Introduction to Security+ 601
Video — 00:00:42
Mike and Dan introduce the CompTIA Security+ (SY0-601) learning path.
Video — 00:08:23
Managing risk involves identifying threat actors from script kiddies to state-sponsored attackers. Mitigating threats is achieved by identifying assets and putting security controls in place to mitigate risks.
Threats and vulnerabilities
Video — 00:07:04
The CIA security triad (confidentiality, integrity and availability) describes how solutions such as encryption, hashing, and data backups can address potential attack vectors that might be exploited by threat actors.
Video — 00:10:59
With the ever-changing IT threat landscape, how can you keep up with the latest security issues? Threat intelligence refers to the wide variety of open-source intelligence (OSINT) and proprietary IT security sources that use standards such as STIX and TAX
Risk management concepts
Video — 00:07:23
A risk management framework aids in identifying and managing risk and is sometimes required for compliance with data privacy regulations such as GDPR and HIPAA. Organization security policies are often influenced by data privacy regulations.
Video — 00:09:22
Various security standards such as PCI DSS and the Cloud Controls Matrix (CCM) define what types of security controls to put in place to mitigate risk both on-premises and in the cloud. The specific type of attack vector determines whether managerial, ope
Risk assessments and treatments
Video — 00:05:44
How can you determine whether assets are adequately protected from threats? One way is running periodic risk assessments to address the ever-changing threat landscape to define the likelihood and impact of security incidents.
Quantitative risk assessments
Video — 00:06:37
Is the cost of a security control justified? A quantitative risk assessment uses various calculations against an asset to determine the maximum yearly spend for protecting that asset.
Qualitative risk assessments
Video — 00:03:54
The same risk can have a different impact to various organizations. Qualitative risk assessments use subjective priority ratings for risks rather than dollar values.
Business Impact Analysis
Video — 00:09:17
In addition to deploying effective security controls to protect assets, what can be done to ensure business continuity in the event of a security incident? A business impact analysis involves proactive planning to help reduce downtime and data loss when n
Data types and roles
Video — 00:11:28
Protecting personally identifiable information, or PII, is crucial and required by security regulations such as GDPR, but of the vast amounts of data in an organization, how do you know which data is sensitive? The answer is through data roles and respons
Security and the information life cycle
Video — 00:09:03
Security must be applied to all phases of the information life cycle, from collection to its eventual archiving and deletion. This includes data security techniques such as tokenization and masking, while considering how laws apply to data based on its lo
Video — 00:06:04
Digital data resides on physical storage devices. Secure storage media disposal mechanisms, such as shredding, cryptographic erasure, degaussing, and disk wiping, must be put in place to ensure sensitive data cannot be retrieved by unauthorized users.
Personnel risk and policies
Video — 00:10:21
Hiring the right employees and contractors for the job always matters. Enacting internal security controls such as background checks, mandatory vacations, job rotation, and separation of duties goes a long way in ensuring the integrity of business process
Third-party risk management
Video — 00:08:29
Some business activities cannot be completed entirely within an organization and must be outsourced. Ensuring that proper security safeguards are in place throughout the hardware, software, and personnel supply chain results in a properly secured data, su
Video — 00:06:30
When organizations enter into business partnerships with third-party service providers, the agreements and contracts they both sign protect both organizations legally, as well as establish the terms of service. This episode covers the various types of bus
CompTIA Security+ SY0-601 Exam Objectives
Video — 00:03:06
Exam question review
Video — 00:01:40
Threats are executed by a variety of different threat actors, each type having a different motivation for executing attacks. This episode presents a scenario where correct type of threat actor must be selected.
Wiping disks with the dd command lab
Video — 00:05:38
When storage media has reached the end of its useful life, data must be wiped from it in a secure manner which can include using some built-in operating system tools. Linux administrators can use the dd command to wipe disk partitions by overwriting them
Ask me anything
Video — 00:02:12
The use of social media platforms has skyrocketed in recent years. Organizations must take the appropriate steps to ensure that sensitive data is not leaked through this mechanism.
Unlock 7 days of free training
- 1,400+ hands-on courses and labs
- Certification practice exams
- Skill assessments
You're in good company
We use Infosec Skills to provide continuous training to our technicians and to prepare them for various certifications. Infosec Skills allows us to create personalized training programs that focus on each of our technicians’ particular roles and see their progress as they take courses. We also, recommend it to clients to make their IT support teams better.
This has been utilized to bridge the skills gap across our cyber team and to aid them as they prepare for their various certifications. It also has provided a nice learning foundation for our various cyber team members to utilize as we continue to find ways for cross-utilization with operations while minimizing the downtime needed to ensure everyone’s knowledge is the same.
We use Infosec Skills to provide base level knowledge for employees. We also use the services to provide in depth learning for employees as they encounter new technologies. If an employee is is assigned to a new project, we can rely on Infosec Skills to provide a rapid concentrated learning environment. This rapid concentrated learning positions our employees for success.
Infosec Skills Teams client
Plans & pricing
Infosec Skills Personal
- 190+ role-guided learning paths (e.g., Ethical Hacking, Threat Hunting)
- 100s of hands-on labs in cloud-hosted cyber ranges
- Custom certification practice exams (e.g., CISSP, Security+)
- Skill assessments
- Infosec peer community support
Infosec Skills Teams
- Team administration and reporting
- Dedicated client success manager
Single sign-on (SSO)
Easily authenticate and manage your learners by connecting to any identity provider that supports the SAML 2.0 standard.
Integrations via API
Retrieve training performance and engagement metrics and integrate learner data into your existing LMS or HRS.
- 190+ role-guided learning paths and assessments (e.g., Incident Response)
- 100s of hands-on labs in cloud-hosted cyber ranges
- Create and assign custom learning paths
- Custom certification practice exams (e.g., CISSP, CISA)
- Optional upgrade: Guarantee team certification with live boot camps