CISSP For Dummies

In This Chapter

• Discovering security operations concepts

• Knowing your threats and countermeasures

• Managing security operations

• Maintaining security controls

• Understanding auditing and audit trails

• Making monitoring a priority

Overview

The Operations Security domain introduces several key concepts, and it also overlaps other domains, particularly access control - and, to a lesser extent, business continuity planning.

What do you need to know about the Operations Security domain? We’ll let the Certified Information Systems Security Professional (CISSP) study guide answer that: “The candidate will be expected to know the resources that must be protected, the privileges that must be restricted, the control mechanisms available, the potential for abuse of access, the appropriate controls, and the principles of good practice.”

This chapter discusses everything that an operations group needs to know about security: security operations concepts and management, security threats and countermeasures, security auditing, audit trails, administrative management and control, and security monitoring.