Core security principles including the CIA triad (confidentiality, integrity, availability), threat actors and attack motivations, common attack vectors, vulnerabilities and risk concepts. Introduction to security controls such as administrative, technical, and physical controls, defense in depth, least privilege, and security awareness fundamentals required for Security+.

Networking essentials for security: OSI/TCP-IP models, IPv4/IPv6 addressing, basic subnetting, and common ports and protocols (DNS, DHCP, HTTP/HTTPS, SSH, RDP). Covers segmentation and VLANs, firewalls and NAT, proxies and VPNs, wireless security basics (WPA2/WPA3), and traffic monitoring.

Security procedures and operational policies: account and privilege management (joiner/mover/leaver), password policies and MFA, patch and change management, backups and data retention. Includes system hardening, secure configurations, logging, auditing, and compliance.

Incident response process: detection, analysis, containment, eradication, and recovery, followed by lessons learned. Includes severity classification, evidence collection and preservation, chain of custody, communication, and escalation.

Security tools used in real environments: antivirus and EDR, SIEM and log management, IDS/IPS, vulnerability scanning and patch management tools. Includes PKI and digital certificates, MFA and SSO, and network utilities for analysis and troubleshooting.

Security monitoring, logging, SIEM, detection engineering, and threat hunting: event analysis, correlation, detection rules, false positive reduction, and alert triage.