Information Security Basics
- AAA Overview: Access Control, Authentication, and Accounting
- Security Administration—The Importance of a Security Policy
- Keeping Up with and Enforcing Security Policies
- Risk Assessment
- Why Data Classification Is Important
- The Importance of Change Management
- Performing Vulnerability Assessments
- Chapter Summary
- Apply Your Knowledge
This chapter covers the following TruSecure-specified objectives for the TICSA exam:
Identify, specify, or describe good access control and authentication processes and techniques.
Access control and authentication combine with accounting to form the triple-A ("AAA") basis for computer security. A solid understanding of these principles is essential knowledge for any security practitioner.
Identify or explain examples of risk management fundamentals and the basic tenets of security.
Risk management allows security professionals to determine what threats are likely to impact a system/network and allocate security resources accordingly.
Describe, recognize, or select good administrative maintenance and change-control issues and tools.
No security policy is immutablechange is inevitable. Good policies provide a structured maintenance and change control process to ensure future modifications occur in an orderly manner.