CISSP Security Operations
Understand need to know and the principle of least privilege.
Need to know and the principle of least privilege are two standard IT security principles implemented in secure networks. They limit access to data and systems so that users and other subjects have access only to what they require. This limited access helps prevent security incidents and helps limit the scope of incidents when they occur. When these principles are not followed, security incidents result in far greater damage to an organization.
Understand the separation of duties and job rotation.
Separation of duties is a basic security principle that ensures that no single person can control all the elements of a critical function or system. With job rotation, employees are rotated into different jobs or tasks are assigned to different employees. Collusion is an agreement among multiple persons to perform some unauthorized or illegal actions, and implementing these policies helps prevent collusion and fraud.”
Understand the importance of monitoring privileged operations.
Privileged entities are trusted, but they can abuse their privileges. Because of this, it’s important to monitor all assignment of privileges and the use of privileged operations. The goal is to ensure that trusted employees do not abuse the special privileges they are granted.”
Know how to manage sensitive information.
Sensitive information is any type of classified information, and proper management helps prevent unauthorized disclosure resulting in a loss of confidentiality. Proper management includes marking, handling, storing, and destroying sensitive information. The two areas where organizations often miss the mark are adequately protecting backup media holding sensitive information and sanitizing media or equipment when it is at the end of its life cycle.
Understand record retention.
Record retention policies ensure that data is kept in a usable state while it is needed and destroyed when it is no longer needed. Many laws and regulations mandate keeping data for a specific amount of time, but in the absence of formal regulations, organizations specify the retention period within a policy. Audit trail data needs to be kept long enough to reconstruct past incidents, but the organization must identify how far back they want to investigate. A current trend with many organizations is to reduce legal liabilities by implementing short retention policies with email.
Need to know and the principle of least privilege are two standard IT security principles implemented in secure networks. They limit access to data and systems so that users and other subjects have access only to what they require. This limited access helps prevent security incidents and helps limit the scope of incidents when they occur. When these principles are not followed, security incidents result in far greater damage to an organization.
Understand the separation of duties and job rotation.
Separation of duties is a basic security principle that ensures that no single person can control all the elements of a critical function or system. With job rotation, employees are rotated into different jobs or tasks are assigned to different employees. Collusion is an agreement among multiple persons to perform some unauthorized or illegal actions, and implementing these policies helps prevent collusion and fraud.”
Understand the importance of monitoring privileged operations.
Privileged entities are trusted, but they can abuse their privileges. Because of this, it’s important to monitor all assignment of privileges and the use of privileged operations. The goal is to ensure that trusted employees do not abuse the special privileges they are granted.”
Know how to manage sensitive information.
Sensitive information is any type of classified information, and proper management helps prevent unauthorized disclosure resulting in a loss of confidentiality. Proper management includes marking, handling, storing, and destroying sensitive information. The two areas where organizations often miss the mark are adequately protecting backup media holding sensitive information and sanitizing media or equipment when it is at the end of its life cycle.
Understand record retention.
Record retention policies ensure that data is kept in a usable state while it is needed and destroyed when it is no longer needed. Many laws and regulations mandate keeping data for a specific amount of time, but in the absence of formal regulations, organizations specify the retention period within a policy. Audit trail data needs to be kept long enough to reconstruct past incidents, but the organization must identify how far back they want to investigate. A current trend with many organizations is to reduce legal liabilities by implementing short retention policies with email.
Understand patch management. Patch management ensures that systems are kept up-to-date with current patches. You should know that an effective patch management program will evaluate, test, approve, and deploy patches. Additionally, be aware that system audits verify the deployment of approved patches to systems. Patch management is often intertwined with change and configuration management to ensure that documentation reflects the changes. When an organization does not have a patch management program it will often experience outages and incidents from known issues that could have been prevented.
Explain vulnerability management.
Vulnerability management includes routine vulnerability scans and periodic vulnerability assessments. Vulnerability scanners are used to detect known security vulnerabilities and weaknesses such as the absence of patches or weak passwords. They are used to generate reports that indicate the technical vulnerabilities of a system and are an effective check for a patch management program. Vulnerability assessments extend beyond just technical scans and can include reviews and audits to detect vulnerabilities..
Explain vulnerability management.
Vulnerability management includes routine vulnerability scans and periodic vulnerability assessments. Vulnerability scanners are used to detect known security vulnerabilities and weaknesses such as the absence of patches or weak passwords. They are used to generate reports that indicate the technical vulnerabilities of a system and are an effective check for a patch management program. Vulnerability assessments extend beyond just technical scans and can include reviews and audits to detect vulnerabilities..
Be able to explain configuration and change control management.
Many outages and incidents can be prevented with effective configuration and change management programs. Configuration management ensures that systems are configured similarly and the configuration of systems are known and documented. Baselining ensures that systems are deployed with a common baseline or starting point, and imaging is a common baselining method. Change management helps reduce outages or weakened security from unauthorized changes. A change management process requires changes to be requested, approved, and documented. Versioning uses a labeling or numbering system to track changes in updated versions of software.
Understand the importance of security audits and reviews.
Security audits and reviews help ensure that management programs are effective and being followed. They are commonly associated with account management practices to prevent violations with least privilege or need to know principles. However, they can also be performed to oversee patch management, vulnerability management, change management, and configuration management programs.”
Many outages and incidents can be prevented with effective configuration and change management programs. Configuration management ensures that systems are configured similarly and the configuration of systems are known and documented. Baselining ensures that systems are deployed with a common baseline or starting point, and imaging is a common baselining method. Change management helps reduce outages or weakened security from unauthorized changes. A change management process requires changes to be requested, approved, and documented. Versioning uses a labeling or numbering system to track changes in updated versions of software.
Understand the importance of security audits and reviews.
Security audits and reviews help ensure that management programs are effective and being followed. They are commonly associated with account management practices to prevent violations with least privilege or need to know principles. However, they can also be performed to oversee patch management, vulnerability management, change management, and configuration management programs.”