Cysa+ (CS0-003)

Lesson 1
Understanding Vulnerability Response,
Handling, and Management

Copyright © 2023 CompTIA, Inc. All Rights Reserved. | CompTIA.org

1
Objectives
• Review policies and governance.
• Explore risk management principles.
• Understand different types of controls.
• Review attack surface management.
• Explore patch and configuration management.
• Review the importance of maintenance windows.

2
Lesson 1

Topic 1A
Understanding Cybersecurity
Leadership Concepts

Copyright © 2023 CompTIA, Inc. All Rights Reserved. | CompTIA.org

3
Explore Policy and Governance Topics
• The Role of Governance • Security Operations
• Leadership • Well-defined processes

• Strategy • Service Level Objectives (SLO)

• Policy Development

• The Importance of Policy

• Establish Priorities

• Enforceable Rules

• Form basis of an Audit

4
Explain Risk Management Principles
• Risk Responses
• Avoid
• Accept
• Mitigate
• Transfer

5
Explain Risk Management Principles
• Mitigate & Accept
• Mitigate risk down to acceptable levels
• You Can Only Manage Risk, Not Eliminate It
• Documentation is key

• Risk Exceptions
• Must include follow-up dates

6
Explore Threat Modeling
• Identifying Specifics
• Threat Actors
• TTPs
• Threat Considerations
• Different threat groups target different organizations
• Prioritize identified threat groups
• Build defenses based on threat group
7
Explore Threat Modeling
• Threat Model
• Diagramming and Documenting
• Functionally deconstruct systems
• Identify where a system can be
attacked
• Identify methods of attack
• Identify mitigations for each
attack/method

8
Explore Threat Modeling
• Development of Models Requires Collaboration
• Knowledge of system components
• Knowledge of attack methods
• Knowledge of appropriate mitigations
• Knowledge of laws & regulations
• Knowledge of business impacts

9
 Review Activity: Cybersecurity Leadership Concepts
1. True or false. Cybersecurity operations are driven by technical
implementers.
2. What is the name of the team that risk managers depend upon to
assess whether work is being performed in accordance to policy?
3. Risk ____________________ requires that activities with high
levels of risk are stopped.
4. What activity is focused on deconstructing a system to better
understand the threats and exploits that might impact it?

10
 Lab Activity
• Assisted Lab: Exploring the Lab Environment

11
Lesson 1

Topic 1B
Exploring Control Types and Methods

Copyright © 2023 CompTIA, Inc. All Rights Reserved. | CompTIA.org

12
Security Control Categories
• Security Controls Protect Assets
• Technology is only part of the solution!
• Control Categories
• Technical
• Operational
• Managerial
• Protect assets with a mix of controls from each category
13
Security Control Categories cont.
• Control Examples
• Technical
• Firewalls, intrusion detection, SIEM, endpoint protection,
encryption, etc.
• Operational
• Change control, access control, physical security, systems
monitoring, etc.
• Managerial
• Risk assessments, audits, policies, incident response plans, security
awareness training, etc.

14
Security Control Functional Types
• Control Objectives
• Preventive
• Detective
• Corrective
• Responsive
• Compensating

15
Security Control Functional Types cont.
Examples of Control Objectives

Control Objective Example

Preventive Firewall drop rule
Access control lists (ACL)

Detective Logs

Corrective Backup system

Responsive Course of Action (CoA)

Compensating Audit

16
Security Control Functional Types cont.
• Control Categories and Objectives
• Mapping exercises
• Identify Asset and ask:
• Is it protected using all categories?
• Do controls in each category cover all objectives?
• Most organizations have lots of technical/preventive only!

17
Managing Attack Surfaces
• Attack Surface describes the level of exposure
• Identifying attack surface helps define the weak spots in the environment
• People and processes
• Software and devices

18
Managing Attack Surfaces cont.
• Evaluate the Attack Surface
• Footprinting & Fingerprinting
• Passive Discovery
• Edge Discovery
• Penetration Testing
• Adversary Emulation

19
Managing Attack Surfaces cont.
• Reduce the Attack Surface
• Asset inventory
• Access control
• Patching and updating
• Network segmentation
• Removing unnecessary components
• Employee training

20
 Review Activity: Control Types and Methods
1. The leadership teams would like to develop controls designed to provide oversight of
various information systems. What type of control does this describe?

2. A web application firewall identifies and records any attempted or successful intrusion
to a log file. What category of control does this describe?

3. After identifying that a port scan was performed on an internal database system, a
security analyst performs a series of well-defined steps to further investigate the issue.
What type of control objective does this describe?

4. What is being analyzed when all potential pathways a threat actor could use to gain
unauthorized access or control of a system are identified and documented?

5. Systems, services, and protocols are discovered and characterized by analyzing network
packet captures. What type of discovery technique does this describe?
21
 Lab Activity
• Assisted Lab: Configuring Controls

22
Lesson 1

Topic 1C
Explaining Patch Management
Concepts

Copyright © 2023 CompTIA, Inc. All Rights Reserved. | CompTIA.org

23
Explain Software Patching and Host Protections
• Patching frequency • Diverse systems and software
• Time consuming • Central management is difficult

• Needs central management • Different tools for different

platforms
• Compliance requirement

24
Explain Software Patching and Host Protections cont.
• Where patches are located • Trustworthy patching source
• UEFI/BIOS • Supply chain attacks
• Operating systems
• Applications
• Network equipment
• Services
• Desktops/laptops
• Phones/tablets
• Embedded Systems
• Proprietary system firmware
25
Explore Configuration Management
• Control over endpoint configuration
• Critical role in infrastructure as code, CI/CD, and DevOps
environments
• Configuration is defined once and applied to many systems

26
Explore Configuration Management
• Examples of configuration management tools include:
• Chef - https://www.chef.io/
• Puppet - https://puppet.com/
• Ansible - https://www.ansible.com/
• Terraform - https://www.terraform.io/

27
Chef Iptables Cookbook

28
Understand Maintenance Windows
• Routine maintenance windows
• Administrators perform maintenance tasks

• Enable preventative maintenance

• Enable deployment of noncritical patches

• Must comply with change management policies

• Monitoring infrastructure must be "maintenance window aware"

• Savvy attacker might perform actions during maintenance windows

29
 Review Activity: Patch Management Concepts
1. True or False. Advanced endpoint protection tools eliminate the need for
operating system patching.

2. True or False. Critical security patches are best implemented during the next
most convenient maintenance window.

3. What tool allows administrators to centrally create and enforce software

settings?

4. True or False. Systems should not be monitored during maintenance

windows to avoid confusion.

5. Which policy dictates how work is completed during a maintenance window?

30
Cysa+ (CS0-003)

Lesson 1
Summary

Copyright © 2023 CompTIA, Inc. All Rights Reserved. | CompTIA.org

31