Security Operations: CISSP, #7
()
About this ebook
Security Operations is the 7th domain of the CISSP's common body of knowledge. In thie course we will cover some of the following topics: digital forensics, incident management, logging and monitoring, vulnerability and change management, investigative types, evidence handlingan, recovery strategies, personnel privacy and safety, business continuity and disaster recovery, internal physical security, external physical security, and securing assets.
Selwyn Classen
A seasoned and highly qualified IT/IS professional with over 20 years working experience within the Petrochemical industry (i.e. Supply chain management, Knowledge management, Product and Quality management, Business analysis and processing) including the Telecommunications industry.
Read more from Selwyn Classen
Risk Management and Information Systems Control Rating: 5 out of 5 stars5/5Incident Management Rating: 0 out of 5 stars0 ratings
Related to Security Operations
Titles in the series (8)
Security and Risk Management: CISSP, #1 Rating: 4 out of 5 stars4/5Asset Security: CISSP, #2 Rating: 0 out of 5 stars0 ratingsSecurity Engineering: CISSP, #3 Rating: 0 out of 5 stars0 ratingsCommunication and Network Security: CISSP, #4 Rating: 0 out of 5 stars0 ratingsSecurity Operations: CISSP, #7 Rating: 0 out of 5 stars0 ratingsSecurity Assessment and Testing: CISSP, #6 Rating: 2 out of 5 stars2/5Identity and Access Management: CISSP, #5 Rating: 0 out of 5 stars0 ratingsSoftware Development Security: CISSP, #8 Rating: 0 out of 5 stars0 ratings
Related ebooks
Security Engineering: CISSP, #3 Rating: 0 out of 5 stars0 ratingsAsset Security: CISSP, #2 Rating: 0 out of 5 stars0 ratingsSecurity Assessment and Testing: CISSP, #6 Rating: 2 out of 5 stars2/5Software Development Security: CISSP, #8 Rating: 0 out of 5 stars0 ratingsSecurity and Risk Management: CISSP, #1 Rating: 4 out of 5 stars4/5Identity and Access Management: CISSP, #5 Rating: 0 out of 5 stars0 ratingsInfosec Management Fundamentals Rating: 5 out of 5 stars5/5Building Effective Cybersecurity Programs: A Security Manager’s Handbook Rating: 4 out of 5 stars4/5Security Risk Management: Building an Information Security Risk Management Program from the Ground Up Rating: 5 out of 5 stars5/5CISSP Exam Study Guide: NIST Framework, Digital Forensics & Cybersecurity Governance Rating: 5 out of 5 stars5/5Building a Practical Information Security Program Rating: 5 out of 5 stars5/5Cybersecurity Jobs & Career Paths: Find Cybersecurity Jobs, #2 Rating: 0 out of 5 stars0 ratingsOperationalizing Information Security: Putting the Top 10 SIEM Best Practices to Work Rating: 0 out of 5 stars0 ratingsModern Cybersecurity Practices: Exploring And Implementing Agile Cybersecurity Frameworks and Strategies for Your Organization Rating: 0 out of 5 stars0 ratingsSecurity Operations Center - SIEM Use Cases and Cyber Threat Intelligence Rating: 0 out of 5 stars0 ratingsBuilding a Life and Career in Security Rating: 5 out of 5 stars5/5OSCP Offensive Security Certified Professional Practice Tests With Answers To Pass the OSCP Ethical Hacking Certification Exam Rating: 0 out of 5 stars0 ratingsThe Information Systems Security Officer's Guide: Establishing and Managing a Cyber Security Program Rating: 0 out of 5 stars0 ratingsCISSP:Cybersecurity Operations and Incident Response: Digital Forensics with Exploitation Frameworks & Vulnerability Scans Rating: 0 out of 5 stars0 ratingsAssessing Information Security: Strategies, Tactics, Logic and Framework Rating: 5 out of 5 stars5/5Business Practical Security Rating: 0 out of 5 stars0 ratingsSecurity Leader Insights for Risk Management: Lessons and Strategies from Leading Security Professionals Rating: 0 out of 5 stars0 ratingsInformation Security for Small and Midsized Businesses Rating: 0 out of 5 stars0 ratingsCorporate Security Management: Challenges, Risks, and Strategies Rating: 5 out of 5 stars5/5Nine Steps to Success: An ISO27001:2013 Implementation Overview Rating: 1 out of 5 stars1/5The Language of Cybersecurity Rating: 5 out of 5 stars5/5Information Security Governance: A Practical Development and Implementation Approach Rating: 0 out of 5 stars0 ratingsInformation Security A Practical Guide: Bridging the gap between IT and management Rating: 5 out of 5 stars5/5Becoming a Global Chief Security Executive Officer: A How to Guide for Next Generation Security Leaders Rating: 5 out of 5 stars5/5
Security For You
Hacking For Dummies Rating: 4 out of 5 stars4/5Game Console Hacking: Xbox, PlayStation, Nintendo, Game Boy, Atari and Sega Rating: 0 out of 5 stars0 ratingsCodes and Ciphers - A History of Cryptography Rating: 4 out of 5 stars4/5Hands on Hacking: Become an Expert at Next Gen Penetration Testing and Purple Teaming Rating: 3 out of 5 stars3/5Wireless Hacking 101 Rating: 4 out of 5 stars4/5CompTIA Security+ Study Guide: Exam SY0-601 Rating: 5 out of 5 stars5/5Cybersecurity: The Beginner's Guide: A comprehensive guide to getting started in cybersecurity Rating: 5 out of 5 stars5/5Cybersecurity For Dummies Rating: 4 out of 5 stars4/5Practical Lock Picking: A Physical Penetration Tester's Training Guide Rating: 5 out of 5 stars5/5IAPP CIPP / US Certified Information Privacy Professional Study Guide Rating: 0 out of 5 stars0 ratingsUltimate Guide for Being Anonymous: Hacking the Planet, #4 Rating: 5 out of 5 stars5/5Tor and the Dark Art of Anonymity Rating: 5 out of 5 stars5/5CompTIA Network+ Review Guide: Exam N10-008 Rating: 0 out of 5 stars0 ratingsMake Your Smartphone 007 Smart Rating: 4 out of 5 stars4/5Network+ Study Guide & Practice Exams Rating: 4 out of 5 stars4/5Mike Meyers CompTIA Security+ Certification Passport, Sixth Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5Hacking : The Ultimate Comprehensive Step-By-Step Guide to the Basics of Ethical Hacking Rating: 5 out of 5 stars5/5How to Hack Like a Pornstar Rating: 5 out of 5 stars5/5Mike Meyers' CompTIA Security+ Certification Guide, Third Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5Cybersecurity for Beginners : Learn the Fundamentals of Cybersecurity in an Easy, Step-by-Step Guide: 1 Rating: 0 out of 5 stars0 ratingsSocial Engineering: The Science of Human Hacking Rating: 3 out of 5 stars3/5Remote/WebCam Notarization : Basic Understanding Rating: 3 out of 5 stars3/5The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers Rating: 4 out of 5 stars4/5CompTIA Network+ Certification Guide (Exam N10-008): Unleash your full potential as a Network Administrator (English Edition) Rating: 0 out of 5 stars0 ratingsHow to Be Invisible: Protect Your Home, Your Children, Your Assets, and Your Life Rating: 4 out of 5 stars4/5
Reviews for Security Operations
0 ratings0 reviews
Book preview
Security Operations - Selwyn Classen
While every precaution has been taken in the preparation of this book, the publisher assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained herein.
SECURITY OPERATIONS
First edition. April 2, 2020.
Copyright © 2020 Selwyn Classen.
Written by Selwyn Classen.
Table of Contents
Introduction
Security Operations Foundations
Conclusion
Digital Forensics
Introduction to Digital Forensics
Digital Forensics Foundations
Creating a Digital Forensics Capability
Conclusion
Logging and Monitoring
Introduction
Logging and Monitoring Basics
Log Management
Logging and Monitoring Concerns
Conclusion
Vulnerability Management
Introduction
Vulnerability Assessment
Patch Management
Conclusion
Change Management
Introduction
Change Control Process
Conclusion
Operate and Maintain Protective Controls
Introduction
Maintaining and Operating Protective Controls
Important Terms and Conclusion
Incident Management
Introduction
Creating an Incident Response Capability
Incident Response Life Cycle
Conclusion
Investigative Types
Introduction
Investigative Types
Conclusion
Evidence Handling
Introduction
Rules of Evidence
Conclusion
Resource Provisioning
Introduction
Provisioning Assets
Conclusion
Recovery Strategies
Introduction
Recovery Strategies
Conclusion
Personnel Privacy and Safety
Introduction
Privacy
Safety Matters
Conclusion
Business Continuity and Disaster Recovery
Introduction
Disaster Recovery and Business Continuity
Conclusion
Internal Physical Security
Introduction
Alarms, Access Cards, Biometrics, and Locks
Key Controls
Mantraps, Safes, Vaults, and Turnstiles
Conclusion
Securing Assets
Introduction
Protecting Security Equipment
Conclusion
External Physical Security
Introduction
Barriers
Lighting
Closed Circuit Television
Conclusion
Introduction
The information provided within is based on the material that you will need to know before taking the CISSP exam. Specifically, those topics found in the 7th domain of the Common Body of Knowledge (CBK). The primary role of a security operations team is to maintain the security of systems that are found in production environments. These are live systems that organizations rely on to perform business-critical duties on a day-to-day basis. This course is going to cover many different areas, such as digital forensics, incident management, and evidence collection, incident response, logging and monitoring, vulnerability and change management, and protective controls that are typically operated by security operations teams.
I will also outline the different investigative types that are commonly used. When there is an incident, there will need to be a need for proper evidence handling. We will cover that as well. We will also cover different aspects of physical security, such as internal and external security controls that can delay, deter, or detect a tax on our environments. Additionally, we will also address the need to protect our personnel and keeping them safe. Moreover, as if that is not enough to cram into one single domain of the CBK, we will also cover the steps needed to deal with disasters and how to perform recovery operations.
Security Operations Foundations
As you can see, there is much information that will be covered in this course. Just try to remember that the important part is understanding the foundational concepts and how they all work together to protect confidentiality, availability, and integrity. The duties performed by security operations teams are what keep attackers at bay on a day-to-day basis. Organizations face the challenge of making services available to their workers and customers while at the same time attempting to reduce the risk associated with providing these very same services. By having a well-trained and staffed security operations team, the organizations can respond to the changing threat landscape on a proactive basis. A standard security operations team will contain several functions. Some of these include a team to handle vulnerability management and possibly other operational toolings, such as data loss prevention tools and firewall configurations.
There may also be a team that handles incident response duties. This team will work with human resources, and possibly even law enforcement to collect and analyze data that can be used by the organization for various purposes. There may also be a security operations center that will employ individuals to monitor and track threat events. This may be the first line of defense and is extremely useful when the timing is important. Due to the critical nature of the duties performed by these teams, several key factors need to be considered. We will briefly discuss each of these before diving into each of the focus areas for the security operations domain. The first of these concepts is known as job rotation. This control will assist in the prevention of collusion or other malicious activity such as fraud. When people are forced to rotate positions, there is a possibility that malicious activities might be detected by the person that is taking on the new role. Another benefit of having employees rotate job positions is that you will end up with a well-rounded workforce with a diverse skill set that has a greater understanding of how all of the roles work together.
The downside is that it is challenging for people to specialize if they must rotate to different positions frequently. Separation of duties is precisely what it sounds like. The goal of this concept is to eliminate the potential for fraud or other malicious activities. It is very useful for situations that involve access to sensitive information, such as credit card numbers or other financial info. Mandatory vacations are also a useful security control that prevents fraud. Sometimes malicious activities will require that someone is available and has constant access to a system regularly in order to hide their activities. By forcing someone to go on vacation, it gives the organization time to have someone review their work and possibly even perform audits of their systems. This is especially important in cases where the person on vacation typically has elevated privileges to the network and its systems.
Conclusion
You should now have a good idea of what we will cover in this course. You have been presented with a quick overview of what security operations are, and have been provided with a quick listing of some of the topics that we will cover within this course. I have also introduced some important terms that you may come across in regards to security operations teams, such as mandatory vacations and separation of duties. Now that you have the basics out of the way, let us get started with the first module in this course, Digital Forensics.
Digital Forensics
Introduction to Digital Forensics
For centuries, crimes have been solved by identifying evidence that points to the who, what, when, where, and how something occurred. The onset of technology only increased the data sources that were available. The activity of performing digital forensics addresses this need by ensuring that evidence is collected in a format that is presentable in a legal courtroom setting. For all of this to happen, many different concerns need to be addressed. As with any concept, it is mandatory to understand what the topic context is defined as. So we will start this course module with a definition of digital forensics.
Once that has been established, you will quickly move on to learning why digital forensics are needed and what the outputs of this activity generally accomplish. Also, there are different types of digital forensics that you may come across throughout your career, so I will quickly highlight those as well, and then move on to showing you what an organization must do to establish a digital forensics capability. After that, I will review key terminology that you may need to be aware of before taking your CISSP examination. So let us get started with taking a look at what digital forensics is.
Digital Forensics Foundations
In the grand scheme of things, digital forensics can be thought of as a process of extracting information from electronic devices, preserving that information, analyzing any associated findings, and then interpreting the results. This entire process is also sometimes referred to as computer forensics. Ultimately, digital forensics can be defined as a branch of forensics science that is focused on the identification, collection, and analysis of elements found in electronic devices. In the next section, we are going to dive a little bit deeper so