Overview
Up to this point, we learn about the many best practices to protect our infrastructure, but we have not talked extensively about how to do this. This section is where the rubber meets the road… we discuss the implementation of the concepts and practices.
The (ISC)2 Common Body of Knowledge (CBK) defines the key areas of knowledge for Security operations in this way:
Security Operations domain is used to identify critical information and the execution of selected measures that eliminate or reduce adversary exploitation of critical information. It includes the definition of the controls over hardware, media, and the operators with access privileges to any of these resources. Auditing and monitoring are the mechanisms, tools, and facilities that permit the identification of security events and subsequent actions to identify the key elements and report the pertinent information to the appropriate individual, group, or process.
The candidate is expected to know the resources that must be protected, the privileges that must be restricted, the control mechanisms available, the potential for abuse of access, the appropriate controls, and the principles of good practice.
Key areas of knowledge:
- Understand security operations concepts:
- Need-to-know/least privilege
- Separation of duties and responsibilities
- Monitor special privileges (e.g., operators, administrators)
- Job rotation
- Marking, handling, storing, and destroying of sensitive information
- Record retention
- Employ resource protection
- Media management
- Asset management (e.g., equipment life cycle, software licensing) Manage incident response
- Detection
- Response
- Reporting
- Recovery
- Remediation and review (e.g., root cause analysis)
- Implement preventative measures against attacks (e.g., malicious code, zero-day exploit, denial of service)
- Implement and support patch and vulnerability management
- Understand change and configuration management concepts (e.g., versioning, baselining)
- Understand system resilience and fault tolerance requirements
This week’s topics:
- Applying Security Concepts to Computer and Business Operations
- Records Management Security Controls
- Backups Anti-Virus Software and Other Anti-Malware Controls
- Remote Access
- Administrative Management and Control of Information Security
- Resource Protection
- Incident Management
- High Availability Architectures
- Vulnerability Management
- Change Management and Configuration Management
- Operations Attacks and Countermeasures
In this unit, plan to:
- Read: pages 257-282 in the Security Essentials text
- Complete: this week’s written assignment
- Complete: this week’s practical assignment
- Participate: in the weekly discussion forum
- Prepare: for the Case Study Review