2.0 Compliance and Operational Security


2.1 Explain the importance of risk related concepts.

  • Control types
    • Technical
    • Management
    • Operational
  • False positives
  • False negatives
  • Importance of policies in reducing risk
    • Privacy policy
    • Acceptable use
    • Security policy
    • Mandatory vacations
    • Job rotation
    • Separation of duties
    • Least privilege
  • Risk calculation
    • Likelihood
    • ALE
    • Impact
    • SLE
    • ARO
    • MTTR
    • MTTF
    • MTBF
  • Quantitative vs. qualitative
  • Vulnerabilities
  • Threat vectors
  • Probability/threat likelihood
  • Risk avoidance, transference, acceptance, mitigation, deterrence
  • Risks associated with cloud computing and virtualization
  • Recovery time objective and recovery point objective

2.2 Summarize the security implications of integrating systems and data with third parties.

  • On-boarding/off-boarding business partners
  • Social media networks and/or applications
  • Interoperability agreements
    • SLA
    • BPA
    • MOU
    • ISA
  • Privacy considerations
  • Risk awareness
  • Unauthorized data sharing
  • Data ownership
  • Data backups
  • Follow security policy and procedures
  • Review agreement requirements to verify compliance and performance standards

2.3 Given a scenario, implement appropriate risk mitigation strategies.

  • Change management
  • Incident management
  • User rights and permissions reviews
  • Perform routine audits
  • Enforce policies and procedures to prevent data loss or theft
  • Enforce technology controls
    • Data Loss Prevention (DLP)

2.4 Given a scenario, implement basic forensic procedures.

  • Order of volatility
  • Capture system image
  • Network traffic and logs
  • Capture video
  • Record time offset
  • Take hashes
  • Screenshots
  • Witnesses
  • Track man hours and expense
  • Chain of custody
  • Big data analysis

2.5 Summarize common incident response procedures.

  • Preparation
  • Incident identification
  • Escalation and notification
  • Mitigation steps
  • Lessons learned
  • Reporting
  • Recovery/reconstitution procedures
  • First responder
  • Incident isolation
    • Quarantine
    • Device removal
  • Data breach
  • Damage and loss control

2.6 Explain the importance of security related awareness and training.

  • Security policy training and procedures
  • Role-based training
  • Personally identifiable information
  • Information classification
    • High
    • Medium
    • Low
    • Confidential
    • Private
    • Public
  • Data labeling, handling and disposal
  • Compliance with laws, best practices and standards
  • User habits
    • Password behaviors
    • Data handling
    • Clean desk policies
    • Prevent tailgating
    • Personally owned devices
  • New threats and new security trends/alerts
    • New viruses
    • Phishing attacks
    • Zero days exploits
  • Use of social networking and P2P
  • Follow up and gather training metrics to validate compliance and security posture

2.7 Compare and contrast physical security and environmental controls.

  • Environmental controls
    • HVAC
    • Fire suppression
    • EMI shielding
    • Hot and cold aisles
    • Environmental monitoring
    • Temperature and humidity controls
  • Physical security
    • Hardware locks
    • Mantraps
    • Video surveillance
    • Fencing
    • Proximity readers
    • Access list
    • Proper lighting
    • Signs
    • Guards
    • Barricades
    • Biometrics
    • Protected distribution (cabling)
    • Alarms
    • Motion detection
  • Control types
    • Deterrent
    • Preventive
    • Detective
    • Compensating
    • Technical
    • Administrative

2.8 Summarize risk management best practices.

  • Business continuity concepts
    • Business impact analysis
    • Identification of critical systems and components
    • Removing single points of failure
    • Business continuity planning and testing
    • Risk assessment
    • Continuity of operations
    • Disaster recovery
    • IT contingency planning
    • Succession planning
    • High availability
    • Redundancy
    • Tabletop exercises
  • Fault tolerance
    • Hardware
    • RAID
    • Clustering
    • Load balancing
    • Servers
  • Disaster recovery concepts
    • Backup plans/policies
    • Backup execution/frequency
    • Cold site
    • Hot site
    • Warm site

2.9 Given a scenario, select the appropriate control to meet the goals of security.

  • Confidentiality
    • Encryption
    • Access controls
    • Steganography
  • Integrity
    • Hashing
    • Digital signatures
    • Certificates
    • Non-repudiation
  • Availability
    • Redundancy
    • Fault tolerance
    • Patching
  • Safety
    • Fencing
    • Lighting
    • Locks
    • CCTV
    • Escape plans
    • Drills
    • Escape routes
    • Testing controls
Recommended

 





Associates