ISC(2) CISSP Revision Notes – Operations Security

security-operations

Security isn’t as exciting as Jason Bourne or James Bond, keeping things safe is paramount.

In NO way should these notes be used as your sole source of study for the CISSP exam.  These notes lack things completely that could be included on your exam.  I in no way provide any guarantee or assurance that these notes are correct or satisfactory for your learning.  For further information see my CISSP Study and Exam Tips.

ISC(2) CISSP Revision Notes – Study and Exam Tips
ISC(2) CISSP Revision Notes – Overarching Themes for the CISSP
ISC(2) CISSP Revision Notes – Access Control
ISC(2) CISSP Revision Notes – Business Continuity and Disaster Planning
ISC(2) CISSP Revision Notes – Cryptography
ISC(2) CISSP Revision Notes – Information Security Governance and Risk Management
ISC(2) CISSP Revision Notes – Legal, Regulatory, Investigations and Compliance
ISC(2) CISSP Revision Notes – Operations Security (You are here)
ISC(2) CISSP Revision Notes – Security Architectural Design
ISC(2) CISSP Revision Notes – Software Development Security
ISC(2) CISSP Revision Notes – Telecommunications and Network Security

Administrative Management & Control

Job Requirements and Qualifications

Background checks and verification

Separation of duties and responsibilities

Reduces opportunities for fraud and abuse, mistakes and dependencies on individuals

Job Rotation

  • Reduce opportunities for fraud and abuse
  • Eliminate single points of failure

Mandatory vacations

Need-to-Know

Least Privilege

User Monitoring: Audits and observations

Termination of Employment procedures

Security Operations Concepts

Avoid single points of failure: HA, clustering, mirroring on systems and networks

Handling sensitive information: Marking, handling, storage, backup and destruction

Records retention: Legal requirements

Threats and Countermeasures

Errors and omissions

  • Commission: Performing and action
  • Omission: Failure to perform an action
  • Quality control

Fraud

  • Those who have detailed knowledge are a possible threat
  • Prevent by controls and procedures (collusion)
  • “Fraud Detection System” analysis transactions

Industrial Espionage: Audit trails and access control

Malware: See Software

Sabotage: Audit trails, access control and corrective controls

Theft: Identity marks and access control

Security Controls

Preventative, Detection, Corrective, Automatic and Manual

Operational Controls

  • Resource protection, privileged entity, change, media, administrative, trusted
  • Resource Protection
  • Communication hardware and software (switches, FWs, VPNs and software)
  • Computers and their Storage (SANs, NASs, DASs, etc)
  • Business Data
  • System Data
  • Backup
  • Privileged Entity Controls
  • Access control to objects, data, hardware and software
  • Change Control
    • People orientated formal process
    • Change Management: Approval based process
    • Configuration Management: Recording changes before and after
    • Media Controls
      • Manage information classification and physical media
      • Administrative Control

Trusted Recover

Processes and procedures that support record

Should be well documented

Must maintain security while recovering

Security Auditing & Due Care

Auditing: Process of examining system or processes to ensure conformane and compliance

Due Care: “Good” processes, eg ISO 27001

Audit Trails

Enforcement of accountability

Investigation: Trace and capture

Event Reconstruction

Problem Identification: Identifying root cause

Anatomy: Date + time, who, where, details

Audit Trail: Logs on machines, suffer from no consistent format

Patterns: How to determine if something is a problem or is normal

Problem Management & Audit Trails

1) Determine if a problem or false-positive

2) Root cause analysis: could reconstruct event

Retaining Audit Logs: Limited storage space and changes of formats, overwrite old logs or stop?

Protection of Audit Logs: Must maintain integrity or logs, protect against sabotage, we can write to offline media or have multiple storage locations

Monitoring

Pen testing to identify logical and physical vulnerabilities

Security Vulnerabilities/Scanning: Port scanning, vulnerability scanning (eg Nessus), Packet Sniffing, War Dialing, War Driving (WLAN), Radiation Monitoring (TEMPEST), Dumpster Diving, Eavesdropping (passive), Social Engineering (Active)

IDPs & IPS: Network based or host based

Violation analysis: Audit logs

Keystroke Monitoring: Complete but obtrusive

Traffic and Trend Analysis: Baseines

Facilities Management: AC logs, CCTV monitoring, alarm monitoring

Responding to Events (Problem management/Incident Management): Personnel, Initial Response, Confirmation, Notification, Escalation, Resolution, Event Reporting, Event Review, Security Violations

In NO way should these notes be used as your sole source of study for the CISSP exam.  These notes lack things completely that could be included on your exam.  I in no way provide any guarantee or assurance that these notes are correct or satisfactory for your learning.  For further information see my CISSP Study and Exam Tips.

 

Trackbacks for this post

  1. ISC(2) CISSP Revision Notes – Information Security Governance and Risk Management | Gyp the Cat dot Com

Got something to say? Go for it!