From Wikibooks, open books for an open world
This page may need to be
reviewed for quality.
1.1 Compare and contrast various types of security controls
[edit | edit source]
|
|
- Control types
- Preventive
- Deterrent
- Detective
- Corrective
- Compensating
- Directive
|
1.3 Explain the importance of change management processes and the impact to security.
[edit | edit source]
- Business processes impacting security operation
- Approval process
- Ownership
- Stakeholders
- Impact analysis
- Test results
- Backout plan
- Maintenance window
- Standard operating procedure
|
- Technical implications
- Allow lists/deny lists
- Restricted activities
- Downtime
- Service restart
- Application restart
- Legacy applications
- Dependencies
- Documentation
- Updating diagrams
- Updating policies/procedures
- Version control
|
1.4 Explain the importance of using appropriate cryptographic solutions.
[edit | edit source]
- Public key infrastructure (PKI)
- Public key
- Private key
- Key escrow
- Encryption
- Level
- Full-disk
- Partition
- File
- Volume
- Database
- Record
- Transport/communication
- Asymmetric
- Symmetric
- Key exchange
- Algorithms
- Key length
|
- Tools
- Trusted Platform Module (TPM)
- Hardware security module (HSM)
- Key management system
- Secure enclave
- Obfuscation
- Steganography
- Tokenization
- Data masking
- Hashing
- Salting
- Digital signatures
- Key stretching
- Blockchain
- Open public ledger
- Certificates
- Certificate authorities
- Certificate revocation lists (CRLs)
- Online Certificate Status Protocol (OCSP)
- Self-signed
- Third-party
- Root of trust
- Certificate signing request (CSR) generation
- Wildcard
|
