```latex % !TEX program = xelatex \documentclass[11pt]{article} % Encoding and fonts \usepackage{fontspec} \setmainfont{TeX Gyre Pagella} \setsansfont{TeX Gyre Heros} \setmonofont{JetBrains Mono} \usepackage{xcolor} \usepackage[a4paper,margin=0.7in]{geometry} \usepackage{enumitem} \usepackage{titlesec} \usepackage{hyperref} \hypersetup{ colorlinks=true, urlcolor=[rgb]{0.0,0.2,0.6}, linkcolor=[rgb]{0.0,0.2,0.6}, citecolor=[rgb]{0.0,0.2,0.6} } \usepackage{fancyhdr} \usepackage{microtype} \usepackage{array} \usepackage{multicol} \usepackage{tabularx} \usepackage{graphicx} \usepackage{tikz} \usetikzlibrary{shapes.symbols,arrows.meta,fit,positioning,calc} \usepackage[most]{tcolorbox} \tcbuselibrary{skins,breakable} \usepackage{pifont} % ── Colour palette ───────────────────────────────────────────────────────────── \definecolor{SecNavy}{HTML}{0D3B6E} % Header banner \definecolor{SecRed}{HTML}{C8102E} % Section headings \definecolor{ExamGold}{HTML}{F2C94C} % Key Point box accent \definecolor{InfoBlue}{HTML}{2D9CDB} % Note box border \definecolor{SoftGray}{HTML}{F4F6F8} % Note box background \definecolor{Ink}{HTML}{1F2937} % Body text \definecolor{GreenOK}{HTML}{2E7D32} % Check marks \definecolor{Warn}{HTML}{B00020} % Warning / X marks \definecolor{CodeBg}{HTML}{F0F4F8} % Shaded table bg (unused but available) % Domain bar colours (blue gradient) \definecolor{D1col}{HTML}{1565C0} \definecolor{D2col}{HTML}{1976D2} \definecolor{D3col}{HTML}{0288D1} \definecolor{D4col}{HTML}{00838F} \definecolor{D5col}{HTML}{00695C} \pagecolor{white} \color{Ink} % ── Section formatting ────────────────────────────────────────────────────────── \titleformat{\section}{\Large\bfseries\sffamily\color{SecRed}}{}{0em}{} \titleformat{\subsection}{\large\bfseries\sffamily\color{Ink}}{}{0em}{} \titleformat{\subsubsection}{\bfseries\sffamily\color{Ink}}{}{0em}{} \setlist[itemize]{topsep=4pt,itemsep=2pt,parsep=0pt,partopsep=2pt} \setlist[enumerate]{topsep=4pt,itemsep=2pt,parsep=0pt,partopsep=2pt} % ── Custom boxes ─────────────────────────────────────────────────────────────── \newtcolorbox{examhint}{ enhanced, breakable, colback=ExamGold!20, colframe=SecRed!70!black, coltitle=black, title={Key Point}, fonttitle=\bfseries\sffamily, attach boxed title to top left={yshift=-2mm, xshift=3mm}, boxed title style={colback=ExamGold, colframe=SecRed!70!black}, left=6mm,right=6mm,top=3mm,bottom=3mm } \newtcolorbox{lecturehint}{ enhanced, breakable, colback=SoftGray, colframe=InfoBlue!60!black, title={Note}, fonttitle=\bfseries\sffamily, left=6mm,right=6mm,top=3mm,bottom=3mm } \newtcolorbox{definition}{ enhanced, breakable, colback=white, colframe=Ink!20!black, title={Definition}, fonttitle=\bfseries\sffamily, borderline west={2pt}{0pt}{InfoBlue}, left=6mm,right=6mm,top=3mm,bottom=3mm } \newtcolorbox{examplebox}{ enhanced, breakable, colback=white, colframe=Ink!20!black, title={Example}, fonttitle=\bfseries\sffamily, borderline west={2pt}{0pt}{SecRed}, left=6mm,right=6mm,top=3mm,bottom=3mm } \newcommand{\cmark}{\textcolor{GreenOK}{\ding{51}}} \newcommand{\xmark}{\textcolor{Warn}{\ding{55}}} \usepackage{advdate} % ── Custom maketitle ─────────────────────────────────────────────────────────── \makeatletter \def\maketitle{% \AdvanceDate[-1] % Brand banner \begin{tcolorbox}[ enhanced, sharp corners, boxrule=0pt, colback=SecNavy, colframe=SecNavy, left=5mm, right=5mm, top=4mm, bottom=4mm, after skip=0pt, ] \begin{minipage}[c]{0.6\linewidth} {\fontsize{22}{24}\selectfont\sffamily\bfseries\color{white}PM}% \hspace{7pt}{\small\sffamily\color{white!60!SecNavy}ProfessorMesser.com} \end{minipage}% \begin{minipage}[c]{0.4\linewidth} \raggedleft{\small\sffamily\itshape\color{white!60!SecNavy}\today} \end{minipage} \end{tcolorbox} \AdvanceDate[1] % Title block \begin{tcolorbox}[ enhanced, sharp corners, colback=white, frame hidden, before skip=0pt, borderline west={0.4pt}{0pt}{Ink!15}, borderline east={0.4pt}{0pt}{Ink!15}, borderline south={0.4pt}{0pt}{Ink!15}, left=2mm, right=2mm, top=5mm, bottom=5mm, ] {\LARGE\sffamily\bfseries\color{Ink}How to Pass Your SY0-701 Security\texttt{+} Exam in 2026} \par\vspace{3pt} {\small\sffamily\color{SecNavy!80!black}SY0-701 Series\enspace\textbullet\enspace Security\texttt{+}} \end{tcolorbox} \vspace{1em} } \makeatother \pagestyle{fancy} \fancyhf{} \fancyfoot[L]{\small\sffamily\color{Ink}ProfessorMesser.com} \fancyfoot[C]{\small\sffamily\color{Ink}\thepage} \fancyfoot[R]{\small\sffamily\color{Ink}SY0-701: Course Overview} \renewcommand{\headrulewidth}{0pt} \begin{document} \maketitle % ── OVERVIEW ────────────────────────────────────────────────────────────────── \section*{Overview} This is the course introduction for Professor Messer's SY0-701 Security\texttt{+} training. It covers: \begin{enumerate} \item What CompTIA and the Security\texttt{+} certification are, and why they matter. \item Exam format: timing, scoring, and question types. \item The five exam domains and their weightings. \item How this course is structured and how to use it effectively. \item Study strategy: videos, books, hands-on practice, and practice exams. \item How and where to take the exam. \end{enumerate} % ── ABOUT COMPTIA ───────────────────────────────────────────────────────────── \section*{About CompTIA} \begin{definition} \textbf{CompTIA} (Computing Technology Industry Association) --- The largest provider of vendor-independent IT certifications in the world. Certifications are recognized in over 100~countries and exams are available in multiple languages. Members include IT resellers, distributors, manufacturers, and technology organizations. \end{definition} CompTIA's core certification track relevant to security careers: \vspace{0.4em} \begin{center} \begin{tikzpicture}[ node distance=1.5cm, box/.style={ rectangle, rounded corners=4pt, draw=Ink!30, fill=SoftGray, minimum width=2.6cm, minimum height=0.9cm, font=\sffamily\small\bfseries, align=center }, arrow/.style={-{Stealth[length=6pt]}, thick, color=InfoBlue} ] \node[box] (ap) {A\texttt{+}}; \node[box, right=of ap] (np) {Network\texttt{+}}; \node[box, right=of np, draw=SecRed!60, fill=ExamGold!25] (sp) {Security\texttt{+}}; \node[box, right=of sp] (adv) {CySA\texttt{+} /\\CASP\texttt{+}}; \draw[arrow] (ap) -- (np); \draw[arrow] (np) -- (sp); \draw[arrow] (sp) -- (adv); \end{tikzpicture} \end{center} \vspace{0.4em} \begin{examhint} Many government agencies and large corporations \textbf{require} a Security\texttt{+} certification as a condition of employment, particularly in cybersecurity and IT security roles. Even where it is not mandatory, it signals a verified baseline of knowledge to employers. \end{examhint} % ── EXAM VERSION ────────────────────────────────────────────────────────────── \section*{Exam Version: SY0-701} \begin{definition} \textbf{SY0-701} --- The current version of the CompTIA Security\texttt{+} exam, released on \textbf{November 7, 2023}. Study materials must be specifically written for this version. Always verify at \texttt{comptia.org} that SY0-701 is still the active exam before sitting. \end{definition} \begin{lecturehint} CompTIA retires older exam versions when a new one is released. If a newer exam version has launched since this video was recorded, return to \texttt{professormesser.com} and look for an updated course matching that version. \end{lecturehint} % ── EXAM FORMAT ─────────────────────────────────────────────────────────────── \section*{Exam Format at a Glance} \vspace{0.5em} \begin{center} \begin{tabularx}{0.85\textwidth}{ >{\raggedright\arraybackslash}X >{\raggedright\arraybackslash}X } \hline \textbf{Attribute} & \textbf{Detail} \\ \hline Duration & 90 minutes \\ Maximum questions & Up to 90 (you may receive fewer) \\ Scoring scale & 100 -- 900 \\ Passing score & \textbf{750 out of 900} \\ Question types & Multiple choice \emph{and} performance-based questions (PBQs) \\ Delivery options & Pearson VUE testing centre \emph{or} online proctored (at home) \\ \hline \end{tabularx} \end{center} \vspace{0.5em} \begin{examhint} The scoring scale of 100--900 is \textbf{not} a simple percentage. A score of 750 does not mean 75\% correct. CompTIA uses a scaled scoring model, so do not try to back-calculate a raw pass mark from these numbers. \end{examhint} % ── QUESTION TYPES ──────────────────────────────────────────────────────────── \section*{Question Types} \subsection*{Multiple Choice (MCQs)} The majority of questions. A single stem with four answer options (A, B, C, D). Straightforward selection --- only one answer is correct and earns the full point value for that question. \subsection*{Performance-Based Questions (PBQs)} \begin{definition} \textbf{Performance-Based Question (PBQ)} --- An interactive question that requires you to \emph{perform a task} rather than simply select an answer. Formats include matching, drag-and-drop, sorting, and simulated environments (e.g.\ configuring a firewall rule or analysing a log file). \end{definition} \begin{examhint} PBQs typically appear at the \textbf{very beginning} of your exam. They are often more time-consuming than MCQs. A common strategy: flag any PBQ you find difficult, skip it, work through all the MCQs first, then return with remaining time. Do not let one hard PBQ eat up your entire 90 minutes. \end{examhint} % ── THE FIVE DOMAINS ────────────────────────────────────────────────────────── \section*{The Five Exam Domains} \begin{center} \begin{tikzpicture} % Horizontal bar chart — total width = 10cm represents 100% \def\barh{0.52} % bar height \def\barsep{0.82} % vertical separation between bar centres \def\totalw{10} % 10cm = 100% % Domain data: {label}{percent}{colour} \foreach \lbl/\pct/\col/\idx in {% {1.0\enspace General Security Concepts}/12/D1col/4,% {2.0\enspace Threats, Vulnerabilities \& Mitigations}/22/D2col/3,% {3.0\enspace Security Architecture}/18/D3col/2,% {4.0\enspace Security Operations}/28/D4col/1,% {5.0\enspace Program Management \& Oversight}/20/D5col/0% }{ \pgfmathsetmacro{\bw}{\pct*\totalw/100} \filldraw[\col, rounded corners=2pt] (0, \idx*\barsep) rectangle (\bw, \idx*\barsep+\barh); \node[anchor=west, font=\sffamily\footnotesize, color=white] at (0.12, \idx*\barsep+\barh/2) {\lbl}; \node[anchor=west, font=\sffamily\small\bfseries, color=Ink] at (\bw+0.15, \idx*\barsep+\barh/2) {\pct\%}; } % x-axis tick labels \foreach \x/\lbl in {0/0, 2.5/25, 5/50, 7.5/75, 10/100}{ \draw[Ink!25, thin] (\x, -0.25) -- (\x, 4*\barsep+\barh+0.1); \node[font=\tiny\sffamily, color=Ink!50, below] at (\x,-0.25) {\lbl\%}; } \end{tikzpicture} \end{center} \vspace{0.5em} \begin{center} \begin{tabularx}{0.97\textwidth}{ l >{\raggedright\arraybackslash}X c } \hline \textbf{Domain} & \textbf{Topic Area} & \textbf{Exam Weight} \\ \hline 1.0 & General Security Concepts & 12\% \\ 2.0 & Threats, Vulnerabilities, and Mitigations & \textbf{22\%} \\ 3.0 & Security Architecture & 18\% \\ 4.0 & Security Operations & \textbf{28\%} \\ 5.0 & Security Program Management and Oversight & 20\% \\ \hline & \textbf{Total} & \textbf{100\%} \\ \hline \end{tabularx} \end{center} \vspace{0.5em} \begin{examhint} \textbf{Domain 4 (Security Operations, 28\%)} is the single largest domain --- more than a quarter of your exam. \textbf{Domain 2 (Threats, Vulnerabilities \& Mitigations, 22\%)} is second. Together they account for exactly half the exam. Weight your study time accordingly. \end{examhint} % ── ABOUT THE COURSE ────────────────────────────────────────────────────────── \section*{About This Course} \subsection*{Structure} \begin{itemize} \item \textbf{120+ videos} covering every bullet point in the official CompTIA exam objectives. \item Videos are \textbf{numbered to match the exam objectives} (e.g.\ video 2.3 maps to objective 2.3), making cross-referencing with the objectives or a textbook effortless. \item Designed for \textbf{linear or non-linear} use --- watch start-to-finish, or jump directly to the topic you need and jump back out. \end{itemize} \subsection*{Access} \begin{itemize} \item Every video is \textbf{free to watch on YouTube} --- no paywall, no hidden content. \item An \textbf{offline download package} (video + audio files) is available for purchase at \texttt{professormesser.com}. \item Additional paid study materials: \textbf{course notes} and \textbf{practice exams}. \end{itemize} \begin{lecturehint} This course functions as both a \textbf{primary learning path} and a \textbf{living reference}. Each video is self-contained enough to revisit a single topic months later without re-watching the whole course. That design makes it far more valuable than a one-time watch. \end{lecturehint} % ── STUDY STRATEGY ──────────────────────────────────────────────────────────── \section*{Recommended Study Strategy} \begin{enumerate} \item \textbf{Download the official exam objectives.} Available free at \texttt{comptia.org} (direct link also at \texttt{professormesser.com/objectives}). Use them as your master checklist --- every objective on that list is testable. \item \textbf{Watch the videos alongside the objectives.} Video numbering mirrors the objective numbering exactly. Check off each objective as you cover it. \item \textbf{Read a good textbook.} Supplement video learning with a book that cross-references the CompTIA objectives. Most include an appendix or chapter-level objective mapping. \item \textbf{Get hands-on practice.} Set up lab environments to try the techniques covered. Practical exposure is the difference between memorisation and genuine understanding. \item \textbf{Run practice exams before the real thing.} Practice exams reveal gaps, build exam-pacing instincts, and familiarise you with question styles. Multiple practice sessions strongly recommended. \end{enumerate} \begin{examhint} The official CompTIA exam objectives are \textbf{the authoritative source of truth} for what will and will not appear on your exam. Every minute of this course is written to align with those objectives. If a topic is not in the objectives, it is not on your exam. \end{examhint} % ── EXAM DELIVERY ───────────────────────────────────────────────────────────── \section*{Exam Delivery Options} \begin{center} \begin{tabularx}{0.96\textwidth}{ >{\raggedright\arraybackslash}X >{\raggedright\arraybackslash}X } \hline \textbf{Testing Centre (Pearson VUE)} & \textbf{Online Proctored (At Home)} \\ \hline Dedicated exam room at a training centre, community college, or similar facility & You sit the exam from your own home via webcam proctoring \\[4pt] All equipment provided --- just arrive at the right time & You supply the hardware; CompTIA specifies exact requirements \\[4pt] Controlled, standardised environment --- no setup on your part & More flexibility in scheduling, but room must meet CompTIA's security rules \\[4pt] Preferred by those who want zero technical setup & Preferred by those with restricted travel or tight schedules \\ \hline \end{tabularx} \end{center} \vspace{0.4em} \begin{lecturehint} CompTIA holds the at-home testing environment to the same security standard as a physical centre. Check \texttt{comptia.org} for the current rules before choosing this option --- requirements around room setup, lighting, permitted items, and ID verification are strict. \end{lecturehint} % ── COMMUNITY AND RESOURCES ─────────────────────────────────────────────────── \section*{Community \& Resources} \begin{center} \begin{tabularx}{0.96\textwidth}{ >{\raggedright\arraybackslash}X >{\raggedright\arraybackslash}X } \hline \textbf{Resource} & \textbf{Where to Find It} \\ \hline Free video course (all 120+ videos) & YouTube / \texttt{professormesser.com} \\ Offline download (video + audio) & \texttt{professormesser.com} (paid) \\ Course notes & \texttt{professormesser.com} (paid) \\ Practice exams & \texttt{professormesser.com} (paid) \\ Official exam objectives & \texttt{professormesser.com/objectives} $\to$ CompTIA \\ Discord community & \texttt{professormesser.com/discord} \\ Monthly live study groups & \texttt{professormesser.com} (Professor Messer Q\&A) \\ \hline \end{tabularx} \end{center} % ── KEY CONCEPTS SUMMARY ────────────────────────────────────────────────────── \section*{Key Concepts Summary} \begin{definition} \textbf{CompTIA Security\texttt{+} (SY0-701)} --- Vendor-independent, globally recognised entry-level cybersecurity certification. Released November 7, 2023. Required by many government and large enterprise employers.\\[4pt] \textbf{Exam format} --- 90 minutes, up to 90 questions, scored 100--900, pass mark 750.\\[4pt] \textbf{Question types} --- Multiple choice (majority) and performance-based questions (PBQs) which appear at the start of the exam and require interactive task completion.\\[4pt] \textbf{Five domains} --- General Security Concepts (12\%), Threats/Vulnerabilities/Mitigations (22\%), Security Architecture (18\%), Security Operations (28\%), Program Management \& Oversight (20\%). Total: 100\%.\\[4pt] \textbf{Exam objectives} --- The definitive list of testable content, free from \texttt{comptia.org}. Every topic in this course maps directly to an objective. \end{definition} % ── QUICK REFERENCE CHECKLIST ───────────────────────────────────────────────── \section*{Quick Reference Checklist} \begin{multicols}{2} \begin{itemize}[leftmargin=8pt] \item CompTIA = largest independent IT cert body \cmark \item Security\texttt{+} recognized in 100+ countries \cmark \item Many employers require Security\texttt{+} \cmark \item Current exam version: SY0-701 (Nov 2023) \cmark \item Verify version still current before studying \cmark \item 90 min exam, up to 90 questions \cmark \item Scoring scale: 100--900; pass = 750 \cmark \item Scaled score --- not a raw percentage \cmark \item Two types: MCQs and PBQs \cmark \item PBQs appear at the start of exam \cmark \item Domain 4 (Ops, 28\%) is largest \cmark \item Domains 2 + 4 = 50\% of exam \cmark \item 120+ videos, all free on YouTube \cmark \item Videos numbered to match objectives \cmark \item Download objectives from comptia.org \cmark \item Study path: videos $\to$ book $\to$ hands-on $\to$ practice exams \cmark \item Testing centre or online proctored \cmark \item Community: Discord + monthly study groups \cmark \end{itemize} \end{multicols} \end{document} ``` ```latex % !TEX program = xelatex \documentclass[11pt]{article} % Encoding and fonts \usepackage{fontspec} \setmainfont{TeX Gyre Pagella} \setsansfont{TeX Gyre Heros} \setmonofont{JetBrains Mono} \usepackage{xcolor} \usepackage[a4paper,margin=0.7in]{geometry} \usepackage{enumitem} \usepackage{titlesec} \usepackage{hyperref} \hypersetup{ colorlinks=true, urlcolor=[rgb]{0.0,0.2,0.6}, linkcolor=[rgb]{0.0,0.2,0.6}, citecolor=[rgb]{0.0,0.2,0.6} } \usepackage{fancyhdr} \usepackage{microtype} \usepackage{array} \usepackage{multicol} \usepackage{tabularx} \usepackage{booktabs} \usepackage{colortbl} \usepackage{graphicx} \usepackage{tikz} \usetikzlibrary{arrows.meta,positioning,calc} \usepackage[most]{tcolorbox} \tcbuselibrary{skins,breakable} \usepackage{pifont} % ── Colour palette ───────────────────────────────────────────────────────────── \definecolor{SecNavy}{HTML}{0D3B6E} \definecolor{SecRed}{HTML}{C8102E} \definecolor{ExamGold}{HTML}{F2C94C} \definecolor{InfoBlue}{HTML}{2D9CDB} \definecolor{SoftGray}{HTML}{F4F6F8} \definecolor{Ink}{HTML}{1F2937} \definecolor{GreenOK}{HTML}{2E7D32} \definecolor{Warn}{HTML}{B00020} % Category column header colours \definecolor{ColTech}{HTML}{1565C0} \definecolor{ColMgmt}{HTML}{00695C} \definecolor{ColOps}{HTML}{6A1B9A} \definecolor{ColPhys}{HTML}{BF360C} % Control type row shading \definecolor{RowShade}{HTML}{F0F4F8} \pagecolor{white} \color{Ink} % ── Section formatting ────────────────────────────────────────────────────────── \titleformat{\section}{\Large\bfseries\sffamily\color{SecRed}}{}{0em}{} \titleformat{\subsection}{\large\bfseries\sffamily\color{Ink}}{}{0em}{} \titleformat{\subsubsection}{\normalsize\bfseries\sffamily\color{Ink}}{}{0em}{} \setlist[itemize]{topsep=4pt,itemsep=2pt,parsep=0pt,partopsep=2pt} \setlist[enumerate]{topsep=4pt,itemsep=2pt,parsep=0pt,partopsep=2pt} % ── Custom boxes ─────────────────────────────────────────────────────────────── \newtcolorbox{examhint}{ enhanced, breakable, colback=ExamGold!20, colframe=SecRed!70!black, coltitle=black, title={Key Point}, fonttitle=\bfseries\sffamily, attach boxed title to top left={yshift=-2mm, xshift=3mm}, boxed title style={colback=ExamGold, colframe=SecRed!70!black}, left=6mm,right=6mm,top=3mm,bottom=3mm } \newtcolorbox{lecturehint}{ enhanced, breakable, colback=SoftGray, colframe=InfoBlue!60!black, title={Note}, fonttitle=\bfseries\sffamily, left=6mm,right=6mm,top=3mm,bottom=3mm } \newtcolorbox{definition}{ enhanced, breakable, colback=white, colframe=Ink!20!black, title={Definition}, fonttitle=\bfseries\sffamily, borderline west={2pt}{0pt}{InfoBlue}, left=6mm,right=6mm,top=3mm,bottom=3mm } \newtcolorbox{examplebox}{ enhanced, breakable, colback=white, colframe=Ink!20!black, title={Example}, fonttitle=\bfseries\sffamily, borderline west={2pt}{0pt}{SecRed}, left=6mm,right=6mm,top=3mm,bottom=3mm } \newcommand{\cmark}{\textcolor{GreenOK}{\ding{51}}} \newcommand{\xmark}{\textcolor{Warn}{\ding{55}}} \usepackage{advdate} % ── maketitle ───────────────────────────────────────────────────────────────── \makeatletter \def\maketitle{% \AdvanceDate[-1] \begin{tcolorbox}[ enhanced, sharp corners, boxrule=0pt, colback=SecNavy, colframe=SecNavy, left=5mm, right=5mm, top=4mm, bottom=4mm, after skip=0pt, ] \begin{minipage}[c]{0.6\linewidth} {\fontsize{22}{24}\selectfont\sffamily\bfseries\color{white}PM}% \hspace{7pt}{\small\sffamily\color{white!60!SecNavy}ProfessorMesser.com} \end{minipage}% \begin{minipage}[c]{0.4\linewidth} \raggedleft{\small\sffamily\itshape\color{white!60!SecNavy}\today} \end{minipage} \end{tcolorbox} \AdvanceDate[1] \begin{tcolorbox}[ enhanced, sharp corners, colback=white, frame hidden, before skip=0pt, borderline west={0.4pt}{0pt}{Ink!15}, borderline east={0.4pt}{0pt}{Ink!15}, borderline south={0.4pt}{0pt}{Ink!15}, left=2mm, right=2mm, top=5mm, bottom=5mm, ] {\LARGE\sffamily\bfseries\color{Ink}Security Controls} \par\vspace{3pt} {\small\sffamily\color{SecNavy!80!black}% SY0-701 Series\enspace\textbullet\enspace Domain 1: General Security Concepts\enspace\textbullet\enspace Objective 1.1} \end{tcolorbox} \vspace{1em} } \makeatother \pagestyle{fancy} \fancyhf{} \fancyfoot[L]{\small\sffamily\color{Ink}ProfessorMesser.com} \fancyfoot[C]{\small\sffamily\color{Ink}\thepage} \fancyfoot[R]{\small\sffamily\color{Ink}1.1 --- Security Controls} \renewcommand{\headrulewidth}{0pt} \begin{document} \maketitle % ── OVERVIEW ────────────────────────────────────────────────────────────────── \section*{Overview} Security isn't just about protecting data --- it covers physical systems, buildings, and people. Controls are the mechanisms we use to manage security risk across all of these surfaces. This video introduces the two-axis framework CompTIA uses to classify every security control: \begin{itemize} \item \textbf{Four control categories} --- the \emph{nature} of a control (technical, managerial, operational, physical). \item \textbf{Six control types} --- the \emph{purpose} of a control (preventive, deterrent, detective, corrective, compensating, directive). \end{itemize} \noindent Any real-world control can be placed at the intersection of one category and one type. Mastering the matrix is the core exam skill for this objective. % ── THE FOUR CATEGORIES ─────────────────────────────────────────────────────── \section*{The Four Control Categories} Categories describe \emph{how} a control is implemented. \vspace{0.5em} \begin{center} \begin{tabularx}{0.97\textwidth}{ >{\raggedright\arraybackslash\bfseries\sffamily}p{2.9cm} >{\raggedright\arraybackslash}X >{\raggedright\arraybackslash}X } \toprule \textbf{Category} & \textbf{What it is} & \textbf{Quick examples} \\ \midrule \rowcolor{ColTech!8} \textcolor{ColTech}{Technical} & Controls implemented through a technology system & Firewalls, antivirus, OS policies, encryption \\[4pt] \rowcolor{ColMgmt!8} \textcolor{ColMgmt}{Managerial} & Controls embedded in policies, procedures, and documentation & Security policies, SOPs, onboarding procedures \\[4pt] \rowcolor{ColOps!8} \textcolor{ColOps}{Operational} & Controls implemented through people and day-to-day processes & Security guards, awareness training, lunch-and-learns \\[4pt] \rowcolor{ColPhys!8} \textcolor{ColPhys}{Physical} & Controls that restrict physical access to spaces or devices & Fences, locks, badge readers, guard shacks \\ \bottomrule \end{tabularx} \end{center} % ── THE SIX CONTROL TYPES ───────────────────────────────────────────────────── \section*{The Six Control Types} Types describe \emph{what} a control does --- its role in the security lifecycle. \subsection*{1. Preventive} \begin{definition} \textbf{Preventive} --- Stops an event from occurring in the first place by blocking or restricting access to a resource. \end{definition} \begin{itemize} \item \textcolor{ColTech}{\textbf{Technical:}} Firewall rules blocking network access \item \textcolor{ColMgmt}{\textbf{Managerial:}} Onboarding policy governing new-hire access \item \textcolor{ColOps}{\textbf{Operational:}} Guard shack checking identification on entry \item \textcolor{ColPhys}{\textbf{Physical:}} Door locks \end{itemize} \subsection*{2. Deterrent} \begin{definition} \textbf{Deterrent} --- Does not physically prevent access but discourages an attacker from proceeding by making them think twice about the consequences. \end{definition} \begin{itemize} \item \textcolor{ColTech}{\textbf{Technical:}} Login splash screen warning unauthorized users \item \textcolor{ColMgmt}{\textbf{Managerial:}} Threat of demotion or dismissal in policy \item \textcolor{ColOps}{\textbf{Operational:}} Reception desk greeting every arrival \item \textcolor{ColPhys}{\textbf{Physical:}} Warning signs (``trespassers will be prosecuted'') \end{itemize} \begin{examhint} Preventive \emph{blocks} access. Deterrent \emph{discourages} access. A locked door is preventive; a ``Warning: CCTV in operation'' sign is a deterrent. Both can coexist on the same door --- they are different control types operating in the same physical category. \end{examhint} \subsection*{3. Detective} \begin{definition} \textbf{Detective} --- Identifies and records that a breach or anomaly has occurred. Does not prevent the event but provides a warning and creates an audit trail. \end{definition} \begin{itemize} \item \textcolor{ColTech}{\textbf{Technical:}} System log collection and review \item \textcolor{ColMgmt}{\textbf{Managerial:}} Regular review of login reports \item \textcolor{ColOps}{\textbf{Operational:}} Security guard patrolling the property \item \textcolor{ColPhys}{\textbf{Physical:}} Motion detectors triggering an alert \end{itemize} \subsection*{4. Corrective} \begin{definition} \textbf{Corrective} --- Applied \emph{after} an event has been detected. Aims to reverse the impact or restore normal operations with minimal downtime. \end{definition} \begin{itemize} \item \textcolor{ColTech}{\textbf{Technical:}} Wiping a ransomware-infected machine and restoring from backup \item \textcolor{ColMgmt}{\textbf{Managerial:}} Incident-reporting policy triggering alerts on unusual activity \item \textcolor{ColOps}{\textbf{Operational:}} Contacting law enforcement after a physical intrusion \item \textcolor{ColPhys}{\textbf{Physical:}} Fire extinguisher stopping a fire from spreading \end{itemize} \subsection*{5. Compensating} \begin{definition} \textbf{Compensating} --- A substitute control used when the ideal fix is unavailable. Often temporary, bridging the gap until a permanent solution can be implemented. \end{definition} \begin{itemize} \item \textcolor{ColTech}{\textbf{Technical:}} Firewall rule blocking the vulnerable port while waiting for a vendor patch \item \textcolor{ColMgmt}{\textbf{Managerial:}} Separation of duties to limit the blast radius of any single compromise \item \textcolor{ColOps}{\textbf{Operational:}} Requiring multiple security guards on shift simultaneously so no single guard has complete access \item \textcolor{ColPhys}{\textbf{Physical:}} Generator supplying power while mains power is restored \end{itemize} \begin{examhint} Compensating controls are \textbf{workarounds}, not fixes. A question scenario like ``the patch isn't available yet, so they blocked the port'' is describing a compensating control. \end{examhint} \subsection*{6. Directive} \begin{definition} \textbf{Directive} --- Instructs or guides people toward secure behaviour. Considered the \textbf{weakest} control type because compliance depends on user decision-making, not enforcement. \end{definition} \begin{itemize} \item \textcolor{ColTech}{\textbf{Technical:}} Policy requiring users to save sensitive files to an encrypted folder \item \textcolor{ColMgmt}{\textbf{Managerial:}} Compliance policies and procedures documented in the security policy \item \textcolor{ColOps}{\textbf{Operational:}} Security awareness training courses \item \textcolor{ColPhys}{\textbf{Physical:}} ``Authorized Personnel Only'' sign on an unlocked door \end{itemize} \begin{examhint} Directive is the weakest type because it relies on the user to \emph{choose} to comply. Compare ``Authorized Personnel Only'' (directive --- just a sign) with a badge reader (preventive --- physically blocks entry). The sign \emph{directs}; the badge reader \emph{enforces}. \end{examhint} % ── LIFECYCLE TIMELINE ──────────────────────────────────────────────────────── \section*{Control Types Along the Attack Lifecycle} \vspace{0.5em} \begin{center} \begin{tikzpicture}[ node distance=0.7cm and 0.5cm, tbox/.style={ rectangle, rounded corners=3pt, draw=Ink!30, fill=SoftGray, minimum height=0.85cm, minimum width=2.3cm, font=\sffamily\footnotesize\bfseries, align=center }, event/.style={ rectangle, rounded corners=3pt, draw=Warn!60, fill=Warn!15, minimum height=0.85cm, minimum width=2.0cm, font=\sffamily\footnotesize\bfseries\color{Warn}, align=center }, arr/.style={-{Stealth[length=5pt]}, thick, color=Ink!40}, lbl/.style={font=\tiny\sffamily\color{Ink!60}, align=center} ] \node[tbox, fill=ColMgmt!12, draw=ColMgmt!40] (prev) {Preventive}; \node[tbox, fill=ColTech!12, draw=ColTech!40, right=of prev] (det) {Deterrent}; \node[event, right=1.2cm of det] (atk) {Attack /\\Incident}; \node[tbox, fill=ColOps!12, draw=ColOps!40, right=1.2cm of atk] (detect) {Detective}; \node[tbox, fill=ColPhys!12, draw=ColPhys!40, right=of detect] (corr) {Corrective}; \node[tbox, fill=ExamGold!20, draw=ExamGold!60, below=0.9cm of atk] (comp) {Compensating}; \node[tbox, fill=Ink!6, draw=Ink!25, below=0.9cm of prev] (dir) {Directive}; \draw[arr] (prev) -- (det); \draw[arr] (det) -- (atk); \draw[arr] (atk) -- (detect); \draw[arr] (detect) -- (corr); \node[lbl, above=0.05cm of prev] {blocks}; \node[lbl, above=0.05cm of det] {discourages}; \node[lbl, above=0.05cm of detect]{identifies}; \node[lbl, above=0.05cm of corr] {repairs}; \draw[arr, dashed, color=ExamGold!80!Ink] (comp) -- (atk) node[midway, right, lbl] {substitute\\when ideal\\fix absent}; \draw[arr, dashed, color=Ink!30] (dir) -- (prev) node[midway, below, lbl, xshift=4pt] {weakest ---\\guides only}; \end{tikzpicture} \end{center} \vspace{0.5em} % ── THE MASTER MATRIX ───────────────────────────────────────────────────────── \section*{The Master Matrix --- Control Types \texttimes{} Categories} \noindent Each cell shows a representative example from the video. Many other valid examples exist for every cell; these are not the only answers. \vspace{0.6em} {\small \begin{tabularx}{\textwidth}{ >{\raggedright\arraybackslash\bfseries\sffamily}p{2.2cm} >{\raggedright\arraybackslash}X >{\raggedright\arraybackslash}X >{\raggedright\arraybackslash}X >{\raggedright\arraybackslash}X } \toprule & \cellcolor{ColTech!18}\textcolor{ColTech}{\textbf{Technical}} & \cellcolor{ColMgmt!18}\textcolor{ColMgmt}{\textbf{Managerial}} & \cellcolor{ColOps!18}\textcolor{ColOps}{\textbf{Operational}} & \cellcolor{ColPhys!18}\textcolor{ColPhys}{\textbf{Physical}} \\ \midrule \rowcolor{RowShade} Preventive & Firewall rules & Onboarding policy & Guard shack ID check & Door locks \\ Deterrent & Login splash screen & Demotion / dismissal threat & Reception desk & Warning signs \\ \rowcolor{RowShade} Detective & System log collection & Regular login report review & Property patrol & Motion detectors \\ Corrective & Restore from backup & Incident reporting policy & Contact law enforcement & Fire extinguisher \\ \rowcolor{RowShade} Compensating & Firewall rule blocking vulnerable port & Separation of duties & Multiple simultaneous guards & Power generator \\ Directive & Encrypted folder storage policy & Compliance policies \& procedures & Security awareness training & ``Authorized Personnel Only'' sign \\ \bottomrule \end{tabularx} } \vspace{0.5em} \begin{lecturehint} The same matrix is what Messer calls the ``squares'' --- every intersection is a valid exam question target. Practice by covering one cell and naming your own example, then check whether it belongs to the right category \emph{and} the right type. \end{lecturehint} % ── KEY DISTINCTIONS ────────────────────────────────────────────────────────── \section*{Key Distinctions for the Exam} \begin{examhint} \textbf{Preventive vs.\ Deterrent} --- A preventive control \emph{stops} the action (locked door). A deterrent makes someone think twice but cannot stop a determined attacker (warning sign). If physical access is actually blocked, it's preventive; if it only discourages, it's deterrent. \end{examhint} \begin{examhint} \textbf{Detective vs.\ Corrective} --- Detective controls fire \emph{during or just after} an event and create a record (logs, motion sensors). Corrective controls fire \emph{in response} to a detected event to restore operations (restoring from backup, calling the police). Detection always precedes correction. \end{examhint} \begin{examhint} \textbf{Compensating vs.\ Corrective} --- Corrective fixes a known incident. Compensating manages an ongoing risk when the proper control isn't yet possible (e.g.\ blocking a port because the patch hasn't been released). Compensating is a \emph{workaround}; corrective is a \emph{remedy}. \end{examhint} \begin{examhint} \textbf{Directive is the weakest type.} It depends entirely on user compliance --- there is nothing enforcing the behaviour. An unlocked door with an ``Authorised Personnel Only'' sign is directive. The same door with a badge reader is preventive. The difference is \emph{enforcement vs.\ instruction}. \end{examhint} % ── KEY CONCEPTS SUMMARY ────────────────────────────────────────────────────── \section*{Key Concepts Summary} \begin{definition} \textbf{Control Category} --- Describes \emph{how} a control is implemented: via technology (Technical), policy (Managerial), people (Operational), or physical barriers (Physical).\\[4pt] \textbf{Control Type} --- Describes \emph{what role} a control plays: Preventive (block), Deterrent (discourage), Detective (identify), Corrective (remedy), Compensating (substitute), Directive (instruct).\\[4pt] \textbf{The Matrix} --- Any security control can be classified by placing it at the intersection of one category and one type. Controls can also legitimately belong to multiple categories simultaneously. \end{definition} % ── QUICK REFERENCE CHECKLIST ───────────────────────────────────────────────── \section*{Quick Reference Checklist} \begin{multicols}{2} \begin{itemize}[leftmargin=8pt] \item Two axes: category (how) vs type (what) \cmark \item 4 categories: technical, managerial, operational, physical \cmark \item Technical = technology system \cmark \item Managerial = policies and procedures \cmark \item Operational = people and processes \cmark \item Physical = physical access restriction \cmark \item 6 types: preventive, deterrent, detective, corrective, compensating, directive \cmark \item Preventive: blocks the event \cmark \item Deterrent: discourages (doesn't block) \cmark \item Detective: identifies/records after event \cmark \item Corrective: remedies after detection \cmark \item Compensating: substitute when ideal fix unavailable \cmark \item Directive: instructs users --- weakest type \cmark \item Timeline: Deterrent $\to$ Preventive $\to$ Event $\to$ Detective $\to$ Corrective \cmark \item One control can span multiple categories \cmark \item Examples per cell are not exhaustive \cmark \end{itemize} \end{multicols} \end{document} ``` ```latex % !TEX program = xelatex \documentclass[11pt]{article} % Encoding and fonts \usepackage{fontspec} \setmainfont{TeX Gyre Pagella} \setsansfont{TeX Gyre Heros} \setmonofont{JetBrains Mono} \usepackage{xcolor} \usepackage[a4paper,margin=0.7in]{geometry} \usepackage{enumitem} \usepackage{titlesec} \usepackage{hyperref} \hypersetup{ colorlinks=true, urlcolor=[rgb]{0.0,0.2,0.6}, linkcolor=[rgb]{0.0,0.2,0.6}, citecolor=[rgb]{0.0,0.2,0.6} } \usepackage{fancyhdr} \usepackage{microtype} \usepackage{array} \usepackage{multicol} \usepackage{tabularx} \usepackage{booktabs} \usepackage{graphicx} \usepackage{tikz} \usetikzlibrary{arrows.meta,positioning,calc} \usepackage[most]{tcolorbox} \tcbuselibrary{skins,breakable} \usepackage{pifont} % ── Colour palette ───────────────────────────────────────────────────────────── \definecolor{SecNavy}{HTML}{0D3B6E} \definecolor{SecRed}{HTML}{C8102E} \definecolor{ExamGold}{HTML}{F2C94C} \definecolor{InfoBlue}{HTML}{2D9CDB} \definecolor{SoftGray}{HTML}{F4F6F8} \definecolor{Ink}{HTML}{1F2937} \definecolor{GreenOK}{HTML}{2E7D32} \definecolor{Warn}{HTML}{B00020} % Pillar colours \definecolor{CConf}{HTML}{1565C0} % Confidentiality — blue \definecolor{IInteg}{HTML}{2E7D32} % Integrity — green \definecolor{AAvail}{HTML}{6A1B9A} % Availability — purple \pagecolor{white} \color{Ink} % ── Section formatting ────────────────────────────────────────────────────────── \titleformat{\section}{\Large\bfseries\sffamily\color{SecRed}}{}{0em}{} \titleformat{\subsection}{\large\bfseries\sffamily\color{Ink}}{}{0em}{} \setlist[itemize]{topsep=4pt,itemsep=2pt,parsep=0pt,partopsep=2pt} \setlist[enumerate]{topsep=4pt,itemsep=2pt,parsep=0pt,partopsep=2pt} % ── Custom boxes ─────────────────────────────────────────────────────────────── \newtcolorbox{examhint}{ enhanced, breakable, colback=ExamGold!20, colframe=SecRed!70!black, coltitle=black, title={Key Point}, fonttitle=\bfseries\sffamily, attach boxed title to top left={yshift=-2mm, xshift=3mm}, boxed title style={colback=ExamGold, colframe=SecRed!70!black}, left=6mm,right=6mm,top=3mm,bottom=3mm } \newtcolorbox{lecturehint}{ enhanced, breakable, colback=SoftGray, colframe=InfoBlue!60!black, title={Note}, fonttitle=\bfseries\sffamily, left=6mm,right=6mm,top=3mm,bottom=3mm } \newtcolorbox{definition}{ enhanced, breakable, colback=white, colframe=Ink!20!black, title={Definition}, fonttitle=\bfseries\sffamily, borderline west={2pt}{0pt}{InfoBlue}, left=6mm,right=6mm,top=3mm,bottom=3mm } \newcommand{\cmark}{\textcolor{GreenOK}{\ding{51}}} \newcommand{\xmark}{\textcolor{Warn}{\ding{55}}} \usepackage{advdate} % ── maketitle ───────────────────────────────────────────────────────────────── \makeatletter \def\maketitle{% \AdvanceDate[-1] \begin{tcolorbox}[ enhanced, sharp corners, boxrule=0pt, colback=SecNavy, colframe=SecNavy, left=5mm, right=5mm, top=4mm, bottom=4mm, after skip=0pt, ] \begin{minipage}[c]{0.6\linewidth} {\fontsize{22}{24}\selectfont\sffamily\bfseries\color{white}PM}% \hspace{7pt}{\small\sffamily\color{white!60!SecNavy}ProfessorMesser.com} \end{minipage}% \begin{minipage}[c]{0.4\linewidth} \raggedleft{\small\sffamily\itshape\color{white!60!SecNavy}\today} \end{minipage} \end{tcolorbox} \AdvanceDate[1] \begin{tcolorbox}[ enhanced, sharp corners, colback=white, frame hidden, before skip=0pt, borderline west={0.4pt}{0pt}{Ink!15}, borderline east={0.4pt}{0pt}{Ink!15}, borderline south={0.4pt}{0pt}{Ink!15}, left=2mm, right=2mm, top=5mm, bottom=5mm, ] {\LARGE\sffamily\bfseries\color{Ink}The CIA Triad} \par\vspace{3pt} {\small\sffamily\color{SecNavy!80!black}% SY0-701 Series\enspace\textbullet\enspace Domain 1: General Security Concepts\enspace\textbullet\enspace Objective 1.2} \end{tcolorbox} \vspace{1em} } \makeatother \pagestyle{fancy} \fancyhf{} \fancyfoot[L]{\small\sffamily\color{Ink}ProfessorMesser.com} \fancyfoot[C]{\small\sffamily\color{Ink}\thepage} \fancyfoot[R]{\small\sffamily\color{Ink}1.2 --- The CIA Triad} \renewcommand{\headrulewidth}{0pt} \begin{document} \maketitle % ── OVERVIEW ────────────────────────────────────────────────────────────────── \section*{Overview} The CIA triad is the foundational model of IT security. Every security decision maps back to at least one of its three pillars: \vspace{0.4em} \begin{center} \begin{tikzpicture}[scale=1.0] % Triangle vertices \coordinate (A) at (0,0); % bottom-left — Availability \coordinate (C) at (7,0); % bottom-right — Integrity \coordinate (B) at (3.5,4.2); % top — Confidentiality % Filled triangle \fill[SoftGray!70] (A) -- (C) -- (B) -- cycle; % Coloured edges \draw[CConf, line width=2.5pt] (A) -- (B); % left edge \draw[IInteg, line width=2.5pt] (C) -- (B); % right edge \draw[AAvail, line width=2.5pt] (A) -- (C); % bottom edge % Corner badges \node[circle, fill=CConf, text=white, font=\sffamily\bfseries\small, minimum size=1.5cm, align=center] at (B) {C}; \node[circle, fill=AAvail, text=white, font=\sffamily\bfseries\small, minimum size=1.5cm, align=center] at (A) {A}; \node[circle, fill=IInteg, text=white, font=\sffamily\bfseries\small, minimum size=1.5cm, align=center] at (C) {I}; % Labels outside the triangle \node[font=\sffamily\bfseries\color{CConf}, above=0.8cm of B] {Confidentiality}; \node[font=\sffamily\bfseries\color{AAvail}, below left=0.1cm and 0.8cm of A] {Availability}; \node[font=\sffamily\bfseries\color{IInteg}, below right=0.1cm and 0.8cm of C] {Integrity}; % Central label \node[font=\sffamily\itshape\small\color{Ink!50}] at (3.5,1.5) {The CIA (AIC) Triad}; \end{tikzpicture} \end{center} \vspace{0.3em} \begin{lecturehint} The triad is sometimes written as the \textbf{AIC triad} to avoid confusion with the US Central Intelligence Agency. The acronym and the concepts are identical --- only the order of letters changes. CIA is more commonly used because it is easier to remember. \end{lecturehint} % ── QUICK REFERENCE TABLE ───────────────────────────────────────────────────── \vspace{0.3em} \begin{center} \begin{tabularx}{0.97\textwidth}{ >{\raggedright\arraybackslash\bfseries\sffamily}p{2.6cm} >{\raggedright\arraybackslash}X >{\raggedright\arraybackslash}X } \toprule \textbf{Pillar} & \textbf{Core question} & \textbf{Key mechanisms} \\ \midrule \textcolor{CConf}{Confidentiality} & Is data only accessible to those who are authorised? & Encryption, access controls, multi-factor authentication \\[4pt] \textcolor{IInteg}{Integrity} & Has data been altered in transit or at rest? & Hashing, digital signatures, certificates, non-repudiation \\[4pt] \textcolor{AAvail}{Availability} & Are systems accessible when users need them? & Fault tolerance, redundancy, patching \\ \bottomrule \end{tabularx} \end{center} % ── CONFIDENTIALITY ─────────────────────────────────────────────────────────── \section*{\textcolor{CConf}{C --- Confidentiality}} \begin{definition} \textbf{Confidentiality} --- Ensuring that private information is accessible only to authorised parties. The central challenge is making data \emph{available} while keeping that availability restricted to the \emph{right} people. \end{definition} \subsection*{Mechanisms} \textbf{Encryption} --- Data is transformed into ciphertext by the sender. Only the holder of the correct key can decrypt it back to plaintext. An interceptor who captures the ciphertext in transit gains nothing useful. \vspace{0.5em} \begin{center} \begin{tikzpicture}[ node distance=0.6cm and 1.1cm, box/.style={rectangle, rounded corners=3pt, draw=Ink!25, fill=SoftGray, minimum height=0.8cm, minimum width=2.0cm, font=\sffamily\footnotesize, align=center}, badbox/.style={rectangle, rounded corners=3pt, draw=Warn!50, fill=Warn!10, minimum height=0.8cm, minimum width=1.8cm, font=\sffamily\footnotesize, align=center}, arr/.style={-{Stealth[length=5pt]}, thick, color=Ink!40} ] \node[box] (plain) {Plaintext}; \node[box, fill=CConf!10, draw=CConf!40, right=of plain] (enc) {Ciphertext}; \node[box, right=of enc] (dec) {Plaintext}; \node[badbox, below=0.55cm of enc] (snoop) {Interceptor\\sees nothing}; \draw[arr] (plain) -- node[above,font=\tiny\sffamily]{encrypt} (enc); \draw[arr] (enc) -- node[above,font=\tiny\sffamily]{decrypt} (dec); \draw[arr, dashed, color=Warn!60] (enc) -- (snoop); \end{tikzpicture} \end{center} \vspace{0.4em} \textbf{Access controls} --- Permissions restrict who can view or modify specific data. A marketing employee may have full access to marketing assets but zero access to accounting records. \vspace{0.5em} \textbf{Multi-factor authentication (MFA)} --- Requiring additional authentication factors beyond a password means that stolen credentials alone are insufficient to gain access, raising the bar for an attacker. \begin{examhint} Confidentiality is \emph{not} just about encryption. Access controls and MFA are equally valid confidentiality mechanisms. Exam scenarios that restrict \emph{who} can see data are testing confidentiality, even if no encryption is mentioned. \end{examhint} % ── INTEGRITY ───────────────────────────────────────────────────────────────── \section*{\textcolor{IInteg}{I --- Integrity}} \begin{definition} \textbf{Integrity} --- Assurance that data has not been altered between the point of creation or sending and the point of receipt. The recipient can verify they have exactly what was originally sent. \end{definition} \subsection*{Mechanisms} \textbf{Hashing} --- The sender runs the data through a hash function, producing a fixed-length digest. Both the data and the hash are sent. The recipient applies the same hash function; if the output matches the sender's hash, the data is intact. Any modification to the data --- even a single bit --- produces a completely different hash. \vspace{0.5em} \begin{center} \begin{tikzpicture}[ node distance=0.5cm and 1.0cm, box/.style={rectangle, rounded corners=3pt, draw=Ink!25, fill=SoftGray, minimum height=0.8cm, minimum width=2.2cm, font=\sffamily\footnotesize, align=center}, arr/.style={-{Stealth[length=5pt]}, thick, color=Ink!40}, ok/.style={font=\sffamily\footnotesize\color{GreenOK}\bfseries} ] \node[box] (data) {Data}; \node[box, fill=IInteg!10, draw=IInteg!40, right=1.4cm of data] (hash) {Hash\\(digest)}; \node[box, right=1.4cm of hash] (recv) {Data\\received}; \node[box, fill=IInteg!10, draw=IInteg!40, right=1.1cm of recv] (rehash) {Re-hash}; \node[box, fill=GreenOK!10, draw=GreenOK!50, below=0.55cm of rehash, font=\sffamily\footnotesize\color{GreenOK}] (match) {Hashes\\match \cmark}; \draw[arr] (data) -- node[above,font=\tiny\sffamily]{hash fn} (hash); \draw[arr] (hash.east) -- node[above,font=\tiny\sffamily,text width=1.5cm,align=center] {send data\\+ hash} (recv.west); \draw[arr] (recv) -- node[above,font=\tiny\sffamily]{hash fn} (rehash); \draw[arr] (rehash) -- (match); \end{tikzpicture} \end{center} \vspace{0.4em} \textbf{Digital signatures} --- A hash of the data is encrypted with the sender's \emph{private} key (asymmetric encryption). This provides two guarantees simultaneously: the data has not been altered \emph{and} the sender's identity is confirmed, since only their private key could have produced that signature. \vspace{0.5em} \textbf{Certificates} --- Digital certificates bind a public key to an identity (person or device), providing an additional layer of integrity assurance when transferring data between parties. \vspace{0.5em} \begin{definition} \textbf{Non-repudiation} --- The property that a sender cannot later deny having sent a message. Achieved via digital signatures: because only the sender holds their private key, a valid signature is cryptographic proof of origin. Non-repudiation is a \emph{stronger} guarantee than integrity alone --- it addresses both ``was it changed?'' and ``did they really send it?'' \end{definition} \begin{examhint} \textbf{Integrity vs.\ Non-repudiation:} Hashing alone proves the data was not modified but does not prove \emph{who} sent it (anyone can hash data). A digital signature proves both. Non-repudiation = integrity + confirmed origin. \end{examhint} % ── AVAILABILITY ────────────────────────────────────────────────────────────── \section*{\textcolor{AAvail}{A --- Availability}} \begin{definition} \textbf{Availability} --- Ensuring that systems and data remain accessible to authorised users when needed, even in the presence of failures, attacks, or maintenance activity. \end{definition} \subsection*{Mechanisms} \textbf{High availability design} --- Systems are architected to be continuously operational. No single failure should bring the entire service down. \vspace{0.5em} \textbf{Fault tolerance} --- Redundant components are deployed so that if one fails, another takes over and operations continue without interruption. Examples include RAID storage, redundant power supplies, and clustered servers. \vspace{0.5em} \textbf{Patching} --- Keeping systems updated closes known vulnerabilities (preventing exploits that could cause downtime) and addresses bugs that cause instability, keeping systems as stable and available as possible. \begin{examhint} Availability attacks are the ones most obviously visible to end users --- a DDoS that takes down a website is attacking availability. When a scenario describes systems being \emph{inaccessible} or \emph{knocked offline}, the CIA pillar at stake is Availability. \end{examhint} % ── THE CENTRAL TENSION ─────────────────────────────────────────────────────── \section*{The Central Tension: Availability vs.\ Confidentiality} \begin{lecturehint} The hardest challenge in IT security is not implementing any one control in isolation --- it is balancing the triad. Making data \emph{available} to everyone maximises availability but destroys confidentiality. Locking data away completely maximises confidentiality but destroys availability. Every security design is a negotiation between all three pillars. Security decisions that strengthen one pillar often apply pressure to another. \end{lecturehint} % ── KEY CONCEPTS SUMMARY ────────────────────────────────────────────────────── \section*{Key Concepts Summary} \begin{definition} \textbf{Confidentiality} --- Only authorised parties can access information. Mechanisms: encryption, access controls, MFA.\\[4pt] \textbf{Integrity} --- Data has not been altered in transit or at rest. Mechanisms: hashing, digital signatures, certificates, non-repudiation.\\[4pt] \textbf{Availability} --- Systems and data are accessible when needed. Mechanisms: high availability design, fault tolerance, patching.\\[4pt] \textbf{Non-repudiation} --- Cryptographic proof that a specific party sent specific data; they cannot later deny it. Requires digital signatures (hash + asymmetric encryption), not hashing alone.\\[4pt] \textbf{AIC triad} --- Identical to CIA triad; alternative ordering used to avoid confusion with the US intelligence agency. \end{definition} % ── QUICK REFERENCE CHECKLIST ───────────────────────────────────────────────── \section*{Quick Reference Checklist} \begin{multicols}{2} \begin{itemize}[leftmargin=8pt] \item CIA = Confidentiality, Integrity, Availability \cmark \item AIC = same thing, different order \cmark \item Triad visualised as a triangle \cmark \item \textbf{C}: restrict access to authorised parties \cmark \item Confidentiality mechanism: encryption \cmark \item Confidentiality mechanism: access controls \cmark \item Confidentiality mechanism: MFA \cmark \item \textbf{I}: data unchanged from source to recipient \cmark \item Integrity mechanism: hashing \cmark \item Integrity mechanism: digital signatures \cmark \item Integrity mechanism: certificates \cmark \item Non-repudiation = integrity + confirmed origin \cmark \item Digital signature = hash + asymmetric encryption \cmark \item Hashing alone does NOT prove sender identity \cmark \item \textbf{A}: systems accessible when needed \cmark \item Availability mechanism: fault tolerance \cmark \item Availability mechanism: redundancy \cmark \item Availability mechanism: patching \cmark \item DDoS $\to$ attacks Availability \cmark \item Balancing all three pillars is the core challenge \cmark \end{itemize} \end{multicols} \end{document} ``` ```latex % !TEX program = xelatex \documentclass[11pt]{article} % Encoding and fonts \usepackage{fontspec} \setmainfont{TeX Gyre Pagella} \setsansfont{TeX Gyre Heros} \setmonofont{JetBrains Mono} \usepackage{xcolor} \usepackage[a4paper,margin=0.7in]{geometry} \usepackage{enumitem} \usepackage{titlesec} \usepackage{hyperref} \hypersetup{ colorlinks=true, urlcolor=[rgb]{0.0,0.2,0.6}, linkcolor=[rgb]{0.0,0.2,0.6}, citecolor=[rgb]{0.0,0.2,0.6} } \usepackage{fancyhdr} \usepackage{microtype} \usepackage{array} \usepackage{multicol} \usepackage{tabularx} \usepackage{booktabs} \usepackage{graphicx} \usepackage{tikz} \usetikzlibrary{arrows.meta,positioning,calc,fit,backgrounds} \usepackage[most]{tcolorbox} \tcbuselibrary{skins,breakable} \usepackage{pifont} % ── Colour palette ───────────────────────────────────────────────────────────── \definecolor{SecNavy}{HTML}{0D3B6E} \definecolor{SecRed}{HTML}{C8102E} \definecolor{ExamGold}{HTML}{F2C94C} \definecolor{InfoBlue}{HTML}{2D9CDB} \definecolor{SoftGray}{HTML}{F4F6F8} \definecolor{Ink}{HTML}{1F2937} \definecolor{GreenOK}{HTML}{2E7D32} \definecolor{Warn}{HTML}{B00020} % Diagram-specific \definecolor{AliceCol}{HTML}{1565C0} % Alice — blue \definecolor{BobCol}{HTML}{2E7D32} % Bob — green \definecolor{HashCol}{HTML}{6A1B9A} % hash blocks — purple \definecolor{SigCol}{HTML}{BF360C} % signature — burnt orange \definecolor{KeyCol}{HTML}{00695C} % keys — teal \pagecolor{white} \color{Ink} % ── Section formatting ────────────────────────────────────────────────────────── \titleformat{\section}{\Large\bfseries\sffamily\color{SecRed}}{}{0em}{} \titleformat{\subsection}{\large\bfseries\sffamily\color{Ink}}{}{0em}{} \setlist[itemize]{topsep=4pt,itemsep=2pt,parsep=0pt,partopsep=2pt} \setlist[enumerate]{topsep=4pt,itemsep=2pt,parsep=0pt,partopsep=2pt} % ── Custom boxes ─────────────────────────────────────────────────────────────── \newtcolorbox{examhint}{ enhanced, breakable, colback=ExamGold!20, colframe=SecRed!70!black, coltitle=black, title={Key Point}, fonttitle=\bfseries\sffamily, attach boxed title to top left={yshift=-2mm, xshift=3mm}, boxed title style={colback=ExamGold, colframe=SecRed!70!black}, left=6mm,right=6mm,top=3mm,bottom=3mm } \newtcolorbox{lecturehint}{ enhanced, breakable, colback=SoftGray, colframe=InfoBlue!60!black, title={Note}, fonttitle=\bfseries\sffamily, left=6mm,right=6mm,top=3mm,bottom=3mm } \newtcolorbox{definition}{ enhanced, breakable, colback=white, colframe=Ink!20!black, title={Definition}, fonttitle=\bfseries\sffamily, borderline west={2pt}{0pt}{InfoBlue}, left=6mm,right=6mm,top=3mm,bottom=3mm } \newtcolorbox{examplebox}{ enhanced, breakable, colback=white, colframe=Ink!20!black, title={Example}, fonttitle=\bfseries\sffamily, borderline west={2pt}{0pt}{SecRed}, left=6mm,right=6mm,top=3mm,bottom=3mm } \newcommand{\cmark}{\textcolor{GreenOK}{\ding{51}}} \newcommand{\xmark}{\textcolor{Warn}{\ding{55}}} \usepackage{advdate} % ── maketitle ───────────────────────────────────────────────────────────────── \makeatletter \def\maketitle{% \AdvanceDate[-1] \begin{tcolorbox}[ enhanced, sharp corners, boxrule=0pt, colback=SecNavy, colframe=SecNavy, left=5mm, right=5mm, top=4mm, bottom=4mm, after skip=0pt, ] \begin{minipage}[c]{0.6\linewidth} {\fontsize{22}{24}\selectfont\sffamily\bfseries\color{white}PM}% \hspace{7pt}{\small\sffamily\color{white!60!SecNavy}ProfessorMesser.com} \end{minipage}% \begin{minipage}[c]{0.4\linewidth} \raggedleft{\small\sffamily\itshape\color{white!60!SecNavy}\today} \end{minipage} \end{tcolorbox} \AdvanceDate[1] \begin{tcolorbox}[ enhanced, sharp corners, colback=white, frame hidden, before skip=0pt, borderline west={0.4pt}{0pt}{Ink!15}, borderline east={0.4pt}{0pt}{Ink!15}, borderline south={0.4pt}{0pt}{Ink!15}, left=2mm, right=2mm, top=5mm, bottom=5mm, ] {\LARGE\sffamily\bfseries\color{Ink}Non-repudiation} \par\vspace{3pt} {\small\sffamily\color{SecNavy!80!black}% SY0-701 Series\enspace\textbullet\enspace Domain 1: General Security Concepts\enspace\textbullet\enspace Objective 1.2.1} \end{tcolorbox} \vspace{1em} } \makeatother \pagestyle{fancy} \fancyhf{} \fancyfoot[L]{\small\sffamily\color{Ink}ProfessorMesser.com} \fancyfoot[C]{\small\sffamily\color{Ink}\thepage} \fancyfoot[R]{\small\sffamily\color{Ink}1.2.1 --- Non-repudiation} \renewcommand{\headrulewidth}{0pt} \begin{document} \maketitle % ── OVERVIEW ────────────────────────────────────────────────────────────────── \section*{Overview} Non-repudiation is a foundational property in cryptography: it ensures that a sender cannot later deny having sent a message. This video covers: \begin{enumerate} \item The real-world analogy: a signed contract. \item \textbf{Proof of integrity} via hashing --- verifying data was not altered. \item The limitation of hashing: it proves \emph{what} arrived, not \emph{who} sent it. \item \textbf{Proof of origin} via digital signatures --- verifying the sender's identity. \item A step-by-step walkthrough of the digital signature process (Alice and Bob). \end{enumerate} % ── WHAT IS NON-REPUDIATION ─────────────────────────────────────────────────── \section*{What Is Non-repudiation?} \begin{definition} \textbf{Non-repudiation} --- A cryptographic guarantee that a sender cannot deny having sent a particular message or document. It combines two properties: \begin{itemize} \item \textbf{Proof of integrity} --- the data received is exactly what was sent. \item \textbf{Proof of origin} --- the data provably came from a specific sender. \end{itemize} Together these give \emph{high assurance of authenticity}. \end{definition} \noindent The everyday analogy is a \textbf{signed contract}. Your handwritten signature at the bottom of a document associates you with its contents. Anyone examining the contract later can see your signature and reasonably conclude you agreed to what is written. A digital signature works the same way --- but using cryptography instead of ink. % ── PROOF OF INTEGRITY: HASHING ─────────────────────────────────────────────── \section*{Proof of Integrity: Hashing} \begin{definition} \textbf{Hash} (message digest / fingerprint) --- A fixed-length string produced by running data through a one-way hashing algorithm. Any change to the input --- even a single character --- produces a completely different hash output. The same input always produces the same output. \end{definition} \noindent The sender computes a hash of the data and transmits both the data and the hash. The recipient runs the same hashing algorithm on the received data and compares the result: \vspace{0.5em} \begin{center} \begin{tikzpicture}[ node distance=0.5cm and 1.0cm, box/.style={rectangle, rounded corners=3pt, draw=Ink!25, fill=SoftGray, minimum height=0.85cm, minimum width=2.2cm, font=\sffamily\footnotesize, align=center}, hashbox/.style={rectangle, rounded corners=3pt, draw=HashCol!50, fill=HashCol!10, minimum height=0.85cm, minimum width=2.0cm, font=\sffamily\footnotesize\bfseries\color{HashCol}, align=center}, okbox/.style={rectangle, rounded corners=3pt, draw=GreenOK!60, fill=GreenOK!10, minimum height=0.85cm, minimum width=2.2cm, font=\sffamily\footnotesize\bfseries\color{GreenOK}, align=center}, arr/.style={-{Stealth[length=5pt]}, thick, color=Ink!40}, lbl/.style={font=\tiny\sffamily\color{Ink!55}} ] \node[box] (data) {Data}; \node[hashbox, right=1.1cm of data] (h1) {Hash\\(H1)}; \node[box, right=1.1cm of h1] (recv) {Data\\received}; \node[hashbox, right=1.1cm of recv] (h2) {Re-hash\\(H2)}; \node[okbox, right=1.1cm of h2] (match) {H1 = H2\\\cmark\ Intact}; \draw[arr] (data) -- node[above,lbl]{hash fn} (h1); \draw[arr] (h1) -- node[above,lbl,text width=1.4cm,align=center]{send data\\+ hash} (recv); \draw[arr] (recv) -- node[above,lbl]{hash fn} (h2); \draw[arr] (h2) -- (match); \end{tikzpicture} \end{center} \vspace{0.3em} \begin{examplebox} \textbf{The Gutenberg example.} An 8.1 MB encyclopedia volume is downloaded from Project Gutenberg. A hash of the file is computed. One character anywhere in the file is changed --- the file size remains identical, making the change invisible to casual inspection. Running the hash again produces a completely different digest, immediately revealing that the data has been tampered with or corrupted. \end{examplebox} \begin{examhint} \textbf{What hashing cannot do.} A hash proves the data was not modified in transit --- but it does not prove \emph{who} sent it. Anyone can hash data. To prove origin, you need a digital signature. \end{examhint} % ── PROOF OF ORIGIN: DIGITAL SIGNATURES ────────────────────────────────────── \section*{Proof of Origin: Digital Signatures} \begin{definition} \textbf{Digital signature} --- A hash of the data that has been encrypted with the sender's \emph{private key}. Because only the sender holds their private key, a valid signature is cryptographic proof that the data originated from them. The corresponding \emph{public key}, available to anyone, is used to verify the signature. \end{definition} \noindent A digital signature provides both guarantees simultaneously: \begin{itemize} \item \textbf{Integrity} --- the data has not changed (hash comparison). \item \textbf{Origin} --- only the private key holder could have created the signature. \end{itemize} \begin{center} \begin{tabularx}{0.82\textwidth}{ >{\raggedright\arraybackslash\bfseries\sffamily}p{2.8cm} >{\raggedright\arraybackslash}X >{\raggedright\arraybackslash}X } \toprule & \textbf{Hashing alone} & \textbf{Digital signature} \\ \midrule Proof of integrity & \cmark & \cmark \\ Proof of origin & \xmark & \cmark \\ Non-repudiation & \xmark & \cmark \\ \bottomrule \end{tabularx} \end{center} % ── ALICE AND BOB WALKTHROUGH ───────────────────────────────────────────────── \section*{Step-by-Step: Alice Signs, Bob Verifies} Alice sends Bob the message \textit{``You're hired Bob.''} She adds a digital signature so Bob can verify both that the message was not altered and that it really came from Alice. \vspace{0.8em} % ---- SIGNING HALF ---- \noindent\textbf{\textcolor{AliceCol}{\textsf{Alice's side --- Signing}}} \vspace{0.4em} \begin{center} \begin{tikzpicture}[ box/.style={rectangle, rounded corners=3pt, draw=Ink!25, fill=SoftGray, minimum height=0.9cm, minimum width=2.6cm, font=\sffamily\footnotesize, align=center}, hashbox/.style={rectangle, rounded corners=3pt, draw=HashCol!50, fill=HashCol!10, minimum height=0.9cm, minimum width=1.8cm, font=\sffamily\footnotesize\bfseries\color{HashCol}, align=center}, sigbox/.style={rectangle, rounded corners=3pt, draw=SigCol!50, fill=SigCol!10, minimum height=0.9cm, minimum width=2.2cm, font=\sffamily\footnotesize\bfseries\color{SigCol}, align=center}, keybox/.style={rectangle, rounded corners=3pt, draw=KeyCol!60, fill=KeyCol!10, minimum height=0.9cm, minimum width=2.4cm, font=\sffamily\footnotesize\bfseries\color{KeyCol}, align=center}, arr/.style={-{Stealth[length=5pt]}, thick, color=Ink!40}, lbl/.style={font=\tiny\sffamily\color{Ink!55}} ] % ── Main horizontal flow ────────────────────────────────────────── \node[box] (pt) {Plaintext\\``You're hired Bob''}; \node[hashbox, right=1.2cm of pt] (h) {Hash}; \node[sigbox, right=1.4cm of h] (sig) {Digital\\Signature}; \node[box, right=1.2cm of sig, fill=AliceCol!8, draw=AliceCol!40] (send) {Plaintext\\+ Signature}; % Private key sits directly below sig, well clear of other nodes \node[keybox, below=1.3cm of sig] (priv) {Alice's\\Private Key}; % ── Arrows ─────────────────────────────────────────────────────── \draw[arr] (pt) -- node[above,lbl]{hash fn} (h); \draw[arr] (h) -- node[above,lbl]{sign with} (sig); \draw[arr] (priv) -- node[right,lbl]{private key} (sig); % pt → send: route below all nodes to avoid any overlap \draw[arr] (pt.south) -- ++(0,-2.8cm) % drop straight down -- (send.south |- pt.south |- {(0,-3.3cm)}) % run right at that depth -- (send.south); % rise up into send \draw[arr] (sig.east) -- (send.west); % ── Transmit label ─────────────────────────────────────────────── \node[right=0.5cm of send, font=\sffamily\footnotesize\itshape\color{Ink!40}] (net) {$\xrightarrow{\quad\text{email / network}\quad}$}; \end{tikzpicture} \end{center} \vspace{0.9em} \clearpage % ---- VERIFICATION HALF ---- \noindent\textbf{\textcolor{BobCol}{\textsf{Bob's side --- Verification}}} \vspace{0.4em} \begin{center} \begin{tikzpicture}[ box/.style={rectangle, rounded corners=3pt, draw=Ink!25, fill=SoftGray, minimum height=0.9cm, minimum width=2.6cm, font=\sffamily\footnotesize, align=center}, hashbox/.style={rectangle, rounded corners=3pt, draw=HashCol!50, fill=HashCol!10, minimum height=0.9cm, minimum width=1.8cm, font=\sffamily\footnotesize\bfseries\color{HashCol}, align=center}, sigbox/.style={rectangle, rounded corners=3pt, draw=SigCol!50, fill=SigCol!10, minimum height=0.9cm, minimum width=2.2cm, font=\sffamily\footnotesize\bfseries\color{SigCol}, align=center}, keybox/.style={rectangle, rounded corners=3pt, draw=KeyCol!60, fill=KeyCol!10, minimum height=0.9cm, minimum width=2.4cm, font=\sffamily\footnotesize\bfseries\color{KeyCol}, align=center}, okbox/.style={rectangle, rounded corners=3pt, draw=GreenOK!60, fill=GreenOK!10, minimum height=0.9cm, minimum width=2.6cm, font=\sffamily\footnotesize\bfseries\color{GreenOK}, align=center}, arr/.style={-{Stealth[length=5pt]}, thick, color=Ink!40}, lbl/.style={font=\tiny\sffamily\color{Ink!55}} ] % Received bundle \node[box, fill=BobCol!8, draw=BobCol!40] (recv) {Plaintext\\+ Signature}; % Upper path: decrypt signature → H1 \node[sigbox, right=1.0cm of recv, yshift= 1.0cm] (sig) {Digital\\Signature}; \node[keybox, above=0.55cm of sig] (pub) {Alice's\\Public Key}; \node[hashbox, right=1.0cm of sig] (h1) {Hash\\(H1)}; % Lower path: re-hash plaintext → H2 \node[box, right=1.0cm of recv, yshift=-1.0cm] (pt2) {Plaintext}; \node[hashbox, right=1.0cm of pt2] (h2) {Hash\\(H2)}; % Comparison \node[okbox, right=1.3cm of h1, yshift=-1.0cm] (ok) {H1 = H2\\\cmark\ Integrity\\+ Origin}; % Arrows upper path \draw[arr] (recv.east) to[out=0,in=180] (sig.west); \draw[arr] (pub) -- node[right,lbl,xshift=2pt]{decrypts} (sig); \draw[arr] (sig) -- node[above,lbl]{decrypt} (h1); \draw[arr] (h1.east) to[out=0,in=90] (ok.north); % Arrows lower path \draw[arr] (recv.east) to[out=0,in=180] (pt2.west); \draw[arr] (pt2) -- node[above,lbl]{hash fn} (h2); \draw[arr] (h2.east) to[out=0,in=270] (ok.south); \end{tikzpicture} \end{center} \vspace{0.6em} \begin{examhint} \textbf{Key asymmetry to memorise.} Alice \emph{encrypts} the hash with her \textbf{private key} to create the signature. Bob \emph{decrypts} the signature with Alice's \textbf{public key} to recover the hash. Private key = sign. Public key = verify. If the two hashes match, both integrity and origin are confirmed --- non-repudiation is achieved. \end{examhint} \begin{lecturehint} In practice, clicking ``Add digital signature'' in an application triggers this entire process invisibly. Understanding the underlying mechanics is what the exam tests --- not clicking the button. \end{lecturehint} % ── THE TWO LAYERS SUMMARISED ───────────────────────────────────────────────── \section*{The Two Layers of Non-repudiation} \begin{center} \begin{tabularx}{0.97\textwidth}{ >{\raggedright\arraybackslash\bfseries\sffamily}p{3.0cm} >{\raggedright\arraybackslash}X >{\raggedright\arraybackslash}X >{\raggedright\arraybackslash}X } \toprule \textbf{Layer} & \textbf{Question answered} & \textbf{Mechanism} & \textbf{Key used} \\ \midrule Proof of integrity & Was the data modified in transit? & Hashing (message digest) & None --- hash is public \\[4pt] Proof of origin & Who sent the data? & Digital signature (hash encrypted asymmetrically) & Sender's private key to sign; public key to verify \\ \bottomrule \end{tabularx} \end{center} % ── KEY CONCEPTS SUMMARY ────────────────────────────────────────────────────── \section*{Key Concepts Summary} \begin{definition} \textbf{Non-repudiation} --- Cryptographic proof that a sender cannot deny having sent a message. Requires both proof of integrity and proof of origin.\\[4pt] \textbf{Hash / message digest / fingerprint} --- A fixed-length digest derived from input data. Any change to the data changes the hash completely. Proves integrity but not origin.\\[4pt] \textbf{Digital signature} --- A hash encrypted with the sender's private key. Proves both integrity (hash comparison) and origin (only the private key holder could have signed it). Transmitted alongside the plaintext.\\[4pt] \textbf{Signing key} --- The sender's \emph{private} key. Kept secret; used to encrypt the hash when creating the signature.\\[4pt] \textbf{Verification key} --- The sender's \emph{public} key. Available to anyone; used to decrypt the signature and recover the original hash for comparison. \end{definition} % ── QUICK REFERENCE CHECKLIST ───────────────────────────────────────────────── \section*{Quick Reference Checklist} \begin{multicols}{2} \begin{itemize}[leftmargin=8pt] \item Non-repudiation = can't deny sending \cmark \item Real-world analogy: handwritten signature \cmark \item Two components: integrity + origin \cmark \item Hash = message digest = fingerprint \cmark \item One character change → completely different hash \cmark \item File size unchanged after modification \cmark \item Hash proves integrity, NOT origin \cmark \item Digital signature = hash + asymmetric encryption \cmark \item Sign with sender's \emph{private} key \cmark \item Verify with sender's \emph{public} key \cmark \item Alice's side: hash → encrypt with private key \cmark \item Bob's side: decrypt with public key → compare hashes \cmark \item H1 = H2 → integrity confirmed \cmark \item H1 produced by Alice's key → origin confirmed \cmark \item Both together = non-repudiation \cmark \item Process is automatic in most applications \cmark \end{itemize} \end{multicols} \end{document} ```