- Security+ SY0-601 Certification
- Security+ SY0-601: Passing the Security+ Exam
- Security+ SY0-601: Definitions and Catchwords
- Security+ SY0-601: 1.0 Threats, Attacks, and Vulnerabilities
- Security+ SY0-601: 1.1 Social Engineering Techniques
- Security+ SY0-601: 1.2 Indicators of Attack
- Security+ SY0-601: 1.3 Application Attacks
- Security+ SY0-601: 1.4: Network Attack Indicators
- Security+ SY0-601: 1.5: Threat Actors, Vectors, and Intelligence Sources
- Security+ SY0-601: 1.6: Vulnerabilities
- Security+ SY0-601: 1.7: Security Assessment
- Security+ SY0-601: 1.8: Penetration Testing
- Security+ SY0-601: 2.0 Architecture and Design
- Security+ SY0-601: 2.1 Enterprise Security Architecture
- Security+ SY0-601: 2.2: Virtualization and Cloud Security
- Security+ SY0-601: 2.3: Secure Application Development, Deployment and Automation
- Security+ SY0-601: 2.4: Authentication and Authorization
- Security+ SY0-601: 2.5: Implementing Cybersecurity Resilience
- Security+ SY0-601: 2.6: Embedded and Specialized Systems
- Security+ SY0-601: 2.7: Physical Security Controls
- Security+ SY0-601: 2.8: Cryptography
- Security+ SY0-601: 3.0: Implementation
- Security+ SY0-601: 3.1 Secure Protocols
- Security+ SY0-601: 3.2: Host and Application Security
- Security+ SY0-601: 3.3: Secure Network Design
- Security+ SY0-601: 3.4: Wi-Fi Security
- Security+ SY0-601: 3.5: Secure Mobile Solutions
- Security+ SY0-601: 3.6: Cybersecurity Solutions in the Cloud
- Security+ SY0-601: 3.7: Identity and Account Management Controls
- Security+ SY0-601: 3.8: Implement Authentication and Authorization Solutions
- Security+ SY0-601: 3.9: Public Key Infrastructure
- Security+ SY0-601: 4.0: Operations and Incident Response
- Security+ SY0-601: 4.1: Tools to Assess Organizational Security
- Security+ SY0-601: 4.2: Policies, Processes, and Procedures for Incident Response
- Security+ SY0-601: 4.3: Appropriate Data Sources for Investigation
- Security+ SY0-601: 4.4: Mitigation Techniques
- Security+ SY0-601: 4.5: Digital Forensics
- Security+ SY0-601: 5.0: Governance, Risk, and Compliance
- Security+ SY0-601: 5.1: Types of Controls
- Security+ SY0-601: 5.2 Regulations, Standards, and Frameworks
- Security+ SY0-601: 5.3: Policies and Organizational Security
- Security+ SY0-601: 5.4: Risk Management Processes and Concepts
- Security+ SY0-601: 5.5: Privacy and Sensitive Data
- Security+: My Favorite Free Tools
- Security+ : Sample Questions
- Passing the CompTIA Exams
- Understanding CompTIA Objectives Using Bloom’s Taxonomy
Chapter 32: 5.2 Regulations, Standards, and Frameworks
Regulations, standards, and legislation
GDPR: General Data Protection Regulation – https://gdpr-info.eu/
National, territory, or state laws
Payment Card Industry Data Security Standard (PCI DSS)
Key frameworks
Center for Internet Security (CIS)
National Institute of Standards and Technology (NIST) Risk Management Framework (RMF)/ Cybersecurity Framework (CSF)
https://www.nist.gov/cyberframework
-
-
-
- Framework Core
- Implementation Tiers
- Framework Profiles
-
-
International Organization for Standardization (ISO) 27001/27002/27701/31000
SSAE SOC 2 Type I/II
Cloud security alliance
Cloud control matrix
Reference architecture
Benchmarks / Secure Configuration Guides
Platform / vendor-specific guides
Web server
OS
Application server
Network infrastructure devices
CIS
NVD
STIGs
Discussed in the 501 materials, but not the 601
Regulatory
NERC CIP – https://www.nerc.com/pa/Stand/Pages/CIPStandards.aspx
Non-regulatory
National vs International
FedRAMP – https://www.fedramp.gov/
US-EU Safe Harbor Framework (old) – https://www.ftc.gov/tips-advice/business-center/privacy-and-security/u.s.-eu-safe-harbor-framework
EU-US Privacy Shield Framework (new) – https://www.privacyshield.gov/EU-US-Framework
Industry-specific
HITRUST CSF – https://hitrustalliance.net/hitrust-csf/