General Security Concepts (12%)

Domain 1: General Security Concepts (12%)

This domain covers the foundational concepts that underpin all cybersecurity knowledge. It represents 12% of the Security+ exam.

Learning Objectives

After completing this domain, you should be able to:

• [ ] Compare and contrast various types of security controls
• [ ] Summarize fundamental security concepts (CIA Triad, AAA, Zero Trust)
• [ ] Explain the importance of change management processes
• [ ] Explain the importance of using appropriate cryptographic solutions

Topics Covered

| File | Topics | Est. Time |

|------|--------|-----------|

| 01_fundamental_security_concepts.md | CIA Triad, Security Controls, AAA, Zero Trust, Physical Security, Change Management | 2-3 hours |

| 02_cryptographic_solutions.md | PKI, Encryption, Hashing, Digital Signatures, Certificates, Obfuscation | 2-3 hours |

Key Concepts at a Glance

CIA Triad

• Confidentiality: Only authorized users can access data
• Integrity: Data is accurate and unmodified
• Availability: Data is accessible when needed

Security Control Categories

| Category | Description | Examples |

|----------|-------------|----------|

| Technical | Hardware/software controls | Firewalls, encryption, ACLs |

| Managerial | Administrative oversight | Policies, risk assessments |

| Operational | Day-to-day procedures | Training, incident response |

| Physical | Tangible access controls | Locks, cameras, guards |

Security Control Types

| Type | Purpose | When Applied |

|------|---------|--------------|

| Preventive | Stop attacks before they happen | Before attack |

| Detective | Identify attacks in progress | During attack |

| Corrective | Fix damage after an attack | After attack |

| Deterrent | Discourage attack attempts | Before attack |

| Compensating | Alternative when primary fails | Ongoing |

| Directive | Guide behavior through policy | Ongoing |

Zero Trust Model

"Never trust, always verify" - No implicit trust based on network location or previous authentication.

Study Tips

1. Memorize the CIA Triad - It appears throughout the exam in various contexts
2. Know the difference between control categories AND types - Very commonly tested
3. Understand Zero Trust - Hot topic in modern security
4. Practice matching controls to scenarios - Common question format

Quick Review

Before moving to Domain 2, ensure you can answer:

1. What are the three components of the CIA Triad?
2. What's the difference between a preventive and detective control?
3. What is non-repudiation and why is it important?
4. What are the core principles of Zero Trust?
5. Name the four categories of security controls.

Resources

• Cheat Sheet - Quick reference for exam day
• Practice Questions - Test your knowledge
• Flashcards - Anki-importable cards

Next: Domain 2: Threats, Vulnerabilities, and Mitigations