CompTIA Security+ Certification Exam Objectives

EXAM NUMBER: SY0-601

1.1Compare and contrast different types of social engineering techniques.
• Phishing • Whaling - Hybrid warfare
• Smishing • Prepending - Social media
• Vishing • Identity fraud • Principles (reasons for
• Spam • Invoice scams effectiveness)
• Spam over instant messaging • Credential harvesting - Authority
(SPIM) • Reconnaissance - Intimidation
• Spear phishing • Hoax - Consensus
• Dumpster diving • Impersonation - Scarcity
• Shoulder surfing • Watering hole attack - Familiarity
• Pharming • Typosquatting - Trust
• Tailgating • Pretexting - Urgency
• Eliciting information • Influence campaigns

1.2Given a scenario, analyze potential indicators to determine the type of attack.

• Malware - Backdoor • Adversarial artificial intelligence
- Ransomware • Password attacks (AI)
- Trojans - Spraying - Tainted training data for
- Worms - Dictionary machine learning (ML)
- Potentially unwanted programs - Brute force - Security of machine
(PUPs) - Offline learning algorithms
- Fileless virus - Online • Supply-chain attacks
- Command and control - Rainbow table • Cloud-based vs. on-premises
- Bots - Plaintext/unencrypted attacks
- Cryptomalware • Physical attacks • Cryptographic attacks
- Logic bombs - Malicious Universal - Birthday
- Spyware Serial Bus (USB) cable - Collision
- Keyloggers - Malicious flash drive - Downgrade
- Remote access Trojan (RAT) - Card cloning
- Rootkit - Skimming

1.3 Given a scenario, analyze potential indicators associated with application

attacks.

• Privilege escalation • Buffer overflows • Application programming

• Cross-site scripting • Race conditions interface (API) attacks
• Injections - Time of check/time of use • Resource exhaustion
- Structured query language (SQL) • Error handling • Memory leak
- Dynamic-link library (DLL) • Improper input handling • Secure Sockets Layer (SSL)
- Lightweight Directory • Replay attack stripping
Access Protocol (LDAP) - Session replays • Driver manipulation
- Extensible Markup Language • Integer overflow - Shimming
(XML) • Request forgeries - Refactoring
• Pointer/object dereference - Server-side • Pass the hash
• Directory traversal - Cross-site
1.4 Given a scenario, analyze potential indicators associated with network attacks.

• Wireless known as man-in-the-middle - Domain reputation

- Evil twin attack/ man-in-the-browser attack) • Distributed denial-of-service
- Rogue access point • Layer 2 attacks (DDoS)
- Bluesnarfing - Address Resolution - Network
- Bluejacking Protocol (ARP) poisoning - Application
- Disassociation - Media access control (MAC) - Operational technology (OT)
- Jamming flooding • Malicious code or script execution
- Radio frequency identification - MAC cloning - PowerShell
(RFID) • Domain name system (DNS) - Python
- Near-field communication (NFC) - Domain hijacking - Bash
- Initialization vector (IV) - DNS poisoning - Macros
• On-path attack (previously - Uniform Resource - Visual Basic for Applications (VBA)
Locator (URL) redirection

1.5 Explain different threat actors, vectors, and intelligence sources.

• Actors and threats • Vectors - Structured Threat Information

- Advanced persistent threat (APT) - Direct access eXpression (STIX)/Trusted
- Insider threats - Wireless Automated eXchange of
- State actors - Email Intelligence Information (TAXII)
- Hacktivists - Supply chain - Predictive analysis
- Script kiddies - Social media - Threat maps
- Criminal syndicates - Removable media - File/code repositories
- Hackers - Cloud • Research sources
- Authorized • Threat intelligence sources - Vendor websites
- Unauthorized - Open-source intelligence (OSINT) - Vulnerability feeds
- Semi-authorized - Closed/proprietary - Conferences
- Shadow IT - Vulnerability databases - Academic journals
- Competitors - Public/private information sharing - Request for comments (RFC)
• Attributes of actors centers - Local industry groups
- Internal/external - Dark web - Social media
- Level of sophistication/capability - Indicators of compromise - Threat feeds
- Resources/funding - Automated Indicator Sharing (AIS) - Adversary tactics, techniques,
- Intent/motivation and procedures (TTP)

1.6 Explain the security concerns associated with various types of vulnerabilities.
• Cloud-based vs. on-premises • Third-party risks - Applications
vulnerabilities - Vendor management • Legacy platforms
• Zero-day - System integration • Impacts
• Weak configurations - Lack of vendor support - Data loss
- Open permissions - Supply chain - Data breaches
- Unsecure root accounts - Outsourced code development - Data exfiltration
- Errors - Data storage - Identity theft
- Weak encryption • Improper or weak patch - Financial
- Unsecure protocols management - Reputation
- Default settings - Firmware - Availability loss
- Open ports and services - Operating system (OS)
1.7 Summarize the techniques used in security assessments.

• Threat hunting - Intrusive vs. non-intrusive - Review reports

- Intelligence fusion - Application - Packet capture
- Threat feeds - Web application - Data inputs
- Advisories and bulletins - Network - User behavior analysis
- Maneuver - Common Vulnerabilities and - Sentiment analysis
• Vulnerability scans Exposures (CVE)/Common - Security monitoring
- False positives Vulnerability Scoring System (CVSS) - Log aggregation
- False negatives - Configuration review - Log collectors
- Log reviews • Syslog/Security information and • Security orchestration,
- Credentialed vs. non-credentialed event management (SIEM) automation, and response (SOAR)

1.8 Explain the techniques used in penetration testing.

• Penetration testing - Cleanup - OSINT
- Known environment - Bug bounty • Exercise types
- Unknown environment - Pivoting - Red-team
- Partially known environment • Passive and active reconnaissance - Blue-team
- Rules of engagement - Drones - White-team
- Lateral movement - War flying - Purple-team
- Privilege escalation - War driving
- Persistence - Footprinting

2.1 Explain the importance of security concepts in an enterprise environment .

• Configuration management - In transit/motion • Site resiliency
- Diagrams - In processing - Hot site
- Baseline configuration - Tokenization - Cold site
- Standard naming conventions - Rights management - Warm site
- Internet protocol (IP) schema • Geographical considerations • Deception and disruption
• Data sovereignty • Response and recovery controls - Honeypots
• Data protection • Secure Sockets Layer - Honeyfiles
- Data loss prevention (DLP) (SSL)/Transport - Honeynets
- Masking Layer Security (TLS) inspection - Fake telemetry
- Encryption • Hashing - DNS sinkhole
- At rest • API considerations

2.2 Summarize virtualization and cloud computing concepts.

• Cloud models • Cloud service providers • Microservices/API

- Infrastructure as a service (IaaS) • Managed service provider (MSP)/ • Infrastructure as code
- Platform as a service (PaaS) managed security service - Software-defined networking
- Software as a service (SaaS) provider (MSSP) (SDN)
- Anything as a service (XaaS) • On-premises vs. off-premises - Software-defined visibility (SDV)
- Public • Fog computing • Serverless architecture
- Community • Edge computing • Services integration
- Private • Thin client • Resource policies
- Hybrid • Containers • Transit gateway
• Virtualization sprawl avoidance
- Virtual machine (VM) - VM escape protection

2.3 Summarize secure application development, deployment, and automation

concepts.
• Environment - Code reuse/dead code • Automation/scripting
- Development - Server-side vs. client-side - Automated courses of action
- Test execution and validation - Continuous monitoring
- Staging - Memory management - Continuous validation
- Production - Use of third-party libraries and - Continuous integration
- Quality assurance (QA) software development kits (SDKs) - Continuous delivery
• Provisioning and deprovisioning - Data exposure - Continuous deployment
• Integrity measurement • Open Web Application • Elasticity
• Secure coding techniques Security Project (OWASP) • Scalability
- Normalization • Software diversity • Version control
- Stored procedures - Compiler
- Obfuscation/camouflage - Binary

2.4 Summarize authentication and authorization design concepts.

• Authentication methods - Phone call • Multifactor authentication
- Directory services - Smart card authentication (MFA) factors and attributes
- Federation • Biometrics - Factors
- Attestation - Fingerprint - Something you know
- Technologies - Retina - Something you have
- Time-based onetime password - Iris - Something you are - Attributes
(TOTP) - Facial - Somewhere you are
- HMAC-based one-time - Voice - Something you can do
password (HOTP) - Vein - Something you exhibit
- Short message service (SMS) - Gait analysis - Someone you know
- Token key - Efficacy rates • Authentication, authorization,
- Static codes - False acceptance and accounting (AAA)
- Authentication applications - False rejection • Cloud vs. on-premises
- Push notifications - Crossover error rate requirements

2.5 Given a scenario, implement cybersecurity resilience.

• Redundancy • Replication - Image
- Geographic dispersal - Storage area network - Online vs. offline
- Disk - VM - Offsite storage
- Redundant array of • On-premises vs. cloud - Distance considerations
inexpensive disks (RAID) levels • Backup types • Non-persistence
- Multipath - Network - Full - Revert to known state
- Load balancers - Incremental - Last known-good configuration
- Network interface - Snapshot - Live boot media
card (NIC) teaming - Power - Differential • High availability
- Uninterruptible - Tape - Scalability
power supply (UPS) - Disk • Restoration order
- Generator - Copy • Diversity
- Dual supply - Network-attached storage (NAS) - Technologies
- Managed power - Storage area network - Vendors
distribution units (PDUs) - Cloud - Crypto
- Controls

2.6 Explain the security implications of embedded and specialized systems.

• Embedded systems - Wearables • Communication considerations
- Raspberry Pi - Facility automation - 5G
- Field-programmable gate array - Weak defaults - Narrow-band
(FPGA) • Specialized - Baseband radio
- Arduino - Medical systems - Subscriber identity module (SIM)
• Supervisory control and data - Vehicles cards
acquisition - Aircraft - Zigbee
(SCADA)/industrial control system - Smart meters • Constraints
(ICS) • Voice over IP (VoIP) - Power
- Facilities • Heating, ventilation, air - Compute
- Industrial conditioning (HVAC) - Network
- Manufacturing • Drones - Crypto
- Energy • Multifunction printer (MFP) - Inability to patch
- Logistics • Real-time operating system - Authentication
• Internet of Things (IoT) (RTOS) - Range
- Sensors • Surveillance systems - Cost
- Smart devices • System on chip (SoC) - Implied trust

2.7 Explain the importance of physical security controls.

• Bollards/barricades - Electronic • Air gap
• Access control vestibules - Physical • Screened subnet (previously
• Badges - Cable locks known as demilitarized zone)
• Alarms • USB data blocker • Protected cable distribution
• Signage • Lighting • Secure areas
• Cameras • Fencing - Air gap
- Motion recognition • Fire suppression - Vault
- Object detection • Sensors - Safe
• Closed-circuit television (CCTV) - Motion detection - Hot aisle
• Industrial camouflage - Noise detection - Cold aisle
• Personnel - Proximity reader • Secure data destruction
- Guards - Moisture detection - Burning
- Robot sentries - Cards - Shredding
- Reception - Temperature - Pulping
- Two-person integrity/control • Drones - Pulverizing
• Locks • Visitor logs - Degaussing
- Biometrics • Faraday cages - Third-party solutions

2.8 Summarize the basics of cryptographic concepts.

• Digital signatures - Computing - Stream
• Key length • Post-quantum - Block
• Key stretching • Ephemeral • Symmetric vs. asymmetric
• Salting • Modes of operation • Lightweight cryptography
• Hashing - Authenticated • Steganography
• Key exchange - Unauthenticated - Audio
• Elliptic-curve cryptography - Counter - Video
• Perfect forward secrecy • Blockchain - Image
• Quantum - Public ledgers • Homomorphic encryption
- Communications • Cipher suites • Common use cases
- Low power devices - Supporting non-repudiation - Predictability
- Low latency • Limitations - Reuse
- High resiliency - Speed - Entropy
- Supporting confidentiality - Size - Computational overheads
- Supporting integrity - Weak keys - Resource vs. security constraints
- Supporting obfuscation - Time
- Supporting authentication - Longevity

3.1 Given a scenario, implement secure protocols.

• Protocols - Simple Network Management - Voice and video
- Domain Name System Protocol, version 3 (SNMPv3) - Time synchronization
Security Extensions (DNSSEC) - Hypertext transfer protocol - Email and web
- SSH over SSL/TLS (HTTPS) - File transfer
- Secure/Multipurpose Internet - IPSec - Directory services
Mail Extensions (S/MIME) - Authentication header (AH)/ - Remote access
- Secure Real-time Transport Encapsulating Security - Domain name resolution
Protocol (SRTP) Payloads (ESP) - Routing and switching
- Lightweight Directory Access - Tunnel/transport - Network address allocation
Protocol Over SSL (LDAPS) - Post Office Protocol (POP)/ - Subscription services
- File Transfer Protocol, Secure Internet Message Access Protocol
(FTPS) (IMAP)
- SSH File Transfer Protocol (SFTP) • Use cases

3.2 Given a scenario, implement host or application security solutions.

• Endpoint protection - Boot attestation - Dynamic code analysis
- Antivirus • Database - Fuzzing
- Anti-malware - Tokenization • Hardening
- Endpoint detection - Salting - Open ports and services
and response (EDR) - Hashing - Registry
- DLP • Application security - Disk encryption
- Next-generation firewall (NGFW) - Input validations - OS
- Host-based intrusion prevention - Secure cookies - Patch management
system (HIPS) - Hypertext Transfer - Third-party updates
- Host-based intrusion detection Protocol (HTTP) headers - Auto-update
system (HIDS) - Code signing • Self-encrypting drive (SED)/
- Host-based firewall - Allow list full-disk encryption (FDE)
• Boot integrity - Block list/deny list - Opal
- Boot security/Unified Extensible - Secure coding practices • Hardware root of trust
Firmware Interface (UEFI) - Static code analysis • Trusted Platform Module (TPM)
- Measured boot - Manual code review • Sandboxing

3.3 Given a scenario, implement secure network designs.

• Load balancing known as demilitarized zone) - IPSec
- Active/active - East-west traffic - SSL/TLS
- Active/passive - Extranet - HTML5
- Scheduling - Intranet - Layer 2 tunneling protocol (L2TP)
- Virtual IP - Zero Trust • DNS
- Persistence • Virtual private network (VPN) • Network access control (NAC)
• Network segmentation - Always-on - Agent and agentless
- Virtual local area network (VLAN) - Split tunnel vs. full tunnel • Out-of-band management
- Screened subnet (previously - Remote access vs. site-to-site • Port security
- Broadcast storm prevention - Signature-based translation (NAT) gateway
- Bridge Protocol Data - Heuristic/behavior - Content/URL filter
Unit (BPDU) guard - Anomaly - Open-source vs. proprietary
- Loop prevention - Inline vs. passive - Hardware vs. software
- Dynamic Host Configuration - HSM - Appliance vs. host-based vs.
Protocol (DHCP) snooping - Sensors virtual
- Media access - Collectors • Access control list (ACL)
control (MAC) filtering - Aggregators • Route security
• Network appliances - Firewalls • Quality of service (QoS)
- Jump servers - Web application firewall (WAF) • Implications of IPv6
- Proxy servers  - NGFW • Port spanning/port mirroring
- Forward - Stateful - Port taps
- Reverse - Stateless • Monitoring services
- Network-based intrusion - Unified threat management • File integrity monitors
detection system (NIDS)/network- (UTM)
based intrusion prevention system - Network address
(NIPS)

3.4 Given a scenario, install and configure wireless security settings.

• Cryptographic protocols Authentication Protocol (PEAP) - Captive portals
- WiFi Protected Access 2 (WPA2) - EAP-FAST • Installation considerations
- WiFi Protected Access 3 (WPA3) - EAP-TLS - Site surveys
- Counter-mode/CBC-MAC - EAP-TTLS - Heat maps
Protocol (CCMP) - IEEE 802.1X - WiFi analyzers
- Simultaneous Authentication - Remote Authentication Dial-in - Channel overlaps
of Equals (SAE) User Service (RADIUS) Federation - Wireless access point
• Authentication protocols • Methods (WAP) placement
- Extensible Authentication - Pre-shared key (PSK) vs. - Controller and access point
Protocol (EAP) Enterprise vs. Open security
- Protected Extensible - WiFi Protected Setup (WPS)

3.5 Given a scenario, implement secure mobile solutions.

• Connection methods and - Push notifications - Carrier unlocking
receivers - Passwords and PINs - Firmware over-the-air (OTA)
- Cellular - Biometrics updates
- WiFi - Context-aware authentication - Camera use
- Bluetooth - Containerization - SMS/Multimedia Messaging
- NFC - Storage segmentation Service
- Infrared - Full device encryption (MMS)/Rich Communication
- USB • Mobile devices Services (RCS)
- Point-to-point - MicroSD hardware - External media
- Point-to-multipoint security module (HSM) - USB On-The-Go (USB OTG)
- Global Positioning System (GPS) - MDM/Unified Endpoint - Recording microphone
- RFID Management (UEM) - GPS tagging
• Mobile device management - Mobile application - WiFi direct/ad hoc
(MDM) management (MAM) - Tethering
- Application management - SEAndroid - Hotspot
- Content management • Enforcement and monitoring of: - Payment methods
- Remote wipe - Third-party application stores • Deployment models
- Geofencing - Rooting/jailbreaking - Bring your own device (BYOD)
- Geolocation - Sideloading - Corporate-owned
- Screen locks - Custom firmware personally enabled (COPE)
- Choose your own device (CYOD) - Virtual desktop infrastructure
- Corporate-owned (VDI)

3.6 Given a scenario, apply cybersecurity solutions to the cloud.

• Cloud security controls - Segmentation - Next-generation secure
- High availability across zones - API inspection and integration - web gateway (SWG)
- Resource policies Compute - Firewall considerations
- Secrets management - Security groups in a cloud environment
- Integration and auditing - Dynamic resource allocation - Cost
- Storage - Instance awareness - Need for segmentation
- Permissions - Virtual private - Open Systems
- Encryption cloud (VPC) endpoint - Container Interconnection (OSI) layers
- Replication security • Cloud native controls vs.
- High availability - Network • Solutions third-party solutions
- Virtual networks - CASB
- Public and private subnets - Application security

3.7 Given a scenario, implement identity and account management controls.

• Identity accounts/credentials - Geolocation
- Identity provider (IdP) - Guest accounts - Time-based logins
- Attributes - Service accounts - Access policies
- Certificates • Account policies - Account permissions
- Tokens - Password complexity - Account audits
- SSH keys - Password history - Impossible travel time/risky login
- Smart cards - Password reuse - Lockout
• Account types - Network location - Disablement
- User account - Geofencing
- Shared and generic - Geotagging

3.8 Given a scenario, implement authentication and authorization solutions.

• Authentication management - 802.1X - Attribute-based access control
- Password keys - RADIUS (ABAC)
- Password vaults - Single sign-on (SSO) - Role-based access control
- TPM - Security Assertion Markup - Rule-based access control
- HSM Language (SAML) - MAC
- Knowledge-based authentication - Terminal Access Controller - Discretionary access control (DAC)
• Authentication/authorization Access Control System Plus - Conditional access
- EAP (TACACS+) - Privileged access management
- Challenge-Handshake - OAuth - Filesystem permissions
Authentication Protocol (CHAP) - OpenID
- Password Authentication - Kerberos
Protocol (PAP) • Access control schemes

3.9 Given a scenario, implement public key infrastructure.

• Public key infrastructure (PKI) - Key management - Certificate authority (CA)
- Intermediate CA - Subject alternative name - Personal information exchange
- Registration authority (RA) - Code signing (PFX)
- Certificate revocation list (CRL) - Self-signed - .cer
- Certificate attributes - Machine/computer - P12
- Online Certificate Status - Email - P7B
Protocol (OCSP) - User • Concepts
- Certificate signing request (CSR) - Root - Online vs. offline CA
- CN - Domain validation - Stapling
- Subject alternative name - Extended validation - Pinning
- Expiration • Certificate formats - Trust model
• Types of certificates - Distinguished encoding rules (DER) - Key escrow
- Wildcard - Privacy enhanced mail (PEM) - Certificate chaining

4.1 Given a scenario, use the appropriate tool to assess organizational security.
• Network reconnaissance and - sn1per - Python
discovery - scanless - OpenSSL
- tracert/traceroute - dnsenum • Packet capture and replay
- nslookup/dig - Nessus - Tcpreplay
- ipconfig/ifconfig - Cuckoo - Tcpdump
- nmap • File manipulation - Wireshark
- ping/pathping - head • Forensics
- hping - tail - dd
- netstat - cat - Memdump
- netcat - grep - WinHex
- IP scanners - chmod - FTK imager
- arp - logger - Autopsy
- route • Shell and script environments • Exploitation frameworks
- curl - SSH • Password crackers
- theHarvester - PowerShell • Data sanitization

4.2 Summarize the importance of policies, processes, and procedures for incident
response.
• Incident response plans - Tabletop • Communication plan
• Incident response process - Walkthroughs • Disaster recovery plan
- Preparation - Simulations • Business continuity plan
- Identification • Attack frameworks • Continuity of operations planning
- Containment - MITRE ATT&CK (COOP)
- Eradication - The Diamond Model of • Incident response team
- Recovery Intrusion Analysis • Retention policies
- Lessons learned - Cyber Kill Chain
• Exercises • Stakeholder management

4.3 Given an incident, utilize appropriate data sources to support an investigation.

• Vulnerability scan output - Application • journalctl
• SIEM dashboards - Security • NXLog
- Sensor - Web • Bandwidth monitors
- Sensitivity - DNS • Metadata
- Trends - Authentication - Email
- Alerts - Dump files - Mobile
- Correlation - VoIP and call managers - Web
• Log files - Session Initiation Protocol (SIP) - File
- Network traffic • Netflow/sFlow
- System • syslog/rsyslog/syslog-ng - Netflow
- sFlow - IPFIX • Protocol analyzer output

4.4 Given an incident, apply mitigation techniques or controls to secure an

environment.
• Reconfigure endpoint security - Firewall rules • Containment
solutions - MDM • Segmentation
- Application approved list - DLP • SOAR
- Application blocklist/deny list - Content filter/URL filter - Runbooks
- Quarantine - Update or revoke certificates - Playbooks
• Configuration changes • Isolation

4.5 Explain the key aspects of digital forensics.

• Documentation/evidence - Order of volatility - Regulatory/jurisdiction
- Legal hold - Disk - Data breach notification laws
- Video - Random-access memory (RAM) • Integrity
- Admissibility - Swap/pagefile - Hashing
- Chain of custody - OS - Checksums
- Timelines of sequence of events - Device - Provenance
- Time stamps - Firmware • Preservation
- Time offset - Snapshot • E-discovery
- Tags - Cache • Data recovery
- Reports - Network • Non-repudiation
- Event logs - Artifacts • Strategic intelligence/
- Interviews • On-premises vs. cloud Counterintelligence
• Acquisition - Right-to-audit clauses

5.1 Compare and contrast various types of controls.

• Category - Technical - Deterrent
- Managerial • Control type - Preventive - - Compensating
- Operational Detective - Corrective - Physical

5.2 Explain the importance of applicable regulations, standards, or frameworks

that impact organizational security posture.
• Regulations, standards, and - National Institute of Standards - Cloud control matrix
legislation and Technology (NIST) Risk - Reference architecture
- General Data Protection Management Framework (RMF)/ • Benchmarks /secure
Regulation (GDPR) Cybersecurity Framework (CSF) configuration guides
- National, territory, or state laws - International Organization - Platform/vendor-specific guides
- Payment Card Industry Data for Standardization (ISO) - Web server
Security Standard (PCI DSS) 27001/27002/27701/31000 - OS
• Key frameworks - SSAE SOC 2 Type I/II - Application server
- Center for Internet Security (CIS) - Cloud security alliance - Network infrastructure devices

5.3 Explain the importance of policies to organizational security.

• Personnel - Separation of duties - Non-disclosure agreement (NDA)

- Acceptable use policy - Least privilege - Social media analysis
- Job rotation - Clean desk space - Onboarding
- Mandatory vacation - Background checks - Offboarding
- User training - Service level agreement (SLA) - Governance
- Gamification - Memorandum of - Retention
- Capture the flag understanding (MOU) • Credential policies
- Phishing campaigns - Measurement systems analysis - Personnel
- Phishing simulations (MSA) - Third-party
- Computer-based training (CBT) - Business partnership agreement - Devices
- Role-based training (BPA) - Service accounts
• Diversity of training techniques - End of life (EOL) - Administrator/root accounts
• Third-party risk management - End of service life (EOSL) • Organizational policies
- Vendors - NDA - Change management
- Supply chain • Data - Change control
- Business partners - Classification - Asset management

5.4 Summarize risk management processes and concepts.

• Risk types - Risk awareness - Environmental
- External - Inherent risk - Person-made
- Internal - Residual risk - Internal vs. external
- Legacy systems - Control risk • Business impact analysis
- Multiparty - Risk appetite - Recovery time objective (RTO)
- IP theft - Regulations that affect risk - Recovery point objective (RPO)
- Software compliance/licensing posture - Mean time to repair (MTTR)
• Risk management strategies - Risk assessment types - Mean time between failures
- Acceptance - Qualitative (MTBF)
- Avoidance - Quantitative - Functional recovery plans
- Transference - Likelihood of occurrence - Single point of failure
- Cybersecurity insurance - - Impact - Disaster recovery plan (DRP)
Mitigation - Asset value - Mission essential functions
• Risk analysis - Single-loss expectancy (SLE) - Identification of critical systems
- Risk register - Annualized loss expectancy (ALE) - Site risk assessment
- Risk matrix/heat map - Annualized rate of occurrence
- Risk control assessment (ARO)
- Risk control self-assessment • Disasters

5.5 Explain privacy and sensitive data concepts in relation to security.

• Organizational consequences - Sensitive - Anonymization
of privacy and data breaches - Confidential - Pseudo-anonymization
- Reputation damage - Critical • Roles and responsibilities
- Identity theft - Proprietary - Data owners
- Fines - Personally identifiable - Data controller
- IP theft information (PII) - Data processor
• Notifications of breaches - Health information - Data custodian/steward
- Escalation - Financial information - Data protection officer (DPO)
- Public notifications and - Government data • Information life cycle
disclosures - Customer data • Impact assessment
• Data types • Privacy enhancing technologies • Terms of agreement
- Classifications - Data minimization • Privacy notice
- Public - Data masking
- Private - Tokenization