Scribd Logo
Upload

Welcome to Scribd!

  • 23 views

    Sy0 601 01

    Uploaded by

    linuxandra rafii
    The document discusses information security roles, controls, and frameworks. It describes common information security roles including the chief security officer and information systems security officer. It outlines categories of security controls such as technical, operational, and managerial controls. The document also discusses the National Institute of Standards and Technology Cybersecurity Framework and other standards like ISO. It provides examples of security frameworks, benchmarks, and regulations that organizations use to improve their security posture.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd

    Sy0 601 01

    Uploaded by

    linuxandra rafii
    23 views20 pages
    The document discusses information security roles, controls, and frameworks. It describes common information security roles including the chief security officer and information systems security officer. It outlines categories of security controls such as technical, operational, and managerial controls. The document also discusses the National Institute of Standards and Technology Cybersecurity Framework and other standards like ISO. It provides examples of security frameworks, benchmarks, and regulations that organizations use to improve their security posture.

    Original Title

    sy0-601-01

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    The document discusses information security roles, controls, and frameworks. It describes common information security roles including the chief security officer and information systems security officer. It outlines categories of security controls such as technical, operational, and managerial controls. The document also discusses the National Institute of Standards and Technology Cybersecurity Framework and other standards like ISO. It provides examples of security frameworks, benchmarks, and regulations that organizations use to improve their security posture.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Download as pptx, pdf, or txt
    23 views20 pages

    Sy0 601 01

    Uploaded by

    linuxandra rafii
    The document discusses information security roles, controls, and frameworks. It describes common information security roles including the chief security officer and information systems security officer. It outlines categories of security controls such as technical, operational, and managerial controls. The document also discusses the National Institute of Standards and Technology Cybersecurity Framework and other standards like ISO. It provides examples of security frameworks, benchmarks, and regulations that organizations use to improve their security posture.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Download as pptx, pdf, or txt
    You are on page 1of 20

    Lesson 1

    Comparing Security Roles and Security Controls


    Topic 1A
    Compare and Contrast Information Security Roles

    CompTIA Security+ Lesson 1 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 2
    Information Security

    • CIA Triad
    • Confidentiality
    • Information should only be known to certain people
    • Integrity
    • Data is stored and transferred as intended and that any modification is
    authorized
    • Availability
    • Information is accessible to those authorized to view or modify it
    • Non-repudiation
    • Subjects cannot deny creating or modifying data

    CompTIA Security+ Lesson 1 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 3
    Cybersecurity Framework

    CompTIA Security+ Lesson 1 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 4
    Information Security Competencies

    • Risk assessments and testing


    • Specifying, sourcing, installing, and configuring secure devices and software
    • Access control and user privileges
    • Auditing logs and events
    • Incident reporting and response
    • Business continuity and disaster recovery
    • Security training and education programs

    CompTIA Security+ Lesson 1 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 5
    Information Security Roles and Responsibilities

    • Overall responsibility
    • Chief Security Officer (CSO)
    • Chief Information Security Officer
    (CISO)
    • Managerial
    • Technical
    • Information Systems Security
    Officer (ISSO)
    • Non-technical
    • Due care/liability
    Image credit: Shannon Fagan © 123rf.com.

    CompTIA Security+ Lesson 1 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 6
    Information Security Business Units

    • Security Operations Center (SOC)


    • DevSecOps
    • Development, security, and
    operations
    • Incident response
    • Cyber incident response team
    (CIRT)
    • Computer security incident
    response team (CSIRT)
    • Computer emergency response
    team (CERT)
    Image credit: John Mattern/Feature Photo Service for IBM

    CompTIA Security+ Lesson 1 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 7
    Information Security Roles

    Review Activity

    CompTIA Security+ Lesson 1 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 8
    Assisted Labs

    • Exploring the Lab Environment

    Lab Activity
    CompTIA Security+ Lesson 1 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 9
    Topic 1B
    Compare and Contrast Security Control and Framework
    Types

    CompTIA Security+ Lesson 1 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 10
    Syllabus Objectives Covered

    • 5.1 Compare and contrast various types of controls


    • 5.2 Explain the importance of applicable regulations, standards, or
    frameworks that impact organizational security posture

    CompTIA Security+ Lesson 1 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 11
    Security Control Categories

    • Technical
    • Controls implemented in operating
    systems, software, and security appliances
    • Operational
    • Controls that depend on a person for
    implementation
    • Managerial
    • Controls that give oversight of the system

    CompTIA Security+ Lesson 1 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 12
    Security Control Functional Types (1)
    • Preventive
    • Physically or logically restricts
    unauthorized access
    • Operates before an attack
    • Detective
    • May not prevent or deter access, but
    it will identify and record any
    attempted or successful intrusion
    • Operates during an attack
    • Corrective
    • Responds to and fixes an incident and
    Images © 123rf.com.
    may also prevent its reoccurrence
    • Operates after an attack

    CompTIA Security+ Lesson 1 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 13
    Security Control Functional Types (2)

    • Physical
    • Controls such as alarms, gateways, and locks that deter access to premises and
    hardware
    • Deterrent
    • May not physically or logically prevent access, but psychologically discourages
    an attacker from attempting an intrusion
    • Compensating
    • Substitutes for a principal control

    CompTIA Security+ Lesson 1 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 14
    NIST Cybersecurity Framework

    • Importance of frameworks
    • Objective statement of current capabilities
    • Measure progress towards a target capability
    • Verifiable statement for regulatory compliance reporting
    • National Institute of Standards and Technology (NIST)
    • Cybersecurity Framework (CSF)
    • Risk Management Framework (RMF)
    • Federal Information Processing Standards (FIPS)
    • Special Publications

    CompTIA Security+ Lesson 1 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 15
    ISO and Cloud Frameworks

    • International Organization for Standardization (ISO)


    • 21K information security standards
    • 31K enterprise risk management (ERM)
    • Cloud Security Alliance
    • Security guidance for cloud service providers (CSPs)
    • Enterprise reference architecture
    • Cloud controls matrix
    • Statements on Standards for Attestation Engagements (SSAE)
    Service Organization Control (SOC)
    • SOC2 evaluates service provider
    • Type I report assesses system design
    • Type II report assesses ongoing effectiveness
    • SOC3 public compliance report
    CompTIA Security+ Lesson 1 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 16
    Benchmarks and Secure Configuration Guides

    • Center for Internet Security (CIS)


    • The 20 CIS Controls
    • CIS-RAM (Risk Assessment Method)
    • OS/network platform/vendor-specific guides and benchmarks
    • Vendor guides and templates
    • CIS benchmarks
    • Department of Defense Cyber Exchange
    • NIST National Checklist Program (NCP)
    • Application servers and web server applications
    • Client/server
    • Multi-tier—front-end, middleware (business logic), and back-end
    (data)
    • Open Web Application Security Project (OWASP)
    CompTIA Security+ Lesson 1 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 17
    Regulations, Standards, and Legislation

    • Due diligence
    • Sarbanes-Oxley Act (SOX)
    • Computer Security Act (1987)
    • Federal Information Security Management Act (FISMA)
    • General Data Protection Regulation (GDPR)
    • National, territory, or state laws
    • Gramm–Leach–Bliley Act (GLBA)
    • Health Insurance Portability and Accountability Act (HIPAA)
    • California Consumer Privacy Act (CCPA)
    • Payment Card Industry Data Security Standard (PCI DSS)

    CompTIA Security+ Lesson 1 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 18
    Security Control and Framework Types

    Review Activity

    CompTIA Security+ Lesson 1 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 19
    Lesson 1
    Summary

    CompTIA Security+ Lesson 1 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 20

    You might also like

    pFad - Phonifier reborn

    Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

    Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


    Alternative Proxies:

    Alternative Proxy

    pFad Proxy

    pFad v3 Proxy

    pFad v4 Proxy