Get this Security+ CertiGuide for your own computer.
Click Here!
Use coupon code "certiguide" to save 20%!
(Expires 2004/12/31)

Also available: 300-question Security+ practice test!
Get It Here!

Custom Search







Table Of Contents  CertiGuide to Security+

Previous Topic/Section
4.8  Success Answers
Previous Page
Pages in Current Topic/Section
1
Next Page
Getting Ready for Chapter 5 - Questions
Next Topic/Section

Chapter 5:  Operational/Organizational Security (Domain 5.0; 15%)

"This is not an abstract problem. The vast majority of users don’t read security mailing lists and don't read postings about product vulnerabilities. Hackers do."
-- Scott Culp, Manager of Microsoft's Security Response Center

Chapter Objectives

The objective of this chapter is to provide the reader with an understanding of the following:

Domain 5.0: Operational/Organizational Security – 15%

5.1 Understand the application of the following concepts of physical security:

  • Access Control (Physical Barriers; Biometrics); Social Engineering

  • Environment (Wireless Cells; Location; Shielding; Fire Suppression)

5.2 Understand the security implications of the following topics of disaster recovery:

    • Backups (Off Site Storage)

    • Secure Recovery (Alternate Sites); Disaster Recovery Plan

5.3 Understand the security implications of the following topics of business continuity:

    • Utilities; High Availability / Fault Tolerance; Backups

5.4 Understand the concepts and uses of these types of policies and procedures:

    • Security Policy:
      • Acceptable Use; Due Care; Privacy; Separation of Duties

      • Need to Know; Password Management; SLAs (Service Level Agreements)

      • Disposal / Destruction

      • HR (Human Resources) Policy: Termination, Hiring, Code of Ethics


    • Incident Response Policy

5.5 Explain the following concepts of privilege management:

    • User / Group / Role Management;

    • Single Sign-on; Centralized vs. Decentralized

    • Auditing (Privilege, Usage, Escalation)

    • MAC / DAC / RBAC

5.6 Understand the concepts of the following topics of forensics:

    • Chain of Custody; Preservation of Evidence; Collection of Evidence

5.7 Understand and be able to explain the following concepts of risk identification:

    • Asset Identification; Risk Assessment; Threat Identification; Vulnerabilities

5.8 Understand the security relevance of the education and training of end users, executives and human resources

    • Communication; User Awareness; Education; On-line Resources

5.9 Understand and explain the following documentation concepts:

    • Standards and Guidelines; Systems Architecture; Change Documentation

    • Logs and Inventories; Classification (Notification)

    • Retention / Storage; Destruction

Quick navigation to subsections and regular topics in this section



Previous Topic/Section
4.8  Success Answers
Previous Page
Pages in Current Topic/Section
1
Next Page
Getting Ready for Chapter 5 - Questions
Next Topic/Section

If you find CertiGuide.com useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from StudyExam4Less.com. (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!
Donate $2
Donate $5
Donate $10
Donate $20
Donate $30
Donate: $



Home - Table Of Contents - Contact Us

CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004

Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.