CCSP Domain 5: Maintenance Flashcards
How often should CMB meet?
often enough to address organizational needs and reduce frustration with delay; frustrated employees and managers can increase risk to the organization by implementing their own, unapproved modifications to the environment
What should the update procedure include?
- document how, when and why the update was initiated by the vendor
- move the update through the CM process
What is the update procedure?
- put the systems and devices into maintenance mode
- apply the updates to the necessary systems and devices; annotate the asset inventory to reflect the changes
- verify the update; run tests on the production environment to ensure all necessary systems and devices have received the update - if missed, repeat the installation until complete
- validate the modifications; ensure intended results of the update have taken effect and interactions with the rest of the environment work appropriately
- return to normal operations
What document should cover patching?
patching, like any other form of maintenacne should be covered in SLAs
Agreed upon schedule and patching threshold should be covered by what document?
contract
What does configuration management entail?
documenting the approved settings for systems and software, which helps establish baselines within the organization
What is CM?
change and configuration management
What does CM begins with?
baselining
What is baselining?
a way of taking an accurante account of the desired standard state
What is important to incorporate in baselines?
security controls with a thorough description of each one’s purpose, dependencies and supporting rationale
Why is it essential to include security controls in baselines?
so that business is informed about risk management as changes are considered to be implemented through the CM process; need to know if changes introduce any new risks for which compensatory controls would need to be implemented
What stakeholders should provide input for creating baselines?
IT, security office, management, users
Baseline should be a reflection of what?
risk appetite of the organization; provides optimum balance between security and operational functionality
When baseline provides the gratest value?
when it’s applied to the greatest amount of covered systems
Are baselines the be-all and end-all of system security?
no, it just serves as a standard against which to compare and validate all systems in the organization
Why is it important to continually test the baselines?
to continually test the baselines to determine that all assets are accounted for and to detect antrhing that differes from the baseline
What needs to be done with baseline deviations?
need to be documented and reviewed, whether they are intentional or unintentional, as they pose a risk to the organization
What needs to be assured in order for a baseline to be successful?
needs to be flexible, so that exception request process is timely and responsive to the needs of the organization and its users
Why is it important to have flexible and timely modifications to the baselines?
to avoid frustrated users, who then may circumvent the security controls and introduce significant risks
Why is it important to track exceptions and deviations to the baselines?
ensuring regulatory compliance and security control coverage as well as allow meaningful modifications to the baselines, if a considerable amount of users report the same issue caused by the baseline controls
How many baselines shuld be created?
depending on how many systems organization uses - baseline shuld be created for each type of system in the environment
What is the CM process in the normal operational mode of the organization?
- CMB meetings; CMB meets to analyze and review change and exception requests - authorize, reject or ask for additional effort
- CM testing; if authorized, change needs to be tested before deployed
- Deployment; change implemented and then reported to CMB
- Documentation; modifications to the environment are documented and reflected in the asset inventory
What is the initial CMB process?
- full asset inventory; crucial to know what assets are used - can be aided by BIA
- codification of the baseline; formal action that includes all members of CMB
- secure baseline build; version of baseline is constructed and stored for later use
- deployment of new assets; when new assets are deployed, relevant baseline has to be installed
Who should be CMB composed of?
IT, security, legal, management, finance and acquisition, HR, general users, anyone who would be useful in this process
What are commonly maintenance-related orchestrated tasks?
patch management and VM reboots
What is the difference between change management and change control?
- change management: policy that details how changes will be processed in an organization; guidance on the process
- change control: process of evaluation a change request to decide, if it should be implemented; process in action
What approach helps with automating change managment?
CI/CD and IaaC
What is a credentialed scan?
powerful vulnerability scan that has higher privileges than a non-credentialed scan
What are non-intrusive scans?
passive scans that merely report vulnerabilities; do not cause damage to a system
What are intrusive scans?
cause damage as they try to exploit the vulnerabilty and should be used in a sandbox and not on a live production system
What is the name of components or services that are managed as part of a configuration management effort?
CIs (configuration items)
What are configuration models used for?
used to evaluate changes and causes of incidents
What are configuration records?
records that describe configuration item relationships and settings