Security+:
The Foundation for
Solid Network and
Information Security
1-800-COURSES
www.globalknowledge.com
Expert Reference Series of White Papers
Introduction
The focus of this white paper is to introduce the Security+ certification and the foundation for a career in
Information security as well as data networking it can provide.
We will cover:
• Historical overview
• How times have changed
• The War on Terror—information terror that is!
• Real-world data about the CompTIA Security+
• The focus of the certification
• Key benefits for becoming CompTIA Security+ certified:
Over the course of several centuries, the Industrial Revolution saw the development of new manufacturing
processes that changed much of the world’s economy and ways of doing business. Whereas it took centuries
to develop new business manufacturing processes of the Industrial Revolution,
a new revolution, what I call
the IT Revolution, has occurred over the past 35 years, and it has literally changed the face of the world. This
great change in business and economic focus took years to develop and is still being perfected till this very day.
The changes brought about by the technology revolution not only affect the USA but also every country with
which we do business
. This revolution has brought us such great things as the personal computer, software for
the personal computer, computer networking, digital cash registers, computerized medical equipment and, of
course, the Internet. The technology revolution has brought us huge intangibles as well, such as productivity,
quality
,
larger profit margins

,
v
ast new markets to increase sales, and efficiency. These intangibles have been
the driving force to make the technology revolution the most important revolution during the existence of man.
Along with the social and economic changes, we have been introduced to a “dark side” as well. Criminals
looking for a quick buck and the thrill of wreaking havoc on computer systems and data networks alike have
popped up all over the world.
New w
ays of hacking systems glorified by Hollywood movies have tak
en on
mainstream appeal.
T
he mystique of the hack
er life style has intrigued most, if not all, of the IT professionals.
Virus activity, spy ware and malware, denial of service attacks, email bombs, worms, Trojans, spam, browser
helper objects, and pop-ups have all become the rage for internet and network data terrorists. The folks at
Webster’s dictionary were quoted in the Wall Street Journal as saying that the, “Technological Revolution of
late 20th and 21st centuries has been responsible for the most additions” to their dictionary and 95% of those
new words have come directly from the Data Security and Integrity sectors
.
”
Timothy H. Euler, Global Knowledge Instructor, MCSE NT4.0,
MCSE WIN2K, MCSE 2003, Sec+, Net+, Server+, CCNA, CCNP
Security+:The Foundation for Solid
Network and Information Security
Copyright ©2007 Global Knowledge T
raining LLC. All rights reserved.
Page 2
W
hat does this mean for the average business looking to reap the benefits of the technical revolution? Well,

this can be summed up in a single word: training. If businesses are to truly reap the benefits of the new tech-
nology, their employees, and I mean all employees, have to be educated and trained as to the appropriate
ways of dealing with the dark side of information terror. In simple terms, all computer users have to learn the
safe practices for their computers, their business networks, and the Internet. The security basics of “what to
do” and “what not to do” become the front-line defense for most businesses.
That being said, data and network professionals have in-depth training to recognize threats and security holes,
monitor for attacks before they are executed, create security policies, use the various tools available, like IDS
and firewalls, and how to repair damaged networks after a threat has been discovered. These abilities are a
must for all Network Engineers and System Administrators. When we segregate security to a specific depart-
ment, then we develop a scenario where other departments seem to pass the buck when an attack is waged.
Everyone must become involved if we are to win this war on information terror.
Technology training has many great avenues for bringing security best practices and technology to the masses,
making us all better prepared to win this w
ar. Cisco
®
,
Microsoft
®
,
Checkpoint
®
,
Red Hat
®
,
and CompTia
®
have
all created fantastic learning opportunities and ways to measure students’ knowledge through their certifica-
tion paths.

The best all-around certification, not only for the average user, but also for the data center professional, is
CompTia’s Security+ certification. This is an entry level certification but by no means should it be treated that
way
. The technologies and topics introduced throughout the course are the absolute foundations for all of the
other disciplines mentioned above. The beauty of this certification is clear; it is not specific to any one technol-
ogy like Cisco or Microsoft. This foundation will introduce the Security+ candidate to the real world, a world of
the dreaded mixed environment.
This is the only certification that will arm holders with the broad foundation
for recognizing and dealing with the bulk of the issues those security professionals will deal with. These issues
arise from external attacks and from internally launched attacks.
Other technology companies have even begun to partner with the CompTIA Security+ certification to make the
certification a part of other, more extensive certification paths. For example Microsoft will waive the Microsoft
Security requirement for MCSE candidates if they successfully pass the Security+ test. This partnership is just
the first of many to come as Monster, the job search giant, has recently released data on the most frequently
required technology certification for network engineers with 2-4 years of experience and whose job focus is on
security. That certification, as you may have guessed, is Security+. This type of validation will continue to grow
as more and more companies discover the v
alue of the Security+ certification.
A few other statistics about the certification are certainly worth mentioning here.
(From the Industry for Network security and CompTIA)
K
ey benefits for becoming CompTIA Security+ certified:
• A solid cr
edential that can be utilized in any industry
U.S. Deptartment of Defense and Directive 8570:
US DOD employees or contractors engaged
in work related to information security are required to be certified, as specified in a list of certifications
included in the Directive 8570 manual; CompTIA Security+ is one of the designated certifications.
Healthcar
e industry and HIP

AA (Health Insur
ance Portability and Accountability Act):
This 1996 Congressional Act requires standards be met regarding the security and privacy of data in
Copyright ©2007 Global Knowledge T
raining LLC. All rights reserved.
Page 3
t
he healthcare industry. One way that healthcare companies can demonstrate their compliance with
the standards in this act is to verify certification of their network and information security staff.
Financial industry and web-based attacks: The financial industry and its customers are vulnera-
ble to attacks designed to gain access to personal account information. Network security providers are
critical in this business, and the CompTIA Security+ certification is an assurance of baseline competency.
• Validation of achievement in an industry-valued skill.
All industries need trained security professionals to combat hackers and security threats. CompTIA
Security+ shows employers you can maintain the integrity of their business communications, infra-
structure, and operations.
• Viable career path, leading to higher level positions.
Seventy-four percent of IT managers say a CompTIA certification is an important factor in considering
an employee for a promotion.*
The Security+ certification focuses on the major areas of Information security. The following certification out-
line was taken from the CompTIA test objectives and shows the focus of the exam. As you will see, all
important aspects for a solid foundation of security are included.
I encourage you to surf
to view the exam objectives in detail.
Section 1. Gener
al Security Concepts
• Access controls
• Authentication
• System hardening
• Recognize attack types

• Malicious code discovery
• Social engineering
• Auditing and logging
Section 2. Communication Security
• Remote access technologies
• Email security concepts
• Internet security concepts
• Directory security concepts
• F
ile transfer concepts and protocols
• Wireless technologies and concepts
Section 3. Infrastructure Security
• Device security
• Media security
• Security topologies
• Intrusion detection
• Security baselines
• Application hardening
Copyright ©2007 Global Knowledge T
raining LLC. All rights reserved.
Page 4
S
ection 4. Basics of Cryptography
• Cryptographic algorithms
• Understanding cryptography
• Understanding PKI
• Cryptographic standards and protocols
• Key management and certificate lifecycles
Section 5. Operational / Organizational Security
• Physical security of equipment

• Disaster recovery
• Business continuity
• Policies and procedures
• Privilege management
• Forensics
• Risk identification
• Education and training of end users
• Documentation concepts
Conclusion
The technology revolution truly has change the world we live in.
Now we must arm our employees to protect
us from the
“dark side.” What better way to accomplish this then with the Security+ certification taught by a
certified Global Knowledge technical instructor.
Learn More
Learn more about how you can improve productivity, enhance efficiency, and sharpen your competitive edge.
Check out the following Global Knowledge course:
Essentials of Information Security (Security+)
For more information or to register, visit www.globalknowledge.com or call 1-800-COURSES to speak with a
sales representative
.
Our courses and enhanced,
hands-on labs offer practical skills and tips that you can immediately put to use
.
Our expert instructors draw upon their experiences to help you understand key concepts and how to apply
them to your specific work situation. Choose from our more than 700 courses, delivered through Classrooms,
e-Learning, and On-site sessions, to meet your IT and management training needs.
About the Author
T
imothy H. Euler is the Chief Information Officer for I.T. Data Solutions based in Maryland. He has 12 years of

Advanced Networking experience, both in the Microsoft OS line and Cisco. He is also an Instructor for Global
Knowledge, teaching in the Microsoft OS curriculum. His certifications include MCSE NT4.0, MCSE WIN2K,
MCSE 2003, Sec+, Net+, Server+, CCNA, CCNP.
Copyright ©2007 Global Knowledge T
raining LLC. All rights reserved.
Page 5