The book is divided into sections and chapters to correspond with the objectives of the exam itself. Some of the chapters are more technical than others-reflecting the nature of the security environment, where you will be forced to deal with not only technical details but also other issues, such as security policies and procedures as well as training and education. Although many individuals involved in computer and network security have advanced degrees in math, computer science, information systems, or computer or electrical engineering, you do not need this technical background to address security effectively in your organization. You do not need to develop your own cryptographic algorithm; for example, you simply need to be able to understand how cryptography is used along with its strengths and weaknesses. As you progress in your studies, you will learn that many security problems are caused by the human element. The best technology in the world still ends up being placed in an environment where humans have the opportunity to foul things up-and all too often do.
Part I: Security Concepts: The book begins with an introduction to some of the basic elements of security.
Part II: Cryptography and Applications: Cryptography is an important part of security, and this part covers this topic in detail. The purpose is not to make cryptographers out of readers but to instead provide a basic understanding of how cryptography works and what goes into a basic cryptographic scheme. An important subject in cryptography, and one that is essential for the reader to understand, is the creation of public key infrastructures, and this topic is covered as well.
Part III: Security in the Infrastructure: The next part concerns infrastructure issues. In this case, we are not referring to the critical infrastructures identified by the White House several years ago (identifying sectors such as telecommunications, banking and finance, oil and gas, and so forth) but instead the various components that form the backbone of an organization’s security structure.
Part IV: Security in Transmissions: This part discusses communications security. This is an important aspect of security because, for years now, we have connected our computers together into a vast array of networks. Various protocols in use today that the security practitioner needs to be aware of are discussed in this part.
Part V: Operational Security: This part addresses operational and organizational issues. This is where we depart from a discussion of technology again and will instead discuss how security is accomplished in an organization. Because we know that we will not be absolutely successful in our security efforts-attackers are always finding new holes and ways around our security defenses-one of the most important topics we will address is the subject of security incident response and recovery. Also included is a discussion of change management (addressing the subject we alluded to earlier when addressing the problems with patch management), security awareness and training, incident response, and forensics.
Part VI: Appendixes: There are two appendixes in CompTIA Security + All-in-One Exam Guide. Appendix A provides an additional in-depth explanation of the OSI model and Internet protocols, should this information be new to you, and Appendix B explains how best to use the CD-ROM included with this book.
Glossary: Located just before the index, you will find a useful glossary of security terminology, including many related acronyms and their meanings. W
