CompTIA Security+ Certification Guide – Introduction – All societies work with a host of networked devices, from servers to smartphones, IoT (Internet of Things.) devices, computers, etc… that provide the backbone for much of modern technological life.
People like you and I, and companies use these devices to produce and sell products and services, communicate around the globe, educate at every level, and manage or influence the mechanisms of governments everywhere.
Networked devices and the complex networks that inter -connect them offer advances for humanity.
Beyond, the Agricultural and Industrial Revolutions, and Artificial Intelligence.
That’s the good news.
The bad news is the fact that reliance on these devices creates a security risk to the resources placed on them, and the societies that rely on them.
Networks can lose critical data and connections. This equates to loss of energy, confidence, time, functionality, and money.
To paraphrase the words from the American statesman, James Madison:
“If humans were angels, there’d be no need for security professionals. But humans are at best negligent and at worst petty, vindictive, and astoundingly creative in pursuit of your money and secrets.”
Networked devices and the networks that connect them need security professionals to stand guard. The need for security professionals in Information Technology (IT) far outstrips demand.
Your in the right place. Keep going. :-)
This introduction starts with an overview of the goals of security, to put a framework around everything you’re going to learn. Second, we’ll discuss the CompTIA Security+ certification and look at exam details.
Providing a roadmap for studying for the exam, for free.
Goals of Security – CompTIA Security+ Certification Guide – Introduction
Traditional computer security theory balances among three critical elements:
functionality, security, and the resources available to ensure both.
From a functionality view, systems must function as people need them to function to process the data needed. Users and other systems need to interface with systems and data seamlessly to get work done.
Don’t confuse functionality with free rein. Allowing users to do whatever they wish with systems and data may result in loss, theft, or destruction of systems and data. Functionality must balance with security.
Increasing the levels of protection for systems and data usually reduces functionality.
Introducing security mechanisms and procedures into the mix doesn’t always allow users to see or interact with data and systems the way they would like.
This usually means loss of functionality to some degree.
“The resources expended toward functionality and security, and the balance between them, are finite.”
No one has all the money or resources they need or as much functionality or security as they want. Remember, the relationship between functionality and security is inversely proportional.
“The more security in place, the less functionality, and vice versa.”
The fewer resources a person or organization has, the less functionality or security they can afford.
CompTIA Security+ Certification Guide – Introduction
Figure 1 above: the careful balancing act among the three elements of functionality, security, and resources.
Security theory follows three goals, widely considered the foundations of the IT security trade: CIA
- Integrity, &
Security professionals work to achieve these goals in every security program and technology. These three goals inform all the data and the systems that process it. The three goals of security are called the CIA triad.
Figure 2 below, shows the three goals of confidentiality, integrity, and availability.