Exam Essentials

Know how to evaluate the most important security priorities for an organization. Be able to choose the most important aspects of a company’s security needs from the information you are given. You will be given more information than you need.

Understand the requirements for securing data. Know what data needs to be secured and the appropriate techniques for securing it.

Recognize technical constraints or integration issues that are in conflict with security goals. Know what the technical and interoperability constraints a company faces are and be able to take them into account when deciding on the appropriate technologies for policies.

Consider government or industry regulations when designing security policies for a company. You need to make sure that the policies you implement adhere to government and industry regulations. For example, the medical industry has guidelines for privacy of patient records.

Know how to analyze what is successful or unsuccessful about the current security policy. Once you have determined where there are problems with the current security policies, you will need to decide whether to change the policy or update the technology; for example, you may have a password policy that requires 8-character passwords that are rotated every 45 days, but it is difficult to enforce on all of the devices on your network so there are some passwords that don’t rotate every 45 days.

Understand how risk is used to determine what needs to be secured. You will be given many different choices about what to secure in an organization, but you will have limited resources and will need to determine which assets are the most important.