavior.
● Security Information and Event Management
● IDS generate alerts or notifications when
(SIEM): SIEM solutions provide real-time alerts,
potential security threats are detected, allowing
event correlation, and forensic analysis
security teams to investigate and respond
capabilities to help security teams identify and
promptly.
respond to threats effectively.
● Network Traffic Analysis (NTA): NTA solutions
● Log Monitoring and Analysis: Monitoring and
analyzing system logs, audit trails, and security analyze network traffic patterns, protocols, and

events can help identify suspicious or anomalous behaviors to identify suspicious or malicious

activities indicative of a security incident. activities indicative of a security threat.

 Corrective Controls
● Corrective security controls are measures to ● User Training and Awareness: Corrective training
respond to and mitigate the impact of security may include reinforcing security policies,
incidents or breaches after occurring. These procedures, and incident response protocols to
controls focus on restoring systems, data, and
prevent similar incidents in the future.
services to a secure state.
● Policy Review and Update: Corrective policy
● Incident Response Plans: The steps and
procedures to follow when a security incident updates may include revising access controls,
occurs. These plans define roles, escalation password policies, data handling procedures, and
paths, and containment strategies to minimize incident response to improve security.
the impact of security breaches.
● Patch Management: Applying updates, patches,
and fixes to software applications, operating
systems, and firmware to address known
vulnerabilities and security weaknesses.
 Compensating Controls
● Compensating security controls are put in place ● Multi-factor Authentication (MFA): By requiring
to provide an alternative or supplementary users to provide multiple forms of identification
security mechanism when primary security (passwords, biometrics, or one-time codes), MFA
controls are insufficient or impractical to
helps mitigate the risk of unauthorized access,
implement.
even if passwords are compromised.
● Virtual Private Network (VPN): VPNs provide
confidentiality, integrity, and authentication for ● Honeypots/Honeynets: Honeypots and

data transmitted between remote users and honeynets can be used as compensating controls
corporate networks. to deceive and distract attackers while gathering
● Encryption: Encryption protects sensitive data intelligence about their tactics and techniques.
stored or transmitted over insecure channels.
Encrypting the data helps prevent unauthorized
access and maintain confidentiality.
 Directive Controls
● Directive security controls are measures put in ● Password Policies: Requirements for creating,
place to establish rules, policies, and procedures managing, and safeguarding passwords.
that provide clear guidance on acceptable Examples include minimum password length,
behaviors, practices, and actions with security
complexity requirements, expiration intervals, and
policies.
restrictions on password reuse.
● Security Policies: Documents that outline the
rules for protecting information assets and ● Remote Access Policies: Define the requirements
maintaining a secure environment. and restrictions for accessing organizational
● Acceptable Use Policies (AUP): AUPs define the resources remotely, such as through virtual
behaviors and activities that users are permitted private networks (VPNs) or remote desktop
to engage in when accessing and using
services.
organizational resources, including computers,
networks, and data.