In this chapter, we will discuss best business practices regarding compliance and operational security. This will include discussions of risk-related concepts, such as false positives and risk calculation, risk mitigation strategies, and incident response procedures. This chapter also covers security-related awareness and training concepts, such as identifying PII (personally identifiable information), data handling, threat awareness, and proper use of social and P2P networking. It will also cover business continuity practices, environmental controls, disaster recovery, and CIA concepts. The core Security+ exam objectives covered in this chapter are as follows:
- Explain risk-related concepts
- Carry out appropriate risk mitigation strategies
- Execute appropriate incident response procedures
- Explain the importance of security-related awareness and training
- Compare and contrast aspects of business continuity
- Explain the impact and proper use of environmental controls
- Execute disaster recovery plans and procedures
- Exemplify the concepts of confidentiality, integrity, and availability (CIA)
- Quizzes