Comptia Security+ 601 Chapter 1 Summary

CompTIA Security+ Study Guide: Exam SY0-601 8th Edition, by Mike Chapple & David Seidl


Chapter 1 summary of my notes.


1. Security Controls


The three key objectives of cybersecurity programs are confidentiality, integrity, and availability – CIA. The three key threats to cybersecurity programs are disclosure, alteration, and denial – DAD.


You can use the CIA and DAD models in almost any situation to serve as a helpful starting point for a more detailed risk analysis.


It’s also important to categorize the potential impact of a security incident using the same categories that businesses generally use to describe any type of risk: financial, reputational, strategic, operational, and compliance. If a risk threatens the very existence of an organization or the ability of the organization to execute its business plans, that is a strategic risk that seriously jeopardizes the organization's ongoing viability. On the other hand, if the risk only causes inefficiency and delay within the organization, it fits better into the operational risk category. A compliance risk occurs when a security breach causes an organization to run afoul of legal or regulatory requirements.


Security controls may be categorized based on their mechanism of action and their intent.


Technical controls enforce confidentiality, integrity, and availability in the digital space:



  1. firewall rules

  2. access control lists

  3. intrusion prevention systems

  4. encryption


Operational controls include the processes that we put in place to manage technology in a secure manner:



  1. user access reviews

  2. log monitoring

  3. vulnerability management


Managerial controls are procedural mechanisms that focus on the mechanics of the risk management process:



  1. periodic risk assessments

  2. security planning exercises

  3. incorporation of security into the organization's change management, service acquisition, and project management practices.


CompTIA also divides security into types, based on their desired effect:



  1. Preventive controls intend to stop a security issue before it occurs.

  2. Detective controls identify security events that have already occurred.

  3. Corrective controls remediate security issues that have already occurred.

  4. Deterrent controls seek to prevent an attacker from attempting to violate security policies.

  5. Physical controls are security controls that impact the physical world.

  6. Compensating controls are controls designed to mitigate the risk associated with exceptions made to a security policy. Compensating control finds alternative means to achieve an objective when the organization cannot meet the original control requirement.


 


2. Data & Prevention


Data at rest is stored data. Data in motion is data that is in transit. Data in processing is data that is actively. Data breaches have significant and diverse impacts on organizations. Data must be protected in transit, at rest, and in use. Data loss prevention systems block data exfiltration attempts. Data minimization reduces risk by reducing the amount of sensitive information that we maintain.


Data loss prevention (DLP) systems help organizations enforce information handling policies and procedures to prevent data loss and theft. DLP systems work in two different environments, Host-based DLP and Network DLP:


 Host-based DLP:



  1. uses software agents installed on systems that search those systems for the presence of sensitive information.

  2. some organizations use host-based DLP to block users from accessing USB-based removable media devices that they might use to carry information out of the organization's secure environment.


 Network-based DLP systems:



  1. dedicated devices that sit on the network and monitor outbound network traffic

  2. DLP systems also have two mechanisms of action:

  3. Pattern matching, where they watch for the telltale signs of sensitive information.

  4. Watermarking, where systems or administrators apply electronic tags to sensitive documents and then the DLP system can monitor systems and networks for unencrypted content containing those tags. Watermarking technology is also commonly used in digital rights management (DRM) solutions that enforce copyright and data ownership restrictions.


The best way to achieve data minimization is to simply destroy data when it is no longer necessary. An alternative to de-identifying data is transforming it into a format where the original information can't be retrieved. This is a process called data obfuscation.


Hashing uses a hash function to transform a value in our dataset to a corresponding hash value.


Tokenization replaces sensitive values with a unique identifier using a lookup table. For example, we might replace a widely known value, such as a student ID, with a randomly generated 10-digit number. We'd then maintain a lookup table that allows us to convert those back to student IDs.


Masking partially redacts sensitive information by replacing some or all sensitive fields with blank characters. For example, we might replace all but the last four digits of a credit card number with X's or *'s to render the card number unreadable.


If someone has a list of possible values for a field, they can conduct something called a rainbow table attack. In this attack, the attacker computes the hashes of those candidate values and then checks to see if those hashes exist in our data file.