CompTIA Security+ Domain 1 summary
DOMAIN SUMMARY LATEST POSTCOMPTIASEC+
Expanded Summary: General Security Concepts (CompTIA Security+)
π Confidentiality, Integrity, and Availability (CIA)
Confidentiality : Ensures that information is only accessible to authorized individuals. Techniques include encryption, access control lists (ACLs), and data masking. Unauthorised access breaches confidentiality.
Integrity : Maintains the accuracy and completeness of data. Techniques include hashing, digital signatures, and checksums. Unauthorized modifications compromise integrity.
Availability : Ensures that information and resources are accessible to authorized users when needed. Maintained through redundancy, failover strategies, and system maintenance. Attacks like DDoS can compromise availability.
π» Types of Malware
Viruses : Attach to legitimate programs and spread when executed. Can damage data, steal information, or render systems inoperable.
Worms : Self-replicating malware that spreads without user intervention. Exploits software or OS vulnerabilities, causing widespread damage and network congestion.
Trojans : Disguised as legitimate software. Often create backdoors for unauthorized access.
Ransomware : Encrypts data and demands a ransom for release. Can cripple organizations by making critical data inaccessible.
Spyware : Secretly collects information about a user's activities. Can track keystrokes, capture screenshots, and gather sensitive data.
π¨ Attack Vectors
Phishing : Tricking individuals into revealing sensitive information by masquerading as a trustworthy entity.
Social Engineering : Manipulating individuals into divulging confidential information through tactics like pretexting, baiting, and tailgating.
Network-Based Attacks : Exploiting network protocol and service vulnerabilities. Includes MitM attacks, packet sniffing, and DNS spoofing.
Zero-Day Exploits : Targeting previously unknown vulnerabilities. Particularly dangerous due to lack of existing defenses.
π₯ Threat Actors
Hackers : Use technical skills to exploit vulnerabilities. Motivations include financial gain, political activism, or the challenge of breaching security.
Insiders : Employees or contractors who pose threats from within. Can misuse access to steal information, sabotage systems, or facilitate external attacks.
Organized Crime Groups : Engage in cybercrime for financial gain. Highly organized, employing sophisticated techniques.
Nation-States : Government-sponsored entities conducting cyber-espionage or cyber-warfare. Often highly sophisticated and targeted.
π‘οΈ Defense-in-Depth
Layered Security Approach : Multiple layers of security controls protect information. Each layer provides different types of defence.
Physical Security : Measures like locks, security guards, and surveillance cameras protect physical access.
Network Security : Controls like firewalls, IDS/IPS, and VPNs protect data transmission.
Endpoint Security : Antivirus software, encryption, and EDR solutions protect individual devices.
π Security Policies
Creating Policies : Developing comprehensive security policies that outline procedures and guidelines for protecting information.
Enforcing Policies : Ensuring policies are followed through audits, training, and technical controls.
User Education : Training employees on security best practices and the importance of following policies.
π Incident Response
Incident Response Plan : Documented steps to take in the event of a security incident. Includes detecting, responding to, and recovering from incidents.
Detection and Analysis : Identifying and analyzing security incidents to understand their scope and impact.
Containment and Eradication : Isolating affected systems, removing threats, and preventing further damage.
Recovery and Post-Incident Activity : Restoring systems to normal operation and reviewing incidents to improve future response efforts.
π Risk Management
Risk Assessment : Identifying and evaluating risks to information assets. Includes determining threat likelihood and impact.
Risk Mitigation : Implementing controls to reduce risk likelihood or impact. Strategies include technical and administrative controls.
Continuous Monitoring : Regularly reviewing and updating risk assessments to ensure effective risk management.
π¨βπ« Security Awareness Training
Educating Employees : Training on security best practices and threat recognition. Topics include password security and phishing recognition.
Regular Updates : Ongoing training to keep employees informed about new threats and best practices.
Simulated Attacks : Testing employees' ability to recognize and respond to threats through simulated phishing and other exercises.