Cargando…
CompTIA security+ exam SY0-501 /
"Get on the fast track to becoming CompTIA Security+ certified with this affordable, portable study tool. Inside, cybersecurity experts guide you on your career path, providing professional tips and sound advice along the way. With an intensive focus only on what you need to know to pass CompTI...
| Clasificación: | Libro Electrónico |
|---|---|
| Autor principal: | |
| Otros Autores: | |
| Formato: | Electrónico eBook |
| Idioma: | Inglés |
| Publicado: |
New York :
Mc Graw Hill Education,
[2018]
|
| Edición: | Fifth edition. |
| Colección: | Mike Meyers' certification passport.
|
| Temas: | |
| Acceso en línea: | Texto completo (Requiere registro previo con correo institucional) |
Tabla de Contenidos:
- Cover
- Title Page
- Copyright Page
- Dedication
- Contents at a Glance
- Contents
- Acknowledgments
- Check-In
- I Mission Assurance
- 1 Organizational Security and Compliance
- Objective 1.01 Explain Risk Management Processes and Concepts
- Risk Control Types
- Administrative
- Technical
- Physical
- Risk Assessment
- Asset Identification
- Risk Analysis
- Risk Likelihood and Impact
- Solutions and Countermeasures
- Risk Register
- Risk Management Options
- False Positives and Negatives
- Using Organizational Policies to Reduce Risk
- Security Policies
- Network Security Policies
- Human Resources Policies
- Objective 1.02 Implement Appropriate Risk Mitigation Strategies
- Change Management Policy
- Incident Management and Response Policy
- Perform Routine Audits
- Develop Standard Operating Procedures
- User Rights and Permissions Reviews
- Data Loss Prevention and Regulatory Compliance
- Objective 1.03 Integrate with Third Parties
- Interoperability Agreements
- Service Level Agreements
- Business Partnership Agreements
- Memorandums of Agreement/Understanding
- Interconnection Security Agreement
- Privacy Considerations
- Risk Awareness
- Unauthorized Data Sharing
- Data Ownerships
- Data Backup
- Verification of Adherence
- CHECKPOINT
- REVIEW QUESTIONS
- REVIEW ANSWERS
- 2 Security Training and Incident Response
- Objective 2.01 Explain the Importance of Security-Related Awareness and Training
- Effective Security Training and Awareness
- Onboarding
- Nondisclosure Agreements
- Awareness Training
- Continual Education
- Threat Awareness
- Recurring Training
- Security Metrics
- Data and Documentation Policies
- Standards and Guidelines
- Data Retention Policy
- Hardware Disposal and Data Destruction Policy
- IT Documentation
- Best Practices for User Habits
- Password Policy
- Clean Desk Policy
- Personally Owned Devices
- Workstation Locking and Access Tailgating
- Data Handling
- Instant Messaging
- P2P Applications
- Social Networking/Media
- Compliance with Laws, Regulations, Best Practices, and Standards
- Objective 2.02 Analyze and Differentiate Among Types of Social Engineering Attacks
- Phishing
- Whaling
- Shoulder Surfing
- Tailgating
- Pharming
- Spim
- Vishing
- Spam
- Hoaxes
- Objective 2.03 Execute Appropriate Incident Response Procedures
- Preparation
- Incident Identification
- First Responders
- Incident Containment
- Damage and Loss Control
- Data Breaches
- Escalation Policy
- Reporting and Notification
- Mitigation and Recovery Steps
- Lessons Learned
- Objective 2.04 Implement Basic Forensic Procedures
- Data Acquisition and Preservation
- Order of Volatility
- Capture a System Image
- Network and System Logs
- Time Offsets
- Use Hashing to Protect Evidence Integrity
- Take Screenshots
- Capture Video
- Chain of Custody