Lesson 1
Security Fundamentals
Basic ideas used to protect systems, devices, networks, and information.
Domain
Security Concepts and Practices
Concepts
17 concepts
Concept 1
Core Concept
Security Fundamentals
Basic ideas used to protect systems, devices, networks, and information.
Concept 2
CIA Triad
Confidentiality
Keeping information private so only authorized people can see it.
Concept 3
CIA Triad
Integrity
Keeping information correct, accurate, and unchanged unless authorized.
Concept 4
CIA Triad
Availability
Making sure systems and information are accessible when needed.
Concept 5
CIA Triad
CIA Triad Applications
Applying confidentiality, integrity, and availability to real systems.
Concept 6
Governance
Due Care
Taking reasonable steps to protect systems and information.
Concept 7
Governance
Due Diligence
Investigating and checking risks before making decisions.
Concept 8
Governance
Difference Between Due Care and Due Diligence
Separating security action from risk investigation and research.
Concept 9
Governance
Security Governance
How an organization manages and controls cybersecurity.
Concept 10
Governance
Security Objectives
The goals an organization wants to achieve through security.
Concept 11
Frameworks
Security Frameworks
Organized sets of security best practices and guidelines.
Concept 12
Architecture
Security Architecture Concepts
Designing systems securely from the beginning.
Concept 13
Architecture
Defense in Depth
Using multiple layers of security instead of relying on one control.
Concept 14
Access Control
Least Privilege
Giving users only the minimum access needed to do their job.
Concept 15
Access Control
Need to Know
Limiting information access to what a user needs for specific tasks.
Concept 16
Access Control
Separation of Duties
Splitting important tasks between different people to reduce risk.
Concept 17
Access Control
Job Rotation
Regularly switching responsibilities to reveal issues and reduce dependency.