Whether you're an employee or contractor, this CompTIA Security+ SY0-601 course will have something you can use to improve the organizational security at your workplace. You'll start by examining security topics related to the hiring to release process, such as background checks and investigations, non-disclosure agreements, acceptable use policy, and onboarding and offboarding. You'll move on to explore further personnel policies, including job rotation, mandatory vacations, separation of duties, clean desk space, and social media usage. You'll then recognize some useful security awareness practices, such as phishing simulations, computer-based training, role-based training, and diversity training techniques. Finally, you'll identify various business agreements, account types, regulations, and governance, such as GDPR, PCI DSS, CIS, NIST, and ISO. This course is part of a series that prepares the learner for the CompTIA Security+ (SY0-601) exam.
describe personnel policies, like AUP, job rotation, mandatory vacations, separation of duties, least privilege, clean desk space, background checks, and non-disclosure agreements (NDAs)
survey third-party risks concepts, such as vendors, supply chains, business partners, SLA, MOU, MSA, BPA, EOL, EOS, and NDA
define data policies, like data classification, governance, and retention
describe credential policies, including service accounts, administrator, and root accounts
survey various organizational polices, such as change management , change control, and asset management
define regulations, standards, and legislation, such as PCI-DSS, GDPR, and various national, territory, or state laws
examine key frameworks like CIS, NIST, RMF/CSF, ISO 27001/27002/27701/31000, SSAE SOC 2 type II/III, and Cloud Security Alliance (CSA)
survey various benchmarks and secure configuration guides, as in platform/vendor-specific guides for web servers, OS, application servers, and network infrastructure devices