CISSPOIGv2第七章 - CSDN文库

5星 · 超过95%的资源需积分: 3 32 浏览量更新于2023-03-03 评论收藏 692KB PDF 举报

身份认证购VIP最低享 7 折!

领优惠券(最高得80元）

资源详情

资源评论

资源推荐

539

7Chapter

Operations Security

Gary McIntyre, CISSP

Contents

Introduction ..................................................................................................... 540

CISSP Expectations ...........................................................................................541

Key  emes .......................................................................................................541

Maintaining Operational Resilience ............................................................. 542

Protecting Valuable Assets ............................................................................ 542

Controlling System Accounts ....................................................................... 542

Managing Security Services E ectively ......................................................... 542

Maintaining Operational Resilience ................................................................. 542

Common  reats to Operations .................................................................. 543

Unauthorized Disclosure ......................................................................... 543

Destruction, Interruption, and  eft ....................................................... 543

Corruption and Improper Modi cation .................................................. 543

Maintaining Resilient Systems ..................................................................... 544

Trusted Paths and Fail Secure Mechanisms .............................................. 544

Redundancy and Fault Tolerance ..............................................................545

Backup and Recovery Systems ..................................................................549

Sta ng for Resilience ...................................................................................551

Protecting Valuable Assets .................................................................................551

Tangible versus Intangible Assets...................................................................551

Protecting Physical Assets .............................................................................551

Facilities ...................................................................................................552

540 ◾ Of cial (ISC)

Guide to the CISSP CBK

Hardware .................................................................................................552

Software ...................................................................................................553

Protecting Information Assets .......................................................................554

Controlling Privileged Accounts ........................................................................555

Identity and Access Management ..................................................................555

Managing Accounts Using Groups and Roles ...........................................556

Di erent Types of Accounts .....................................................................556

Common Roles ........................................................................................557

Assigning and Reviewing Accounts and Privileges ....................................560

Managing Security Services E ectively ..............................................................561

Security Measurements, Metrics, and Reporting ...........................................561

Managing Security Technologies ...................................................................562

Boundary Controls ..................................................................................562

Monitoring and Reporting Services ..........................................................562

Intrusion Detection and Prevention Systems ............................................563

Vulnerability Management Systems ......................................................... 564

Anti-Malware Systems ..............................................................................565

Media Management Solutions ..................................................................565

Key Operational Processes and Procedures ....................................................568

Archival, Backup, and Recovery Procedures..............................................568

Incident Management ..............................................................................569

Problem Management ..............................................................................570

Change Management ...............................................................................570

Con guration Management .....................................................................572

Patch Management...................................................................................573

Security Audits and Reviews .....................................................................575

Summary ...........................................................................................................575

Sample Questions ..............................................................................................576

Introduction

 e Operations Security domain can be a bit of a challenge for the CISSP candidate:

it can either be one of your easiest domains or one of your hardest. It will be one

of your easier domains if you have a lot of practical experience with day-to-day

security operations, and one of your hardest if you do not since that experience is

hard to replicate through self-study. It is also essentially two domains in one: opera-

tions security and security operations. Operations security is primarily concerned

with the protection and control of information processing assets in centralized

and distributed environments. Security operations are primarily concerned with

the daily tasks required to keep security services operating reliably and e ciently.

542 ◾ Of cial (ISC)

Guide to the CISSP CBK

Maintaining Operational Resilience

When it comes to day-to-day operations, few things are more important than main-

taining the expected levels of service availability and integrity.  e organization requires

that critical services are resilient. When bad things happen (and they often will), opera-

tions sta are expected to ensure that there is minimal disruption to the organization’s

activities.  is includes anticipating such disruptions and ensuring that key systems are

deployed and maintained to help ensure continuity.  ey are also expected to maintain

the processes and procedures to help ensure timely detection and response.

Protecting Valuable Assets

Security operations are expected to provide day-to-day protection for a wide variety

of resources, including human and material assets.  ey may not be responsible for

setting strategy or designing appropriate security solutions. At a minimum, they

will be expected to maintain the controls that have been put into place to protect

sensitive or critical resources from compromise.

Controlling System Accounts

In the current regulatory environment, there has been a renewed focus on maintain-

ing control over users (or to use a term from Chapter 1, subjects) that have access

to key business systems. In many cases, these subjects have extensive or unlimited

capabilities on a given system, privileges that could be misused or abused. Operations

security will be expected to provide checks and balances against privileged accounts

as well as maintain processes that ensure that there continues to be a valid business

need for them.

Managing Security Services Effectively

No security operations will be e ective without strong service management and the

processes that are put into place to ensure service consistency.  ese include key

service management processes common to most IT services such as change, con g-

uration, and problem management. It will also include security-speci c procedures

such as user provisioning and Help Desk procedures. In today’s security operations,

there is also considerable focus on reporting and continuous service improvement

practices.  ese themes are discussed in the detailed sections below.

Maintaining Operational Resilience

Resilience is an important quality for any production operation. It is concerned with

ensuring that the IT environment is prepared for any potential threat to smooth,

steady, and reliable service. As a security professional, it is frequently your role to

understand common threats to operations and help prepare for them.

Operations Security ◾ 543

Common Threats to Operations

Operations can be impacted by a variety of threats.  ese threats may be caused by

individuals or environmental factors. A security practitioner who is aware of common

threats will be more prepared to propose or implement controls to mitigate or limit

the potential damage.

Just as most security requirements can be summed up by the AIC triad

(con dentiality, integrity, and availability), most threats are associated with

their opposites: disclosure, corruption, and destruction.

Unauthorized Disclosure

 e unauthorized release of information is a considerable threat. Disclosure may

result when a hacker or cracker penetrates a system that contains con dential infor-

mation. Sensitive information may be leaked through malware infection. It may

also be intentionally disclosed by disgruntled employees, contractors, or partners.

From an operations perspective, technical solutions intended to protect sensitive

information need to be maintained and privileged users monitored to detect any

potential disclosure.

Destruction, Interruption, and Theft

Malicious, unintentional, and uncontrollable irreparable damage can result in the

destruction of system data and resources. Malicious activity on the part of malware

and malicious users can cause the loss of a signi cant amount of information.

Errors on the part of users can cause the accidental deletion of important data.

Secure operations is intended to prevent destruction of sensitive assets, except of

course when done intentionally as part of an information retention program.

Interruptions in service can also be extremely disruptive to normal business

operations. Failure of equipment, services, and operational procedures can cause

system components to become unavailable. Denial-of-service attacks and malicious

code can also interrupt operations. Any loss of availability will need to be dealt with

appropriately, either automatically through technology or manually through strong

processes and procedures.

 eft is also a common threat. While large-scale thefts within a secure operation

may be less likely, component theft is often common in many environments. You may

be expected to help prevent these sorts of thefts as well as coordinate investigations

into such problems.

Corruption and Improper Modi cation

Environmental factors as well as the acts of individuals can cause damage to systems

and data. Sporadic  uctuations in temperature or line power can cause systems to

make errors while writing data. Inappropriate or accidental changes to  le or table

剩余39页未读，继续阅读

wudijuan007

2013-07-09

cissp OIGv2-c7-Operations Security，操作安全，清晰的全英文版^_^

oracle13i

粉丝: 1
资源: 28

会员权益专享

CISSP OIG v2 第七章

评论1

会员权益专享

最新资源

CISSP OIG v2 第七章

评论1

CISSP OIG v2 第六章

cissp东方瑞通讲义

cissp官方学习指南

cissp备考中文详解

cissp 工作证明怎么写

cissp官方教材最完备精华笔记

制定一个CISSP考证计划

cissp官方学习文档pdf

cissp官方学习指南第7版(中文)

CISSP培训讲义大纲

cissp认证考试最新中英文题集

osg 9 cissp

CISSP题库(分享)

cissp 考试 答对多少题?

cissp定量计算公式学些

CISSP自学备考回顾（一次性通过）

The CISSP Prep Guide

CISSP Official (ISC)2 Practice Tests, 2nd Edition

会员权益专享

最新资源

cissp 考试答对多少题?