Unlock the full potential of your projects.
Show full map
Copy and edit map Copy

Lesson 1

Education & Notes
Reuben Fernandes

Studying for CompTIA Security+

Get Started. It's Free
or sign up with your email address
Similar Mind Maps Mind Map Outline
Lesson 1 by Mind Map: Lesson 1

1. Security Control Functional Types

1.1. Preventative

1.1.1. Physically or logically restricts unauthorised access (e.g. Firewalls, Doors)

1.1.2. Operates Before an attack

1.2. Detective Controls

1.2.1. Cannot prevent, but can detect intrusions (e.g. Cameras, Antivirus)

1.2.2. Operates During the attack

1.3. Corrective Control

1.3.1. Responds to and fixes incidents and may prevent reoccurance

1.3.2. Operates after the attack

1.4. Directive

1.4.1. Enforcing a rule of behaviour (e.g Wear badges, do xyz and do not do xyz)

1.5. Deterrent

1.5.1. Psychologically discourages intrusions

1.6. Compensating

1.6.1. Substitutes for a principal control

1.6.2. Associated with framework compliance measures

2. Security Control

2.1. Security Control Categories

2.1.1. Managerial

2.1.1.1. Gives oversight of a system (governance)

2.1.2. Operational

2.1.2.1. Relies on a person for implementation

2.1.3. Technical

2.1.3.1. Implemented in operating systems, software, security

2.1.4. Physical

2.1.4.1. Devices that mediate access to premises and hardware

3. Summarising Fundamental Security Concepts

3.1. Gap Analysis

3.1.1. Current Situation vs Desired solution

3.1.1.1. Current state

3.1.1.2. Desired State

3.1.1.3. Roadmap

3.2. CIA Triad

3.2.1. Confidentiality

3.2.1.1. Data is only read by authorised persons

3.2.2. Integrity

3.2.2.1. Data is stored and transferred as intended, and all modifications are authorised

3.2.3. Availibility

3.2.3.1. Data is available for you when needed, without any delay

3.2.4. Non-Repudiation

3.2.4.1. People cannot deny creating or modifying data

3.3. Access Control (IAAA)

3.3.1. Identification

3.3.1.1. Claiming you you are

3.3.2. Authentication

3.3.2.1. How you prove that it is really you

3.3.3. Authorisation

3.3.3.1. What are you authorised to do?

3.3.4. Accounting

3.3.4.1. System tracks permission usage in a log, for auditing.

3.4. Cybersecurity Framework

3.4.1. 1 - Identify/Classify Assets (can't protect what you don't know)

3.4.2. 2 - Protect

3.4.3. 3

3.4.3.1. Detect

3.4.3.2. Respond

3.4.3.3. Recover

4. Information Security

4.1. Roles and Responsibilities

4.1.1. Executive Level

4.1.1.1. CISO

4.1.1.2. Chief Security Officer

4.1.2. Technical

4.1.2.1. SOC Analyst

4.1.3. Non Technical

4.1.3.1. e.g HR (but still with some responsibility with security)

4.1.4. Due Care/Liability

4.1.4.1. Everyone else, people who might click on phishing links

4.2. Competencies

4.2.1. Risk assessments and testing

4.2.2. Specifying, Sourcing, Installing and sourcing and configuring devices

4.2.2.1. E.g installing software

4.2.3. Access Control and User Privileges

4.2.3.1. permissions

4.2.4. Auditing Logs and Events

4.2.5. Incident Response and Reporting

4.2.6. Business Continuity and Disaster Recovery

4.2.7. Security Training and Education Programs

4.3. Business Units

4.3.1. Security Operations Center (SOC)

4.3.1.1. Monitoring Security Devices

4.3.2. DevSecOps

4.3.2.1. Implementing secure practices from the very beginning, from software development processes, up until operations and maintenance

4.3.3. Incident Response

4.3.3.1. Cyber incident response team (CIRT)