CompTIA Security+ – Part 2: Operations & Incident Response, Risk Management

April 19, 2025

This is the second and final part of my CompTIA Security+ blog series.
In this post, I shared cybersecurity incidents, understand security tools, and manage risk and compliance in an organization.

1. Incident Response Steps

When a security incident happens (like a data breach), we follow these steps to handle it:

Preparation:
Make a response plan before anything bad happens. Train your team and set up tools.
Identification:
Detect and confirm that an incident has occurred (using alerts, logs, etc.).
Containment:
Stop the threat from spreading — like isolating infected systems.
Eradication:
Remove the root cause of the attack (delete malware, patch vulnerabilities).
Recovery:
Restore systems and services back to normal and monitor them.

2. Digital Forensics Basics

Digital forensics helps us investigate cybercrimes by collecting and analyzing digital evidence.

Main Steps: Collect → Examine → Analyze → Report
Always follow the chain of custody to protect evidence.

3. SIEM (Security Information and Event Management)

SIEM tools collect and analyze logs from across your network to detect threats in real time.

Examples: Splunk, ELK Stack, QRadar
Helps in quick alerting and responding to incidents.

4. MITRE ATT&CK Framework

MITRE ATT&CK is a public knowledge base of how attackers behave.

Helps defenders understand, detect, and stop threats.
Includes tactics like initial access, privilege escalation, and exfiltration.

5. Risk Management

Risk management means identifying, assessing, and reducing risks in an organization.

Risk Types: Cyber, physical, legal, etc.
Responses: Accept, reduce, avoid, or transfer (like using insurance).

Governance, Risk, and Compliance (GRC)

🧾 6. Policies, Procedures, and Frameworks

Formal rules and structures for managing IT security.

ISO 27001: Global security standard.
NIST: U.S. cybersecurity guidelines.
COBIT: Enterprise IT governance model.

7. Regulations and Laws

These are legal requirements for organizations:

GDPR (EU): Protects European users’ data.
HIPAA (US): Secures health-related information.
PCI-DSS: Applies to credit card handling companies.

8. Risk Types and Responses

Risks can be internal (like human error) or external (like hackers).
Use security policies, tools, or insurance to handle them.

9. Security Awareness Training

Employees are the first line of defense.
Training teaches them to spot phishing, use strong passwords, and follow company policy.

Summary

In this part, we learned how companies detect and respond to cyber threats, manage risk, and follow compliance rules. This is a key skillset for any cybersecurity role.

If you missed Part 1, check it out here 🔗.

Thanks for reading! ~ Bilal Qazi