OBJECTIVES
This chapter covers the following TruSecure-specified objectives for The Internet Certified Security Associate (TICSA) exam:
Define, specify, or identify examples of Essential Security Practices.
The purpose of this objective is to understand the basic foundations of information security and how they can be applied to your organization.
Identify or explain examples of risk management fundamentals and the basic tenets of security.
The purpose of this objective is to understand security risks, how to identify them, and the various methods of managing risks.
Identify the basic security issues associated with system/network design and configuration.
The purpose of this objective is to understand what is involved in the integration of security controls in network and system designs.
Identify, specify, or describe good host- and network-based security fundamentals.
The purpose of this objective is to explore the differences between host- and network-based security controls and how to implement “best security practices.”
OUTLINE
Understanding the Need for Security Controls 15
Basic Security Threats and Principles 20
Where Attacks Can Come From 22
Assessing and Valuing Security 24
STUDY STRATEGIES
TruSecure's TICSA certification is an entry-level security credential--keep this in mind when reviewing the material in this book and preparing for your test. You'll be expected to know basic information about a wide variety of security topics. Don't obsess over advanced topics such as the inner workings of cryptographic algorithms or the niceties of computer law. These are covered by more advanced certifications, such as the CISSP credential.