Chapter 8. Security Policies and Procedures

THE FOLLOWING COMPTIA SECURITY+ EXAM OBJECTIVES ARE COVERED IN THIS CHAPTER:

• 3.2 Explain common access control models and the differences between each.

  • MAC

  • DAC

  • Role and Rule based access control

• 3.6 Summarize the various authentication models and identify the components of each.

  • One, two, and three-factor authentication

  • Single sign-on

• 4.6 Execute proper logging procedures and evaluate the results.

  • Security application

  • DNS

  • Firewall

  • Antivirus

• 4.7 Conduct periodic audits of system security settings.

  • User access and rights review

  • Storage and retention policies

• 6.1 Explain redundancy planning and its components.

  • Hot site

  • Cold site

  • Warm Site

  • Backup generator

  • Single point of failure

  • RAID

  • Spare parts

  • Redundant servers

  • Redundant ISP

  • UPS

  • Redundant connections

• 6.2 Implement disaster recovery procedures.

  • Planning

  • Disaster recovery exercises

  • Backup techniques and practices—storage

  • Schemes

  • Restoration

• 6.4 Identify and explain applicable legislation and organizational policies.

  • Secure disposal of computers

  • Acceptable use policies

  • Password complexity

  • Change management

  • Classification of information

  • Mandatory vacations

  • Personally Identifiable Information (PII)

  • Due care

  • Due diligence

  • Due process

  • SLA

  • Security-related HR policy

  • User education and awareness training