Security+

A certification endorsed by the CompTIA organization for information security professionals. Like other certifications from CompTIA, it provides a vendor-neutral overview of the field and certifies that a candidate has a basic understanding of the principles behind network security. Candidates are recommended by CompTIA to have already completed the A+ and Network+ certifications or have equivalent experience before attempting the examination.

The Security+ certification contains five domains:

1. General Security Concepts
   • Access Control models
   • Authentication methods
   • Vulnerabilities and attacks
   • Malicious code/malware
   • Social Engineering
   • Auditing, logging, and system scanning
2. Communication Security
   • Remote Access technologies
   • E-mail security concepts
   • Web and Instant Messaging security
   • Directory security
   • File transfer and file sharing security
   • Wireless networking security
3. Infrastructure Security
   • Physical networking devices (hub, router, switch, VPN, IDS)
   • Transmission media and storage media security
   • Security topologies
   • Intrusion detection
   • Security baselines
4. Basics of Cryptography
   • Cryptographic algorithms
   • Public Key Infrastructure
   • Cryptographic standards
   • Key management and certificate lifecycles
5. Operational/Organizational Security
   • Physical security concepts
   • Disaster recovery and business continuity
   • Policies and procedures
   • Privilege management
   • Forensics
   • Risk identification
   • Education and training
   • Documentation

Attaining the Security+ certification requires the successful completion of one 100-question examination. A passing grade is a score of 764 on a scale from 100-900. The examination is offered in English and Japanese languages.

The Security+ certification is often used as a stepping stone to more advanced certifications, like the CISSP. It also serves as an elective for the MCSE certification.