Chapter 9: Security Policies and Procedures

The Following Comptia Security+ Exam Objectives are Covered in this Chapter:

• 5.2 Disaster Recovery

  • 5.2.1 Backups

    • 5.2.1.1 Off Site Storage

  • 5.2.2 Secure Recovery

    • 5.2.2.1 Alternate Sites

  • 5.2.3 Disaster Recovery Plan

• 5.3 Business Continuity

  • 5.3.1 Utilities

  • 5.3.2 High Availability/Fault Tolerance

  • 5.3.3 Backups

• 5.4 Policy and Procedures

  • 5.4.1 Security Policy

    • 5.4.1.1 Acceptable Use

    • 5.4.1.2 Due Care

    • 5.4.1.3 Privacy

    • 5.4.1.4 Separation of Duties

    • 5.4.1.5 Need to Know

    • 5.4.1.6 Password Management

    • 5.4.1.7 SLA

    • 5.4.1.8 Disposal/Destruction

    • 5.4.1.9 HR Policy

    • 5.4.1.9.1 Termination – Adding/revoking passwords privileges, etc.

    • 5.4.1.9.2 Hiring – Adding/revoking passwords privileges, etc.

    • 5.4.1.9.3 Code of Ethics

  • 5.4.2 Incident Response Policy

• 5.5 Privilege Management

  • 5.5.1 User/Group Role Management

  • 5.5.2 Single Sign-on

  • 5.5.3 Centralized vs. Decentralized

  • 5.5.4 Auditing (Privilege, Usage, Escalation)

  • 5.5.5 MAC/DAC/RBAC

Protecting your network is a difficult job in today's working environment. You face many threats and vulnerabilities. Your job as a security professional is not only to prevent losses, but also to make contingency plans for recovering from losses when they occur.

This chapter deals with the key aspects of business continuity, vendor support, security policies and procedures, and privilege management from an operations perspective. A solid grasp of these concepts will help you prepare for the exam, and it will help you be a more proficient and professional security team member. The process of working in, helping to design, and maintaining security in your organization is a tough job. It requires dedication, vigilance, and a sense of duty to your organization.