Exam Essentials: Chapter 16

Posted byChrisPosted inUncategorized

Chapter 16: Managing Security Operations

Understand need-to-know and the principle of least privilege

  • Need-to-know and the principle of least privilege are two standard IT security principles implemented in secure networks.
  • They limit access to data & systems so that users and other subjects have access only to what they require.
  • This limited access helps prevent security incidents, and helps limit the scope of incidents when they do occur.
  • When these principles are not followed, security incidents result in far greater damage to an organisation.

Understand separation of duties & job rotation

  • Separation of duties is a basic security principle that ensures that no single person can control all the elements of a critical function or system.
  • With job rotation, employees are rotated into different jobs, or tasks are assigned to different employees
  • Collusion is an agreement among multiple persons to perform some unauthorised or illegal actions.
  • Implementing these policies helps prevent fraud by limiting actions individuals can do without colluding with others.

Understand the importance of monitoring privileged operations

  • Privileged entities are trusted, but they can abuse their privileges. Because of this, it’s important to monitor all assignment of privileges, and the use of privileged operations.
  • The goal is to ensure that trusted employees do not abuse the special privileges they are granted.
  • Monitoring these operations can also detect many attacks because attackers commonly use special privileges during an attack.

Understand the information lifecycle

  • Data needs to be protected throughout its entire lifecycle.
  • This starts by properly classifying & marking data.
  • It also includes properly handling, storing & destroying data.

Understand SLAs

  • Organisations use service-level agreements (SLAs) with outside entities such as vendors.
  • They stipulate performance expectations such as maximum downtimes, and often include penalties if the vendor doesn’t meet expectations.

Understand secure provisioning concepts

  • Secure provisioning of resources includes ensuring that resources are deployed in a secure manner and are maintained in a secure manner throughout their lifecycles.
  • As an example, desktop PCs can be deployed using a secure image.

Understand virtual assets

  • Virtual assets include VMs, VDI, SDN and virtual SANs.
  • Hypervisors are the primary software component that manages virtual assets, but hypervisors also provide attackers with an additional target.
  • It’s important to keep physical servers hosting your virtual assets up-to-date with appropriate patches for the OS & the hypervisor.
  • Additionally, all VMs must be kept up-to-date.

Recognise security issues with cloud-based assets

  • Cloud-based assets include any resources accessed via the cloud.
  • Storing data in the cloud increases the risk so additional steps may be necessary to protect the data, depending on its value.
  • When leasing cloud-based services, you must understand who is responsible for maintenance & security.
  • The cloud service provider provides the least amount of maintenance & security in the IaaS model.

Explain configuration & change control management

  • Many outages & incidents can be prevented with effective configuration & change management programs.
  • Configuration management ensures that systems are configured similarly and the configurations of systems are known and documented.
  • Baselining ensures that systems are deployed with a common baseline or starting point, and imaging is a common baselining method.
  • Change management helps reduce outages or weakened security from unauthorised changes. A change management process requires changes to be requested, approved, tested & documented.
  • Versioning uses a labelling or numbering system to track changes in updated versions of software.

Understand patch management

  • Patch management ensures that systems are kept up-to-date with current patches.
  • You should know that an effective patch management program will evaluate, test, approve & deploy patches.
  • Additionally, be aware that system audits verify the deployment of approved patches to systems.
  • Patch management is often intertwined with change & configuration management to ensure that documentation reflects the changes.
  • When an organisation does not have an effective patch management program, it will often experience outages and incidents from known issues that could have been prevented.

Explain vulnerability management

  • Vulnerability management includes routine vulnerability scans & periodic vulnerability assessments.
  • Vulnerability scanners can detect known security vulnerabilities & weaknesses such as the absence of patches or weak passwords.
  • They generate reports that indicate the technical vulnerabilities of a system and are an effective check for a patch management program.
  • Vulnerability assessments extend beyond just technical scans, and can include reviews and audits to detect vulnerabilities.

Leave a comment

Design a site like this with WordPress.com
Get started