CISSP (Domain 7 - Operations Security) Flashcards
Operational Assurance
Achieved by performing daily tasks and evaluating their effectiveness through testing
4 Steps to Operational Assurance
PI/PE/AH/TR
- Protect Information
+CIA
+Balance (Functional Vs. Secure)
+Enforce Compliance - Privileged Entities (Administrators)
- Control Access to Hardware
+Logical
+Physical - Trusted Recovery
+Bring up security controls first
10 Administrative Controls
DC/DD/SD/JR/MV/NK/LP/AL/SC/HF
- Due Care
- Due Diligence
- Separation of duties
- Job rotation
- Mandatory vacations
- Need-to-know
- Least privilege
- Invokes authorization levels
- Management software configuration
- Personnel hiring and firing
Service Level Agreement (SLA)
The unit of time a vendor will repair a faulty product
Mean Time Between Failure (MTBF)
- Expected lifetime of component
- Used to calculate risk of utility failure
Mean Time To Repair (MTTR)
Amount of time to get device back into production
Redundant Array of Inexpensive Disks (RAID)
Technology used for redundancy and performance improvement
RAID Levels
- *Level 0: Striping, written to all drives, no fault tolerance, high performance
- *Level 1: Mirroring
- Level 2: Data striping over all drives at the bit level
- Level 3 Byte level parity
- Level 4: Byte level parity
- *Level 5: Interleave parity - data and parity over all disks
2 Advantages of RAID 5
- If one drive fails you still have access to all the data, reconstruction can occur on new drive
- New drive will be rebuilt with parity data (Based on XOR
4 Backup Types
- Full backup
- Incremental backup
- Differential backup
- Copy backup
Full Backup
- Archive Bit is reset after backup (all bits)
Incremental Backup
- Backs up files that have been modified since last backup
- Archive bit is reset (takes 1 and set to 0)
Differential Backup
- Backs up files that have been modified since last full backup
- Archive bit is not reset (makes copies of archive bit)
Copy Backup
- Archive bit is not reset
- Use before upgrades/system maintenance
Network-Based IDS
- Monitors traffic on a network segment
- Computer or network device with NIC in promiscuous mode
- Sensors communication with central management console