CISSP All-in-One Exam Guide PDF

CISSP All-in-One Exam Guide 932 Duress codes can also be verbal. For example, some alarm systems have an attendant call the facility to ensure everything is fine. If someone is under duress (and perhaps on speakerphone next to the assailant) you would want a discrete way for that person to convey that they are in danger. You could set up two possible responses, like “apple pie,” which would mean you are in danger, and “sunshine,” which would mean everything is truly fine. The key is to make the duress response sound completely benign. Another situation to consider is when an assailant forces an employee to log into their account. You could set up a duress account with a username that is very similar to the real one. Upon login, the duress account looks just like the real one, except that it doesn’t include sensitive content. The twist is that the duress password could do a range of things from activating full monitoring (like camera, keyboard, and packet logging) to quietly wiping the device in the background (useful for laptops being used away from the office). Obviously, it would also generate an alert to security personnel that the user is in danger. Chapter Review This chapter was a bit of a whirlwind tour of many of the issues we need to manage as part of security operations. We covered a lot of ground, but keep in mind that these are all important topics you need to address in your organization if you want to operational- ize security. Collectively, this chapter lays the foundation for the tasks many of us prefer to be doing: blocking bad actors from gaining access, finding the ones that sneak in, and frustrating their efforts to cause us harm. We dive into those in the next three chapters as we delve into day-to-day security operations, incident response, and dealing with disasters. Quick Review SecOps (Security + Operations) is the integration of security and IT operations people, technology, and processes to reduce risks while improving business agility. Access to resources should be limited to authorized personnel, applications, and services and should be audited for compliance to stated policies. Least privilege means an individual should have just enough permissions and rights to fulfill his role in the company and no more. Need to know means we must first establish that an individual has a legitimate, job role–related need for a given resource before granting access to it. Separation of duties and responsibilities should be in place so that fraud cannot take place without collusion of two or more people. Privileged account management formally enforces the principle of least privilege on accounts with elevated rights. Job rotation means that, over time, more than one person fulfills the tasks of one position within the organization, which provides backup and redundancy but also helps identify fraudulent activities. Chapter 20: Managing Security Operations 933 A service level agreement (SLA) is a contract that states that a service provider guarantees a certain level of service to a customer. Change management is the practice of minimizing the risks associated with the addition, modification, or removal of anything that could have an effect on IT services. Activities that involve change management include requesting, evaluating, planning, implementing, reviewing, and closing or sustaining a change. Configuration management is the process of establishing and maintaining consistent configurations on all our systems to meet organizational requirements. A baseline is the configuration of a system at a point in time as agreed upon by the appropriate decision makers. Vulnerability management is the cyclical process of identifying vulnerabilities, determining the risks they pose to the organization, and applying security controls that bring those risks to acceptable levels. Patch management is the process for identifying, acquiring, installing, and verifying patches for products and systems. Facilities that house systems that process sensitive information should have physical access controls to limit access to authorized personnel only. Exterior fencing can be costly and unsightly, but can provide crowd control and help control access to the facility, particularly if the fencing is eight feet or higher. Closed-circuit TV (CCTV) systems are made up of cameras, a controller and digital video recording (DVR) system, and a monitor, but frequently also include remote storage and remote client access. Locks are considered delaying devices to intruders. Some physical security controls may conflict with the safety of people. These issues need to be addressed; human life is always more important than protecting a facility or the assets it contains. Piggybacking occurs when an individual gains unauthorized access by using someone else’s legitimate credentials or access rights, usually when the intruder closely follows an authorized person through a door or gate. Proximity identification devices can be user activated (action needs to be taken by a user) or system sensing (no action needs to be taken by the user). A transponder is a proximity-based access control reader that does not require PART VII action by the user. The reader transmits signals to the device, and the device responds with an access code. Intrusion detection devices include motion detectors, CCTVs, vibration sensors, and electromechanical devices. Intrusion detection devices can be penetrated, are expensive to install and monitor, require human response, and are subject to false alarms.

CISSP All-in-One Exam Guide PDF

Document Details

Tags

Related

Summary

Full Transcript

Upgrade to continue