The information security market is full of opportunities, absorbing professionals with different profiles. However, the most coveted job positions require high levels of professional commitment, since the prerequisites are usually associated with high-level certifications, in areas of coverage of the information security segment.
The professionalization of the certifying entities, as well as the market recognition and differentiated performance of the certified professionals, collaborate for the dissemination of security certifications. The movement in search of certifications motivates certifying agents to launch increasingly specific certifications, creating new opportunities for the sector, and expanding the number of certified professionals in all parts of the world. Establishing a career in the IS market is an excellent opportunity for those who wish to achieve differentiated opportunities in this segment.
Through this article, the reader will have access to the scope of the CompTIA Security + certification, including prerequisites, target audience, exam characteristics and other relevant data for professionals seeking this type of certification.
About CompTIA Security certification
Considered by many to be the best way to start the training process in the information security segment. The certification is offered by CompTIA, an internationally recognized certifying agent in the information security segment. Seguridad + has adherence with major global technology players, including US government departments.
The certification is considered a neutral credential, that is, it has no association with manufacturers or information security (SI) products, providing the certificate with foundation-level knowledge in SI.
Another important fact related to certification is that it has ISO 17024 accreditation (Accreditation of Personal Certification), undergoing regular evaluations and updates regarding the objectives of the exam.
Who is it for?
The certification is intended for security engineers, consultants, network administrators, as well as other technology professionals interested in starting training in the area of information security. Security + has as a prerequisite, at least two years of experience in IT administration, focused on security, as well as experience in the development of daily activities related to security, at initial levels. Attention to the prerequisites is essential, they enable professionals to adequately absorb the content addressed in the topics of certification.
Security + scope
The scope of the CompTIA Security + certification is associated with the areas of network security, security and operational compliance, threats and vulnerabilities, application, data and host security, access control, and identity and encryption management. Each area has a specific percentage of representativeness in the certification exam, being the areas with the highest weight Network security and Threats and vulnerabilities , and with the lowest weight Cryptography .
security 1.1 Security function and purpose of network devices and technologies
1.2 Apply and implement maintain safe network principles
1.3 Distinguish and differentiate network design elements and components
1.4 Implement and use common protocols
1.5 Identify standard network ports commonly used
1.6 Deploy the wireless network in a secure way
2.0 Compliance and operational security
2.1 Risk-related concepts
2.2 Applying appropriate risk mitigation strategies
2.3 Execution of appropriate incident response procedures
2.4 Importance of safety-related awareness and training
2.5 Comparing and contrasting business continuity aspects
2.6 Impact and proper use of environmental controls
2.7 Execution of disaster recovery plans and procedures
2.8 Example of the concepts of confidentiality, integrity and availability (CIA)
3.0 Threats and vulnerabilities
3.1 Analyze and differentiate the types of malware
3.2 Analyze and differentiate the types of attacks
3.3 Analyze and differentiate the types of social engineering attacks
3.4 Analyze and differentiate the types of wireless attacks
3.5 Analyze and differentiate the types of application attacks
3.6 Analyze and differentiate the types of mitigation and deterrence techniques
3.7 Implement assessment tools and techniques to discover security threats and vulnerabilities
3.8 Proper use of the penetration test vs. vulnerability scanning
4.0 Application, Data and Host Security
4.1 Importance of Application Security
4.2 Proper Procedures for Establishing Host Security
4.3 Importance of Data Security
5.0 Access control and identity management
5.1 Function and purpose of authentication services
5.2 Fundamental concepts and best practices related to authentication, authorization and access control
5.3 Implementation of appropriate security controls when performing account management
6.1 General crypto concepts
6.2 Use and application of appropriate cryptographic tools and products
6.3 Main public key infrastructure concepts
6.4 Implementation of PKI, certificate management and associated components
The information security segment is highlighted in the global media, making companies increasingly search for qualified professionals and quality products, in order to avoid problems associated with information security. This scenario brings an excellent opportunity for professionals and companies that act at the forefront of the sector.
This was the first post addressing certifications for the information security sector, stay tuned for our upcoming publications, deepen your knowledge, and set your goals to build your career in the IS segment.
Also Read: Comptia cloud+