Skip to main content
VVMExam

General Security Concepts: Foundational Principles for Security+

General Security Concepts covers the core principles, control categories, and basic terminology that underpin all other Security+ domains. Understanding these fundamentals is essential before tackling more specific security topics.

1 min read

Security Control Categories

  • Technical controls – Implemented through technology (firewalls, encryption, access control lists).
  • Managerial controls – Administrative policies and procedures (risk assessments, security policies).
  • Operational controls – Day-to-day processes performed by people (security awareness training, background checks).
  • Physical controls – Tangible barriers (locks, fences, badge readers, security cameras).

Security Control Types

  • Preventive – Stop an incident before it occurs (e.g., firewall rules).
  • Detective – Identify incidents in progress or after the fact (e.g., IDS, audit logs).
  • Corrective – Minimize damage and restore systems after an incident (e.g., backups, patches).
  • Deterrent – Discourage potential attackers (e.g., warning signs, login banners).
  • Compensating – Alternative controls used when primary controls are not feasible.
  • Directive – Direct subjects toward secure behavior (e.g., acceptable use policies).

Core Security Principles (CIA Triad)

  • Confidentiality – Ensure information is accessible only to authorized parties.
  • Integrity – Ensure data is accurate and has not been improperly modified.
  • Availability – Ensure systems and data are accessible when needed.

Additional Key Concepts

  • Non-repudiation – Proof that a specific entity performed an action; commonly achieved with digital signatures.
  • Authentication, Authorization, and Accounting (AAA) – The framework for verifying identity, granting access, and logging activity.
  • Zero Trust – A model that assumes no user or device is trusted by default, requiring continuous verification regardless of network location.
  • Gap analysis – Comparing current security posture against a desired or required baseline to identify deficiencies.
  • Security through obscurity – Relying solely on secrecy of design as a security mechanism; considered weak and insufficient on its own.

The SY0-701 exam expects candidates to recognize these control categories and types in scenario-based questions and to apply core principles when evaluating security decisions.

Ready to practice this topic?