Glenn Norman – Page 2 of 89 – IT Systems, Networks, Security and Education

May 27, 2020June 12, 2020

Security+ Domain 5.0: Risk Management: Chapter 23

This is post 23 of 31 in the series “[ Security+ Certification ]” Chapter 23: Incident Response, Disaster Recovery and Continuity of Operations (Business Continuity) Incident Response Plan Documented incident types Roles and responsibilities Reporting Escalation Cyber-incident response teams Incident Response Process Preparation Identification Containment Eradication Recovery Lessons Learned (Postmortem) Disaster Recovery (when the meteor …

Continue reading “Security+ Domain 5.0: Risk Management: Chapter 23”

May 27, 2020May 29, 2020

Security+ : Sample Questions

This is post 22 of 31 in the series “[ Security+ Certification ]” Sample Questions Q: What exactly is a PKI certificate? A) PKI has nothing to do with certificates B) Certificates provide identifying credentials only C) Certificates identify a certificate authority D) Certificates provide a copy of a remote system’s private key E) Certificates …

Continue reading “Security+ : Sample Questions”

May 27, 2020June 9, 2020

Security+ Domain 5.0: Risk Management: Chapter 22

This is post 21 of 31 in the series “[ Security+ Certification ]” Chapter 22: Risk Management and Business Impact Analysis Business Impact Analysis RTO / RPO MTBF MTTR Mission-critical functions Identification of critical systems Single point of failure Impacts on Life Property Safety Finance Reputation Privacy Impact Assessment Privacy Threshold Assessment Risk Management Concepts …

Continue reading “Security+ Domain 5.0: Risk Management: Chapter 22”

May 27, 2020June 9, 2020

Security+ Domain 5.0: Risk Management: Chapter 21

This is post 20 of 31 in the series “[ Security+ Certification ]” Chapter 21: Policies, Plans and Procedures SOP Agreements BPA SLA ISA MOU / MOA NDA Personnel Management Mandatory vacation Job rotation Separation of duties Clean desk Background checks Exit interviews Role-based awareness training Data owner System admin System owner User Privileged user …

Continue reading “Security+ Domain 5.0: Risk Management: Chapter 21”

May 27, 2020June 10, 2020

Security+ Domain 4.0: Identity and Access Management: Chapter 20

This is post 19 of 31 in the series “[ Security+ Certification ]” Chapter 20: Identity and Access Management Controls Access Control Models MAC DAC ABAC RBAC RB-RBAC Access Control Access control comprises mechanisms for limiting access to information or resources, based on user identity membership in groups Routers and operating systems store this information …

Continue reading “Security+ Domain 4.0: Identity and Access Management: Chapter 20”

May 27, 2020June 9, 2020

Security+ Domain 4.0: Identity and Access Management: Chapter 19

This is post 18 of 31 in the series “[ Security+ Certification ]” Chapter 19: Identity and Access Services Windows Authentication LM NTLM NTLMv2 Kerberos LDAP (X.500) X.500 is the formal name for Directory Access Protocol, or DAP. This was developed my the DoD and shared with the open-source community via a Freedom of Information …

Continue reading “Security+ Domain 4.0: Identity and Access Management: Chapter 19”

May 27, 2020June 9, 2020

Security+ Domain 4.0: Identity and Access Management: Chapter 18

This is post 17 of 31 in the series “[ Security+ Certification ]” Chapter 18: Identity, Access and Accounts Authentication, Access Control & Auditing Know For The Security+ Test: The three “pillars” or “foundations” of information security are Authentication, Access Control and Auditing. (The mnemonic “AAA” may help you remember.) Authentication Something You Know – …

Continue reading “Security+ Domain 4.0: Identity and Access Management: Chapter 18”

May 27, 2020June 8, 2020

Security+ Domain 3.0: Architecture and Design: Chapter 17: Physical Security

This is post 16 of 31 in the series “[ Security+ Certification ]” Chapter 17: Physical Security Controls Lighting Fences / Gates / Cages Security Guards Alarms Safes Secure Cabinets / Enclosures Protected Distribution / Protected Cabling Airgaps Mantraps Faraday Cages Locks Biometrics Barricades / Bollards Tokens / Cards Environmental Controls HVAC Hot and Cold …

Continue reading “Security+ Domain 3.0: Architecture and Design: Chapter 17: Physical Security”

May 27, 2020June 8, 2020

Security+ Domain 3.0: Architecture and Design: Chapter 16: Resiliency and Automation

This is post 15 of 31 in the series “[ Security+ Certification ]” Chapter 16: Resiliency and Automation Strategies Automation and Scripting Automated Courses of Action (eg. patching) Continuous Monitoring Configuration Validation Templates for IaaS Master Image Non-persistence Snapshots Revert to Known State Rollback to Known Configuration Elasticity Scalability Distributive Allocation (affinity, etc.) Redundancy Fault …

Continue reading “Security+ Domain 3.0: Architecture and Design: Chapter 16: Resiliency and Automation”

May 27, 2020June 8, 2020

Security+ Domain 3.0: Architecture and Design: Chapter 15: Cloud and Virtualization

This is post 14 of 31 in the series “[ Security+ Certification ]” Chapter 15: Cloud and Virtualization Hypervisors Type 1 vs Type 2 VMware, Xen, KVM, ESXi, Hyper-V VirtualBox, VMware Player Avoiding VM Sprawl VM Escape Protection Cloud Models SaaS, PaaS, Iaas (etc) Public, Private, Community, Hybrid VDI / VDE Cloud Access Security Brokers …

Continue reading “Security+ Domain 3.0: Architecture and Design: Chapter 15: Cloud and Virtualization”