Architecture and Design is a core component of a successfully managed Information Security environment. Not only is it a logical conclusion that Architecture and Design play an important role in Security+ preparation but rather a vital one. This article will examine Architecture and Design of an Information Security environment within the context of preparing for the CompTIA Security+ Certification Exam. Please note that this article will not suffice for an adequate review of the Architecture and Design portion of the Security+ exam. Rather, Security+ candidates should refer to InfoSec Institute’s comprehensive Security+ Training Course and/or Boot Camp for a proper refresher.
Outline of Security+ Architecture and Design Topics
Being that this article will focus on Architecture and Design from the point of view of the CompTIA Security+ exam, it would be helpful to define the universe of information that this portion of the exam covers. Below is a list of the subtopics covered on the Security+ exam:
- Use cases and purposes for frameworks, best practices, and secure configuration guides
- Implementation of secure network architecture concepts
- Implementation of secure systems design
- Importance of secure staging deployment concepts
- Security implications of embedded systems
- Secure application development and deployment concepts
- Cloud and visualization concepts
- Resiliency and automation to reduce risk
- Importance of physical security controls
Use Cases and Purpose for Frameworks, Best Practices, and Secure Configuration Guides
Candidates will want to divide this portion of Security+ into three subcategories – Industry-standard frameworks and reference architectures, Benchmarks/secure configuration guides, and Defense-in-depth/layered security.
Industry-standard frameworks and reference architectures will need to be able to be explained on the exam. Candidates will need to know the differences between regulatory and non-regulatory designations, national and international designations, as well as industry-specific frameworks.
Benchmarks/Secure Configuration Guides
Candidates will need to know the differences between the various Platform/vendor-specific (Read more...)
*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Greg Belding. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/6XFq2AdZ2HQ/