Architecture and design are critical components in reducing security risks. Risk can be reduced through resiliency — the ability to maintain acceptable service levels when essential systems or processes are disrupted — and through automation strategies.
As part of the CompTIA Security+ exam’s Architecture and Design module, candidates need to understand how automation can reduce risk, improve service quality as well as reduce human error and the dependency on manual tasks. This exam section covers concepts and strategies such as scripting and using templates and images nonpersistent environments elasticity, redundancy, fault tolerance, scalability, and high availability.
Automation and Scripting
Automation is a fast-growing trend in the security industry. Removing the human component from the information systems infrastructure allows to both increase efficiency and reduce security risks. Automation greatly improves the ability of an organization to detect as well as respond to security threats. It also decreases the burden of information systems teams by taking away some of the mundane tasks, freeing them up to focus more on strategic initiatives.
One example of automation is server deployment and monitoring, which helps reduce the amount of tedious, manual tasks involved. In the past, system administrators created servers through manual configuration and then had to monitor and troubleshoot problems physically. Scripting can be used in various scenarios to automate the server builds, which also provides elasticity — if you have an increased load and need an additional server, you run the same script again.
Templates and Images
You can build and deploy standardized system builds with templates and images, which allows for rapid deployments. Scripts typically start with a master image, also known as golden or parent image, which is a copy of the reference system (such as the operating system and the enterprise-wide components and settings).
Master images can be applied (Read more...)
*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Rodika Tollefson. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/INyv6A1VhAo/