General 2min de Leitura - 26 de August de 2020

Certifications: CompTIA Security+

Comptia security +

This post is also available in: Português English Español

The information security market is full of opportunities, absorbing professionals with different profiles. However, the most coveted work positions require high levels of professional commitment, since the prerequisites are usually associated with high-level certifications in areas covered by the information security sector.

The professionalization of certifying entities, as well as market recognition and differentiated performance of certified professionals, contribute to the dissemination of safety certifications. The search for certifications motivates certifying agents to launch increasingly specific certifications, generating new opportunities for the sector, and increasing the number of certified professionals in all parts of the world. Building a career in the IS market is an excellent opportunity for those who want to achieve differentiated opportunities in this segment.

In this article, the reader will have access to the scope of the CompTIA Security + certification, including prerequisites, target audience, exam characteristics and other relevant data for professionals seeking this type of certification.

About CompTIA Security certification

Considered by many the best way to start a training process in the information security segment. The certification is offered by CompTIA, an internationally recognized certifying agent in the information security segment. Security + has adherence to major global technology players, including US government departments.

This Certification is considered to be a neutral credential, ie, it does not have an association with manufacturers or information security products (IS), providing the certificate with foundation-level knowledge in IS.

Another important data related to certification is that it has ISO 17024 (Personal Certification Accreditation), being subject to regular evaluations and updates regarding the targets of the exam.

Who is it for?

The certification is intended for security engineers, consultants, network administrators, as well as other technology professionals interested in starting training in the area of information security. Security + has as prerequisite, at least two years of IT management experience, with a focus on security, as well as experience in the development of daily activities related to security, at initial levels. The fulfillment of prerequisites is paramount, enabling professionals to adequately absorb the contents covered in the certification topics.

Security+ Scope

The scope of CompTIA Security + certification is associated with the areas of network security, operational security and compliance, threats and vulnerabilities, application security, data and hosts, access control and identity management as well as encryption. Each area has a specific percentage of representativeness in the certification exam, being the areas with greater weight Network securityand Threats and vulnerabilities, and the less weight Cryptography.

Detailed Scope

1.0 Network security
1.1 Security function and purpose of network devices and technologies
1.2 Apply and implement to maintain secure network principles
1.3 Distinguish and differentiate network design elements and components
1.4 Implement and use common protocols
1.5 Identify commonly used standard network ports
1.6 Deploy wireless network in a secure way

2.0 Compliance and operational safety
2.1 Risk-related concepts
2.2 Apply appropriate risk mitigation strategies
2.3 Conduct appropriate incident response procedures
2.4 Importance of safety-related awareness and training
2.5 Compare and contrast aspects of business continuity
2.6 Impact and appropriate use of environmental controls
2.7 Conduct Disaster Recovery Plans and Procedures
2.8 Exemplify the concepts of confidentiality, integrity and availability (CIA)

3.0 Threats and vulnerabilities
3.1 Analyze and differentiate malware types
3.2 Analyze and differentiate the types of attacks
3.3 Analyze and differentiate between types of social engineering attacks
3.4 Analyze and differentiate the types of wireless attacks
3.5 Analyze and differentiate between types of application attacks
3.6 Analyze and differentiate the types of mitigation and dissuasive techniques
3.7 Implement assessment tools and techniques to discover security threats and vulnerabilities
3.8 Appropriate use of penetration test vs. vulnerability scanning

4.0 Application, data, and host security
4.1 Importance of application security
4.2 Proper procedures for establishing host security
4.3 Importance of data security

5.0 Access control and identity management
5.1 Role and Purpose of authentication services
5.2 Fundamental concepts and best practices related to authentication, authorization and access control
5.3 Implementing appropriate security controls when performing account management

6.0 Encryption
6.1 General concepts of encryption
6.2 Use and application of appropriate cryptographic tools and products
6.3 Key concepts of public key infrastructure
6.4 PKI Implementation, certificate management, and associated components

The information security segment is highlighted in the world media, causing companies to seek more and more for qualified professionals and quality products, in order to avoid problems associated with information security. This scenario provides excellent opportunity for professionals and companies that act at the forefront of the sector.

This was the first post addressing certifications for the information security sector, stay tuned to our next publications, deepen your knowledge and set your goals to build your career in the IS segment.

This post is also available in: Português English Español