Security+ 2008 is a Big Plus

Written by: LearnKey Expert Tom Carpenter

Many times, certification vendors and organizations develop new certification objectives just to stay current or to convince more people to take the exams. Security+ 2008 is an entirely different concept. This new certification completely revamps the objectives at the top level. The result is a change in focus and content of the certification and not just a modernizing of the same old objectives. For example, compare the following knowledge domains:

Security+ Pre-2008

General Security Concepts – 30%
Communication Security – 20%
Infrastructure Security – 20%
Basics of Cryptography – 15%
Operational/Organizational Security – 15%

Security+ 2008

Systems Security – 21%
Network Infrastructure – 20%
Access Control – 17%
Assessments & Audits – 15%
Cryptography – 15%
Organizational Security – 12%

At first glance, the difference appears to be minimal. Before the 2008 objectives were released, Security+ covered five domains. The 2008 objectives specify six domains. One more domain doesn’t seem to add much if you simply do the math; however, if you look more closely what how the domains have been changed, the impact is much greater. The addition of the Assessments & Audits domain takes components of operational security and general security concepts and increases the depth of knowledge required. This entire domain was mentioned only in brief in the earlier objectives and it is an important knowledge set if you intend to maintain a secure environment.

The second highly important change is the extraction of access control into its own knowledge domain. Access control has become one of the more complex areas of systems and information security. It is important that the concepts related to access control be understood at a deeper level than required by the previous objectives and exam.

My favorite new objective is, “Explain the purpose and application of virtualization technology.” Working as a consultant, I have seen many organizations implement virtual servers without the needed security. These implementers often think of security as strictly a physical machine issue. Because of this thinking, they do not properly secure the virtual machines. Consider this: most virtual servers allow all network communications to pass through the physical network to the virtual network to ensure that needed communications get through to the virtual machines. If the virtual machines are not secured exactly like you would secure a physical machine, you end up with a huge security risk. While Security+ 2008 includes only this one objective related to virtualization, at least it brings attention to this important issue.

As we designed and produced the Security+ 2008 training program, we made sure that all the newest objectives were covered. But we did something else too. We made sure that the objectives were covered in a practical, real-world way. The knowledge you gain will not only help you pass the Security+ exam, but it will also help you implement a truly secure system or network.