Explore Domain 1 of the CompTIA Security+ (SY0-701) exam in detail via this summary! This domain focuses on the fundamental security concepts that are necessary for safeguarding IT systems. It looks at a number of security precautions and highlights how crucial they are to maintaining a secure environment. It also emphasizes how important it is to use cryptographic solutions for change management and data security protocols.
Similar to what you observe? Use InfosecTrain to continue learning!
Educate. Excel. Empower.
2. Security Controls
Categories
Security Control
Functional Types
Preventive: Stop
incidents from happening;
e.g., firewalls, antivirus software
Corrective: Resolve incidents
after they occur; e.g., patches,
backups
Detective: Identify and alert
on incidents; e.g., intrusion
detection systems, log monitors
Administrative: Policies and
procedures; e.g., security
training, ackground checks
Physical: Physical barriers;
e.g., locks, security guards
Technical: Technology-based
controls; e.g., encryption,
authentication mechanisms
DOMAIN 1: GENERAL SECURITY CONCEPTS (12%)
DOMAIN
1
1.1 COMPARE AND CONTRAST VARIOUS TYPES OF SECURITY CONTROLS
www.infosectrain.com
#
l
e
a
r
n
t
o
r
i
s
e
3. www.infosectrain.com
#
l
e
a
r
n
t
o
r
i
s
e
DOMAIN 1: GENERAL SECURITY CONCEPTS (12%)
DOMAIN
1
1.2 SUMMARIZE FUNDAMENTAL SECURITY CONCEPTS
Core Principles
Key Concepts
Confidentiality: Ensuring
information is not disclosed to
unauthorized individuals;
e.g., encryption
Availability (CIA): Ensuring
information is accessible when
needed; e.g., redundancy
Integrity: Ensuring information
is not altered by unauthorized
individuals; e.g., hashing
Authentication, Authorization,
Accounting (AAA): Identifying users,
granting access, and tracking
actions; e.g., login systems
Non-repudiation: Preventing
denial of action; e.g., digital
signatures
Zero Trust Model: Assuming all
network traffic is untrusted;
e.g., microsegmentation, least
privilege access control
Physical Security: Protecting
physical assets; e.g., surveillance
cameras
Gap Analysis: Identifying differences
between current and desired
security postures; e.g., security
assessments, vulnerability scanning
4. Managing Business Process Changes:
Maintaining security; e.g., implementing
new software
Change
Management
in Security
Technical Implications: Understanding how
changes affect security; e.g., system upgrades,
patching
Integration of Security Measures: Ensuring new
changes adhere to security policies;
e.g., security reviews
Documentation: Keeping records of changes;
e.g., change logs
www.infosectrain.com
#
l
e
a
r
n
t
o
r
i
s
e
DOMAIN 1: GENERAL SECURITY CONCEPTS (12%)
DOMAIN
1
1.3 EXPLAIN THE IMPORTANCE OF CHANGE MANAGEMENT
PROCESSES AND THE IMPACT TO SECURITY
5. www.infosectrain.com
#
l
e
a
r
n
t
o
r
i
s
e
DOMAIN 1: GENERAL SECURITY CONCEPTS (12%)
1.4 EXPLAIN THE IMPORTANCE OF USING APPROPRIATE
CRYPTOGRAPHIC SOLUTIONS
DOMAIN
1
Encryption and Obfuscation: Protecting data
confidentiality; e.g., AES encryption, VPNs
Public Key Infrastructure (PKI): Framework
for encryption and digital signatures; e.g.,
SSL certificates
Hashing and Salting: Protecting stored
passwords; e.g., password storage
Blockchain and Open Public Ledgers:
Ensuring data integrity in distributed
systems; e.g., Bitcoin
Certificates: Validating identities;
e.g., HTTPS websites
Digital Signatures: Ensuring data integrity
and on-repudiation; e.g., email signing
Key Stretching: Enhancing password
security; e.g., PBKDF2, bcrypt
Cryptographic
Solutions for
Security
6. To Get More Insights Through Our FREE
FOUND THIS USEFUL?
Courses | Workshops | eBooks | Checklists | Mock Tests
LIKE FOLLOW
SHARE