📝Chapter 5: Security Operations - Notes

Data Handling: Data itself goes through its own life cycle as users create, use, share and modify it.

Degaussing: Process of reducing or eliminating unwanted data on disks using strong magnets.

Data Handling Practices

Classification

  • Process of recognizing the organizational impacts if the information suffers any security compromises related to its characteristics of confidentiality, integrity and availability.

  • Information is then labeled and handled accordingly.

  • Classifications are derived from laws, regulations, contract-specified standards or other business expectations.

Labeling

  • Security labels are part of implementing controls to protect classified information.

  • It is reasonable to want a simple way of assigning a level of sensitivity to a data asset, such that the higher the level,

  • the greater the presumed harm to the organization, and thus the greater security protection the data asset requires.

  • Data Sensitivity Levels and Labels

    • Highly Restricted

    • Moderately Restricted

    • Low Sensitivity

    • Unrestricted Public Data

Event Logging Best Practices

  • Ingress monitoring refers to surveillance and assessment of all inbound communications traffic and access attempts.

  • Egress monitoring is used to regulate data leaving the organization’s IT environment.

Configuration Management Overview

  • Process and discipline used to ensure that the only changes made to a system are those that have been authorized and validated.

  • It is both a decision-making process and a set of control processes.

Identification

  • Baseline identification of a system and all its components, interfaces and documentation.

Baseline

  • A security baseline is a minimum level of protection that can be used as a reference point.

  • Baselines provide a way to ensure that updates to technology and architectures are subjected to the minimum understood and acceptable level of security requirements.

Change Control

  • An update process for requesting changes to a baseline, by means of making changes to one or more components in that baseline.

  • A review and approval process for all changes. This includes updates and patches.

Verification & Audit

  • A regression and validation process, which may involve testing and analysis, to verify that nothing in the system was broken by a newly applied set of changes.

  • An audit process can validate that the currently in-use baseline matches the sum total of its initial baseline plus all approved changes applied in sequence.

Common Security Policies

  • Data Handling Policy

  • Password Policy

  • Acceptable Use Policy (AUP)

  • Bring Your Own Device (BYOD)

  • Privacy Policy

  • Change Management Policy

Change Management Comportments

  1. Request for change

  2. Approval

  3. Rollback

  4. Repeat

Hacker's Mantra:Amateurs hack systems, and professionals hack people. - Bruce Schneier

PreviousChapter 4: Network Security - NotesNextCertified Ethical Hacker v12 - Practical - Notes

Last updated