Backout Plan → steps to restore systems if a change fails.
Maintenance Window → scheduled downtime for patches/config changes.
SOPs → formal step-by-step procedures for repeatable security tasks.
Data Types (Security+ exam focus)
Regulated Data → governed by laws (HIPAA, GDPR, etc.).
Trade Secrets → internal business data giving competitive advantage.
Intellectual Property → creations of the mind protected by law.
Financial Information → transactions, liabilities, assets.
Legal Information → contracts, cases, attorney-client communications.
Human-readable vs. Non-human readable → plaintext vs. binary/encrypted.
Threats & Vulnerabilities
IoT / Embedded Systems → medical devices, printers, wearables, home automation all carry security risks.
Supply Chain Attacks → mitigate with certified vendors, multiple vendors, tamper checks, integrating supply chain into risk management.
Reflections
Security+ keeps reinforcing the risk lifecycle: identify, assess, mitigate, monitor.
Clear lesson today: structure matters. Without SOPs, backout plans, and maintenance windows, even good intentions in change management can introduce chaos.
IoT threats stood out — even a simple printer can be a pivot point for attackers.