CertiGuide to Security+  9  Chapter 5:  Operational/Organizational Security (Domain 5.0; 15%)

Getting Ready for Chapter 5 - Answers 1 5.1  Physical Security

This chapter discusses security from the point of the view of the physical organization and the people within it. As you might guess from earlier chapters, the people aspect figures in prominently, whether we’re discussing physical or organizational security.

Additionally, this chapter looks at computer security-related policy-making. What rules should your organization have in place to govern business continuity, handling improper use of the organization’s computing resources, the specification of the privacy/sensitivity level of data, what computer-related administrative activities occur at employee hiring and termination, etc.? These subjects are addressed in greater depth in this chapter.

Because all the security efforts in the world won’t necessarily keep you from ever experiencing a break-in, we look at computer forensics – the process of investigating an attack, often with the goal that evidence will be presented to law enforcement personnel, for prosecution of the attacker.

It also looks at the business issues of threat and risk identification and assessment – a critical step in the business justification of computer security measures. Before you know how much (people, dollars, etc.) you can dedicate to computer security, you need to know the risks you face, and their values. This chapter covers the last official domain in Security+. Your authors have put forth every effort to adhere to RFC 1925⁴¹³ throughout this work, and particularly so in this chapter as we are forced to interact with the non-technically inclined.

Getting Ready for Chapter 5 - Answers 1 5.1  Physical Security