CISSP Domain 7 Refresh: Security Operations

Even before the April 2018 revision by (ISC)^2, Domain 7: Security Operations has been one of the broadest and most dynamic of the Common Book of Knowledge. Covering topics that range from how security professionals can support forensic investigations and set-up incident detection tools to conducting incident management and preparing for disaster recovery, Domain 7 can be a challenge for both aspiring and veteran CISSP holders. With that as a backdrop, this Domain 7: Security Operations refresh will help professionals to remain vigilant in their fight and stay current on the new areas of emphasis from (ISC)^2.

A fundamental aspect of any security posture, administrative security is all about making sure that organizational data, staff, and systems have the proper controls in place to prevent compromise – accidental or intentional – to confidentiality, integrity, or availability. This often means starting with the concept of Least Privilege through Mandatory Access Control (MAC), or system-enforced data access to a user, or Discretionary Access Control, where access is granted by the data’s owner. These controls are often paired with Separation of Duties, where multiple people are involved in completing critical processes or transactions to ensure power isn’t abused. While used less often, the Rotation of Duties and Mandatory Leave are other ways to detect fraud or abuse.

Forensics is the methodical way of handling the investigations and evidence-collection that follows a digital crime. While a part of incident response, forensics itself is a process that is used to preserve the evidence and uses techniques to maintain the integrity of the data and its environment. At a high level, the steps of the forensics process include identifying the potential evidence, obtaining control of the evidence, analyzing the evidence for clues of the attack, and producing a report out on the evidence found.

Depending on (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Patrick Mallory. Read the original post at: