Chapter Title
Related domains:
1.0 General Security Concepts 12% 3.0 Security Architecture 18% 5.0 Security Program Management and Oversight 20%
Related sub-domains
1.1 Compare and contrast various types of security controls. 1.2 Summarize fundamental security concepts. 1.4 Explain the importance of using appropriate cryptographic solutions. 3.3 Compare and contrast concepts and strategies to protect data. 5.2 Explain elements of the risk management process.
Survey
Think about what could be included. Read the introduction / summary. Glance over the different titles and sub-titles, turn them into questions. View visual aids and read their captions.
Questions
While doing all of these steps, add questions. Ensure to answer on a separate page from the original questions.
How does Comptia define cybersecurity? How does Comptia define cybersecurity professionals? How has today’s cybersecurity professional evolved? What are the different cybersecurity objectives and how do fulfil the mission of security? How could organisations meet these cybersecurity objectives? What are the different data breach risks? And what are the effects of these breaches? Who are the people causing fear of data breach risks? How are data breach risks caused? What is the DAD triad? How does it fulfil the goal it sets to achieve? What are the different types of cybersecurity risks and the cybersecurity risk categories? What are all of the different security control categories? What are the challenges faced when implementing security control categories? What are the challenges faced when implementing security control types? How do security control categories fulfil what they are set out to do? How do security control types fulfil what they are set out to do? How would a gap analysis be done? What concepts exist for data protection? How do these protection mechanisms fulfil their role? How is the CIA triad triad and the DAD triad related? What is data exfiltration? What are security controls? How is it related to a gap analysis? How are security control categories determined to be security control categories? What are the considerations with data sovereignty? What are the two different ways data loss prevention works? What are the mechanisms of action for data loss prevention? What is digital rights management (DRM)? What is data minimisation? What are the different methods for data minimisation and how do they work? What are the two types of access restrictions? What is the different between segmentation and isolation?
Read
Focus on answering the questions, come up with more as necessary.
Write
Annotate thoughts and ideas Answer qeustions
Recite
Go back over appropriate sections
Reflect
How does this currently fit with what you know? How would you teach this to someone else?
This chapter goes over mostly what I already know, but it has unexpectedly challenged my knowledge on some topics. For example, I believed that backups genuinely do not sit under availability based on the books definition. However, after discussing with my manager, and thinking about it, I have realised there are different levels of availability, which fits with the availability definition. I need to go over a lot of the specific terms, and make sure that I know the Comptia specific definitions. Overall, I believe my foundational knowledge has slightly improved.
Notes
Study more on PCI DSS, HIPAA, and other standards within the chapter.