ISC(2) CISSP Revision Notes – Operations Security
Security isn’t as exciting as Jason Bourne or James Bond, keeping things safe is paramount.
[alert style=”red”]In NO way should these notes be used as your sole source of study for the CISSP exam. These notes lack things completely that could be included on your exam. I in no way provide any guarantee or assurance that these notes are correct or satisfactory for your learning. For further information see my CISSP Study and Exam Tips.[/alert]
ISC(2) CISSP Revision Notes – Study and Exam Tips
ISC(2) CISSP Revision Notes – Overarching Themes for the CISSP
ISC(2) CISSP Revision Notes – Access Control
ISC(2) CISSP Revision Notes – Business Continuity and Disaster Planning
ISC(2) CISSP Revision Notes – Cryptography
ISC(2) CISSP Revision Notes – Information Security Governance and Risk Management
ISC(2) CISSP Revision Notes – Legal, Regulatory, Investigations and Compliance
ISC(2) CISSP Revision Notes – Operations Security (You are here)
ISC(2) CISSP Revision Notes – Security Architectural Design
ISC(2) CISSP Revision Notes – Software Development Security
ISC(2) CISSP Revision Notes – Telecommunications and Network Security
Administrative Management & Control
Job Requirements and Qualifications
Background checks and verification
Separation of duties and responsibilities
Reduces opportunities for fraud and abuse, mistakes and dependencies on individuals
Job Rotation
- Reduce opportunities for fraud and abuse
- Eliminate single points of failure
Mandatory vacations
Need-to-Know
Least Privilege
User Monitoring: Audits and observations
Termination of Employment procedures
Security Operations Concepts
Avoid single points of failure: HA, clustering, mirroring on systems and networks
Handling sensitive information: Marking, handling, storage, backup and destruction
Records retention: Legal requirements
Threats and Countermeasures
Errors and omissions
- Commission: Performing and action
- Omission: Failure to perform an action
- Quality control
Fraud
- Those who have detailed knowledge are a possible threat
- Prevent by controls and procedures (collusion)
- “Fraud Detection System” analysis transactions
Industrial Espionage: Audit trails and access control
Malware: See Software
Sabotage: Audit trails, access control and corrective controls
Theft: Identity marks and access control
Security Controls
Preventative, Detection, Corrective, Automatic and Manual
Operational Controls
- Resource protection, privileged entity, change, media, administrative, trusted
- Resource Protection
- Communication hardware and software (switches, FWs, VPNs and software)
- Computers and their Storage (SANs, NASs, DASs, etc)
- Business Data
- System Data
- Backup
- Privileged Entity Controls
- Access control to objects, data, hardware and software
- Change Control
- People orientated formal process
- Change Management: Approval based process
- Configuration Management: Recording changes before and after
- Media Controls
- Manage information classification and physical media
- Administrative Control
Trusted Recover
Processes and procedures that support record
Should be well documented
Must maintain security while recovering
Security Auditing & Due Care
Auditing: Process of examining system or processes to ensure conformane and compliance
Due Care: “Good” processes, eg ISO 27001
Audit Trails
Enforcement of accountability
Investigation: Trace and capture
Event Reconstruction
Problem Identification: Identifying root cause
Anatomy: Date + time, who, where, details
Audit Trail: Logs on machines, suffer from no consistent format
Patterns: How to determine if something is a problem or is normal
Problem Management & Audit Trails
1) Determine if a problem or false-positive
2) Root cause analysis: could reconstruct event
Retaining Audit Logs: Limited storage space and changes of formats, overwrite old logs or stop?
Protection of Audit Logs: Must maintain integrity or logs, protect against sabotage, we can write to offline media or have multiple storage locations
Monitoring
Pen testing to identify logical and physical vulnerabilities
Security Vulnerabilities/Scanning: Port scanning, vulnerability scanning (eg Nessus), Packet Sniffing, War Dialing, War Driving (WLAN), Radiation Monitoring (TEMPEST), Dumpster Diving, Eavesdropping (passive), Social Engineering (Active)
IDPs & IPS: Network based or host based
Violation analysis: Audit logs
Keystroke Monitoring: Complete but obtrusive
Traffic and Trend Analysis: Baseines
Facilities Management: AC logs, CCTV monitoring, alarm monitoring
Responding to Events (Problem management/Incident Management): Personnel, Initial Response, Confirmation, Notification, Escalation, Resolution, Event Reporting, Event Review, Security Violations
[alert style=”red”]In NO way should these notes be used as your sole source of study for the CISSP exam. These notes lack things completely that could be included on your exam. I in no way provide any guarantee or assurance that these notes are correct or satisfactory for your learning. For further information see my CISSP Study and Exam Tips.[/alert]
1 Comment
[…] (You are here) ISC(2) CISSP Revision Notes – Legal, Regulatory, Investigations and Compliance ISC(2) CISSP Revision Notes – Operations Security ISC(2) CISSP Revision Notes – Security Architectural Design ISC(2) CISSP Revision Notes – […]