About CompTIA Security+; certification

With the threat to data security becoming a rapidly growing issue, the need for trained information security personnel has increased multi-fold. Information Security is one of the fastest growing areas. Candidates who earn this certification will be able to prove their ability to anticipate information security risks and apply their knowledge of security concepts, and tools to safeguard organizational data, as well as know the procedures to react to security incidents, should they occur.

CompTIA's Security+; certification is a globally recognized, vendor-neutral certification that proves competency in system security, network infrastructure, access control and organizational security. It is recommended that CompTIA Security+ candidates also have CompTIA Network+ certification and at least two years of technical networking experience, with an emphasis on security.

The exam is available in English, Spanish, German, Japanese, and Chinese. You need to pass SY0-301 exam to get CompTIA Security+ certified. For more information, see CompTIA's Security+ certification page.

What's New in CompTIA Security+; SY0-301

The new exam covers more of the approach on security risk control and mitigation. It has now included things like security policies, procedures, and training required to comply with latest technologies.

Domain Comparison

• The domain "Network Infrastructure" has now changed into "Network Security" with additional topics like latest networking devices, network protocols, ports, network application principles. The domain also emphasize on security related to wireless technologies. In the previous version of the Security+, SY0-201, networking topics were listed in the domain "Network Infrastructure".
• The domain "Compliance and Operational Security" mainly focuses on risk related concepts, incident response procedures, business continuity, and disaster recovery. Candidates should be able to carry out appropriate risk mitigation strategies and disaster recovery procedures. In the previous version, CompTIA had included topics like redundancy planning, disaster recovery procedures, and incident response procedures in the domain 6.0 "Organizational Security", but the latest version has merged compliance security to make the domain more effective.
• CompTIA has also divided the objectives of the domain "System Security" of the previous version, and merged them in the new objectives of the latest version.
• The area concerning security threats has now moved to a new domain "Threats and Vulnerabilities" whereas the part related to application security has been now included in the domain "Application, Data, and Host Security".
• The domain "Access Control and Identity management" is very similar to its previous version's domain "Access Control". The weighting of the domain has decreased from 17% to 13%. CompTIA has grouped previous version's nine small objectives into three complex-looking objectives.
• The objective of the domain "Cryptography" has also been regrouped into four new objectives covering general cryptography concepts, cryptographic tools and products, and core concepts of public key infrastructure. The weighting of the domain "Cryptography" has also decreased from 15% to 11%.