Chapter 8
Security Research and Analysis
THE FOLLOWING COMPTIA CASP+ EXAM OBJECTIVES ARE COVERED IN THIS CHAPTER:
- 1.2 Compare and contrast security, privacy policies, and procedures based on organizational requirements.
- Research security requirements for contracts.
- Request for proposal (RFP)
- Request for quote (RFQ)
- Request for information (RFI)
- Understand general privacy principles for sensitive information.
- Support the development of policies containing standard security practices.
- Separation of duties
- Job rotation
- Mandatory vacation
- Least privilege
- Incident response
- Forensic tasks
- Employment and termination procedures
- Continuous monitoring
- Training and awareness for users
- Auditing requirements and frequency
- Information classification
- Research security requirements for contracts.
- 1.4 Analyze risk metric scenarios to secure the enterprise.
- Review effectiveness of existing security controls.
- Gap analysis
- Lessons learned
- After-action reports
- Reverse engineer/deconstruct existing solutions.
- Creation, collection...
- Review effectiveness of existing security controls.