Chapter Two. Domain 2.0: Compliance and Operational Security

The traditional “C-I-A Triad” of security directives includes maintaining the Confidentiality, Integrity, and Availability of data and services. Threats to these three principles are constantly present and evolving. Defensive measures must be put into place to mitigate risk within the enterprise. Domain 2 of the Security+ exam requires that you are familiar with risk, mitigation strategies, incident response, and environmental security controls, as well as the requirements for business continuity/continuity of operations and disaster recovery planning, and securing the devices on the network. Be sure to give yourself plenty of time to review all these concepts. The following list identifies the key areas from Domain 2.0 (which counts as 18% of the exam) that you need to master:

• Explain risk-related concepts

• Carry out appropriate risk mitigation strategies

• Execute appropriate incident response procedures

• Explain the importance of security related awareness and training

• Compare and contrast aspects of business continuity

• Explain the impact and proper use of environmental controls

• Execute disaster recovery plans and procedures

• Exemplify the concepts of confidentiality, integrity, and availability