Security Standards - CompTIA Security+ SY0-701 - 5.1
Understanding Security Standards in Technology
Importance of Security Standards
- In the technology industry, security standards are crucial for defining formal processes to handle various situations, providing extensive documentation and reducing risks.
- Organizations may create their own security standards or adopt existing ones from recognized bodies like ISO (International Organization for Standardization) and NIST (National Institute of Standards and Technology).
Password Policies
- Password standards are essential; organizations often have specific policies that define what constitutes a good password, including complexity requirements.
- Authentication methods may be standardized, such as prohibiting local accounts on devices and requiring central authentication databases like LDAP with Active Directory.
- Guidelines for password resets must be established to ensure secure handling of account changes.
Access Control Standards
- Access control defines how users can access data within systems, including the types of access allowed based on organizational policies.
- Mandatory access control policies might be required over discretionary ones, with management sign-off or training prerequisites for certain data access.
User Offboarding and Physical Security
- Standards should also dictate how user access is revoked due to security issues, account expiration, or employee offboarding.
- Physical security measures include ID badge requirements for building entry and electronic door locks that may vary between employees, contractors, and guests.
Encryption Standards
- Well-documented encryption standards are necessary due to the complexities involved; these may cover hashing algorithms and implementation practices.