New Topics on Security SY0-301 from Domains 2.0-6.0
The CompTIA Security+ 2011 (SY0-301) exam has been significantly updated; the revamped exam focuses more on risk, operational security, and mobile device security. It also clearly emphasizes security in three main areas: application, data, and host. In preparing for SY0-301, it would be good to pay special attention to the new topics and issues added for this latest revision.
In early summer of 2011, the latest version SY0-301 was released. This revamped exam focuses more on risk, operational security, and mobile device security. It also clearly emphasizes security in three main areas: application, data, and host. In your efforts to prepare for SY0-301, it would be a good idea to pay special attention to the new topics and issues added for this latest revision.
This paper focuses on some of the new topics, terms, and issues added to the SY0-301 Security+ 2011 exam in domains 2.0 - 6.0. These domains include:
2.0 Compliance and Operational Security
3.0 Threats and Vulnerabilities
4.0 Application, Data and Host Security
5.0 Access Control and Identity Management
For the discussion of the new topics in Domain 1.0, please review the white paper Ten New Topics on Security+ 2011 (SY0-301) from Domain 1.0. (http://www.globalknowledge.com/training/whitepaperdetail.asp?pageid=50 2&wpid=907&country=United+States)
Note: The number in parenthesis after each topic is the official objective sub-domain reference as defined by CompTIA for SY0-301. Please see the official objectives list in the Appendix or visit www.comptia.org for a complete accounting of the objectives.)
Domain 2.0 - Compliance and Operational Security
1. Annualized Loss Expectancy (2.1)
Annualized Loss Expectancy (ALE) is one of the many calculated values crafted as part of a risk assessment process. ALEs have long been a staple concept for those pursuing CISSP, but its new addition in the Security+ content reveals a new focus on risk management rather than just a cursory nod. The ALE is calculated using three values: asset value (AV), exposure factor (EF), and annualized rate of occurrence (ARO). The AV is an assigned dollar number representing the importance or value of an asset to an organization. The EF is the percentage of loss that may be experienced if a specific threat is realized. ARO is a prediction of how many times in the next year is the threat possible to be realized. AV x EF x ARO = ALE. Once an ALE has been calculated for each pairing of asset and threat, the largest ALE points to the most significant risk to the organization and should be addressed in priority in the security response.
2. Quantitative vs. Qualitative (2.1)
Risk assessment is performed using a hybrid approach, a combination of a quantitative and a qualitative assessment of risk. A quantitative approach uses mathematical calculations to prioritize security response. A qualitative approach processes the subjective perspectives of various personnel on the state or status of security and risk. It is important to use a hybrid approach for risk assessment because performing only quantitative or qualitative assessments will produce a skewed view of the true state of risk.
3. Risks associated to Cloud Computing and Virtualization (2.1)
Virtualization was a topic in the previous exam, but cloud computing is a new addition. This objective focuses on the risks related to these technologies. Virtualization is the concept of hosting multiple operating systems (and/ or their various applications) on a single set of computer hardware. Cloud computing expands on this by taking advantage of Internet (public) or private online services, which can include software, platform, or infrastructure as a service. The risks associated with cloud computing and virtualization include
reduced control due to data being located outside the physical premise
difficulty of maintaining regulation compliance
lack of security training and implementation at the cloud service organization
potential geographic storage location issue (within your country or spread across multiple countries)
legal implications in the event of disclosure or breach in terms of jurisdiction
method/type of encryption and who possesses the encryption keys
in the event of a search warrant, can the cloud service organization turn over your data in plaintext
speed of recovery/restoration
4. Basic forensic procedures (2.3)
Basic forensic procedures were included in the previous list of exam objectives, but the new objectives list nine new specific sub-objectives: order of volatility, capture system image, network traffic and logs, capture video, record time offset, take hashes, screenshots, witnesses, and track man hours and expense. Each of these new sub-objects is fairly straightforward and self-explanatory, especially if you have a basic understanding of computer forensics (i.e., digital evidence collection and processing). For the exam, focus on understanding each of these topics on a more in-depth level since they were named specifically on the new objectives list.