Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
22 views14 pages

CISSP Domain 7 Security Operations

The document outlines key concepts and practices related to investigations, logging, monitoring, configuration management, security operations, resource protection, incident management, patch management, change management, recovery strategies, disaster recovery, and business continuity planning. It emphasizes the importance of evidence handling, continuous monitoring, vulnerability management, and the need for structured processes to ensure security and operational resilience. Additionally, it highlights the necessity of training, documentation, and regular updates to maintain effective security measures.

Uploaded by

anirudhpoojary88
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
22 views14 pages

CISSP Domain 7 Security Operations

The document outlines key concepts and practices related to investigations, logging, monitoring, configuration management, security operations, resource protection, incident management, patch management, change management, recovery strategies, disaster recovery, and business continuity planning. It emphasizes the importance of evidence handling, continuous monitoring, vulnerability management, and the need for structured processes to ensure security and operational resilience. Additionally, it highlights the necessity of training, documentation, and regular updates to maintain effective security measures.

Uploaded by

anirudhpoojary88
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 14

7.

1: UNDERSTANDING AND COMPLYING


WITH INVESTIGATIONS

Properly gather, store, and


Evidence Collection and Handling preserve evidence while
maintaining its integrity

Record investigation
CISSP DOMAIN 7

Reporting and Documentation findings and maintain


thorough documentation

Use systematic approaches to


Investigative Techniques
gather and analyze evidence

Digital Forensic Tools, Use specialized tools and procedures


Tactics, and Procedures to analyze digital data

Identify and analyze digital


Artifacts
artifacts (files, logs, etc.)
7.2: CONDUCT LOGGING AND
MONITORING ACTIVITIES

Intrusion Detection and Detect and prevent


Prevention (IDS/IPS) network intrusions

Security Information and Centralized logging


Event Management (SIEM) and threat detection
CISSP DOMAIN 7

Ongoing assessment
Continuous Monitoring
of security status

Monitoring outbound
Egress Monitoring
network traffic

Log Management Collect and store log data

Gather and analyze


Threat Intelligence
threat data

User and Entity Behavior Analyze user and entity


Analytics (UEBA) behavior patterns
7.3: PERFORM CONFIGURATION
MANAGEMENT (CM)

Identify Configuration List all configuration


Items components
CISSP DOMAIN 7

Define standard
Baseline Establishment configuration settings
Control changes to
Change Management configurations

Track and document


Configuration
configurations
Status Accounting

Configuration Ensure compliance with


Verification and Audit configurations

Use software for


Automated Tool Utilization CM tasks
7.4: APPLY FOUNDATIONAL SECURITY
OPERATIONS CONCEPTS
Access only to
Need-to-Know information necessary
for a role
Need-to-Know/Least
Privilege
Least Privilege Minimum level of access
required for job functions
CISSP DOMAIN 7

Separation of Duties Divide responsibilities


(SoD) among different individuals

Privileged Account Control and monitor


Management privileged accounts

Reduce risk and


Job Rotation
prevent collusion

Define performance and


Purpose security expectations
Service Level
Agreements (SLAs) Components Uptime guarantees, response
times, and security measures
7.5: APPLY RESOURCE PROTECTION

Inventory tracking
Labeling and classification
Media
Management
CISSP DOMAIN 7

Secure storage

Controlled access

Secure storage locations


(e.g., locked cabinets)
Physical
Security
Environmental controls
(e.g., temperature, humidity)

Encryption of
Media Protection data on media
Logical
Techniques
Security
Access controls (e.g., user
authentication)

Secure transportation

Handling Sanitization and destruction


Procedures
Regular audits and monitoring
7.6: CONDUCT INCIDENT MANAGEMENT

Identify incidents via logs


Detection
and alerts

Response Immediate actions to contain incident


CISSP DOMAIN 7

Mitigation Address root cause, prevent recurrence

Reporting Document incident, response, lessons learned

Recovery Restore systems and data functionality

Remediation Fix vulnerabilities causing incident

Implement security
Lessons Learned improvements post-incident
7.7: OPERATE AND MAINTAIN DETECTIVE
AND PREVENTIVE MEASURES

Control traffic via Next-gen


security policies
Firewalls
Types web application
Network
CISSP DOMAIN 7

Intrusion
Detection/Prevention Monitor and prevent unauthorized access
Systems (IDS/IPS) Allow authorized
Whitelisting
applications/users
Whitelisting/blacklisting

Blacklisting Block malicious


applications/users
Third-party provided
security services Managed Detection and Response (MDR)

Isolated environment to
Sandboxing
analyze suspicious code/files

Decoy systems to lure


Honeypots/honeynets
and capture attackers

Anti-malware Protect against malicious software

Machine learning and Anomaly detection and threat hunting


Artificial Intelligence tools
7.8: IMPLEMENT AND SUPPORT PATCH
AND VULNERABILITY MANAGEMENT
Vulnerability
Scanning Detect vulnerabilities
Identify and Classify
Vulnerabilities
Risk
Prioritize based on risk
Assessment
CISSP DOMAIN 7

Patch Identification Vendor patches

Patch Management Patch Testing Test before deployment


Process

Patch Deployment Apply patches

Ensure correct
Patch Verification
application

Discovery Monitor continuously


Vulnerability Analysis Assess impact
Management
Process
Remediation Apply fixes

Verification Confirm resolution

Patch Management
Automate deployment
Tools
Tools and Vulnerability
Automate scanning
Technologies Management Tools

Configuration Maintain secure


Management configurations
7.9: UNDERSTAND AND PARTICIPATE IN
CHANGE MANAGEMENT PROCESSES

Manage and control changes


Purpose of Change
Management Reduce the impact of changes

Maintain business continuity


CISSP DOMAIN 7

Request for Submit and track change


Change (RFC) requests
Impact Evaluate the potential
Assessment effects of changes
Approval Gain authorization for
Change Process proposed changes
Management
Process Execute approved
Implementation
changes
Testing and Ensure the change
Validation works as intended
Record all changes for
Documentation
future reference

Standard Pre-approved,
Changes low-risk changes

Emergency Unplanned, urgent


Types of Changes changes
Changes
Major High-impact,
Changes complex changes
7.10: IMPLEMENT RECOVERY STRATEGIES

Types Full, incremental, differential


Backup Storage
Locations On-site, off-site, cloud
Strategies

Frequency Regular scheduling


CISSP DOMAIN 7

Hot Sites Fully operational, minimal downtime

Recovery Site Partially equipped,


Warm Sites moderate setup time
Strategies

Cold Sites Basic infrastructure,


significant setup time

Primary and
Ensure business continuity
Secondary Sites
Multiple Distribute workload
Processing Load Balancing across multiple sites
Sites
Geographical Reduce risk from
Separation localized disasters

System Resilience Ability to recover


from failures

System High Availability Minimizing downtime


Resilience, HA, (HA) through redundancy
QoS, and Fault Quality of Ensuring performance
Tolerance Service (QoS) standards
Fault Continuous operation
Tolerance despite failures
7.11: IMPLEMENT DISASTER RECOVERY
(DR) PROCESSES

Follow DR plan to initiate recovery procedures


Response

Personnel Assign roles and responsibilities


CISSP DOMAIN 7

Communications Establishing clear communication channels

Assessment Evaluate damage and scope of recovery

Restoration Restore systems and data

Training and
Train personnel on DR procedures
awareness

Review and improve


Lessons learned DR process
7.12: PARTICIPATE IN BUSINESS CONTINUITY
(BC) PLANNING AND EXERCISES

Continuous operations
Understand Business Definition
during/after a disaster
Continuity (BC)
Importance Minimize disruption
and loss
Identify critical functions
CISSP DOMAIN 7

Conduct Business Impact


Analysis (BIA)
Prioritize recovery efforts

Recovery strategies
Develop Business Document procedures
Continuity Plan (BCP)
Define roles

Implement Recovery Backup solutions


Strategies Alternative sites

Redundant systems
Regular training
Conduct Training
and Awareness
Awareness programs
Tabletop exercises
Perform Testing
Functional tests
and Exercises
Full-scale drills
Regular updates
Review and Update the BCP
Incorporate changes
Align plans
Integrate with Incident
Response Plan
Streamline processes
FOUND THIS USEFUL?

Get More Insights Through Our


FREE

Courses Workshops eBooks

Checklists Mock Tests

Like Share Follow

You might also like