Applying Security Operations Concepts

 

Chapter 16 Managing Security Operations

1

Applying Security Operations Concepts

Need to Know and Least Privilege

Separation of Duties and Responsibilities

Job Rotation

Mandatory Vacations

Privileged Account Management

Managing the Information Life Cycle

Service-Level Agreements

Addressing Personnel Safety and Security

overview

Need to Know and Least Privilege

Need to Know

Work task related access

Often related to clearance

The Principle of Least Privilege

Entitlement

Aggregation

Transitive Trust

Separation of Duties and Responsibilities

No single person with total control

Separation of privilege

Applications and processes

Segregation of duties

Avoids conflicts of interest

See Figure 16.1

Two-person control

Job Rotation

Related to privilege management

Rotation of duties

Peer review

Reduce fraud

Cross-training

Mandatory Vacations

One or two week increments

No local or remote access

Peer review

Detect fraud

Deterrent and detection

Privileged Account Management

Special access or elevated rights

Administrative and sensitive job tasks

Privileged entities

Monitoring is essential

Trusted employees

Managing the Information Lifecycle

Creation or capture

Classification

Storage

Usage

Archive

Destruction or purging

Service-Level Agreements

SLAs

Memorandum of understanding (MOU)

Interconnection Security Agreement (ISA)

NIST SP 800-47

Security Guide for Interconnecting Information Technology Systems

Addressing Personnel Safety and Security

Exit doors

Fail-safe vs. fail-secure doors

Duress systems and code phrases

Travel safety

Sensitive data

Malware and monitoring devices

Free WiFi and VPNs

Emergency management

Security training and awareness

Securely Provisioning Resources

Managing Hardware and Software Assets

Protecting Physical Assets

Managing Virtual Assets

Managing Cloud-Based Assets

Media Management

overview

Managing Hardware and Software Assets

Hardware inventories

RFID tracking

Sanitize before disposal

Portable media management

Software licensing

Protecting Physical Assets

Includes building and contents

Fences

Barricades

Locked doors

Guards

Security cameras / CCTV

Building design and layout

Managing Virtual Assets

Virtualization

Software-defined assets

Virtual machines (VMs)

Virtual desktop infrastructure (VDI)

Software-defined networks (SDN)

Virtual storage area networks (VSAN)

Hypervisor

Managing Cloud-based Assets

Resources are located outside of direct control

DoD Cloud Computing Security Requirements Guide

Cloud service provider (CSP)

Software as a service (SaaS)

Platform as a service (PaaS)

Infrastructure as a service (IaaS)

Public, private, hybrid, community

Media Management

Protect media itself and data stored on media

Tape media

USB flash drives

Mobile devices

Choose your own device (CYOD)

Bring your own device (BYOD)

Mobile device management (MDM)

Media life cycle

Mean time to failure (MTTF)

Managing Configuration

Baselining

Using Images for Baselining

Managing Change

Change management helps reduce unanticipated outages caused by unauthorized changes

Security impact analysis

Request, review, approve/reject, test, schedule/implement, document

Security assurance requirements (SAR)

Versioning

Configuration documentation

Managing Patches and Reducing Vulnerabilities

Systems to Manage

End devices, servers, network devices, embedded devices, IoT

Patch Management

Evaluate, Test, Approve, Deploy, Verify

Vulnerability Management

Scanners and assessments

Vulnerability assessments

Common Vulnerabilities and Exposures (CVE)

Conclusion

Read the Exam Essentials

Review the chapter

Perform the Written Labs

Answer the Review Questions