Operations Security relates security aspect in day to day activities of a business enterprise. The domain discusses all the questions regarding: How to keep the data at rest secure? How to securely destroy the data? What privileges need to be assigned and to whom and when? How to protect the hardware (maintenance) and software (piracy)? And how to carry out patch management, problem management, incident management etc.? The important access control concepts like least privilege and need to know are also discussed along with mechanisms to facilitate and perform audit and monitoring. It can be said that Operations Security is basically the concise combination of all of the other domains of CISSP.
No comments:
Post a Comment